Gateway Health Online Privacy Statement
This Online Privacy Statement discloses the practices of Gateway Health (“Gateway”) regarding information gathering and disclosure from Gateway’s website.
- Use of Personal Data Collected - Personal data collected by Gateway may be used by Gateway for many reasons, including analysis of how and when the website gets visited, for development of Gateway services or for changes in the content and appearance of this website. Aggregate data on visitors' home servers may be used for internal purposes or provided to third parties. Individually identifying information, such as names, postal and e-mail addresses, phone numbers and other personal information that visitors voluntarily provide to Gateway may be added to Gateway's databases and/or used for future calls and mailings regarding website updates, new products and services, upcoming events, and for other purposes that comply with federal and state law. Gateway may contact website visitors regarding membership issues, including specific issues affecting a member and general issues affecting groups of members, for example, changes to the Member Handbook, privacy statement, business practices or Gateway policies.
- Disclosure of Personal Data to Third Parties - Gateway does not sell its member lists. Unless otherwise authorized by a visitor or validly requested by governmental authorities or legal process, Gateway does not distribute its members’ specific information to outside persons or firms unless a disclosure is needed for the member’s care, payment of members’ claims or the necessary operations of the health plan. Gateway may disclose to its affiliates and service providers that assist in meeting the needs of Gateway members’ personal information of users that has been collected through its website, as permitted by law. Information collected by Gateway affiliates and service providers may also be shared with Gateway as permitted by law. Information disclosed by users on-line may be re-disclosed if needed to respond to the user’s requests and inquiries. Gateway affiliates and service providers are required to follow no less than the privacy and confidentiality standards of law.
- Links to Other Websites - While Gateway may provide links to other websites, a link on Gateway’s website is not and should not be construed as an endorsement of the content, viewpoint, policies, products or services provided or advertised on the linked site. Website visitors linking to other sites receive messages about leaving Gateway's website. Once a visitor leaves the Gateway website by linking to a site not maintained by Gateway, the visitor should become familiar with the on-line privacy statement of the linked website before accessing or supplying information.
- Security Measures - Although Gateway makes reasonable efforts to protect user information from unauthorized use or alteration, users should be aware that there is always some risk in sending information over the Internet. Gateway uses commercially reasonable security features; however, the confidentiality of any communication or material transmitted to/from Gateway’s website or e-mail cannot be guaranteed. Gateway only grants access to personal information to those employees, affiliates, service providers and other third parties as required by law, as required to provide healthcare products and services or as the user permits. For private health matters, members of Gateway or their authorized representatives are encouraged to contact Gateway by telephone at the number listed on the member identification cards.
- Correction of Personal Data Collected On-Line - Gateway will provide website visitors with a summary of their personally identifiable information retained by Gateway from on-line sessions, upon request by mail, e-mail or phone. Website visitors may modify, correct, change or update personally identifiable information that Gateway has collected on-line by contacting Gateway via regular mail, e-mail or telephone.
- Collection of Personal Data from Minors - To the extent that Gateway is able to determine the age of website visitors by their submissions to or communications with Gateway, Gateway will not knowingly collect or post information from individuals under the age of eighteen without consent of a parent or guardian. If registration is required on the Gateway website for offered services and a visitor submits information through the website that indicates the visitor is a minor, the minor's parent or guardian will be contacted regarding the registration. If the parent or guardian agrees, the registration processing will continue. If the parent or guardian indicates a desire to withdraw the registration, Gateway will provide instructions to the parent or guardian for deletion of the registration. No information collected through Gateway’s website from users self-identified as minors will be used knowingly for any direct marketing or promotional purposes.
- Compliance Program - Gateway’s Compliance Program regarding privacy and security of user information includes oversight of privacy practices, training of employees and maintenance and updates to security systems. Gateway will investigate privacy and security complaints through its Privacy Officer or Security Officer.
- Changes to this Privacy Statement - This On-Line Privacy Statement is subject to change at any time and should be reviewed by interested website visitors periodically. Questions or concerns regarding use of on-line information may be directed to Gateway by clicking “Contact Us” from the top of any of Gateway’s web pages.
Gateway Health Notice of Privacy Practices
THIS NOTICE DESCRIBES HOW HEALTH AND FINANCIAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Gateway HealthSM (“Gateway”) is required by law to protect the privacy of your health information and non-public personal (financial) information. This protection extends to all forms of communication (oral, written, and electronic) of this information. Also, Gateway is required to give you this notice about how it uses or shares (“discloses”) your health and personal (“non-public”) information. We are required to notify you if you are affected by a breach of unsecured health information.
In order to provide services to you, Gateway will share your health information with:
- You or someone who acts for you
- Doctors and health care providers who care for you
- Our contracted vendors who help us provide services to you (such as member services support and pharmacy benefit management)
- Other government programs such as Medicare and Medicaid to manage your benefits and payments
- State and federal agencies that have the legal right to receive such data
- The U.S. Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected
Gateway will use your health information to:
- Coordinate and manage your care
- Determine your eligibility for your plan benefits
- Pay for your health care
- Contact you about new or changed benefits
- Contact you for appointment reminders, medication management, or disease management programs and alternative treatments that may interest you
- Check the quality of our services and make improvements where required
- Complete medical reviews
- Arrange legal services, audit services, and fraud and abuse detection programs
- Plan and carry out our business activities, management and general administration
- Give you information about health-related benefits and services that may be of interest to you
Gateway may also use or share your health information:
- For public health activities (such as reporting disease outbreaks; child abuse and neglect; reporting domestic violence; preventing or controlling disease, injury or disability)
- For government health care oversight activities (such as fraud investigations, audits, and activities related to oversight of the health care system)
- For judicial and administrative proceedings (such as in response to a court order)
- For law enforcement purposes or when required by law, for example, locating a suspect, fugitive, material witness or missing person; complying with a court order or subpoena; and other law enforcement purposes.
- For purposes of national security
- To comply with workers’ compensation or similar laws
- For research studies that meet all privacy law requirements such as research related to the prevention of disease or disability
- To avoid a serious and likely threat to health or safety
- To create a collection of information that can no longer be traced back to you
- To group health plans, to coordinate plans and to permit the plan to administer benefits
- To coroners, medical examiners, funeral directors and organ donations
- To your school when proof of immunization is required by law
- To others involved in your health care (if you are not present or able to agree to these disclosures of your health information, we may use our professional judgment to determine whether the disclosure is in your best interest)
- For underwriting purposes if needed, however, we are not allowed to use or share your genetic information to decide whether coverage can be given or at what price.
If we receive compensation from another company for providing you with information about other products or services (other than drug refill reminders or generic drug availability), we will obtain your authorization to share information with this other company.
Sharing information for other purposes
Gateway must have your written permission (an “authorization”) to use or give out your health and claims information for any purpose that is not listed in this notice. Giving us permission to use or give out your health and claims information will not be a condition for getting health care and will not be used to determine your eligibility for enrollment or benefits, or for paying claims. You may take back (“revoke”) your written permission at any time, except if Gateway already took action based on your permission.
Some examples of when we need your permission to use or give out your information are:
- For fundraising
- For selling your protected health information (PHI)
You have the right to:
Get a copy of your health and claims information. You can ask to see or get a copy of your health or claims records and other health information we have about you. We will provide a copy or a summary of your health or claims records within 30 days of your request.
Ask us to correct health and claims records. You can ask us to change your health and claims records if you feel they are incorrect or incomplete. We may say “no” to your request but we’ll tell you why in writing within 60 days. If Gateway cannot change your records, you may have a statement of your disagreement added to your personal medical information.
Get a list of those with whom we’ve shared information. You can ask for a list (called “an accounting”) of the times we’ve shared your health information within the last six years. You must tell Gateway the dates for which you are requesting the list. The list will not cover information that was given to you or your personal representative, or information given for health care payments, for Gateway business operations, or for law enforcement needs.
Request Confidential Communications. You can ask us to contact you in a specific way, for example, on a home or office phone or to a different address. We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.
Ask us to limit what we use or share. You can ask us not to share certain health information for treatment, payment or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.
Choose someone to act for you. If you have given someone medical power of attorney, or if someone is your legal guardian, that person can act for you and make choices about your health information. We will make sure the person has this authority before we take any action.
Get a copy of this privacy notice. Contact us for a separate paper copy or e-mail copy of this Notice.
What is the non-public information that Gateway collects and shares about you?
- It is personal information but is non-medical, for example, the information you completed on your enrollment application that identifies who you are and how you can be contacted.
- Also, it is information collected for a request for services by you or your doctor.
- Also, it is information collected to answer a question or concern from you.
With whom does Gateway share your non-public information?
- With health care providers, for example, physicians, hospitals, long term care agencies, durable medical equipment providers, and pharmacies.
- With those who plan your benefits and your care, for example, for utilization reviews; external reviews; and case management.
How does Gateway protect your non-public information?
- Gateway does not make your non-public information available to anyone other than those necessary to provide medical or health plan services to you.
- Gateway does not give out your non-public information, except if required or permitted by law.
- Gateway does not give out your non-public information to anyone unrelated to providing your care under the health plan unless you or your representative gives permission.
- You have the right to give or withhold permission for other uses or disclosures of this information, except as required by law.
Questions and Complaints
If you have a question about this notice or believe Gateway has violated your privacy rights as stated in this notice, you can file a complaint by contacting:
Corporate Compliance and Privacy Team
Four Gateway Center
444 Liberty Avenue, Suite 2100
Pittsburgh, PA 15222
For more information on filing a complaint or your rights stated in this notice, you may call our Member Services at PA: 1-800-685-5209, OH: 1-888-447-4505, NC: 1-855-847-6430, 8 AM to 8 PM, 7 days a week from October 1 through March 31. From April 1 through September 30, 8 AM - 8 PM, Monday through Friday. TTY users should call 711. Filing a complaint will not affect your benefits. Translations services are available at no cost to you.
You may also file a complaint with the U.S. Secretary of the Department of Health and Human Services:
U.S. Department of Health and Human Services
Office for Civil Rights
Centralized Case Management Operations
200 Independence Ave., S.W.
Suite 515F, HHH Building
Washington, D.C. 20201
Customer Response Center: 1-800-368-1019
Fax: (202) 619-3818
Email: [email protected]
Or, for more information see: https://www.hhs.gov/hipaa/for-individuals/notice-privacy-practices/index.html.
Change to the terms of this notice
Gateway is required to follow the terms in this privacy notice. Gateway has the right to change the way your medical information is used and given out and to apply those changes to all the information we maintain about you. If Gateway makes any material changes they will be posted on our website, and you will be notified within sixty (60) days of the change.
These privacy practices went into effect April 14, 2003.
These privacy practices have been revised as of February 6, 2017.
HIPAA---What Gateway Health does to protect PHI!
Our motto is: Confidentiality is everyone’s job—protect all information, all the time!
Protecting your confidential information and PHI (protected health information) is a priority to us! We want you to know that we are committed to protecting all information, all the time. That includes protecting information provided in verbal, paper or in an electronic format.
First and foremost, we believe in the value of providing ongoing compliance and privacy education to our employees. Gateway employees are reminded of the importance of protecting confidential information through a variety of ways. These include: department refresher training sessions, sharing current news articles on privacy concerns and risks, access to an on-line compliance reference library, and easy access to policies and staff who are available to provide help with compliance or privacy questions.
Next, we expect all employees to understand and embrace their roles in protecting PHI. We post tips on our on-line staff intranet so everyone can learn good practices.
Last, but certainly just as important, Gateway takes a proactive approach to privacy and we are happy to share an example of how we do that. For the past several years we have audited desks after normal business hours to check to be sure information was protected from view or access and disposed of properly.
Gateway is proud of our employees’ dedication and commitment to protecting all information, all the time and we will continue to provide relevant training to keep them aware of potential risks.
We are happy to be your health insurance plan and we want you to know we care about you AND protecting your PHI and confidential information!