Privacy Notice

The Lutheran Church—Missouri Synod
Concordia Plan Services

SUMMARY OF NOTICE OF PRIVACY PRACTICES

The Lutheran Church—Missouri Synod is the plan sponsor of the group health plan (“Plan”) identified in the following Notice of Privacy Practices (“Notice”). The Board of Managers—Concordia Plan Services has been given the authority by the Synod to oversee and administer this Plan. The Board, in turn, has authorized the hiring of the Concordia Plan Services staff to administer the Plan on a day-to-day basis. The Plan is required by law to provide you with a copy of the Notice.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY PLAN AND HOW YOU CAN GET ACCESS TO YOUR INFORMATION. PLEASE REVIEW IT CAREFULLY.

How The Plan Will Use Your Information

The Plan may use, share or disclose the personal health information the Plan creates, receives or maintains about you (“protected health information”) to pay medical benefits, administer the Plan or for treatment by a health care provider. In addition, the Plan may use or disclose your information in other special circumstances described in the Notice. For any other purpose, the Plan will require your written authorization for the use or disclosure of your protected health information.

Your Individual Rights

You have the right to inspect and copy certain of your protected health information, request an amendment of the information, request restrictions on the use and disclosure of the information, request that communications be made to you through alternate means or at an alternative location, and obtain an accounting of the information that the Plan has disclosed for reasons other than treatment, payment, health care operations, required or authorized disclosures. There are certain limitations on these rights as explained in the Notice.

You may contact the following person for more information about the Plan’s privacy practices, to exercise your rights or to complain about how the Plan is handling your protected health information:

Julie A. Bruening
Privacy Officer
1333 S. Kirkwood Road
St. Louis, MO 63122
Julie.Bruening@ConcordiaPlans.org
1-888-927-7526 ext. 6704

The following Notice describes the Plan’s privacy practices in more detail.

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED BY THE PLAN AND HOW YOU CAN GET ACCESS TO YOUR INFORMATION. PLEASE REVIEW IT CAREFULLY.

The Lutheran Church—Missouri Synod is the plan sponsor of the group health plan identified below as the “Plan.” The Board of Managers—Concordia Plan Services has been given the authority by the Synod to oversee and administer this Plan. The Board, in turn, has authorized the hiring of the Concordia Plan Services staff to administer the Plan on a day-to-day basis. The Plan that is subject to the Health Insurance Portability and Accountability Act of 1996, as amended (“HIPAA”) is as follows:

Concordia Health Plan consisting of Preferred Provider Organization (PPO) coverage and Medicare Supplemental coverage.

The privacy of your personal health information that is created, used, or disclosed by the Plan is protected by HIPAA. The Plan is required by law to:

• maintain the privacy of your protected health information (“PHI”);
• provide you with this Notice of the Plan’s legal duties and privacy practices with respect to your PHI; and
• abide by the terms of this Notice.

PHI, or protected health information, is the identifiable health information about you created, received, or maintained by the Plan regardless of the form or medium of the information. It does not include employment records held by your employer.

Under HIPAA, the Plan must disclose your PHI:

• to you or your legal representative when you ask for information;
• to the U.S. Department of Health and Human Services, if necessary, to make sure your privacy is protected; and
• where otherwise required by law.

The Plan, and the individuals who administer it, may use, receive, or disclose your PHI for treatment, payment, or health care operations without obtaining a written authorization from you. These activities cover a broad range of activities, including:

• Treatment. The Plan may disclose protected health information to your providers for treatment, including the provision of care (diagnosis, cure, etc.) or the coordination or management of that care.
• Payment. The Plan may use and disclose your protected health information to pay benefits. Payment activities may include receiving claims or bills from your health care providers, processing payments, sending explanations of benefits (EOBs) to the Plan member, reviewing the medical necessity of the services rendered, conducting claims appeals, and coordinating the payment of benefits between multiple medical plans. Payment activities may also include the preparation and forwarding of the contribution statement to employers or any other appropriate person to receive such contribution statement.
• Health Care Operations. The Plan may use and disclose your protected health information for plan administration purposes. For example, the Plan may use or disclose your protected health information for plan administration activities such as enrollment, verification to your doctors or hospitals that you are eligible for benefits under the Plan, disease management programs and other Plan-related activities, including audits of claims.

The Plan may also use and disclose your protected health information to provide information to you about disease management programs, treatment alternatives, or other health-related benefits and services that may be of interest to you.

The Plan contracts with other businesses for certain plan administrative services. The Plan may release your health information to one or more of these “business associates” for plan administration if the business associate agrees in writing to protect the privacy of your information.

The Lutheran Church—Missouri Synod, as the plan sponsor, as well as the Board of Managers—Concordia Plan Services will also have access to your protected health information for plan administration purposes. Access to your protected health information within The Lutheran Church—Missouri Synod as well as the Board of Managers—Concordia Plan Services will be limited to persons responsible for the Plan’s administration.

Unless you authorize the Plan otherwise in writing (or the individually identifying data is deleted from the information), your protected health information will be available only to the individuals who need the information to conduct these plan administration activities and the release of your PHI will be limited to the minimum disclosure required, unless otherwise permitted or required by law.

The Plan is also permitted to use or disclose your protected health information, without obtaining a written authorization from you, in the following circumstances:

• For certain required public health activities (such as reporting disease outbreaks);
• To prevent serious harm to you or other potential victims, where abuse, neglect, or domestic violence is involved;
• For health oversight agency for oversight activities authorized by law;
• In the course of any judicial or administrative proceeding in response to a court or administrative tribunal’s order, subpoena, discovery request, or other lawful process;
• For a law enforcement purpose to a law enforcement official if certain legal conditions are met (such as providing limited information to locate a missing person);
• For research studies that meet all privacy law requirements (such as research related to the prevention of disease or disability);
• To avert a serious threat to the health or safety of you or any other person; and
• To the extent necessary to comply with laws and regulations related to workers’ compensation or similar programs.

Any other use or disclosure of your protected health information not identified within this Notice will be made only with your written authorization.

If your state laws provide more stringent privacy protections than HIPAA, the more stringent state law will still apply to protect your rights. If you have any questions about your rights under any particular federal or state law, please contact the person identified below as the Privacy Officer.

You will need to complete a written authorization form. An authorization form is available from Member Services by calling 1-888-927-7526 or can be obtained from our Web site at www.ConcordiaPlans.org. You have the right to limit the type of information that you authorize the Plan to disclose and the persons to whom it should be disclosed. You may revoke your written authorization at any time, and the revocation will be allowed to the extent action on the authorization has not yet been taken.

You have the right to:

• Request the Plan to restrict its uses and disclosures of your PHI. The Plan is not required to agree to a requested restriction. To request a restriction, please write to the Privacy Officer (identified at the end of this Notice) and provide specific information as to the disclosures that you wish to restrict and the reasons for your request. The Privacy Officer will respond in writing.
• Request that the Plan’s confidential communications of your PHI be sent to another location or by alternative communicative means. For example, you may ask that we send all explanation of benefits statements (EOBs) to your office rather than your home address. The Plan is not required to accommodate your request unless your request is reasonable and you state that the Plan’s ordinary communication process could endanger you.
• Inspect and obtain a copy of the PHI held by the Plan. However, access to psychotherapy notes, information compiled in reasonable anticipation of, or for use in legal proceedings, and access under certain other relatively unusual circumstances may be denied. Your request should be made in writing. A reasonable fee may be imposed for copying and mailing the requested information.
• Request that the Plan amend your protected health information or record if you believe the information is incorrect or incomplete.
• Receive a list of those individuals or entities who have accessed your PHI for reasons other than for treatment, payment or Plan operations or that you have authorized in writing.
• Get a paper copy of this Notice at any time, even if you have agreed to receive it electronically.

You may file a complaint with the Plan’s Privacy Officer and with the Secretary of the Department of Health and Human Services if you believe your privacy rights have been violated by the Plan. Their addresses are available under contact information below. All complaints must be filed in writing. You will not be retaliated against for filing a complaint.

If you have any questions about this Notice, please contact the Privacy Officer:

Julie A. Bruening
Privacy Officer
1333 S. Kirkwood Road
St. Louis, Missouri 63122
Julie.Bruening@ConcordiaPlans.org OR 1-888-927-7526 extension 6704

To contact the Secretary of Health and Human Services, write to:

U.S. Department of Health and Human Services
Office of Civil Rights
200 Independence Avenue, S.W.
Washington, D.C. 20201
(202) 619-0257
Toll free: 1-877-696-6775
http://www.hhs.gov/contacts

The effective date of this Notice is April 14, 2003.

The Plan reserves the right to change the terms of this Notice and its information practices and to make the new provisions effective for all protected health information it maintains. Any amended Notice will be provided to you.