Privacy Practices for Protected Health Information (PHI)

As amended by HITECH Act Provisions, effective February 17, 2010
As Amended by HITECH Act Final Rule, effective March 26, 2013

This Notice of Privacy Practices applies to Clover for the purposes of federal privacy requirements. The company participates in an Organized Health Care Arrangement (OHCA) and may use and disclose your health information as necessary for treatment, to obtain payment for treatment, for administrative purposes, and to evaluate the quality of care you're receiving.


If you have questions about this Notice, please contact Clover at:

Phone: 1-888-657-1207 (TTY 711), 8am – 8pm EST, 7 days a week*



Our pledge regarding medical information

We understand your medical and health information is personal. With this understanding, please rest assured that OHCA entities are committed to protecting the privacy of your medical information (also known as “Protected Health Information” or “PHI”) and all your privacy rights.

This Notice describes the ways we may use and disclose your medical information. We also explain your rights and certain obligations we have regarding the use and disclosure of that information.

We're required by law to:

  • Make sure medical information that identifies you is kept private, disclosing such information only in manners permitted by law
  • Give you this Notice of our legal duties and privacy practices with respect to medical information about you
  • Follow the terms of the Notice that are currently in effect


Ways we may use and disclose your protected health information


We'll use and disclose your PHI to provide, coordinate, or manage your healthcare and any related services. We'll also disclose your health information to other providers to help support their quality of care or to simply verify that they're indeed treating you. Additionally, we may from time to time disclose your health information to another provider who's been asked to offer you care. This doesn't apply to any psychotherapy notes we've created or maintained, which can only be released with your specific authorization.



We'll use and disclose your PHI to obtain payment for the healthcare services we provide you. For example, we may include information with a bill to a third-party payer that identifies you and your diagnosis, any procedures performed, and the supplies used in rendering those services. However, you may prevent us from doing so by following procedures specified under the “Request Restrictions" section below.


Healthcare operations

We'll use and disclose your PHI to support Clover's business activities. For example, we may use your medical information to review and evaluate our treatment and services, or to evaluate our performance in caring for you. In addition, we may disclose your health information to third party business associates who provide our facility with billing, consulting, transcription, or other services. Our agreements with them require they protect your information in accordance with the Health Insurance Portability and Accountability Act (HIPAA) and other industry standards for the secure transfer of PHI. 


Appointment reminders

We may contact you by phone, mail, or email to remind you of any upcoming appointments at our facility. We'll only leave the name of the hospital and the time of your appointment on the answering machine, and will honor any requests you make about not to be contacted at all. 



We may use and disclose your PHI to researchers so long as: 1) the research was approved by an institutional review or privacy board; and 2) this board reviewed the research proposal and established protocols necessary for ensuring the privacy of your health information.


Lawsuits and disputes

If you're involved in a lawsuit or dispute, we may disclose your medical information in response to a court or administrative order. We may also disclose your medical information in response to a subpoena, discovery request, or another lawful process filed by someone else involved in the dispute—so long as the party seeking the information provides us with satisfactory assurance that you've been given notice of the request, and that the party seeking the information has received a protective order for the information requested.


Law enforcement

We may release medical information requested by law enforcement officials for the following reasons:

  • In response to a court order, subpoena, warrant, summons, or similar process
  • To identify or locate a suspect, fugitive, material witness, or missing person
  • In cooperation with legitimate state or federal investigations such as fraud as well as activities that include national security, intelligence, and protective services
  • Regarding the victim of a crime if, under certain limited circumstances, we're unable to obtain the person’s agreement
  • Regarding a death we believe may be the result of criminal conduct
  • Regarding criminal conduct at the Medical Center
  • In emergency circumstances to report a crime, the location of the crime or victims, or the identity, description, or location of the person who committed the crime


Coroners, medical examiners, and funeral directors

We may release medical information to a coroner or medical examiner. This may be necessary, for example, in identifying a deceased person or determining the cause of death. Regarding patients we've treated before, we may also release medical information to funeral directors as necessary for performing their duties.


To avert a serious threat to public health or safety

We'll use and disclose your PHI to public health authorities who are permitted or required to collect or receive this information for the purposes of controlling disease, injury, or disability. If directed by that health authority, we'll also disclose your health information to a foreign government agency that is collaborating with the public health authority.


Worker’s compensation

We may use and disclose your PHI for worker’s compensation or similar programs that provide benefits for work-related injuries or illness.


Organ and tissue donation

We may use and disclose your information to facilitate organ or tissue donation or procurement.



We'll disclose your PHI to a correctional institution or law enforcement official only if you're an inmate at that correctional institution or you're under the custody of the law enforcement official. This information would be necessary for the institution to provide you with healthcare, to protect the health and safety of others, and/or for the safety and security of the correctional institution.


Others involved in your care

We may provide relevant portions of your PHI to family members, relatives, close friends, or others you specifically identify as being involved in your medical care or payment for care. In an emergency or when you're not capable of agreeing or objecting to these disclosures, we'll disclose PHI when it's determined to be in your best interest, and will inform you of this after the emergency, giving you the opportunity to object to future disclosures if you wish.


For health information exchange

We may participate in one or more Health Information Exchange (HIE), electronically sharing your health information for treatment, payment, and healthcare operational purposes with other participants in this HIE—unless you specifically request to be excluded (“opt-out”). An HIE allows healthcare providers to efficiently access and use your pertinent medical information for providing treatment and other lawful purposes. An HIE is accountable under HIPAA, and our Agreement with other HIE participants requires they provide the same safeguards on your information that we do.



Either directly or through a Business Associates Agreement, we may use or disclose limited information pertaining to the care you’ve received, contacting you about raising funds for an affiliated not-for-profit foundation associated with our OHCA. If you don't want to be contacted for these pruposes, let us know by getting in touch at the address, phone number, or email address listed below. You can learn more about how to “opt out” from receiving this information on our fundraising materials.


Marketing activities

We may contact you as part of our marketing activities, as permitted by law. This may include sending you information about recommended treatments or related alternatives, or informing you about health-related products and services that may be relevant to your care. We won't sell your PHI or engage in any sort of marketing other than what's described above without first receiving your specific authorization as defined below.


Uses or disclosures not covered by this notice

Uses or disclosures of your health information not covered by this Notice or the laws applied to us may only be made with your written authorization. You may revoke such authorization in writing at any time, which means we'll no longer disclose your health information for the reasons stated in your written authorization. Disclosures made in reliance on the authorization prior to the revocation aren't affected by the revocation.


Breach notification

Under HITECH, notification must occur in a timely manner no more than 60 days from the date of discovery. A breach occurs when there’s an unauthorized use or disclosure compromising the privacy or security of PHI that we can’t reasonably assess for the purposes of reducing financial, reputational, or some other kind of harm to the individual, based on the type of disclosure, the nature of the information and the recipient, and the mitigation of possible harm. The notice must contain:

  1. A summary of what occurred, including the date of both the breach and the breach's discovery
  2. The actions the individual should take to protect themselves from potential harm caused by the breach
  3. A short description of what steps the OHCA entity is taking to investigate the breach, mitigate losses, and protect against future breaches

Our Agreements with any Business Associates with whom we share your PHI require those parties to provide all security safeguards in accordance with HIPAA and HITECH Privacy and Security laws. They may also be held individually liable for any privacy or security breaches that occur.


Request an amendment

You have the right to request that we amend your medical information if you feel it's incomplete or inaccurate. You must make this request in writing to our Privacy Officer, stating what information is incomplete or inaccurate and the reasoning that supports your request.

We're permitted to deny your request if it's not in writing or doesn't include a reason supporting that request. We may also deny your request if:

  • The information wasn't created by us, or the person who did create it is no longer available to make the amendment
  • The information isn't part of the record you're permitted to inspect and copy
  • The information isn't part of the designated record set kept by this facility, or the healthcare provider believes the information is accurate and complete


Request restrictions

You have the right to request restrictions on how we use or disclose your medical information for treatment, payment, or healthcare operations. For example, you could request that we abstain from disclosing information about a prior treatment to a specific family member or friend who may be involved in your care or payment for care. Your request must be made in writing to the Director of Health Information Management.

We're not required to agree to your request if we feel it's in your best interest to use or disclose that information, or if your request requires more than the reasonable accommodation we're able to provide. If we do agree, we'll comply with your request except in the case of emergency treatment.

You have the right to request that information regarding services you receive isn't disclosed to any third party, and that no claim be submitted for payment to a third-party payer. However, you must pay all charges in full and in advance for services and supplies you're reasonably expected to receive.


Inspect and copy

You have the right to inspect and copy the PHI we maintain about you in our designated record for as long as we maintain that information. This designated record set includes your medical and billing records as well as any other records we use for making decisions about you. By law, any psychotherapy notes that may have been included in records we received about you aren't available for your inspection or copying. Upon your request, we'll provide the information in your preferred electronic format assuming we maintain that requested information and can readily produce it as such. And you may request that we transmit the electronic record to you or a third party via email or a secure internet portal. When such an electronic transfer occurs, the hospital can only charge for the labor involved. For paper records, we may charge you a fee for the costs of searching, copying, and mailing your request.

If you wish to inspect or copy your medical information, you must submit your request in writing to our Privacy Officer:

Attention: Clover Privacy Officer
Clover Health
NJ P.O. Box 471
Jersey City, NJ 07303

Phone: 1-888-778-1478 (TTY 711)

You may mail your request or bring it to the address listed above. We'll have 30 days to respond to your request for information we maintain at our facility. If the information is stored off-site, we're allowed up to 60 days to respond, but must inform you of this delay.


An accounting of disclosures

You have the right to request a list of all disclosures of your health information we’ve provided outside our organization intended for treatment, payment, or healthcare operations. Your request must be in writing, stating the time period for the requested information. You may not request information for any dates prior to April 14, 2003, nor for a period of time greater than six years (our legal obligation to retain information).

Your first request for a list of disclosures within a 12 month period will be free. If you request an additional list within 12 months of the first request, we may charge you a fee for this subsequent list. We'll notify you of such costs and afford you the opportunity to withdraw your request before any costs are incurred.


Request confidential communications

You have the right to request how we communicate with you regarding the preservation of your privacy. For example, you may request that we contact you only at your work number or by mail at a special address or postal box. Your request must be made in writing, specifying how or where we should contact you. We'll accommodate all reasonable requests.


File a complaint

If you believe we've violated your medical information privacy rights, you have the right to file a complaint with our facility or directly with the Secretary of the United States' Department of Health and Human Services:

Mail: U.S. Department of Health and Human Services, 200 Independence Avenue, S.W., Washington, D.C. 20201

Phone: 202-619-0257, toll free

To file a complaint with our facility or an OHCA-affiliated entity, you must make that complaint in writing within 180 days of the suspected violation. Provide as much detail as you can about the suspected violation and send it to our OHCA Privacy Officer:

Attention: Clover OHCA Privacy Officer
Clover Health
NJ P.O. Box 471
Jersey City, NJ 07303

Phone: 1-888-778-1478 (TTY 711)

No retaliation of any kind will be taken against an individual who files a complaint.


A paper copy of this notice

You have the right to receive a paper copy of this Notice upon request.


Changes to this notice

We have the right to change this Notice. We reserve the right to make these revisions applicable to medical information we already have about you as well as information we may receive in the future. We'll post a copy of the current Notice at each Medical Center’s website. Any changes to the Notice will be posted promptly on those websites.

Clover is a Preferred Provider Organization (PPO) plan with a Medicare contract. Enrollment in Clover depends on Contract Renewal.