Self-Insured Schools of California (SISC)

HIPAA Notice of Privacy Practices

Esta noticia es disponible en espanol si usted lo suplica. Por favor contacte el oficial de privacidad indicado a continuación.

Purpose of This Notice

This Notice is required by law.

The Self-Insured Schools of California (SISC) group health plan consisting of these self-funded benefits: medical PPO plan options including utilization management, prescription benefit management (PBM) and medical plan claims administration services, telemedicine program with MDLIVE, self-funded dental PPO plan options, self-funded vision PPO plan options, Wellness program, Medicare Supplement program, COBRA administration, and Health Flexible Spending Account (FSA) administration, (hereafter referred to as the “Plan”), is required by law to take reasonable steps to maintain the privacy of your personally identifiable health information (called Protected Health Information or PHI) and to inform you about the Plan’s legal duties and privacy practices with respect to protected health information including:

• The Plan’s uses and disclosures of PHI,
• Your rights to privacy with respect to your PHI,
• The Plan’s duties with respect to your PHI,
• Your right to file a complaint with the Plan and with the Secretary of the U.S. Department of Health and Human Services (HHS), and
• The person or office you should contact for further information about the Plan’s privacy practices.
• To notify affected individuals following a breach of unsecured protected health information.

PHI use and disclosure by the Plan is regulated by the Federal law, Health Insurance Portability and Accountability Act, commonly called HIPAA. You may find these rules in 45 Code of Federal Regulations Parts 160 and 164. This Notice attempts to summarize key points in the regulation. The regulations will supersede this Notice if there is any discrepancy between the information in this Notice and the regulations. The Plan will abide by the terms of the Notice currently in effect. The Plan reserves the right to change the terms of this Notice and to make the new Notice provisions effective for all PHI it maintains.

You may receive a Privacy Notice from a variety of the insured group health benefit plans offered by SISC. Each of these notices will describe your rights as it pertains to that plan and in compliance with the Federal regulation, HIPAA. This Privacy Notice however, pertains to your protected health information held by the SISC self-funded group health plan (the “Plan”) and outside companies contracted with SISC to help administer Plan benefits, also called “business associates.”

Effective Date

The effective date of this Notice is February 16, 2026, and this notice replaces notices previously distributed to you.

Privacy Officer

The Plan has designated a Privacy Officer to oversee the administration of privacy by the Plan and to receive complaints. The Privacy Officer may be contacted at:

Privacy Officer: Chief Information Systems Officer

Self-Insured Schools of California (SISC)

2000 “K” Street P.O. Box 1847 – Bakersfield, CA 93303-1847

Phone: 661-636-4410

Confidential Fax: 661-636-4893

Your Protected Health Information

The term “Protected Health Information” (PHI) includes all information related to your past, present or future health condition(s) that individually identifies you or could reasonably be used to identify you and is transferred to another entity or maintained by the Plan in oral, written, electronic or any other form.

PHI does not include health information contained in employment records held by your employer in its role as an employer, including but not limited to health information on disability, work-related illness/injury, sick leave, Family or Medical Leave (FMLA), life insurance, dependent care flexible spending account, drug testing, etc.

This Notice does not apply to information that has been de-identified in accordance with HIPAA. De-identified information is information that does not identify you, and with respect to which there is no reasonable basis to believe that the information can be used to identify you, is not individually identifiable health information.

When the Plan May Disclose Your PHI

Under the law, the Plan may disclose your PHI without your written authorization in the following cases:

• At your request. If you request it, the Plan is required to give you access to your PHI in order to inspect it and copy it.
• As required by an agency of the government. The Secretary of the Department of Health and Human Services may require the disclosure of your PHI to investigate or determine the Plan’s compliance with the privacy regulations.
• For treatment, payment or health care operations (“Plan Administration”). The Plan and its business associates will use your PHI (except psychotherapy notes in certain instances as described below) without your consent, authorization or opportunity to agree or object in order to carry out treatment, payment, or health care operations.

The Plan does not need your consent or authorization to release your PHI when you request it, a government agency requires it, or the Plan uses it for treatment, payment or health care operations.

The Plan Sponsor has amended its Plan documents to protect your PHI as required by Federal law. The Plan may disclose PHI to the Plan Sponsor for purposes of treatment, payment and health care operations in accordance with the Plan amendment. The Plan may disclose PHI to the Plan Sponsor for review of your appeal of a benefit or for other reasons related to the administration of the Plan.

Definitions and Examples of Treatment, Payment and Health Care Operations
Treatment is health care.	Treatment is the provision, coordination or management of health care and related services. It also includes but is not limited to coordination of benefits with a third party and consultations and referrals between one or more of your health care providers. For example: The Plan discloses to a treating specialist the name of your treating primary care physician so the two can confer regarding your treatment plan.
Payment is paying claims for health care and related activities.	Payment includes but is not limited to making payment for the provision of health care, determination of eligibility, claims management, and utilization review activities such as the assessment of medical necessity and appropriateness of care. For example: The Plan tells your doctor whether you are eligible for coverage or what percentage of the bill will be paid by the Plan. If we contract with third parties to help us with payment, such as a claims payer, we will disclose pertinent information to them. These third parties are known as “business associates.”
Health Care Operations keep the Plan operating soundly.	Health care operations includes but is not limited to quality assessment and improvement, patient safety activities, auditing, business planning and development, reviewing competence or qualifications of health care professionals, underwriting, enrollment, premium rating and other insurance activities relating to creating or renewing insurance contracts. It also includes disease management, case management, conducting or arranging for medical review, legal services and auditing functions including fraud and abuse compliance programs and general administrative activities. For example: The Plan uses information about your medical claims to refer you to a disease management program, to project future benefit costs or to audit the accuracy of its claims processing functions.

When the Disclosure of Your PHI Requires Your Written Authorization

Generally, the Plan will require that you sign a valid authorization form in order to use or disclose your PHI other than:

• When you request your own PHI
• A government agency requires it, or
• The Plan uses it for treatment, payment or health care operation.

You have the right to revoke an authorization.

Although the Plan does not routinely obtain psychotherapy notes, generally, an authorization will be required by the Plan before the Plan will use or disclose psychotherapy notes about you. Psychotherapy notes are separately filed notes about your conversations with your mental health professional during a counseling session. They do not include summary information about your mental health treatment. However, the Plan may use and disclose such notes when needed by the Plan to defend itself against litigation filed by you.

The Plan may use and disclose (either by the Plan directly or through third party vendors to the Plan) your PHI to tell you about possible treatment options, health care alternatives, or health-related (including mental health and substance abuse) benefits or services that may be of interest to you, provided that the Plan does not receive financial remuneration from a third party in exchange for making the communication. Such a third-party vendor to the Plan may contact you directly about those options, alternatives, benefits or services.

The Plan generally will require an authorization form for uses and disclosure of your PHI for marketing purposes (a communication that encourages you to purchase or use a product or service) if the Plan receives direct or indirect financial remuneration (payment) from the entity whose product or service is being marketed. The Plan generally will require an authorization form for the sale of protected health information if the Plan receives direct or indirect financial remuneration (payment) from the entity to whom the PHI is sold. The Plan does not intend to engage in fundraising activities.

Use or Disclosure of Your PHI Where You Will Be Given an Opportunity to Agree or Disagree Before the Use or Release

Disclosure of your PHI to family members, other relatives and your close personal friends without your written consent or authorization is allowed if:

• The information is directly relevant to the family or friend’s involvement with your care or payment for that care, and
• You have either agreed to the disclosure or have been given an opportunity to object and have not objected.

Note that PHI obtained by the Plan Sponsor’s employees through Plan administration activities will NOT be used for employment related decisions.

Use or Disclosure of Your PHI Where Consent, Authorization or Opportunity to Object Is Not Required

In general, the Plan does not need your written authorization to release your PHI if required by law or for public health and safety purposes. The Plan and its Business Associates are allowed to use and disclose your PHI without your written authorization (in compliance with section 164.512) under the following circumstances:

• When required by law.
• When permitted for purposes of public health activities. This includes reporting product defects, permitting product recalls and conducting post-marketing surveillance. PHI may also be used or disclosed if you have been exposed to a communicable disease or are at risk of spreading a disease or condition, if authorized by law.
• To a school about an individual who is a student or prospective student of the school if the protected health information this is disclosed is limited to proof of immunization, the school is required by State or other law to have such proof of immunization prior to admitting the individual and the covered entity obtains and documents the agreements to this disclosure from either a parent, guardian or other person acting in loco parentis of the individual, if the individual is an unemancipated minor; or the individual, if the individual is an adult or emancipated.
• When authorized by law to report information about abuse, neglect or domestic violence to public authorities if a reasonable belief exists that you may be a victim of abuse, neglect or domestic violence. In such case, the Plan will promptly inform you that such a disclosure has been or will be made unless that notice would cause a risk of serious harm. For the purpose of reporting child abuse or neglect, it is not necessary to inform the minor that such a disclosure has been or will be made. Disclosure may generally be made to the minor’s parents or other representatives, although there may be circumstances under Federal or state law when the parents or other representatives may not be given access to the minor’s PHI.
• To a public health oversight agency for oversight activities authorized by law. These activities include civil, administrative or criminal investigations, inspections, licensure or disciplinary actions (for example, to investigate complaints against providers) and other activities necessary for appropriate oversight of government benefit programs (for example, to investigate Medicare or Medicaid fraud).
• When required for judicial or administrative proceedings. For example, your PHI may be disclosed in response to a subpoena or discovery request, provided certain conditions are met, including that:
  • the requesting party must give the Plan satisfactory assurances a good faith attempt has been made to provide you with written Notice, and
  • the Notice provided sufficient information about the proceeding to permit you to raise an objection, and
  • no objections were raised or were resolved in favor of disclosure by the court or tribunal.
• When required for law enforcement health purposes (for example, to report certain types of wounds).
• For law enforcement purposes if the law enforcement official represents that the information is not intended to be used against the individual, the immediate law enforcement activity would be materially and adversely affected by waiting to obtain the individual’s agreement and the Plan in its best judgment determines that disclosure is in the best interest of the individual. Law enforcement purposes include:
  • identifying or locating a suspect, fugitive, material witness or missing person, and
  • disclosing information about an individual who is or is suspected to be a victim of a crime.
• When required to be given to a coroner or medical examiner to identify a deceased person, determine a cause of death or other authorized duties. When required to be given to funeral directors to carry out their duties with respect to the decedent; for use and disclosures for cadaveric organ, eye or tissue donation purposes.
• For research, subject to certain conditions.
• When, consistent with applicable law and standards of ethical conduct, the Plan in good faith believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public and the disclosure is to a person reasonably able to prevent or lessen the threat, including the target of the threat.
• When authorized by and to the extent necessary to comply with workers’ compensation or other similar programs established by law.
• When required, for specialized government functions, to military authorities under certain circumstances, or to authorized Federal officials for lawful intelligence, counter intelligence and other national security activities.

Any other Plan uses and disclosures not described in this Notice will be made only if you provide the Plan with written authorization, subject to your right to revoke your authorization, and information used and disclosed will be made in compliance with the minimum necessary standards of the regulation.

Your Individual Privacy Rights

A.You May Request Restrictions on PHI Uses and Disclosures

You may request the Plan to restrict the uses and disclosures of your PHI:

• To carry out treatment, payment or health care operations, or
• To family members, relatives, friends or other persons identified by you who are involved in your care.

The Plan, however, is not required to agree to your request if the Plan Administrator or Privacy Officer determines it to be unreasonable, for example, if it would interfere with the Plan’s ability to pay a claim.

The Plan will accommodate an individual’s reasonable request to receive communications of PHI by alternative means or at alternative locations where the request includes a clear statement that disclosure could endanger the individual. You or your personal representative will be required to complete a form to request restrictions on the uses and disclosures of your PHI. To make such a request contact the Privacy Officer at their address listed on the first page of this Notice.

B.You May Inspect and Copy Your PHI

You have the right to inspect and obtain a copy (in hard copy or electronic form) of your PHI (except psychotherapy notes and information compiled in reasonable contemplation of an administrative action or proceeding) contained in a “designated record set,” for as long as the Plan maintains the PHI. You may request your hard copy or electronic information in a format that is convenient for you, and the Plan will honor that request to the extent possible. You may also request a summary of your PHI.

A Designated Record Set includes your medical records and billing records that are maintained by or for a covered health care provider. Records include enrollment, payment, billing, claims adjudication and case or medical management record systems maintained by or for a health plan or other information used in whole or in part by or for the covered entity to make decisions about you. Information used for quality control or peer review analyses and not used to make decisions about you is not included in the designated record set.

The Plan must provide the requested information within 30 days of its receipt of the request, if the information is maintained onsite or within 60 days if the information is maintained offsite. A single 30-day extension is allowed if the Plan is unable to comply with the deadline and notifies you in writing in advance of the reasons for the delay and the date by which the Plan will provide the requested information.

You or your personal representative will be required to complete a form to request access to the PHI in your Designated Record Set. Requests for access to your PHI should be made to the Plan’s Privacy Officer at their address listed on the first page of this Notice. You may be charged a reasonable cost-based fee for creating or copying the PHI or preparing a summary of your PHI.

If access is denied, you or your personal representative will be provided with a written denial describing the basis for the denial, a description of how you may exercise those review rights and a description of how you may complain to the Plan’s Privacy Officer or the Secretary of the U.S. Department of Health and Human Services.

C.You Have the Right to Amend Your PHI

You or your Personal Representative have the right to request that the Plan amend your PHI or a record about you in a designated record set for as long as the PHI is maintained in the designated record set. The Plan has 60 days after receiving your request to act on it. The Plan is allowed a single 30-day extension if the Plan is unable to comply with the 60-day deadline (provided that the Plan notifies you in writing in advance of the reasons for the delay and the date by which the Plan will provide the requested information).

If the Plan denied your request in whole or part, the Plan must provide you with a written denial that explains the basis for the decision. You or your personal representative may then submit a written statement disagreeing with the denial and have that statement included with any future disclosures of your PHI. You should make your request to amend PHI to the Privacy Officer at their address listed on the first page of this Notice.

You or your personal representative may be required to complete a form to request amendment of your PHI. Forms are available from the Privacy Officer at their address listed on the first page of this Notice.

D.You Have the Right to Receive an Accounting of the Plan’s PHI Disclosures

At your request, the Plan will also provide you with an accounting of disclosures by the Plan of your PHI during the six years (or shorter period if requested) before the date of your request. The Plan will not provide you with an accounting of disclosures related to treatment, payment, or health care operations, or disclosures made to you or authorized by you in writing. The Plan has 60 days after its receipt of your request to provide the accounting. The Plan is allowed an additional 30 days if the Plan gives you a written statement of the reasons for the delay and the date by which the accounting will be provided. If you request more than one accounting within a 12-month period, the Plan will charge a reasonable, cost-based fee for each subsequent accounting.

E.You have the Right to Request that PHI be Transmitted to You Confidentially

The Plan will permit and accommodate your reasonable request to have PHI sent to you by alternative means or to an alternative location (such as mailing PHI to a different address or allowing you to personally pick up the PHI that would otherwise be mailed), if you provide a written request to the Plan that the disclosure of PHI to your usual location could endanger you. If you believe you have this situation, you should contact the Plan’s Privacy Officer to discuss your request for confidential PHI transmission.

F.You Have the Right to Receive a Paper or Electronic Copy of This Notice Upon Request

To obtain a paper or electronic copy of this Notice, contact the Plan’s Privacy Officer at their address listed on the first page of this Notice. This right applies even if you have agreed to receive the Notice electronically.

G.Breach Notification

If a breach of your unsecured protected health information occurs, the Plan will notify you in the time and manner required by law.

Your Personal Representative

You may exercise your rights to your protected health information (PHI) by designating a person to act as your Personal Representative. Your Personal Representative will generally be required to produce evidence (proof) of the authority to act on your behalf before the Personal Representative will be given access to your PHI or be allowed to take any action for you. Under this Plan, proof of such authority will include (1) a completed, signed and approved Appoint a Personal Representative form; (2) a notarized power of attorney for health care purposes; (3) a court-appointed conservator or guardian; or, (4) for a Spouse under this Plan, the absence of a Revoke a Personal Representative form on file with the Privacy Officer.

This Plan will automatically recognize your legal Spouse as your Personal Representative and vice versa, without you having to complete a form to Appoint a Personal Representative. However, you may request that the Plan not automatically honor your legal Spouse as your Personal Representative by completing a form to Revoke a Personal Representative (copy attached to this notice or also available from the Privacy Officer). If you wish to revoke your Spouse as your Personal Representative, please complete the Revoke a Personal Representative form and return it to the Privacy Officer and this will mean that this Plan will NOT automatically recognize your Spouse as your Personal Representative and vice versa.

The recognition of your Spouse as your Personal Representative (and vice versa) is for the use and disclosure of PHI under this Plan and is not intended to expand such designation beyond what is necessary for this Plan to comply with HIPAA privacy regulations.

You may obtain a form to Appoint a Personal Representative or Revoke a Personal Representative by contacting the Privacy Officer at their address listed on this Notice. The Plan retains discretion to deny access to your PHI to a Personal Representative to provide protection to those vulnerable people who depend on others to exercise their rights under these rules and who may be subject to abuse or neglect.

Because HIPAA regulations give adults certain rights and generally children age 18 and older are adults, if you have dependent children age 18 and older covered under the Plan, and the child wants you, as the parent(s), to be able to access their protected health information (PHI), that child will need to complete a form to Appoint a Personal Representative to designate you (the employee/retiree) and/or your Spouse as their Personal Representatives. This does not apply to Explanation of Benefits (EOB) sent to an employee for services provided to the child or a spouse.

The Plan will consider a parent, guardian, or other person acting in loco parentis as the Personal Representative of an unemancipated minor (a child generally under age 18) unless the applicable law requires otherwise. In loco parentis may be further defined by state law, but in general it refers to a person who has been treated as a parent by the child and who has formed a meaningful parental relationship with the child for a substantial period of time. Spouses and unemancipated minors may, however, request that the Plan restrict PHI that goes to family members as described above under the section titled “Your Individual Privacy Rights.”

The Plan’s Duties

The Plan is required by law to maintain the privacy of your PHI and to provide you and your eligible dependents with Notice of its legal duties and privacy practices. The Plan is required to comply with the terms of this Notice. However, the Plan reserves the right to change its privacy practices and the terms of this Notice and to apply the changes to any PHI maintained by the Plan. In addition, the Plan may not (and does not) use your genetic information that is PHI for underwriting purposes.

Notice Distribution: The Notice will be provided to each person when they initially enroll for benefits in the Plan (the Notice is provided in the Plan’s Initial Enrollment material/packets). The Notice is also available on the Plan’s website: https://sisc.kern.org/. The Notice will also be provided upon request. Once every three years the Plan will notify the individuals then covered by the Plan where to obtain a copy of the Notice. This Plan will satisfy the requirements of the HIPAA regulation by providing the Notice to the named insured (covered employee) of the Plan; however, you are encouraged to share this Notice with other family members covered under the Plan.

Notice Revisions: If a privacy practice of this Plan is changed affecting this Notice, a revised version of this Notice will be provided to you and all participants covered by the Plan at the time of the change. Any revised version of the Notice will be distributed within 60 days of the effective date of a material change to the uses and disclosures of PHI, your individual rights, the duties of the Plan or other privacy practices stated in this Notice. Material changes are changes to the uses and disclosures of PHI, an individual’s rights, the duties of the Plan or other privacy practices stated in the Privacy Notice.

Because our health plan posts its Notice on its web site, we will prominently post the revised Notice on that web site by the effective date of the material change to the Notice. We will also provide the revised notice, or information about the material change and how to obtain the revised Notice, in our next annual mailing to individuals covered by the Plan.

Disclosing Only the Minimum Necessary Protected Health Information

When using or disclosing PHI or when requesting PHI from another covered entity, the Plan will make reasonable efforts not to use, disclose or request more than the minimum amount of PHI necessary to accomplish the intended purpose of the use, disclosure or request, taking into consideration practical and technological limitations. However, the minimum necessary standard will not apply in the following situations:

• Disclosures to or requests by a health care provider for treatment,
• Uses or disclosures made to you,
• Disclosures made to the Secretary of the U.S. Department of Health and Human Services in accordance with their enforcement activities under HIPAA,
• Uses of disclosures required by law, and
• Uses of disclosures required for the Plan’s compliance with the HIPAA privacy regulations.

This Notice does not apply to information that has been de-identified. De-identified information is information that does not identify you and there is no reasonable basis to believe that the information can be used to identify you.

As described in the amended Plan document, the Plan may share PHI with the Plan Sponsor for Plan administrative purposes, such as determining claims and appeals, performing quality assurance functions and auditing and monitoring the Plan. The Plan shares the minimum information necessary to accomplish these purposes.

In addition, the Plan may use or disclose “summary health information” to the Plan Sponsor for obtaining premium bids or modifying, amending or terminating the group health Plan. Summary health information means information that summarizes claims history, claims expenses or type of claims experienced by individuals for whom the Plan Sponsor has provided health benefits under a group health plan. Identifying information will be deleted from summary health information, in accordance with HIPAA.

Your Right to File a Complaint

If you believe that your privacy rights have been violated, you may file a complaint with the Plan in care of the Plan’s Privacy Officer, at the address listed on the first page of this Notice. Neither your employer nor the Plan will retaliate against you for filing a complaint.

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

We will not retaliate against you for filing a complaint.

If You Need More Information

If you have any questions regarding this Notice or the subjects addressed in it, you may contact the Plan’s Privacy Officer at the address listed on the first page of this Notice.

PART 2 ADDENDUM

Part 2 is a federal law (42 U.S.C. 290dd-2 and 42 CFR part 2) that protects the confidentiality of patient records for people receiving services for substance use disorders (SUDs). Part 2 confidentiality rules describe when and how SUD patient records may be used and disclosed. These records are called Part 2 records.

Part 2 rules apply to any federally assisted program that provides SUD diagnosis, treatment, or referral for treatment. These programs are called Part 2 programs. Some Part 2 requirements also apply to people and organizations who receive Part 2 records, such as other health care providers, Qualified Service Organizations (QSOs), HIPAA covered entities and business associates, intermediaries, and investigative agencies.

Your Information. Your Rights. Our Responsibilities.

Your Rights

You have the right to:

• Get a copy of your health and claims records
• Correct your health and claims records
• Request confidential communication
• Ask us to limit the information we share
• Get a list of those with whom we’ve shared your information
• Get a copy of this privacy notice
• Choose someone to act for you
• File a complaint if you believe your privacy rights have been violated

Your Choices

You have some choices in the way that we use and share information as we:

• Answer coverage questions from your family and friends
• Provide disaster relief
• Market our services and sell your information

Our Uses and Disclosures

We may use and share your information as we:

• Help manage the health care treatment you receive
• Run our organization
• Pay for your health services
• Administer your health plan
• Help with public health and safety issues
• Do research
• Comply with the law
• Respond to organ and tissue donation requests and work with a medical examiner or funeral director
• Address workers’ compensation, law enforcement, and other government requests
• Respond to lawsuits and legal actions

To the extent that we have your substance use disorder patient records, subject to 42 CFR part 2, we will not share that information for investigations or legal proceedings against you without (1) your written consent or (2) a court order and a subpoena.

Your Rights

Get a copy of health and claims records

You can ask to see or get a copy of your health and claims records and other health information we have about you. Ask us how to do this.

We will provide a copy or a summary of your health and claims records, usually within 30 days of your request. We may charge a reasonable, cost-based fee.

Ask us to correct health and claims records

You can ask us to correct your health and claims records if you think they are incorrect or incomplete. Ask us how to do this.

We may say “no” to your request, but we’ll tell you why in writing within 60 days.

Request confidential communications

You can ask us to contact you in a specific way (for example, home, office, or mobile phone) or to send mail to a different address.

We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.

Ask us to limit what we use or share

You can ask us not to use or share certain health information for treatment, payment, or our operations.

We are not required to agree to your request, and we may say “no,” for example, if it could affect your care. If we agree to your request, we may still share this information in the event that you need emergency treatment.

Get a list of those with whom we’ve shared information

You can ask for a list (accounting) of the times we’ve shared your health information for six years prior to the date you ask, who we shared it with, and why.

We will include all the disclosures except for those about treatment, payment, and health care operations, and certain other disclosures (such as any you asked us to make). We’ll provide one accounting a year for free but will charge a reasonable, cost-based fee if you ask for another one within 12 months.

Get a copy of this privacy notice

You can ask for a paper copy of this notice at any time, even if you have agreed to receive the notice electronically. We will provide you with a paper copy promptly.

Choose someone to act for you

If someone has authority to act as your personal representative, such as if someone has your medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information.

We will make sure the person has this authority and can act for you before we take any action.

File a complaint if you feel your rights are violated

You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

We will not retaliate against you for filing a complaint.

Your Choices

For certain health information, you can tell us your choices about what we share. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions.

In these cases, you have both the right and choice to tell us to:

• Share information with your family, close friends, or others involved in payment for your care
• Share information in a disaster relief situation

If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.

In these cases we never share your information unless you give us written permission:

• Marketing purposes
• Sale of your information

Our Uses and Disclosures

How do we typically use or share your health information?

We typically use or share your health information in the following ways.

Help manage the health care treatment you receive

We can use your health information and share it with professionals who are treating you.

Example: A doctor sends us information about your diagnosis and treatment plan so we can arrange additional services.

Run our organization

We can use and disclose your information to run our organization and contact you when necessary.

We are not allowed to use genetic information to decide whether we will give you coverage and the price of that coverage. This does not apply to long term care plans.

Example: We use health information about you to develop better services for you.

Pay for your health services

We can use and disclose your health information as we pay for your health services.

Example: We share information about you with your dental plan to coordinate payment for your dental work.

Administer your plan

We may disclose your health information to your health plan sponsor for plan administration.

Example: Your company contracts with us to provide a health plan, and we provide your company with certain statistics to explain the premiums we charge.

How else can we use or share your health information?

We are allowed or required to share your information in other ways – usually in ways that contribute to the public good, such as public health and research. We have to meet many conditions in the law before we can share your information for these purposes. And in all cases, if we have substance use disorder patient records about you, subject to 42 CFR part 2, we cannot use or share information in those records in civil, criminal, administrative, or legislative investigations or proceedings against you without (1) your consent or (2) a court order and a subpoena.

Help with public health and safety issues

We can share health information about you for certain situations such as:

• Preventing disease
• Helping with product recalls
• Reporting adverse reactions to medications
• Reporting suspected abuse, neglect, or domestic violence
• Preventing or reducing a serious threat to anyone’s health or safety

Do research

We can use or share your information for health research.

Comply with the law

We will share information about you if state or federal laws require it, including with the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.

Respond to organ and tissue donation requests and work with a medical examiner or funeral director

We can share health information about you with organ procurement organizations.

We can share health information with a coroner, medical examiner, or funeral director when an individual dies.

Address workers’ compensation, law enforcement, and other government requests

We can use or share health information about you:

• For workers’ compensation claims
• For law enforcement purposes or with a law enforcement official
• With health oversight agencies for activities authorized by law
• For special government functions such as military, national security, and presidential protective services

Respond to lawsuits and legal actions

We can share health information about you in response to a court or administrative order, or in response to a subpoena.

Our Responsibilities

• We are required by law to maintain the privacy and security of your protected health information.
• We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
• We must follow the duties and privacy practices described in this notice and give you a copy of it.
• We will not use or share your information other than as described in this notice unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.

For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html

Changes to the Terms of this Notice

We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, on our web site, and we will mail a copy to you.

Self-Insured Schools of California (SISC)

Form to Revoke a Personal Representative

Complete the following chart to indicate the name of the Personal Representative to be revoked:

Plan Participant	Person to be Revoked as my Personal Representative
Name (print):
Address (City, State, Zip):
Phone:

I, __________________________________________________________ (Name of Participant or Beneficiary) hereby revoke __________________________________________________ (Name of Personal Representative)

□ to act on my behalf,

□ to act on behalf of my dependent child(ren), named: __________________________________________________________________________________________,

in receiving any protected health information (PHI) that is (or would be) provided to a personal representative, including any individual rights regarding PHI under HIPAA, effective __________________________________, 20____.

I understand that PHI has or may already have been disclosed to the above named Personal Representative prior to SISC’s receipt and processing of this form.

____________________________________ Participant or Beneficiary’s Signature

________________________ Date

Return this form to the SISC Privacy Officer (the Chief Information Systems Officer) at:

Self-Insured Schools of California (SISC)

2000 “K” Street P.O. Box 1847 – Bakersfield, CA 93303-1847

Phone: 661-636-4410

Annual Notice: Women’s Health and Cancer Rights Act (WHCRA)

Your group health plan, as required by the Women’s Health and Cancer Rights Act of 1998, provides benefits for mastectomy-related services including reconstruction and surgery to achieve symmetry between the breasts, prostheses, and complications resulting from a mastectomy (including lymphedema).

For more information call the Customer Service phone number on your ID card or the SISC Benefits department at 661-636-4410.

Where to Find a HIPAA Privacy Notice for Our Group Health Plan

HIPAA Privacy pertains to the following group health plan benefits sponsored by the Self-Insured Schools of California (SISC):

• medical PPO plan options including utilization management, prescription benefit management (PBM) and medical plan claims administration services,
• telemedicine program with MD live,
• self-funded dental PPO plan options,
• self-funded vision PPO plan options,
• Wellness program,
• Medicare Supplement program,
• COBRA administration,
• Health Flexible Spending Account (FSA) administration

You are provided with a complete HIPAA Privacy Notice when you enroll for these benefits. You can obtain another copy of the plan’s HIPAA Privacy Notice by going to the SISC website at https://sisc.kern.org/ or you can write or call the SISC Benefits Department at P. O. Box 1847 Bakersfield, CA 93303-1847.

HIPAA Privacy Notices that pertain to the insured medical plan benefits can be obtained by contacting the insurance companies at the Customer Service phone number on your ID card.