Effective Date: June 2, 2005 - Revised: May 16, 2023
THIS NOTICE OF PRIVACY PRACTICES (“NOTICE”) DESCRIBES HOW PROTECTED HEALTH INFORMATION ABOUT YOU MAY BE USED OR DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
References to “Sentara,” “we,” “us,” and “our” means the members of the Sentara Healthcare ACE, which is an affiliated covered entity. An affiliated covered entity is a group of organizations under common ownership or control who designate themselves as a single affiliated covered entity for purposes of compliance with the Health Insurance Portability and Accountability Act (“HIPAA”). The Sentara Healthcare ACE, and its employees and workforce members who are involved in providing and coordinating your health care, are all bound to follow the terms of this Notice. The members of the Sentara Healthcare ACE will share federally protected health information (i.e., your medical information) with each other for treatment, payment, and health care operations as permitted by HIPAA and this Notice. A complete list of the members of the Sentara Healthcare ACE is provided at the end of this Notice.
Our Pledge Regarding Your Protected Health Information:
Sentara is committed to safeguarding protected health information about you. We create a record of certain health information related to your health benefit plan administered by certain Sentara entities. We need this information to provide you with quality services and to comply with certain legal requirements.This Notice applies to all the health information records related to your health benefit plan administered by certain Sentara Health Plans.
We Are Required By Law to:
- Maintain the privacy of your medical information;
- Provide you this Notice describing our legal duties and privacy practices with respect to your medical information;
- Notify you following a breach of your unsecured medical information; and
- Follow the terms of this Notice
How We May Use and Disclose Protected Health Information About You Without Your Authorization (Permission)
The following sections describe different ways that we may use and disclose your protected health information without your authorization (permission). For each category of uses or disclosures, we will describe them and give some examples. Some medical information, such as certain genetic information, certain drug and alcohol information, HIV information, and mental health information, may be entitled to special restrictions by state and federal laws. We abide by all applicable state and federal laws related to the protection of such medical information. Not every use or disclosure will be listed, but all of the ways we are permitted to use and disclose protected health information about you will fall within one of the following categories:
- Treatment: We may use or disclose medical information about you to provide you with medical treatment and/or coordinate with health care providers on treatment for you.
- Payment: We may use and disclose your protected health information to make coverage determinations, to coordinate benefits, and to help pay your medical bills submitted to us for payment. For example, we may use your medical information from a surgery you received at a hospital so that the hospital can be paid.
- Health Care Operations: We may use and disclose protected health information about you for our health care operations and for certain health care operations of other providers who furnish care to you. These uses and disclosures are necessary to operate our health plans and to make sure that all of our members receive quality services. We may use and disclose protected health information to provide customer services. For example, we may use protected health information about you to review our services, to evaluate the performance of our staff, and to survey you on your satisfaction with our services. We may review and/or aggregate member information to decide what additional services or benefits our health plans should offer, what services are not needed, and whether certain new services are effective. We may combine the protected health information we have about you with other members’ protected health information to compare how we are doing and see where we can make improvements in the services we offer.
- Business Associates: We may share your protected health information with certain third parties referred to as “business associates.” Business associates provide various services to or for Sentara. Examples include billing services, transcription services, and legal services. We require our business associates to sign an agreement requiring them to protect your protected health information and to use and disclose your protected health information only for the purposes for which we have contracted for their services.
- Individuals Involved in Your Care or Payment for Your Care: Unless you tell us not to, we may release protected health information about you to individuals involved in your medical care such as a friend, a family member, or any individual you identify. We also may give your protected health information to someone who helps pay for your care. Additionally, we may disclose protected health information about you to your legal representative, meaning generally, a person who has the authority by law to make healthcare decisions for you. Sentara typically will treat your legal representative the same way as we would treat you with respect to your medical information.
- Communications with You: We, or our Business Associates, may contact you via telephone, email, or text message about your treatment, care, or payment related activities. As an example, we may remind you that you have an appointment for medical care and provide information about treatment. We or our Business Associate may also use your protected health information to communicate with you about health-related benefits or services that may be of interest to you, such as available immunizations.If you provide us with your email address and/or phone number, you acknowledge that we, or our Business Associates, may exchange protected health information with you by email, text, or phone call. These messages may be sent using automated dialing and/or pre-recorded messages. You agree we can communicate with you through these methods via phone calls, emails, text messages, or other means based on the contact information you have on file with us. You also understand and agree that communication via email and text are inherently unsecure and that there is no assurance of confidentiality of information communicated in this manner. You agree that you are the user and/or subscriber of the e-mail address and/or phone number provided to us, and you accept full responsibility for e-mails, phone calls, and/or text messages made or sent to or from this e-mail address or phone number. If you prefer not to exchange protected health information via email, text or over the phone, you can choose not to communicate with us via those means by notifying the Privacy Officer (see contact information at the end of this Notice).
- As Required or Permitted by Law: We will disclose medical information about you when required to do so by federal and/or state law. This includes sharing information with the Department of Health and Human Services if it wants to see that we are complying with federal privacy law.
- Legal Proceedings, Lawsuits and Other Legal Actions: We may disclose protected health information about you to courts, attorneys, court employees, and others when we receive a court order, subpoena, discovery request, warrant, summons, or other lawful instructions. We also may disclose protected health information about you to those working on Sentara’s behalf in a lawsuit or action involving Sentara. We may also disclose information for law enforcement purposes as required by law or in response to a valid subpoena, summons, court order, or similar process.
- Incidental Disclosures: There are certain disclosures of protected health information that may occur while we are providing service to you or conducting our business. We will make reasonable efforts to limit these incidental disclosures.
Additional Uses and Disclosures of Your Protected Health Information Without Your Authorization (Permission)
We may use and disclose your protected health information in the following special situations:
- Disaster‐Relief Efforts: We may disclose protected health information about you to an organization assisting in a disaster‐relief effort so that your family can be notified about your condition, status, and location. If you do not want us to disclose your protected health information for this purpose, you must tell your caregivers so that we do not disclose this information unless we must do so to respond to the emergency.
- To Avert a Serious Threat to Health or Safety: We may use and disclose protected health information about you to help prevent a serious and imminent threat to your health and safety or the health and safety of the public or another person.
- Military: If you are a member of the armed forces, domestic (United States) or foreign, we may release protected health information about you to the military authorities as permitted or required by law.
- Workers’ Compensation: We may disclose protected health information about you for workers’ compensation or similar programs as permitted or required by law.
- Coroners, Medical Examiners and Funeral Directors: We may disclose protected health information about you to a coroner, medical examiner, or funeral director as necessary for them to carry out their duties.
- National Security and Intelligence Activities: We may disclose protected health information about you to authorized federal officials for intelligence, counterintelligence, and other national security activities as permitted or required by law.
- Protective Services for the President of the United States and Others: We may disclose protected health information about you to authorized federal officials so they may conduct special investigations or provide protection to the President of the United States, other authorized persons, or foreign heads of state as permitted or required by law.
- Inmates: If you are an inmate of a correctional institution or under the custody of law enforcement officials, we may release protected health information about you to the correctional institution or law enforcement officials as permitted or required by law.
How We May Use and Disclose Protected Health Information About You Upon Your Written Authorization (Permission)
- Marketing: We must obtain your written permission to use or disclose your protected health information for marketing purposes except in certain circumstances. For example, written permission is not required for face‐to‐face encounters involving marketing, or where we are providing a gift of nominal value (for example, a coffee mug), or a communication about our own services or products (for example, we may send you a postcard announcing the arrival of a new surgeon or x‐ray machine).
- Sale of Protected Health Information: We must obtain your written permission to disclose your protected health information in exchange for remuneration (payment).
- Other Uses and Disclosures of Your Protected Health Information Without Your Authorization (Permission): Other uses and disclosures of your protected health information not covered by the categories included in this Notice or applicable laws, rules, or regulations will be made only with your written permission. If you provide us with such written permission, you may revoke it at any time. We are not able to take back any uses or disclosures that we already made in reliance on your written permission.
Your Rights Regarding Protected Health Information About You
You have the following rights regarding your protected health information:
- Right to Inspect and Copy: With certain exceptions, you have the right to inspect and/or receive a copy of the protected health information that is used by us to make decisions about your benefits. The exceptions to this are any psychotherapy notes, information collected for certain legal proceedings, and any protected health information restricted by law.
To inspect and/or receive a copy of your medical information, we require that you submit your request in writing to the Health Plan’s Members Services. If you are unsure where to submit your request, please contact the Sentara Health Plans Privacy Officer (contact information below). If you request a copy of your medical information, we may charge you a reasonable fee for the costs of copying, mailing, or other supplies associated with your request. Your request will be fulfilled in a timely manner not to exceed 30 days.
Under certain circumstances, we may deny your request to inspect or copy your protected health information, such as if we believe it may endanger you or someone else. If you are denied access to your protected health information, you may request that another licensed health care professional review the denial. We will comply with the outcome of the review.
- Right to Request Confidential Communications: You have the right to request that we use a certain method to communicate with you about Sentara Health Plan matters or that we send Sentara Health Plan information to you at a certain location if the communication could endanger you. For example, you may ask that we send your information by a specific means, such as by U.S. mail only, or to a specified address. If you want us to communicate with you in a certain way, you will need to give us specific details about how you want to be contacted including a valid alternative address. We will not ask you the reason for the request, and we will accommodate all reasonable requests. However, if we are unable to contact you using the ways or locations you have requested, we may contact you using the information we have. We require that you submit your request in writing to the Health Plan’s Members Services. If you are unsure where to submit your request, please contact the Sentara Health Plan Privacy Officer (contact information below).
- Right to Request an Amendment: If you feel that the protected health information, we have about you is incorrect or incomplete, you may ask us to amend the protected health information. To request an amendment, we require that you submit your request in writing and that you provide the reason for the request. You should direct your request to the Health Plan’s Members Services. If you are unsure where to submit your request, please contact the Sentara Health Plans Privacy Officer (contact information below). If we agree to your request, we will amend your record(s) and notify you of such. In certain circumstances, we cannot remove what was in the record(s), but we may add supplemental information to clarify. If we deny your request for an amendment, we will provide you with a written explanation of why we denied it and explain your rights.
- Right to an Accounting of Disclosures: You have a right to make a written request to receive a list of the disclosures we have made of your protected health information in the six years prior to your request. The accounting of disclosures you receive will not include disclosures made for treatment, payment, or healthcare operations activities of Sentara Health Plans. Additionally, it will not include disclosures made to you. To request an accounting of disclosures, we require that you submit your request in writing to the Sentara Health Plans Privacy Officer (contact information below). You must state the time period for which you want to receive the accounting, which may not be longer than six years and which may not date back more than six years from the date of your request. You must indicate whether you wish to receive the list of disclosures electronically or on paper. The first accounting of disclosures you receive in a 12-month period will be free. We may charge you for responding to additional requests in that same period. We will inform you of the costs involved before any costs are incurred. You may choose to withdraw or modify your request at that time.
- Right to Request Restrictions: You have the right to request a restriction, or limitation, on the protected health information we use or disclose about you for treatment, payment, or health care operations. We are not required to agree to your request. If we agree to your request, we will comply with your request unless the protected health information is needed to provide you with emergency treatment, or we are required by law to not disclose it. To request a restriction, you must make your request in writing to the Sentara Health Plans Privacy Officer (contact information provided below) and tell us (1) what information you want to limit, (2) whether you want to limit our use, disclosure, or both, and (3) to whom you want the limits to apply (for example, disclosures to your spouse). We are allowed to end the restriction by providing you notice. If we end the restriction, it will only affect the medical information that was created or received after we notify you.
- Right to a Paper Copy of This Notice: You have the right to a paper copy of this Notice at any time, even if you have previously agreed to receive this Notice electronically. Copies of this Notice are available by contacting the Sentara Health Plans Privacy Officer (contact information below) or you can download a digital copy at the link on the bottom of this page.
- Right to Receive Notification of a Breach: You have the right to receive written notification of any breach of your unsecured protected health information.
Change to this Notice
- We reserve the right to change this Notice from time to time. We reserve the right to make the revised or changed notice effective for medical information we already have about you as well as any medical information we receive about you in the future. We will post a copy of the current notice on the Sentara Health Plans website at www.optimahealth.com and provide the revised notice, or information about the material change and how to obtain the revised notice in our next annual mailing to members then covered by the plan. Please review the Notice from time to time to ensure you are familiar with our HIPAA privacy practices.
Questions, Requests, or Complaints
- If you have questions or believe that your privacy rights have been violated, you may file a complaint with Sentara Health Plans or with the Secretary of the Department of Health and Human Services. To file a complaint with Sentara Health Plans, contact the Sentara Health Plans Privacy Officer. You will not be penalized or retaliated against for filing a complaint.
Sentara Health Plans
Attn: Privacy Officer
PO Box 66189
Virginia Beach, VA 23466
The U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Washington, D.C. 20201
This Notice is effective 01/01/2022 and replaces all earlier versions.
This Notice of Privacy Practices covers an Affiliated Covered Entity or "ACE". When this Notice refers to the Sentara Healthcare ACE, it is referring to Sentara Healthcare and each of the following subsidiaries and affiliates:
Optima Health Insurance Company
Optima Health Plan
Sentara Health Plans, Inc.
Optima Behavioral Health Services, Inc.
Optima Health Group, Inc.