Directions to Fitzharris and Company, Inc.

  HIPAA Compliance Information &               Authorization
Notice of Health Information Privacy Practices

TO:   Participants in health plans sponsored by Brown & Brown of New York, Inc. dba Fitzharris & Company
FROM:   Plan Administrator

The health plan options sponsored by Brown & Brown of New York Inc. dba Fitzharris & Company (referred to this Notice as the "Health Plan" may use or disclose medical information about participants (employee and their covered dependents) as required for purposes of administering the Health Plans, such as for reviewing and paying claims, utilization review. Regardless of who handles medical information for the Health Plans, the Health Plans have established policies that are designed to prevent the misuse or unnecessary disclosure of protected health information.

Please note that the rest of this Notice uses the capitalized word, "Plan" to refer to each Health Plan sponsored by Brown & Brown of New York Inc. dba Fitzharris & Company including any Fitzharris employees who are responsible for handling health information maintained by the Health Plans as well as any service providers who handle health information under contract with the Health Plans. Health Plan means, for purposes of this notice, medical, dental, vision, and other coverages that meet the definition of Health Plan container in HIPAA.

As required by Federal Law, this Notice is being provided to you to describe the Plan's health information privacy procedures and policies. It also provides details regarding certain rights you may have under Federal Law regarding medical information about you that is maintained by the Plan.

You should review this Notice carefully and keep it with other records relating to your health coverage. The Plan is required by law to abide by the terms of this Notice while it is in effect. This Notice is effective beginning April 14, 2003 and will remain in effect until it is revised.

If the Plan's health information privacy policies and procedures are changed so that any part of this Notice is no longer accurate, the Plan will provide a new updated Privacy Notice. The Plan reserves the right to apply any changes in its health information policies retroactively to all health information maintained by the Plan, including information that the Plan received or created before those policies were revised.

Protected Health Information

This Notice applies to health information held by the Plan that includes identifying information about you (or your dependents). Such information, regardless of the form in which it is kept, is referred to in this Notice as Protected Health Information or "PHI". For example, any health information that includes details such as your name, street address, a date of birth or social security number is PHI. However, information that does not include such obvious identifying details is also Protected Health Information if that information, under the circumstances, could reasonably be expected to allow the person who is reviewing that information to identify you as the subject of the information. Information that the Plan possesses that is not Protected Health Information is not covered by this Notice and such information may be used for any purpose that is consistent with applicable law and with the Plan's policies and requirements.

How the Plan Uses or Discloses Protected Health Information

Protected Health information may be used or disclosed by the Plan as necessary for the operation of the Plan. Specifically, PHI may be used or disclosed for the following Plan purposes.

  • Treatment: If a provider who is treating your requests, any part or all of your health care records that the Plan possesses, the Plan generally will provide the requested information.
  • Payment: If the plan needs PHI to review a claim or to make a payment to a provider or for similar payment-related purposes, the Plan may use that information (or will request that information, if it does not already possess it) and will review the information for payment purposes.
  • Other Health Care Operations: The Plan may also use PHI as needed for various purposes that are related to the operation of the plan. These purposes include utilization review programs, quality assurance review, contacting providers or participants regarding treatment alternatives, insurance or reinsurance contract renewals and other functions that are appropriate for purposes of administering the Plan.
  • Use or Disclosure Required by Law: To the extent that the Plan is legally required to provide Protected Health Information to a government agency or anyone else, it will do so. In such cases, the Plan will make reasonable efforts avoid disclosing more information that is required by applicable law.
  • Disclosure for Public Health Activities: The Plan may disclose PHI to a public health authority that is authorized to collect such information (or to a foreign government agency, at the direction of a public health authority) for purposes of preventing or controlling injury, disease or disability.

The Plan may also disclose PHI to a public health authority or other government agency that is responsible for receiving reports of child abuse or neglect.

In addition, certain information may be provided to pharmaceutical companies or other businesses that are regulated by the Food and Drug Administration (FDS), as appropriate for purposes relating to the quality, safety and effectiveness of FDA-regulated products.

Also, to the extent permitted by applicable law, the Plan may disclose PHI, as part of a public health investigation or intervention, to an individual who may have been exposed to a communicable disease or may otherwise be at risk of contracting or spreading a disease or condition.

  • Disclosures about victims of abuse, neglect or domestic violence: (The following does not apply to disclosures regarding child abuse or neglect, which may be made only as provided under Disclosure for public health activities).

If required by law, the Plan may disclose PHI relating to a victim of abuse, neglect or domestic violence, to an appropriate government agency. Disclosure will be limited to the relevant required information. The Plan will inform the individual if any PHI is disclosed as provided in this paragraph or the next one.

If disclosure is not required by law, the Plan may disclose relevant PHI relating to a victim of abuse, neglect or domestic violence to an authorized government agency, to the extent permitted by applicable law, if the Plan determines that the disclosure is necessary to prevent serious harm to the individual or to other potential victims. Also, to the extent permitted by law, the Plan may release PHI relating to an individual to a law enforcement official, if the individual is incapacitated and unable to agree to the disclosure of PHI and the law enforcement official indicates that the information is necessary for an immediate enforcement activity and is not intended to be used against the individual.

  • Health Oversight Activities: The Plan may disclose Protected Health Information to a health oversight agency (this includes Federal, State or local agencies that are responsible for overseeing the health care system or a particular government program for which health information is needed) for oversight activities authorized by law. This type of disclosure applies to oversight relating to the health care system and various government programs as well as civil rights laws. This disclosure would not apply to any action by the government in investigating a participant in the Plan, unless the investigation relates to the receipt of health benefits by that individual.
  • Disclosure for Judicial and Administrating Proceedings: The Plan may disclose Protected Health Information in the course of any judicial or administrative proceeding in response to an order from a court or an administrative tribunal. Also, if certain restrictive conditions are met, the Plan may disclose PHI in response to a subpoena, discovery request or other lawful process. In either case, the Plan will not disclose PHI that has not been expressly requested or authorized by the order or other process.
  • Disclosures for Law Enforcement Purposes: The Plan may disclose Protected Health Information for a law enforcement purpose to a law enforcement official if certain detailed restrictive conditions are met.
  • Disclosures to Medical Examiners, Coroners and Funeral Directors Following Death: The Plan may disclose Protected Health Information to a coroner or medical examiner for the purpose of identifying a deceased person, determining a cause of death, or other duties as authorized by law.
  • Disclosures for Organ, Eye or Tissue Donation Purposes: The Plan may disclose Protected Health Information to organ procurement organization or other entities engaged in the procurement, banking or transplantation of cadaveric organs, eyes or tissue for the purpose of facilitating organ, eye or tissue donation and transplantation.
  • Disclosures to avert a serious threat to health or safety: The Plan may, consistent with applicable law and standards of ethical conduct, use or disclose Protected Health Information, (1) if it believes the use or disclosure is necessary to prevent or lessen a serious and imminent threat to the health or safety of a person or the public; and the disclosure is made to a person or persons reasonably able to prevent or lessen the threat, including the target of the threat; or (2) if it believes the disclosure is necessary for law enforcement authorities to identity or apprehend an individual because of a statement by an individual admitting participation in a violent crime that the Plan reasonably believes may have caused serious physical harm to the victim or where it appears that the individual has escaped from a correctional institution or from lawful custody.
  • Disclosures for Specialized Government Functions: If certain conditions are met, the Plan may use and disclose the Protected Health Information of individuals who are Armed Forces personnel for activities deemed necessary by appropriate military command authorities to assure the proper execution of the military mission.

The Plan may also or disclose PHI to authorize federal officials for the conduct of lawful intelligence, counter-intelligence, and other national security activities or for the provision of protective services to the President or other persons as authorized by Federal law relating to those protective services.

  • Disclosures for Workers' Compensation Purposes: The Plan may disclose Protected Health Information as authorized by and to the extent necessary to comply with laws relating to workers' compensation or other similar programs.

Uses and Disclosures Not Mentioned Above:
Authorization Require

The Plan will not use or disclose Protected Health Information for any purpose that is not mentioned above, except as specifically authorized by you. If the Plan needs to use or disclose PHI for a reason not listed above, it will request your permission for that specific use and will not use PHI for that purpose except according to the specific terms of your authorization. You may complete an Authorization Form if you want the Plan to use or disclose health information to you, or to someone else at your request, for any reason.

Any authorization you provide will be limited to specified information, and the intended use or disclosure as well as any person or organization that is permitted to use, disclose or receive the information must be specified in the Authorization Form. Also, an authorization is limited to a specific limited time period and it expires at the end of that period. Finally, you always have the right to revoke a previous authorization by making a written request to the Plan. The Plan will honor your request to revoke an authorization but the revocation will apply to any action that the Plan took in accord with the authorization before you informed the Plan that you were revoking the authorization.

Your Health Information Rights

Under Federal Law, you have the following rights:

  • You may request restrictions with regard to certain types of uses and disclosures: This includes the uses and disclosures described above for Treatment, Payment and other health plan operations purposes. If the Plan agrees to a restriction you request, it will abide by the terms of that restriction. However, under the law, the Plan is not required to accept any restriction. If the Plan determines that a requested restriction will interfere with the efficient administration of the Plan, it may decline the request.
  • If PHI is being provided to you, you may request that the information be provided to you in a confidential manner: This right applies only if you inform the Plan in writing that the ordinary disclosure of part or all of the information might endanger you. For example, an individual may not want information about certain types of treatment to be sent to his or her home address because someone else who lives there might have access to it. In such a case, the individual could request that the information be sent to an alternate address. The Plan will honor such requests as long as they are reasonable, but the Plan reserves the right to reject a request that would impose too much of an administrative burden or financial risk on the Plan.
  • You may request access to certain medical records possessed by the Plan and you may inspect or copy those records: This right applies to all enrollment, claims processing, medical management and payment records maintained by the Plan and also to any other information possessed by the Plan that is used to make decisions about you or your health coverage.
  • You may request that Protected Health Information Maintained by the Plan be amended: If you feel that certain information maintained by the Plan is inaccurate or incomplete, you may request that the information be amended. The Plan may reject your request if it finds that the information is accurate and complete. Also, if the information you are challenging was created by some other person or organization, the Plan ordinarily would not be responsible for amending that information unless you provide sufficient information to the Plan to establish that the originator of the information is not in a position to amend it.

The Plan normally will respond to a request for an amendment within 60 days after it receives your request. In certain cases, the Plan may take up to 30 additional days to respond to your request.

If the Plan denies your request, you will have the opportunity to prepare a statement to be included with the health records to explain why you believe that certain information is incomplete or inaccurate. If you do prepare such a statement, the Plan will provide that statement to any person who uses or receives the information that you challenged. The Plan may also prepare a response to your statement and that response will be placed with your records and provided to anyone who receives your statement. A copy will also be provided to you.

  • You have the right to receive details about certain non-routine disclosures of health information made by the Plan: You may request an accounting of all disclosures of health information with certain exceptions. This accounting would not include disclosures that are made for Treatment, Payment and other health plan operation purposes, disclosures made pursuant to an individual authorization from you, disclosures made to you and certain other types of disclosures. Also, your request will not apply to any disclosures made before April 14, 2003 or for any period earlier than 6 years from the date your request is properly submitted to the Plan. You may receive an accounting of disclosures once every 12 months at no charge. The Plan may charge a reasonable fee for any additional requests during a 12-month period.
  • You have the right to request and receive a paper copy of the Privacy Notice: If the Plan provides this Notice to you in an electronic form, you may request a paper copy and the Plan will provide one.

Health Information Complaint Procedures

If you believe your health information privacy rights have been violated, you may file a complaint with the Plan. To file a complaint, you should contact:


Attn: HIPAA Compliance Officer
Brown & Brown of New York Inc. dba Fitzharris & Company

333 Earle Ovington Blvd. Suite 215

Uniondale, NY 11553-3624


In addition to your right to file a complaint with the Plan, if you feel your privacy rights have been violated, you may file a complaint with the U.S. Department of Health & Human Services. You will never be retaliated against in any way as a result of any complaint that you file.

Print HIPAA Compliance Authorization Form

Fitzharris & CompanyBrown & Brown of New York Inc. dba Fitzharris & Company
333 Earle Ovington Blvd
Suite 215
Uniondale, NY 11553

T: 1.516.944.2823