Questions & Answers About The HIPAA Privacy Rule

CHC Compliance
What has Cigna HealthCare done to ensure Privacy compliance?

Cigna HealthCare has done the following to support privacy compliance:

  • Implemented procedures to protect member confidentiality and to address security breaches.
  • Trained all Cigna HealthCare employees on privacy and security issues and procedures.
  • Implemented HIPAA-appropriate contract language for our business associates, vendors and subcontractors.
  • Obtained certification from TruSecure , an independent information technology security-certifying firm for our Internet ( security policies, practices and safeguards.
  • Developed and implemented written disciplinary policies related to the use and disclosure of PHI, including employee sanctions for any employee who violates our policies.
What is the role of the Privacy Officer?

The Privacy Officer is responsible for oversight of all Cigna HealthCare activities concerned with the development, implementation, maintenance, dissemination and adherence to privacy and security policies and procedures.

What is PHI?

PHI is any information that:

  • Relates to the past, present or future physical or mental health of a person
  • Relates to the provision or payment for health care
  • Identifies the individual.

PHI includes medical information as well as demographic information, information about relatives, contact information and most other information that could identify an individual.

PHI contains "individually identifiable health information." This is information that also includes demographic details such as an individual's address, gender, Social Security number, or date-of-birth. Insurance applications with medical histories, for example, contain individually identifiable health information.

What is Cigna HealthCare's commitment to privacy?

Cigna HealthCare is committed to protecting confidential information about our customers, especially the confidential nature of our members' protected health information (PHI). We have complied with the privacy requirements of HIPAA, as well as other laws aimed at safeguarding privacy. We also have our own privacy policies and procedures in place. These are designed to protect customer privacy. We will continue to make this a priority.

Business Associate Agreements
Will "Business Associate" Language be required and/or included in our next contract renewal (for network providers)?

No, under the HIPAA privacy regulations, health plans are not considered to be the business associates of providers, since they do not perform a service for, or on behalf of providers. Reference Federal Register, Volume 65, No. 250, Page 82476 for more information.

Individual Rights
How will HIPAA affect Cigna HealthCare's members?

The HIPAA Privacy Rule provides members with the following individual rights related to their PHI:

  • Right to Request Restrictions on the use and disclosure of PHI
  • Right to Receive Confidential Communications
  • Right to Inspect and Copy your Confidential Information
  • Right to Amend your Records
  • Right to Receive an Accounting of Disclosures
  • Right to Receive Paper Copy of our Notice of Privacy Practices
Do Providers need to be ready to support the Individual Rights?

Yes. Providers need to be prepared to support all of the individual rights for members they provide services to and may need to interact with Cigna HealthCare to support requests for copies of confidential information.

Treatment, payment and health care operations (TPO)
Does HIPAA allow Cigna HealthCare to use protected health information (PHI) without my express authorization?

Cigna HealthCare may use and disclose PHI without a member's specific authorization when such use is permitted or required by law, such as for the purposes of treatment, payment and health care operations.

Cigna HealthCare may disclose protected health information (PHI) to a members' health care provider so that the provider can render treatment to a patient, to health care providers or other health plans to conduct payment activities and to support health care operations.

What activities fall under Treatment?

Treatment includes activities performed by a health care provider related to the provision, coordination or management of health care for a patient. Cigna HealthCare does not provide treatment, except for our Cigna Medical Group plans in Arizona.

What activities fall under Payment?

Payment includes activities related to billing and collection of premiums and fees to determine or fulfill Cigna HealthCare's responsibilities for coverage and provision of plan benefits. They include activities related to determining eligibility or coverage, utilization review, claims management and collection.

What activities fall under health care operations?

Health care operations include a wide variety of activities, including, but not limited to:

  • Credentialing
  • Business planning and development
  • Business management
  • Medical management, quality assessment and improvement
  • Premium rating and underwriting
  • Enrollment
  • Claim processing
  • Customer service
  • Fraud and abuse detection
  • Legal and auditing services
  • Disease/care management education