Skip to content

Privacy & Security Notices 

HIPAA Notice of Privacy Practices 

Oxbridge Health understands that your health information is private, and we are committed to maintaining the privacy of this information. HIPAA gives you certain rights to privacy concerning your health information. The plan will follow the policies below to help ensure that your health information, i.e., “protected health information” (PHI), is protected and remains private. 

Each time you submit a claim to the plan for reimbursement and each time you see a health care provider who is paid by the plan, a record is created. The record may contain your PHI. Except in limited circumstances, the amount of information used or disclosed will be limited to the minimum necessary to accomplish the intent of the use or disclosure. 

This section describes how medical information about you may be used and disclosed and how you can get access to this information. Please review it carefully. 

The following information is effective as of the date of delivery of this notice. For further information on the contents of this section, please contact Security Compliance at securitycompliance@oxbridgehealth.com

Notice Summary 

Your Rights. You have the right to:  

  • Get a copy of your health and claims records;
  • Correct your health and claims records;
  • Request confidential communication;
  • Ask us to limit the information we share;
  • Get a list of those individuals we have shared your information;
  • Get a copy of this privacy notice;
  • Choose an authorized representative to act on your behalf; and
  • File a complaint if you believe your rights have been violated. 

Your Choices. You have some choices in the way that Oxbridge Health uses and shares information as we: 

  • Answer coverage questions from your family and friends;
  • Provide disaster relief; or
  • Market our services and sell your information. 

Other Uses and Disclosures. Oxbridge Health may use and share your information as we: 

  • Help manage the health care treatment you receive;
  • Administer the plan;
  • Pay for your health services;
  • Administer the health plan;
  • Help with public health and safety issues;
  • Do research;
  • Comply with laws;
  • Respond to organ and tissue donation requests;
  • Work with a medical examiner or funeral director;
  • Address workers’ compensation, law enforcement, and other government requests; or
  • Respond to lawsuits and legal action. 

Your Rights 

When it comes to your health information, you have certain rights. This section explains your rights and some of Oxbridge Health’s responsibilities to help you. 

Health and Claims Records 

You can ask to see or receive a copy of your health and claims records and other health information we have about you. We will provide a copy or a summary of your health and claims records, usually within 30 days of the request. We may charge a reasonable fee. You can also ask us to correct your health and claims records if you think they are incorrect or incomplete. We may not approve the request; however, we will provide a reason in writing within 60 days. Contact us for assistance with either request. 

Confidential Communications 

You can ask us to contact you in a specific way (e.g., home or cell phone or to send mail to a different address). We will consider all reasonable requests and say yes if you tell us you would be in danger if we do not. 

Information Sharing 

You can ask us not to use or share certain health information for treatment, payment, or our operations. We are not required to agree to your request, and we can say no if it would affect your care. You can ask for a list (accounting) of the times we have shared your health information for 6 years prior to the date you ask, who we shared it with, and why. We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (i.e., any you asked us to make). We will provide one accounting a year for free, but we may charge a reasonable fee if you ask for another one within 12 months. 

This Privacy Notice 

You can request a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly. 

Authorized Representative 

If you have given someone medical power of attorney, is your legal guardian, or you have given someone authorization (i.e., spouse, partner, adult child, or close adult family member or friend), that individual can exercise your rights and make choices about your health information. We will make sure the individual has this authority and can act for you before we take any action. 

Complaints 

You can complain if you feel we have violated your rights by contacting us at complaints@oxbridgehealth.com. You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/ocr/privacy/hipaa/complaints/. Oxbridge Health will not retaliate against you for filing a complaint. 

Your Choices 

For certain health information, you can inform Oxbridge Health of your choices about what we share. If you have a clear preference on how we share your information in the situations described below, contact us. After you tell us what you want us to do, we will honor your request. In these cases, you have both the right and choice to tell us to: 

  • Share information with your family, close friends, or others involved in payment for your care; and 
  • Share information in a disaster relief situation. 

If you are not able to inform us of your preference, (e.g., if you are unconscious), Oxbridge Health may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety. In these cases, we never share your information unless you provide written permission: 

  • Marketing purposes; or 
  • Sale of your information (i.e., to a third-party). 

Our Uses and Disclosures 

This section describes other ways that Oxbridge Health typically uses or shares your health information. 

Health Care Treatment 

Oxbridge Health may use your health information and share it with health professionals who are treating you to manage the treatment you are receiving. 

Example: A provider sends us information about your diagnosis and treatment plan so we can arrange additional services. 

Administer the Plan 

Oxbridge Health may use and disclose your information to run our organization and contact you when necessary. 

Example: We use health information about you to develop better services for you. 

NOTE: We are not allowed to use genetic information to decide whether to give you coverage or determine the cost of that coverage. 

Paying for Health Services 

Oxbridge Health may use and disclose your health information as we pay for your health services. 

Example: We share information about you with your Medicare plan or automobile policy to coordinate benefit payments. 

Administer the Health Plan 

Oxbridge Health may disclose your health information to the Plan Sponsor for plan administration. 

Example: Your company contracts with us to provide a health plan, and we provide your company with certain statistics to explain what we charge for employee coverage. 

Public Health and Safety Issues 

Oxbridge Health may share your information in other ways, usually in ways that contribute to the public good (i.e., public health and research), including safety issues. We must satisfy several legal requirements before we can share your information for these purposes. For more information, see https://www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/index.html. This involves certain situations, including: 

  • Preventing diseases; 
  • Helping with product recalls; 
  • Reporting adverse reactions to medications 
  • Reporting suspected abuse, neglect, or domestic violence; and 
  • Preventing or reducing a serious threat to anyone’s health or safety. 

Research 

Oxbridge Health can use or share your information for health research by obtaining a signed authorization or through informed consent. De-identified health information is not PHI and therefore, is not protected under the HIPAA Privacy Rule. 

Example: Oxbridge Health uses a specific collection of member data to perform a quality assessment and improvement study to understand and improve our service. 

If our primary purpose of study is to obtain generalizable knowledge, then the activity cannot be considered to be a health care operations activity, meeting the definition of “research,” and any use or disclosure of PHI for the study must be made in accordance with the HIPAA Privacy Rule’s provisions on the use and disclosure of PHI for research. 

or

If the primary purpose is not to develop or contribute to generalizable knowledge but to conduct a quality improvement or assessment study, then the study is considered to be a health care operation, and we may use or disclose PHI for the study as part of our health care operations under the HIPAA Privacy Rule.

Comply with the Law 

Oxbridge Health will share information about you if state or federal laws require it, including with the Department of Health and Human Services (DHHS), if it wants to see that we are complying with federal privacy laws. 

Other Agencies 

Oxbridge Health can use or share health information about you: 

  • With organ procurement organizations for organ and tissue donations; 
  • With a coroner, medical examiner, or funeral director upon death; 
  • For workers’ compensation claims; 
  • For law enforcement purposes or with a law enforcement official; 
  • With health oversight agencies for activities authorized by law; 
  • For special government functions such as military, national security, and presidential protective services; and 
  • For other government requests. 

Lawsuits and Legal Actions  

Oxbridge Health can share health information about you in response to a court order, administrative order, or a subpoena. 

Our Responsibilities 

Oxbridge Health’s responsibilities include following the duties and privacy practices described in this notice and providing you a copy of it, and refraining from using or sharing your information other than as described here, unless you inform us we can, in writing. If you inform us we can, you may change your mind at any time by notifying us in writing. Please note that the plan is unable to take back any disclosures it has already made with your authorization. 

Electronic Data Security Standards 

Oxbridge Health will apply the following provisions to enable it to use and disclose electronic PHI (e-PHI) as necessary to comply with the requirements of the Security Standards section under HIPAA, published under the Security Regulation section of HIPAA relating to the use and disclosure of PHI that is maintained in an electronic format: 

  • Oxbridge Health will implement administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the e-PHI that it creates, receives, maintains, or transmits on behalf of the plan; 
  • Oxbridge Health will ensure that the separation requirements applicable to the plan described above are supported by reasonable and appropriate data security measures to limit access to e-PHI to authorized users; 
  • Oxbridge Health will ensure that any agent, including a subcontractor, it provides e-PHI, agrees to implement reasonable and appropriate security measures to protect the information; and 
  • Oxbridge Health will ensure that any security incidents (within the meaning of 45 C.F.R. § 164.304) of which it becomes aware is timely reported to the appropriate parties. 

Oxbridge Health will take any such further action as is required to comply with the Security Regulation. 

Data Breach Reporting 

Oxbridge Health and/or its vendors will provide you prompt notice of any “breach” of privacy or security involving unsecured PHI to the affected individuals and to DHHS, as applicable, as provided by Title XIII of the American Recovery and Reinvestment Act of 2009 and the related final regulations issued by DHHS (“Modifications to the HIPAA Privacy, Security, Enforcement, and Breach Notification Rules Under the Health Information Technology for Economic and Clinical Health Act and the Genetic Information Nondiscrimination Act; Other Modifications to the HIPAA Rules” as set forth in Parts 160 and 164 of Title 45 of the Code of Federal Regulations). 

Changes to the Terms of the HIPAA Notice of Privacy Practices 

Oxbridge Health can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, and a copy will be provided to you. 

Retention of Data 

Oxbridge Health will retain your personally identifiable information (PII) and activity for as long as is necessary for the purposes set out in the HIPAA Notice of Privacy Practices. We will retain and use your PII only to the extent necessary to comply with our legal obligations, applicable laws, resolve disputes, and enforce our legal agreements and policies. 

Communication Methods 

Oxbridge Health may communication through email, text messaging, fax, U.S. mail, or other forms of communication. Information collected through email may be shared with our Customer Support Department, other Oxbridge Health associates, or third parties that perform services on our behalf. 

Unless otherwise noted, communications sent through our website are not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us. If you request that Oxbridge Health send information about you to someone using the communication methods identified above, the communication may not be completely secure. Therefore, please verify email addresses and/or fax numbers carefully before submitting your request. 

For questions or assistance related to HIPAA regulations: