Flex Administrators, Inc.
Privacy Statement
Flex Administrators is a licensed third-party administrator that processes claims under medical and dependent care flexible spending accounts, health reimbursement arrangements and self-funded medical reimbursement plans which are sponsored by its employer-clients. Flex Administrators also administers COBRA continuation coverage on behalf of its employer-clients with respect to their group health plans. In order to provide these services, Flex Administrators receives, reviews, uses and discloses personal information concerning participants. This information includes identifying information concerning participants and their family members, as well as personal health information concerning participants and their family members.
In providing these services, Flex Administrators, is known as a “business associate” under the federal law HIPAA. HIPAA is the primary privacy law governing Flex Administrators’ business and operations. Under HIPAA, Flex Administrators must take various steps including:
- Flex Administrators must only use and disclose protected health information for purposes of participant treatment, payment of benefits and health care operations of the employer’s plan. Further, in using and disclosing protected health information for these purposes, Flex Administrators is subject to a minimum necessary standard. In other words, it must only use the minimum amount of protected health information necessary to accomplish the task at hand.
- In addition, Flex Administrators may disclose protected health information in the various circumstances permitted under HIPAA. For example, to the government, to law enforcement, for public activities, etc. Otherwise, Flex Administrators must seek your written authorization before it discloses your protected health information.
- Flex Administrators must take various steps to safeguard your protected health information to minimize the possibility that it is used or disclosed in an unauthorized manner. These steps include staff training, an analysis and adjustment of electronic systems, record storage and other procedures.
While HIPAA is the primary privacy law impacting the business operations of Flex Administrators, Flex Administrators also is subject to and complies with other applicable law including, but not limited to, the Gramm-Leach-Bliley Act and the Michigan Social Security Number Privacy Act. These laws require Flex Administrators to take steps to safeguard your personal identifying information such as Social Security numbers. Flex Administrators only uses or shares Social Security numbers when required to process claims and stores the numbers in a secure manner and maintains procedures to safeguard Social Security numbers and other personal identifying information.
In addition, you should know that Flex Administrators will not sell your protected health information or personal identifying information to any third party nor will it use your information for marketing purposes.
Flex Administrators maintains additional written policies and procedures concerning its privacy practices. If you have any questions, please contact the privacy officer.