Skip to Content

Provider Manual

Data security and confidentiality

Last Updated on August 28, 2018

Data security

Security Health Plan and the affiliated provider will maintain reasonable security procedures to prevent unauthorized access to data, data transmissions, security access codes, envelopes, backup files, source documents and the covered entity’s operating system. Security Health Plan and the affiliated provider will immediately notify each other of any unauthorized attempt to obtain access to or otherwise tamper with data, data transmissions, security access codes, envelopes, backup files, source documents or the other party’s operating system when an attempt may have an impact on the other party.

  • Protected health information. Security Health Plan and the affiliated provider will comply with all applicable privacy statutes and regulations, guidelines and health care industry customs concerning treatment of protected health information (PHI).
  • Submitting documentation containing PHI to Security Health Plan.  Below are examples of general rules providers should follow to protect patient/member PHI.
    • When providers submit medical records or other documentation containing PHI to Security Health Plan for claims processing or appeals, prior authorization requests, or any other reason, providers should attach patient/member information for only the member involved.  Patient/member information for any other individual should not be included.
    • For example, a provider should completely black out all information for other Security Health Plan members on a reimbursement statement if submitted as part of an appeal or any other request.
    • Providers should submit only the minimum amount of information pertinent to the issue in question, providing enough information to resolve the situation without providing any unnecessary PHI.
  • Notice of unauthorized disclosures and uses. Security Health Plan and the affiliated provider will promptly notify each other of any unlawful or unauthorized use or disclosure of confidential or protected health information in which the disclosure may have an impact on the other party, and will cooperate with each other in the event that any litigation arises concerning the unlawful or unauthorized disclosure or use of confidential or protected health information.

Operating systems security

Security Health Plan and the affiliated provider will develop, implement and maintain appropriate security measures for the operating system. Security Health Plan and the affiliated provider will document and keep current its security measures. Security Health Plan and the affiliated provider’s security measures will include, at a minimum, the requirements and implementation features set forth in all applicable DHHS security regulations.