GENERALLY APPLICABLE PROVISIONS – MAIN PAGE
These General Terms and the legal notices found from this page (collectively, “Website Policies”) outline the terms for the use of all self-hosted digital properties and applications owned and/or provided by CerpassRx, which include https://www.cerpassrx.com and https://www.cerpassrx.com.com as well as CerpassRx social media platforms, newsletters, and online applications (collectively, the “Website”). By accessing and using the Website you accept and agree to these terms and conditions in full.
The following definitions apply to each of the subsections in these Terms and Conditions: “Client”, “You” and “Your” refers to you, the person accessing the Website. “Ourselves”, “We”, “Our”, and “CerpassRx” refers to CerpassRx and its affiliates and all of their representatives. “Party”, “Parties”, or “Us”, refers to you and CerpassRx individually and collectively.
Changes to Policies
We may revise and update our Website Policies from time to time in our sole discretion. All changes are effective immediately when we post them and apply to all access and use of the Website thereafter. Your continued use of the Website following the posting of our revised Website Policy means that you accept and agree to the changes. You are expected to check this page from time to time so you are aware of any changes, as they are binding on you. We reserve the right to withdraw or amend the Website, including any service or material we provide on or through the Website, in our sole discretion without notice. We will not be liable if for any reason all or any part of the Website is unavailable or inaccessible at any time or for any period.
Children Under the Age of 18
Our Website is not intended for children under 18 years of age. We do not knowingly collect personal information from children under 18. If you are under 18, do not use or provide any information on this Website or on or through any of its features, register on the Website, make any purchases through the Website, if applicable, use any of the interactive or public comment features of this Website, if any, or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at email@example.com or 1-888-735-8818 (toll free).
The owner of the Website is based in the State of Texas in the United States. We provide the Website for use only by persons located in the United States. We make no claims that the Website or any of its content is accessible or appropriate outside of the United States. Access to the Website may not be legal by certain persons or in certain countries. If you access the Website from outside the United States, you do so on your own initiative and are responsible for compliance with local laws.
You agree to defend, indemnify and hold CerpassRx, and its affiliates, licensors, service providers, employees, agents, officers, and directors harmless from and against any claims, liabilities, damages, judgments, awards, losses, costs, expenses or fees (including reasonable attorneys’ fees) arising out of or relating to your violation of any of our Website Policies or your use of the Website, including, but not limited to, your use of any information obtained from the Website.
Governing Law and Jurisdiction
All matters relating to the Website and Website Policies and any dispute or claim arising out of the same (regardless of the form of the action), shall be governed by and construed in accordance with the internal laws of the State of Texas without giving effect to any choice or conflict of law provision or rule whether of the State of Texas or any other jurisdiction. Any legal suit, action or proceeding arising out of, or related to, any of the Website Policies or the Website shall be instituted exclusively in the federal courts of the United States or the courts of the State of Texas in each case located in the City of Frisco, Collin County, although we retain the right to bring any suit, action or proceeding against you for breach of any of the Website Policies in your country of residence or any other relevant jurisdiction. You waive any and all objections to the exercise of jurisdiction over you by such courts and to venue in such courts.
Your Comments and Concerns
The Website is operated by CerpassRx, located at 5904 Stone Creek Drive, Ste 120, The Colony, Texas 75056. All feedback, comments, requests for technical support and other communications relating to the Website or any of our Website Policies should be directed to firstname.lastname@example.org or 1-888-735-8818 (toll free), or mailed to the address above, attention Chief Technology and Privacy Officer. Any feedback you provide to us shall be deemed to be non-confidential and we shall be free to use such information on an unrestricted basis.
Effective Date: [DATE]
Last Modified: [DATE]
Effective Date: [DATE]
Last Modified: [DATE]
What We Collect and How It Is Used
Information You Provide to Us.
Disclosure of Your Information
We will share your personal data internally within our organization to help improve our services and products for you.
Disclosure to Our Service Providers
We do not sell your personal information to third parties, but we may disclose the personal information you provide to contractors, service providers and other third parties we use to support our business (such as maintenance, analysis, audit, payments, fraud detection, communication, and credit checks and background checks) or that we use to provide the services you request (such as medical providers, insurance companies, underwriters). These third parties to which we give your personal information will have access to your information as reasonably necessary to perform these tasks on our behalf and are obligated not to disclose or use it for other purposes.
It is possible that we will need to disclose information about you when required by law, subpoena or similar legal process, and if we have a good faith belief that disclosure is reasonably necessary to: (1) investigate, prevent, or take action regarding suspected or actual illegal activities or to assist government enforcement agencies; (2) enforce our agreements with you; (3) investigate and defend ourselves against any third-party claims or allegations; (4) protect the security or integrity of the Website; or (5) exercise or protect the rights and safety of CerpassRx and others. We may attempt to notify you about legal demands for your personal data when appropriate in our judgment, unless prohibited by law or court order or when the request is an emergency. We may dispute such demands when we believe, in our sole discretion, that the requests are overbroad, vague, or lack proper authority, but we do not promise to challenge every demand. We will also disclose and potentially provide the personal information we have about you to a third party in the event of a merger or sale of all or substantially all of our assets or similar transaction.
Disclosure on Your Behalf
Using Your Personal Information to Communicate with You
Business and Marketing Messages
We may use your information to contact you about product and service offerings by email or otherwise. These communications include quotes that you request and communications about services and products. We may also contact you concerning advertisements and marketing messages for other services and products we provide. You have the right to opt-out of such messages.
We may use your information to contact you about account, security, legal and other service-related issues. Please be aware that you cannot opt-out of receiving such messages from us, including security and legal notices.
We reserve the right to and may provide any notice relating to the Website, including notice regarding a security incident or data breach, to you by: (i) sending a message to the e-mail address you provide (as applicable); (ii) posting to the Website; (iii) through major statewide media; and/or (iv) telephonic means, including calls and/or text messages, even if sent via automated means including automated dialers, standard text and data messaging rates may apply from your carrier. Notices sent by e-mail will be effective when we send the e-mail, notices we provide by posting will be effective upon posting, and notices we provide through telephonic means will be effective when transmitted or dialed. You consent to receiving electronic communications from CerpassRx relating to the Website and your use and access of the services provided through the Website. It is your responsibility to keep your e-mail address and any other contact information you provide to us current.
Your Rights to Deleting, Accessing and Correcting Your Information
For personal data that we have about you, you may request the following:
- Deletion. You may ask us to erase or delete all or some of your personal data. Please note that doing so may limit your ability to use certain functionality of the Website. Please note that an email address is required to have a registered account.
- Correction/Modification: You may edit some of your personal data through your account or ask us to change, update, or fix your data in certain cases, including if it is inaccurate.
- Object to, or Limit or Restrict, Use of Data: You can ask us to stop using all or some of your personal data (for example, if we have no legal right to keep using it) or to limit our use of it (for example, if your personal data is inaccurate or unlawfully held). Please note that limiting our ability to use or share your information may impede or prevent us from performing services you request.
- Right to Access and/or Take Your Data: You can ask us for a copy of your personal data you provided to us.
To make these or any other requests with respect to your personal information, you may contact us at: email@example.com or 1-888-735-8818 (toll free).
Certain state’s laws provide you the right to make additional requests concerning your personal information. If you are a resident of one of these states, such as California, and have provided us with personal information, state law may require that we provide you with certain information concerning your personally identifiable information. To request this information, send a request to firstname.lastname@example.org and include the phrase “[Your State] Privacy Request” (e.g., “California Privacy Request”) in the subject line. When contacting us, please indicate your name, address, email address, and what personally identifiable information you do not want us to share with third parties. Also, please note that there is no charge for controlling the sharing of your personally identifiable information or requesting this notice.
We ask that individuals making requests identify themselves and identify the information requested to be accessed, corrected or removed before we process any requests. We may decline to process requests if we cannot verify the requestor’s identity, if we believe the request will jeopardize the privacy of others, if we believe the change would violate any law or legal requirement or cause the information to be incorrect, or for a similar legitimate purpose. In any case, where we provide information access, deletion or correction, we perform this service free of charge, except if doing so would require a disproportionate effort.
If you choose to close your account or ask that we modify or delete some or all of your personal information, we will retain your personal data as reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, enforce obligations or fulfill any other requests from you (for example, to opt-out of further messages or for a copy of your data).
Security and Protection
We implement security safeguards designed to protect your data. These include using encryption for your data while it is at rest and while it is being transmitted between your device or browser and our servers. However, given the nature of communications and information technology, and that the use of the Internet has inherent risks, although we regularly monitor for possible vulnerabilities and attack, we cannot warrant or guarantee that information provided to us through the Website or stored in our systems or otherwise will be absolutely free from unauthorized intrusion by others, nor can we warrant or guarantee that such data may not be accessed, disclosed, altered, or destroyed by breach of any of our physical, technical, or managerial safeguards.
Processing of Data
We will only collect and process personal data about you where we have a lawful basis. Lawful bases include your consent, contract and other legitimate interests. Such legitimate interests include protection to you, us and third parties, to comply with applicable law, to enable and administer our business, to manage corporate transactions, to generally understand and improve our business and user relationships, provided that the foregoing adequately protects your rights. Where we rely on your consent to process personal data, you have the right to withdraw or decline your consent at any time and where we rely on legitimate interests, you have the right to object. If you have any questions about the lawful basis upon which we collect and use your personal data, please contact us at email@example.com or 1-888-735-8818 (toll free).
Links from the Website
CerpassRx may partner with third parties and provide link to third party websites. You may see both CerpassRx’ logos and the third party’s logo on these third-party websites. You are responsible for reviewing the privacy statements and policies of those other websites you choose to link to or from the Website, so that you can understand how those websites collect, use and store your information. We are not responsible for the privacy statements, policies or content of other websites or apps, including websites you link to or from the Website. These other sites may place their own cookies or other files on your computer, collect data or solicit personal information from you. The information they collect may be associated with your personal information or they may collect information, including personal information, about your online activities over time and across different websites, apps, and other online services. They may use this information to provide you with interest-based (behavioral) targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about targeted content, you should contact the responsible provider directly.
Effective Date: [DATE]
Last Modified: [DATE]
Accessing the Website and Account Security
The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas, if any, of the Website like message boards. The information you share in public areas may be viewed by any user of the Website.
Intellectual Property Rights
In no event may you use any part of the Website (including any information or materials available through the Website) for any competing commercial purpose, commercial purposes not pre-approved by CerpassRx, or in a manner that is likely to give the impression that information or content of yours emanates from or is endorsed by CerpassRx if this is not the case. Without limiting the foregoing, you must not: (v) modify copies of any materials from this Website, (vi) use any illustrations, photographs, video or audio sequences or any graphics separately from the accompanying text; (vii) delete or alter any copyright, trademark or other proprietary rights notices from copies of materials from this Website; or (viii) access or use for any commercial purposes any part of the Website or any services or materials available through the Website.
The CerpassRx name, the CerpassRx logo and all related names, logos, product and service names, designs and slogans are trademarks of CerpassRx or its affiliates, subsidiaries, or licensors. You must not use such marks without the prior written permission of CerpassRx. All other names, logos, product and service names, designs and slogans on this Website are the trademarks of their respective owners.
Reliance on Information Posted & Changes to the Website
The information presented on or through the Website is made available solely for general information purposes. Information accessible through the Website is accurate as of the date it was prepared. Information may be incomplete or out of date. As a result, CerpassRx does not warrant the accuracy, completeness or usefulness of this information. Any reliance you place on such information is strictly at your own risk. We disclaim all liability and responsibility arising from any reliance placed on such materials by you or any other visitor to the Website, or by anyone who may be informed of any of its contents.
This Website may include content provided by third parties. All statements and/or opinions expressed in these materials, and all articles and responses to questions and other content, other than the content provided by the Company, are solely the opinions and the responsibility of the person or entity providing those materials. These materials do not necessarily reflect the opinion of the Company. We are not responsible, or liable to you or any third party, for the content or accuracy of any materials provided by any third parties.
We may update the content of the Website from time to time, but its content is not necessarily complete or up to date. Any of the material in the Website may be out of date at any given time, and we are under no obligation to update such material. You are responsible for ensuring the accuracy of any content on the Website.
Links from the Website
If the Website contains links to other sites and resources provided by third parties, these links are provided for your convenience only. We have no control over the contents of those sites or resources and accept no responsibility for them or for any loss or damage that may arise from your use of them. If you decide to access any of the third-party websites linked to the Website, you do so entirely at your own risk and subject to the terms and conditions of use for such websites. Any views, opinions, or predictions contained in such third-party content are those of the author(s) alone and do not necessarily reflect the views of CerpassRx.
Disclaimer of Warranties – Use of the Internet
Unfortunately, the transmission of information via the internet is not completely secure. We cannot and do not guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website. You also agree and understand that we cannot and do not guarantee or warrant that files available for downloading from the internet or the Website will be free of viruses or other destructive code. WE WILL NOT BE LIABLE FOR ANY LOSS OR DAMAGE CAUSED BY A DISTRIBUTED DENIAL-OF-SERVICE ATTACK, VIRUSES OR OTHER TECHNOLOGICALLY HARMFUL MATERIAL THAT MAY INFECT YOUR COMPUTER EQUIPMENT, COMPUTER PROGRAMS, DATA OR OTHER PROPRIETARY MATERIAL DUE TO YOUR USE OF THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR TO YOUR DOWNLOADING OF ANY MATERIAL POSTED ON IT, OR ON ANY WEBSITE LINKED TO IT.
General Disclaimer of Warranties
YOUR USE OF THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE IS AT YOUR OWN RISK. THE WEBSITE, ITS CONTENT AND ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE ARE PROVIDED ON AN “AS IS” AND “AS AVAILABLE” BASIS, WITHOUT ANY WARRANTIES OF ANY KIND, EITHER EXPRESS OR IMPLIED. NEITHER CERPASSRX NOR ANY PERSON ASSOCIATED WITH CERPASSRX MAKES ANY WARRANTY OR REPRESENTATION WITH RESPECT TO THE COMPLETENESS, SECURITY, RELIABILITY, QUALITY, ACCURACY OR AVAILABILITY OF THE WEBSITE. WITHOUT LIMITING THE FOREGOING, NEITHER THE COMPANY NOR ANYONE ASSOCIATED WITH THE COMPANY REPRESENTS OR WARRANTS THAT THE WEBSITE, ITS CONTENT OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL BE ACCURATE, RELIABLE, ERROR-FREE OR UNINTERRUPTED, THAT DEFECTS WILL BE CORRECTED, THAT OUR SITE OR THE SERVER THAT MAKES IT AVAILABLE ARE FREE OF VIRUSES OR OTHER HARMFUL COMPONENTS OR THAT THE WEBSITE OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE WILL OTHERWISE MEET YOUR NEEDS OR EXPECTATIONS. THE COMPANY HEREBY DISCLAIMS ALL WARRANTIES OF ANY KIND, WHETHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO ANY WARRANTIES OF MERCHANTABILITY, NON-INFRINGEMENT AND FITNESS FOR PARTICULAR PURPOSE. THE FOREGOING DOES NOT AFFECT ANY WARRANTIES WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
Limitation on Liability
TO THE FULLEST EXTENT PERMITTED BY APPLICABLE LAW, IN NO EVENT WILL CERPASSRX, ITS AFFILIATES OR THEIR LICENSORS, SERVICE PROVIDERS, EMPLOYEES, AGENTS, OFFICERS OR DIRECTORS BE LIABLE FOR DAMAGES OF ANY KIND, UNDER ANY LEGAL THEORY, ARISING OUT OF OR IN CONNECTION WITH YOUR USE, OR INABILITY TO USE, THE WEBSITE, ANY WEBSITES LINKED TO IT, ANY CONTENT ON THE WEBSITE OR SUCH OTHER WEBSITES OR ANY SERVICES OR ITEMS OBTAINED THROUGH THE WEBSITE OR SUCH OTHER WEBSITES, INCLUDING ANY DIRECT, INDIRECT, SPECIAL, INCIDENTAL, CONSEQUENTIAL OR PUNITIVE DAMAGES, INCLUDING BUT NOT LIMITED TO, PERSONAL INJURY, PAIN AND SUFFERING, EMOTIONAL DISTRESS, LOSS OF REVENUE, LOSS OF PROFITS, LOSS OF BUSINESS OR ANTICIPATED SAVINGS, LOSS OF USE, LOSS OF GOODWILL, LOSS OF DATA, AND WHETHER CAUSED BY TORT (INCLUDING NEGLIGENCE), BREACH OF CONTRACT OR OTHERWISE, EVEN IF FORESEEABLE. THE FOREGOING DOES NOT AFFECT ANY LIABILITY WHICH CANNOT BE EXCLUDED OR LIMITED UNDER APPLICABLE LAW.
NOTICE OF PRIVACY PRACTICES
THIS NOTICE OF PRIVACY PRACTICES DESCRIBES HOW THE CERPASSRX (THE “PLAN”) INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice of Privacy Practices describes the legal obligations of the Plan and your legal rights regarding your protected health information held by the Plan under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and the Health Information Technology for Economic and Clinical Health Act (“HITECH”).
HIPAA protects only certain medical information known as “protected health information.” Generally, protected health information is health information, including demographic information, collected from you or created or received by a health care provider, a health care clearinghouse, a health plan or your employer on behalf of a group health plan from which it is possible to individually identify you and that relates to either, your past, present or future physical or mental health or condition, the provision of health care to you, or the past, present or future payment for the provision of health care to you. This Notice is specific to “protected health information.” References to “your information” or the like in this Notice are references to your “protected health information” or PHI under HIPAA.
If you have any questions about this Notice or about our privacy practices, please contact CerpassRx at firstname.lastname@example.org.
Healthcare Highway’s Responsibilities
We are required by law to:
- maintain the privacy of your protected health information;
- provide you with certain rights with respect to your protected health information;
- provide you with a copy of this Notice of our legal duties and privacy practices with respect to your protected health information; and
- follow the terms of the Notice that is currently in effect.
We reserve the right to change the terms of this Notice and to make new provisions regarding your protected health information that we maintain, as allowed or required by law. If we make any material change to this Notice, we will provide you with a copy of our revised Notice of Privacy Practices. You may request a copy of this Notice at any time or you may view it by visiting benefitsolver.com. For more information about our privacy practices or for additional copies of this Notice, please contact the individual designated at the end of this Notice.
How We Use and Disclose Your PHI
The following categories describe the different ways that we may use and disclose your PHI. Not every potential use or disclosure that falls within a category will be listed in that category; however, all of the ways we are legally permitted to use and disclose information will fall within one of the categories.
Medical Treatment. We may use or disclose your protected health information to facilitate medical treatment or services by providers. We may disclose medical information about you to providers, including doctors, nurses, technicians, medical students or other hospital personnel who are involved in taking care of you.
Payment. We may use or disclose your protected health information to determine your eligibility for Plan benefits, to facilitate payment for the treatment and services you receive from health care providers, to determine benefit responsibility under the Plan or to coordinate Plan coverage. We may also share your protected health information with a utilization review or precertification service provider.
Plan Administration. We may use and disclose your protected health information for certain other Plan operations. These uses and disclosures are necessary to administer the Plan. This includes conducting quality assessment and improvement activities; underwriting, premium rating, and other activities relating to Plan coverage; submitting claims for stop-loss (or excess-loss) coverage; conducting or arranging for medical review, legal services, audit services and fraud and abuse detection programs; business planning and development such as cost management; and business management and general Plan administrative activities. However, we will not use your genetic information for underwriting purposes.
Business Associates. We may contract with individuals or entities known as Business Associates to perform various functions on our behalf or to provide certain types of services. In order to perform these functions or to provide these services, Business Associates will receive, create, maintain, transmit, use and/or disclose your protected health information, but only after they agree in a written contract with us to abide by certain restrictions and implement appropriate safeguards regarding your protected health information.
Where Legally Required. We will disclose your protected health information when required to do so by federal, state or local law.
Preventing Risks to Health and Safety. We may use and disclose your protected health information when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.
Plan Sponsors. For the purpose of administering the plan, we may disclose to certain employees of a sponsor’s protected health information. However, unless you have authorized further disclosures, those employees will use or disclose that information only as necessary to perform plan administration functions or as otherwise required by HIPAA. Your protected health information cannot be used for employment purposes without your specific authorization.
Organ Donors. If you are an organ donor, we may release your protected health information after your death to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
Military. If you are a member of the armed forces, we may release your protected health information as required by military command authorities. We may also release protected health information about foreign military personnel to the appropriate foreign military authority.
Workers’ Compensation. We may release your protected health information for workers’ compensation or similar programs but only as authorized by, and to the extent necessary to comply with, laws relating to workers’ compensation and similar programs that provide benefits for work-related injuries or illnesses.
Public Health. We may disclose your protected health information for public health activities. These activities generally include the following:
- to prevent or control disease, injury or disability;
- to report births and deaths;
- to report child abuse or neglect;
- to report reactions to medications or problems with products;
- to notify people of recalls of products they may be using;
- to notify a person who may have been exposed to a disease or may be at risk for contracting or spreading a disease or condition; and
- to notify the appropriate government authority if we believe that a patient has been the victim of abuse, neglect or domestic violence. We will make this disclosure only if you agree, or when required or authorized by law.
Health Oversight Committees. We may disclose your protected health information to a health oversight agency for activities authorized by law. These oversight activities include, for example, audits, investigations, inspections and licensure. These activities are necessary for the government to monitor the health care system, government programs and compliance with civil rights laws.
Litigation and Formal Disputes. If you are involved in a lawsuit or a dispute, we may disclose your protected health information in response to a court or administrative order. We may also disclose your protected health information in response to a subpoena, discovery request or other lawful process by someone involved in a legal dispute, but only if efforts have been made to tell you about the request or to obtain a court or administrative order protecting the information requested.
Law Enforcement. We may disclose your protected health information if asked to do so by a law enforcement official for any of the following:
- in response to a court order, subpoena, warrant, summons or similar process;
- to identify or locate a suspect, fugitive, material witness or missing person;
- about the victim of a crime if, under certain limited circumstances, we are unable to obtain the victim’s agreement;
- about a death that we believe may be the result of criminal conduct;
- about criminal conduct; and
- in emergency circumstances to report a crime; the location of the crime or victims; or the identity, description or location of the person who committed the crime.
Coroners, Medical Examiners. We may release protected health information to a coroner or medical examiner. This may be necessary, for example, to identify a deceased person or determine the cause of death. We may also release medical information about patients to funeral directors as necessary to carry out their duties.
National Security. We may release your protected health information to authorized federal officials for intelligence, counterintelligence and other national security activities authorized by law.
Inmates. If you are an inmate of a correctional institution or are in the custody of a law enforcement official, we may disclose your protected health information to the correctional institution or law enforcement official if necessary: (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
Research. We may disclose your protected health information to researchers when: (1) the individual identifiers have been removed; or (2) when an institutional review board or privacy board has (a) reviewed the research proposal; (b) established protocols to ensure the privacy of the requested information; and (c) approved the research.
There are some instances in which we are legally required to disclose your PHI. The following is a description of the categories of those instances.
Government Audits. We are required to disclose your protected health information to the Secretary of the United States Department of Health and Human Services when the Secretary is investigating or determining our compliance with the HIPAA Privacy Rule.
Disclosures to You. When you request, we are required to disclose to you the portion of your protected health information that contains medical records, billing records and any other records used to make decisions regarding your health care benefits. We are also required, when requested, to provide you with an accounting of most disclosures of your protected health information if the disclosure was for reasons other than for payment, treatment or health care operations and if the protected health information was not disclosed pursuant to your individual authorization.
There are instances where we may disclose your PHI without prior consent. These include the following:
To Your Personal Representatives. We will disclose your protected health information to individuals authorized by you, or to an individual designated as your personal representative, attorney-in-fact, etc., so long as you provide us with sufficient written notice, authorization or documentation for us to determine that such person has the authority to act on your behalf (i.e., Power of Attorney).
Please note that we do not have to disclose information to a personal representative if we have a reasonable belief that: (1) you have been, or may be, subjected to domestic violence, abuse or neglect by such person; (2) treating such person as your personal representative could endanger you; or (3) in the exercise of professional judgment, it is not in your best interest to treat the person as your personal representative.
Spouses and Family Members. With limited exception, we will send all mail to the employee covered by the Plan. This includes mail relating to the employee’s spouse and other family members who are covered under the Plan and includes mail with information on the use of Plan benefits by the employee’s spouse and other family members and information on the denial of any Plan benefits to the employee’s spouse and other family members. If a person covered under the Plan has requested Restrictions or Confidential Communications (see below under “Your Rights”), and if we have agreed to the request, we will send mail as provided by the request for Restrictions or Confidential Communications.
Your Other Authorizations. Other uses or disclosures of your protected health information not described above will be made only with your written authorization. You may revoke your written authorizations at any time, so long as the revocation is in writing. Once we receive your written revocation, it will be effective only for future uses and disclosures. It will not be effective for any information that may have been used or disclosed in reliance upon the written authorization and prior to receiving your written revocation.
Your Rights in Connection with Your PHI
You have the following rights with respect to your protected health information:
Right to Inspect and Copy. You have the right to inspect and copy certain protected health information that may be used to make decisions about your Plan benefits. If the information you request is maintained electronically, and you request an electronic copy, we will provide you a copy in the electronic form and format you request, if the information can be readily produced in that form and format; if the information cannot be readily produced in that form and format, we will work with you come to an agreement on form and format. If we cannot agree on an electronic form and format, we will provide you with a paper copy.
To inspect and copy your protected health information, you must submit your request in writing to the Chief Technology and Privacy Officer at the contact information below. If you request a copy of the information, we may charge a reasonable fee for the costs of copying, mailing or other supplies associated with your request.
Right to Amend. If you believe that the protected health information, we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Plan.
To request an amendment, your request must be made in writing and submitted to Chief Technology and Privacy Officer at the contact information below. In addition, you must provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:
- is not part of the medical information kept by or for the Plan;
- was not created by us, unless the person or entity that created the information is no longer available to make the amendment; or
- is not part of the information that you would be permitted to inspect and copy; or is already accurate and complete.
If we deny your request, you have the right to file a statement of disagreement with us and any future disclosures of the disputed information will include your statement.
Right to an Accounting. You have the right to request an “accounting” of certain disclosures of your protected health information. The accounting will not include (1) disclosures for purposes of treatment, payment or health care operations; (2) disclosures made to you; (3) disclosures made pursuant to your authorization; (4) disclosures made to friends or family in your presence or because of an emergency; (5) disclosures for national security purposes; and (6) disclosures incidental to otherwise permissible disclosures.
To request this list or accounting of disclosures, your request must be made in writing and submitted to Chief Technology and Privacy Officer at the contact information below. Your request must state the time period you want the accounting to cover, which may not be longer than 6 years before the date of the request. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be provided free of charge. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
Right to Restrictions and Confidential Communications. You have the right to request a restriction on your protected health information that we use or disclose for treatment, payment or health care operations. You also have the right to request a limit on your protected health information that we disclose to someone who is involved in your care or the payment for your care, such as a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had. We are not required to agree to your request, except in one circumstance. We must agree to your request to restrict disclosure of protected health information about you to a health plan if (1) the disclosure is for the purpose of carrying out payment or health care operations and is not otherwise required by law, and (2) the information pertains solely to a health care item or service for which you paid a health care provider in full.
To request restrictions, you must make your request in writing to the person listed below. In your request, you must tell us (1) what information you want to limit; (2) whether you want to limit our use, disclosure or both; and (3) to whom you want the limits to apply– for example, disclosures to your spouse. If we do agree to the request, we will honor the restriction until you revoke it or we notify you.
You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. To request confidential communications, you must make your request in writing to the Privacy Officer (contact information listed below). Your request must specify how or where you wish to be contacted. We will accommodate all reasonable requests.
Right to be Notified of a Breach. You have the right to be notified in the event that we (or a Business Associate) discover a breach of unsecured protected health information.
Right to a Copy of this Notice. You have the right to a paper copy of this Notice. You may ask us to give you a copy of this Notice at any time. Even if you have agreed to receive this Notice electronically, you are still entitled to a paper copy of this Notice. You may obtain a paper copy of this Notice by requesting one from the Benefits Department.
If you believe that your privacy rights have been violated, you may file a complaint with the Plan or with the Office for Civil Rights of the United States Department of Health and Human Services. To file a complaint with the Plan, submit your complaint in writing to:
5904 Stone Creek Drive, Ste 120
The Colony, Texas 75056
Attn: Travis Crenshaw – Chief Technology and Privacy Officer
You will not be penalized, or in any other way retaliated against, for filing a complaint with the Office of Civil Rights or with us.
DIVERSITY AND EQUAL EMPLOYEMENT OPPORTUNITY (EEO)
As an Equal Opportunity Employer, CerpassRx gives equal consideration to all employees and job candidates without regard to gender, age, race, color, pregnancy, genetic information, marital status, sexual orientation, religion, national origin, physical or mental disability, political affiliation, service in the Armed Forces of the United States, status as a veteran or special disabled veteran, or any other characteristic that is protected by federal, state, or local law.