Home › Privacy Policy

Privacy Policy

PLEASE READ CAREFULLY

EFFECTIVE AS OF JULY 1, 2006

This notice reviews our policies and practices regarding the disclosure of your Non-public Personal Information (NPI), which we collect and use in the course of our business operations. NPI includes any information that may be used to identify you, and may include financial and health information. For our purposes, "PHI", or Protected Health Information as defined by the HIPAA Act of 1996 represents a subset of the information included in NPI.

How we collect NPI

We obtain NPI through health plan enrollment documentation, provider enrollment documentation, health claims processing (i.e. from your health providers), financial institution agreements, and any other types of authorizations which may be provided to us to deliver health plan administration services.

What we collect and why we collect NPI

Information we collect and use includes names, addresses, telephone numbers, Social Security Numbers, employee ID numbers, date of birth, dependent information, employment information, licensure information, bank account information, e-mail addresses, and information arising from transactions such as balances, health services, payment histories, and parties to those transactions. All of this information, and any other information we may collect in the execution of our business operations is used to verify eligibility under health plan(s), to verify provider licensure, to process health claims, and to facilitate payment to providers for those services.

With whom we share NPI

We may contract or have agreements with unaffiliated third parties such as brokers and third party administrators; vendors, contractors and subcontractors; and financial institutions. These entities may assist us in health plan sales and new business procurement; employee enrollment into health plans, employee termination, and benefits continuation; web hosting, data security and backup services; and health claims processing, financial transactions or other aspects of our business.

How we use NPI

Once we gather NPI, we enter it into our electronic records system (i.e. database) where it may be accessed by health providers and others involved in paying the bills for health services. It is also used internally to the extent we may be involved in facilitating payment for health claims received. We are permitted to use or disclose NPI for the following reasons, although we may not need to under normal circumstances:

  • To communicate with individuals involved in the delivery of health care or payment for health care.
  • To assist in handling of Workers’ Compensation claims, but only to the extent authorized by and necessary to comply with laws relating to this, or similar programs established by law.
  • To Law Enforcement Authorities as may be dictated by law or in response to a subpoena or court order.
  • As required by Federal, State or Local laws.
  • As necessary to comply with Health Oversight Activities, including audits, investigations, inspections, and credentialing as necessary for licensure and for the government to monitor the health care system, government programs, and compliance with civil rights laws.
  • To assist in the identification of missing persons, or human remains.
  • To prevent a serious threat to individual health and safety, or the health and safety of the public at large.
  • To assist military command authorities as necessary for members of the armed forces.
  • As necessary to comply with National Security Authorities for the protection of the public safety.

How We Protect Against Unauthorized Access to NPI

We maintain strict NPI access protocols, both operationally and with regard to data security. Operationally, only those personnel having a need to access NPI are allowed to access it. We do not allow media containing NPI to leave our physical facilities. Access controlled electronic record keeping is used to the greatest extent feasible to prevent unauthorized access to NPI. We make all reasonable efforts to avoid incidental disclosures of NPI. An example of an incidental disclosure is a conversation which might be overheard by a person visiting our facility or information contained on a readily viewed computer monitor.

With regard to data security, our web based system is hosted in a data center which provides physical access controls and visitor logging; taped video surveillance of visitations; as well as all compliance with all currently available standards for fire detection and suppression, flood control, backup power generation, data security and backup. The system itself has been architected to provide reasonable intrusion detection and deterrence, as well as reasonable data validation and database security protocols. For more information, send email to: info@symbyos.com

Other Uses and Disclosures of NPI

In the event we receive a solicitation for NPI not otherwise covered under this Information Privacy Policies and Practices, we will make all reasonable attempts to contact the person whose NPI is being sought before any disclosure is made. Such disclosures will be withheld unless a written, signed affidavit is provided to us by the person whose NPI is sought, clearly identifying the requesting party, the party whose NPI is sought, and the reason(s) for the request. Such authorizations may be revoked at any time by the person whose NPI has been released. We are not responsible for any NPI released under the authorization before written revocation is received.

Your NPI Rights

You may request a copy of our current Information Privacy Policies and Practices Notice at any time. Even if you have agreed to receive the notice electronically, you are still entitled to a paper copy. You may obtain a paper copy by printing this notice from your web browser, or by requesting one from us by phone, fax or mail. We will provide a paper copy of our current Information Privacy Policies and Practices Notice only to people whose NPI we actually have.

You may request additional restrictions on our use or disclosure of your PHI by faxing a written request to:

Fax #: (800) 978-5013

Or mail to:

Privacy Officer
Symbyos
PO Box 270571
Louisville, CO 80027-5009

We are not required to agree to those restrictions. We cannot agree to restrictions on uses or disclosures that are legally required, or which are necessary to administer our business. In most cases, you have the right to access and copy the NPI that we maintain about you. To inspect or copy your PHI, you must send a written request to the Privacy Officer at the address above. We may charge you a fee for the costs of copying and mailing the information, and for any supplies which are necessary to fulfill your request. We may deny your request to inspect and copy in certain limited circumstances.

If you feel that the NPI we maintain about you is incomplete or incorrect, you may request that we amend it. To request an amendment, you must send a written request to the Privacy Officer at the address above. You must include your reason(s) for requesting the change(s). In some cases, we may deny your request for amendment.

You have the right to receive an accounting of the disclosures we have made of your NPI after April 14, 2003, for most purposes OTHER THAN FOR treatment, payment, or health care operations. The right to receive an accounting is subject to certain exceptions, restrictions, and limitations. To request an accounting, you must submit a request in writing to the Privacy Officer at the address above. Your request must specify the time period over which disclosures were made. The time period may not be longer than six years, and may not include dates before April 13, 2003.

You may request communication of NPI by alternative means, or at alternative locations. For example, you may request that we contact you by e-mail, or at a different residence or post office box. To request confidential communication of your NPI, you must submit a request in writing to the Privacy Officer at the address above. You must tell us how or where you would like to be contacted. We will accommodate any reasonable requests.

If you have questions or would like additional information about our Information Privacy Policies and Practices, you may contact our Privacy Officer at the address above, or call toll free at 1-877-SYMBYOS. If you believe your rights to privacy have been violated, you can file a complaint with the Privacy Officer at the address or phone numbers above.