Certilytics, Inc. Statement of Privacy Practices

1. Purpose

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

HIPAA is the acronym for the Health Insurance Portability and Accountability Act. Originally, HIPAA established minimum federal standards regarding access to and the portability and renew-ability of private health insurance. The HIPAA “Administrative Simplification” provisions focus on health data transmission, security, and privacy. Generally, HIPAA imposes certain electronic data interchange (EDI), privacy, and security requirements upon covered entities (health plans, health care providers, and health care clearinghouses), and by contract or plan amendment, upon third-party service providers that contract with such entities (also known as Business Associates) and employer-sponsors of health plans.

Certilytics, Inc. as a business associate to a covered entity may receive or create health information about you in order to carry out activities on behalf of the covered entity for activities involving treatment, payment or health care operations. This health information is called “protected health information” and we refer to it throughout this Statement as “PHI.”

2. How Certilytics, Inc. May Use or Disclose Your Health Information

This section generally describes how Certilytics, Inc. uses and discloses health information to administer benefits under your group health plan. Please note that this Statement does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.

2.1 Primary Uses and Disclosures of PHI

Certilytics, Inc. may use and disclose PHI about you for additional related healthcare operations necessary to operate your health plan. For example, your health information may be received or created by members of the staff through business operations. Certilytics, Inc. also may use your PHI for administrative activities such as business planning and development, cost management, business management and conducting quality assessment and improvement activities.

Required by law. Certilytics, Inc. may use and disclose information about you as required by law. For example, Certilytics, Inc. may disclose information for the following purposes:

  • For judicial and administrative proceedings pursuant to legal authority;
  • To report information related to victims of abuse, neglect or domestic violence;
  • To assist law enforcement officials in their law enforcement duties;
  • To assist with health oversight activities as required by law; and
  • To report information related to decedents that will assist coroners, medical examiners, and funeral directors;

Public Health Your health information may be used or disclosed for public health activities such as assisting public health authorities or other legal authorities to prevent or control disease, injury, or disability, or for other health oversight activities.

Health and Safety Your health information may be disclosed to avert a serious threat to the health or safety of you or any other person pursuant to applicable law.
Government Functions Your health information may be disclosed for specialized government functions such as protection of public officials or reporting to various branches of the armed services that may require use or disclosure of your health information.

Workers Compensation Your health information may be used or disclosed in order to comply with laws and regulations related to Workers Compensation.

Other uses Other uses and disclosures will be made only with your written authorization, and you may revoke the authorization except to the extent Certilytics, Inc. has taken action in reliance on such.

Material Limitations: State laws may be more stringent. Material limitations such as records surrounding mental health / HIV, that are imposed by state or other applicable law on permitted uses and disclosures will be applied.

3. Your Health Information Rights

You may have certain rights to access, amend, and request an accounting of certain disclosures of the PHI. Certilytics, Inc. handles on behalf of your employer’s plan. These rights are described in more detail in the separate Notice of Privacy Practice provided by your plan.

You have the right to: [R-0847]

  • request a restriction on certain uses and disclosures of your information through the covered entity as provided by 45 C.F.R. §164.522; [R-0848] however, the covered entity is not required to agree to a requested restriction if it an emergency treatment situation or the individual terminates the restriction.
  • receive confidential communications of protected health information;
  • obtain a copy of the notice of privacy practices upon request; [R-0851]
  • inspect and obtain a copy of your health information as contained within the Certilytics, Inc. health record as provided for in 45 C.F.R. §164.524;
  • request that your health record be amended as provided in 45 C.F.R. §164.526;
  • request communications of your health information by alternative means or at alternative locations; and
  • receive an accounting of inappropriate disclosures made of your health information as provided by 45 C.F.R. §164.528.

4. Complaints

You may contact Certilytics, Inc. at (800) 333-3760 or the Department of Health and Human Services if you believe your privacy rights have been violated. You will not be retaliated against for filing a protected health information-related complaint. Revised notices will be provided in writing upon request.

5. Obligations of Certilytics, Inc.

Certilytics, Inc. is committed to:

  • Maintaining the privacy of protected health information;
  • Providing you, upon request, this statement of its legal duties and privacy practices with respect to your health information;
  • Abiding by the terms of this statement;
  • Notifying you if we are unable to agree to a requested restriction on how your information is used or disclosed; and
  • Accommodating reasonable requests you may make to communicate health information by alternative means or at alternative locations; and Certilytics, Inc. reserves the right to change its information practices and to make the new provisions effective for all protected health information it maintains.

6. Contact Information

If you have any questions or complaints, please contact:

Compliance Department
Certilytics, Inc.
9200 Shelbyville Road, Suite 700
Louisville, KY 40222

7. Changes to this Statement

Certilytics, Inc. has the right to change this Statement at any time. Certilytics, Inc. also has the right to make the revised or changed Statement effective for medical information Certilytics, Inc. already has about you as well as any information received in the future. Certilytics, Inc. will post a copy of the current Statement on the company’s website. All Statements will contain the revision date on the first page.