We are committed to protect the privacy of personal data (including health information) disclosed to us by our clients, and our Associates and their families, and received by us from other sources at any time. As part of this commitment, Optimum Outcomes will comply in all material respects with:
- the Health Insurance Portability and Accountability Act of 1996, and as modified by the Health Information Technology for Economic and Clinical Health Act (“HITECH Act”), all as amended from time to time, including all final rules and regulations promulgated thereunder with respect to Optimum Outcomes operations in the United States, and
- all other privacy laws, rules and regulations that apply to Optimum Outcomes or its clients where Optimum Outcomes has operations.
This policy describes:
- the personal data that Associates and their families typically disclose to Optimum Outcomes or that Optimum Outcomes typically receives from other sources before, during or after employment by Optimum Outcomes, that is collected by Optimum Outcomes;
- how Optimum Outcomes typically collects personal data and health information and discloses or uses the personal data and health information Optimum Outcomes collects;
- the Associates and other business organizations that typically have access to the personal data that Optimum Outcomes collects;
- how Optimum Outcomes protects the personal data it collects;
- Associate rights to review and correct the personal data Optimum Outcomes collects;
- how to notify Optimum Outcomes about improper disclosures and uses of personal data and the action Optimum Outcomes will or may take after discovering that personal data Optimum Outcomes has collected has been improperly disclosed or used; and
- the circumstances under which Associates will be given a choice to Â“opt outÂ” or decline Optimum OutcomesÂ’ disclosure of their personal data.
This policy applies to (1) Optimum Outcomes, (2) the corporations, joint ventures and other business organizations that are owned or controlled by Optimum Outcomes, and (3) the employees and independent contractors of Optimum Outcomes and the joint ventures and other business organizations it owns or controls who receive Personal Data. References in this policy to Â“Optimum OutcomesÂ” include all the business organizations described in clauses (1), (2) and (3). References in this policy to Â“AssociatesÂ” include all natural persons described in clause (3).
Nothing in this policy is intended to imply, nor will anything in this policy be deemed to create, any ownership interest or privacy right in any voice or data transmission over Optimum OutcomesÂ’ voice or data networks. Optimum Outcomes retains ownership of, and the right to inspect, copy, retain and intercept, all e-mail, voice mail, telephone conversations and other electronic communications created using or transmitted over Optimum OutcomesÂ’ voice or data networks.
A. Personal Data Collected and Use of Personal Data
Business Personal Data
Your healthcare providers may provide Optimum Outcomes with your personal data and health information in order for us to assist in their revenue cycle management. Examples of how we use your information include:
We keep billing records that include payment information and documentation of the services provided to you by your healthcare providers. Your information may be used to obtain payment from you, your insurance company, or other third party. We may also contact your insurance company to verify coverage for your care or to notify them of upcoming services that may need prior notice or approval. For example, we may disclose information about the services provided to you to claim and obtain payment from your insurance company or Medicare.
We may also use your health information to:
- Share information with family or friends involved in your care or payment for your care, when appropriate;
- Share information with third parties who assist us with payment, collection of payment, or the day-to-day conduct of our ordinary business operations. Our business associates must protect your information by following our privacy practices;
- Remind you of an appointment;
- There are limited situations when we are permitted or required to disclose health information without your signed authorization. These situations are:
- For public health purposes such as reporting communicable diseases, work-related illnesses, or other diseases and injuries permitted by law; reporting births and deaths; and reporting reactions to drugs and problems with medical devices;
- To protect victims of abuse, neglect, or domestic violence;
- For health oversight activities such as investigations, audits, and inspections;
- For lawsuits and similar proceedings;
- When otherwise required by law;
- When requested by law enforcement as required by law or court order;
- For workers’ compensation or other similar programs if you are injured at work; and
- For specialized government functions such as intelligence and national security.
All other uses and disclosures, not described in this notice, require your signed authorization. You may revoke your authorization at any time with a written statement. However, Optimum Outcomes may not be able to reverse the use or disclosure of your health information while your authorization was in effect.
AssociatesÂ’ Personal Data
Personal data is collected from Associates when they apply for employment with Optimum Outcomes, when they accept an offer of employment with Optimum Outcomes, or during the course of their employment with Optimum Outcomes. Optimum Outcomes receives sensitive personal data in connection with (i) pre-employment and other background checks, (ii) pre-employment and other drug tests, (iii) enrollment for medical and other insurance benefits, and (iv) in certain cases, during or after Associates or their family members seek medical, insurance or other Optimum OutcomesÂ’ benefits.
Personal data collected may include, but may not be limited to, the following:
- personal information (e.g., name, date of birth, gender, marital status);
- background information (e.g., education (including schools attended, and dates of attendance, degrees or diplomas granted), training, work history (including names of employers, dates of employment, and compensation information), military and veteran status, criminal arrests, indictments and convictions);
- contact information (e.g., home and office address, home, office and cellular telephone numbers, home and office e-mail address, etc.);
- identification numbers (e.g., national insurance, social security, driving license, tax identification, passport, and similar identification numbers);
- compensation information (e.g., wages or salary, commissions, bonuses, stock option award and exercise information, employee stock purchase plan information, pension and 401(k) plan account information);
- health and medical information (e.g., results of pre- and post-employment drug tests, and personal, contact, and health information for Associates, their spouses, their dependents and their next-of-kin, etc.); and
- work history, experience, training and employment performance information (e.g., training courses attended, job assignments, account assignments, etc.).
Personal data is received or collected from (i) Associates and their family members when Associates apply for employment or Optimum Outcomes benefits, (ii) service providers in connection with pre-employment and other drug tests and background checks, and (iii) health, medical and other benefit providers in connection with the administration of Optimum OutcomesÂ’ benefits programs.
Optimum Outcomes discloses individual Associate personal data to (i) Optimum Outcomes Associates who reasonably need to receive such personal data to perform their duties for Optimum Outcomes, (ii) Optimum OutcomesÂ’ benefits providers who reasonably need to receive such personal data to administer the applicable benefit program, (iii) Optimum OutcomesÂ’ clients and prospective clients for whom you are providing, or are proposed to provide, services (except that sensitive personal data is not disclosed to clients or prospective clients other than in connection with transitions of employment where such sensitive personal data is necessary to be disclosed to accomplish benefits transitions and similar business purposes), and (iv) potential buyers and sellers of business units for which you are providing, or are proposed to provide, services (except that sensitive personal data is not disclosed to such buyers or sellers other than in connection with transitions of employment where such sensitive personal data is necessary to be disclosed to accomplish benefits transitions and similar business purposes).
Optimum Outcomes may disclose business personal data about an Associate to Optimum Outcomes Associates and other individuals and organizations without any restriction on its further use or restriction by the recipient. Our policy is not to disclose home addresses or telephone numbers to Optimum Outcomes Associates or other individuals or organizations without your prior approval, except that Optimum Outcomes may disclose your home address and telephone number (i) to Optimum OutcomesÂ’ senior leaders and your cost center managers and supervisors, and (ii) in emergency and critical business situations to other Associates who need to contact you. Personal data of your family and emergency contacts may also be provided to these Associates in similar circumstances.
Optimum Outcomes may disclose Associate personal data to outside firms and consultants (who will, in turn, disclose your personal data to their employees and consultants) who advise Optimum Outcomes on compensation and benefits programs or administer benefits programs for Optimum Outcomes. Optimum Outcomes requires each of these outside firms and consultants (other than licensed professionals, such as lawyers and doctors, who are subject to legally enforceable client confidentiality obligations) to sign a written confidentiality agreement that restricts them (and their employees and consultants) from disclosing to any person or using your personal data in any way that is not necessary to perform the services they have been engaged to provide. This confidentiality agreement must be signed before Optimum Outcomes discloses your personal data to these clients or prospective clients.
Optimum Outcomes may also disclose Associate personal data to clients and prospective clients and to possible merger and acquisition prospects for which you are providing, or are proposed to provide, services. Sensitive personal data is generally not disclosed to clients or prospective clients or to merger and acquisition prospects, and will not be disclosed without your prior written consent. Optimum Outcomes requires all of its clients to sign a written confidentiality agreement that restricts them (and their employees and consultants) from disclosing to any person or using your personal data in any way that is not directly related to the business relationship between Optimum Outcomes and the client. This confidentiality agreement must be signed before Optimum Outcomes discloses your personal data to these clients or prospective clients.
Optimum Outcomes does not disclose or sell AssociatesÂ’ personal data to any company or person for marketing purposes.
Each Optimum Outcomes subsidiary and affiliate that receives personal data from another Optimum Outcomes subsidiary or affiliate is a party to a personal data sharing agreement that protects the confidentiality of personal data. Optimum Outcomes may be required or requested to disclose personal data or sensitive personal data under applicable law or in response to valid legal process. This includes a search warrant, subpoena, court order or other request from a government or regulatory authority or agency. Optimum Outcomes reserves the right to disclose this information in response to any such request or requirement. Disclosures may also be appropriate to protect Optimum OutcomesÂ’ legal rights, during emergencies if physical safety is believed to be at risk, or to notify family members or public or private disaster relief agencies of your location or condition. Optimum Outcomes may disclose personal data or sensitive personal data to government or regulatory authorities or agencies if Optimum Outcomes believes that disclosure is required under applicable law (for example, if child pornography is discovered on a computer). Optimum Outcomes may disclose certain personal data or sensitive personal data about an Associate or his or her family to a group health plan where Optimum Outcomes is the sponsor of, or performs plan administration functions for, that group health plan, as specified in the relevant plan documents.
On-line Personal Data
In general, you can visit our Site without telling us who you are or revealing any personal information about yourself. However, you may choose to give us personal information, such as your name, address, telephone number, or e-mail address that may be needed, for example, to correspond with you, to allow you to participate in features offered by this Site, to provide you with a subscription or newsletter, or to transmit your resume for possible employment opportunities. If at any time you wish to have your name removed from a mailing list, subscription or other direct mailing you may receive from us, send us an email at [email protected] and we will remove your name promptly.
This Site may automatically collect certain information such as the Internet address of the domains from which users visit us and may analyze this data for trends and statistics. Also, when you access this Site, we may store information on your computer in the form of a “cookie” or similar file. Cookies are small pieces of text stored on your computer that may, for example, help us know which browser you are using and where you have been on our Site. A cookie may also tell us which pages are being viewed and which are not. This information helps us to improve the Site. Our Site does not require visitors to accept cookies, although some features of the Site may not be available to users who do not accept cookies. Most web browsers automatically accept cookies, but you can usually change your browser to block all cookies or receive a warning before a cookie is stored and you can erase cookies from your computer.
Unless otherwise disclosed herein or during the collection, personally identifiable information that may be collected from visitors to this Site is retained by Optimum Outcomes. Optimum Outcomes does not sell or transfer personal information collected on this Site to outside parties except to agents or contractors of Optimum Outcomes for business-related purposes in connection with services of this Site or of Optimum Outcomes. We may disclose aggregate statistics using information collected on our Site, but such statistics will include no personally identifiable information. Information submitted on this Site by candidates and applicants may be distributed to Optimum Outcomes and its agents and affiliates’ offices worldwide for recruiting or other employment-related purposes. Notwithstanding the foregoing, Optimum Outcomes may release information when we believe that such release is necessary to (i) comply with applicable law or governmental authorities, (ii) enforce or apply the terms of any of our agreements or (iii) protect the security or integrity of this Site or the rights, property or safety of Optimum Outcomes or others.
Please be aware that we provide links to other websites as a convenience to visitors to this Site and such third-party sites are not covered by the Privacy Policies. Neither Optimum Outcomes nor this Site are responsible for the content or information collection practices of any third-party linked site.
B. Individual Rights
You have the right to:
- Request restrictions on how we use and share your health information. We will consider all requests for restrictions carefully but are not required to agree to any restriction;
- Request that we use a specific telephone number or address to communicate with you;
- Request to inspect and copy your health information, including medical and billing records. Fees may apply. Under limited circumstances, we may deny you access to a portion of your health information and you may request a review of the denial; and
- Request a paper copy of this notice even if you agree to receive it electronically.
Optimum Outcomes discloses and uses an AssociateÂ’s personal data only in connection with the day-to-day conduct of its ordinary business operations. The AssociateÂ’s consent to the disclosures and uses described in this Policy of personal data will not be requested. Optimum OutcomesÂ’ Privacy Officer will determine whether or not a particular disclosure or use is described in this policy. Associates will be offered a choice whether or not to allow Optimum Outcomes to use or disclose personal data in a way not described in this policy before Optimum Outcomes uses or discloses your personal data. In this situation, your consent must be received in writing (or a legally equivalent electronic form) before Optimum Outcomes uses or discloses your personal data. If an Associate does not consent to the disclosure, identification information will be removed from the AssociateÂ’s records before the data is used or disclosed.
Optimum Outcomes maintains physical, electronic and procedural safeguards that it believes are reasonable and comply with applicable laws to guard personal data against loss, unauthorized access, destruction, misuse, modification, and improper disclosure. Sensitive personal information is retained in Optimum OutcomesÂ’ human resources database (or a similar system), other records or in physical form. This database is maintained on computer equipment located in a restricted access environment and passwords and other electronic safeguards restrict access to this database to a limited number of Associates. Physical files are retained in restricted access environments or locked cabinets when not being used. Of course, no computer system, physical location or information can ever be fully protected against every possible hazard.
Every Optimum OutcomesÂ’ Associate signs an employment agreement, which contains a specific obligation not to reveal confidential information, which includes personal data. Optimum OutcomesÂ’ employees are also required to attend a course, generally within 90 days after their first day of employment, during which their obligations regarding confidential information policies are discussed.
D. Data Access and Integrity
Optimum Outcomes desires that all personal data it collects or receives be accurate and complete. Optimum Outcomes will allow Associates to review any or all of their personal data that it has retained in your personnel file or other reasonably available files during regular business hours after Associates give reasonable notice of their desire to see that personal data. Each of our AssociateÂ’s family members will also be allowed to see his or her personal data (but not the AssociateÂ’s personal data) during regular business hours after giving reasonable notice of his or her desire to see that personal data.
If Associates or a family member(s) believe any personal data in Optimum OutcomesÂ’ possession or under its control is incorrect or incomplete, they will be allowed to update the information Optimum Outcomes has. If the information the Associate believes to be incorrect or incomplete is subject to interpretation or different viewpoints, as it could be in the case of a performance review, the Associate is allowed to submit written information to be included as part of Optimum Outcomes records.
Optimum OutcomesÂ’ Privacy Officer or his or her designee will promptly review and investigate every allegation that this Policy has been violated by any Associate, client, outside firm or consultant. As part of this review and investigation, the Privacy Officer will review any relevant processes and procedures to determine whether changes are necessary to prevent a recurrence of any substantiated violation of this policy.
Optimum Outcomes will take disciplinary action against any Associate who violates this policy. The severity of the disciplinary action taken will vary based on factors considered relevant by the Privacy Officer including:
- the sensitivity of the personal data disclosed or used in violation of this policy;
- the number of clients and their patients or Associates impacted by the violation of this policy;
- the duration of the improper disclosure or use;
- prior improper disclosure or use of personal data by the applicable Associate, and
- whether the violation was inadvertent or the result of inadequate training.
Except where (i) the improper disclosure or use of personal data was inadvertent or the result of inadequate training, or (ii) the Privacy Officer or his or her designee determines that the circumstances do not warrant such action for other reasons, the minimum disciplinary action to be taken will be a written reprimand placed in the AssociateÂ’s human resources record. Other disciplinary action may include suspension without pay (to the extent permitted by applicable law) and termination of employment. In all cases, the Privacy Officer or his or her designee shall determine whether additional training is to be required.
The Privacy Officer or his or her designee will review any violation of this Policy by a client, outside firm or consultant with a senior leader of such client, outside firm or consultant to determine the appropriate disciplinary action. Unless the Privacy Officer or his or her designee determines otherwise, appropriate disciplinary action with respect to an employee or consultant of a client, outside firm or consultant who violates this Policy should include actions similar to those that would occur if the employee or consultant were a Optimum OutcomesÂ’ Associate. In addition, the Privacy Officer or his or her designee should recommend whether the business relationship between Optimum Outcomes and the client, outside firm or consultant should be terminated as a result of the violation.
The results of each investigation, including any disciplinary action recommended or taken, will be reported to the Compliance Officer and the Board of Directors. Where Optimum Outcomes believes that the conduct may constitute a violation of any applicable law, rule or regulation, the conduct may be disclosed to appropriate law enforcement and regulatory authorities.
SECURITY OF INFORMATION
Optimum Outcomes uses commercially reasonable efforts to store and maintain personal information to protect it from loss, misuse, alteration, or destruction by any unauthorized use. While we strive to protect your personal information, Optimum Outcomes cannot ensure or warrant the security of any information you transmit to us and you do so at your own risk.
FOR MORE INFORMATION