Compliance

This Notice of Privacy Practices describes how your medical information may be used and disclosed by Lakeland Care, Inc. (LCI) and how you can access your medical information.  Please review this notice carefully.

YOUR PRIVACY RIGHTS

We understand that your medical information is personal and private.  We are committed to protecting your medical information.  Each time you meet in-person or discuss your health by phone or email with LCI, we document medical information about you.  Although the medical information that LCI creates is the physical property of LCI, the medical information belongs to you.  You have the below privacy rights regarding the medical information we maintain about you:

Right to Request Restrictions

• You have the right to request restrictions on certain uses or disclosures of your medical information, including disclosures to a family member, other persons involved with your care, or with payment for your care. The request must be made in writing. We do not have to grant the restriction. We may deny your request if it would negatively affect your care.

Right to Request a Copy of this Privacy Notice

• You have the right to request and obtain a paper or electronic copy of this Notice of Privacy Practices at any time.

Right to Inspect or Receive a Copy of Your Medical Information and Claims Records

• You have a right to review and receive a copy of your medical information and claims record. You may receive this information in paper or electronic form. If the format you request is not readily producible, we may work with you to provide it in a reasonable format.  You must set up a time in advance with LCI to review or obtain a copy of your medical information and claims record. We may charge a reasonable, cost-based fee.

Right to Request a List of Who Your Information Has Been Shared With

• You have a right to know who has received your medical information. You can receive a list of who received your information up to six (6) years prior to your request, except as protected by law.  The request must be submitted in writing, and we must respond to your request within sixty (60) days.  We may not charge you for the list, unless you request a list more than once a year.

Right to Request Confidential Communication

• You have the right to request to receive your medical information confidentially or to be contacted by other confidential means or in other confidential locations to protect your privacy.

Right to Request an Amendment to Your Record

• You have the right to request an amendment or correction to your medical information. We will respond to your request within sixty (60) days.  The request must be in writing, and you must provide a reason for your request.

Right to File a Complaint

• You have the right to file a complaint if you feel your privacy rights have been violated. You can file a complaint with LCI, the Wisconsin Department of Health Services, and/or the Office of Civil Rights. Contact information is located at the bottom of this notice.

WE HAVE RESPONSIBILITIES AND DUTIES TO

• Maintain the privacy and security of your medical information.
• Provide you with a Notice of Privacy Practices describing the medical information we collect and maintain about you.
• Abide by the terms of this Notice of Privacy Practices.
• Accommodate your reasonable requests to communicate your medical information by alternative means and/or at alternative confidential locations.
• Mail you a revised notice to your last known address should our information practices change within the expiration date (“maximum of 1 year”) of your signed authorization to release information.
• Not use or disclose your medical information without your proper authorization, with the exception of applicable state and federal laws.
• Notify you if there is a breach of your medical information.
• Provide a current copy of LCI’s Notice of Privacy Practices on our website at https://www.lakelandcareinc.com/.

HOW YOUR MEDICAL INFORMATION MAY BE USED AND DISCLOSED

The following categories describe different ways LCI may use and disclose your medical information without your written permission.  We may use or disclose your medical information for treatment, payment, and health care operations with any of the entities described in this Notice, or any physician or health care provider as allowed by law.

1. Treatment: We will use your medical information to provide you with treatment and services. For example: your care team might discuss your medical information with your other treatment team members (e.g. physicians, emergency room physicians, nursing staff, etc.) in order to develop and carry out a plan for your services.
2. Payment: We will use your medical information for payment and operations. For example: a bill might be sent to you, a bill might be sent to a third-party payer, or we may receive a bill from your service provider. These may include information that identifies you, in addition to the procedures performed and supplies used.
3. Health Care Operations: We will use your medical information for regular health care operations. For example: care management staff and quality/risk management staff may use your medical information to assess the care and outcomes of your care. The information may be used to improve the quality and effectiveness of the services we provide.
4. Required by Law: We may use and disclose your medical information when use or disclosure is required by law. For example: we may disclose medical information to report abuse or to respond to a court order.
5. Business Associates: We provide services to you through contracts with business associates and service providers. We may disclose your medical information to our business associates and service providers so they can perform the job we have asked them to do. We require our business associates and service providers to appropriately safeguard your medical information.
6. Disaster Relief Efforts: We may use or disclose information of your location and general condition to a family member, legal representative, or another person responsible for your care. In addition, we may disclose your medical information to organizations authorized to handle disaster relief efforts to notify those involved in your care about your location and/or health status. The amount of information used or disclosed is kept to the minimum possible.
7. Communication with Individuals Involved in Your Care or Payment for Your Care: Medical information will only be shared with individuals (who are not your legal representative) if we have your written authorization or if they qualify under legal exemptions. By law, health professionals who use their best judgment may disclose relevant medical information to family members, or any individual you identify. The information provided must be related to the individual’s involvement in your care.
8. Research: Under certain circumstances, and only after a special approval process, we may use and disclose your medical information to help conduct research.
9. Coroners, Medical Examiners, Funeral Directors: We may disclose medical information to coroners, medical examiners, and funeral directors consistent with applicable law to carry out their duties.
10. Organ Procurement Organizations: Consistent with applicable law, we may disclose medical information to organ procurement organizations or other entities engaged in the procurement, banking, or transplantation of organs for tissue donation and transplant.
11. Marketing: We may contact you with information about community resources or other health-related benefits and services that may be of interest to you.
12. Food and Drug Administration: We may disclose medical information to the FDA relative to adverse events with respect to food, supplements, product and product defects, or post marketing surveillance information to enable product recalls, repairs, or replacement.
13. Workers Compensation: We may disclose your medical information to the appropriate persons to comply with the laws related to workers’ compensation or other similar programs. These programs may provide benefits to you for work-related injuries or illnesses.
14. Public Health: As required by law, we may disclose your medical information to public health authorities or other government authorities charged with preventing or controlling disease, injury, or disability.
15. Serious Threats to Health and Safety: We may disclose your medical information, in a very limited manner, to the appropriate persons to prevent or lessen a serious threat to the health or safety of a person or the public. Disclosure is usually limited to law enforcement personnel who are involved in protecting public safety.
16. Military, National Security or Incarceration/Law Enforcement: We may disclose your medical information to the proper authorities if you are involved with the military, national security, or intelligence activities, in the custody of law enforcement officials, or are an inmate at a correctional institution.
17. Judicial and Administrative Proceedings: We may disclose your medical information in the course of any administrative or judicial proceeding in response to a court order. Generally, when the request is made through a subpoena, a discovery request, or involves another type of administrative order, your authorization will be obtained before disclosure is permitted.
18. Abuse, Neglect or Violence: We may disclose your medical information to a government authority authorized by law to receive reports of abuse, neglect, or violence relating to children or the elderly.
19. Health Oversight Activities: We may disclose your medical information to authorities for audit, investigation, inspection, licensure, disciplinary or other purposes related to oversight of the health care system or government benefit programs.
20. External Sources: We may use and disclose your medical information with external health care organizations (e.g. hospitals, clinics, nursing homes) in our surrounding communities through access to a joint electronic medical record (e.g. WISHIN, Epic). Any medical information will strictly be used and disclosed to improve your treatment and care. By allowing health care providers access to a joint electronic medical record, your care team and health care provider can assist with prescribing medical equipment or ordering tests. You have the option to ‘opt-out’ if you do not want us to use and disclose your medical information with external health care organizations.
21. Other Communications: We may use and disclose your medical information to contact you at the address, phone numbers, and email address you give us about scheduled appointments with your care team, physicians, providers, billing and insurance updates, and other care-related services. This may include leaving you messages at your home, on voicemail, or sending you mail and email.

USES AND DISCLOSURES THAT REQUIRE YOUR WRITTEN AUTHORIZATION:

Uses or disclosures of your medical information other than those described above will be made only with your written permission on an authorization form.  You have the right to withdraw (revoke) your authorization in writing at any time by delivering a written statement to LCI’s Compliance Department identified below.  We will not be able to revoke any uses disclosures we have already made with your permission.

HOW TO REPORT A PROBLEM:

If you believe your privacy rights have been violated, you can file a written complaint within 180 days of the occurrence with any of the following sources:

Lakeland Care, Inc.
Compliance Department
2985 S. Ridge Road
Green Bay, WI 54304
Telephone: 920-425-3900
Email: Compliance@lakelandcareinc.com

Wisconsin Department of Health Services
DHCAA Privacy Officer
Member Services
P.O. Box 6678
Madison, WI 53716-0678
Telephone: 608-266-5484

The Office for Civil Rights
U.S. Dept. of Health and Human Services
Centralized Case Management Operations 200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington D.C.  20201
Telephone: 1-800-368-1019
TDD Toll-Free: 1-800-537-7697
Email: OCRComplaint@hhs.gov

There will be no retaliation for filing a privacy complaint. Members will not be asked to waive their right to file a complaint in order to receive treatment or services. The filing of a complain will not interfere with a member’s healthcare.

We reserve the right to change our privacy practices, policies, and procedures, and our Notice of Privacy Practices at any time.  We have the right to make the new provisions effective for all medical information we already have about you and any medical information we receive or create in the future.

EFFECTIVE DATE OF THIS NOTICE:

This Notice of Privacy Practices is effective on March 31, 2025, unless and until it is revised by Lakeland Care, Inc.  We will post a current copy of the Notice of Privacy Practices in LCI offices and on our website.

NOTICE OF PRIVACY PRACTICES IN OTHER LANGUAGES:

Notice of Privacy Practices – Spanish

Notice of Privacy Practices – Hmong

Notice of Privacy Practices – Laotian

Notice of Privacy Practices – Chinese

To view Lakeland Care’s Notice of Nondiscrimination, please click here.

To view Lakeland Care’s Section 1557 Affordable Care Act Grievance Procedure, please click here.

BACKGROUND/OVERVIEW

CMS’s Interoperability and Patient Access Final Rule (CMS-9115-F) requires us to grant you electronic access to your health history through a third-party Patient Access API app. If you choose to disclose your health data through one of these apps, the information that is available through the app will include health information we collect about you while you have been enrolled with LCI including:

• Claims data concerning your interactions with health care providers.
• Clinical data that we collect in the process of providing case management, care coordination, or other services to you.

SELECTING AN API APP

It is important for you and/or your legal representative to take an active role in protecting your health information. Before you install an API app, here’s what you can do to better protect yourself:

Use official app stores.

• To reduce the risk of installing a potentially harmful app, download the app only from official app stores, such as your device’s manufacturer or operating system app store. You may also research the developer before installing their app.

Understand what information the API app will have access to and how the information will be used.

• Review the app’s privacy policy to understand how your data will be accessed and used or if your data will be shared.

Review the app’s permissions.

• All apps need your permission to access your information such as location and contacts or features such as your camera and microphone. You may be asked to give permission when you download the app, or at the time the app first attempts to access this information or feature. Pay close attention to the app’s permission requests. The app may function without access to the information or feature requested.

Privacy and Security of Third-Party Apps

The CARIN Code of Conduct is a foundational set of principles for how health care organizations can share data with consumer applications, such as third-party app developers. We ask third-party app developers to attest to having certain provisions in their privacy policy and that their app follows the Carin Code of Conduct.

• If an app developer is asked to attest and does not respond to this request or attests negatively, you will have an opportunity to change your mind about sharing your data.
  • If you do not actively respond to us within the time we have communicated to you, your data will be shared as you originally requested.

Are third-party apps covered by HIPAA?

Third-party apps or websites are not subject to HIPAA or other privacy laws, which generally protect personal health information. Most apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts. The FTC provides information about mobile app privacy and security for consumers here.

Third-party apps or websites should have their own privacy policies that provide self-imposed limitations on how their app or website will use, maintain, disclose, and (possibly) sell information about you.

Before you decide to access your personal health information through an API app, you should carefully review the privacy policy of the third-party app or website you are considering. Make sure you understand and feel comfortable with how the app or website will use, maintain, and/or further disclose your information. If the app or website privacy policy does not address your concerns or is not available, you may consider using a different app or website.

Privacy policies should address the following items:

• What health data will this app collect?
• Will this app collect non-health data from my device, such as my location?
• Will my data be stored in a de-identified or anonymized form?
• How will this app use my data?
• Will this app disclose my data to third parties?
• Will this app sell my data for any reason, such as advertising or research?
• Will this app share my data for any reason?
  • If so, with whom? For what purpose?
• How can I limit this app’s use and disclosure of my data?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family members?
• How can I access my data and correct inaccuracies in data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
• What is the app’s policy for deleting my data once I terminate access?
  • Do I have to do more than just delete the app from my device?
• How does this app inform users of changes that could affect its privacy practices?
• Does the app or website have a process for collecting and responding to user complaints?

If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information. Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

Your Privacy Rights Under HIPAA

Right to Request Restrictions

• You have the right to request restrictions on certain uses or disclosures of your medical information, including disclosures to a family member, other persons involved with your care, or with payment for your care.

Right to Request a Copy of LCI’s Privacy Notice

• You have the right to request and obtain a paper or electronic copy of LCI’s Notice of Privacy Practices at any time.

Right to Inspect or Receive a Copy of Your Medical Information and Claims Records

• You have a right to review and receive a copy of your medical information and claims record. You may receive this information in paper or electronic form.

Right to Request a List of Who Your Information Has Been Shared With

• You have a right to know who has received your medical information. You can receive a list of who received your information up to six (6) years prior to your request, except as protected by law. 

Right to Request Confidential Communication

• You have the right to request to receive your medical information confidentially or to be contacted by other confidential means or in other confidential locations to protect your privacy.

Right to Request an Amendment to Your Record

• You have the right to request an amendment or correction to your medical information.

Right to File a Complaint

• You have the right to file a complaint if you feel your privacy rights have been violated. You can file a complaint with LCI, the Wisconsin Department of Health Services, and/or the Office of Civil Rights (OCR).
• To learn more about filing a complaint with OCR under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html

You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

HIPAA FAQs for Individuals: https://www.hhs.gov/hipaa/for-individuals/faq/index.html

What should I do if I think my data has been breached or an app has used my data inappropriately?

If you have a complaint about the API app that you selected and are unable to resolve the issue directly with the API app vendor, you have the right to report your concern to the Federal Trade Commission or the Department of Health and Human Services’ Office of Civil Rights. These agencies have oversight responsibility for this initiative, and they can be reached at:

U.S. Federal Trade Commission
https://reportfraud.ftc.gov/#/assistant
1-877-FTC-HELP

Office for Civil Rights
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
1-800-368-1019

App Developers: Interoperability Guide

“Explore and view FHIR API documentation, complete the Third Party Application Production API Request Form, and more by clicking here.

Lakeland Care, Inc. (LCI) is committed to preventing fraud, waste, and financial abuse, and ensuring appropriate use of public resources. Additionally, LCI is dedicated to protecting the privacy of our members. Fraud, waste, financial abuse, privacy concerns, security breaches, or any unethical conduct should be reported regardless of the source, which may include a/an:

• LCI member
• LCI provider or employee of an LCI provider;
• Employee of an LCI member who participates in the Self-Directed Supports (SDS) option;
• LCI supplier or employee of an LCI supplier;
• LCI employee; and/or
• Any other individual who may be taking advantage of LCI’s resources.

Anyone wishing to report any form of suspected fraud, waste, financial abuse, privacy violation, security breach, or unethical conduct may remain anonymous, and should contact LCI’s Compliance Division via one of the below methods. Please include as much detail in your report as possible (who, what, when, where, why, how, how much, etc.).

• Online Form Submission
• Phone: 920-455-5735
• E-mail: Fraud@lakelandcareinc.com
• General Compliance E-mail: Compliance@lakelandcareinc.com 
• Mail to:
  Lakeland Care, Inc
  Attn: Compliance Division
  N6654 Rolling Meadows Drive
  Fond du Lac, WI 54937

You can report to any suspected fraud, waste, or financial abuse to State and Federal agencies as follows:

• Wisconsin Department of Health Services, Office of the Inspector General
  • Fraud Hotline: 1-877-865-3432
  • Fraud Reporting Website
• U.S. Department of Health and Human Services, Office of Inspector General
  • Hotline: 1-800-HHS-TIPS (1-800-447-8477)
  • Online Complaint Submission Website

You can report any privacy concerns to State and Federal agencies as follows:

• Wisconsin Department of Health Services, DHCAA Privacy Officer
  • Phone: 1-608-266-5484
• U.S. Department of Health and Human Services, The Office for Civil Rights
  • Phone: 1-800-368-1019
  • Email: OCRComplaint@hhs.gov