Our Policy Regarding Privacy of Your Health Information Effective as of September
We are required by law to maintain the privacy of your protected health information,
to provide you with notice of our legal duties and privacy practices with respect
to your protected health information, and to notify affected individuals following
a breach of unsecured protected health information.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED
AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
This Notice describes how we may use and disclose your protected health information
to carry out treatment, payment or health care operations, and for other purposes
that are permitted or required by law. It also describes your rights to access and
control your protected health information. “Protected health information” is information
about you, including demographic information, that may identify you and that relates
to your past, present or future physical or mental health or condition and related
health care services. If the practices described in this Notice are acceptable to
you, there is nothing you need to do. If you would like to request that we not share
information, we may honor your written request in certain circumstances described
below. If you have any questions about this notice, please contact our Privacy Officer
Oxford Life Insurance Company
2721 North Central Avenue
Phoenix, Arizona 85004
We are required to abide by the terms of this Notice. We may change the terms of
our Notice at any time. The new notice will be effective for all protected health
information that we maintain at that time and for information that we receive in
the future. If we make a material change to this Notice, we will provide you with
the revised Notice (or information about the material change and how to obtain a
revised Notice) in our next annual distribution. You may also obtain a copy of our
Health Privacy Practices Notice by accessing our website www.oxfordlife.com, calling
us at 888-757-3732 and requesting that a revised copy be sent to you in the mail
or via e-mail, or by writing to our Privacy Officer at the address indicated on
page 1 of this Notice. You have the right to obtain a paper copy of this Notice
from us, upon request, even if you have agreed to accept this Notice electronically.
1. Uses and Disclosures of Protected Health Information for Treatment, Payment and
Health Care Operations. Your protected health information may be used and disclosed
by us and others outside of our company that are involved in your care and treatment
for the purpose of providing health care services to you.
The following are examples of the types of uses and disclosures of your protected
health care information that we are permitted to make. These examples are not meant
to be exhaustive, but to describe the types of uses and disclosures that may be
made by our company.
Treatment: Your protected health information will be used, as needed, to pay for
your health care services. This may include activities that we may undertake before
we approve or pay for the health care services your health care providers recommend
for you, such as making a determination of eligibility or coverage for insurance
benefits, pre-certification of certain services, reviewing services provided to
you for medical necessity, and undertaking utilization review activities.
Payment: We may share your protected health information with providers for payment
purposes. We may share your protected health information with third party “business
associates” that perform various activities (e.g. collecting and transmitting health
care claims billing information, re-pricing of health care claims, independent medical
reviews/evaluations) for our company. Whenever an arrangement between our company
and a business associate involves the use or disclosure of your protected health
information, we will have a written contract that contains terms that will protect
the privacy of your protected health information.
Healthcare Operations. We may use or disclose, as needed, your protected health
information in order to support the business activities of our company. These activities
include, but are not limited to, quality assessment activities; underwriting, premium
rating, and other activities relating to the creation, renewal or replacement of
a contract of health insurance or health benefits; ceding, securing, or placing
a contract for reinsurance of risk relating to claims for health care (including
stop-loss insurance and excess of loss insurance); conducting or arranging for medical
review, legal services, and auditing functions, including fraud and abuse detection
and compliance programs; business planning and development, such as conducting cost-management
and planning-related analyses related to managing and operating our company, including
development or improvement of methods of payment or coverage policies; business
management and general administrative activities; and nominal gifts or face-to-face
marketing activities. However, we are prohibited from using or disclosing protected
health information that is your genetic information for underwriting purposes.
We may disclose your protected health information to claims examiners who are being
trained to handle claims similar to yours. We may also use medical information to
evaluate the performance of our staff in handling your medical claims. We may use
or disclose your protected health information, as necessary, to contact you to discuss
your eligibility for health care insurance, enrollment, and payment of health care
services provided to you.
We may use your health care claim information for actuarial analysis. We may use
health care claim information to estimate the amount of funds we will need to pay
future health care claims. We may also provide the health care information when
requested by governmental regulatory agencies.
Your name and address may be used to send you information regarding your policy,
including changes to your policy, as mandated by various federal and state laws.
Group Plan Administration. We may disclose your health information to your
health plan sponsor for plan administration. For example, if your employer contracts
with us to provide health insurance coverage, and we provide your company with certain
statistics to help obtain premium bids or for analyzing whether to modify, amend
or terminate the group health plan.
Potential Impact of Other Legal Restrictions. In some situations, we may
be required to comply with a state privacy law or other federal law (in addition
to the federal HIPAA privacy regulations) that provide greater privacy protections.
For example, certain information regarding HIV/AIDS, mental health, communicable
diseases or certain records regarding alcohol or drug abuse may be subject to additional
2. Other Permitted and Required Uses and Disclosures That May Be Made Without Your
Consent, Authorization or Opportunity to Object. We may use or disclose your protected
health information in the following situations without your consent or authorization.
These situations include:
Required By Law. We may use or disclose your protected health information to the
extent that the use or disclosure is required by law. The use or disclosure will
be compliant with the law and will be limited to the relevant requirements of the
law. If the applicable law requires, we will notify you of any such uses or disclosures.
Public Health: We may disclose your protected health information to a public health
authority for public health activities and purposes if law permits the public health
authority to collect or receive the information. We may also disclose your protected
health information, when directed by a public health authority, to a foreign government
agency that is collaborating with the public health authority.
Health Oversight. We may disclose protected health information to a health oversight
agency for activities authorized by law, such as audits, investigations, and inspections.
Abuse or Neglect. We may disclose your protected health information to a public
health authority that is authorized by law to receive reports of child abuse or
neglect. In addition, we may disclose your protected health information, consistent
with applicable federal and state laws, if we believe that you have been a victim
of abuse, neglect or domestic violence to the governmental entity or agency authorized
to receive such information.
Legal Proceedings. We may disclose protected health information in the course of
any judicial or administrative proceeding, in response to an order of a court or
administrative tribunal (to the extent such disclosure is expressly authorized),
and in response to a subpoena, discovery request, or other lawful process.
Military Activity and National Security. When the appropriate conditions apply,
we may use or disclose protected health information of individuals who are Armed
Forces personnel (1) for activities deemed necessary by appropriate military command
authorities; (2) for the purpose of a determination by the Department of Veterans
Affairs of your eligibility for benefits, or (3) to foreign military authority if
you are a member of that foreign military services. We may also disclose your protected
health information to authorized federal officials for conducting national security
and intelligence activities, including for the provision of protective services
to the President.
3. Other Permitted and Required Uses and Disclosures That May Be Made With Your
Consent, Authorization or Opportunity to Object. We may use and disclose your protected
health information in the following instances. You have the opportunity to agree
or object to the use or disclosure of all or part of your protected health information.
If you are not present or otherwise not able to agree or object to the use or disclosure
of the protected health information, then we may, using professional judgment, determine
whether the disclosure is in your best interest. In this case, only the protected
health information that is relevant to your health care will be disclosed.
Others Involved in Your Healthcare. Unless you object, we may disclose to a member
of your family, a relative, a close friend or any other person you identify, your
protected health information that directly relates to that person’s involvement
in your health care or in payment related to your health care. If you are unable
to agree or object to such a disclosure, we may disclose such information as necessary
if we determine that it is in your best interest based on our professional judgment.
Unless you object or instruct otherwise, all Explanations of Benefits (EOBs) will
be addressed to the primary insured.
Communication Barriers. We may use and disclose your protected health information
if, using professional judgment, we determine that you intended to consent to use
or disclosure under the circumstances.
4. Uses and Disclosures of Protected Health Information Based upon Your Written
Authorization. We may engage in other uses and disclosures of your protected health
information that are not described above upon receiving your written authorization,
unless otherwise permitted or required by law. You may revoke an authorization,
in writing, at any time for future uses and disclosures of protected health information.
However, a revocation will not be effective to the extent that we already have used
or disclosed information in reliance on the authorization.
5. Your Rights. Following is a description of your rights with respect to your protected
health information and a brief description of how you may exercise your rights.
Inspect and Copy Your Protected Health Information. You may inspect and obtain a
copy of protected health information about you that is in a designated record set
for as long as we maintain the protected health information. A “designated record
set” contains medical and billing records and any other records that we use for
making decisions about your health care coverage. However, under federal law, you
may not inspect or copy psychotherapy notes; information compiled in reasonable
anticipation of, or use in, a civil, criminal, or administrative action or proceeding;
and protected health information that is subject to law that prohibits access to
the protected health information. Your request must be in writing and sent to our
Privacy Officer at the address indicated on page 1 of this Notice. We may request
sufficient identification prior to releasing any information to you. A decision
to deny access may be reviewable, and you may have a right to request that our decision
to deny access be reviewed. Please contact our Privacy Officer if you have questions
about access to your medical record. California, Connecticut, Georgia, Illinois,
Maine, Massachusetts, Minnesota, Montana, Nevada, New Jersey, North Carolina, Ohio,
Oregon, Virginia & Wisconsin residents may inspect and copy their applicable records
in person after sending a written request and providing sufficient identification.
Residents in other states may make a written request to inspect and copy their applicable
records in person.
Request a Restriction of Your Protected Health Information. You may ask us to not
use or disclose any part of your protected health information for the purposes of
treatment, payment or healthcare operations. You may also request that any part
of your protected health information not be disclosed to family members or friends
who may or may not be involved in your care. Your request must be in writing, your
request must state the specific restriction requested, your request must state to
whom the restriction applies, and your request must be sent to our Privacy Officer
at the address indicated on page 1 of this Notice.
We Do Not Have to Agree to a Restriction. We are not required to agree to a restriction
that you may request. In the event that we do agree to the requested restriction,
we may not use or disclose your protected health information in violation of that
restriction unless it is needed to provide emergency treatment.
Alternative Means of Receiving Confidential Communications. If you believe that
disclosure of all or part of your protected health information could endanger you,
then you have the right to request that we send and/or receive confidential communications
by an alternative means or through an alternative location. We will accommodate
your reasonable requests. We may require that you provide us with a specific alternative
address and/or method of contact, and any other specific information we need to
accommodate your reasonable request. We will not request an explanation from you
for the request, however, your request must state that the disclosure of all or
part of your protected health information could endanger you. Please make your request
in writing to our Privacy Officer at the address indicated on page 1 of this Notice.
Washington state residents are not required to state that disclosure of all or part
of their protected health information regarding reproductive health, sexually transmitted
diseases, chemical dependency and mental health may endanger them as part of the
restriction request. Washington state residents only are not required to state that
disclosure of all or part of their protected health information could endanger them.
Amend Your Protected Health Information. You may request an amendment to your protected
health information in a designated record set for as long as we maintain this information.
Your request must be in writing, provide a reason to support the requested amendment,
and send the request to our Privacy Officer at the address indicated on page 1 of
this Notice. In certain cases, we may deny your request for an amendment. If we
deny your request for an amendment, you have the right to submit a statement of
disagreement to us and we may prepare a rebuttal to your statement. We will provide
you with a copy of any rebuttals prepared in response to your statement of disagreement.
Please contact our Privacy Officer at the address indicated on page 1 of this Notice
if you have questions about amending your medical record.
Receive an Accounting of Certain Disclosures. You have a right to request and receive
an accounting of certain disclosures of your protected health information that we
have made. You have the right to receive specific information regarding disclosures
or your protected health information. The right to receive an accounting does not
include any disclosures we have made for purposes of treatment, payment or healthcare
operations as described in this Notice. Nor does the right to receive an accounting
include any disclosures that we may have made to you, to family members or friends
involved in your care, or for notification purposes. The right to receive this information
is subject to certain exceptions, restrictions and limitations, such as, but not
limited to, not receiving information in excess of a 6-year period (you may request
a shorter timeframe). Your request must be in writing, state that you are requesting
an accounting of disclosures subject to an accounting, state the time period for
which you are requesting an accounting, and must be sent to our Privacy Officer
at the address indicated on page 1 of this Notice. California, Connecticut, Georgia,
Illinois, Maine, Massachusetts, Minnesota, Montana, Nevada, New Jersey, North Carolina,
Ohio, Oregon, Virginia & Wisconsin residents only: You are entitled to an accounting
of all disclosures of your recorded personal medical information within 2 years
prior to the request.
Complaints. You have a right to complain to us you believe your privacy rights have
been violated by us. You may file a complaint with us by notifying our Privacy Officer
at the address indicated on page 1 of this Notice. You may also file a complaint
with the Secretary of the U.S. Department of Health and Human Services. We will
not retaliate against you for filing a complaint.
* The Oxford Life® Family of Companies includes: Oxford Life Insurance Company®;
North American Insurance Company®; Christian Fidelity Life Insurance Company®; and
Oxford Life Insurance Company® in its capacity as third party administrator for
certain Medicare supplement insurance policies issued by Celtic Insurance Company
The Oxford Life Family of Companies values the trust and confidence that you, our
customer, have placed with us. We are dedicated to the responsible management and
protection of your personal financial information. We collect personal financial
information in order to serve our customers and to administer our business. Customers
are defined as those individuals with whom we have entered into a continuing relationship,
such as when an insurance policy is purchased.
of your personal financial information.
Personal financial information means information that identifies an individual personally,
is not otherwise available to the public and is obtained in connection with providing
an insurance product or service to the individual. This includes personal financial
information such as, credit history, income, financial benefits, policy or claim
information. Personal health information such as individual medical records or information
relating to an illness, injury or disability would also be considered to be personal
Personal financial information may be obtained from the customer, from customer-related
transactions and from third parties such as a consumer-reporting agency. We also
may collect personal financial information such as name, address, income, payment
history or credit history from applications or transactions.
We may share personal financial information with our affiliates, including agents,
insurance brokerage companies, businesses hired to carry out services for us, and
third party administrators.
In order to serve our customers and to efficiently administer our business, we may
share personal financial information with unaffiliated third parties. These third
parties may include software companies, agents, insurance brokerage companies, service
providers and administrators and other parties as permitted or required by law.
We may also share personal financial information with other unaffiliated third parties
who are working with us by marketing our products or services or offering our products
or services under a joint agreement between us and one or more companies.
Our employees have access to personal financial information while performing their
jobs. This includes paying claims, underwriting, advising customers about our products
or services and while developing new products.
We use both manual and electronic security measures to protect the confidentiality
and integrity of personal financial information and to guard against unauthorized
access to it. Security techniques we use include, but are not limited to, user authentication,
encryption, computer firewall protection, locked files and detection software programming.
We are responsible for identifying the information that must be safeguarded, providing
the necessary protection for the data and allowing access to such data only to those
to us, as it protects you, our customer.
We will continue to follow this policy with respect to personal financial information
even after a customer relationship has ended.
of any changes at least annually.
When you visit our public website, we do not gather any non-public personal financial
information. We do track number of visitors without any retention of personal data.
When you send us an e-mail, we do gather the data you provide as contained in the
e-mail. Such data is available only on a limited basis, and only to those individuals
whose responsibilities include processing and responding to such e-mails.
We want you to understand how we protect your privacy. If you have any questions
about this notice, please contact us. When you write to us please include your name,
address, and policy number. Send your privacy questions to: Oxford Life Privacy
Officer, 2721 N. Central Ave., Phoenix, AZ 85004.