Protecting your personal health information

HIPAA Notice of Privacy Practices

This notice describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully.

This Notice describes your rights and our responsibilities concerning your protected health information (“PHI”).

PHI is information that may identify you as an individual and relates to your past, present, or future physical or mental health or condition. It also includes information related to the past, present, or future payment for your health care.

This Notice applies only to Sun Life’s* dental, vision, expense-based cancer, long-term care, and other “health plans” pursuant to the Health Insurance Portability and Accountability Act (“HIPAA”). Health plans are individual or group products that provide, or pay the cost of, medical care.  This Notice does not apply to our life insurance, disability insurance, or other products that are not health plans.

Your Privacy is Important to Sun Life

We are committed to maintaining the privacy and security of your PHI as required by law.  We must provide you with a copy of this Notice and abide by the terms of this Notice.  We reserve the right to change the terms of this Notice.  If we do make changes, the new provisions will apply to all PHI that we maintain.  If we make a material change to our Notice, we will mail you a revised Notice.

Primary Uses and Disclosures of Your PHI

The following describes how we are most likely to use and/or disclose your PHI. If state law further restricts how we can use and disclose information, we will follow applicable state laws.

Treatment, Payment or Health Care Operations

  • Treatment – We are not a health care provider.  However, we can use or disclose your PHI for treatment purposes. For example, we may disclose your PHI if your doctor requests it for treatment purposes. 
  • Payment – We may use or disclose your PHI to obtain premiums or provide coverage and benefits under your health plan.  For example, we may disclose information about your eligibility for our health plan coverage when a provider requests it.  Another example includes the use of your information to determine if a treatment that you received was medically necessary.
  • Health Care Operations – We may use or disclose your PHI to run our business and contact you as necessary.  For example, we may use or disclose your PHI for underwriting, conducting audits, or for medical reviews of claims.

Business Associates

We may disclose your PHI to our business associates to perform various functions on our behalf.  Examples of such functions include claims administration or enrollment.  We require business associates to agree in writing to contract terms designed to safeguard your information.

Plan Sponsor

We may disclose your PHI to the plan sponsor of your group health plan.

Other Possible Uses and Disclosures

The following describes other possible ways in which we may use or disclose your PHI.

Required by Law

We will use or disclose your PHI when required to do so by federal, state, or local law. 

Public Health Activities

We may use or disclose PHI for public health activities as permitted or required by law.  Examples include preventing or controlling public health risks or reporting child abuse or neglect to an appropriate government authority. 

Abuse or Neglect

We may disclose PHI about you if we believe you are a victim of abuse, neglect, or domestic violence. We will do so if in our judgment it is necessary to prevent serious harm to you or others.

Health Oversight Activities

We may disclose your PHI to a health oversight agency for activities authorized by law.  This might include audits, investigations, and other activities necessary for appropriate oversight. 

Legal Proceedings

We may use or disclose your PHI in the course of a judicial or administrative proceeding.  This might occur if a court orders us to do so or in response to some other lawful process.

Law Enforcement

We may disclose your PHI to law enforcement officials as required by law or for certain other reasons.  An example includes providing evidence of a crime that occurred on our premises.

Decedents

We may disclose PHI to a coroner, medical examiner, or funeral director so they can perform their legal duties. 

Donation/Transplantation

We may disclose PHI to organizations that handle organ, eye, or tissue donation and transplantation.

Research

We may disclose your PHI for research purposes, subject to certain conditions to protect your privacy. 

To Prevent a Serious Threat to Health or Safety

We may use or disclose your PHI if we believe it is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public.  We may also disclose PHI if it is necessary for law enforcement authorities to identify or apprehend an individual.

Specialized Government Functions

We may disclose your PHI for certain specialized government functions, such as military, national security, and presidential protective services. 

Workers’ Compensation

We may use or disclose your PHI to comply with workers’ compensation laws and other similar programs.

Others Involved in Your Health Care

We may disclose your PHI to a family member or other individual that you identify.  We will do so if the information is directly relevant to that person's involvement with your health care or payment of your health care.  We also may disclose your PHI to a public or private entity assisting in a disaster relief effort.  If you are not present or able to agree, then we will use our professional judgment to determine whether the disclosure is in your best interest.

Genetic Information

We may not use or disclose any genetic information for underwriting purposes for all health plans.  This prohibition does not apply to long term care. 

Other Uses and Disclosures Made Only With Your Written Authorization

We will not use or disclose your PHI except as described above unless we have your written authorization.  If we maintain or receive psychotherapy notes about you, most disclosures of these notes require your authorization.  If we contact you for our fundraising, we will provide you a right to opt out of such communications.  Also, most uses and disclosures of PHI for marketing purposes, and sales of PHI, require your authorization.  If you provide us with such an authorization, you may revoke the authorization in writing at any time.  Your revocation will be effective for future uses and disclosures of PHI.  However, the revocation will not be effective to the extent we already acted in reliance on your authorization.

Your Rights

The following information describes your rights with respect to your PHI.

Right to Request a Restriction

You have the right to request restrictions on the PHI we use or disclose about you.  Your request must tell us: (1) what information you wish to limit; and (2) how you want to limit our use and/or disclosure. 

We are not required to agree to your request.  If we do agree, we will follow the restriction unless the information is needed to provide you emergency treatment. 

Right to Request Confidential Communications

You may request that we communicate with you about PHI in an alternative manner or at an alternative location.  Your request must specify what parts of your PHI that your request covers.  It must also specify how and where you wish to be contacted. For example, you can ask that we only contact you at your work address or via your work e-mail. 

Right to Inspect and Copy

You have the right to inspect and copy your PHI. This includes medical, billing, payment, enrollment, claims and other records used to make decisions about your health care benefits. However, you may not inspect or copy psychotherapy notes and certain other information.

Your request may include an electronic copy in certain cases if you make this request in writing.

If you request a copy of your PHI, we may charge a reasonable, cost-based fee. 

We may deny your request to inspect and copy your PHI in certain limited cases.  If we deny you access to your PHI, you may request a review of the denial.  A licensed health care professional chosen by us will review your request and the denial.  The person performing this review will not be the same person who denied your initial request.  Under certain conditions, our denial will not be reviewable.  If this event occurs, we will inform you in our denial that the decision is not reviewable.

Right to Amend

If you believe that your PHI is incorrect or incomplete, you may request that we amend your information.  Your written request should include the reason the amendment is necessary.

In certain cases, we may deny your request for an amendment.  For example, we may deny your request if the PHI is maintained by another entity, and not by us.  If we deny your request, you have the right to file a statement of disagreement with us.  We will link your statement of disagreement with the disputed information.  All future disclosures of the disputed information will include your statement.

Right of an Accounting

You have a right to an accounting of most disclosures of your PHI, with certain exceptions.  These exceptions include disclosures made for treatment, payment, health care operations, and certain other disclosures.  An accounting will list the date(s) of the disclosure, to whom we made the disclosure, a brief description of the PHI disclosed, and the purpose for the disclosure.

Your request may be for disclosures made up to 6 years before the date of your request.  The first list you request within a 12-month period will be free.  For additional lists, we may charge you for the costs of providing the list.  We will notify you of the cost involved.  We will also provide you with an opportunity to withdraw or modify your request before you incur any costs.

Right to a Paper Copy of This Notice

You have the right to a paper copy of this Notice, even if you have agreed to accept this Notice electronically.

Breach Notification

We will notify you if there is a breach of your unsecured health information as required by law or where we otherwise deem appropriate.

Complaints

If you believe that we have violated your privacy rights, you may file a complaint with us.  All complaints must be in writing. You may also submit a complaint to the Secretary of the U.S. Department of Health and Human Services. 

We will not penalize or in any other way retaliate against you for filing a complaint.

How to Exercise Your Rights or Request More Information

To fulfill any of the above requests, send your written request to:

SLF US Compliance Department
Sun Life
One Sun Life Executive Park
Wellesley Hills, MA 02481
Attention: HIPAA Privacy Officer.

For further questions about the information described in the Notice, you may write to the above address or call 1-800-247-6875.

*In this notice, ”Sun Life,” “we,” “us,” and “our” refer to Sun Life Assurance Company of Canada, Sun Life and Health Insurance Company (U.S.), Professional Insurance Company, and the following prepaid dental companies:  DentiCare of Alabama, Inc., Union Security DentalCare of Georgia, Inc., Union Security DentalCare of New Jersey, Inc., UDC Dental California, Inc., UDC Ohio, Inc., United Dental Care of Arizona, Inc., United Dental Care of Colorado, Inc., United Dental Care of Michigan, Inc., United Dental Care of Missouri, Inc., United Dental Care of New Mexico, Inc., United Dental Care of Texas, Inc., United Dental Care of Utah, Inc.
Effective date of this notice: October 1, 2019

Choose another region

Find legal, privacy, security and fraud information for where you do business with Sun Life.

 

Select another region