Privacy Policies

HIPPA

Notice of Privacy Practices

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.  PLEASE REVIEW IT CAREFULLY. (HIPAA,45 CFR 164.520(1)(I), FEDERALLY REQUIRED NOTIFICATION

  The Wabash Memorial Hospital Association (WMHA) has adopted this Notice of Privacy Practices to comply with Federal Guidelines as outlined in the Health Insurance Portability and Accountability Act (HIPAA).  It is also our policy to advise each member of their rights and expectations with respect to the privacy of certain Protected Health Information (PHI). Protected health information is defined as: any 'individually identifiable health information' whether maintained or transmitted on paper, in electronic format or orally.  It may include demographic information collected from an individual that is created or received by a health care provider, health plan, health care clearinghouse, or employer, that relates to an individual's past, present or future physical or mental health or condition, or payment for that individual's health care, and that identifies the individual or for which there is a reasonable basis to believe it can be used to identify the individual. WMHA acknowledges that during routine business transactions it is necessary to collect, receive and make use of certain personal or family medical information that is considered PHI.  This information may come from hospitals, clinics and physician providers or other insurance entities.  Without such data, we would be unable to properly process and pay medical claims on your behalf.  Since we provide either Primary or Secondary coverage for all WMHA members, we maintain Business Partner Agreements with other Providers who may be directly or indirectly involved in your healthcare.  In those instances where we also serve as a 'Provider', that data must be shared with other insurance entities to receive proper reimbursement for your treatment.  Our intent and ongoing practice is to resolutely and diligently protect the privacy of all the health information of all our members that we may be expose to in any form, from any source.  The development of this policy focuses on the following acknowledgments and assumptions.

1. Patient medical records are the property of the facility / office generating that document, however, the patient has a right to access the information in that record.
2. WMHA will obtain consent to release medical information from the members or their parent/guardian; except for those instances otherwise required by prevailing law, professional ethics, and continuity of care, billing, communicable disease reporting, etc.
3. Informed consent, i.e., with knowledge of the risks and benefits of disclosure, must be obtained for the release or transfer of especially sensitive information such as AIDS/HIV, alcohol and drug abuse prevention and treatment.
4. Any disclosure of confidential patient/member information carries the risk potential for an unauthorized redisclosure that could breach confidentiality.
5. The request for releasing patient information (copying, postage, etc.) generates cost for WMHA, which reserves the right to charge accordingly.
6. WMHA reserves the right to change or otherwise modify this policy.

Protected Information: PHI may be received from many sources via U.S. Mail, telephone, in writing or over a computer line.  Information may be oral or recorded in any medium, that relates to an individual's past, present or future physical or mental health or condition, or provision of or payment for healt6h care to an individual or: Created or received by health care provider, health plans, public health authority, employer, insurers, schools or clearinghouses.

Identifiable Information: Includes demographic data collected from an individual, created or received by a health care provider, health plan, employer or clearinghouse that may directly or inadvertently permit identification or an individual, e.g., name address, SSN, phone number.

Allowable use of data: Generally, WMHA may use or disclose PHI to 1) carry out patient treatment, 2) facilitate payment for such treatment, and 3) to carry out our own health care operations such as assisting in the settlement of member's FELA claims.

As a provider, as well as insurer, WMHA will only share a minimum level of information on behalf of a member in order to determine eligibility and covered benefits, assist with precertification or preauthorization, utilization review, billing claims management etc. Example: Your doctor may share medical information about you with another health care provider.  For example, if you are referred to another doctor, that doctor will need to know if you are allergic to any medications.  Similarly, your doctor may share PHI about you when calling in a prescription.

WMHA WILL NOT SHARE MEMBER INFORMATION FOR MARKETING MAILING LISTS OR FUND RAISING PURPOSES EXCEPT AS MAY BE DIRECTLY AFFILIATED WITH WMHA SUCH AS THE WABASH HOSPITAL ASSOCIATION FOUNDATION.

Worksite Health / Safety and Law Enforcement / Public Interest as well as certain areas of medical research are issues that allow the exchange of PHI without specific consent.  This data will normally be collective; group data/statistics unless if demanded by a court of law, specific member information related to child abuse, adult abuse, neglect, domestic violence or national security, may be demanded.

Permission:  Consent, Authorization and Oral Permission:  Consent from the patient must be granted to Direct Treating Providers giving them permission to use PHI for treatment, payment, or healthcare operations.  This can permit a One Time Event or good until revoked.  Consents must be signed and dated and may be revoked at any time.  Exceptions noted are for treatments required by law, certain emergency situations, when language barriers exist, treatment to inmates and some health plans and clearinghouses. Oral Permission is adequate for the sharing of some PHI such as notification of family members or friends involved in one's care or care payment and/or certain directory information.  Religion information may be disclosed to clergy.  Oral permission is adequate also for the ordering of prescription medications, x-rays and medical supplies.  Authorization is required for the release of PHI in situations not requiring consent: i.e. to persons/entities not directly involved in the patient's care such as Workman's Compensation claims, third party payers, life insurance inquiries, transfer of certain medical/pharmacy records, etc.

WMHA will have available upon request by a member information about who is requesting information, what, when and how that information is disclosed and by whom.  We will always satisfy the Privacy Rules by only providing the Minimum Necessary to satisfy the request.  WMHA will inform members of this Privacy Notice.

WMHA acknowledges that certain member rights exist, such as:

1. the right to amend and correct for incomplete PHI
2. the right to inspect and copy the individual's own PHI
3. the right to receive confidential communications from a Covered Entity
4. the right to request restrictions on certain uses and disclosures, and a statement that the covered entity is not required to agree to such restrictions.
5. the right to receive an accounting of disclosures
6. the right to revoke a consent

WMHA is required to:

1. Maintain the privacy of your health information
2. Provide you with a notice as to our legal duties and privacy practices regarding health information collected and maintained about you
3. Adhere to the terms of this Notice of Privacy Practices;
4. Contact and notify you if we are unable to agree to a requested restriction; and
5. Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations

We reserve the right to change our practices and to make the new provisions effectively for all protected health information we maintain.  Should our information practices change, we will mail a revised notice to the address you've supplied us.

For More Information Or To Report A Problem:  Should you have further questions or wish to make a change in the protected health information, please contact Ms. Tamara Bivins, WMHA Administrator at (217) 429-5246.  If you believe your privacy right has been violated, you can file a complaint with Ms. Tamara Bivins, WMHA Administrator, PO Box 1340 Decatur, Illinois 62525 or with the Secretary of Health and Human Services.  There will be no retaliation for filing a complaint.

THE EFFECTIVE DATE OF THIS PRIVACY NOTICE SHALL BE APRIL 1, 2003

____________________________________________________________________________________________

Authorization For Release of Protected Health Information

At Wabash Memorial Hospital Association, we take your privacy seriously.  HIPAA guidelines strictly prohibit us from disclosing or relating Protected Health Information (PHI) to non-providers without your permission.  This includes spouses and children even if they are also Wabash members. 

To prevent possible delays in your treatment or in servicing your medical claims, we encourage you to complete the authorization form.  Please sign and return it to us promptly so your service or care will not be delayed.  If you have not completed a form, please click on Authorization For Release of P H I 2013 .pdf.  After printing and completing the form, please mail it to Wabash Association, PO Box 1340, Decatur, IL 62525-1340.

____________________________________________________________________________

Notice of Security In Place

The Security Rule is intended to provide National standards for reasonable and appropriate Administrative, Physical and Technical safeguards as they pertain to the electronic transmission of PHI (as previously defined).  It is designed to protect the confidentiality, integrity and availability of electronic protected health information.  Wabash has measures in place to insure that unauthorized persons or entities are unable to gain access to electronic PHI transmitted through the Internet.  Wabash also asserts that any employee or fiduciary of Wabash who violates these measures are subject to disciplinary action.

Wabash also ensures that any agent or subcontractor with whom electronic PHI is shared also agrees to implement reasonable and appropriate security measures to protect the information.