Unity has policies and procedures designed to protect the confidentiality of member information. Unity's Confidentiality Committee sets standards for Unity employees as well as external parties, such as practitioners, providers and vendors. Unity has a Privacy Official who monitors adherence to our policies. We also have a Confidentiality Committee that is charged with:
HIPAA requires Unity to safeguard the confidentiality of personally identifiable member information. Our policies and procedures establish requirements for the proper handling of records used to administer our health benefit plans. When responding to a request for information, Unity releases only the minimum necessary information to respond to the request. (Note that the "minimum necessary" requirement does not apply to information we disclose to health care practitioners and providers.)
Authorization for release of information
In cases where Unity needs to obtain or disclose member information for purposes other than treatment, payment or health care operations, the member is asked to sign an authorization form that gives permission to release the information. An authorization must be obtained under the following circumstances:
If a member is unable to provide authorization, Unity requires a valid court order or other written proof of legal authority prior to releasing information.
Member access to medical records
Unity does not maintain original medical records. We advise members to contact their practitioner's office or other health care provider, such as a hospital, to obtain medical records. Members must follow the practitioner or provider's procedures for accessing medical information. Family members or other individuals may access medical information only when the member gives written consent (except in limited circumstances when the member is unable to provide consent).
Disclosure of information to employers
Unity provides certain types of information to employers as part of standard health care operations. Disclosure to employers is limited to the information the employer needs to administer the health plan. However, employers do not have access to implicitly or explicitly personally identifiable member information without specific member consent.
Employers must agree not to use the information to make employment-related decisions (for example, promotion, hiring, lay-off) or to administer other benefit plans (for example, life and disability plans). The employer must identify persons or positions that may have access to the information and must ensure there are measures in place to prevent unauthorized access.
Practitioners and providers are also governed by HIPAA and are expected to implement confidentiality policies and procedures to address the disclosure of medical information, patient access to medical information, and the storage and protection of medical information. Unity reviews practitioner confidentiality processses during pre-contractual site visits for primary care physicians and certain specialty care physicians.
Data for quality improvement measures is collected from claims, pharmacy and member medical records. Unity protects this confidential information by reviewing records in non-public areas and excluding member identifiable information from written reports.