Notice of Health Plans Portability and Privacy Practices
Effective April 14, 2003

This notice describes how your medical information may be used and disclosed and how to obtain access to this information. Please review it carefully. This notice applies only to UPS-sponsored health plans. If you participate in an insured benefit, such as an HMO, you will receive a separate notice directly from the insurer.

Introduction
UPS understands that medical information is personal. A federal law, the Health Insurance Portability and Accountability Act (HIPAA), requires that health plans and health care providers protect the privacy of certain medical information. This notice covers the medical information practices of the UPS-sponsored group health plans (the “Plans”).*

 *The Plans consist of the UPS-sponsored medical, dental, vision, prescription drug, tax-free reimbursement account and employee assistance program coverage extended to certain active, disabled, former and retired employees of UPS and their family members.

This notice is intended to inform you of your rights under the privacy provisions of HIPAA and the HIPAA obligations imposed on the UPS-sponsored Plans.

If you have general questions about your medical claims information maintained by the Plans, call or write to the privacy contact for your benefit(s), listed on page 5 of this notice. For questions about plan eligibility or claims appeal information maintained by the UPS plans, contact the UPS HIPAA Privacy Manager at the number listed on page 5 of this notice. Do not contact the UPS HIPAA Privacy Manager for questions about an insured benefit or a plan not sponsored by UPS.

Only identifiable health information that is created or received by or on behalf of the Plans is protected by HIPAA. This health information is called “protected health information” (PHI). Health information that UPS receives about you as an employer is not PHI and is not protected by HIPAA or covered by this Notice. Thus, your sick leave records, FMLA leave information, drug testing results, Workers’ Compensation files, disability, life insurance, and OSHA records are not PHI and not covered by this notice. If you have questions about such employment information, do not contact the Plans or the UPS HIPAA Privacy Manager.

It is necessary for certain third parties to assist the Plans in administering your health benefits under the Plan (see page 5 of this notice for a full list of the Plans’ third-party administrators). These entities keep and use most of the PHI maintained by or on behalf of the Plans such as information about your health condition, the health care services you receive, and the payments for such services. They use your PHI to process your benefit claims and to provide other services necessary to plan administration. In addition, the Plans may disclose your PHI to them as necessary for plan administration. They are contractually required to use the same privacy protections as the Plans.

Certain employees of UPS are also responsible for providing certain necessary Plan administration services. These employees must and do have access to your PHI in order to provide these services. UPS has identified these employees in the applicable plan document or an amendment to the Plan. Only those employees who are responsible for health plan administration are able to access your PHI and only as necessary to perform payment functions and/or health care operations of the plan.
Remember, the Plans do not maintain all of your medical information. Your health care providers (doctors and hospitals) also maintain some of your information. You should ask your health care providers directly if you have questions about medical information they maintain.

How the Plans May Use and Disclose your PHI
This section describes how the Plans use and disclose medical information to administer benefits under the Plans. Please note that this notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures.

Primary uses and disclosures of PHI

• The Plans may disclose your PHI so that your doctors, dentists, pharmacies, hospitals and other health care providers may provide you with medical treatment.
• The Plans also may send your health care information to doctors for patient safety or other treatment-related reasons.
• The Plans may use and disclose your PHI to facilitate payment of benefits under the Plans; including determining eligibility for benefits, calculating your benefits under the Plans, paying your health care providers for treating you, calculating your co-pays and coinsurance amounts, deciding claims appeals and inquiries, and/or coordinating coverage. For example, the Plans may disclose information about your medical history to a physician (including your physician) to determine whether a particular treatment is experimental, investigational, or medically necessary or to decide if the Plans will cover the treatment.
• The Plans may also share your PHI with a utilization review or pre-certification service provider. Likewise, the Plans may share medical information with another entity to coordinate payment of your benefits (e.g., under your spouse’s plan). The Plans will also share your information to assist with subrogation of your claims.
• The Plans may use and disclose your PHI for additional related health care operations necessary to operate the Plans. For example, the Plans may use PHI in connection with: underwriting and soliciting bids from potential insurance carriers; merger and acquisition activities; setting premiums; deciding employee premium contributions; submitting claims to the Plans’ stop-loss (or excess loss) carrier; conducting or arranging for medical review; legal services; audit services; and fraud and abuse detection programs.
• The Plans may use your PHI for administrative activities such as business planning and development, cost management, business management and quality assessment and improvement activities.
• The Plans may use your PHI to contact you or give you information about treatment alternatives or other health-related benefits and services that may be of interest to you.

Other uses and disclosures of PHI

• The Plans are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services if the Secretary is investigating or determining compliance with HIPAA.
• The Plans will disclose PHI about you when required to do so by federal, state or local law.
• The Plans may release your PHI for Workers' Compensation or similar programs.
• The Plans may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or the health and safety of the public or another person.
• If you are an organ donor, the Plans may release your PHI to organizations that handle organ procurement or organ, eye or tissue transplantation or to an organ donation bank, as necessary to facilitate organ or tissue donation and transplantation.
• If you are a member of the armed forces, the Plans may release your PHI as required by military command authorities.
• The Plans may disclose your PHI for certain public health activities including but not limited to:
  
  
  • Disclosure to a public health authority that is authorized by law to collect or receive information for the purpose of preventing or controlling disease and conducting public health surveillance and public health investigations;
  • Disclosure to a person who has responsibility to the FDA regarding the quality, safety, or effectiveness of an FDA-regulated product or activity; and
  • Disclosure to a person who may have been exposed to a communicable disease or who may be otherwise at risk of contracting or spreading a disease or condition, if the covered entity is authorized by law to notify such person

• If the Plans reasonably believe that you or a child has been the victim, of domestic or child abuse or neglect, the Plans may disclose PHI to certain entities authorized by law to receive such information provided certain conditions are satisfied (in most cases your agreement is necessary unless you are incapacitated or the Plans reasonably believe that disclosure is necessary to prevent harm or threat to life).
• The Plans may disclose your PHI to a health oversight agency for activities authorized by law (for example, audits, investigations, inspections, and licensure).
• If you are involved in a lawsuit or a dispute, the Plans may disclose your PHI in response to a court or administrative order.
• The Plans may also disclose your PHI in response to a subpoena, discovery request, or other lawful process provided that, if the Plans are not a party to the litigation, good faith attempts have been made to tell you about the request or to obtain an order protecting the information requested. (See 164.512(e))
• The Plans may release your PHI if asked to do so by a law enforcement official in certain instances.
• The Plans may disclose PHI to a coroner or medical examiner for purposes of identifying a deceased person, determining the cause of death, or other duties as authorized by law.
• The Plans may disclose your PHI to authorized federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
• If you are an inmate of a correctional institution or under the custody of a law enforcement official, the Plans may release your PHI to the correctional institution or law enforcement official.
• Using its best judgment, the Plans may disclose your PHI to a family member, other relative, close friend or other personal representative. Such a use will be based on how involved the person is in your care or payment that relates to that care. [This usage requires that the individual have an opportunity to agree or object. See 164.5 10(b)(i)]
• The Plans may release claims payment information to spouses, parents, or guardians, unless you specifically object in writing to the Privacy Manager identified in the Notice.

Other uses and disclosures of your PHI that are not described above will be made only with your written authorization. If you authorize the Plans to use or disclose your PHI, you may revoke the authorization at any time in writing. However, your revocation will only stop future uses and disclosures that are made after the Plans receive your revocation. It will not have any effect on the prior uses and disclosures of your PHI.

The privacy laws of a particular state or other federal laws might impose a stricter privacy standard. If these stricter laws apply, the Plans will comply with the stricter law to the extent not otherwise preempted.

Your Rights Regarding PHI

• You have the following rights regarding PHI the Plans have about you:
• You have the right to inspect and copy your PHI that may be used to make decisions about your benefits. To inspect and copy your PHI that may be used to make decisions about you, you must submit your request in writing to the appropriate privacy contact listed on page 5. If you request a copy of this information, the Plans may charge a fee for the costs of copying, mailing or other supplies associated with your request.
• The Plans may deny your request to inspect and copy your PHI in certain very limited circumstances. HIPAA provides several important exceptions to your right to access your PHI. For example, you will not be permitted to access psychotherapy notes or information compiled in anticipation of, or for use in, a civil, criminal or administrative action or proceeding.
• The Plans will not allow you to access your PHI if these or any of the exceptions permitted under HIPAA apply. If you are denied access to your PHI, you may request a review of the denial.
• If you feel that PHI the Plans have about you is incorrect or incomplete, you may ask the Plans to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Plans. To request an amendment, you must submit your request in writing to the appropriate Privacy Contact listed on page 5. Your request must list the specific PHI you want amended and explain why it is incorrect or incomplete. The Plans may deny your request for an amendment if it is not in writing or does not list why it is incorrect or incomplete. In addition, the Plans may deny your request if you ask the Plans to amend information that is:
  
  
  • Not part of the PHI kept by or for the Plans;
  • Not created by the Plans or its third party administrators;
  • Not part of the information which you would be permitted to inspect and copy; or
  • Accurate and complete.

• If the Plans deny your request, they must provide you a written explanation for the denial and an explanation of your right to submit a written statement disagreeing with the denial no later than 60 days after receipt of your request.
• You have the right to request that the Plans communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that the Plans only contact you at work or by mail. The Plans will only accommodate these requests if: (i) you inform them that failure to accommodate such requests could endanger you or, (ii) the disclosure relates to the Plan’s payment obligations or health care operations, is not otherwise required by law, and relates to a service or treatment paid exclusively out of pocket. To request confidential communications, you must submit your request in writing to the appropriate privacy contact listed on the next page. Your request must specify how or where you wish to be contacted.
• You also may request that the Plans disclose your PHI to your personal representative. A “personal representative” is an individual you designate to act on your behalf and make decisions about your medical care. If you want the Plan to disclose your PHI to your personal representative, submit a written statement giving the Plan permission to release your PHI to your personal representative and documentation that this individual qualifies as your personal representative under state law, such as a health care power of attorney. Submit this request in writing to the appropriate privacy contact listed on the next page.

Changes to This Notice
The Plans have the right to change this notice at any time. The Plans also have the right to make the revised or changed notice effective for medical information the Plans already have about you as well as any information received in the future. The Plans will post a copy of the current notice at www.UPSers.com. Notices will contain the effective date on the first page.

Complaints
To file a complaint with the Plans, call the UPS Help Line at 1-800-220-4126. You will not be penalized or retaliated against for filing a complaint.

HIPAA Certificate of Creditable Coverage
A Certificate of Creditable Coverage shows the dates coverage begins and ends under a health care plan. It is used if you are leaving UPS and obtaining coverage from another source that has a pre-existing condition exclusion. If you provide your new plan with a Certificate of Creditable Coverage within 63 days of the date your UPS coverage ends, your new plan cannot enforce any pre-existing condition exclusions it may otherwise contain.
UPS automatically sends Certificates of Creditable Coverage with COBRA notices. If you need a Certificate of Creditable Coverage in advance of receiving a COBRA notice, please call the UPS Benefits Service Center at 1-800-UPS-1508.

Contact Information

Aetna
Attn: Chief Privacy Officer
151 Farmington Road RT 111
Hartford, CT 06156
Please call the Member Services phone number on your ID card.

BCBS of Illinois
HIPAA Privacy Official
300 E. Randolph, 26th Floor
Chicago, IL 60601
312-653-5952 Phone
312-240-9845 Fax

CIGNA Healthcare
Privacy Officer
3101 Park Lane Drive
Pittsburgh, PA 15275
412-747-7066

Free & Clear®
HIPAA Privacy Officer
999 Third Avenue, Suite 2100
Seattle, WA 98104
206-876-2100

Kaiser Permanente
Hawaii
HIPAA Privacy Official
711 Kapiolani Boulevard
Honolulu, HI 96813
808-432-5090

California
HIPAA Privacy Official
 200 North Lewis Street
Orange County, CA 92868
510-987-3313

Medco Health Solutions
Privacy Services Unit
P.O. Box 800
Franklin Lakes, NJ 07417
1-800-987-5237

MetLife
Privacy Coordinator
P.O. Box 937
Westport, CT 06881-9909
1-800-438-6388

OptumHealth Bank
HIPAA Privacy Office
6300 Olson Memorial Highway
Mail Route: MN008-T615
Golden Valley, MN 55427
952-936-4915

United Healthcare
Customer Service - Privacy Unit
P.O. Box 740815
Atlanta, GA 30374-0815
Please call the Member Services phone number on your ID card.

UPS HIPAA Privacy Manager
Corporate Compliance
55 Glenlake Parkway NE
Atlanta, GA 30328
404-828-6550

ValueOptions
Privacy Department
P.O. Box 3207
Coppell, TX 75019
1-866-268-6787

Vision Service Plan
HIPAA Privacy Official Attn: Member Services
P.O. Box 997100
Sacramento, CA 95899-7105
1-800-877-7195