Privacy and Security Notice
PRIVACY AND SECURITY NOTICE |
WHAT IS HIPAA? |
WHAT IS PHI? |
PROTECTED HEALTH INFORMATION |
PRIVACY AND SECURITY LAW REQUIREMENTS |
YOUR HEALTH INFORMATION RIGHTS |
FOR MORE INFORMATION AND TO REPORT A PROBLEM
The Health Insurance Portability and Accountability Act of 1996 (HIPAA)
requires that covered entities, including state agencies that deal with
Protected Health Information (PHI), provide you with this notice. This
notice pertains to those programs specifically administered by the State Personel Administration (SPA) in which SPA may maintain various types of PHI about
you. SPA understands that information about you and your family is very
personal. As such, SPA is committed to protecting and securing your
information.
This notice tells you how SPA uses and discloses information about you
and discusses your rights in keeping this information private and secure.
Please review this notice carefully.
WHAT IS HIPAA?
HIPAA, Health Insurance Portability and Accountability
Act of 1996, is a federal law regarding the confidentiality
and security of your Protected Health Information
(PHI). It imposes new restrictions on how your health
information can be used and shared and creates new
rights for individuals concerning their own health
information.
WHAT IS PHI?
PHI, Protected Health Information, is individually
identifiable health information that is maintained
or transmitted by a covered entity. It is information
related to a person's health, provision of care, or
payment. Some examples may include: bill for health
services; explanation of benefits statement; receipts
for reimbursement from a health flexible spending
account plan; any list showing amount of benefits
paid with a breakdown by social security number. Another
example may include your employer (state agency, school
system, authority, etc.) transmitting information
about you to the SPA. This information may include
your name, address, birth date, phone number, social
security number, and employee identification number
and certain types of health information
HOW SPA USES AND DISCLOSES PROTECTED
HEALTH INFORMATION
When services are contracted, SPA may disclose some
or all of your information to the company so they
can perform the job SPA has contracted with them to
do. To protect your information, the SPA requires
the company to safeguard your information in accordance
with the law.
PRIVACY AND SECURITY LAW REQUIREMENTS
SPA is required by law to:
- Maintain the privacy of your information.
- Protect electronic PHI by implementing reasonable and
appropriate physical administrative and technical safeguards.
- Provide this notice of SPA's legal duties and privacy
and security practices regarding the information that SPA has about you.
- Abide by the terms of this notice.
- Refrain from using or disclosing any information about you without
your written permission, except for the reasons given in this notice.
You may revoke your permission at any time, in writing. That
revocation will not apply to information that SPA disclosed prior to
receiving your written request. If you are unable to give your
permission due to an emergency, SPA may release information, if it
is in your best interest. SPA must notify you as soon as possible
after releasing the information.
YOUR HEALTH INFORMATION RIGHTS
You have the following rights regarding the health
information maintained by the SPA about you.
- You have the right to see and obtain a copy of your
health information. This right would not extend to information needed for a
legal action relating to SPA.
- You have the right to ask SPA to change health
information that is incorrect or incomplete. SPA may deny your request under
certain circumstances or request additional documentation.
- You have the right to request a list of the
disclosures that SPA has made of your health information.
- You have the right to request a restriction on
certain uses or disclosures of your health information. SPA is not required to
agree with your request.
- You have the right to request that SPA communicates
with you about your health in a way or at a location that will help you keep
your information confidential.
- You may request another copy of this notice from SPA, or you may
obtain a copy from the SPA web site, www.spa.ga.gov
(under "HIPPA/Privacy").
FOR MORE INFORMATION AND TO REPORT A PROBLEM
If you have questions and would like additional information
about Protected Health Information (PHI) you may contact
SPA's Privacy Officer at 404-656-2730 (Atlanta calling
area) or 888-968-0490 (outside of Atlanta calling
area). You may also visit SPA's Web site, www.spa.ga.gov
(Under "HIPPA/Privacy" FAQ).
The SPA does not discriminate on the basis of disability
in the admission or access to, or treatment of employment
in its programs or activities. If you have a disability
and need additional accommodations to participate
in any State Administration Personnel programs, please contact SPA's
Customer Service Division. For TDD relay service only:
1-800-255-0056 (text-telephone) or 1-800-255-0135
(voice).
If you believe your privacy rights have been violated:
- You may file a complaint by calling the SPA Privacy
Unit at 404-656-2730 (Atlanta calling area) or 888-968-0490
(outside of Atlanta calling area), or by writing
to:
State Personel Administration
Attn: Privacy Officer
2 MLK Jr. Drive, SE
Suite 502, West Tower
Atlanta, GA 30334
- You can file a complaint with the Secretary of
Health and Human Services by writing to:
Secretary of Health and Human Services
200 Independence Ave. SW
Washington, DC 20201
For
additional information, call 877-696-6775.
- You may file a grievance with the United States Office for Civil
Rights by calling 1-866-OCR-PRIV (1-866-627-7748) or 1-886-788-4989
TTY.
There will be no retaliation for filing a complaint or grievance.
If the SPA changes its privacy practices significantly,
SPA will post the new notice on its Web site at www.spa.ga.gov
(Under "Privacy").
^ back to top ^
|
