NOTICE OF HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) PRIVACY PRACTICES for the Health Insurance Division of State Farm Mutual Automobile Insurance Company.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
We are required by law to maintain the privacy of personal health information and to provide you with notice of our legal duties and privacy practices with respect to personal health information. We are required to abide by the terms of this Notice so long as it remains in effect. We reserve the right to change our Privacy practices, procedures, and terms of this HIPAA Notice of Privacy Practices as necessary, and to make the new Notice effective for all personal health information maintained by us. If a material change is made to the terms of this Notice, a revised notice will be provided to all primary insureds. You may obtain a copy of the HIPAA Privacy Notice by accessing our website at statefarm.com® or by mailing a request to the address below.
Uses and Disclosures of Your Personal Health Information
Even though we do not use or disclose your personal health information for marketing or sell your personal health information to third parties, we must notify you that the following uses or disclosures specifically require your prior authorization: 1) uses and disclosures of personal health information for marketing purposes 2) disclosures that constitute a sale of personal health information and 3) most uses and disclosures of psychotherapy notes. In addition, except as outlined below, we will not use or disclose your personal health information for any purpose unless you have signed a form authorizing the use or disclosure. You have the right to revoke that authorization in writing unless we have taken any action in reliance on the authorization.
Uses and Disclosures for Payment
We may use and disclose your personal health information as necessary for payment purposes. For instance, we may use and disclose information regarding your medical care to process and pay claims.
Uses and Disclosures for Health Care Operations
We may use and disclose your personal health information as necessary, and as permitted by law, for our health care operations such as customer service, premium rating, fraud and abuse prevention and detection, and other functions related to your health policy. We may use and disclose your personal health information to provide you with information about treatment alternatives or other benefits and services that may be of interest to you.
Family, Friends, and Others Involved in Your Care
With your approval, we may disclose your personal health information to designated family, friends, and others, to assist that person in caring for you or in paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation, and we determine that a limited disclosure may be in your best interest, we may share limited personal health information with such individuals without your approval. If you have designated a person to receive information regarding payment of the premium on your Long-Term Care Insurance policy, we will inform that person when your premium has not been paid.
At times it may be necessary for us to provide some personal health information to one or more outside persons or organizations who assist us with our business activities. We require these business associates to appropriately safeguard the privacy of your information.
Additional Uses and Disclosures Without Your Authorization
We are permitted or required by law to make certain other uses and disclosures of your personal health information without your authorization, including under the following conditions:
- For any purpose as required by law;
- For public health activities, such as required reporting of certain diseases;
- As required by law if we suspect child abuse or neglect; we may also release your personal health information as required by law if we believe you to be a victim of abuse, neglect, or domestic violence;
- If required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings;
- If required to do so by a court or administrative ordered subpoena, discovery request, or qualified protective order;
- To law enforcement officials as required by law;
- To coroners and/or funeral directors consistent with law;
- If necessary to arrange an organ or tissue donation from you or a transplant for you;
- For certain research purposes when such research is approved by an institutional review board with established rules to ensure privacy;
- If you are a member of the military as required by armed forces services; we may also release your personal health information if necessary for national security or intelligence activities;
- If necessary to avert a serious threat to health or safety; or,
- To workers' compensation agencies if necessary for your workers' compensation benefit determination.
We are prohibited from using or disclosing personal health information that is genetic information for underwriting purposes.
Your HIPAA Privacy Rights
Access to Your Personal Health Information
You have the right to obtain a copy and inspect specific items of your personal health information, such as your policy or claim information, for as long as we maintain it. We may deny your request to access certain personal health information, as permitted or required by law. We may require your request for access in writing. Your request for access should contain as much detail as possible regarding the personal health information you wish to review. We may charge a reasonable fee for access to your personal health information.
Amendments to Your Personal Health Information
You have the right to request an amendment of the personal health information we maintain about you if you believe it is incorrect. We are not legally obligated to make all requested amendments but will give each request appropriate consideration. Requests for amendment must be in writing and must state the reasons for the amendment request.
Accounting for Disclosures of Your Personal Health Information
You have the right to request a list or accounting of certain disclosures of your personal health information. We are not legally obligated to provide an accounting of every disclosure but will give each request appropriate consideration. Requests must be made in writing. The accounting will not include disclosures made prior to April 14, 2003.
Restrictions on Uses and Disclosures of Your Personal Health Information
You have the right to request restrictions on certain uses and disclosures of your personal health information for treatment, payment, or health care operations by notifying us of your request for a restriction in writing. We are not legally required to agree to your restriction request.
Notification of Breaches
You have the right to receive notice following a breach of your personal health information.
Confidential Communication of Personal Health Information
You have the right to request and to receive communications from us regarding your personal health information by another method of contact or at an alternative address. We will accommodate reasonable requests, which must clearly state that disclosure of all or part of the information could endanger your health or safety.
If you believe your privacy rights have been violated, you can file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services in Washington D.C. There will be no retaliation for filing a complaint.
How to Contact Us
If you have questions or need further assistance regarding this Notice, or wish to exercise any of the above-mentioned rights, you may contact the HIPAA/Privacy Administrator at the address closest to you:
State Farm Mutual Automobile Insurance Company
Health Operations East
5400 Albany Road East
New Albany, Ohio 43054
State Farm Mutual Automobile Insurance Company
Health Operations West
1555 Promontory Circle
Greeley, Colorado 80634
Your State Privacy Rights
Your state law may provide greater or different privacy rights regarding the protection, use or disclosure of information related to victims of abuse or domestic violence.
This Notice of Privacy Practices is effective September 23, 2013.