HIPAA Compliance

Privacy Practices and Member Rights & Responsibilities

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that requires health plans to implement additional security and privacy protections of member health information. Commonwealth Care Alliance (CCA) is committed to protecting member privacy and is compliant with HIPAA regulations, as well as other federal and state privacy regulations. To maintain a high level of security consistent with industry standards, we constantly monitor and make improvements to our security infrastructure. CCA is required by law to protect the privacy of a member’s health information and to provide a Notice of Privacy Practices, which describes the following:

• CCA must have a member’s written authorization before CCA uses or communicates to others a member’s health information for purposes other than providing or arranging for healthcare, the payment for or reimbursement of care that was provided, and other related administrative activities.
• CCA may be required or permitted by certain laws to use or communicate a member’s health information for other purposes without consent or authorization.

In addition to rights listed in the Member Rights and Responsibilities section of the site, a CCA member can:

• Review and receive a copy of his/her health information that CCA creates and maintains
• Request an amendment or a correction regarding that information
• Request an accounting of disclosures of his/her health information
• Request that CCA communicate with the member confidentially
• Request that CCA restrict certain uses and disclosures of his/her health information
• File a complaint with CCA’s Privacy and Security Officer if a member feels their rights to privacy have been violated

CCA members have the right to receive a copy of our current Notice of Privacy Practices.