This notice describes how medical information about a protected party may be usedand disclosed and how you can get access to this information. Please review carefully.This policy was last updated March 2022
This provides notice of the privacy practices and policies of McKnight Advisory Group, Inc.. These protections have been adopted to ensure that the information that we obtain and maintain for our current, past and potential clients and customers, which may also include information about the employees, dependents, former employees and dependents, and other eligible participants on a group health plan for which we are providing services (“Protected Parties”), is protected in accordance with relevant state and federal rules. The Notice outlines our practices, policies, and legal duties to maintain and protect against prohibited disclosure of personally-identifiable financial information (as required by the federal Gramm-Leach-Bliley Financial Modernization Act (“GLB Act”), and the various state laws implementing those requirements), Protected Health Information of those Protected Parties (under the privacy regulations mandated by the Health Insurance Portability and Accountability Act and further expanded by the Health Information Technology for Economic and Clinical Health Act provisions in Title XIII of the American Recovery and Reinvestment Act (“HITECH”), the HIPAA Omnibus ruling of 2013, and the regulations related to these laws and mandates), and the protection of personally-identifiable information under 45 CFR § 155.260 (collectively referred herein as “Privacy Rules”).
Statement of Our Duties
We are required by law to maintain the privacy of non-public personal information (“NPPI”), protected health information (“PHI”), and personally-identifiable information (“PII”) (collectively referred herein as “Protected Information”) of the Protected Parties and to provide our clients with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice. We reserve the right to change the terms of this notice and to adopt any new provisions regarding the Protected Information that we maintain about the Protected Parties. If we revise this notice, we will provide each client or customer with whom there is a current and direct business relationship with a revised notice by mail, electronic mail or any other electronic means, telefacsimile or fax, hand-delivery, posting on our website and or attaching to our email signatures. Applicable law and our practices change over time. We strongly encourage you to read our policy and regularly check for any changes.
Statement of the Clients Rights Under Privacy Rules
As our client or customer, you have a right to know how we may use or disclose the Protected Information we maintain on those Protected Parties with whom there is a direct relationship. In the event that our customer or client is an employer sponsoring a group health plan, we do not have a direct duty to their employees, dependents, former employees or dependents or other eligible participants on the group health plan. Our obligations to not disclose the Protected Information we maintain about those individuals may arise due to our contractual obligations as a Business Associate of the client or customer, as well as to any other third party who is a Covered Entity under the Privacy Rules but does not create a special legal duty to provide notice to those individuals of their rights through a Privacy Notice.
1. Primary Uses and Disclosures of Protected Information: We use and disclose Protected Information about Protected Parties for payment and health care operations. Privacy Rule does not generally “preempt” (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the Privacy Rules, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of the Protected Information concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing, or reproductive rights.
In addition to these law requirements, we also may use or disclose Protected Information in the following situations:
1. Payment: We might use and disclose your Protected Information for all activities that are included within the definition of “payment” within the Privacy Rules. For example, we might use and disclose a Protected Party’s Protected Information to assist with the payment of claims for services provided to that Protected Party by doctors, hospitals, pharmacies and others for services that are covered by a group health plan. We might also use your information to determine your eligibility for benefits, to coordinate benefits, to examine medical necessity, to obtain premiums, and to issue explanations of benefits to the person who subscribes to the health plan in which you participate.
For all other uses and disclosures, we first must obtain your permission.
In addition, you have the following rights:
Information We Collect About You
We collect the following categories of information for group and/or individual policies from the following sources:
Permissible Uses and Disclosures of Protected Information
We disclose the information we receive regarding current or prospective plan participants only in accordance with the terms and conditions of the various Business Associate contracts we have entered to with Covered Entities under Privacy Rules and as permitted under state and federal laws concerning the privacy of your insurance and financial information. Those include:
Permissible Uses and Disclosures
You may complain either directly to us or to the Secretary of Health and Human Services if you believe that your rights with respect to our protection of your health information have been violated. To file a complaint with us, you may send a written statement outlining your complaint, the facts and circumstances surrounding your complaint, including the names, dates and as many details as possible. You will not be retaliated against in any way for filing a complaint.
Our Confidentiality and Security Practices
We restrict access to Protected Information about you to those employees and its subcontractors who need to know that information in order to provide products and services to you in furtherance of your engagement of McKnight Advisory Group, Inc.. We maintain physical, electronic, and procedural safeguards that comply with state & federal regulations to guard your Protected Information. However, we cannot guarantee that unauthorized persons will always be unable to defeat our security measures.
We are required by law to maintain the privacy of Protected Information and to provide individuals with notice of its legal duties and privacy practices with respect to Protected Information. If unsecured Protected Information is acquired, used or disclosed in a manner that is not permitted under the Privacy Rules that compromises the security or privacy of that Protected Information, (referred to as a “Breach”), We are required to provide appropriate Notice as defined by law without unreasonable delay and in no case later than 60 days after the discovery of the Breach or the receipt of information of the Breach. We may delegate this duty to a subcontractor. We are required to abide by the terms of the Notice that is currently in effect. We will provide a paper copy of this Notice to you upon your request.
Our Policy Regarding Dispute Resolution
Revisions to this Notice
We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all Protected Information we maintain, regardless of whether the Protected Information was created or received prior to issuing the revised Notice. Whenever there is a material change to our use and disclosure of Protected Information, individual rights, our duties, or other privacy practices stated in this Notice, we will promptly revise and distribute the new Notice. We will also post on our web site, have available at our current office and attach to our email signatures. We strongly encourage you to read our policy and regularly check for any changes. This policy was last modified in March of 2022.
Contact person for filing complaint or obtaining other information:
If you believe your privacy rights have been violated, you may file a written complaint with our Privacy Officer at the following address:
Privacy Officer1800 S. Rutherford Blvd, Suite 202Murfreesboro, Tennessee email@example.com(615) 895-8574