Safeguarding Horizon BCBSNJ Information
Horizon BCBSNJ is committed to protecting its members' and customers' Private Information as well as our own confidential information. Private Information includes our members' Personal Health Information (“PHI”), as well as any other information we collect about our members, and confidential information includes Horizon BCBSNJ proprietary information. All Horizon BCBSNJ information, files and documents are considered confidential information.
Various state and federal laws and regulations, including the Health Insurance Portability and Accountability Act (“HIPAA”), govern Horizon BCBSNJ's use and disclosure of its members' Private Information. Private Information may not be used or disclosed except as permitted by Horizon BCBSNJ's policies and applicable privacy and security rules. Generally, that means for the purpose of treatment, payment or health care operations, and with the member's authorization.
In addition, when using, disclosing or requesting Private Information, HIPAA requires that only the minimum information necessary to accomplish a task be used, disclosed or requested. Using more than the minimum information necessary is a violation of Horizon BCBSNJ policy and may be a violation of the law.
In addition, generally, Vendors who provide services to, or on behalf of, Horizon BCBSNJ and require the use and disclosure of Private Information to perform those functions are considered Business Associates. Any Vendor who is a Business Associate must enter into a Business Associate Agreement with Horizon BCBSNJ, as required by HIPAA.
A Vendor who is a Business Associate of Horizon BCBSNJ must report any activities that may compromise the security of the data or systems or the privacy of Horizon BCBSNJ information in accordance with the terms of its Business Associate Agreement with Horizon BCBSNJ. Vendors who are not Business Associates of Horizon BCBSNJ must promptly report any activities that may compromise the security, privacy or confidentiality of Horizon BCBSNJ information. Failure to immediately report a security, privacy or confidentiality breach or violation may result in termination of the Vendor's business relationship with Horizon BCBSNJ.
Vendors may not access, use or disclose private and confidential information unless they have a legitimate business need to do so and are performing an appropriate business function for Horizon BCBSNJ. Vendors must protect private, proprietary and confidential information even after they are no longer associated with Horizon BCBSNJ. When the relationship with Horizon BCBSNJ ends, Vendors must return all private, proprietary and confidential information. This information may not be disclosed to any unauthorized entity, such as a different company or employer, and cannot be used for any purpose other than to further Horizon BCBSNJ's legitimate business interests.