Privacy Policy
A Guide To How We Protect Personal Information
EBMS values the trust you have placed in us and we will continue to be dedicated to maintaining your trust and confidence in our products and services. This notice describes the privacy practices of EBMS and our commitment to protecting the privacy and security of your personal and protected health information.
To effectively administer claims, provide superior quality customer service and other services on behalf of your group health plan, it is necessary for EBMS to receive and/or disclose personal and protected health information. EBMS may disclose to employers, plan sponsors, health care providers, other group health plans, insurers, service providers and/or business associates. Such information may be made available through enrollment forms, medical claims, medical reports, coverage history and other sources and forms necessary to effectuate claim administration, treatment, payment and health care operations.
The information EBMS may receive and/or disclose may include your name, Social Security number, address, date of birth, telephone number, marital status, gender, dependent information, claim information and employment information. While this list is not exhaustive, it gives you an idea of the type of information we are referring to in this notice.
HIPAA Compliance
The Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), in part, establishes new standards for healthcare privacy and security. Although EBMS is not directly subject to HIPAA privacy and security requirements, we do receive protected health information (“PHI”) from, and on behalf of, our customer that are subject to HIPAA. EBMS is committed to protecting the privacy and security of personal and protected health information in a manner that is consistent with our customer’s legal obligations. EBMS has developed a privacy and security compliance program for our personnel that takes into account HIPAA privacy and security standards and reasonable practices in the healthcare industry.
Our Security Procedures
EBMS understands that storing and transmitting data in a secure manner is essential. EBMS stores your personal and protected health information using industry standard physical, technical and administrative safeguards to secure data against foreseeable risks, such as unauthorized use, access, disclosure, destruction and modification. Certain information containing personal and protected health information that is displayed or received via Internet Web browser technology is transmitted in a secured environment using 128-bit SSL encryption.
Our commitment to you
- We will safeguard, according to strict standards of security and confidentiality, any information shared with us. We will limit the collection and use of information to the minimum required to provide superior quality customer service.
- We will permit only authorized employees, who are trained in the proper handling of personal information, to have access to that information. We use physical, electronic, procedural and computer access controls.
- We will not share personal and protected health information for any purpose other than the administration and legal requirements of a group health plan.
- We may provide to you, upon a written request and as required by law, a record of certain disclosures made by EBMS.
- We will keep all personal and protected health information accurate to the best of our ability. You may write to EBMS requesting items of your personal information be changed if they are incorrect. EBMS will correct the inaccurate information if possible.
When We May Disclose Information
In order to effectively process claims, provide superior quality customer service and other services on behalf of our customers and their group health plan, it is necessary for EBMS to disclose your personal and protected health information. EBMS may make the following disclosures:
- We may disclose personal and protected health information to third parties with or without your written authorization.
- We may disclose personal and protected health information to business associates of your group health plan.
- We may disclose personal and protected health information to service providers.
- We may disclose personal and protected health information reasonably necessary to assist in detecting or preventing criminal activity, fraud, misrepresentation or nondisclosure in a health benefit or insurance transaction/function. We may disclose personal and protected health information to another person or entity in order to administer your group health plan or for purposes of allowing the other person or entity to administer a health benefit plan including, but not limited to, payment and health care operations.
- We may disclose personal and protected health information to a medical care institution, a medical professional, or to an individual to whom the information pertains.
- We may disclose personal and protected health information to an insurance regulatory authority, to an insurance commissioner, law enforcement or other governmental authority as required or permitted by law.
- We may disclose personal and protected and health information to comply with any law or legal process to which we are subject, including a facially valid administrative or judicial order, search warrant, subpoena or lawful discovery request.
- We may disclose personal and protected health information for the purpose of conducting an audit.
- We may disclose personal and protected health information to a professional peer review organization for the purpose of reviewing the service or conduct of a medical care institution or a medical care professional.
- We may disclose personal and protected health information to a person covered under a health benefit plan to provide information as to the status of a health benefit or insurance transaction/function.
- We may disclose personal and protected health information to a person or entity engaged to provide services to enable EBMS to perform a service, health benefit or claim administration function.
- We may disclose personal and protected health information to other non-affiliated third parties as permitted by law.
- We may disclose, at a future time, personal and protected health information not presently disclosed, but only as permitted by law.
In certain circumstances EBMS may be required by law to obtain from you separate, written authorization in order to disclose personal and protected health information.
Revisions and Contact Information
EBMS reserves the right to modify this Privacy Policy. It may be revised from time to time as we add new features and services, as laws change, and as the healthcare industry and privacy and security practices evolve. We display a date in the bottom left corner of this Privacy Policy so that it will be easier for you to know if changes have been made. We hope this notice has been helpful in explaining our Privacy Policy. For additional information about EBMS commitment to privacy, please contact us at 1-800-777-3575 or at EBMS, Attention: Privacy Officer, P.O. Box 21367, Billings, MT 59104-1367.
EFFECTIVE 4/01/2010
As part of the federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, the pharmacy has created this Notice of Privacy Practices (Notice). This Notice describes the pharmacy’s privacy practices and the rights you, the individual, have as they relate to the privacy of your Protected Health Information (PHI). Your PHI is information about you, or that could be used to identify you, as it relates to your past and present physical and mental healthcare services, payment for such services or you or your family members’ genetic information. The HIPAA regulations require that the pharmacy protect the privacy of your PHI that the pharmacy has received or created.
This pharmacy will abide by the terms presented within this Notice. For any uses or disclosures that are not listed below, the pharmacy will obtain a written authorization from you for that use or disclosure, which you will have the right to revoke at any time, as explained in more detail below. The pharmacy reserves the right to change the pharmacy’s privacy practices and this Notice. Revisions to the Notice will be posted in the pharmacy and upon your request, provided to you in a paper format.
The following is an accounting of the ways the pharmacy is permitted, by law, to use and disclose your PHI.
Uses and disclosures of PHI for Treatment: We will use the PHI we receive from you to fill your prescription and coordinate or manage your health care.
Uses and disclosures of PHI for Payment: The pharmacy will disclose your PHI to obtain payment or reimbursement from insurers for your health care services.
Uses and disclosures of PHI for Health Care Operations: The pharmacy may use the minimum necessary amount of your PHI to conduct quality assessments, improvement activities, and evaluate the pharmacy workforce.
The following is an accounting of additional ways in which the pharmacy is permitted or required to use or disclose PHI about you without your written authorization. All uses and disclosures will be to the minimum necessary amount of your PHI. Many of these uses and disclosures will never be made by the pharmacy; however, we are required by law to notify you of them as a health care provider.
Uses and disclosures as required by law: The pharmacy is required to use or disclose PHI about you as required and as limited by law.
Uses and disclosure for Public Health Activities: The pharmacy may use or disclose PHI about you to a public health authority that is authorized by law to collect for the purpose of preventing or controlling disease, injury, or disability. This includes the FDA so that it may monitor any adverse effects of drugs, foods, nutritional supplements and other products as required by law.
Uses and disclosure about victims of abuse, neglect or domestic violence: The pharmacy may use or disclose PHI about you to a government authority if it is reasonably believed you are a victim of abuse, neglect or domestic violence.
Uses and disclosures for health oversight activities: The pharmacy may use or disclose PHI about you to a health oversight agency for oversight activities which may include audits, investigations, inspections as necessary for licensure, compliance with civil laws, or other activities the health oversight agency is authorized by law to conduct.
Disclosures for judicial and administrative proceedings: The pharmacy may disclose PHI about you in the course of any judicial or administrative proceedings, provided that proper documentation is presented to the pharmacy.
Disclosures for law enforcement purposes: The pharmacy may disclose PHI about you to law enforcement officials for authorized purposes as required by law or in response to a court order or subpoena.
Uses and disclosures about the deceased: The pharmacy may disclose PHI about a deceased, or prior to, and in reasonable anticipation of an individual’s death, to coroners, medical examiners, and funeral directors.
Uses and disclosures for cadaveric organ, eye or tissue donation purposes: The pharmacy may use and disclose PHI for the purpose of procurement, banking, or transplantation of cadaveric organs, eyes, or tissues for donation purposes.
Uses and disclosures for research purposes: The pharmacy may use and disclose PHI about you for research purposes with a valid waiver of authorization approved by an institutional review board or a privacy board. Otherwise, the pharmacy will request a signed authorization by the individual for all other research purposes.
Uses and disclosures to avert a serious threat to health or safety: The pharmacy may use or disclose PHI about you, if it believed in good faith, and is consistent with any applicable law and standards of ethical conduct, to avert a serious threat to health or safety.
Uses and disclosures for specialized government functions: The pharmacy may use or disclose PHI about you for specialized government functions including; military and veteran’s activities, national security and intelligence, protective services, department of state functions, and correctional institutions and law enforcement custodial situations.
Disclosure for workers’ compensation: The pharmacy may disclose PHI about you as authorized by and to the extent necessary to comply with workers’ compensation laws or programs established by law.
Disclosures for disaster relief purposes: The pharmacy may disclose PHI about you as authorized by law to a public or private entity to assist in disaster relief efforts.
Disclosures to business associates: The pharmacy may disclose PHI about you to the pharmacy’s business associates for services that they may provide to or for the pharmacy to assist the pharmacy to provide quality health care. To ensure the privacy of your PHI, we require all business associates to apply appropriate safeguards to any PHI they receive or create.
The pharmacy may contact you for the following purposes:
Refill reminders: The pharmacy may contact you to remind you of your prescription upon such time they are ready to be refilled.
Information about treatment alternatives: The pharmacy may contact you to notify you of alternative treatments and/or products.
Health related benefits or services: The pharmacy may use your PHI to notify you of benefits and services the pharmacy provides.
The pharmacy will obtain a written authorization from you for all other uses and disclosures of PHI, and the pharmacy will only use or disclose pursuant to such an authorization. The pharmacy is prohibit from selling your PHI. In addition, you may revoke such an authorization in writing at any time. To revoke a previously authorized use or disclosure, please contact HIPAA Privacy Officer to obtain a Request for Restriction of Uses and Disclosures.
The following are a list of your rights with respect to your PHI.
Request restrictions on certain uses and disclosures of your PHI: You have the right to request additional restrictions of the pharmacy’s uses and disclosures of your PHI; however, the pharmacy is not required to accommodate a request. If you wish to request additional restrictions, please obtain the form, Request for Restriction of Uses & Disclosures, from the pharmacy and return the completed form to the pharmacy or return to the HIPAA Privacy Officer.
The right to have your PHI communicated to you by alternate means or locations: You have the right to request that the pharmacy communicate confidentially with you using an address or phone number other than your residence. However, state and federal laws require the pharmacy to have an accurate address and home phone number in case of emergencies. The pharmacy will consider all reasonable requests. If you wish to request a change in your communicating address and/or phone number, please obtain a form, Request for Alternative Arrangements for Confidential Communication, from the pharmacy and return the completed form to the pharmacy or return to the HIPAA Privacy Officer.
The right to inspect and/or obtain a copy your PHI: You have the right to request access and/or obtain a copy (paper or electronic) of your PHI that is contained in the pharmacy for the duration the pharmacy maintains PHI about you. If you wish to inspect or obtain a copy of your PHI, please obtain a form, Request for Access to Records, from the pharmacy and return the completed form to the pharmacy or return to the HIPAA Privacy Officer. There may be a reasonable cost-based charge for providing access to PHI.
You will be notified in advance of incurring such charges, if any.
The right to amend your PHI: You have the right to request an amendment of the PHI the pharmacy maintains about you, if you feel that the PHI the pharmacy has maintained about you is incorrect or otherwise incomplete. Under certain circumstances we may deny your request for amendment. If we do deny the request, you will have the right to have the denial reviewed by someone we designate who was not involved in the initial review. You may also ask the Secretary, United States Department of Health and Human Services (“HHS”), or their appropriate designee, to review such a denial. If you wish to amend your PHI files, please obtain a form, Request for Amendment to PHI, from the pharmacy and return the completed form to the pharmacy or return to the HIPAA Privacy Officer.
The right to receive an accounting of disclosures of your PHI: You have the right to receive an accounting of certain disclosures of your PHI made by the pharmacy. If you wish to receive an accounting of disclosures of your PHI, please obtain a form, Request for Accounting of Disclosures, from the pharmacy and return the completed form to the pharmacy or return to the HIPAA Privacy Officer. You should be aware; however, that such an accounting excludes uses and disclosures made for treatment, payment, or health care operations purposes.
The right to be notified of a Breach of your unsecured PHI: A “breach” is defined as the “unauthorized acquisition, access, use or disclosure of PHI in a manner which compromises the security or privacy of such information” and which poses “a significant risk of financial, reputational, or other harm to the individual.” If the clinic determines that a probability exists that your PHI may have been compromised, you will receive a notification by first-class mail regarding the breach at least sixty (60) days after the breach was discovered.
The right to receive additional copies of the Pharmacy’s Notice of Privacy Practices: You have the right to receive additional paper copies of this Notice, upon request, even if you initially agreed to receive the Notice electronically. If you wish to receive a paper copy of this request, please ask a pharmacy workforce member and they will provide you with a copy.
The pharmacy reserves the right to change and/or revise this Notice and make the new revised version applicable to all PHI received prior to its effective date. The revised Notice will be available, upon request, to all individuals. The pharmacy will also post the revised version of the Notice in the pharmacy.
If you believe your privacy rights have been violated, you may file a complaint with the pharmacy and/or to the Secretary of HHS, or his designee. If you wish to file a complaint with the pharmacy, please contact the HIPAA Privacy Officer. If you wish to file a complaint with the Secretary, please write to:
The U.S. Department of Health and Human Services
Office of the Inspector General
200 Independence Ave, S.W.
Washington, D.C. 20201
The pharmacy will not take any adverse action against you as a result of your filing of a complaint.
If you have any questions on the pharmacy’s privacy practices or for clarification on anything contained within the Notice, please contact:
miRx, LLC
Stacey L. Loucks
HIPAA Privacy Officer
PO BOX 21669
Billings, MT 59104
(406) 245-3575, EXT. 1175
(800) 777-3575
EFFECTIVE 10/01/2012
As part of the federal Health Insurance Portability and Accountability Act of 1996, known as HIPAA, the clinic has created this Notice of Privacy Practices (Notice). This Notice describes the clinic’s privacy practices and the rights you, the individual, have as they relate to the privacy of your Protected Health Information (PHI). Your PHI is information about you, or that could be used to identify you, as it relates to your past and present physical and mental health care services, payment for such services or you or your family members’ genetic information. The HIPAA regulations require that the clinic protect the privacy of your PHI that the clinic has received or created.
This clinic will abide by the terms presented within this Notice. For any uses or disclosures that are not listed below, the clinic will obtain a written authorization from you for that use or disclosure, which you will have the right to revoke at any time, as explained in more detail below. The clinic reserves the right to change its’ privacy practices and this Notice. Revisions to the Notice will be available in the clinic and provided to you in a paper format, upon your request.
The following is an accounting of the ways the clinic is permitted, by law, to use and disclose your PHI.
Uses and disclosures of PHI for Treatment: We will use the PHI we receive from you to provide medical treatment and coordinate or manage your health care.
Uses and disclosures of PHI for Payment: The clinic will disclose your PHI to your group health plan.
Uses and disclosures of PHI for Health Care Operations: The clinic may use the minimum necessary amount of your PHI to conduct quality assessments, improvement activities, and evaluate the clinic workforce.
The following is an accounting of additional ways in which the clinic is permitted or required to use or disclose PHI about you without your written authorization. All uses and disclosures will be to the minimum necessary amount of your PHI. Many of these uses and disclosures will never be made by the clinic; however, we are required by law to notify you of them as a health care provider.
Uses and disclosures as required by law: The clinic is required to use or disclose PHI about you as required and as limited by law.
Uses and disclosure for Public Health Activities: The clinic may use or disclose PHI about you to a public health authority that is authorized by law to collect for the purpose of preventing or controlling disease, injury, or disability. This includes the FDA so that it may monitor any adverse effects of drugs, foods, nutritional supplements and other products as required by law.
Uses and disclosure about victims of abuse, neglect or domestic violence: The clinic may use or disclose PHI about you to a government authority if it is reasonably believed you are a victim of abuse, neglect or domestic violence.
Uses and disclosures for health oversight activities: The clinic may use or disclose PHI about you to a health oversight agency for oversight activities which may include audits, investigations, inspections as necessary for licensure, compliance with civil laws, or other activities the health oversight agency is authorized by law to conduct.
Disclosures for judicial and administrative proceedings: The clinic may disclose PHI about you in the course of any judicial or administrative proceedings, provided that proper documentation is presented to the clinic.
Disclosures for law enforcement purposes: The clinic may disclose PHI about you to law enforcement officials for authorized purposes as required by law or in response to a court order or subpoena.
Uses and disclosures about the deceased: The clinic may disclose PHI about a deceased, or prior to, and in reasonable anticipation of an individual’s death, to coroners, medical examiners, and funeral directors.
Uses and disclosures for cadaveric organ, eye or tissue donation purposes: The clinic may use and disclose PHI for the purpose of procurement, banking, or transplantation of cadaveric organs, eyes, or tissues for donation purposes.
Uses and disclosures for research purposes: The clinic may use and disclose PHI about you for research purposes with a valid waiver of authorization approved by an institutional review board or a privacy board. Otherwise, the clinic will request a signed authorization by the individual for all other research purposes.
Uses and disclosures to avert a serious threat to health or safety: The clinic may use or disclose PHI about you, if it believes in good faith, and is consistent with any applicable law and standards of ethical conduct, to avert a serious threat to health or safety.
Uses and disclosures for specialized government functions: The clinic may use or disclose PHI about you for specialized government functions including; military and veteran’s activities, national security and intelligence, protective services, department of state functions, and correctional institutions and law enforcement custodial situations.
Disclosure for workers’ compensation: The clinic may disclose PHI about you as authorized by and to the extent necessary to comply with workers’ compensation laws or programs established by law.
Disclosures for disaster relief purposes: The clinic may disclose PHI about you as authorized by law to a public or private entity to assist in disaster relief efforts.
Disclosures to business associates: The clinic may disclose PHI about you to the clinic’s business associates for services that they may provide to or for the clinic to assist the clinic to provide quality health care. To ensure the privacy of your PHI, we require all business associates to apply appropriate safeguards to any PHI they receive or create.
The clinic may contact you for the following purposes:
Appointment reminders: The clinic may contact you to remind you of your appointment for treatment or medical care at the clinic.
Information about treatment alternatives: The clinic may contact you to notify you of alternative treatments and/or products.
Health related benefits or services: The clinic may use your PHI to notify you of benefits and services the clinic provides.
Individuals Involved In Your Care: Unless you object, the clinic may disclose to a family member, other relative, or a close personal friend, or any other person you identify, PHI directly relevant to that person’s involvement with your care. The clinic will also disclose PHI to an individual if it can reasonably infer from the circumstances, based on the exercise of professional judgment that you do not object to the disclosure.
Electronic Medical Record (EMR): The EMR helps physicians, specialists and hospitals know a patient’s entire health history, drugs that have been prescribed and test results. To improve overall quality, safety and cost of care, the clinic may disclose information held in the EMR to other health care providers or Business Associates of the clinic.
The clinic will obtain a written authorization from you for all other uses and disclosures of PHI, and the clinic will only use or disclose pursuant to such an authorization. The clinic is prohibited from selling your PHI. In addition, you may revoke such an authorization in writing at any time. To revoke a previously authorized use or disclosure, please contact HIPAA Privacy Officer to obtain a Request for Restriction of Uses and Disclosures.
The following are a list of your rights with respect to your PHI.
Request restrictions on certain uses and disclosures of your PHI: You have the right to request additional restrictions of the clinic’s uses and disclosures of your PHI; however, the clinic is not required to accommodate a request. If you wish to request additional restrictions, please obtain the form, Request for Restriction of Uses & Disclosures, from the clinic and return the completed form to the clinic or return to the HIPAA Privacy Officer.
The right to have your PHI communicated to you by alternate means or locations: You have the right to request that the clinic communicate confidentially with you using an address or phone number other than your residence. However, state and federal laws require the clinic to have an accurate address and home phone number in case of emergencies. The clinic will consider all reasonable requests. If you wish to request a change in your communicating address and/or phone number, please obtain a form, Request for Alternative Arrangements for Confidential Communication, from the clinic and return the completed form to the clinic or return to the HIPAA Privacy Officer.
The right to inspect and/or obtain a copy your PHI: You have the right to request access and/or obtain a copy (paper or electronic) of your PHI that is contained in the clinic for the duration the clinic maintains PHI about you. If you wish to inspect or obtain a copy of your PHI, please obtain a form, Request for Access to Records, from the clinic and return the completed form to the clinic or return to the HIPAA Privacy Officer. There may be a reasonable cost-based charge for providing access to PHI. You will be notified in advance of incurring such charges, if any.
The right to amend your PHI: You have the right to request an amendment of the PHI the clinic maintains about you, if you feel that the PHI the clinic has maintained about you is incorrect or otherwise incomplete. Under certain circumstances we may deny your request for amendment. If we do deny the request, you will have the right to have the denial reviewed by someone we designate who was not involved in the initial review. You may also ask the Secretary, United States Department of Health and Human Services (“HHS”), or their appropriate designee, to review such a denial. If you wish to amend your PHI files, please obtain a form, Request for Amendment to PHI, from the clinic and return the completed form to the clinic or return to the HIPAA Privacy Officer.
The right to receive an accounting of disclosures of your PHI: You have the right to receive an accounting of certain disclosures of your PHI made by the clinic. If you wish to receive an accounting of disclosures of your PHI, please obtain a form, Request for Accounting of Disclosures, from the clinic and return the completed form to the clinic or return to the HIPAA Privacy Officer. You should be aware; however, that such an accounting excludes uses and disclosures made for treatment, payment, or health care operations purposes.
The right to be notified of a Breach of your unsecured PHI: A “breach” is defined as the “unauthorized acquisition, access, use or disclosure of PHI in a manner which compromises the security or privacy of such information” and which poses “a significant risk of financial, reputational, or other harm to the individual.” If the clinic determines that a probability exists that your PHI may have been compromised, you will receive a notification by first-class mail regarding the breach at least sixty (60) days after the breach was discovered.
The right to receive additional copies of the Clinic’s Notice of Privacy Practices: You have the right to receive additional paper copies of this Notice, upon request, even if you initially agreed to receive the Notice electronically. If you wish to receive a paper copy of this request, please ask a clinic workforce member and they will provide you with a copy.
The clinic reserves the right to change and/or revise this Notice and make the new revised version applicable to all PHI received prior to its effective date. The revised Notice will be available, upon request, to all individuals. The clinic will also post the revised version of the Notice in the clinic.
If you believe your privacy rights have been violated, you may file a complaint with the clinic and/or to the Secretary of HHS, or his designee. If you wish to file a complaint with the clinic, please contact the HIPAA Privacy Officer. If you wish to file a complaint with the Secretary, please write to:
The U.S. Department of Health and Human Services
Office of the Inspector General
200 Independence Ave, S.W.
Washington, D.C. 20201
The clinic will not take any adverse action against you as a result of your filing of a complaint.
If you have any questions on the clinic’s privacy practices or for clarification on anything contained within the Notice, please contact:
miCare LLC
Stacey L. Loucks
HIPAA Privacy Officer
3333 Hesper Road
Billings, MT 59102
(406) 245-3575, EXT. 1175
(800) 777-3575