Page 107 - 2021 Medical Plan SPD
P. 107
Texas Mutual Insurance Company Medical Plan
Payroll Processing of benefits payroll deductions.
Internal Audit Internal Auditors Benefits audit process.
Legal Corporate Counsel, Sr. Counsel, Legal services for subpoenas, employment
General Counsel, and Legal matters, and claim disputes
Assistant
Investments Cash Manager Monitor plan cash flow activity.
Information Lotus Notes, Infinium and Workday Support of HRIS systems and programs.
Technology programming/support staff
Human Resources HR Employee Services Team Employee health plan operations.
If you believe your rights under HIPAA have been violated, you have the right to file a complaint with the
Legal Department c/o Privacy Officer or with the Secretary of the U.S. Department of Health and Human
Services. The Company will discipline employees who inappropriately fail to comply with the permitted
uses and disclosures of PHI, from counseling and additional training up to and including termination.
All other terms, provisions and conditions shown in your Health Benefits Plan Booklet will continue to
apply.
Security of Electronic Protected Health Information
Under the federal security regulations enacted pursuant to the Health Insurance Portability and
Accountability Act of 1996 (HIPAA), your health plans are required to safeguard the confidentiality and
ensure the integrity and availability of your Electronic Protected Health Information. Protected Health
Information (PHI) is individually identifiable health information related to your condition, services provided
to you, or payments made for your care, which is created or received by a health plan, a health care
clearinghouse, or a health care provider that electronically transmits such information. Electronic
Protected Health Information (ePHI) is PHI that is maintained or transmitted in electronic form. The Plan
and Texas Mutual Insurance Company (Employer) will reasonably and appropriately safeguard ePHI
created, received, maintained, or transmitted to or by Employer on behalf of the Plan.
The Plan and Employer are separate and independent legal entities, which exchange information to
coordinate your Plan coverage. In order to receive ePHI from the Plan, Employer agrees that it will:
■ Implement administrative, physical, and technical safeguards that reasonably and appropriately
protect the confidentiality, integrity, and availability of the ePHI that Employer creates, receives,
maintains, or transmits on behalf of the Plan;
■ Ensure that access to, and use and disclosure of ePHI by the employees or classes of employees
described in this Plan document is supported by reasonable and appropriate security measures;
■ Ensure that any agent, including a subcontractor, to whom Employer provides this information agrees
to implement reasonable and appropriate security measures to protect the information; and
■ Report to the Plan any security incident of which Employer becomes aware.
The classes of employees identified in the Employer’s HIPAA management procedure and protocols may
have access to, and use and disclose, PHI for plan administrative functions that the Employer performs.
If you believe your rights under HIPAA have been violated, you have the right to file a complaint with the
Plan or with the Secretary of the U.S. Department of Health and Human Services. Employer has provided
a mechanism for resolving issues of noncompliance by employees described above who have access to
ePHI. To file a complaint related to violations of HIPAA, please contact your supervisor or contact
the Privacy Officer directly. Also review the Employer’s privacy notice and HIPAA management
procedure for more information.
104 Section 8: General Legal Provisions
