This document provides an overview and training on processing HIPAA Privacy forms at Horizon BCBSNJ. It discusses what HIPAA is and the HIPAA Privacy Rule. It reviews the various HIPAA forms used, including forms for personal representation, access to private health information, and confidential communications. It also covers scenarios for determining when each form would be used and how to properly process, refer, and escalate HIPAA requests and privacy complaints. The goal is to equip employees with the tools needed to properly handle HIPAA privacy matters and ensure members' private health information is protected according to HIPAA standards.
1) The document discusses whether physicians are considered "creditors" under the Fair Credit Reporting Act and therefore subject to the Identity Theft Red Flags Rule.
2) It examines the definitions of "creditor" and "credit" in the Equal Credit Opportunity Act, on which the FCRA definition is based, and concludes that professionals who regularly bill clients for services after rendering them, such as physicians, are creditors.
3) It also notes that federal agencies and courts have interpreted the terms broadly, and that excluding physicians would require explicit action from Congress.
This document outlines the requirements for all Medicaid waiver providers in Florida, including 7 sections that cover key topics. Section 1 discusses Medicaid waiver information such as what a Medicaid waiver is and details about Florida's iBudget waiver. Section 2 reviews key provider requirements and best practices. Section 3 covers compliance with federal and state laws. Section 4 provides an overview of the state's zero tolerance policy. Section 5 discusses incident reporting. Section 6 summarizes medication administration and behavior emergency procedures. Finally, section 7 lists important contact information.
Nearly 40% of soldiers returning from Iraq and Afghanistan report mental health issues. The document discusses two main organizations that provide mental health services to veterans and active military - the VA and TRICARE. It outlines eligibility requirements and services provided by each, such as outpatient counseling and inpatient care. It also discusses ways for community providers to become part of these networks to increase access to care for veterans dealing with conditions like PTSD and substance abuse.
Ohio Emerging Property Management Issues by Attorney Theresa MorelliTheresa Morelli
This document summarizes emerging property management issues related to medical marijuana and criminal background screening. For medical marijuana, it outlines the new Ohio law and limitations on use. It discusses challenges around allowing medical marijuana use by tenants as a reasonable accommodation. For criminal backgrounds, it discusses HUD guidance against blanket bans on felons and recommends an individualized approach considering factors like crime seriousness and rehabilitation. Landlords are advised to have consistent policies and consult legal counsel on difficult cases.
This 3 sentence summary provides the essential details about a $569,500 FELA jury verdict in favor of the plaintiff, Ron Vergara:
While working as a trainman for Union Pacific Railroad, Ron Vergara injured his back trying to uncouple railcars on a sharply curved track with known issues. Despite undergoing back surgery, Vergara was unable to return to work for the railroad, which also terminated him while he was disabled. A jury awarded Vergara $569,500 under FELA for the railroad's negligence that caused his injuries and termination.
This educational webinar reviews all of the requirements that an employer must meet to comply with HIPAA Privacy.
The webinar covers the following topics:
• What health information must be protected by the employer
• What steps an employer must take to comply (forms and procedures)
• What penalties will be imposed by the federal government if an employer does not comply
• What steps an employer must take if any information is disclosed improperly
• What agreements must be in place for an employer's outside vendors to comply
This document provides a summary of a training presentation on HIPAA privacy and security requirements for students, job shadows, and residents at Springfield Clinic. It includes an overview of key aspects of HIPAA including patient rights, requirements for covered entities like Springfield Clinic, and responsibilities for protecting patient privacy and securing protected health information. Breach prevention, response procedures for potential breaches, and sanctions for privacy violations are also summarized. The training aims to educate trainees on their confidentiality responsibilities regarding patient information.
HIPAA Lockdown: One-Hour Guide to PHI Best Practicebenefitexpress
If your business provides health benefits, you handle Protected Health Information. Last year, the HHS stepped up its HIPAA privacy audits, expanding the scope beyond health care providers to any business that handles PHI – that means you.
Audits aren’t slowing down, so get the one-hour guide to:
- Proper handling of protected information
- Permitted disclosures of PHI
- Current EDI standards and compliance strategies
- Best practices before and during a HIPAA audit
1) The document discusses whether physicians are considered "creditors" under the Fair Credit Reporting Act and therefore subject to the Identity Theft Red Flags Rule.
2) It examines the definitions of "creditor" and "credit" in the Equal Credit Opportunity Act, on which the FCRA definition is based, and concludes that professionals who regularly bill clients for services after rendering them, such as physicians, are creditors.
3) It also notes that federal agencies and courts have interpreted the terms broadly, and that excluding physicians would require explicit action from Congress.
This document outlines the requirements for all Medicaid waiver providers in Florida, including 7 sections that cover key topics. Section 1 discusses Medicaid waiver information such as what a Medicaid waiver is and details about Florida's iBudget waiver. Section 2 reviews key provider requirements and best practices. Section 3 covers compliance with federal and state laws. Section 4 provides an overview of the state's zero tolerance policy. Section 5 discusses incident reporting. Section 6 summarizes medication administration and behavior emergency procedures. Finally, section 7 lists important contact information.
Nearly 40% of soldiers returning from Iraq and Afghanistan report mental health issues. The document discusses two main organizations that provide mental health services to veterans and active military - the VA and TRICARE. It outlines eligibility requirements and services provided by each, such as outpatient counseling and inpatient care. It also discusses ways for community providers to become part of these networks to increase access to care for veterans dealing with conditions like PTSD and substance abuse.
Ohio Emerging Property Management Issues by Attorney Theresa MorelliTheresa Morelli
This document summarizes emerging property management issues related to medical marijuana and criminal background screening. For medical marijuana, it outlines the new Ohio law and limitations on use. It discusses challenges around allowing medical marijuana use by tenants as a reasonable accommodation. For criminal backgrounds, it discusses HUD guidance against blanket bans on felons and recommends an individualized approach considering factors like crime seriousness and rehabilitation. Landlords are advised to have consistent policies and consult legal counsel on difficult cases.
This 3 sentence summary provides the essential details about a $569,500 FELA jury verdict in favor of the plaintiff, Ron Vergara:
While working as a trainman for Union Pacific Railroad, Ron Vergara injured his back trying to uncouple railcars on a sharply curved track with known issues. Despite undergoing back surgery, Vergara was unable to return to work for the railroad, which also terminated him while he was disabled. A jury awarded Vergara $569,500 under FELA for the railroad's negligence that caused his injuries and termination.
This educational webinar reviews all of the requirements that an employer must meet to comply with HIPAA Privacy.
The webinar covers the following topics:
• What health information must be protected by the employer
• What steps an employer must take to comply (forms and procedures)
• What penalties will be imposed by the federal government if an employer does not comply
• What steps an employer must take if any information is disclosed improperly
• What agreements must be in place for an employer's outside vendors to comply
This document provides a summary of a training presentation on HIPAA privacy and security requirements for students, job shadows, and residents at Springfield Clinic. It includes an overview of key aspects of HIPAA including patient rights, requirements for covered entities like Springfield Clinic, and responsibilities for protecting patient privacy and securing protected health information. Breach prevention, response procedures for potential breaches, and sanctions for privacy violations are also summarized. The training aims to educate trainees on their confidentiality responsibilities regarding patient information.
HIPAA Lockdown: One-Hour Guide to PHI Best Practicebenefitexpress
If your business provides health benefits, you handle Protected Health Information. Last year, the HHS stepped up its HIPAA privacy audits, expanding the scope beyond health care providers to any business that handles PHI – that means you.
Audits aren’t slowing down, so get the one-hour guide to:
- Proper handling of protected information
- Permitted disclosures of PHI
- Current EDI standards and compliance strategies
- Best practices before and during a HIPAA audit
The document provides training on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. It discusses what protected health information (PHI) is and the rules around using and disclosing PHI. Key points include:
- PHI is individually identifiable health information that is protected by HIPAA.
- PHI can generally be used or disclosed for treatment, payment, and healthcare operations without patient authorization. Other uses require authorization or fall under other exceptions.
- The Privacy Rule establishes patient rights regarding access to and restrictions on use of their PHI, and requires covered entities to implement privacy protections and provide privacy training to staff. Non-compliance can result in civil and criminal penalties.
This document summarizes a training on HIPAA privacy rules for the Philadelphia Center. It discusses revising the client complaint form to meet HIPAA standards by rewording it and including an actual form. It also explains that the Philadelphia Center must provide each client with a Notice of Privacy Practices describing how their health information may be used or disclosed, clients' rights regarding their information, and how to file complaints. Finally, it states that the employee handbook does not mention HIPAA rules or breach notification procedures, and employees cannot be held responsible if not trained on these practices.
This document provides an overview of HIPAA privacy policies and procedures for employees of the Louisiana Department of Health and Hospitals. It defines key HIPAA terms like protected health information and explains rules around obtaining permission to disclose PHI, minimum necessary standards, and verification requirements. Employees are informed that failure to comply with HIPAA is against federal law and can result in penalties, and they are instructed to report any potential violations to their supervisor. The goal is to educate staff on maintaining privacy of patient health information.
NYPC Notice of Privacy Practices (HIPPA)nypaincare
This document outlines the privacy practices of a medical office regarding protected health information (PHI). It states that the office is required by law to maintain privacy of PHI and provide notice of its privacy policies. It describes how PHI may be used for treatment, payment, and healthcare operations. It also discusses how individuals can file complaints about potential privacy violations and exercise their rights regarding PHI, including requesting restrictions on uses/disclosures, confidential communications, and access to/amendments of their records.
This training module covers HIPAA privacy and security rules for protecting protected health information (PHI). It addresses recognizing situations where PHI could be mishandled, practical ways to protect privacy and security of sensitive information, and that employees will be held responsible for improperly handling PHI. The module covers forms of PHI, examples of PHI, HIPAA privacy and security rules, covered entities' duty to protect PHI, and consequences for violations.
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondConference Panel
The document summarizes key points from a presentation on anticipated changes to HIPAA privacy and security regulations for 2024 and beyond. It discusses proposed 2023 rule changes enhancing protections for reproductive health information. These changes are being extended into 2024 through ongoing rulemaking. The presentation covers differences between privacy and security, employee training requirements, best practices for cybersecurity and incident response, and conclusions on avoiding liability when new regulations take effect.
This document provides an overview of HIPAA privacy rules regarding access to medical records. It defines key terms like covered entity, business associate, and protected health information. It explains that patients have rights under HIPAA to access, inspect, and obtain copies of their medical records, as well as request amendments. There are additional rules for mental health and psychotherapy notes. Covered entities may charge reasonable fees for copying and mailing records.
The document summarizes key rights and requirements under the HIPAA Privacy Rule. It discusses individuals' rights to access, amend, and receive an accounting of disclosures of their protected health information. It also covers requirements regarding breach notification, research involving PHI, preemption of state laws, and administrative, civil and criminal penalties for non-compliance.
The document summarizes key rights that individuals have under HIPAA regarding their protected health information (PHI), including the right to access, amend, receive an accounting of disclosures of, and request confidential communications or restrictions on their PHI. It describes requirements for covered entities to comply with these rights, such as responding to requests within 30 days. The document also discusses HIPAA requirements around breach notification and penalties for noncompliance.
The document summarizes key rights and protections provided to individuals under the HIPAA Privacy Rule, including the right to access, amend, and receive an accounting of disclosures of their protected health information (PHI). It discusses individual rights to request confidential communications, restrictions on use and disclosure of PHI, and to file complaints regarding privacy violations. The document also covers HIPAA requirements around breach notification and applies of the rule to research. It notes that HIPAA sets a federal privacy floor and state laws with greater protections supersede it.
HIPAA establishes standards to protect sensitive patient health information. It covers identifiable health information held by covered entities, including demographic information, medical records, insurance forms, and billing information. HIPAA applies to both electronic and paper records. It gives patients rights over their protected health information and sets security standards for covered entities to safely store, use and transmit patient data. Covered entities must implement safeguards like access controls, disposal protocols and encryption and are subject to penalties for noncompliance.
Maiden name change is a privilege available to every adult in the US. It can be done at any age and for any reason as long as you are not escaping the law or intending to commit a crime. Here are straightforward answers to common questions asked about the process.
For more information visit www.hitchswitch.com
Three Key Documents for Patient Information auraebeidler
This document discusses three key documents related to patient privacy under HIPAA: the Notice of Privacy Practices (NPP), Authorization, and Consent. The NPP explains how a provider will use and protect a patient's health information and their privacy rights. An Authorization is required to release health information outside of treatment, payment, and operations and must contain specific elements. A Consent allows treatment but does not authorize releasing records. Providers must ensure proper privacy practices using these forms to protect patient information.
This document discusses patient confidentiality and HIPAA compliance. It defines patient confidentiality as a patient's right to have personal medical information kept private. A breach of confidentiality is the disclosure of private medical information to a third party without patient consent. Anyone with access to a patient's medical records could potentially breach confidentiality. HIPAA establishes protections for personal health information and penalties for violations ranging from $100 to $1.5 million depending on the type of violation. Maintaining patient confidentiality and complying with HIPAA guidelines is important to protect both patients and healthcare providers.
There were statutory amendments that HITECH required that were never made, and there was a interim final proposed rule that implements the HITECH Act breach notification requirements. These rules are now amended by the Omnibus rule, because they were confusing and garnered public comment that convinced HHS to make changes.
HIPAA & OIG Compliance for Medical Billing Company OwnersKareo
The success of your business relies on timely billing and accurate coding. Whether you’re managing the billing for one provider or 50, it’s a complex job that must meet a variety of regulations, making it easy for medical billing companies to be the target of false claims and fraudulent crimes. As healthcare fraud continues to be a growing issue in the industry, medical billers are increasingly being held liable for their role in the submission of fraudulent claims.
Executive Director of American Medical Billing Association, Cyndee Weston, CMRS, CMCS, CPC, will provide an in-depth analysis of what can be considered fraud when submitting medical claims, how the government is enforcing guidelines, and what you can do to help protect your business as well as your practices.
This presentation reviews: what information must be protected, what policies and procedures need to be in place, what disclosures have to be given to employees, what agreements have to be in place for business associates, and what breach procedures have to be followed.
More Related Content
Similar to Processing HIPAA Privacy Forms 2014-Sample
The document provides training on the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy Rule. It discusses what protected health information (PHI) is and the rules around using and disclosing PHI. Key points include:
- PHI is individually identifiable health information that is protected by HIPAA.
- PHI can generally be used or disclosed for treatment, payment, and healthcare operations without patient authorization. Other uses require authorization or fall under other exceptions.
- The Privacy Rule establishes patient rights regarding access to and restrictions on use of their PHI, and requires covered entities to implement privacy protections and provide privacy training to staff. Non-compliance can result in civil and criminal penalties.
This document summarizes a training on HIPAA privacy rules for the Philadelphia Center. It discusses revising the client complaint form to meet HIPAA standards by rewording it and including an actual form. It also explains that the Philadelphia Center must provide each client with a Notice of Privacy Practices describing how their health information may be used or disclosed, clients' rights regarding their information, and how to file complaints. Finally, it states that the employee handbook does not mention HIPAA rules or breach notification procedures, and employees cannot be held responsible if not trained on these practices.
This document provides an overview of HIPAA privacy policies and procedures for employees of the Louisiana Department of Health and Hospitals. It defines key HIPAA terms like protected health information and explains rules around obtaining permission to disclose PHI, minimum necessary standards, and verification requirements. Employees are informed that failure to comply with HIPAA is against federal law and can result in penalties, and they are instructed to report any potential violations to their supervisor. The goal is to educate staff on maintaining privacy of patient health information.
NYPC Notice of Privacy Practices (HIPPA)nypaincare
This document outlines the privacy practices of a medical office regarding protected health information (PHI). It states that the office is required by law to maintain privacy of PHI and provide notice of its privacy policies. It describes how PHI may be used for treatment, payment, and healthcare operations. It also discusses how individuals can file complaints about potential privacy violations and exercise their rights regarding PHI, including requesting restrictions on uses/disclosures, confidential communications, and access to/amendments of their records.
This training module covers HIPAA privacy and security rules for protecting protected health information (PHI). It addresses recognizing situations where PHI could be mishandled, practical ways to protect privacy and security of sensitive information, and that employees will be held responsible for improperly handling PHI. The module covers forms of PHI, examples of PHI, HIPAA privacy and security rules, covered entities' duty to protect PHI, and consequences for violations.
Breaking Down the Latest HIPAA Modifications: What's New in 2024 and BeyondConference Panel
The document summarizes key points from a presentation on anticipated changes to HIPAA privacy and security regulations for 2024 and beyond. It discusses proposed 2023 rule changes enhancing protections for reproductive health information. These changes are being extended into 2024 through ongoing rulemaking. The presentation covers differences between privacy and security, employee training requirements, best practices for cybersecurity and incident response, and conclusions on avoiding liability when new regulations take effect.
This document provides an overview of HIPAA privacy rules regarding access to medical records. It defines key terms like covered entity, business associate, and protected health information. It explains that patients have rights under HIPAA to access, inspect, and obtain copies of their medical records, as well as request amendments. There are additional rules for mental health and psychotherapy notes. Covered entities may charge reasonable fees for copying and mailing records.
The document summarizes key rights and requirements under the HIPAA Privacy Rule. It discusses individuals' rights to access, amend, and receive an accounting of disclosures of their protected health information. It also covers requirements regarding breach notification, research involving PHI, preemption of state laws, and administrative, civil and criminal penalties for non-compliance.
The document summarizes key rights that individuals have under HIPAA regarding their protected health information (PHI), including the right to access, amend, receive an accounting of disclosures of, and request confidential communications or restrictions on their PHI. It describes requirements for covered entities to comply with these rights, such as responding to requests within 30 days. The document also discusses HIPAA requirements around breach notification and penalties for noncompliance.
The document summarizes key rights and protections provided to individuals under the HIPAA Privacy Rule, including the right to access, amend, and receive an accounting of disclosures of their protected health information (PHI). It discusses individual rights to request confidential communications, restrictions on use and disclosure of PHI, and to file complaints regarding privacy violations. The document also covers HIPAA requirements around breach notification and applies of the rule to research. It notes that HIPAA sets a federal privacy floor and state laws with greater protections supersede it.
HIPAA establishes standards to protect sensitive patient health information. It covers identifiable health information held by covered entities, including demographic information, medical records, insurance forms, and billing information. HIPAA applies to both electronic and paper records. It gives patients rights over their protected health information and sets security standards for covered entities to safely store, use and transmit patient data. Covered entities must implement safeguards like access controls, disposal protocols and encryption and are subject to penalties for noncompliance.
Maiden name change is a privilege available to every adult in the US. It can be done at any age and for any reason as long as you are not escaping the law or intending to commit a crime. Here are straightforward answers to common questions asked about the process.
For more information visit www.hitchswitch.com
Three Key Documents for Patient Information auraebeidler
This document discusses three key documents related to patient privacy under HIPAA: the Notice of Privacy Practices (NPP), Authorization, and Consent. The NPP explains how a provider will use and protect a patient's health information and their privacy rights. An Authorization is required to release health information outside of treatment, payment, and operations and must contain specific elements. A Consent allows treatment but does not authorize releasing records. Providers must ensure proper privacy practices using these forms to protect patient information.
This document discusses patient confidentiality and HIPAA compliance. It defines patient confidentiality as a patient's right to have personal medical information kept private. A breach of confidentiality is the disclosure of private medical information to a third party without patient consent. Anyone with access to a patient's medical records could potentially breach confidentiality. HIPAA establishes protections for personal health information and penalties for violations ranging from $100 to $1.5 million depending on the type of violation. Maintaining patient confidentiality and complying with HIPAA guidelines is important to protect both patients and healthcare providers.
There were statutory amendments that HITECH required that were never made, and there was a interim final proposed rule that implements the HITECH Act breach notification requirements. These rules are now amended by the Omnibus rule, because they were confusing and garnered public comment that convinced HHS to make changes.
HIPAA & OIG Compliance for Medical Billing Company OwnersKareo
The success of your business relies on timely billing and accurate coding. Whether you’re managing the billing for one provider or 50, it’s a complex job that must meet a variety of regulations, making it easy for medical billing companies to be the target of false claims and fraudulent crimes. As healthcare fraud continues to be a growing issue in the industry, medical billers are increasingly being held liable for their role in the submission of fraudulent claims.
Executive Director of American Medical Billing Association, Cyndee Weston, CMRS, CMCS, CPC, will provide an in-depth analysis of what can be considered fraud when submitting medical claims, how the government is enforcing guidelines, and what you can do to help protect your business as well as your practices.
This presentation reviews: what information must be protected, what policies and procedures need to be in place, what disclosures have to be given to employees, what agreements have to be in place for business associates, and what breach procedures have to be followed.
Similar to Processing HIPAA Privacy Forms 2014-Sample (20)
2. 2
HIPAA Overview
This training course is designed to equip you with the necessary tools to properly process HIPAA
Privacy Requests. During the two day training period we will:
• Familiarize you with HIPAA, the HIPAA Privacy Rule and various HIPAA Forms
• The effects HIPAA has on Horizon BCBSNJ
• Referring HIPAA Privacy Complaints
• Detailed review of the HIPAA Personal Representative Form
• Understand the different types of Personal Representative
Requests/Representation
• Determine when a form is Valid or Invalid
• Processing Valid and Invalid requests in UCSW
• Processing Valid requests in NMS 2.10 & 2.23 and Nasco
• Processing a verbal Personal Representative Request
• Review various scenarios
• Answer Questions
• Provide a HIPAA Contact List
3. 3
What is HIPAA?
The Health Insurance Portability and Accountability Act
(HIPAA) was enacted by the U.S. Congress in 1996.
The Administrative Simplification provisions of the Health
Insurance Portability and Accountability Act of 1996 (HIPAA,
Title II) required the Department of Health and Human
Services (HHS) to establish national standards for electronic
health care transactions and national identifiers for
providers, health plans, and employers. It also addressed
the security and privacy of health data. As the industry
adopts these standards for the efficiency and effectiveness
of the nation's health care system will improve the use of
electronic data interchange.
4. 4
What is the HIPAA Privacy Rule?
The HIPAA Privacy Rule
establishes national standards to
protect individuals’ medical
records and other personal health
information and applies to health
plans, health care
clearinghouses, and those health
care providers that conduct
certain health care transactions
electronically.
5. 5
What is the HIPAA Privacy Rule?
• The Rule requires appropriate safeguards to protect the
privacy of personal health information, and sets limits and
conditions on the uses and disclosures that may be made of
such information without patient authorization.
• The Rule also gives patients rights over their health
information, including rights to examine and obtain a copy of
their health records, and to request corrections.
6. 6
How does this effect Horizon?
Horizon must treat a personal representative
as the member. That includes a person who
under applicable state law has authority to
make health-related decisions on behalf of
an adult or an emancipated minor. In
addition, the Rules allow disclosures of
private information (PI) to persons who are
involved in the care or payment for the care
of a member.
8. 8
HIPAA Privacy Forms
• Authorization for Disclosure of Protected Health Information
• Request to Access Private Information
• Request for Confidential Communications
• Request for Termination of Confidential Communications
• Request for Personal Representative
• Request to Represent a Deceased Member
• Request to Terminate Personal Representative
• Other HIPAA Forms (Amendment to PI, Accounting of
Disclosures)**
**Refer to New OLI2 for all forms relating to privacy matters**
9. 9
Authorization for Disclosure of PHI *
• The member requests that Horizon
disclose specific PI to someone
other than the member (third-party);
• Someone else (third-party) requests
that Horizon disclose the member’s
PI; or
• Horizon obtains a member’s
permission to disclose his/her PI (in
those circumstances that require an
authorization).
*PHI Protected Health Information
10. 10
Access to Private Information Form
• A member can request
access to his/her PI and
obtain a copy.
• A HIPAA access request is
a member’s right under the
Privacy Rules. It is treated
differently than a “routine”
request for information,
such as a request for a
duplicate copy of an EOB
or SOP.
11. 11
Request for Confidential Communications
• Horizon must approve a member’s
reasonable request to receive PI at
an alternate location, or by
alternative means, IF he/she states
that the disclosure to the normal
location could endanger him/her.
• While Horizon will trigger processing
based on an oral Confidential
Communications request, the
member must complete a written
form as a follow up to his/her oral
request.
• Set up an Alert in UCSW with a
password — this is the only
circumstance where you should set
up passwords.
12. 12
Request for Personal Representative Form
This form is used by our members to
appoint a personal representative.
If a member/individual contacts Member
Services and verbally request the
appointment of a personal
representative, the CSR (Customer
Service Representative) will inform the
member/individual that such a request
must be submitted to Horizon in writing
using the Request for Personal
Representative Form.
If the member states that the request is
urgent, the CSR should also inform the
member that the forms can be accessed
from the Member Portal, and faxed back
to the CSR to be processed.
13. 13
Request to Represent a Deceased Member
• Allows a person to represent a
deceased Horizon member.
• The person needs to attach legal
documentation to prove his/her
authority to represent the member’s
estate. (e.g. Order of Probate, valid
will, appointment as administrator;
not Power of Attorney).
• If the person was already designated
as the member’s Personal
Representative prior to the
member’s death, no new form is
needed. (However, his/her
representation must be changed if
someone with a greater legal right to
represent the deceased notifies us
and requests to represent the
deceased member.)
14. 14
Request to Terminate Personal Representative
• Allows the member to terminate
his/her designated or automatic
personal representative. (e.g.
spouse-to-spouse, parent-to-child)
• By terminating the Personal
Representative, Horizon agrees not
to disclose PI to that person. Thus,
the verification procedure is critical,
since that’s the way we will know not
to disclose PI to that person!
15. 15
Referrals to HIPAA Privacy Team and Privacy Office
All HIPAA Forms received, should be referred as follows:
• Department: HBC Appeals/ HIPAA/ Exec & Reg Complaints
• Team (Choose one of the following): CCU HIPAA Privacy Team Nasco
Escalations should be e-mailed to the following mailbox:
• HIPAA Appeals Unit
***Note: Only Privacy Complaints should be referred to HBC Privacy Team.
Detailed information on how to properly handle a privacy complaint can
be found on New OLI under HIPAA/Privacy/Privacy Procedures/ Receiving
and Handling Privacy Complaints and Violations – HIPAA ***
• Department: HBC Privacy Office
• Team: Privacy Office
• Assigned To: Privacy Office
16. 16
Request for Personal Representative Form
Under the Privacy Rules, Horizon must treat
a personal representative as the member.
That includes a person who under
applicable state law has authority to make
health-related decisions on behalf of an
adult or an emancipated minor. In addition,
the Rules allow disclosures of private
information (PI) to persons who are
involved in the care or payment for the care
of a member. Horizon also treats them as
personal representatives.
Generally, Horizon requires a member to
designate a personal representative in
writing, although it is Horizon’s policy to
treat a spouse or parent on the coverage as
a personal representative without any such
designation.
17. 17
Types of Requests for Personal Representation
• Request for Personal Representative Form
• Request to Represent a Deceased Member
Form
• Request to Terminate Personal
Representative Form
**Refer to New OLI to access current HIPAA Forms**
18. 18
Types Of Representation
• Limited Authority - The member appoints a person who can contact
Horizon and receive the member’s PI.
• Full Authority - The member appoints a person who will receive the
member’s correspondence, EOBs and checks. This requires setup of
an alternate address for the member.
NOTE: Reimbursement checks will, per our contracts, still be made payable in the
name of the subscriber, absent special circumstances.
20. 20
Case Study #1
Mrs. Jones calls and states “I no longer want my husband,
who I am divorcing, to be my Personal Representative.
What is the correct form to send the member?
Answer: A Request to Terminate a Personal
Representative Form
21. 21
Case Study #2
Mr. Lin calls and states he is from an attorney's office and
is seeking records related to a motor vehicle accident
involving our member.
What form should be sent to Mr.Lin?
Answer: An Authorization for Disclosure of Protected
Health Information Form
22. 22
Case Study #3
Ms. McPhee complains that her appeal was denied by Horizon
and that she wants a copy of her records.
What form should be sent to the member?
Answer: A Request to Access to Private Information
Form
23. 23
Case Study #4A
The caller states his grandmother, Mrs. Smith, (for whom he is
the Personal Representative with limited authority) has passed
away and he needs to take care of her affairs, including her
insurance claims with Horizon.
What is the correct form to send caller?
Answer: No form is needed because the caller was the
member’s Personal Representative prior to her death.
24. 24
Case Study #4B
A second caller states she has never called before and she
has been appointed as the Executrix for the same Mrs.
Smith.
What is the correct form to send to caller?
Answer: Yes, but with limited authority.
Answer: Request to Represent a Deceased
Member Form.
Can first caller still represent Mrs. Smith?
25. 25
Case Study #5
Ms. Greer is calling on behalf of her mother. While being
verified, she says that she is the daughter and her mother is
in a nursing home. Her mother wants her to receive all of her
correspondence.
What is the correct form to send to Ms. Greer?
Answer: A Request for Personal Representative Form
26. 26
Case Study #6
Mrs. Williamson states that she is in danger if her husband
discovers that she is going to have an abortion. She does
not want her husband to find out.
What is the correct form to send to Mrs. Williamson?
Answer: A Request for Confidential Communications
Form.
To what address should the form be sent?
Answer: To Mrs. Williamson’s alternate address.
27. Case Study #7
Mary is the mother of Joseph who is a minor child who has his
own single policy. By court order she is the residential
custodial parent. She would like all correspondence sent to her
address although Paul, the father premium payments. What
form does she need to complete?
Answer: A Request for Personal Representative Form
Mary must complete the Request for Personal Representative
Form and appoint herself with full authority so correspondence
can be redirected to her address and supply all legal
documentation.
27
28. Case Study #8
Susan is the parent of a minor child who has a single policy in
which she pays the premium. She would like all
correspondence sent to her address. What form does she
need to complete?
Answer: No form is required due to the Minor Child Verification
Workflow that has been implemented and can be found on
OLI2. As long as the mother can verify the identity of the child
and advises she is the parent/guardian, the child’s PI can be
disclosed to the mother.
http://oli2.bcbsnj.com/Subsystems/HIPAA/Content/Privacy/Privacy_Procedures_HIPAA/
28
29. Case Study # 9
A member calls to advise that received an EOB that does not
belong to them. You document the inappropriate disclosure in
UCSW. Where do you assign this service request?
Answer: Department: HBC Privacy Office
Team: Privacy Office
Assigned To: Privacy Office
The HIPAA Team works closely with the Privacy Office with
investigating privacy complaints and inappropriate disclosures,
however, the function of the HIPAA Team is to process HIPAA
Forms only. All Privacy Complaints should be forwarded to the
Privacy Office for tracking/documenting purposes.
29
30. Case Study # 10
You received a call from an irate member who is seeking to
have their personal representative form escalated. You have
located the service request in UCSW. Who do you contact to
escalate the request?
Answer: All HIPAA Escalations should be e-mailed to the
HIPAA Appeals Unit (HIPAAAppealsUnit@horizonblue.com)
This is a dedicated mailbox which is monitored daily by a
member of the HIPAA Appeals team.
30