- Protected Health Information (PHI) obtained by TeleMedik and/or any of its affiliates through media and received by company employees will only be disclosed in compliance with state and federal laws and applicable regulations for the disclosure of confidential information. Health related information will be obtained only by staff working for TeleMedik and/or any of its affiliates. The staff is composed of nurses, nutritionists, pharmacists, doctors, consultants, service representatives and administrative personnel who will manage protected health information through telephone, fax or computer system. The information obtained is the minimum necessary, limited only to that necessary to carry out the functions established by our customers in the contract. All personnel will require training and be oriented to comply with the correct management of protected health information. The required training related to Privacy and Security will be provided within the first 90 days of hiring the resource and then an annual review will be carried out.
- TeleMedik and/or any of its affiliate’s employees will use the information received for the only purpose of carrying out clinical activities or providing services offered by the company, by the health organization or insurance company for which it establishes contracts. The services or programs offered include, but are not limited to, the following: condition management, quality management, utilization management, discharge planning, network management, case management, telemedicine and prescription drug audits of the medical plans. In the case of shared activities between TeleMedik and other organizations or medical plans, TeleMedik will designate an organization authorized employee or company to receive and deliver the PHI. In case of doubts, will always consult and obtain the client’s permission to use the information according to the client’s specifications.
- TeleMedik could use or release information about treatments, payments and health care operation for those services offered to direct clients (Business to Client) with the final purpose of support our business functions.
- TeleMedik could use or release health information to get in contact with you and provide appointment follow-ups or information about health-related services.
- TeleMedik has business partners (individuals and organizations) to whom various functions are delegated or provide certain types of services on behalf of TeleMedik. Business partners can receive, create, maintain, use or disclose PHI, and they demonstrate the necessary controls to properly safeguard said information.
- The professional could share the PHI only in cases that the health or security of the person is at risk. This situation will be informed and explained to the personnel and area possible cases will be discussed specifically when managing crisis calls or mental related situations.
- Any Exchange of information should be done using the secure methods available, for example the utilization of File Transfer Protocols (FTP).
- In the case of having to send information using the e-mail, it will be sent encrypted.
- In the case of sending documents via fax containing health confidential information, the employee will refer to the procedure on how to send PHI information and will use the TeleMedik official fax cover form. Refer to Attachment E – Transmission methods procedure for sending PHI information and Attachment F – Fax Cover.
- Management of correspondence will be handled from the mailing room, which is always locked.
- For the management and disposition of documents Refer to policy ADM CORP 023 – Management and Disposition of Confidential Documents.
Health information of participants may be used, disclosed and accessed according to the following:
- Written requests and additional information – The participant may request additional information about TeleMedik privacy practices or obtain forms for submitting written requests by contacting the TeleMedik Compliance and Privacy Office: PMB 347 Ave. Winston Churchill #138, San Juan, P.R. 00926-6013 or toll-free by telephone at 787-999-6200. You can also send an e-mail to: firstname.lastname@example.org to request additional information.
- Obtain a Copy of the Notice – The participant has the right to obtain a copy of our current Notice at any time. The participant could access it directly in the application TeleMedik Innova Health Solution, visiting our website: www.telemedik.com or contacting the TeleMedik Compliance and Privacy Office via e-mail at email@example.com.
- Inspect and obtain a copy of the PHI – With a few exceptions, the participant has the right to see and get a copy of the PHI we maintain about his/her. The participant may request access the PHI electronically. To inspect or obtain a copy of the PHI, the participant must submit a written request to the TeleMedik Compliance and Privacy Office. The participant may also ask us to provide a copy of the PHI to another person or entity. A reasonable fee may be charged for the expense of fulfilling your request as permitted under HIPAA and/or state law.
- Request an amendment – The participant could request that we amend the protected information included in our systems. To request an amendment, submit a written request to the TeleMedik Compliance and Privacy Office. The participant must include a reason that supports your request.
- Receive an accounting of disclosures – The participant has the right to request an accounting of disclosures we make of the PHI for purposes other than treatment, payment or health care operations. To obtain an accounting, the participant needs to submit a written request to the TeleMedik Compliance and Privacy Office. The participant may be charged for the cost of any subsequent accountings. In these cases, we will notify the participant in advance of the cost involved, and you may choose to withdraw or modify your request at that time.
- Request confidential communications – The participant has the right to request that we communicate with him/her in a certain way or at a certain location. To request confidential communication of their PHI, participants must submit a written request to the TeleMedik Compliance and Privacy Office.
- Request a restriction on certain uses and disclosures – Participant has the right to request additional restrictions on our use and disclosure of their PHI by sending a written request to the TeleMedik Compliance and Privacy Office.
- Notification of Breach – The participant will be notified in the event there is a breach of the unsecured PHI as defined by HIPAA.
As Delegated Entity the Operational Area will proceed as the following:
- In our operational areas, if the participant requests a written copy of a call made to our Center, should make the petition in writing to the attention of the Medical Insurance in which he is subscribed. In the case that the Health Agency (health plan) request such information, it will be provided in writing with the detail of the service offered and the result of the interaction.
- In our operational areas, such as the Contact Center, if the participant requests a restriction on the use and disclosure of his/her file, demographic changes and/or disclosure reports must be referred to the insurance entity to which he/she is subscribed to manage the such request.
- In the case that there are specific procedures related this rule by any of the clients to whom we offer services, those processes will be observed. There will be available as part of the training offered to functional areas, through access to specific information databases of the client or as part of our policies and/or procedures.
- For any additional information regarding this procedure you should contact your supervisor, the Compliance and Privacy Officer and/or Executive Director.
- The participant can file a complaint with the TeleMedik Compliance and Privacy Office or with the Secretary of the United States Department of Health and Human Services, if believes their privacy rights have been violated. All complaints must be submitted in writing. The participant or complainant will not be penalized or otherwise retaliated against in any way for filing a complaint, according to our Policy ADM COMP 009 – Whistleblower Protection.