PLAN AMENDMENT NUMBER 15A
TO THE
SOUTHERN CALIFORNIA IBEW-NECA
HEALTH PLAN
Pursuant to their authority the Trustees hereby amend the Active and Retiree Plans. In order to timely comply with applicable regulations the following, "Use and Disclosure of Protected Health Information" is added at page 4 of the Active Plan and Page 8 of the Retiree Plan. This Amendment shall be effective April 14, 2003.
"Use and Disclosure of Protected Health Information.
- Use and disclosure of Protected Health Information (PHI): The Plan will use protected health information to the extent and in accordance with the uses and disclosures permitted by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Specifically, the Plan will use and disclose protected health information for purposes related to health care diagnosis and treatment, payment for health care, and health care operations.
"Payment" includes activities undertaken by the Plan to obtain premiums or determine or fulfill its responsibility for coverage and provisions of Plan benefits that relate to an individual to whom health care is provided. These activities include, but are not limited to, the following:
- Determination of eligibility, coverage, and cost sharing amounts (e.g. cost of a benefit, Plan maximums, and copayments as determined for an individual's claim).
- Coordination of benefits,
- Adjudication of health benefit claims (including appeals and other payment disputes),
- Subrogation of health benefit claims,
- Establishing employee or employer contributions,
- Risk adjusting amounts due based on enrollee health status and demographic characteristics,
- Billing, collection activities and related health care data processing.
- Claims management and related health care data processing, including auditing payments, investigating and resolving payment disputes and responding to participant inquiries about payments,
- Obtaining payment under a contract for reinsurance (including stop-loss and excess of loss insurance),
- Medical necessity reviews, or reviews of appropriateness of care or justification of charges,
- Utilization review, including precertification, preauthorization, concurrent review and retrospective review,
- Disclosure to consumer reporting agencies related to collection of premiums or reimbursement (the following PHI may be disclosed for payment purposes; name and address, date of birth, SSN, payment history, account number, and name and address of the provider and/or health Plan), and
- Reimbursement to the Plan.
Health Care Operations to include, but are not limited to, the following activities:
- Quality Assessment,
- Population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, disease management, contacting of health care providers and patients with information about treatment alternatives and related functions,
- Rating provider and Plan performance, including accreditation, certification, licensing, or credentialing activities,
- Underwriting, premium rating, and other activities relating to the creation, renewal or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care (including stop-loss insurance and excess of loss insurance),
- Conducting or arranging for medical review, legal services and auditing functions, including fraud and abuse detection and compliance programs,
- Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the entity, including formulary development and administration, development or improvement of methods of payment or coverage policies,
- Business management and general administrative activities of the entity, including, but not limited to:
- Management activities relating to implementation of and compliance with the requirements of HIPAA Administrative Simplification,
- Customer service, including the provision of data analyses for policyholders, Plan sponsors, or other customers.
- Resolution of internal grievances, and
- Due diligence in connection with the sale or transfer of assets to a potential successor in interest, if the potential successor in interest is a covered entity or, following completion of the sale or transfer, will become a covered entity.
- Compliance with and preparation of all documents as required by the Employee Retirement Income Security Act of 1974 (ERISA), including Form 5500's, SAR's, and other documents.
- The Plan will use and disclose PHI as required by law and as permitted by authorization of the participant or beneficiary. With an authorization, the Plan will disclose PHI to related pension plans, disability programs and Workers' Compensation insurers for purposes related to administration of these plans.
- For purposes of this section the Board of Trustees is the Plan Sponsor. The Plan will disclose PHI to the Plan Sponsor only upon receipt of a certification from the Plan Sponsor that this amendment has been duly adopted by the Board.
With respect to PHI, the Plan Sponsor agrees to:
- Not use or further disclose the information other than as permitted or required by the Plan Document or as required by law,
- Ensure that any agents, including a subcontractor, to whom the Plan Sponsor provides PHI received from the Plan agree to the same restrictions and conditions that apply to the Plan Sponsor with respect to such information,
- Not use or disclose the information for employment-related actions and decisions unless authorized by the individual,
- Not use or disclose the information in connection with any other benefit or employee benefit Plan of the Plan Sponsor unless authorized by the individual,
- Report to the Plan any use or disclosure of the information that is inconsistent with the uses or disclosures provided for of which it becomes aware,
- Make PHI available to the individual in accordance with the access requirement of HIPAA,
- Make PHI available for amendment and incorporate any amendments to PHI in accordance with HIPAA,
- Make available the information required to provide an accounting of disclosures,
- Make internal practices, books, and records relating to the use and disclosure of PHI received from the group health Plan available to the Secretary of HHS for the purposes of determining compliance by the Plan with HIPAA, and
- If feasible, return or destroy all PHI received from the Plan that the sponsor still maintains in any form and retain no copies of such information when no longer needed for the purpose for which disclosure was made. If return or destruction is not feasible, limit further uses and disclosures to those purposes that make the return or destruction infeasible.
- Adequate separation between the Plan and the Plan Sponsor must be maintained. Therefore, in accordance with HIPAA, only the following entities, individuals or classes of employees may be given access to PHI:
- Any entity providing administrative services to the Plan.
- Staff designated by the entities providing administrative services to the Plan.
- The Plan's Trustees providers, insurers consultant, attorney, and or auditor but only to the extent necessary for those entities or individuals to provide necessary services to the Plan.
- The persons described in section D may only have access to and use and disclose PHI for Plan administration functions that the Plan Sponsor performs for the Plan.
- If the persons described in section D do not comply with this Plan Document, the Plan Sponsor shall provide a mechanism for resolving issues of noncompliance, including disciplinary sanctions.
- For purposes of complying with HIPAA privacy rules, this Plan is a "Hybrid Entity" because it has both health plan and non-health plan functions. The Plan designates that its health care components that are covered by the privacy rules include only health benefits and not other plan functions or benefits."
BY: Signature on File
Chairman
BY: Signature on File Secretary
|