This notice of privacy practices (hereinafter “Notice”) describes how protected health information and personally-identifiable information (PHI/PII) about you may be used and disclosed and how you can get access to this information. Please review it carefully.
This Notice pertains to the privacy of PHI/PII created, received or maintained by HMAA (the “Plan”). The Plan is required by law to maintain the privacy of your PHI/PII and to provide you with notice of its legal duties and privacy practices with respect to your health information. This notice has been revised to reflect regulations issued by the Department of Health and Human Services (DHHS) and is effective as of March 23, 2023.
- For Payment. The Plan may use and disclose your PHI/PII to pay claims for treatment, services or supplies you receive from health care providers. For example, the Plan may receive and maintain information regarding an office visit with a doctor so as to enable the Plan to process the doctor’s request for payment for the services.
- For Health Care Operations. The Plan may use and disclose your PHI/PII to enable it to perform its operations or to facilitate the provision of benefits to persons covered under the Plan. For example, the Plan may use your PHI/PII to develop ways to arrange for medical review or to engage in general administrative activities, such as customer service or responding to questions or concerns.
- For Treatment. The Plan may disclose your PHI/PII to a health care provider who renders treatment on your behalf. For example, if you are unable to provide your medical history as the result of an accident, the Plan may advise your treating physician about the types of prescription drugs that you currently take.
- To the Company. The Plan may disclose your PHI/PII to designated Company personnel so they can carry out their Plan-related administrative functions, including those described in this notice. These individuals will protect the privacy of your PHI/PII and ensure it is used only as described in this notice or permitted by law.
- To a Business Associate. The Plan may disclose PHI/PII to other persons or organizations, known as business associates, who provide services on the Plan’s behalf. To protect your PHI/PII, the Plan requires its business associates to appropriately safeguard the PHI/PII disclosed to them.
- Health-Related Benefits, Services and Treatment Alternatives. The Plan may use and disclose your PHI/PII to inform you of health-related benefits, services or treatment options or alternatives that may be of interest to you.
- Individual Involved in Your Care or Payment of Your Care. The Plan may disclose PHI/PII to a close friend or family member involved in, or who helps pay for, your health care.
- As Required by Law. The Plan will disclose your PHI/PII when required by federal, state or local law. The Plan may also use or disclose your health information under the special use and disclosure situations described below.
- Judicial and Administrative Proceedings. The Plan may disclose your PHI/PII in response to a court or administrative order, a subpoena, warrant, discovery request or other lawful process.
- Law Enforcement. The Plan may release your PHI/PII if asked to do so by a law enforcement official.
- Workers’ Compensation. The Plan may disclose your PHI/PII as necessary to comply with applicable workers’ compensation or similar laws.
- To Avert Serious Threat to Health or Safety. The Plan may use and disclose your PHI/PII when necessary to prevent a serious threat to the health and safety of yourself, another person, or the public.
- Public Health Activities. The Plan may disclose your PHI/PII for public health activities such as to an authorized public health authority for the purpose of preventing or controlling a disease, injury or disability.
- Health Oversight Activities. The Plan may disclose your PHI/PII to a health oversight agency for audits, investigations, inspections and licensure necessary for the government to monitor the health care system and government programs, or to ascertain compliance with applicable civil rights laws.
- Specialized Government Functions. In certain circumstances, federal regulations require the Plan to use or disclose your PHI/PII to facilitate government functions related to the military and veterans, national security and intelligence activities, protective services for the President and others, and correctional institutions and inmates.
- Coroners and Medical Examiners. The Plan may release your PHI/PII to a coroner or medical examiner. This may be necessary, for example, to identify the cause of a person’s death.
Promotional giveaways, sweepstakes, and contests (collectively “sweepstakes”) that the Plan may administer online through the Sites, social media, or digital platforms are applicable to this Privacy Notice. To participate in sweepstakes, the Plan may require you to provide your PII and certain other information including an email address, phone number, and mailing address. The Plan will use the information you provide to administer the sweepstakes, distribute prizes, and other purposes disclosed at the time of the sweepstakes announcement. You should carefully review the Official Rules of any sweepstakes in which you participate as they may contain additional important and applicable information.
Other uses and disclosures of PHI/PII not covered by this notice or by laws that apply to the Plan will be made only with your written authorization. The law expressly restricts the use and disclosure of psychotherapy notes, the use or disclosure of PHI/PII for marketing purposes, or disclosures that constitute a sale of PHI/PII, unless authorized by you. If you authorize the Plan to use or disclose your PHI/PII, you may revoke the authorization in writing at any time and the Plan will no longer disclose or use your PHI/PII for the reasons covered by your written authorization. However, the Plan will not retract any uses or disclosures previously made as a result of a prior authorization.
Your rights regarding your PHI/PII are described below.
- Protection of Genetic Information. Genetic information about you or your family members may not be used or disclosed by the Plan for activities relating to the creation, renewal, or replacement of a health insurance contract of health insurance or health benefits, or for any other underwriting purpose.
- Notification of Breach of Unsecured Health Information. You will be promptly notified if the Plan or a business associate discovers a breach of unsecured PHI/PII that affects you.
- Right to Inspect and Copy Your Health Information. You have the right to inspect and copy your PHI/PII maintained by the Plan. Your request must be in writing. The Plan may charge a fee for the cost of copying and mailing your request. In limited circumstances, the Plan may deny your request. Generally, you may request a review of the denial.
- Right to Amend. If you feel that your PHI/PII maintained by the Plan is incorrect or incomplete, you may ask the Plan to amend it for as long as the information is maintained by the Plan. To request an amendment, you must send a detailed request in writing to the Plan and provide the reasons supporting your request. The Plan may deny your request if the information requested to be amended is in fact accurate and complete, not created by the Plan, not information maintained by the Plan, or not information that you are otherwise permitted to inspect and copy.
- Right to an Accounting of Disclosures. You have the right to request a list of your PHI/PII that has been disclosed by the Plan, other than disclosures made for treatment, payment or health operations; to you or to a person involved in your care; to a law enforcement custodial official or for national security purposes; or in a manner that removed information that identified you. The request must be made in writing and must specify the period for which you are requesting the information (for example, during the six months preceding the request date). The Plan is not required to provide an accounting for disclosures made more than six years prior to the request.
- Right to Request Restrictions. You may request restrictions on the Plan’s use and disclosure of your PHI/PII for treatment, payment or health care operation purposes, and on the disclosure to someone involved in the payment of your care. For example, you may request that the Plan not disclose to a family member information regarding a surgery you had. The request must be made in writing; however, the Plan is not required to agree to it.
- Right to Receive Confidential Communications. You have the right to request that the Plan communicate with you in a certain way if you feel the disclosure of your PHI/PII could endanger you. For example, you may ask that the Plan only communicate with you at a certain telephone number or by email. If you wish to receive confidential communications, your request must be in writing, specify how or where you wish to be contacted, and include a statement that disclosure of all or part of the information to which the request pertains could endanger you. The Plan will attempt to honor reasonable requests for confidential communications.
- Right to a Copy of This Notice. You have a right to request and receive a paper copy of this notice at any time, even if you previously received it. Submit requests to the Plan’s Contact Person, or you may obtain a copy at hmaa.com.
The Plan reserves the right to change the terms of this notice at any time. If it is revised, we will send the revised notice to you. The provisions of the new notice will apply to all PHI/PII thereafter maintained by the Plan. Until such time as a notice is revised, the Plan is required by law to abide by the terms of the current version of the notice.
Submit concerns or complaints about the Plan’s safeguarding of your PHI/PII to the Plan’s Contact Person. The Plan will not retaliate against you in any way for filing a complaint. Complaints must be submitted in writing. If you believe your privacy rights have been violated, you may also file a complaint with the Office of Civil Rights, DHHS.
If you have any questions or wish to make a request regarding the matters covered by this notice, please contact:
HMAA Privacy Officer, 220 South King Street, Suite 1200, Honolulu, Hawaii 96813
Phone (808) 941-4622 / Toll-Free (888) 941-4622