NOTICE OF PRIVACY PRACTICES
This provides notice of the privacy practices and policies of Financial Arts, Inc. These protections
have been adopted to ensure that the information that we obtain and maintain for our clients and
customers, which may also include information about the employees, dependents, former employees
and dependents, and other eligible participants on a group health plan for which we are providing
services (“Protected Parties”), is protected in accordance with relevant state and federal rules. The
Notice outlines our practices, policies, and legal duties to maintain and protect against prohibited
disclosure of personally-identifiable financial information (as required by the federal Gramm-Leach-
Bliley Financial Modernization Act (“GLB Act”), and the various state laws implementing those
requirements), Protected Health Information of those Protected Parties (under the privacy
regulations mandated by the Health Insurance Portability and Accountability Act and further
expanded by the Health Information Technology for Economic and Clinical Health Act provisions in
Title XIII of the American Recovery and Reinvestment Act (“HITECH”), the HIPAA Omnibus ruling of
2013, and the regulations related to these laws and mandates), and the protection of personallyidentifiable
information under 45 CFR § 155.260 (collectively referred herein as “Privacy Rules”).
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT A PROTECTED PARTY
MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
THE PROTECTION OF THE PRIVACY OF THE INFORMATION WE MAINTAIN IS IMPORTANT TO US.
1. Statement of Our Duties. We are required by law to
maintain the privacy of non-public personal information
(“NPPI”), protected health information (“PHI”), and
personally-identifiable information (“PII”) (collectively
referred herein as “Protected Information”) of the
Protected Parties and to provide our clients with this notice
of our privacy practices and legal duties. We are required to
abide by the terms of this notice. We reserve the right to
change the terms of this notice and to adopt any new
provisions regarding the Protected Information that we
maintain about the Protected Parties. If we revise this
notice, we will provide each client or customer with whom
there is a current and direct business relationship with a
revised notice by mail, electronic mail or any other
electronic means, telefacsimile or fax, or hand-delivery.
2. Statement of the Client’s Rights under Privacy
Rules. As our client or customer, you have a right to know
how we may use or disclose the Protected Information we
maintain on those Protected Parties with whom there is a
direct relationship. In the event that our customer or client
is an employer sponsoring a group health plan, we do not
have a direct duty to their employees, dependents, former
employees or dependents or other eligible participants on
the group health plan. Our obligations to not disclose the
Protected Information we maintain about those individuals
may arise due to our contractual obligations as a Business
Associate of both the client or customer, as well as to any
other third party who is a Covered Entity under the Privacy
Rules, but does not create a special legal duty to provide
notice to those individuals of their rights through a Notice
of Privacy Practices.
Primary Uses and Disclosures of Protected Information. We
use and disclose Protected Information about Protected
Parties for payment and health care operations. Privacy
Rule does not generally “preempt” (or take precedence
over) state privacy or other applicable laws that provide
individuals greater privacy protections. As a result, to the
extent state law applies, the privacy laws of a particular
state, or other federal laws, rather than the Privacy Rules,
might impose a privacy standard under which we will be
required to operate. For example, where such laws have
been enacted, we will follow more stringent state privacy
laws that relate to uses and disclosures of the Protected
Information concerning HIV or AIDS, mental health,
substance abuse/chemical dependency, genetic testing, or
reproductive rights.
In addition to these law requirements, we also may use or
disclose Protected Information in the following situations:
Payment: We might use and disclose your Protected
Information for all activities that are included within the
definition of “payment” within the Privacy Rules. For
example, we might use and disclose a Protected Party’s
Protected Information to assist with the payment of claims
for services provided to that Protected Party by doctors,
hospitals, pharmacies and others for services that are
covered by a group health plan. We might also use your
2
information to determine your eligibility for benefits, to
coordinate benefits, to examine medical necessity, to obtain
premiums, and to issue explanations of benefits to the
person who subscribes to the health plan in which you
participate.
Health Care Operations: We might use and disclose a
Protected Party’s Protected Information for all activities
that are included within the definition of “health care
operations” within the Privacy Rules. For example, we
might use and disclose the Protected Information of a
Protected Party to an insurer to determine the premiums
for your health plan, to conduct quality assessment and
improvement activities, to engage in care coordination or
case management, and to manage our business.
Business Associate Subcontractors: In connection with our
payment and health care operations activities, we contract
with individuals and entities (called “subcontractors”) to
perform various functions on our behalf or to provide
certain types of services. To perform these functions or to
provide the services, our subcontractors will receive, have
access to, create, maintain, use, or disclose Protected
Information, but only after we require the subcontractor to
agree in writing to contract terms designed to appropriately
safeguard your information.
Other Covered Entities: In addition, we might use or
disclose your Protected Information to assist health care
providers in connection with their treatment or payment
activities, or to assist other covered entities in connection
with certain of their health care operations. For example,
we might disclose a Protected Party’s Protected
Information to a health care provider when needed by the
provider to render treatment to that party, and we might
disclose Protected Information to another covered entity or
subcontractor to conduct health care operations related to
billing, claims payment or enrollment.
For all other uses and disclosures, we first must obtain your
permission.
In addition, you have the following rights:
• The right to request that we place additional
restrictions on our uses and disclosures of the
Protected Information of Protected Parties. However,
we are not obligated to agree to impose any such
additional restrictions.
• The right to access, inspect, and copy the protected
information pertaining to Protected Parties that we
maintain in our files, and the right to have us correct or
amend any information that we create in error.
Requests to access or amend your health information
should be sent to the contact person and address
provided below.
• The right to receive an accounting of the disclosures of
the Protected Information we maintain on Protected
Parties that we make for purposes other than activities
related to payment functions or other health care
operations.
• The right to request that communications containing a
protected party’s Protected Information are sent in a
confidential manner.
• If you received this notice electronically, you also have
the right to obtain a paper copy of this notice from us
on request.
3. Information We Collect About You. We collect the
following categories of information for group and/or
individual policies from the following sources:
a) Information that we obtain directly from you, in
conversations or on applications or other forms
that you or a Protected Party completes.
b) Information regarding current or prospective plan
participants we obtain about them on applications
or other forms.
c) Information about the plan’s transactions with our
affiliates, others or us.
d) Information that we obtain as a result of our
transactions with you.
4. Permissible Uses and Disclosures of Protected
Information. We disclose the information we receive
regarding current or prospective plan participants only in
accordance with the terms and conditions of the various
Business Associate contracts we have entered to with
Covered Entities under Privacy Rules and as permitted
under state and federal laws concerning the privacy of your
insurance and financial information. Those include:
• Situations Permitted or Required by Law. We also may
use or disclose your Protected Information without
your written permission for other purposes permitted
or required by law, including, but not limited to the
following:
a) As authorized by and to the extent necessary to
comply with workers’ compensation or other nofault
laws;
b) To an oversight or insurance regulatory agency for
activities including audits or civil, criminal or
administrative actions;
c) To a public health authority for purposes of public
health activities (such as to the Federal Food and
Drug Administration to report consumer product
defects);
d) To a law enforcement official for law enforcement
purposes or in response to a court order or in the
course of any judicial or administrative
proceeding;
3
e) To organ procurement organizations or other
entities for approved research; or
f) To a governmental authority, including a social
service or protective services agency, authorized to
receive reports of abuse, neglect or domestic
violence.
• For Any Purposes to Which You Have Not Objected. In
certain limited circumstances, we may use or disclose
your Protected Information after we have given you an
opportunity to object and you have not objected. For
example, if you do not object, we may use limited
information about you to maintain an office directory,
to notify family members or any other person identified
by you regarding issues directly related to such
person’s involvement with your care or payment for
that care, or in emergency circumstances.
• For Purposes for Which We Have Obtained your
Written Permission. All other uses or disclosures of
your Protected Information will be made only with
your written permission, and you may revoke any
permission that you give us at any time.
5. Complaints About Misuse of Health Information.
You may complain either directly to us or to the Secretary
of Health and Human Services if you believe that your rights
with respect to our protection of your health information
have been violated. To file a complaint with us, you may
send a written statement outlining your complaint, the facts
and circumstances surrounding your complaint, including
the names, dates and as many details as possible. You will
not be retaliated against in any way for filing a complaint.
6. Our Practices Regarding Confidentiality and
Security. We restrict access to Protected Information about
you to those employees and its subcontractors who need to
know that information in order to provide products and
services to you. We maintain physical, electronic and
procedural safeguards that comply with state & federal
regulations to guard your Protected Information.
7. Our Duties. We are required by law to maintain the
privacy of Protected Information and to provide individuals
with notice of its legal duties and privacy practices with
respect to Protected Information. If unsecured Protected
Information is acquired, used or disclosed in a manner that
is not permitted under the Privacy Rules that compromises
the security or privacy of that Protected Information,
(referred to as a “Breach”), We are required to provide
appropriate Notice as defined by law without unreasonable
delay and in no case later than 60 days after the discovery
of the Breach or the receipt of information of the Breach.
We may delegate this duty to a subcontractor. We are
required to abide by the terms of the Notice that is currently
in effect. We will provide a paper copy of this Notice to you
upon your request.
8. Our Policy Regarding Dispute Resolution. Any
controversy or claim arising out of or relating to our privacy
policy, or the breach thereof, shall be settled by arbitration
in accordance with the rules of the American Arbitration
Association, and judgment upon the award rendered by the
arbitrator(s) may be entered in any court having
jurisdiction thereof.
9. Revisions to this Notice. We reserve the right to
change the terms of this Notice and to make the new Notice
provisions effective for all Protected Information we
maintain, regardless of whether the Protected Information
was created or received prior to issuing the revised Notice.
Whenever there is a material change to our use and
disclosure of Protected Information, individual rights, our
duties, or other privacy practices stated in this Notice, we
will promptly revise and distribute the new Notice.
Contact Person for Filing Complaint or Obtaining Other
Information. If you believe your privacy rights have been
violated, you may file a written complaint with our Privacy
Officer at the following address:
Daniel Fagen
Privacy Officer
921 S Halleck St.
DeMotte, Indiana 46310
dan@financialartsinc.com
(219) 987-4438