MCNA Safeguards Your Information
MCNA takes pride in the fact that we are recognized leaders in the dental benefits industry. One of our strengths is our ability to administer dental plans in an effective and innovative manner while safeguarding our members' protected health information. We are committed to complying with the requirements and standards of the Health Insurance Portability and Availability Act of 1996 (HIPAA). We demonstrate our commitment through our actions.
The MCNA Board of Directors has appointed a Privacy Officer and a Security Officer to develop, implement, and maintain our HIPAA compliance program. Together they provide oversight of our compliance activities.
MCNA has established a HIPAA Steering Committee to assist the Privacy Officer and the Security Officer with the implementation and maintenance of our HIPAA compliance program. The committee additionally assists with the education and training on the requirements and implications of HIPAA for all our employees.
MCNA has implemented company-wide policies and procedures to comply with the provisions of HIPAA. We regularly conduct employee training and education in relation to HIPAA requirements to ensure those policies and procedures are in use.
MCNA fully disseminates its Notice of Privacy Practices to its members. All new members are provided with a copy of the Notice with their member orientation materials.
MCNA successfully filed for the extension of the HIPAA standards for electronic health care transactions and code sets. We began transmitting and receiving electronic-transactions in the HIPAA standard format in 2003.
If you have any questions regarding MCNA HIPAA compliance efforts, please contact our Privacy Officer by e-mail.
HIPAA and Social Security Numbers
We have received a number of questions about whether the Privacy Rules set forth under HIPAA prohibit the collection or use of an individual's Social Security number as an identifier for the group health plan.
Although the HIPAA Privacy Rules provide for the protection of individually identifiable information, which may include Social Security numbers, we do not believe that it is the intent of HIPAA to limit the collection or use of an individual's Social Security number for the following reasons. First and most importantly, the HIPAA regulations do not specifically prohibit the use or disclosure of an individual's Social Security number. Second, since an individual's Social Security number falls into the same category as other individually identifiable information, like name and address, it is equally protected under the HIPAA privacy and security requirements. Third, because of the fact that the Social Security number falls into the same category as other individually identifiable information, to prohibit its use or disclosure would also preclude the use of an individual's other identifiers, which is clearly not the intent of HIPAA.
We hope that this information has helped you understand why we believe that the use of Social Security numbers is still allowed under the HIPAA regulations.
If you have any questions, please do not hesitate to contact our Privacy Officer by e-mail.
HIPAA Notice of Privacy Practices
Effective January 1, 2005
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Under the Health Insurance Portability and Accountability Act of 1996 (HIPAA) we are required to maintain the privacy of your protected health information and to provide you with notice of our legal duties and privacy practices with respect to such protected health information.
We are required to abide by the terms of the notice currently in effect. We reserve the right to change the terms of our notice at any time and to make the new notice provisions effective for all protected health information that we maintain. In the event that we make a material revision to the terms of our notice, you will receive a revised notice within 60 days of the revision. If you have any questions or need further information, please contact our Privacy Officer by e-mail.
How We May Use or Disclose Your Health Information
The following describes the purposes for which we are permitted or required by law to use or disclose your health information without your consent or authorization. Any other uses or disclosures will be made only with your written authorization. You may revoke such authorization in writing at any time.
- Treatment: We may use or disclose your health information to provide you with medical treatment or services. For example, information obtained by a provider providing health care to you will record such information that is related to your treatment in your record. This information is necessary to determine what treatment you should receive. Health care providers will also record actions taken by them in the course of your treatment and note how you respond. Most uses and disclosures of psychotherapy notes will require your permission.
- Payment: We may use or disclose your health information in order to process claims or make payment for covered services you receive under your benefit plan. For example, your provider may submit a claim to us for payment. The claim form will include information that identifies you, your diagnosis, and treatment or supplies used in the course of treatment.
- Health Care Operations: We may use or disclose your health information for health care operations. Health care operations include, but are not limited to, quality assessment and improvement activities, underwriting, premium rating, management, and general administrative activities. For example, members of our quality improvement team may use information in your health record to assess the quality of care that you receive and to determine how to improve the quality and effectiveness of the services we provide.
- Business Associates: We may use or disclose your health information in instances where services are provided to our organization through contracts with third party "business associates". Whenever a business associate arrangement involves the use or disclosure of your health information, we will have a written contract that requires the business associate to maintain the same high standards of safeguarding your privacy that we require of our own employees and affiliates.
- Required by Law: We may use or disclose your health information if we are required to do so by federal, state, or local law.
- Communication with Family or Friends: We may disclose your health information to a family member, other relative, close personal friend, or any other person you identify. Our service professionals, using their best judgment, may do this when the situation is relevant to that person's involvement in your care or payment related to your care.
- Marketing: We may use your health information to provide you with information about treatment alternatives. We may provide you with information about other health-related benefits and services that may be of interest. We will not use or disclose your information for marketing purposes without your permission.
- Sale of protected health information: We will not sale your health information without your permission.
- Research: We may disclose your health information to researchers when their research has been approved by an institutional review board that has examined the research proposal and established protocols to ensure the privacy of the information.
- Coroners, Medical Examiners, and Funeral Directors: We may disclose your health information to a coroner or medical examiner. We may also disclose medical information to funeral directors consistent with applicable law to carry out their duties.
- Organ Procurement Organizations: We may disclose your health information, consistent with applicable law, to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for the purpose of tissue donation and transplant.
- Fund Raisers: We may use your health information to contact you as part of our fund-raising efforts. We will not use or disclose your information for fundraising purposes without your permission.
- Public Health: We may disclose your health information as required by law to public health or legal authorities charged with preventing or controlling disease, injury, or disability.
- Food and Drug Administration (FDA): We may disclose your health information to the FDA if it is relevant to adverse events with respect to food, supplements, products, and product defects. We may also disclose your information to the FDA in the case of post marketing surveillance to enable product recalls, repairs, or replacement.
- Workers' Compensation: We may disclose your health information to the extent authorized by and to the extent necessary to comply with laws relating to workers' compensation or other similar programs established by law.
- To Avert a Serious Threat to Health or Safety: We may use and disclose your health information when necessary and consistent with applicable federal and state laws to prevent a serious threat to your health and safety, or the health and safety of the public or another person.
- Military and Veterans: If you are a member of the armed forces, we may disclose your health information as required by military command.
- Health Oversight Activities: We may disclose your health information to a health oversight agency for activities authorized by law including audits, investigations, inspections, and licensure.
- Protective Services for the President, National Security, and Intelligence Activities: We may disclose your health information to authorized federal officials so they may provide protection to the President, other authorized persons, or foreign heads of state. They may also use the information to conduct special investigations or for intelligence, counterintelligence, and other national security activities authorized by law.
- Law Enforcement: We may disclose your health information when requested by a law enforcement official as part of law enforcement activities, investigations of criminal conduct, responses to court orders, emergency circumstances, or when required to do so by law.
- Inmates: We may disclose health information about an inmate of a correctional institution or under the custody of a law enforcement official to the correctional institution or law enforcement official.
- Lawsuits and Disputes: We may disclose your health information in response to a subpoena, discovery request, or other lawful order from a court.
- Plan Sponsors: We may disclose your health information to your plan sponsor to carry out plan administration functions that the plan sponsor performs upon certification that the plan documents have been amended as set forth under HIPAA regulations.
Your Rights Regarding Your Health Information
The following describes your rights regarding the health information we maintain about you.
- Right to Request Restrictions. You have the right to request that we restrict uses or disclosures of your health information to carry out treatment, payment, health care operations, or communications with family or friends. We are not required to agree to a restriction. For treatment that you paid out of pocket in full, you do not have to disclose that health information to your health plan sponsor.
- Right to Receive Confidential Communications. You have the right to request that we send communications that contain your health information by alternative means or to alternative locations. We must accommodate your request if it is reasonable and you clearly state that the disclosure of all or part of that information could endanger you.
- Right to Inspect and Copy. You have the right to obtain hard and electronic copies of your health information. You have the right to inspect and copy health information that we maintain about you in a designated record set. A designated record set is a group of records that we maintain, like enrollment, payment, and claims adjudication record systems. If copies are requested or you agree to a summary or explanation of such information, we may charge a reasonable, cost-based fee for the costs of copying. This fee may include labor costs, copying costs, postage costs, and preparation costs of an explanation or summary, if such is requested. We may deny your request to inspect and copy in certain circumstances as defined by law. If you are denied access to your health information, you may request that the denial be reviewed.
- Right to Amend. You have the right to have us amend your health information for as long as we maintain it. Your written request must include the reason or reasons that support your request. We may deny your request for an amendment if we determine the record that is the subject of the request was not created by us, is not available for inspection as specified by law, or is accurate and complete.
- Right to Receive an Accounting of Disclosures. You have the right to receive an accounting of disclosures of your health information made by us in the six years prior to the date the accounting is requested (or shorter period as requested). This does not include disclosures made to carry out treatment, payment, and health care operations or those made to you. It also does not include disclosures of communications with family and friends, disclosures for national security or intelligence purposes, disclosures to correctional institutions or law enforcement officials, or disclosures made prior to the HIPAA compliance date of April 14, 2003. Your first request for accounting in any 12-month period shall be provided without charge. A reasonable, cost-based fee shall be imposed for each request after that for accounting within the same 12-month period.
- Right to Obtain a Paper Copy. You have the right to obtain a paper copy of this Notice of Privacy Practices at any time.
- Right to Receive a Notification of a Breach. You have a right to receive a notice that a breach has resulted in your unsecured private information being inappropriately used or disclosed. We will notify you in a timely manner if such a breach occurs.
To exercise your rights, you must submit your request in writing to our Privacy Officer at:
200 West Cypress Creek Road, Suite 500
Fort Lauderdale, FL 33309
How to File a Complaint if You Believe Your Privacy Rights Have Been Violated
If you believe that your privacy rights have been violated, please submit your complaint in writing to the address provided:
200 West Cypress Creek Road, Suite 500
Fort Lauderdale, FL 33309
You may also file a complaint with the Secretary of the Department of Health and Human Services. You will not be retaliated against for filing a complaint.