Protecting Your Personal Information
BMC HealthNet Plan has processes in place to protect all electronic, oral, or written information about the health of our members, also known as Protected Health Information or “PHI”. We also protect personal information like your social security number, also called “PI”, from being used or released in a way that violates federal or state laws. While we need your PHI/PI at times for valid reasons to provide your health care, we take measures to limit the chance of your protected information being used in inappropriate ways.
How do we protect your personal information?
- We limit the amount of information employees can access. They may only access information that is required by their job.
- When sharing information related to your health care, we only share the minimum amount needed to complete the request or task at hand.
- We verify the identity of any person requesting PHI and confirm their authority to access PHI before they receive any written or oral documentation, statements or representation.
- We require a Release of PHI Authorization Form from a Member or Member Representative to allow the release of PHI for purposes other than treatment, payment or operations, including to employers, if applicable.
- We require all employees to follow these processes:
- Employees must ensure that PHI is used or disclosed for its intended purpose and follows federal and state laws and our policies.
- Employees must not share passwords or use another’s user id to sign on to our computers or computer programs
- Employees shall not misuse PHI for personal gain
- Employees shall not access, use or disclose PHI for family members or personal acquaintances
- Employees must not disclose PHI to unauthorized individuals
- Employees must not knowingly attempt to gain access to PHI that is not within the scope of the employees’ job responsibilities
- Employees must not disclose PHI outside the assigned job responsibilities
- Employees must not take action against other workforce members for reporting misuse of PHI
- We may not take action against employees for reporting misuse of PHI
- We conduct privacy and security awareness trainings to all new employees, and every year to all employees. These trainings review federal and state laws and our policies that regulate confidential and privacy information including:
- The definition of PHI and PI, whether in paper, electronic or verbal form
- How to identify documents that are considered confidential and not for public consumption
- Responsibilities of protecting PHI and PI and other confidential information
- How to report violations
- Penalties and consequences associated with violations of federal and state rules and Plan policies
- We require the proper use of our computing equipment, hardware, software, information systems and other technology including, but not limited to; laptops, desktop PCs, email, social media and faxes.
- We use encryption software on all computers and smart phones to prevent access by people without proper passwords.
- We limit access to sensitive areas in the company to only those whose job requires access to these areas.
- We provide a safe and secure work environment and require all employees to enter the building through locked doors using their identification badge.
- We require all visitors to sign-in and be escorted at all times while on our facilities.
- We use secure bins for the shredding and disposal of PHI and PI.
- We require all files containing PHI to be stored in secure and locked cabinets when not in use.