The Health Insurance Portability and Accountability Act of 1996



Background:  The Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health plans to notify plan participants and beneficiaries about its policies and practices to protect the confidentiality of their health information.  This document is intended to satisfy HIPAA’s notice requirement with respect to all health information created, received, or maintained by the Downey Unified School District group health plan (referred to as the “Plan”), as sponsored by Downey Unified School District (referred to as the “Company”).  For a complete listing of contracted third party administrators of the District’s self-funded plans and contact information for fully insured plans (all of which are included in the Plan), see Attachment “A”.

The Plan needs to create, receive, and maintain records that contain health information about you to administer the Plan and provide you with health care benefits.  This notice describes the Plan’s health information privacy policy with respect to your MedicalPrescription Drug, Dental, and Vision benefits.  The notice tells you the ways the Plan may use and disclose health information about you, describes your rights, and the obligations the Plan has regarding the use and disclosure of your health information.  However, it does not address the health information policies or practices of your health care providers.

Downey Unified School District’s Pledge Regarding Health Information Privacy

The privacy policy and practices of the Plan protects confidential health information that identifies you or could be used to identify you and relates to a physical or mental health condition or the payment of your health care expenses.  This individually identifiable health information is known as “protected health information” (PHI).  Your PHI will not be used or disclosed without a written authorization from you, except as described in this notice or as otherwise permitted by federal and state health information privacy laws.

Privacy Obligations of the Plan

The Plan is required by law to:

  • make sure that health information that identifies you is kept private
  • give you this notice of the Plan’s legal duties and privacy practices with respect to health information about you; and
  • follow the terms of the notice that is currently in effect.

 How the Plan May Use and Disclose Health Information About You

The following are the different ways the Plan may use and disclose your PHI:

  • For Treatment. The Plan may disclose your PHI to a health care provider who renders treatment on your behalf.  For example, if you are unable to provide your medical history as the result of an accident, the Plan may advise an emergency room physician about the types of prescription drugs you currently take.
  • For Payment. The Plan may use and disclose your PHI so claims for health care treatment, services, and supplies you receive from health care providers may be paid according to the Plan’s terms.  For example, the Plan may receive and maintain information about a surgery you received to enable the Plan to process a hospital’s claim for reimbursement of surgical expenses incurred on your behalf.
  • For Health Care Operations.  The Plan may use and disclose your PHI to enable it to operate or operate more efficiently or make certain all of the Plan’s participants receive their health benefits.  For example, the Plan may use your PHI for case management or to perform population-based studies designed to reduce health care costs.  In addition, the Plan may use or disclose your PHI to conduct compliance reviews, audits, actuarial studies, and/or for fraud and abuse detection.  The Plan may also combine health information about many Plan participants and disclose it to the Company in summary fashion so it can decide what coverages the Plan should provide.  The Plan may remove information that identifies you from health information disclosed to the Company so it may be used without the Company learning who the specific participants are.
  • To the Company.  The Plan may disclose your PHI to designated Company personnel so they can carry out their Plan-related administrative functions, including the uses and disclosures described in this notice.  Such disclosures will be made only to the Company’s Assistant Superintendent, Administrative Services (“the Plan Administrator”) and/or the members of the Company’s Benefits Department.  These individuals will protect the privacy of your health information and ensure it is used only as described in this notice or as permitted by law.  Unless authorized by you in writing, your health information: (1) may not be disclosed by the Plan to any other Company employee or department and (2) will not be used by the Company for any employment-related actions and decisions or in connection with any other employee benefit plan sponsored by the Company.
  • To a Business Associate.  Certain services are provided to the Plan by third party administrators known as “business associates.”  For example, the Plan may input information about your health care treatment into an electronic claims processing system maintained by the Plan’s business associate so your claim may be paid.  In so doing, the Plan will disclose your PHI to its business associate so it can perform its claims payment function.  However, the Plan will require its business associates, through contract, to appropriately safeguard your health information.  See Attachment “A” for a listing of the Company’s business associates.
  • Treatment Alternatives.  The Plan may use and disclose your PHI to tell you about possible treatment options or alternatives that may be of interest to you, provided you have signed an Authorization to Disclose form.
  • Health-Related Benefits and Services. The Plan may use and disclose your PHI to tell you about health-related benefits or services that may be of interest to you.
  • Individual Involved in Your Care or Payment of Your Care. The Plan may disclose PHI to a close friend or family member involved in or who helps pay for your health care.  The Plan may also advise a family member or close friend about your condition, your location (for example, that you are in the hospital), or death.
  • As Required by Law.  The Plan will disclose your PHI when required to do so by federal, state, or local law, including those that require the reporting of certain types of wounds or physical injuries.

Special Use and Disclosure Situations

 The Plan may also use or disclose your PHI under the following circumstances:

  • Lawsuits and Disputes.  If you become involved in a lawsuit or other legal action, the Plan may disclose your PHI in response to a court or administrative order, a subpoena, warrant, discovery request, or other lawful due process.
  • Law Enforcement.  The Plan may release your PHI if asked to do so by a law enforcement official, for example, to identify or locate a suspect, material witness, or missing person or to report a crime, the crime’s location or victims, or the identity, description, or location of the person who committed the crime.
  • Workers’ Compensation.  The Plan may disclose your PHI to the extent authorized by and to the extent necessary to comply with workers’ compensation laws and other similar programs.
  • Military and Veterans.  If you are or become a member of the U.S. armed forces, the Plan may release medical information about you as deemed necessary by military command authorities.
  • To Avert Serious Threat to Health or Safety.  The Plan may use and disclose your PHI when necessary to prevent a serious threat to your health and safety, or the health and safety of the public or another person.
  • Public Health Risks.  The Plan may disclose health information about you for public heath activities.  These activities include preventing or controlling disease, injury or disability; reporting births and deaths; reporting child abuse or neglect; or reporting reactions to medication or problems with medical products or to notify people of recalls of products they have been using.
  • Health Oversight Activities.  The Plan may disclose your PHI to a health oversight agency for audits, investigations, inspections, and licensure necessary for the government to monitor the health care system and government programs.
  • Research.  Under certain circumstances, the Plan may use and disclose your PHI for medical research purposes.
  • National Security, Intelligence Activities, and Protective Services.  The Plan may release your PHI to authorized federal officials: (1) for intelligence, counterintelligence, and other national security activities authorized by law and (2) to enable them to provide protection to the members of the U.S. government or foreign heads of state, or to conduct special investigations.
  • Employee Request for Assistance.  The Company’s Plan Administrator and/or other designated personnel are unable to discuss personal health related issues in any manner with the employee or the employee’s representative or family member, without the signed consent of the employee by means of the Authorization to Disclose form, which is available in the Classified and Certificated Personnel Offices.
  • Organ and Tissue Donation.  If you are an organ donor, the Plan may release medical information to organizations that handle organ procurement or organ, eye, or tissue transplantation or to an organ donation bank to facilitate organ or tissue donation and transplantation.
  • Coroners, Medical Examiners, and Funerals Directors.  The Plan may release your PHI to a coroner or medical examiner.  This may be necessary, for example, to identify a deceased person or to determine the cause of death.  The Plan may also release your PHI to a funeral director, as necessary, to carry out his/her duty.

Your Rights Regarding Health Information About You

Your rights regarding the health information the Plan maintains about you are as follows:

  • Right to Inspect and Copy.  You have the right to inspect and copy your PHI. This includes information about your plan eligibility, claim and appeal records, and billing records, but does not include psychotherapy notes.
  • To inspect and copy health information maintained by the Plan (which includes enrollment documents only), submit your request in writing to the Plan Administrator.  The Plan may charge a fee for the cost of copying and/or mailing your request.  In limited circumstances, the Plan may deny your request to inspect and copy your PHI.  Generally, if you are denied access to health information, you may request a review of the denial.  For PHI, other than enrollment documents, submit your request according to your specific health plan provider’s policy procedure.
  • Right to Amend.  If you feel that health information the Plan has about you is incorrect or incomplete, you may ask the Plan to amend it. You have the right to request an amendment for as long as the information is kept by or for the Plan.
    To request an amendment, send a detailed request in writing to the Plan Administrator. You must provide the reason(s) to support your request.  The Plan may deny your request if you ask the Plan to amend health information that was:  accurate and complete, not created by the Plan; not part of the health information kept by or for the Plan; or not information that you would be permitted to inspect and copy.  For amendments to health information, other than enrollment documents, submit your request to your specific plan provider according to their policy procedure.
  • Right to An Accounting of Disclosures.  You have the right to request an “accounting of disclosures.”  This is a list of disclosures of your PHI that the Plan has made to others, except for those necessary to carry out health care treatment, payment, or operations; disclosures made to you; or in certain other situations.
    To request an accounting of disclosures, submit your request in writing to the Plan Administrator.  Your request must state a time period, which may not be longer than six years prior to the date the accounting was requested.
  • Right to Request Restrictions.  You have the right to request a restriction on the health information the Plan uses or disclosures about you for treatment, payment, or health care operations.  You also have the right to request a limit on the health information the Plan discloses about you to someone who is involved in your care or the payment for your care, like a family member or friend.  For example, you could ask that the Plan not use or disclose information about a surgery you had.To request restrictions, make your request in writing to the Plan Administrator.  You must advise us: (1) what information you want to limit; (2) whether you want to limit the Plan’s use, disclosure, or both; and (3) to whom you want the limit(s) to apply.Note:  The Plan is not required to agree to your request.
  • Right to Request Confidential Communications.  You have the right to request that the Plan communicate with you about health matters in a certain way or at a certain location.  For example, you can ask that the Plan send you explanation of benefits (EOB) forms about your benefit claims to a specified address.  All communications from your specific plan provider will be sent to you at the address listed on your enrollment form.  Change of address forms are available in the Classified and Certificated Personnel Offices and will be forwarded to the plan provider on your behalf.
    To request any other confidential communications, make your request in writing to the Plan Administrator.  The Plan will make every attempt to accommodate all reasonable requests.
  • Right to a Paper Copy of this Notice.  You have the right to a paper copy of this notice.  Paper copies are available in the Classified and Certificated Personnel Offices, and will be provided to new employees during plan enrollment.  A paper copy can also be obtained by printing a copy from the District’s Web Site (listed below).
  • Changes to this Notice The Plan reserves the right to change this notice at any time and to make the revised or changed notice effective for health information the Plan already has about you, as well as any information the Plan receives in the future.  The Plan will post a copy of the current notice on the District’s Web Site (http://www.dusd.net) and in the Classified and Certificated Personnel Offices at all times.
  • Complaints If you believe your privacy rights under this policy have been violated, you may file a written complaint with the Plan Administrator at the address listed on page 5.  Alternatively, you may complain to the Secretary of the U.S. Department of Health and Human Services, generally, within 180 days of when the act or omission complained of occurred.Note:  You will not be penalized or retaliated against for filing a complaint.

Other Uses and Disclosures of Health Information

Other uses and disclosures of health information not covered by this notice or by the laws that apply to the Plan will be made only with your written authorization.  If you authorize the Plan to use or disclose your PHI, you may revoke the authorization, in writing, at any time.  If you revoke your authorization, the Plan will no longer use or disclosure your PHI for the reasons covered by your written authorization; however, the Plan will not reverse any uses or disclosures already made in reliance on your prior authorization.

Contact Information

If you have any questions about this notice, please contact the District as follows:

Voluntary Deductions
Downey Unified School District
11627 Brookshire Avenue
Downey, CA  90241

Notice Effective Date:  April 14, 2003






Following is a listing of the contracted limited fiduciary third party administrators (also identified as “business associates”), which handle claims and claims appeals for the District, collectively constituting the self-funded programs of the Plan, with contact information:

Blue Shield of California
P.O. Box 272540
Chico, CA  95927-2540

Great West Life Assurance Co.
(Dental Insurance)
8505 East Orchard Road
Englewood, CO  80111

Vision Service Plan
3333 Quality Drive
Rancho Cordova, CA 95670

Following is a listing of contracted fully insured program plan providers (also identified as “business associates), whereas the Plan Administrator retains fiduciary functions limited to those of a contractor of a business service, collectively constituting the group insurance programs of the Plan, with contact information:

Kaiser Permanente
393 E. Walnut Street
Pasadena, CA  91188

Safeguard Dental Plan
c/o Member Services
P.O. Box 3594
Laguna Hills, CA 92654-3594

Great-West Life & Annuity
Insurance Company
8505 East Orchard Road
Englewood, CO 80111
1-800-663-8081 (Life Insurance)

Transamerica Assurance Co.
1150 South Olive Street, Suite T-600
Los Angeles, CA 90015

Following is a listing of other business associates:

AON Consulting
1901 Main Street, Suite 400
Irvine, CA 92614

HCC Benefits Corporation
225 TownPark Drive, Suite 145
Kennesaw, GA 30144

D o w n e y   U n i f i e d   S c h o o l  D i s t r i c t

HIPAA Plan Language Summary

Disclosure of Protected Health Information to the Employer



(1)  Definitions.  Whenever used in this Summary, the following terms shall have the respective meanings set forth below.

(a)  Plan—means the group health plan, including all Employer sponsored medical, dental, vision and life insurance programs.

(b)  Employer—means the Downey Unified School District, which is the plan sponsor of the Plan as defined in ERISA §3(16)(B).

(c)  Plan Administration Functions—means administrative functions performed by the Employer on behalf of the Plan, excluding functions performed by the Employer in connection with any other benefit or benefit plan of the Employer.

(d)  Health Information—means information (whether oral or recorded in any form or medium) that is created or received by a health care provider, health plan (as defined in 45 CFR §160.103), employer, life insurer, school or university, or health care clearinghouse (as defined in 45 CFR §160.103) that relates to the past, present, or future physical or mental health or condition of an individual, the provision of health care to an individual, or the past, present, or future payment for the provision of health care to an individual.

(e)  Individually Identifiable Health Information—means Health Information, including demographic information, collected from an individual and created or received by a health care provider, health plan, employer, or health care clearinghouse that identifies the individual involved or with respect to which there is a reasonable basis to believe the information may be used to identify the individual involved.

(f)  Summary Health Information—means information that summarizes the claims history, expenses, or types of claims by individuals for whom the Employer provides benefits under the Plan, and from which the following information has been removed:

(1) names;

(2) geographic information more specific than state;

(3) all elements of dates relating to the individual(s) involved (e.g., birth date) or their medical treatment (e.g., admission date) except the year; all ages for those over age 89 and all elements of dates, including the year, indicative of such age (except that ages and elements may be aggregated into a single category of age 90 and older);

(4) other identifying numbers, such as Social Security, telephone, fax, or medical record numbers, email addresses, VIN, or serial numbers;

(5) facial photographs or biometric identifiers (e.g., finger prints); and

(6) any information the Employer does not have knowledge of that could be used alone or in combination with other information to identify an individual.

(g) Protected Health Information (“PHI”)—means Individually Identifiable Health Information that is transmitted or maintained electronically, or any other form or medium.

(2) The Plan may disclose Summary Health Information to the Employer if the Employer requests such information for the purpose of obtaining premium bids for providing health insurance coverage under the Plan or for modifying, amending, or terminating the Plan.

(3) The Plan will disclose PHI to the Employer only in accordance with 45 CFR §164.504(f) and the provisions of this Section.

(4) PHI disclosed to the Employer in accordance with this Section may only be used for the following permitted and required uses and disclosures:

  • Plan Program Quality Assurance
  • Claims Processing Review and Auditing
  • Plan Program Monitoring for Overall Compliance
  • Periodic Reviews for Rate Quotes and Comparisons

(5) The Plan hereby incorporates the following provisions (a) through (j) to enable it to disclose PHI to the Employer and acknowledges receipt of written certification from the Employer that the Plan has been so amended.

Additionally, the Employer agrees:

(a)  not to use or further disclose PHI other than as permitted in Section (4) or as required by law;

(b)  to ensure that any of its agents or subcontractors to whom it provides PHI received from the Plan agree to the same restrictions and conditions;

(c)  not to use or disclose PHI for employment-related actions or in connection with any other benefit or employee benefit plan;

(d)  to report to the Plan any use or disclosure of the information that is inconsistent with the permitted uses and disclosures in Section (4);

(e)  to make PHI available to individuals in accordance with 45 CFR §164.524;

(f)  to make PHI available for individuals’ amendment and incorporate any amendments in accordance with 45 CFR §164.526;

(g)  to make the information available that will provide individuals with an accounting of disclosures in accordance with 45 CFR §164.528;

(h)  to make its internal practices, books, and records relating to the use and disclosure of PHI received from the Plan available to the Department of Health and Human Services upon request; and

(i)   if feasible, to return or destroy all PHI received from the Plan that the Employer maintains in any form and retain no copies of such information when no longer needed for the purpose for which disclosure was made, except that, if such return or destruction is not feasible, the Employer will limit further its uses and disclosures of the PHI to those purposes that make the return or destruction of the information infeasible.

(j)   to ensure that adequate separation between the Plan and the Employer, as required by 45 CFR §164.504(f), is established and maintained.

(6) The Plan will disclose PHI only to the following employees or classes of employees:

  • Assistant Superintendent, Administrative Services
  • Assistant Superintendent, Personnel Services
  • Director, Classified Personnel
  • Senior Accounting Assistant, Voluntary Deductions
  • Employees’ Sick Leave Bank Committee Chairperson (if employee signs release and is requesting days from the Sick Leave Bank)

Access to and use of PHI by the individuals described above shall be restricted to Plan Administration Functions that the Employer performs for the Plan.  Such access or use shall be permitted only to the extent necessary for these individuals to perform their respective duties for the Plan.

(7) Instances of noncompliance with the permitted uses or disclosures of PHI set forth in this Section by individuals described in Section (6) shall be addressed in the following manner:

  • Persons serving in the capacity of the positions listed in Section (6), shall be required to attend training on the regulations and the proper handling of PHI.
  • Employees found negligent in their handling of PHI will be subject to disciplinary action as outlined in Personnel Commission Rules and Regulations and the California Education Code, and may include removing the offending employee from the select group with access to PHI.

(8) A health insurance issuer or HMO providing services to the Plan is not permitted to disclose PHI to the Employer except as would be permitted by the Plan in this HIPAA Plan Language Summary and only if a notice is maintained and provided as required by 45 CFR §164.520.


Be sure to visit our Facebook for the lastest news and information click here