HIPAA & PHI Notice

Your Information. Your Rights. Our Responsibilities.

Your rights under the Health Insurance Portability & Accountability Act of 1996 (HIPAA)

Revised July 2018

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

For questions or concerns, please reach out to:

Pam Stout

PO Box 9584

Fayetteville, AR 72703


Your Information

Redline Health is committed to protecting the privacy of your health information. In conducting our business, we will create records regarding you and the services we provide to you.

Who is bound by this notice?

  • Redline Health, LLC
  • All employees, staff, agents, business associates, and other facility personnel. In general, a business associate is a person or organization, other than a member or a covered entity’s workforce, that performs certain functions or activities on behalf of, or provides certain services to, a covered entity that involve the use of disclosure of individually identifiable health information. A covered entity may not contractually authorize its business associate to make any use or disclosure of protected health information that would violate the Rule.
  • All entities within the facility’s system, for quotes, policy details, and payment information.

Who is Covered by the Privacy Rule?

Individual and group health plans that provide or pay the cost of medical care and covered entities. Health plans include health, dental, vision, and prescription drug coverage(s), health maintenance organizations (HMO’s), Medicare, Medicaid, Medicare Advantage and Medicare Supplement insurers. Health plans also include employer-sponsored group health plans, church-sponsored health plans, and multi-employer health plans.

What information is protected?

  • The Privacy Rule protects all “individually identifiable health information” held or transmitted by a covered entity or its business associate, in any form or media, whether electronic, paper, or oral. The Privacy Rule calls this information “protected health information (PHI).”
  • “Individually identifiable health information” is information, including demographic data, and that identifies the individual.
  • Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security number).

Uses and Disclosures of Your PHI

  • Redline Health and its business associates may use or disclose PHI for activities related to treatment, payment and health care operations. As described in the next section entitled “Your Privacy Rights”, you have the right to request a restriction on the use and disclosure of your PHI for treatment, payment or health care operations purposes. Since we are not a health care provider, we do not engage in treatment of individuals and, accordingly, we will not share your information for such purposes. Examples of activities related to payment include payment of health care claims or collection of premiums. Examples of activities related to health care operations include quality assessment and improvement, underwriting, audit services, legal services, data aggregation, business planning and development, administrative activities related to compliance, customer services, fraud and abuse prevention and detection, and complaint resolution.
  • We may disclose PHI to a family member, guardian, executor, administrator or other person identified by you and authorized by law to act on your behalf with respect to health care. When disclosing information to such a person, we will take appropriate steps to verify the identity of such person.
  • We may disclose PHI to an employer-sponsor of a group health plan, if applicable, provided that any such plan sponsor certifies: (a) that the information provided will be maintained in a confidential manner and shall not be used for employment related decisions or for other employee benefit determinations or in any other manner not permitted by law; and (b) that the plan documents contain provisions concerning restrictions on how the plan sponsor may use or further disclose PHI.
  • Covered entities may disclose PHI as authorized by, and to comply with, worker’s compensation laws and other similar programs providing benefits for work-related injuries or illnesses.

Your Rights

When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.

Get a copy of health and claims records

  • You can ask to see or get a copy of your health and claims records and other health information we have about you. Ask us how to do this.
  • We will provide a copy or a summary of your health and claims records, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct health and claims records

  • You can ask us to correct your health and claims records if you think they are incorrect or incomplete. Ask us how to do this.
  • We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

  • You can ask us to contact you in a specific way (for example, home or office phone) or to send mail to a different address.
  • We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.

Ask us to limit what we use or share

  • You can ask us not to use or share certain health information for treatment, payment, or our operations.
  • We are not required to agree to your request, and we may say “no” if it would affect your care.

Get a list of those with whom we’ve shared information

  • You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.
  • We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

  • If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.
  • We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

  • You can complain if you feel we have violated your rights by contacting us using the information at the top of the page.
  • You can file a complaint with the Arkansas Department of Insurance by sending a letter to Consumer Services Division, 1200 West Third St, Little Rock, AR 72201, calling (800) 852-5494 or (501) 371-2640, or visiting https://www.insurance.arkansas.gov/pages/consumer-services/consumer-services/file-a-complaint/.
  • You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting hhs.gov/ocr/privacy/hipaa/complaints/.
  • We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

  • Share information with your family, close friends, or others involved in payment for your care
  • Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:

  • Marketing purposes
  • Sale of your information

Our Responsibilities

  • We are required by law to maintain the privacy and security of your protected health information.
  • We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
  • We must follow the duties and privacy practices described in this notice and give you a copy of it.
  • We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.