decorative photograph
Privacy Notice
JPMorgan Chase is committed to maintaining the highest level of privacy and discretion about your personal compensation and benefits information.
However, federal legislation under the Health Insurance Portability and Accountability Act (HIPAA) legally requires employers—like JPMorgan Chase—to specifically communicate how certain "protected health information" under employee and retiree health care plans may be used and disclosed, as well as how plan participants can get access to their protected health information.
What Is Protected Health Information?
Protected health information is considered to be individually identifiable health information as it relates to the:
  • Past, present, or future health of an individual; or
  • Health care services or products provided to an individual; or
  • Past, present, or future payment for health care services or products.
The information included in this section is a summary of HIPAA privacy regulations. To comply with the law, JPMorgan Chase will distribute to you once every three years, a "Privacy Notice of Protected Health Information Under the JPMorgan Chase Health Care Plans" that describes in detail how your personal health information may be used and your rights with regard to this information.
You can access the Privacy Notice at My Health or by contacting HR Answers at any time to request a paper copy. Under HIPAA, protected health information is confidential, personal, identifiable health information about you that is created or received by a claims administrator (like those under the JPMorgan Chase Medical Plan), and is transmitted or maintained in any form. ("Identifiable" means that a person reading the information could reasonably use it to identify an individual.)
Under HIPAA, the Medical Plan may only use and disclose participants' protected health information in connection with payment, treatment, and health care operations. In addition, the Medical Plan must restrict access to and use of protected health information by all employees/groups except for those specifically involved in administering the Medical Plan, including payment and health care operations. In compliance with HIPAA, the Medical Plan agrees to:
  • Not use or further disclose protected health information other than as permitted or required by law;
  • Not use or disclose protected health information that is genetic information for underwriting purposes;
  • Ensure that any agents (such as an outside claims administrator) to whom the Medical Plan gives protected health information agree to the same restrictions and conditions that apply to the Medical Plan with respect to this information;
  • Not use or disclose the information for employment-related actions and decisions or in connection with any other benefit or employee benefit plan of JPMorgan Chase;
  • Notify you if a breach of your protected health information is discovered;
  • Report to the JPMorgan Chase HIPAA Privacy Officer any use or disclosure of the information that is inconsistent with the designated protected health information uses or disclosures;
  • Obtain your authorization for any use or disclosure of protected health information for marketing, or that is a sale of the protected health information as defined under applicable law;
  • Make available protected health information in accordance with individuals' rights to review such personal information;
  • Make available protected health information for amendment and incorporate any amendments to protected health information consistent with the HIPAA rules;
  • Make available the information required to provide an accounting of disclosures in accordance with the HIPAA rules;
  • Make the Medical Plan's internal practices, books, and records relating to the use and disclosure of protected health information received from the claims administrators available to the Secretary of Health and Human Services for purposes of determining the Medical Plan's compliance with HIPAA;
  • Return or destroy all protected health information received in any form from the claims administrators. The Medical Plan will not retain copies of protected health information once it is no longer needed for the purpose of a disclosure. An exception may apply if the return or destruction of protected health information is not feasible. However, the Medical Plan must limit further uses and disclosures of this information to those purposes that make the return or destruction of the information infeasible; and
  • Request your authorization to use or disclose psychotherapy notes except as permitted by law, which would include for the purposes of carrying out the following treatment, payment or health care operations:
    • Use by the originator of psychotherapy notes for treatment;
    • Use or disclosure by the Medical Plan for its own training program; or
    • Use or disclosure by the Medical Plan to defend itself in a legal action or other proceeding brought by you.
If you believe that your rights under HIPAA have been violated, you can file a complaint with the JPMorgan Chase HIPAA Privacy Officer or with the Secretary of the U.S. Department of Health and Human Services. If you wish to file a HIPAA complaint with the JPMorgan Chase HIPAA Privacy Officer, please contact the Privacy Officer for the JPMorgan Chase Health Care Plans in writing at this address:
HIPAA Privacy Officer for the JPMorgan Chase Health Care Plans
JPMorgan Chase Corporate Benefits
4041 Ogletown Road, Floor 02
Newark, DE, 19713-3159
Mail Code: DE6-1470