HIPAA FAQ - Participants

What does HIPAA privacy protect?

The HIPAA Privacy Regulation creates national standards to protect an individual's personal health information and gives patients and insureds increased access to their medical information. 

It has always been Guardian's goal to ensure the protection and integrity of our members' personal and health information. We will comply with the privacy requirements of the HIPAA as well as other laws aimed at safeguarding privacy. We also have our own privacy policies and procedures in place. These are designed to protect customer privacy. We will continue to make this a priority.

What is PHI?

Protected health information (PHI) is health information that is created or received by a covered entity and relates to the past, present or future medical or mental condition of an individual and the provision or payment of that health condition. In order to be PHI, the information must identify the individual or provide a reasonable basis for identifying the individual. Information acquired or maintained in connection with Life and Disability Income coverage is not considered PHI.

What is covered Entity?

Covered entities that must comply with the HIPAA Privacy Rule are health plans, health care clearinghouses and those health care providers that submit or maintain certain health information in electronic format. 

What is a Business Associate?

Under the HIPAA Privacy Rules, a business associate is a person or organization that performs certain functions or activities on behalf of the covered entity, but is not part of the covered entity's workforce. If Guardian administers health claims for a self-funded plan or a health Flexible Spending Account (FSA), the employer is the covered entity and Guardian is its business associate. 

What is the definition of a Health Plan?

The definition of a health plan under the regulation includes health insurers that provide treatment for medical, dental, vision and/or prescription drug services or reimbursement for these health benefits. Group Health Plans include employer sponsored plans.

What coverages are affected?

The HIPAA Privacy Rule affects health information provided under a Medical, Dental, Vision and/or Prescription Drug plan.

How will HIPAA affect Guardian's insureds?

As a covered entity, Guardian will be fully compliant with all aspects of the HIPAA Privacy Regulation. An important part of our compliance initiative includes fulfilling our obligations to enable our members to exercise certain rights assured them under the Privacy Rule. These rights include:

  • The right to have access to designated records that contain protected health information (PHI).
  • The right to request restrictions on the use and disclosure of PHI. 
  • The right to appoint personal representatives.
  • The right to receive confidential communications at an alternate address or location.
  • The right to request an accounting of disclosures of PHI.
  • The right to request an amendment of PHI.
  • The right to file a complaint. 
  • The right to receive a Privacy Notice.

 

While we will administer these rights for individuals we insure, as a general rule, we will look to our self-funded group health plans (ASO & SPAG) to administer these rights for their insureds. 

How can someone get a copy of Guardian's privacy notice?

We are asking fully insured planholders to hand out the Guardian Notice of Privacy at the time a new hire enrolls in a health plan. They can make copies of the Notice if they have one in their office or order a supply by calling the Customer Response Unit that services your plan. Also, an electronic version is located on this website. To view it, please click here.

Is the Notice of Privacy available in Spanish?

Yes. An electronic version is located on this website. To view it, please click here, or you can request a paper copy by contacting us using the Customer Service/Requesting Customer Service page of this website.

How does the individual file a complaint?

Self-insured plans are required to create their own Notice of Privacy Practices. If you are insured under a self-insured plan, please contact your employer. 

An individual will not be penalized for filing a complaint. A person who believes a covered entity is not complying with a requirement of the Privacy Rule may file with Office of Civil Rights a written complaint, either on paper or electronically. This complaint must be filed within 180 days of when the complainant knew or should have known that the act had occurred. 

Office for Civil Rights 
U.S. Department of Health and Human Services 
Jacob Javits Federal Building 
26 Federal Plaza, Suite 3312 
New York, New York 10278 
Telephone: 212-264-3313 
Fax: 212-264-3039 
www.hhs.gov

In addition, individuals have a right to file a complaint directly with the Guardian at the address below or by contacting us using the Customer Service/Requesting Customer Service page of this website: 

Attention: Guardian Corporate Privacy Officer National Operations  The Guardian Life Insurance Company of America 
Group Quality Assurance - WRO 
P.O. Box 2457 
Spokane, WA 99210-2457

What if a person wants a copy of their PHI?

The request to inspect and copy protected health information should be submitted in writing. The letter should include:
- Specifics of the requested information
- The covered time frame
-The name, address and telephone number of the individual who is to receive the PHI. 

The letter should be directed to the following address:
Attention: Guardian Corporate Privacy Officer National Operations 

The Guardian Life Insurance Company of America 
Group Quality Assurance - WRO 
P.O. Box 2457 
Spokane. WA 99210-2457

When can Guardian use PHI without an individual's authorization?

Guardian will only use and disclose protected health information (PHI) without an individual's specific authorization when such use is permitted or required by law. Authorization is not required for the purposes of treatment, payment and health care operations.

What are treatment activities?

Treatment activities are those performed by a health care provider related to the provision, coordination or management of health care for a patient. Guardian does not provide treatment. However, Guardian may disclose protected health information (PHI) to a health care provider so that provider can render treatment.

What are payment activities?

Payment activities are undertaken to obtain premiums, or to determine or fulfill Guardian's responsibilities for coverage and provision of plan benefits. These activities include determining eligibility for coverage, utilization review activities, claims management and collection activities. Guardian may disclose protected health information (PHI) to health care providers, its business associates or other covered entities for payment activities.

What are health care operation activities?

Health care operation activities include-but are not limited to: provider credentialing, business planning and development, quality assessment and improvement, premium rating, enrollment, underwriting, claims processing, customer service, medical management, fraud and abuse detection, obtaining legal and auditing services, and business management. Making members aware of health care options as well as treatment alternatives or other health-related benefits and services that may interest the member, are examples of Guardian's permitted use of protected health information (PHI).