GTESS Privacy Practice

Effective Date: April 1, 2003

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

GTESS Corporation has created this statement about its privacy policy in order to demonstrate our organizational commitment to the privacy of health information and to the protection of such information. GTESS Corporation is a provider of paper and electronic medical claims processing, clearinghouse and redistribution service for Third Party Administrators (TPAs), Preferred Provider Organizations, (PPOs), and Health Maintenance Organizations (HMOs). As a part of our business operations, GTESS Corporation receives and transmits health information regarding individuals. GTESS Corporation is required by law to maintain the privacy of protected health information. It is also required to provide individuals with notice of its legal duties and privacy practices with respect to protected health information. This statement is issued, distributed, posted, and made available to all individuals to explain the information practices of GTESS Corporation, and to inform individuals of their rights to control their health information. GTESS Corporation is required to abide by the terms of the notice currently in effect. GTESS Corporation reserves the right to change the terms of its notice and to make the new notice provisions effective for all protected health information that it maintains. A new notice shall be posted upon effectiveness at the offices of GTESS Corporation, on its website, and shall be available in printed form upon request.

DEFINITIONS

Clearinghouse: a public or private entity, including a billing service, repricing company, community health management information system or community health information system and "value-added" networks and switches, that does either of the following functions:

  1. Processes or facilitates the processing of health information received from another entity in a nonstandard format or containing nonstandard data content into standard data elements or a standard transaction
  2. Receives a standard transaction from another entity and processes or facilitates the processing of health information into nonstandard format or nonstandard data content for the receiving entity

Covered Entity: A covered entity means (1) a health plan, (2) a health care clearinghouse, or (3) a health care provider who transmits any health information in electronic form in connection with a transaction covered by HIPAA

Designated Record Set: a group of records maintained by or for a covered entity that is:

  1. the medical records and billing records about individuals maintained by or for a covered health provider
  2. the enrollment, payment, claims adjudication, and case or medical management record systems maintained by or for a health plan or
  3. used in whole or in part, by or for the covered entity to make decisions about individuals
  4. "Record" is defined as any item, collection, or grouping of information that includes protected health information and is maintained, collected, used or disseminated by or for a covered entity

Disclosure: the release, transfer, provision of access to, or divulging in any other manner of the information outside the entity holding the information

Health Plan: an individual or group plan that provides, or pays the cost of, medical care

Protected Health Information: individually identifiable health information with certain exceptions allowed by law

Health Care Provider: a provider of medical or health services and any other person or organization who furnishes, bills, or is paid for health care in the normal course of business

INFORMATION AT GTESS CORPORATION: GTESS Corporation receives and distributes medical claims that contain information on the individual relative to that claim for service. Examples of information contained within a claim include but are not limited to the following:

Name of individual
Individual identification number
Policy number
Social security number
Address of individual
Age of individual
Name of provider of service
Procedure code(s)
Diagnosis code(s)
Claim amount
Date of service

GTESS Corporation does not create any original records; neither health plan records, enrollment records, treatment or medical records, nor claims. All records received, stored, or transmitted by GTESS Corporation originate from another entity. GTESS Corporation may transfer claim information from a non-standard format to a standard format or vice versa, but no original information is altered or created by GTESS Corporation.

Use of Individual Information at GTESS Corporation
GTESS Corporation uses the individual information contained on the claims forms to process or to facilitate the processing of medical claims to transfer information between entities. The federal privacy regulations permit GTESS Corporation to use and disclose individual health information for the purposes of treatment, payment, and health care operations. Examples of how GTESS Corporation uses or discloses individual health care information for the purposes of treatment, payment, and health care operations include:

Treatment: GTESS Corporation does not provide health care treatment of any kind.

Payment: GTESS Corporation serves as a healthcare clearinghouse that processes or facilitates the processing of health information received from another entity for the purpose of payment from the health plan to the provider

Operations: GTESS Corporation uses or discloses individual healthcare information to accomplish the following business operations:

Contract for services with business associates
Quality assessment and improvement activities
Audit
Business planning and development
Administrative activities related to compliance
Customer service
Additional uses or disclosures may occur:
Upon legal demand
For law enforcement
For reasons of national security and/defense
As required by law

Other uses and disclosures of individual health information shall be made by GTESS Corporation only with the individual’s written authorization. The individual may revoke such authorization.

INDIVIDUAL RIGHTS
Federal law provides the individual with certain rights with respect to protected health information. The individual may exercise these rights as follows:

  1. The right to request restrictions on certain uses and disclosures of protected health information. GTESS Corporation is not required to agree to a requested restriction.
  2. The right to receive confidential communications of protected health information.
  3. The right to inspect and copy protected health information. GTESS does not create any original protected health information about individuals. All protected health information is received from another source and GTESS shall direct requests to inspect and/or copy protected health information to that original source.
  4. The right to amend protected health information. GTESS does not create any original protected health information about individuals. Any requests by an individual to amend protected health information shall be referred to the original source. Any amendments received, by GTESS, from an original source shall be amended in GTESS records as per the regulations.
  5. The right to receive an accounting of disclosures of protected health information other than for the purpose of treatment, payment, and operations.
  6. The right to obtain a paper copy of this notice upon request.

COMPLAINTS
Individuals may complain to GTESS Corporation and to the federal regulatory agencies (Secretary) if they believe their privacy rights have been violated. To file a complaint with GTESS Corporation, an individual should follow the steps outlined below. No individual shall be retaliated against for filing a complaint.

1. Contact by phone or in writing the Privacy Contact at GTESS Corporation:

GTESS Corporation
2435 N. Central Expressway, Suite 500
Richardson, TX 75080 Attn: HIPAA Privacy Contact Hours: 8:30 A.M. - 5:00 P.M. Central Time, Monday thru Friday Phone: 972.792.5500 Email: Customer_Service@gtess.com
2. Specify the nature of the complaint: how you believe your privacy rights have been violated
3. If possible, identify the designated record set from which the information was disclosed
4. If possible, identify the manner in which the information was disclosed

FOR MORE INFORMATION Contact the GTESS Corporation Privacy Contact for more information:
GTESS Corporation
2435 N. Central Expressway, Suite 500
Richardson, TX 75080 Attn: HIPAA Privacy contact Hours: 8:30 A.M. - 5:00 P.M. Central Time, Monday thru Friday Phone: 972.792.5500 Email: Customer_Service@gtess.com