2026_Retiree_Benefits_MWAA | Page 17

employees, contractors, volunteers, trainees and other persons whose work performance is under the direct control of the Airports
Authority. The term“ employee” includes all of these types of workers.
USE AND DISCLOSURE OF PROTECTED HEALTH INFORMATION
The following categories summarize ways that the Airports Authority may use and disclose PHI. Some of the categories include examples, but every type of disclosure in a category is not listed. The term“ you” generically refers to you and your family member( s). For a more detailed listing of uses and disclosures of PHI, please contact the Privacy Officer.
benefits problems and understanding plan coverage / terminology.
• Health-Related Benefits and Services: For assessment and referral purposes, the
Airports Authority may use PHI to manage the Employee Assistance Program.
• As Required by Law: The Airports
Authority will disclose PHI when required to do so by federal, state or local law.
• Lawsuits and Disputes: If you are involved in a lawsuit or dispute, the Airports Authority may disclose PHI in response to a court or administrative order. We may also disclose PHI in response to a subpoena, discovery request or other
lawful process.
Except for the purposes described below
and in the complete Privacy Practices and Procedures, we will use and disclose PHI only with your written permission. If you grant permission to use and disclose PHI for a purpose not discussed in this notice, you may revoke that permission, in writing, at any time by contacting the Privacy Officer.
• Law Enforcement / National Security and Intelligence Activities: The Airports Authority may release PHI if asked to do so by a law enforcement official in response to a court order, subpoena, warrant, summons or similar process. We may also disclose PHI to authorized
federal officials for intelligence,
In accordance with HIPAA, the Airports
Authority may use and disclose PHI for the following purposes:
counterintelligence and other national security activities authorized by law.
• To a Business Associate: Certain services
• For Treatment: The Airports Authority may disclose your PHI to a health care provider who renders treatment on your behalf. For example, if you are injured due to an accident and are unable to provide your medical history to the medical provider, the Airports Authority may advise an emergency room physician about the types of prescription drugs you currently take.
are provided to the Airports Authority by third-party administrators known as
“ business associates.” The Plan requires its business associates, through contract, to appropriately safeguard your health information.
• Military and Veterans: If you are or become a member of the U. S. Armed Forces, the Airports Authority may release
medical information about you as
• For Payment: The Airports Authority may use and disclose PHI so that we or others may bill or receive payment from you, an insurance company or a third party for the treatment and services you received.
deemed necessary by military command authorities.
• To Avert Serious Threat to Health or Safety: The Airports Authority may use
and disclose your PHI, when necessary,
For example, we may use and disclose PHI to assist employees with denied claims.
• For Health Care Operations: The Airports Authority may use and disclose PHI for health care operations purposes. These uses and disclosures are necessary for our operation and management purposes. For example, we may use PHI for purposes of assessing health care plan service, quality or performance or for analyzing associated costs. We may also use PHI for plan enrollment / eligibility purposes on behalf of an employee, or for assisting an employee with correcting
to prevent serious threat to your health and safety or the health and safety of the public or another person.
INDIVIDUAL RIGHTS You have the following rights regarding PHI that the Airports Authority maintains about you:
• Breach of Unsecured PHI: You must be notified in the event of a breach of unsecured PHI. A“ breach” is the acquisition, access, use or disclosure of PHI in a manner that compromises the security or privacy of the PHI. PHI
17
|
METROPOLITAN WASHINGTON AIRPORTS AUTHORITY
is considered compromised when the breach poses a significant risk of financial harm, damage to your reputation, or other harm to you. This does not include good faith or inadvertent disclosures or when there is no reasonable way to retain the information. You must receive a notice of the breach as soon as possible and no later than 60 days after the discovery of the breach.
• Right to Inspect and Copy: You have the right to inspect and copy PHI that may be used to make decisions about your care, payment for your care or for your health care operation including your PHI maintained in an electronic format. If your PHI is available in an electronic format, you may request access electronically and that this be transmitted directly to someone you designate. To inspect and copy this PHI, you must make your request in writing to the Privacy Officer.
• Right to an Accounting of Disclosures: You have the right to request an“ accounting of disclosures,” including a disclosure involving an electronic health record. This is a list of the disclosures we made of your PHI that is not one of the uses and disclosures described earlier.( Note: If a disclosure involved an electronic health record, then you have the right to request an accounting even if the disclosure was one of the uses and disclosures described earlier.) To request this list, you must submit your request, in writing, to the Privacy Officer.
• Right to Amend: If you feel that PHI the Airports Authority has is incorrect or incomplete, you may ask the Airports Authority to amend the information. You have the right to request an amendment for as long as the information is kept by or for the Airports Authority. To request an amendment, you must make your request, in writing, to the Privacy Officer. We may deny the request if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you request amendment of information that:
• Was not created by the Airports Authority, unless the person or entity that created the information is no longer available to make the amendment;
• Is not part of the PHI kept by the