Confidentiality of Member Medical Records

Tufts Health Plan requires that providers comply with all applicable state and federal laws relating to the confidentiality of member medical records, including but not limited to the privacy regulations of the Health Insurance Portability and Accountability Act (HIPAA).

To meet Tufts Health Plan confidentiality requirements, providers must do the following:

? Maintain medical records in a space staffed by office personnel

? Maintain medical records in a locked office when staff is not present

? Prohibit unauthorized review and/or removal of medical records

? Maintain and adhere to policies and procedures regarding patient confidentiality.



Tufts Health Plan also requires that providers, upon request, provide member medical information and medical records for the following purposes:

? Administering its health benefit plans, such as claims payment, coordination of benefits, subrogation, enrollment eligibility verification, reinsurance, and audit activities

? Managing care, including but not limited to utilization management and quality improvement activities

? Carrying out member satisfaction procedures described in member benefit booklets

? Participating in bona fide medical research and in reporting on quality and utilization indicators, such as Healthcare Effectiveness Data and Information Set (HEDIS®)

? Complying with all applicable federal and state laws.




Providers are responsible for obtaining any member consents or releases that are necessary beyond those that Tufts Health Plan has already acquired through the enrollment process or the member benefit booklets. Tufts Health Plan maintains and uses member medical information in accordance with Tufts Health Plan’s confidentiality policies and procedures.