Facebook
Twitter
AmeriHealth Mercy's Commitment to HIPAA ComplianceAmeriHealth Mercy is committed to protecting the privacy of members' health information, and to complying with applicable federal and state laws that protect the privacy and security of a member's health information. Consistent with this commitment, AmeriHealth Mercy has established basic requirements for the use or disclosure of members' protected health information (PHI). Federal Health Insurance Portability and Accountability Act (HIPAA) privacy regulations do not require health plans to obtain a member's written consent or authorization prior to using, disclosing, or requesting PHI for purposes of treatment, payment or health care operations (TPO). Nor do federal privacy regulations require that providers of health care services obtain their patients' consent or authorization before disclosing PHI to health plans for payment purposes, or for certain operational activities of the health plan, such as quality assurance. In addition, PHI may be disclosed by a health plan for a number of other purposes without the member's authorization. For instance, PHI may be disclosed when the health plan is required by law to do so. Unless a disclosure is specifically permitted by HIPAA, a member must sign an authorization form before AmeriHealth Mercy may use or disclose the member's PHI. An example of a disclosure that requires a specific authorization is the disclosure of an AmeriHealth Mercy member's PHI for marketing purposes. In these situations in which an authorization is required, AmeriHealth Mercy will make sure that a signed member (or personal representative) authorization has been obtained. Authorizations must:
AmeriHealth Mercy policies, in compliance with federal and state privacy regulations, permit members to have access to their PHI, to receive copies of it, and to request that certain such information be amended. However, this applies only to information that is stored in designated record sets. Designated record sets are records that contain PHI and that are used to make decisions about individual members. The following are examples of AmeriHealth Mercy designated record sets:
AmeriHealth Mercy has adopted a number of internal safeguards to prevent the unauthorized use, alteration, or disclosure of PHI orally, in writing, or transferred electronically throughout the company. These safeguards include administrative procedures, physical protections, and technology security solutions. AmeriHealth Mercy will continue to maintain adequate administrative, technical and physical safeguards to protect the privacy of PHI from unauthorized use or disclosure, whether intentional or unintentional, and from theft and unauthorized alteration. Safeguards are also utilized to effectively reduce the likelihood of use or disclosure of PHI that is unintended and incidental to a use or disclosure in accordance with AmeriHealth Mercy policies and procedures. AmeriHealth Mercy associates are subject to disciplinary action for violation of policies and procedures. Violations that jeopardize the privacy or security of PHI are particularly serious. This seriousness will be reflected in the nature of the disciplinary action, up to and including termination of employment. |
Visit AmeriHealth Mercy - The Industry Leader & Expert in Medicaid Managed Care
This site contains links to other Internet sites. AmeriHealth Mercy Health Plan is not responsible for the content of other Internet sites. Please see Terms of Use.
