Privacy Policy

I. PURPOSE

The purpose of this policy is to ensure that confidentiality of protected health information is maintained for all OAKTREEDRUGS members, and to provide OAKTREEDRUGS members with notice of OAKTREEDRUGS's information practices.

II. DEFINITIONS

    A. Protected Health Information means any information that is created or received by OAKTREEDRUGS which identifies an individual and relates to the past, present or future physical or mental health or condition of that individual.
    B. Eligibility Information means information, whether written or oral, which describes a member or a member's eligibility for past or future OAKTREEDRUGS services and the extent to which those services are covered under the member's plan. Eligibility information does not include Protected Health Information.

III. SCOPE/POLICY

    A. OAKTREEDRUGS shall not disclose any Protected Health Information about a member collected or received in connection with a OAKTREEDRUGS transaction unless the disclosure is permitted or required by law, and is:
      1. To the member or the member's legal representative or guardian, upon presentation to OAKTREEDRUGS of a valid Social Security or Member Identification number; or
      2. With the written authorization of the member, or the member's legal representative or guardian, provided the authorization is:
        a. Dated;
        b. Signed by the member or the member's legal guardian; and
        c. Obtained one (1) year or less prior to the date a disclosure is sought; or
      3. To a group policyholder for the purpose of reporting claims experience or conducting an audit of OAKTREEDRUGS¡¯s operations or services, provided the information disclosed is reasonably necessary for the group policyholder to conduct the review or audit; or
      4. To a medical care institution or medical professional for the purpose of:
        a. Verifying coverage or benefits;
        b. Informing an individual of a medical problem of which the individual may not be aware; or
        c. Conducting an operations or services audit to verify the members treated by the medical professional or at the medical care institution; provided only such information is disclosed as is reasonably necessary to accomplish the foregoing purposes; or
      5. To an insurance institution, health care organization, or self-insurer, provided the information disclosed is limited to that which is reasonably necessary:
        a. To detect or prevent criminal activity, fraud, material misrepresentation or material nondisclosure in connection with insurance transactions; or
        b. For either the disclosing or receiving entity to perform its function in connection with an insurance transaction involving the member; or
      6. To an insurance or healthcare regulatory authority; or
      7. To a law enforcement or other governmental authority:
        a. To protect the interests of OAKTREEDRUGS in preventing or prosecuting the perpetration of fraud upon it; or
        b. If OAKTREEDRUGS reasonably believes that illegal activities have been conducted by the member; or
      8. Made for the purpose of conducting actuarial or research studies, provided:
        a. No member may be identified in any actuarial or research report;
      9. To an internal or external professional peer review organization for the purpose of reviewing the service or conduct of a medical care institution or provider; or
      10. To a governmental authority for the purpose of determining the member¡¯s eligibility for vision or health benefits for which the governmental authority may be liable; or
      11. In response to a facially valid administrative or judicial order, including a search warrant or subpoena; or
      12. To a health maintenance organization, health plan, or insurer, when OAKTREEDRUGS is acting as a subcontractor to that organization, and the member is covered by OAKTREEDRUGS pursuant to his/her enrollment in that organization. In that circumstance, all Protected Health Information maintained by OAKTREEDRUGS by virtue of the contract with the organization will be made available to the organization; or
      13. Otherwise permitted or required by law.
    B. In addition to those circumstances described in Section III(A), Eligibility Information will be provided in the following circumstances where permitted or required by law:
      1. To a member doctor, a member, a member's current spouse, a member's eligible dependent, or the legal guardian of an eligible dependent, upon presentation to OAKTREEDRUGS of a member's valid Social Security or identification number;

IV. PROCEDURE

    1. All OAKTREEDRUGS employees, upon employment, agree to abide by OAKTREEDRUGS¡¯s policy and procedure of "Confidentiality of Information" which details the importance of confidentiality of medical records, personal information, insurance claims and other materials. The consequences of violating this policy includes disciplinary action up to and including dismissal from employment.
    2. Medical Directors, Admin Directors, Clinical Consultants and Clinical Committee Members must sign a Conflict of Interest and Confidentiality Statement.
    3. Any patient specific information or medical record will be considered confidential and will be shared only with those parties who have the authority to receive such information, as provided for in Section II, above.
    4. If disclosure is required through a court order or subpoena, the order or subpoena will first be reviewed by the OAKTREEDRUGS Legal Department to determine the legitimacy of the order, the purpose for the disclosure, and limitations on the information disclosed.
    5. All patient specific medical information will be stored for the appropriate length of time as required by legal statutes and company policy, in files that are locked and made accessible only for the purposes stated above.
    6. System stored patient specific medical and personal information will be protected through system security measures designed to protect against access by unauthorized staff. Additionally, OAKTREEDRUGS is monitoring the status of proposed regulations pursuant to the Health Insurance Portability and Accountability Act, and will implement such security measures mandated by the final regulations. OAKTREEDRUGS currently employs industry standard system security measures to protect electronically stored and transmitted information.
    7. OAKTREEDRUGS¡¯s Provider Policy states that OAKTREEDRUGS contracted doctor¡¯s offices shall maintain the integrity and confidentiality of Protected Health Information in the record against loss, defacement, tampering or use by unauthorized persons. The contracted doctor¡¯s office shall maintain a policy of confidentiality regarding patient medical record information.
    8. If OAKTREEDRUGS becomes aware of a confidentiality violation by a member doctor, either through an on-site visit or through a complaint/grievance, the Quality Assurance Committee and OAKTREEDRUGS staff will determine the proper steps needed to restore confidentiality. Human Resources will be consulted if the violation was perpetrated through a OAKTREEDRUGS employee.
    9. This policy shall be provided to any member, group, or member doctor upon request.

V. Confidentiality and Security on OAKTREEDRUGS.com

OAKTREEDRUGS respects the privacy of its Web site users. Simply by visiting the OAKTREEDRUGS Web site, personal information is not collected. OAKTREEDRUGS members who enter personal information should know all communication between your computer and OAKTREEDRUGS¡¯s Web servers is encrypted using secured server technology (SSL). OAKTREEDRUGS¡¯s secure server software is the industry standard and among the best software available today for secure transactions.

Why do you need to enter personal information?

Some features, such as OAKTREEDRUGS¡¯s Doctor Group and the Member Eligibility area, are tied directly to your personal information. We want to make sure we¡¯re providing services to the right person. At OAKTREEDRUGS, we understand the privacy concerns surrounding one's medical information. Rest assured your medical information will only be used to administer and provide safe and effective health care. OAKTREEDRUGS does not release any information to unauthorized individuals.

VI. The Use of Cookies

Cookies are pieces of information that are stored on a user¡¯s PC when the user accesses a Web site. OAKTREEDRUGS uses temporary cookies to help you access some of the special functions within the database driven areas of OAKTREEDRUGS's site. Once you leave our Web site, these cookies expire. Cookies do not collect personal identifying information about the user.