Axis Capital UK/EU Privacy Notice

IF APPLICABLE: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Who Will Follow This Notice

This Notice is being provided pursuant to certain requirements of the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and related regulations. You also have a right to receive a paper copy of this Notice and may ask us to give you a copy of this Notice at any time.

As applicable, this Notice describes the practices of AXIS Capital Holdings Limited and its affiliates (collectively, “AXIS”). All uses of “we”, “our”, “us”, and any like terms in this Notice shall refer to AXIS.

Our Commitment to Your Privacy

Please note that this Notice does not list every use or disclosure; instead it gives examples of the most common uses and disclosures, as described below.

We understand that medical information about you and your health is personal and we are committed to protecting that information. We create a record of your benefits, eligibility status and claims history. We need this record to provide you with quality health care services and to comply with certain legal requirements. Hospitals, physicians and other health care providers providing health care services to you may have different policies or notices regarding their uses and disclosures of your medical information.

This Notice will tell you about the ways in which we may use and disclose medical information about you. This Notice will also describe your rights and certain obligations we have regarding the use and disclosure of medical information.

We are required by law to abide by the terms of this Notice to: (1) make sure that medical information that identifies you is kept private; (2) give you this Notice of our legal duties and privacy practices with respect to medical information about you; and (3) follow the terms of the notice that is currently in effect.

How We May Use and Disclose Medical Information About You

We will not disclose your medical information to anyone, except with your authorization or as otherwise permitted or required by HIPAA and other applicable law. Uses and disclosures other than those described in this Notice will require your written authorization. Your written authorization is required for most uses and disclosures of psychotherapy notes, marketing and any use or disclosure that might constitute a sale of personal health information. You may revoke your authorization at any time, but you cannot revoke your authorization if we have already acted on it.

Payment

We may use and disclose your medical information to pay for your medical benefits. These activities may include determining eligibility or coverage for insurance benefits, reviewing services provided to you to determine medical necessity, and undertaking utilization review or case management activities with respect to your claims. For example, we may use and disclose your medical information to pay your claims or process your premium payments.

Treatment

We may use or disclose medical information about you to facilitate medical treatment or services by providers. We may disclose medical information about you to health care providers, including doctors, nurses, technicians, medical students, or other medical personnel who are involved in taking care of you. For example, we might disclose information about you to physicians who are treating you.

Health Care Operations

We may use or disclose medical information about you for our insurance operations. These uses and disclosures are necessary to run the insurance company and make sure that our insureds receive quality service. Here are some examples of the ways that we use your medical information for our health care operations: creation, renewal, replacement or maintenance of your insurance contract; placing an insurance contract for reinsurance of our insurance risks; claims adjudication; disclosures to medical consultants to determine the medical necessity of treatment recommended by your physician; policy administration, underwriting and premium rating; eligibility determinations; detection and investigation of fraud and other unlawful conduct; recovery of overpayments; conduct of grievances and appeals programs; and disclosures to PPO networks for purposes of repricing claims.

We may use or disclose your medical information as necessary to provide you with information about other health-related products or services that are included in your insurance benefits, including communications about replacement of, or enhancements to, an insurance contract. For example, your name and address may be used to send you a newsletter about our organization and your insurance benefits. You may opt-out of receiving such materials. We will not disclose your medical information to third parties for marketing purposes without your written authorization.

Required Disclosures

We will disclose medical information about you when required to do so by federal, state or local law. We must also share your medical information with the Secretary of the Department of Health and Human Services to investigate or determine our compliance with federal privacy laws.

To Avert a Serious Threat to Health or Safety

We may use and disclose medical information about you when necessary to prevent a serious threat to your health and safety or to the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

Health Oversight

We may disclose protected health information to a health oversight agency for activities authorized by law, such as audits, investigations and inspections. Health oversight agencies include government agencies that oversee health plan administration, state insurance regulatory authorities and certain other government regulatory programs.

Public Health Risks

We may disclose medical information about you for public health activities. These activities may include (1) the prevention or control of disease, injury or disability and (2) notifying people of recalls of products they may be using.

Lawsuits and Disputes

If you are involved in a lawsuit or a dispute, we may disclose medical information about you in response to a court or administrative order. We may also disclose medical information about you in response to a subpoena, discovery request or other lawful process by someone else involved in the dispute, but only if efforts have been made to tell you about the request (which may include written notice to you) or to obtain an order protecting the information requested.

Law Enforcement

We may release medical information if asked to do so by a law enforcement official: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) to identify or locate a suspect, fugitive, material witness or missing person; (3) about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; or (5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

For Specific Government Functions

We may disclose your medical information for the following specific government functions: (1) health information of military personnel, as required by military authorities; (2) health information of inmates, to a correctional institution or law enforcement official; and (3) for national security reasons.

Workers’ Compensation

We may disclose your protected health information as authorized to comply with workers’ compensation laws and other similar legally established programs.

Business Associates

We may disclose your medical information to our business associates. We will enter into contracts with our business associates that require them to only use and disclose your health information as we are permitted to do so under HIPAA.

De-Identified Information

We may use your medical information to create information that is not is not individually identifiable health information. We are not required to obtain your authorization when we use or disclose de-identified information.

Whenever we use or disclose your medical information as described in this Notice we will make reasonable efforts to limit the use or disclosure of such medical information to the minimum necessary to accomplish the intended purpose of the use or disclosure, as required by HIPAA.

Your Rights

The following is a statement of your rights with respect to your medical information and a brief description of how you may exercise these rights.

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your medical information. You may inspect and obtain a copy of medical information about you for as long as we maintain the medical information. We may charge you a fee for the costs of copying, mailing or other supplies that are necessary to grant your request. You have the right to choose to obtain a summary instead of a copy of your medical information.

Under federal law, however, you may not inspect or copy psychotherapy notes or information compiled in reasonable anticipation of, or for use in a civil, criminal or administrative action or proceeding. We may deny your request to inspect and copy your medical information in certain circumstances, as permitted by HIPAA. If you are denied access to medical information, you may have the right to request that the denial be reviewed. A review will be granted as and to the extent required by HIPAA.

Right to Amend

If you feel that the medical information we have about you is incorrect or incomplete, you may ask us to amend the information. You have the right to request an amendment for as long as the information is kept by us. You must also provide a reason that supports your request. We may deny your request for an amendment if it is not in writing or does not include a reason to support the request. In addition, we may deny your request if you ask us to amend any of the following information: (1) information that is not part of the medical information kept by us; (2) information that was not created by us, unless the person or entity that created the information is no longer available to make the amendment; (3) information that is not part of the information which you would be permitted to inspect and copy; or (4) information that is accurate and complete.

Right to an Accounting of Disclosures

You have the right to request an accounting of disclosures (that is, a list of certain disclosures of your medical information). You do not have a right to an accounting of disclosures under certain circumstances including, but not limited to, the following:

for treatment, payment or health care operations;
to you about your own health information;
incidental to other permitted disclosures;
where authorization was provided;
to family or friends involved in your care (where disclosure is permitted without authorization);
for national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances; or
as part of a limited data set where the information disclosed excludes identifying information.
To request this list or accounting of disclosures you must submit your request, which shall state a time period, which may not be longer than six years and may not include dates before April 14, 2003. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to a Restriction

You have the right to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment, or health care operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, like a family member or friend. For example, you could ask that we not use or disclose information about a surgery that you had. We are not required to agree to a restriction that you request. If we do agree to a requested restriction, we will put the agreement in writing and follow it, except in emergency situations. We cannot agree to limit uses or disclosures of information that are required by law.

Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. We will accommodate all reasonable requests. Your request must specify how or where you wish to be contacted.

Breach Notification

We will notify you following the discovery of any “breach” (as defined in HIPAA) of your unsecured protected health information (“Notice of Breach”). Your Notice of Breach will be in writing and provided via first-class mail, or alternatively, by email if you have previously agreed to receive such notices electronically. If the breach involves:

10 or more individuals for whom we have insufficient or out-of-date contact information, then we will provide substitute individual Notice of Breach by providing the notice in major print or broadcast media where the affected individuals likely reside; or
Less than 10 individuals for whom we have insufficient or out-of-date contact information, then we will provide a substitute Notice of Breach by an alternative form.

Your Notice of Breach shall be provided without unreasonable delay and in no case later than 60 days following the discovery of a breach and shall include, to the extent possible:

a description of the breach;
a description of the types of information that were involved in the breach;
the steps you should take to protect yourself from potential harm;
a brief description of what we are doing to investigate the breach, mitigate the harm, and prevent further breaches; and
our relevant contact information.

Additionally, for any substitute Notice of Breach provided via web posting or major print or broadcast media, the Notice of Breach shall include a toll-free number for you to contact us to determine if your protected health information was involved in the breach.

Changes to Notice

We can change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the medical information we already have about you as well as any information we receive in the future. If there is a material change to the way we use or disclosure your medical information, your rights, our legal duties or other privacy practices as stated in this Notice we will send you a copy of the revised notice.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of the Department of Health and Human Services https://ocrportal.hhs.gov/ocr/cp/complaint_frontpage.jsf. All complaints must be submitted in writing. You will not be penalized for filing a complaint.

How to Contact Us

Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:

Contact: Data Protection Officer
Email: [email protected]
Address: 10000 Avalon Boulevard, Suite 200, Alpharetta, GA 30009
Phone: 888 914 9661, PIN 292703

Effective Date: 11 May 2023 v2.0

AXIS

AXIS Capital HIPPA Privacy Notice