Gonzaga University’s
Notice of Privacy Practices
For the Use and Disclosure of
Protected Health Information
This notice explains how your medical information may be used and disclosed and how
you can get access to this information. Please review it carefully.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) creates national
standards to protect an individuals personal health information including information relating to
health plan claims and enrollment. Gonzaga University is in compliance and subject to the 2004
regulations. This means that our health plan has been modified to comply with privacy protections
relating to the use and disclosure of Protected Health Information (PHI) by a health plan.
This document is intended to satisfy HIPAA’s notice requirement with respect to all health
information created, received, or maintained by the Gonzaga University Self-funded Premera Plan.
Gonzaga University does not hold your medical records and has little knowledge of your medical
information. The only contact Gonzaga University has through the Plan is payment of medical
premiums, enrollment in benefits, and claims assistance. Additionally, medical information is also
on file for on-the-job injuries, medical leave of absence records, or job accommodations under the
Americans With Disabilities Act (ADA), and the University applies the same privacy standards for
this information.
What is Protected Health Information (PHI)?
The privacy policy and practices of the Plan protects confidential health information that identifies
you or could be used to identify you and related to a physical or mental health condition or the
payment of your health care expenses. This individually identifiable health information is known as
“Protected Health Information” (PHI). Examples of this information includes your name, address,
birth date and social security number.
Gonzaga University’s Uses and Disclosures of your PHI:
1. Treatment - We do not provide treatment.
2. Payment – This refers to activities involving collection of premium and payment of claims.
3. Business Associates – The University has contractual agreements with each group that
may have access to any PHI that Gonzaga University chooses to disclose for purposes of
plan-related administrative functions. Our Business Associates are groups such as our
health and disability insurance providers, or third-party administrators.
4. Individual Involved in Your Care or Payment of Your Care – Using professional judgment
and authorization forms from you, Gonzaga University may disclose your PHI to a family
member or personal representative. In the case of an emergency this may be a very time
saving and important step in your safety and health.
5. Worker’s Compensation - In instances of work related health conditions, as your employer,
Gonzaga University may be given more information or asked to disclose information to a
medical care provider.
6. Law Enforcement - (1) Your PHI can be disclosed for law enforcement purposes as
required under state law or in response to a valid subpoena. (2) Provisions of federal law
permit the disclosure of your health information to appropriate health oversight agencies,
public health authorities, or attorneys in the event that a member or business associate of
Gonzaga University believes in good faith that there has been unlawful conduct or violations
of professional or clinical standards that may endanger one or more employees or the
general public.
7. University Compliance – The University will not use or disclose PHI for employment-related
actions and decisions, or in connection with any other employee benefits plan offered by
Gonzaga. Any disclosures deemed necessary by Gonzaga University, for the purpose of
administering health plan benefits, will be made only upon receipt of your written
authorization.
The University will ensure adequate separation between group health plan functions and
University administrative functions when such functions occur with the same entity, such as:
a)
b)
c)
Employees assigned to the Benefits Office perform job functions involving the handling
of PHI, coordination of payments or other health care operations related to
administration of the health plan. These individuals are responsible for observing
specified procedures and safeguards to protect the privacy of PHI.
Access to PHI is restricted to protect confidentiality of information during the benefits
administration process. Only employees assigned to the benefits administration
process performing their proper tasks and management personnel performing proper
oversight tasks are permitted access to PHI. Other employees are not permitted access
to PHI. Any inappropriate or unauthorized uses or disclosures of PHI will result in
corrective action.
In the event an unauthorized disclosure, employee complaint or other violation of
privacy policies, you may file a complaint with Kay Bruski, the HIPAA Privacy Official of
Gonzaga University, at 509-313-5861, or email to bruski@gonzaga.edu. She is
responsible for investigating and resolving the matter in a manner which complies with
the Privacy Rule. You also have the right to contact the Secretary of Health and Human
Services, with no fear of retaliation by Gonzaga University.
Other Uses and Disclosures of Health Information: Other uses and disclosures of health
information not covered by the Notice of Privacy Practices, or by the laws that apply, will be made
only with your written authorization. If you authorize Gonzaga University to use or disclose your
PHI, you may revoke the authorization, in writing, at any time. If you revoke your authorization,
Gonzaga University will no longer use or disclose your PHI for the reasons covered by your written
authorization. However, the University will not reverse any uses or disclosures already made in
reliance on your prior authorization.
Notice of Privacy Practices Availability: The terms described in this notice will be available in
the Human Resource Office, and on the website at www.gonzaga.edu/benefits.