Providence Health Plan’s practice is to keep our members' protected health information (PHI) confidential from their employers or their employers' agents when possible. However, there are circumstances that may require Providence Health Plan to release PHI to your employer or their agent if you receive your health insurance through your employer. Although these circumstances are rare, Providence Health Plan considers it important that you are educated about these rare circumstances. Please take the time to educate yourself by reviewing this document.
The Health Insurance Portability and Accountability Act (HIPAA) allows employers and their agents to request PHI for the purposes of obtaining health care coverage bids, as well as for modifying, amending or terminating their existing health plan. Currently, Providence Health Plan works with employers and their agents to provide this information in a way that does not release your identity. However, a situation may arise that requires and allows the release of PHI for these purposes.
HIPAA also allows an employer or their agent, acting as a Plan Sponsor, to have access to their employee’s PHI if they certify to Providence Health Plan that they are in compliance with HIPAA. For your employer or their agent to be in compliance with HIPAA as a Plan Sponsor, they must incorporate certain provisions into their plan documents. Your employer’s plan documents must:
- Establish the permitted and required uses and disclosures of PHI. These permitted uses and disclosures must not conflict with use and disclosure limits set by plan documents, the law, or with any of the following requirements.
- State that PHI sent from us to your employer or their representative will not be used or disclosed for the purposes of employment related actions.
- State that PHI sent from us to your employer or their representative will not be used or disclosed for actions related to benefits or any other benefit plan.
- Establish that any agent or entity with access to PHI that we have shared with your employer agrees to these requirements.
- State that your employer will make the PHI it receives available for you to review, and, should you request an amendment, follow HIPAA requirements regarding that amendment.
- Ensure and establish adequate separation between Plan Sponsor employees with access to PHI and Providence Health Plan. HIPAA requires that your employer or their agent describe in plan documents what employees or classes of employees require access to PHI for plan administration purposes. Your employer must have an effective mechanism for resolving any noncompliance by these employees.
- State that methods to track any disclosures are in practice and that they will make a report of this available to you per HIPAA requirements. If Providence Health Plan is required to share PHI with a Plan Sponsor, we require the Plan Sponsor to provide us with an accounting of disclosures that we can provide to you, should you request an accounting from us.
- Allow the U.S. Department of Health & Human Services and the Office for Civil Rights to audit the Plan Sponsor to ensure that Providence Health Plan has been compliant with HIPAA when sharing PHI with the Plan Sponsor.
- State that they will report to Providence Health Plan any use or disclosure of PHI that does not comply with these provisions. Providence Health Plan will investigate the reported situation to determine what steps are needed to protect your PHI and whether PHI should be shared with the Plan Sponsor in the future.
- State that, if feasible, your employer or their agents will return or destroy all PHI we release to them, or, if not feasible, to protect the PHI once it is no longer needed.
Although Providence Health Plan avoids sharing PHI with employers when possible, the landscape of health care continues to change. Providence Health Plan is committed to working with your employer to meet their needs while complying with the law and maintaining our commitment to your privacy. To educate yourself about Providence Health Plan’s PHI uses, disclosures, and requirements as well as about your privacy rights, please review Providence Health Plan’s notice of privacy practices.