Skip to main content

Individuals & Families

Individuals & Families
Dollar icon Pay Bill
SEARCH SITE

HIPAA Privacy Notice

EFFECTIVE: APRIL 14, 2003 REVISED: February 16, 2026

OUR PROMISE

At Independent Health, we recognize our responsibility to be diligent stewards of your personal information. We value the relationship we have with our members and are committed to protecting your information with administrative, technical, and physical safeguards to protect against unauthorized access as well as threats and hazards to its security and integrity. We take great care to safeguard your personal information using industry best practices.

We also require these same standards of our business associates and vendors. Independent Health trains employees on a regular basis about the importance of protecting your personal information. We protect the privacy of your information in accordance with federal and state privacy and security laws such as the Health Insurance Portability and Accountability Act (HIPAA).
 

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
 

This notice covers the privacy practices of Independent Health Association, Inc. and Independent Health Benefits Corporation.
 

WHAT IS YOUR PERSONAL INFORMATION?

Personal information is any information about you received or created by Independent Health for the purpose of administering your health benefits. This includes any information that can identify you as an individual, such as your name, address and Social Security Number, as well as your financial, health, and other information.
 

HOW INDEPENDENT HEALTH USES AND DISCLOSES YOUR PERSONAL INFORMATION

In order to administer your health insurance, Independent Health uses and discloses your personal information to coordinate treatment with your doctors, pay for your care, and administer our health care operations. When performing these functions, we only use or disclose the minimum amount of information necessary. These functions include:

  • Treatment. We may disclose your personal information to your health care providers to help them provide medical care to you. Here are a few examples:
    • If you are in the hospital, we may give your doctor at the hospital access to any medical or pharmacy records that we have. We may use your personal information to coordinate care.
    • To inform you of other health-related benefits, such as medical treatments, health-related products and services, or a description of our health plan or providers. For example, we might send you information about smoking cessation programs, weight loss programs, or prescription refill reminders.
  • Payment. To help pay for your covered services, we may use and disclose your personal information. For example, we may use and disclose your personal information:
    • To pay your medical bills that your health care providers have submitted to us.
    • To conduct “utilization review” (which means deciding if a particular health care item or service is medically appropriate).
    • To coordinate benefits between our coverage and other insurers who may be fully or partially responsible for payments.
  • Health Care Operations. We may use and disclose your personal information to others who help us conduct our health care operations. For example, we may disclose your personal information for the following purposes:
    • Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating Independent Health.
    • Conducting or arranging for medical review, legal, and auditing services, including fraud and abuse detection and compliance programs.
  • Business Associates. We may disclose your personal information to contracted third parties if they are performing services on our behalf. For example, we may disclose your personal information to become approved or accredited by an independent quality assurance entity. We will only disclose your personal information to outside entities that agree to protect your personal information just as we would, and we only transfer the minimum information necessary to accomplish a task. We obtain a written agreement from every business associate and review their practices to ensure they are protecting your personal information just as we would.
     
USES AND DISCLOSURES REQUIRED BY LAW

We may use or disclose your personal information without your authorization when required by law:

  • For public health and disaster relief efforts.
  • To regulatory bodies, such as the United States Department of Health and Human Services (HHS), the New York State Department of Financial Services (DFS), and the New York State Department of Health (DOH).
  • To report public health activities. For example, we may report to entities that track certain diseases such as cancer.
  • To a coroner or medical examiner to help identify a deceased person, to determine a cause of death, or as authorized by law. We may also disclose your personal information to a funeral director as necessary to carry out their duties.
  • To public health agencies in order to avoid harm. For example, we may report your personal information to a government authority if we believe there is a serious health or safety threat to you or others, or in cases of child abuse, neglect, or domestic violence.
  • For health oversight activities, such as audits, inspections, licensure, and disciplinary actions.
  • To meet legal requirements. For example, in response to a subpoena or court order.
  • For law enforcement activities. For example, we may disclose personal information to identify or locate a suspect, fugitive, material witness, or missing person, to report a crime, or to provide information about crime victims.
  • For specific government functions, such as military and veteran activities, national security and intelligence activities, and providing protective services to the President.
  • For workers’ compensation purposes.
     
OTHER USES AND DISCLOSURES

We may also use or disclose your personal information without your authorization in the following circumstances: 

  • For certain employer-sponsored group health plans. If you are enrolled in Independent Health because of your work and your employer has adopted certain privacy procedures, we may communicate with your employer to fulfill certain administrative requirements. Most often though, we will only disclose enrollment and disenrollment information and summary health information (i.e., aggregate data not including any of your identifiers like name, address, etc.) to your employer or any broker acting on your employer’s behalf. Please ask your employer for more details.
  • For purposes of organ donation, such as for procurement, banking or transplantation of organs, eyes, or tissue.
  • For research. If we use or disclose your personal information for a research project that contributes to general knowledge, we take the proper steps to keep your information private and secure. In some instances we may have a research review board approve the procedures we have put in place to secure your personal information before disclosure. If we do not receive approval from a research review board, we will ask for your authorization before we use or disclose your personal information for research.
  • For fundraising: In the event we would like to use your personal information for fundraising purposes, we will contact you and you will have the right to opt out of receiving these communications from us and our use of your information for such purposes.
  • For underwriting. Independent Health may receive your personal information for the purpose of underwriting, premium rating, or other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, such as premium computations, contribution amounts, or application of preexisting condition exclusions (collectively “underwriting”). If we received your personal information for an underwriting purpose and you become an Independent Health member, we will only use or disclose your personal information in accordance with this notice and applicable law. If you do not become an Independent Health member, we will only use your personal information we received for underwriting, unless we are required by law to use it for another purpose. We will not use genetic information for underwriting or prior to or in connection with your enrollment. Genetic information means information about your genetic tests (for example, analysis of human DNA, RNA or chromosomes) or the genetic tests of your family members, the manifestation of disease or disorder in your family members (for example, a family medical history) or any request of or receipt by you or your family members of genetic tests, genetic counseling or genetic education. The term genetic information does not include sex or age information. If you are pregnant, the term genetic information includes genetic information concerning the fetus. If you use reproductive technology, the term genetic information includes genetic information about an embryo.
  • If your personal information has been de-identified. “De-identifying” information means removing all parts of your information that could identify you. HIPAA gives us rules to follow when “de-identifying” your personal information and permits us to disclose de-identified information without your authorization.
     
SPECIAL CONSIDERATIONS

Both State and Federal law contain important limitations on how we can disclose your personal health information pertaining to HIV/AIDS, mental health, alcohol and substance use, sexually transmitted diseases, pregnancy/reproductive, and genetic testing. For those conditions, we follow rigorous standards that provide heightened privacy protections to you. These additional standards are designed to give you added security and confidence regarding our handling of such information while still allowing you to obtain needed medical treatment freely and without hesitation. 

  • Substance Use Disorder (SUD): Your information may include SUD information from Part 2 programs as defined in 42 CFR 2.11, which is subject to stricter disclosure standards than needed for other purposes.  We will not disclose SUD information received from a 42 CFR Part 2 program for the treatment, payment, or healthcare operations described above, unless you have provided specific written consent for us to do so. Any SUD data that we share with your consent will be accompanied by a re-disclosure prohibition statement, unless the disclosure is otherwise permitted by law. We will not disclose Part 2 records for any civil, criminal, administrative or legislative proceedings against you, unless (1) you give written consent for disclosure in a legal proceeding, (2) we receive a subpoena, or (3) we receive a court order in strict compliance with updated Part 2 requirements and the opportunity to be heard.
     
USES AND DISCLOSURES WE WILL NOT MAKE

Even though permitted by law, we will not use and disclose your personal information for the following reasons: 

  • Sale. We will not sell your personal information.
     
USES AND DISCLOSURES THAT REQUIRE YOUR AUTHORIZATION

If we disclose your information for a reason that does not fit in one of the general categories listed above, we must obtain your written permission. This written permission is called an “authorization.” Here are examples of instances when we must ask for your permission before disclosing your personal information:

  • If you consult an attorney and your attorney needs your personal information in order to represent you.
  • If anyone other than you or a doctor who is treating you asks us to disclose your personal information.
  • If we use your personal information to market an outside company’s product or service and we receive financial payment from the outside company for making the communication. However, we may send you refill reminders and communications about treatment, health-related products or services that are included in your plan, case management, and governmental programs without asking for your authorization first.

If you give us written permission and then change your mind about that permission, you may take back or revoke your written permission at any time, except if we have already acted based on your permission. If you have questions or would like to obtain a copy of our authorization form, please call our toll-free Member Services number on your ID card, Monday through Friday from 8 a.m. to 8 p.m., or e-mail us at memberservice@servicing.independenthealth.com.
 

WHEN YOU ASK US FOR PERSONAL INFORMATION ABOUT OTHERS

If you request your family members’ personal information, we may need to obtain written permission from that family member. Here are some examples:

  • If you call and ask for specific information about your spouse’s medical claims, such as a list of their pharmacy claims, we will ask for your spouse’s written permission before disclosing any information to you.
  • If you are a parent and ask for personal information about your son or daughter who is on your health insurance policy, but who is 18 or over, we will need to get your son or daughter’s written permission before disclosing their information to you.
  • If you ask us for information about a health care item or service that your minor child can obtain without your parental consent, such as outpatient mental health treatment, we will ask for your child’s written permission before disclosing that information to you.

If you have questions, please call our toll-free Member Services number on your ID card, Monday through Friday from 8 a.m. to 8 p.m., or e-mail us at memberservice@servicing.independenthealth.com.
 

YOUR RIGHTS REGARDING YOUR PERSONAL INFORMATION

By law, you have several important rights with respect to your personal information. You may exercise any of the rights described below, or ask any questions about these rights by calling our toll-free Member Services number on your ID card, Monday through Friday from 8 a.m. to 8 p.m., or e-mail us at memberservice@servicing.independenthealth.com

  • You have the right to ask us to restrict how we use, or disclose your personal information for treatment, payment, or health care operations. You may also ask that we limit the information we give to others who are involved in your health care or payment for your health care such as a family member or a friend. Your request may be received verbally or in writing. Please note that we will accommodate reasonable restriction requests. If we do agree, we will honor your request unless it is an emergency situation.
  • You have the right to ask us to communicate with you by a different method or in a different manner. For example, if you believe that you would be harmed if we send your personal information to your current mailing address (situations involving domestic disputes), you may ask us to send your personal information by fax instead of mail or to a P.O. Box instead of your home address. We will agree to reasonable requests.
  • You have the right to request a copy of your personal information in your designated record set, including an electronic copy in many cases. You also have the right to inspect your personal information in your designated record set. A “designated record set” is a group of records that is used by or for us to make decisions about you. We may ask you to request copies of your personal information in writing and to specify the information you are requesting. We also may charge a reasonable fee for copying and mailing your personal information. We will respond to your request no later than 30 days after we receive it. If we are unable to act within the 30 days, we may extend that time by no more than an additional 30 days. In certain situations, we may deny your request, or part of your request, but we will tell you why we are denying your request. You have the right to ask for a review of that denial.
  • You have the right to ask us to make changes to your personal information we maintain about you in your “designated record set” if you believe it is wrong or if information is missing. This is called the right “to amend” your personal information. Your request may be verbal or in writing, but you must provide a reason for your request. We will respond to your request no later than 60 days after we receive it. If we are unable to act within the 60 days, we may extend that time by no more than an additional 30 days. If we make the change, we will notify you that it was made. In some cases, we may deny your request to change your personal information. For example, we may deny your request if we did not create the information you want changed. If we deny your request, we will notify you in writing about the reason for the denial. The denial will explain your right to file a written statement of disagreement. These statements will be filed with the record you asked us to change.
  • You have the right to ask for an accounting of disclosures we have made for reasons other than treatment, payment and health care operations. You have the right to receive a maximum of six (6) years’ worth of disclosures in your accounting. Your request for an accounting must be in writing and specify the information requested. We will act on your request within 60 days, unless we need an additional 30 days.
  • You have the right to receive an electronic or paper copy of this notice.
  • You have the right and will receive notice about any breaches of your personal information in accordance with applicable state and federal laws.
  • You have the right to file a complaint if you believe your privacy rights have been violated or if you disagree with a decision we made about your access to your personal information. We will not take any action against you for filing a complaint. You may contact us with your complaint by calling, writing, or e-mailing Independent Health’s Servicing Department:

    Independent Health
    Attn: Servicing Department
    511 Farber Lakes Drive
    Buffalo, New York 14221
    memberservice@servicing.independenthealth.com

    Commercial Members:
    (716) 631-8701 or 1-800-501-3439 (TTY: 711)
    Monday through Friday, from 8 a.m. to 8 p.m.

    Medicare Advantage Members:
    (716) 250-4401 or 1-800-665-1502 (TTY 711)
    October 1 through March 31: Monday through Sunday, 8 a.m. to 8 p.m.
    April 1 through September 30: Monday through Friday, 8 a.m. to 8 p.m.

    MediSource, Child Health Plus and Essential Plan Members:
    (716) 250-7183 or 1-833-891-9372 (TTY: 711)
    Monday through Friday, 8 a.m. to 8 p.m.

    You could also contact the United States Department of Health and Human Services (HHS).

 

HOW INDEPENDENT HEALTH PROTECTS YOUR PERSONAL FINANCIAL INFORMATION

Most information we obtain about you relates to your health. However, your personal information could contain information that is financial in nature. We may obtain personal financial information about you from the following sources: 

  • Information received from you on applications or other forms such as your name, address, Social Security Number, and telephone number;
  • Information about your transactions with us, our affiliates or others, such as your premium payment history, enrollment history, type of health insurance coverage, medical claims history, and coordination of benefits information; and
  • Information about you from other sources, such as your employer or a hospital or medical facility you have visited.

Independent Health does not sell your personal financial information for any reason. We do not disclose your personal financial information, except as required by law and in order to perform treatment, payment and health care operations.
 

OUR OBLIGATION

We are required by law to maintain the privacy of your personal health information, give you notice of our legal duties and privacy practices, notify you following a breach of your personal information, and to follow the terms of the notice currently in effect. We may change the terms of this notice at any time. The revised notice will apply to any personal information we maintain. Once revised, we will give you the new notice by United States mail and will post it on our website.
 

QUESTIONS

If you have any questions about this notice or about how we use or disclose your personal information, please contact us.

Updated 03/2026

© Independent Health Association, Inc.

Facebook logo  Twitter logo

Our website uses cookies and data collection to enhance your experience, analyze website performance, and enable functionality. By remaining on our site you are providing consent to our use of cookies. For additional information view our policy.

I agree