For our customers located in the EU, please click here to learn how we comply with the General Data Protection Regulation (GDPR).
Protected Health Information
The Health Insurance Portability and Accountability Act (HIPAA) has established standards to ensure the privacy of your protected health information. Protected Health Information is information about your past, present, or future health or medical condition. HealthSmart maintains full compliance with HIPAA’s privacy and security regulations, and has implemented various administrative, physical and technical safeguards to comply with its provisions.
Measures to Safeguard Your Protected Health Information
HealthSmart will never share non-public protected health information with non-affiliated third parties. We restrict access to only those HealthSmart affiliates, subsidiaries, employees and contractors who need to know this information in order to provide you with HealthSmart’s products and services, and who are under an obligation to keep such information confidential. We also maintain physical, electronic, and procedural safeguards that comply with federal and state regulations to protect your information. In addition, HealthSmart internally utilizes non-identifying personal information for the proper management, administration and development of our products and services. Unless you specifically consent to a disclosure, your protected health information will not be sold, shared, licensed, or rented to third parties.
Customary Purposes for Disclosing Your Protected Health Information
While it is HealthSmart’s policy never to share non-public protected health information with non-affiliated third parties, HealthSmart may use your protected health information for a number of reasons as detailed below.
- Treatment: We may disclose your protected health information to doctors, nurses, and other licensed healthcare personnel who are involved in providing your healthcare services.
- Payment: We may use or disclose your information to assist in obtaining payment for healthcare services rendered to you.
- For Healthcare Operations: We may disclose your information in the course of administering our various healthcare services.
- Care Reminders: We may use your contact information to remind or notify you of the benefits of a health service.
- Legal Requirements: If necessary, we may be legally required to disclose your protected health information to comply with applicable laws, regulations, search warrants, subpoenas, discovery requests, or court orders.
- Other Uses and Disclosures: We may use medical information for other disclosures; however, this will only be done with your prior written authorization.
In addition, in some cases, HealthSmart contracts with various entities (“Contracting Entities”) to assist with the provision of medical services and products to members. HealthSmart and its affiliates may, from time to time, negotiate and enter into contracts on their own behalf with Contracting Entities, and you agree we may use or disclose your information to Contracting Entities. Agreements with Contracting Entities may provide for administrative fees, penalties, credits, rebates, guarantees, or other kinds of payments or fees (collectively, “CE Payments”) to be paid to HealthSmart. HealthSmart will retain such CE Payments which may be used for various HealthSmart business considerations, including offering competitive medical service prices to our customers. You understand and agree that CE Payments received by us may be based on the utilization of data of certain services or products by certain persons, some of whom may be HealthSmart members.
Your Rights Regarding Your Protected Health Information
You have the following rights regarding your protected health information:
- Right to Inspect and Copy: Upon written request, you have the right to inspect your health information.
- Right to Amend: If you feel there is a mistake or oversight in any of our records, you may request in writing that we amend your information.
- Right to Previously Disclosed Information: You may request a list of when, to whom, and for what purpose your information has been released over a six year period.
- Right to Receive Notice: You have the right to receive a paper copy of this privacy notice and/or an electronic copy by email upon your request.
- Right to Revoke Notice: You have the right to revoke prior authorizations to disclose your information upon written notice to HealthSmart.
- Right to Request Restrictions on Certain Uses & Disclosures: You may request that we restrict the disclosure of certain confidential information, subject to various limitations.
- Right to Receive Protected Health Information by Alternative Means or in Alternative Locations: You have the right to request that your protected health information be provided by alternative means or at alternative locations.
This privacy notice may be revised from time to time. Any new notice will be effective immediately for any and all confidential information we maintain. Upon revision, this notice will be available upon request and displayed prominently on our website and in our office locations. For more information on your rights regarding protected health information, please contact HealthSmart at 214.574.3546.
If you believe your privacy rights have been violated, you may file a complaint with HealthSmart or with the Secretary of the Department of Health and Human Services. To file a complaint with HealthSmart, please contact Sarah Bittner, General Counsel, 222 W. Las Colinas Blvd., Suite 500N, Irving, Texas 75039. All complaints must be submitted in writing.
EU-U.S. Privacy Shield Notice
In compliance with the Privacy Shield Principles, HealthSmart commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact HealthSmart at:
Sarah Bittner, General Counsel
HealthSmart Benefit Solutions, Inc.
222 W. Las Colinas Blvd., Ste 500N
Irving, TX 75039
HealthSmart has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.adr.org for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you. HealthSmart commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Under certain circumstances, binding arbitration may be invoked in pursuit of satisfaction of claims brought under this agreement. HealthSmart subjects itself to the investigatory and enforcement powers of the Federal Trade Commission (FTC).