Privacy Policy
This Notice of Privacy Practices is intended voluntarily provide a notice of how Specialty Care Management (SCM NewCo) uses and discloses Personally Identifiable Information, including Protected Health Information. It is also intended to describe how individuals may exercise their rights with respect to their Personally Identifiable Information. While SCM NewCo is not legally required to publish this Notice, we do so as part of our commitment to safe and ethical business practices.
This Notice is principally but not solely intended for purposes of the Health Insurance Portability and Accountability Act of 1996, as amended by the Health Information Technology for Economic and Clinical Health Act of 2009, and their implementing regulations (collectively “HIPAA”). This Notice is intended to be interpreted consistently with HIPAA.
Under HIPAA We are the Business Associate of Health Plans – therefore, Specialty Care Management is not a Covered Entity under HIPAA. We provide services to Health Plans by contract. Health Plans are Covered Entities which are primarily responsible for compliance with HIPAA for the Protected Health Information of the individuals covered by the Health Plan Members. Our receipt, use, disclosure and protection of their Members’ Protected Health Information is regulated by HIPAA and Business Associate Agreements.
Our Health Plan clients authorize us to receive, use and disclose their Members’ Protected Health Information in compliance with HIPAA and Our Business Associate Agreements. We are required by law to maintain the privacy of Protected Health Information, and to abide by the terms of this Notice as currently in effect.
We operate within the United States and do not provide services outside of the United States.
This Notice applies to:
- Individuals who submit information through this website: www.specialtycm.com (“Website Users”). Website Users may contact us through this website to request information about us and our services.
- Individuals whose information we receive or create in order to provide any of our services via contract (“Members”)
The only services we provide to Website Users are:
- Access to the information published on our website.
- The ability to submit an inquiry through the Website to receive more information about us and/or our services.
These Website Services are provided free of charge, as-is, and without warranty.
The only personally identifiable information we collect about website users is through the “Request a Call” or “Contact” page on our website – which is not Protected Health Information and is submitted voluntarily by the user. We are not responsible for any content submitted by any website user.
The principal information provided by a website user is a limited set of Personally Identifiable Information for contact purposes (“Website User PII”) as requested on the “Contact” or “Request a Call” buttons. We may use or disclose Website User PII to contact the individual identified in response to the submission of an inquiry through the “Contact” page. We may also use Website User PII for Our own internal business purposes such as website and company administration, auditing, quality assurance, and improving the website, services or for our promotional efforts.
We do not sell Website User PII. We may disclose Website User PII to an organization identified by the Website User in an inquiry as part of follow-up to the inquiry. We may also disclose Website User PII to third parties for purposes such as website and company administration, auditing, quality assurance, and improving our website, services or promotional efforts. We may disclose Website User PII if required by law, or for purposes of regulatory inquiries or investigation or legal proceedings.
If you have submitted an inquiry through Our “Contact” form on the website and would like to change your information, please send a written request and proof that you are the person who is the subject of such PII to the contact address in this Notice below. We will either accept or reject a requested change within thirty (30) days of receipt, at our discretion.
We may track Website User activity on our Website using Google Analytics tags. These tags track a Website User’s path through our web pages on the website, and whether or not the website user completes the “Contact” information. We also use tags with on LinkedIn for tracking activity with respect to advertisements and posts that we may correlate with Google Analytics tags for activities on our website.
Website user activity information is not Website User PII unless it has been identified with a Website User who has provided identification information through Our “Contact” web page or “Request a Call” buttons. We do not identify website users who do not complete the “Contact” information – only for those users who submit their information via that web page. Because we do not identify users who do not provide identification information, we do not maintain processes to respond to use “do not track” signals or otherwise permit users to opt-out of our website usage tracking.
Specialty Care Management Services to Health Plans and Members involving Protected Health Information include:
- Dialysis Repricing and Cost-Containment: Dialysis Plus and Dialysis Prime
- Kidney Care Complete
- Chronic Kidney Disease (CKD) Management
- Prevention Programs: Diabetes Management, Weight Management, and Hypertension management
- Cancer Management
- Air Ambulance
- Negotiation Services
- Transplant
- Underwriting Support Services
The information we collect about Members (“Member Information”) depends upon the contracted services that we provide to their Health Plan. All such member information is Protected Health Information which is subject to HIPAA and the applicable Business Associate Agreement.
Member information typically includes contact and demographic information. It may also include information about the member’s health condition, healthcare provided to the member, and payment for the member’s health care.
We may collect Protected Health Information from a member’s Health Plan, the Health Plan’s Administrator, or Service Providers or Broker/Advisors. We maay also collect Protected Health Information from the Member, or from their health care providers. In some cases, we may collect personally identifiable information about a member from other sources, including public sources. Once it is in our possession any such information is considered Protected Health Information.
We do not collect genetic information (as defined under HIPAA) or information from substance use disorder (alcohol and drug) treatment programs.
Our use and disclosure of Protected Health Information is limited to purposes authorized under HIPAA and Our Business Associate Agreement.
As related to contracted service(s), we may disclose Protected Health Information to the employer or other organization which sponsors the Health Plan for purposes permitted under their Plan Documents and our Business Associate Agreement. HIPAA requires a plan sponsor such as an employer to ensure that its employees who receive such information only use or disclose it as necessary to perform certain plan administration functions or as otherwise required by HIPAA, unless the Member authorizes other disclosures. In such a case a Member’s Protected Health Information cannot be used for employment purposes without the member’s specific authorization.
We may also use or disclose Protected Health Information for our own proper management and administration, to fulfill our legal responsibilities, or if we are required to do so by law. These may include such purposes as management and administration of our Services, business processes and information systems; financial, employee and contractor management, and fulfilling our legal obligations including those under HIPAA and our Business Associate Agreement.
Other types of uses or disclosures will be made only if and to the extent permitted by HIPAA and the applicable Business Associate Agreement, and in some cases based on member authorization. We do not sell Protected Health Information or use it for fund-raising or marketing purposes.
HIPAA provides a number of rights for individuals with respect to their Protected Health Information. A Member’s Health Plan is principally responsible for these. Under Our Business Associate Agreements, we are required to refer such requests to the Health Plan (or its administrator, if applicable) for fulfillment. These rights include:
- The right to request restrictions on the use and disclosure of their Protected Health Information in addition to those provided by HIPAA.
- The right to receive communications of Protected Health Information by an alternative means or at an alternative location.
- The right to inspect and copy Protected Health Information.
- The right to amend Protected Health Information.
- The right to receive an accounting of disclosures of Protected Health Information.
Members participating in any of our Care Management or Nurse Coaching Programs may request amendment of their contact and demographic information directly with their assigned RN.
For all other purposes, a member may submit a request to exercise one of these rights to Our Chief Privacy Officer at the contact information provided below. Any such request will be forwarded to the Member’s Health Plan for decision. The Health Plan, its administrator, or Specialty Care Management- if directed by or on behalf of the Health Plan, will respond to the request.
We use reasonable and appropriate safeguards to ensure the confidentiality, integrity and availability of the Protected Health Information that we create, receive, maintain and transmit; to protect against reasonably anticipated threats or hazards to such information, and against any reasonably anticipated uses or disclosures of such information not permitted under HIPAA — and to ensure our compliance with HIPAA.
In case of a security breach affecting Protected Health Information, we will notify the affected Health Plan(s) as required by HIPAA and our Business Associate Agreements. The Health Plan will be responsible for determining whether to notify affected Members. We will fully cooperate in any investigation and response to any security breach.
We reserve the right to revise and update this Notice of Privacy Practices, and to make any new notice applicable to all Personally Identifiable Information we maintain, including Protected Health Information, to the extent permitted by law. We will provide notification of any new notice by prominent publication on our website no later than thirty (30) days before the effective date of the new notice.
Any website user or member may file a complaint with us if they believe we have violated their privacy rights, under HIPAA or any other laws.
- To file a complaint with us, please use the Contact Information provided in this Notice below.
The U.S. Federal Trade Commission (“FTC”) and the Attorney General of the state in which you reside have jurisdiction over your consumer privacy issues. While this website and our services are not provided for consumer use, website users and members who believe that we may have violated their consumer privacy rights may be able to make an inquiry or file a complaint with the FTC or the Attorney General of their state where they reside.
- To make an inquiry or file a complaint with the FTC, please see the information at the FTC’s website: www.reportfraud.ftc.gov
Members may also file a complaint with their Health Plan or the U.S. Department of Health and Human Services Office of Civil Rights (“Office of Civil Rights”). In some states the Attorney General may also accept HIPAA complaints.
- To file a complaint with the Health Plan, please see the Notice of Privacy Practices provided by the Health Plan. Information may also be provided in the Health Plan’s Summary Plan Description (“SPD”).
- To file a complaint with the Office of Civil Rights, please see the information at the HHS.gov website, U.S. Department of Health & Human Services – Office for Civil Rights (hhs.gov)
For questions about this Notice or to exercise your privacy or HIPAA rights please contact:
SCM Privacy & Security Officer
Specialty Care Management
90 W. Valley Rd. Ste 1000
Wayne, PA 19801
itsecurity@specialtycm.com