Privacy / HIPPA

Privacy / HIPPA

Ashley Privacy Notice (rev. 5/10/2016)

The Ashley Group is committed to preserving and respecting every individual’s right to privacy. Any information submitted to The Ashley Group whether through the website, faxed, mailed or otherwise is kept strictly confidential.

The Ashley Group collects unpublished personal information about our clients from applications or forms about insurance products and services as requested. Personal information is shared only in connection with processing insurance, claims and transactions and to maintain client accounts. When Ashley shares client information with other companies it is to assist with everyday business purposes and we expect them to follow all applicable privacy laws. Ashley does not authorize companies to use or share client information except as necessary for them to conduct the work we request of them and to meet insurance regulations or government requirements.

The Ashley Group reserves the right to use cookies to improve a user’s experience when accessing our website. To protect a user’s personal information from unauthorized access and use, we use security measures, such as computer safeguards and secured files that comply with federal law.

Links to other websites are made available on The Ashley Group website. Please be aware that The Ashley Group is not responsible for the privacy practices of those sites.

Your HIPAA Rights

Health Insurance Portability and Accountability Act (HIPAA)

Title II of the Health Insurance Portability and Accountability Act of 1996, as amended, and the regulations at 45 CFR Parts 160 through 164 (HIPAA) contain provisions governing the use and disclosure of Protected Health Information (PHI) by group health plans, and provide privacy rights to participants in those plans. This section provides an overview of those rights as they pertain to your health insurance benefits. You will receive a separate “Notice of Privacy Provisions” from the Insurer which contains additional information about how your individually identifiable health information is protected and who you should contact with questions or concerns.

HIPAA applies to group health plans. These plans are commonly referred to as “HIPAA Plans” and are administered to comply with the applicable provisions of HIPAA.

Protected Health Information (PHI) is information created or received by the HIPAA Plans that relates to an individual’s physical or mental health or condition, the provision of health care to an individual, or payment for the provision of health care to an individual. Typically, the information identifies the individual, the diagnosis, and the treatment or supplies used in the course of treatment. It includes information held or transmitted in any form or media, whether electronic, paper, or oral.

The Plan will comply with all privacy requirements defined in the HIPAA Privacy Policy and will use or disclose PHI only if the use or disclosure is permitted or required by HIPAA Regulations and any other applicable Federal, state, or local law.

The HIPAA Plans may disclose PHI to the Plan Sponsor only for limited purposes as defined in the HIPAA Privacy Rules. The Plan Sponsor agrees to use and disclose PHI only as permitted or required by HIPAA. PHI may be used or disclosed for Plan administration functions that the Plan Sponsor performs on behalf of the HIPAA Plans. Such functions include:

  • enrollment of eligible individuals;
  • eligibility determinations;
  • payment for coverage;
  • claim payment activities;
  • coordination of benefits; and
  • claim appeals.

If a Plan participant wants to exercise any of his or her rights concerning PHI, he or she should contact the specific Insurer involved with the PHI in question. The Insurer will advise the Plan participant of the procedures to be followed.

The Plan will require any agents, including subcontractors, to whom it provides PHI to agree to the same restrictions and conditions that apply to the Employer or Plan Sponsor with respect to such information. The Employer or Plan Sponsor will report to the Plan any use or disclosure of PHI it knows is other than as permitted by the Plan and HIPAA Regulations.

Any HIPAA Plan will maintain policies and procedures that govern the HIPAA Plan’s use and disclosure of PHI. These policies and procedures include provisions to restrict access solely to the previously listed positions/departments and only for the functions listed previously. The HIPAA Plan’s policies and procedures will also include a mechanism for resolving issues of noncompliance.

In accordance with the Health Breach Notification Rule (16 CFR Part 18), the Plan Sponsor agrees to notify both participants and the Federal Trade Commission of the use or disclosure of any PHI or electronic PHI provided for Plan Administration purposes that is inconsistent with the uses or disclosures provided for, or that represents a PHI Security Incident, of which the Plan Sponsor or any Business Associate of the Plan Sponsor becomes aware.