Definitions

"Member" means any person who receives health care coverage from the Trust, including employees, retirees, surviving spouses, COBRA beneficiaries and eligible dependents.

"Protected Health Information" or "PHI" means individually identifiable information created or received by or on behalf of the Trust, whether oral or recorded in any form or medium, that relates to the past, present or future physical or mental health or condition of a Member, the provision of health care to a Member, or the payment for health care provided to a Member.
" Personal Representative" means: (1) a person who has authority under applicable law to make decisions related to health care on behalf of an adult or an emancipated minor; or (2) the parent, guardian, or other person acting in loco parentis who is authorized under law to make health care decisions on behalf of an unemancipated minor, except where the minor is authorized by law to consent, on his/her own or with court approval, to a health care service, or where the parent, guardian or person acting in loco parentis has assented to an agreement of confidentiality between the provider and the minor.
" Business Associate" means a person or organization which, on behalf of the Trust, performs, or assists in the performance of a function or activity involving the use or disclosure of PHI, or provides administrative, management, consulting, legal, actuarial, accounting, or financial services involving disclosure of PHI. Business Associates of the Trust include Meritain Health ("NAHP"), HealthLink, and the Trust's attorneys and actuaries, among others.

Our Responsibilities

The Trust is required to:
• Maintain the privacy of your health information in accordance with the Trust's Privacy Policy and in accordance with applicable federal and state law;
• Provide you with this Notice of our legal duties and privacy practices, and your rights with respect to information we collect and maintain about you;
• Abide by the terms of this Notice;
• Accommodate reasonable requests you may have to communicate health information by alternative means or at alternative locations; and
• Notify you if we are unable to agree to a requested restriction.

We may change the terms of this Notice at any time. We will provide you with a revised copy of the Notice promptly following any material revision to the Notice and upon your request. The Notice will be posted on the Trust's web site.

The Trust reserves the right to make changes in its Privacy Policy effective for all PHI maintained by the Trust. You may request a copy of the Privacy Policy. See "Contact Information" below.

How the Trust May Use and Disclose PHI

PHI may be used and disclosed by the Trust and its Business Associates and others outside the Trust for purposes of treatment, payment and health care operations. Your PHI may be disclosed for these purposes without your express consent or authorization.

The following are examples of the types of permitted uses and disclosures of PHI. These examples are not meant to be exhaustive, but to describe the types of uses and disclosures that may be made by the Trust.

Treatment: The Trust may use and disclose your PHI to coordinate or manage your health care and any related services. For example, the Trust may disclose information to a case manager involved in coordinating your care with providers.

Payment: The Trust may use and disclose your PHI to facilitate and coordinate payment for your health care services. This includes activities such as making determinations of eligibility or coverage and services such as utilization review. For example, the Trust may tell your treating physician whether you are eligible for coverage or what portion of the physician’s bill will be paid by the Trust.

Health Care Operations: The Trust may use or disclose your PHI in order to support the Trust’s health care operations. "Health care operations" include, but are not limited to, underwriting, premium rating and other insurance activities. For example, the Trust may use PHI to refer you to a disease management program, project future benefit costs, obtain reinsurance or audit the accuracy of its claims processing functions.

Business Associates: The Trust does not have its own employees. Most of the Trust's operations are handled by third party Business Associates which perform various administrative and other services for the Trust. Normally, all of the PHI created or received by or for the Trust is maintained by its Business Associates, and the terms "Trust" and "we" in this Notice generally mean the Trust and its Business Associates when they are acting on behalf of the Trust. Whenever an arrangement between the Trust and a Business Associate requires the use or disclosure of PHI, we will have a written contract that contains terms that will protect the privacy of your PHI as provided in this Notice. For example, the Trust has contracts with NAHP, HealthLink and other service providers which require these Business Associates to protect the privacy of your PHI to the same extent that the Trust is required to protect your PHI.

Treatment Alternatives and Other Services: The Trust may use or disclose your PHI to provide you with information about treatment alternatives or other health-related benefits and services that may be of interest to you. For example, your name and address may be used to send you a newsletter about the Trust and the services we offer or to send you information about products or services that we believe may be beneficial to you. You may contact our Privacy Officer to request that these materials not be sent to you.

Disclosure of PHI to Family Members, Friends, Guardians and Others Involved in Your Care

Unless you object or request additional privacy restrictions or alternative communications that are accepted by the Trust (as explained below under "Your Rights"), the Trust may, in the exercise of professional judgment, disclose to a family member, other relative, or close personal friend, PHI directly relevant to such person’s involvement with your care or payment for your care. The Trust may reasonably infer from the circumstances surrounding the request or otherwise utilize professional judgment and experience with common practice to make reasonable inferences of your best interest in disclosing PHI to another person on your behalf.

When Written Authorization is Required

The Trust will not use or disclose your PHI for any reasons other than those described above, or as otherwise permitted or required by law as described below. You may, however, authorize the Trust to disclose your PHI to another party.
For example, the Trust will not disclose your PHI to your employer for any reason, unless you give us written authorization to disclose your PHI to the employer. If you want a representative from your employer to contact the Trust or our Business Associates on your behalf about your claims, you must provide a written statement authorizing us to disclose your PHI to that person or organization.
You may obtain an Authorization To Disclose Health Information form from your employer or from the Trust. See "Contact Information" below. A copy is also provided at the end of this Notice. You may revoke this authorization at any time by providing written notice of the revocation to the Privacy Officer, except to the extent that the Trust has taken action in reliance on the authorization.

While the Trust will not disclose individually identifiable health information to your employer without authorization, the Trust may provide certain summary health information to your employer to allow the employer to obtain bids for other health insurance and to decide whether to continue to participate in the Trust. The Trust may also disclose certain summary health information to the Board of Managers of the Trust to allow the Board to establish premium rates, obtain bids for reinsurance, and amend or modify the plan of benefits provided by the Trust. Summary health information means information that summarizes the claims history, claims expenses or types of claims incurred by the Members provided coverage through your employer group or through the Trust as a whole. Summary health information does not include information such as names, addresses, identification numbers, dates of service or other individually identifying information.

Other Disclosures that May be Made Without Authorization or Opportunity to Object

The Trust may also use or disclose your PHI in the following situations without your authorization:

Required By Law: We may use or disclose PHI to the extent that the use or disclosure is required by law. The use or disclosure will be made in compliance with the law and will be limited to the relevant requirements of the law.

Public Health: We may disclose PHI for public health activities and purposes to a public health authority that is permitted by law to collect or receive the information for the purpose of controlling disease, injury or disability.

Communicable Diseases: If authorized by law we may disclose PHI to a person who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading the disease or condition.

Health Oversight: We may disclose PHI to a government agency charged with overseeing the health care system for activities authorized by law, such as audits, investigations, and inspections.

Abuse or Neglect: We may disclose PHI to a public health authority that is authorized by law to receive reports of child abuse or neglect.

Food and Drug Administration: We may disclose PHI to the FDA as required to report adverse events, product defects or problems; track products; enable product recalls; make repairs or replacements; or conduct post-marketing surveillance.
Legal Proceedings: In accordance with applicable federal and state law, we may disclose PHI in the course of any judicial or administrative proceeding, in response to an order of a court or administrative tribunal (to the extent such disclosure is expressly authorized), or in certain conditions in response to a subpoena, discovery request or other lawful process.

Law Enforcement: In accordance with law, we may also disclose PHI for law enforcement purposes.

Coroners, Funeral Directors, and Organ Donation: We may disclose PHI to a coroner or medical examiner for identification purposes, determining cause of death or for the coroner or medical examiner to perform other duties authorized by law; to a funeral director in order to permit the funeral director to carry out his/her duties; or to appropriate parties for cadaveric organ, eye or tissue donation purposes.

Research: We may disclose PHI to researchers when their research has been approved by an institutional review board that has reviewed the research proposal and established protocols to ensure the privacy of PHI.

Criminal Activity: Consistent with applicable federal and state laws, we may disclose PHI if we believe that the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public or to allow law enforcement authorities to identify or apprehend an individual.

Military and National Security: When the appropriate conditions apply, we may use or disclose PHI of Members who are Armed Forces personnel for activities deemed necessary by appropriate military authorities. We may also disclose PHI to authorized federal officials for conducting national security and intelligence activities, including for the provision of protective services to the President or others legally authorized.

Workers’ Compensation: We may disclose PHI as authorized to comply with workers’ compensation laws and other similar legally-established programs.

Inmates: We may disclose PHI of an inmate in a correctional facility to the facility if the facility represents the PHI is necessary for certain permitted purposes.

Required Uses and Disclosures: Under the law, we must make disclosures of PHI when required by the Secretary of the Department of Health and Human Services to investigate or determine our compliance with the privacy requirements of HIPAA.

Your Rights

Following is a statement of your rights with respect to your PHI and how you may exercise these rights.

Right to Inspect and Copy: You have the right to inspect and obtain a copy of your medical information maintained for the Trust. This includes medical and billing records, but does not include psychotherapy notes.

To inspect and obtain a copy of your PHI, you must complete the Inspection and Copy Request Form and submit the form to the Trust’s Privacy Officer. See "Contact Information" below. If you request a copy of the information, we will charge a fee for the costs of copying, mailing or other supplies associated with your request.

The requested information will generally be provided within 60 days. The Trust may ask for a single 30 day extension if the Trust is unable to comply with the deadline.

We may deny your request to inspect and copy in certain limited instances. If you are denied access to your medical information, the Trust will provide you with a written denial setting forth the basis of the denial, a description of how you may exercise your review rights and a description of how you may file a complaint.

Your Right to Amend: If you feel that medical information the Trust has about you is incorrect or incomplete, you may ask us to amend the information.

To request an amendment, you must complete the Correction/Amendment Request Form and submit the form to the Privacy Officer. See "Contact Information" below.

The Trust generally has 60 days after receiving the Amendment Request Form to act on the request. The Trust is entitled to a single 30 day extension in the event the Trust is unable to comply with the deadline.

We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend information that:

• Was not created by or for the Trust, unless the person or entity that created the information is no longer available to make the amendment;
• Is not part of the medical information kept by or for the Trust;
• Is not part of the information which you would be permitted to inspect and copy; or
• Is accurate and complete.

If your request is denied the Trust will provide you with a written denial that explains the basis of the denial. You may submit a written statement disagreeing with the denial and you may require the Trust to include the statement, or if no statement is filed, a copy of your Amendment Request Form and the Trust's written denial, with any future disclosures of the PHI.

Your Right to an Accounting: You have the right to request an accounting or list of certain disclosures of your PHI. You may request an accounting only of disclosures the Trust has made to others for reasons other than treatment, payment or health care operations.

To request an accounting you must complete the Accounting of Disclosures Request Form and submit it to the Privacy Officer. See "Contact Information" below. Your request must state a time period which may not be longer than 6 years and may not include dates before April 14, 2003. The first list you request within a 12 month period will be free. We may charge you for the costs of providing an additional list during any 12 month period.

The Trust will attempt to comply with your Accounting of Disclosures Request within 60 days. The Trust will be permitted an additional 30 days to comply with the request as long as the Trust provides you with a written statement explaining the reasons for the delay and the date by which the accounting will be provided.

Your Right to Request Restrictions: You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you may ask that we not disclose information to your spouse.

To request such restrictions on the use or disclosure of your PHI, you must complete the Additional Restrictions Request Form and submit the request to the Privacy Officer. See "Contact Information" below.

We are not required to agree with your request. If we do agree, we will comply with your request.

Your Right to Request Confidential Communications: You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail.

To request confidential communications, you must complete the Confidential Communication Request Form and submit the request to the Privacy Officer. See "Contact Information" below. We will not ask you the reason for your request and will accommodate all reasonable requests.

Personal Representatives

You may exercise your rights through a personal representative. Your personal representative will be required to produce evidence of his/her authority to act on your behalf before being given access to your PHI. Proof of such authority may include:

• A power of attorney for health care purposes, notarized by a notary public;
• A court order of appointment of the person as conservator or guardian; or
• A parent of a minor child.

The Trust retains the discretion to deny access to your PHI to a personal representative in certain circumstances.

Complaints

If you believe your privacy rights have been violated, you may submit your complaint in writing by mail or by fax to the Privacy Officer for the Trust at:

Attention: Privacy Officer
Egyptian Area Schools
Employee Benefit Trust
P.O. Box 2046
Fairview Heights, IL 62208
Fax: (888) 525-2799

You also have the right to file a written complaint with the Secretary of the United States Department of Health and Human Services.

The Trust will not intimidate, threaten, coerce or discriminate against you for filing a complaint or otherwise exercising legal rights set forth in this Notice and/or the Trust’s Privacy Policy.

Contact Information

You may obtain copies of the Trust's Privacy Policy and the Forms referred to in this Notice from:

Egyptian Area Schools
Employee Benefit Trust
c/o Meritain Health
13 Executive Dr, Suite 19
Fairview Heights, IL 62208
Telephone: (866) 588-2431
Fax: (888) 525-2799

This Notice of Privacy Practices will also be posted on the Trust's web site at:
www.egtrust.org.

Forms:
• Authorization to Disclose Health Information
• Inspection and Copy Request Form
• Correction/Amendment Request Form
• Accounting of Disclosures Request Form
• Additional Restrictions Request Form
• Confidential Communication Request Form
• Member Complaint Form

Privacy Regulations

The Trust’s use and disclosure of PHI is regulated by federal and state law, including HIPAA. The HIPAA privacy regulations are set forth in the United States Code of Federal Regulations at 45 CFR Parts 160 and 164. This Notice attempts to summarize the regulations. The regulations will supersede any discrepancy between the information contained in this Notice and the regulations.

EGYPTIAN AREA SCHOOLS EMPLOYEE BENEFIT TRUST

AUTHORIZATION TO DISCLOSE HEALTH INFORMATION

I authorize the Egyptian Area Schools Employee Benefit Trust ("Trust") and its Business Associates to use or disclose protected health information as described in this authorization.
1. Person whose information is to be disclosed: _____________________________________
2. Person or organization authorized to receive the information:__________________________________________________________________________.

3. Specific description of information to be disclosed (if applicable, include information such as date(s) of service, level of detail to be released, origin of information, etc.):____________________________________________________________________________________________________ __________________________________________________________________________________________________________________

4. Purpose of this request (state purpose or "at the request of the individual"): ______________________________________________________________.

5. When this authorization will expire: _____________________________________________.
(state expiration date or a defined event)

6. I understand that if information is disclosed in accordance with this authorization, the person or organization who receives the information may disclose it to others and the information may no longer be protected by the federal HIPAA Privacy Rule.

7. I understand I have the right to revoke this authorization in writing except to the extent that the Trust has acted in reliance on this authorization. My written revocation must be submitted by mail or fax to the Trust’s Privacy Officer at:

Privacy Officer
Egyptian Area Schools Employee Benefit Trust
P. O. Box 2046
Fairview Heights, IL 62208
Fax: (888) 525-2799

8. I understand the Trust will not condition my enrollment or eligibility for benefits upon my granting this authorization, unless the authorization is to make determinations about my eligibility or for underwriting purposes. This authorization is not for disclosure of psychotherapy notes.

9. I understand I am entitled to receive a copy of this authorization.

____________________________________________ ___________________
Signature of Member/Guardian/Personal Representative Date
____________________________________________ ___________________
Print Name of Member (Covered Employee or Dependent) Member's SSN
___________________________________________ ___________________
Print Name of Legal Guardian/Personal Representative Relationship to Member
(if applicable)