Lewer’s HIPAA Privacy Notice
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Our Pledge to You
This notice is intended to inform you of the privacy practices followed by which includes The Lewer Agency, Inc. and Lewer Life Insurance Company (hereinafter referred to as “The Lewer Companies” and “Lewer”) and Lewer’s legal obligations regarding your Protected Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The notice also explains the privacy rights for you and your family members. Lewer often needs access to your Protected Health Information in order to enroll you into your selected insurance programs, to collect and administer payments for your selected insurance programs, and to perform certain related administrative functions. We want to assure you that we comply with federal privacy laws and respect your right to privacy.
The Lewer Companies requires all members of our workforce and third parties that are provided access to Protected Health Information to comply with the privacy practices outlined below.
Section 1. What is Protected Health Information?
Protected Health Information (also known as PHI) is generally information that identifies an individual and is created or received by a health care provider, health plan, or an employer on behalf of a group health plan that relates to physical or mental health conditions, provision of health care, or payment for health care, whether past, present, or future. PHI is specifically protected by the HIPAA Privacy Rule.
Section 2. How We May Use Your Protected Health Information
The HIPAA Privacy Rule provides for a number of ways that a company may use or disclose your PHI without your permission. Typically, these are for routine business purposes. This section provides a brief description of the ways we can use and disclose your PHI without your written authorization.
Payment. HIPAA permits us to use or disclose your PHI without your written authorization in order to determine eligibility for benefits, seek reimbursement from a third party, or coordinate benefits with another program under which you are covered. For example, a health care provider that provided treatment to you may provide us with health information about you. We use that information in order to determine whether those services are eligible for payment under program under which you are insured.
Health Care Operations. HIPAA permits us to use and disclose your PHI in order to perform certain administrative functions such as routine claims administration, quality assurance activities, resolution of internal grievances, and evaluating plan performance. For example, we review claims experience in order to understand participant utilization and to make plan design changes that are intended to control health care costs.
Treatment. Although HIPAA permits us to use and disclose your PHI for purposes of treatment, we generally do not need to do so. Your physician or health care provider is required to provide you with an explanation of how they use and share your health information for purposes of treatment, payment, and health care operations.
As Permitted or Required by Law. HIPAA also permits the use or disclosure of your PHI without your written authorization for other reasons as permitted by law. For instance, we are permitted by law to share information, subject to certain requirements, in order to communicate information on health-related benefits or services that may be of interest to you, respond to a court or administrative order or subpoena, provide information to further public health activities (e.g., preventing the spread of disease), or for law enforcement or health oversight purposes, without your written authorization. We are also permitted to share PHI during a corporate restructuring such as a merger, sale, or acquisition. We will also disclose health information about you when required by law, for example, in order to prevent serious harm to you or others, or to the Department of Health and Human Services if it wants to see that we’re complying with federal privacy law.
Pursuant to your Authorization. When required by law, we will ask for your written authorization before using or disclosing your PHI. We will not use or disclose your PHI for marketing or sell your PHI without your authorization. If you choose to sign an authorization to disclose information, you can, with few exceptions, later revoke that authorization to prevent any future uses or disclosures.
To Business Associates or Subcontractors. We may enter into contracts with entities known as Business Associates and/or Subcontractors that provide services to or perform functions for your benefit under your selected insurance programs. We may receive disclosed information from a Subcontractor or disclose PHI to Business Associates once they have agreed in writing to safeguard the PHI. For example, we may disclose your PHI to a Business Associate to assist in the administration of any claims. Business Associates and Subcontractors are also required by law to protect your PHI.
To the Plan Sponsor. We may disclose PHI to certain employees of the Plan Sponsor for the purpose of administering the Plan. These employees will use or disclose the PHI only as necessary to perform plan administration functions or as otherwise required by HIPAA, unless you have authorized additional disclosures. Your PHI cannot be used for employment purposes without your specific authorization.
Data Breach Notification. We may use your contact information to provide legally required notices of any unauthorized acquisition, access or disclosure of your PHI.
Fundraising. It is unlikely that we will use or disclose your PHI for fundraising, but if you receive a fundraising communication from us or a foundation on our behalf, the communication will contain a clear and conspicuous opportunity for you to elect not to receive any further fundraising communications.
Health Related Products of Programs. We may use or disclose your PHI to provide you with information on health related products or programs subject to certain limitations imposed by law, including strict limitations on third party funding for these communications. You have the right to elect not to receive such communications from us.
Section 3. Your Rights
Right to Inspect and Copy. In most cases, you have the right to inspect and copy the PHI we maintain about you. We will provide a copy or a summary of your health and claims records, usually within 30 days of your request. If you request copies, we may charge you a reasonable fee to cover the costs of copying, mailing, portable media, or other expenses associated with your request. Your request to inspect or review your Personal Health Information must be submitted in writing to the person listed below. In some circumstances, we may deny your request to inspect and copy your health information. You may be able to receive the information in an electronic format, and you may request that we transmit a copy of your health information to a third party that you identify.
Right to Amend. If you believe that Personal Health Information about you within our records is incorrect or if important information is missing, you have the right to request that we correct the existing information or add the missing information. Your request to amend your health information must be submitted in writing to the person listed below. In some circumstances, we may deny your request to amend your health information but we will tell you why in writing within 60 days. If we deny your request, you may file a statement of disagreement with us for inclusion in any future disclosures of the disputed information.
Right to an Accounting of Disclosures. You have the right to receive a list (accounting) of certain disclosures of your PHI. The accounting will not include disclosures that were made (1) for purposes of treatment, payment or health care operations (unless your PHI is held in an Electronic Health Record (EHR)); (2) to you; (3) pursuant to your authorization; (4) to your friends or family in your presence or because of an emergency; (5) for national security purposes; or (6) incidental to otherwise permissible disclosures. The expanded right to an accounting of disclosures from an EHR will apply to disclosures made after January 1, 2014, provided that we maintained an EHR as of January 1, 2009. If we acquire an EHR after January 1, 2009, the expanded accounting right will apply after January 1, 2011 or the date that we acquire an EHR – whichever is later.
Your request for an accounting must be submitted in writing to the person listed below. You may request an accounting of disclosures made within the last six years, except for disclosures made through an EHR which will include only the last three years of disclosures. You may request one accounting free of charge within a 12-month period.
Right to Request Restrictions. You have the right to request that we not use or disclose information for treatment, payment, or other administrative purposes except when specifically authorized by you, when required by law, or in emergency circumstances. You also have the right to request that we limit the PHI that we disclose to someone involved in your care or the payment for your care, such as a family member or friend. Your request for restrictions must be submitted in writing to the person listed below. We will consider your request, but in most cases HIPAA does not legally obligate us to agree to those restrictions. However, we will comply with any restriction request if the disclosure is to a health plan for purposes of payment or health care operations (not for treatment) and the PHI pertains solely to a health care item or service that has been paid for out-of-pocket and in full.
Right to Request Confidential Communications. You have the right to receive confidential communications containing your health information. For example, you may ask that we contact you at your place of employment or send communications regarding treatment to an alternate address. Your request for confidential communications must be submitted in writing to the person listed below. We are required to accommodate reasonable requests and must agree if you tell us you would be in danger if we do not.
Right to be Notified of a Breach. You have the right to be notified in the event that we (or one of our Business Associates or Subcontractors) discover a breach of your unsecured PHI. We will let you know promptly in accordance with federal requirements if a breach occurs that may have compromised the privacy or security of your information.
Right to Receive a Paper Copy of this Notice. You have the right to ask for a paper copy of this notice at any time, even if you have agreed to accept this notice electronically. To obtain a paper copy of this notice, please contact the person listed below.
Right to Designate a Representative. If you have given someone medical power of attorney or if someone is your legal guardian, that person can exercise your rights and make choices about your health information. We will make sure the person has this authority and can act for you before we take any action.
Make Choices. If you have a clear preference for how we share your information in the situations described below, talk to us. Tell us what you want us to do, and we will follow your instructions. In these cases, you have both the right and choice to tell us to:
- Share information with your family, close friends, or others involved in payment for your care
- Share information in a disaster relief situation
If you are not able to tell us your preference, for example if you are unconscious, we may go ahead and share your information if we believe it is in your best interest. We may also share your information when needed to lessen a serious and imminent threat to health or safety.
Section 4. More Stringent State Law
If more than one law applies to this Notice, we will comply with the requirements of the law that affords you greater privacy protections, including more stringent state laws.
Section 5. Genetic Information
We are prohibited from using your genetic information for underwriting purposes.
Section 6. Our Legal Responsibilities
We are required by law to protect the privacy of your PHI, provide you with certain rights with respect to your PHI, provide you with this notice about our privacy practices, and follow the information practices that are described in this notice. We may change our policies at any time and the changes will be effective for all PHI that we maintain for you. In the event that we make a significant change in our policies, our website will reflect these changes, and a physical copy of the updated notice will be mailed annually. You can also request a copy of our notice at any time. For more information about our privacy practices, contact the person listed below.
If you have any questions or complaints, please contact:
Attn: Legal Department
The Lewer Companies
[email protected]
9900 W. 109th Street, Suite 200
Overland Park, KS 66210
816.753.4390
For more information see: www.hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Section 7. Complaints
If you are concerned that we have violated your privacy rights, or you disagree with a decision we made about access to your records, you may contact the person listed above. You also may send a written complaint to the U.S. Department of Health and Human Services — Office of Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting www.hhs.gov/ocr/privacy/hipaa/complaints/. You will not be penalized or retaliated against for filing a complaint with the Office of Civil Rights or with us.
Effective Date of Notice: November 24, 2025