Policy Statement

The Phoenix Residence, Inc.’s health and welfare plan, a “covered entity” for purposes of the Health Insurance Portability and Accountability Act of 1996, HIPAA, has developed this HIPAA Privacy Policy in order to comply with the requirements under the HIPAA privacy regulations and guidelines. The Health Plan is a fully-insured health plan sponsored by The Phoenix Residence, Inc. The Health Plan intends to maintain a “hands-off” approach to medical information associated with or generated by the Health Plan. The Health Plan shall conduct its business in accordance with this HIPAA Privacy Policy.

Policy Interpretation and Implementation

PHI:

1. Neither the Health Plan nor the Plan Sponsor (or any member of the Plan Sponsor’s workforce) shall create or receive protected health information, PHI, other than specifically described below.


2. The Health Plan does not create, maintain or receive PHI except for:
   1. Enrollment/disenrollment information;
   2. Summary health information; and
   3. Periodic review of status.


3. Summary health information may be used by the Plan Sponsor for two limited purposes:
   1. Obtaining premium bids for providing health insurance coverage under the Health Plan;
   2. Modifying, amending or terminating the Health Plan.


4. Summary health information is information that summarizes the claims history, expenses, or types of claims by individuals for whom the Plan Sponsor has provided health benefits under the Health Plan.

Summary Health Information:

5. The insurance company for the Health Plan is a covered entity under the HIPAA in its own right. As such, it provides a Notice of Privacy Practices, NPP, and will satisfy the other requirements under HIPAA related to the PHI of individuals of the potential disclosure of summary health information and enrollment/disenrollment information to the Health Plan and the Plan Sponsor.

Restrictions on Intimidating or Retaliatory Acts:

6. The Health Plan shall refrain from intimidating, threatening, coercing, discriminating against, or taking other retaliatory action against individuals for:
   1. Exercising their HIPAA privacy rights;
   2. Filing a complaint;
   3. Participating in an investigation; or
   4. Opposing any improper practice under HIPAA.


7. If such an action should occur by one of the Plan Sponsor’s employees, the action shall not be attributed to the Health Plan unless the employee was acting in a capacity on behalf of the Health Plan as a covered entity.

No Waiver Required:

8. The Health Plan shall not require an individual to waive his or her privacy rights under HIPAA as a condition of treatment, payment, enrollment or eligibility. Is such an action should occur by one of the Plan Sponsor’s employees, the action shall not be attributed to the Health Plan unless the employee was acting in a capacity on behalf of the Health Plan as a covered entity.

Periodic Review:

9. Periodically, the Health Plan will review its operating practices to ensure they are in compliance with this HIPAA Privacy Policy.

Violations:

10. Violations of the policy will be subject to discipline.

November 2003