Notice of Privacy Practice

This Notice describes how Arizona Foundation for Medical Care (AFMC) may use and disclose your Protected Health Information or PHI. It also describes our legal obligations concerning your PHI and your rights to access and control your PHI.

This notice is in affect in accordance with the privacy regulations issued under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA Privacy Regulations”). Please review it carefully.

Posted 5/3/2021.

About Arizona Foundation for Medical Care

Arizona Foundation for Medical Care (AFMC) is a Preferred Provider Organizations (PPO). A PPO is an entity that contracts with medical providers for a discounted rate on services, and generally allows a person to see any physician they choose, but their insurance plan pays less if a member chooses to see a provider outside the PPO network (unless otherwise specified by their insurance plan).

In addition to the network of providers, hospitals, and ancillary services, AFMC offers a Worker’s Compensation Plan, Chiropractic Cost Containment System Plan, and Medical Management Services such as Utilization Management, Case Management, Disease Management, and Maternity Management programs.

Because of the services AFMC offers, we will get information about you from your doctor, hospital and other providers.

Note: As a PPO, we do not pay claims, we only provide a network in which you may obtain healthcare. Your employer, an insurance company, or a third party administrator pays your claim.

We know that the information about you is very personal. The laws say that:

  • We must keep your information from others who do not need to know it.
  • We must give you this Notice that explains our privacy practices and how we handle the medical information we have about you.
  • We must do all of the things that we talk about in this notice.

Personal Health Information (PHI)

PHI is individually identifiable health information, including actual medical information as well as your name, address, phone number, identification number or other identifiers, collected from you or created by or received by a healthcare provider, a health plan, your employer, or a healthcare clearinghouse and that relates to:

  • Your past, present, or future physical or mental health or condition;
  • The provision of healthcare to you; or
  • The past, present, or future payment for healthcare provided to you.

We are required by law to maintain the privacy of your PHI. We are obligated to provide you with a copy of this Notice and we must abide by the terms of this Notice. We reserve the right to change this Notice at any time. If we make a material change to our Notice, we will place a notice on the AFMC Web site, and notify your employer, their insurance company and/or third party administrator.

When you joined your health insurance plan, you gave your employer and the insurance plan permission to use and share medical information about you so that they, their insurance company, or third party administrator, can pay your medical bills. AFMC may also use and share medical information about you so that we can provide you access to specified medical services, so you can get the best healthcare as possible, as well as make sure your claim gets processed through your administrator.

We understand that following these new regulations might seem confusing and at times frustrating, but they have been put into place to protect you and to keep your personal health information from falling into the wrong hands.


AFMC is committed to assisting you in every way to resolve your claim questions. It is important to note, however, effective April 14, 2003, the federal government has released new HIPAA Privacy Regulations that place limits on the amount of information we can release about your claims. We can no longer discuss your Protected Health Information (PHI) with anyone other than yourself, unless you give us your written authorization to do so.

If a family member or friend – someone other than you – would like to discuss your PHI, they must get written authorization from you.

You can do this by downloading the following pdf, filling it out (please make sure it is signed), and mailing or faxing it to AFMC at:

Arizona Foundation for Medical Care
Attn: Call Center
PO Box 840
Black Canyon City, AZ 85324-9997
Fax: 602-256-7816

Completion of this form gives AFMC permission to discuss your PHI with another person(s), such as a spouse or care giver. Please note that it must be filled out entirely and must be specific about the issue you want discussed. In addition, an expiration date or an event that triggers the expiration of the release must also be included on this form.

Note: This form must be updated annually. AFMC only keeps forms for one year.

It is not acceptable to release a “blanket” authorization for all of your claims. If you would like to release PHI on multiple claim issues, a separate form must be completed for each issue.

Your medical information may be used or shared without your permission for reasons like:

  • Speaking to your providers (i.e. doctors and hospitals), your employer, insurance company and/or third party administrator about your care and giving them medical information about you that will help them provide you access to care and/or treat you.
  • Our review of our own programs and/or operations.
  • Reviewing information from providers for grievances, appeals, fraud and abuse.
  • Medical case management, disease management, maternity care management, chiropractic care management and/or worker’s compensation entities
  • Working with other companies and/or agencies that provide healthcare services to you.
  • Sharing information with companies that perform functions for us.

It is important for you to know that we use only the health information about you that we need to do our job. Only employees who have a need to see your information are able to see and use it. When we share your health information that the law allows us to, we only share the information that the person needs to do their job. We believe that your privacy is very important.

Other Uses and Disclosures

Disclosures Required by Law AFMC will share medical information about you when federal, state, or local law tells us that we have to.

Health Oversight Activities AFMC may share medical information with (federal) The Centers for Medicare and Medicaid (CMS), (state) Department of Insurance, or any other governing entity. This could include things like audits, investigations and inspections. These activities are necessary so that the government may review the healthcare system and how you get healthcare.

Lawsuits and Disputes If you are involved in a lawsuit or a grievance, we may share medical information about you to respond to a court order or an order from the Administrative Law Judge. We may also share medical information about you to respond to a lawful process (for example, a subpoena or discovery request). In this case, we will not share any information unless we know that the person asking for the information has tried to let you know that they are going to ask for it.

Law Enforcement, Military Activity and/or National Security, Protective Services AFMC may have to give local or federal law enforcement official and/or military official medical information about you. In rare cases, we may have to share information about you because of national security and intelligence activities, and for the protection of the President, other authorized persons, or heads of state.

Written Permission (Authorization) Other uses and disclosures of your medical information that are not mentioned in this notice or not allowed by the law will be made only with your written permission. You will tell us what information we may share, where and to whom the information must be sent. Your authorization is good until the date you put on the form. You can take back or limit the amount of information sent at any time by letting us know in writing. If you take back your permission, we will no longer use or share medical information about you for the reasons covered by your authorization.

Your Rights Regarding Your Medical Information

If you believe your rights are being denied, or your health information isn’t being protected, you can:

  • File a complaint with your provider or health insurer
  • File a complaint with the U.S. Government

You should get to know these important rights, which help you protect your health information. You can ask your provider or health insurer questions about your rights. You also can learn more about your rights, including how to file a complaint, from the Web site at or by calling 1-866-627-7748; the phone call is free.

You have the right to look at and copy medical information that may be used to make decisions about your medical care. Usually, this right includes your medical record and the bills that your provider, employer, third party administrator send to us.

You must send your request to AFMC’s Privacy Officer (see Authorization section). Your first copy is free. If you request another copy within one year, they may charge a fee for the costs of copying, mailing, or other supplies to meet your request. There may be times when they may deny your request to look at or copy your medical information. If that happens, you have a right to ask us to review the decision to deny your request.

You have the right to request that AFMC restrict the use of your medical information for treatment services, payments to providers, and for business (operational) purposes. You may also ask that we restrict the disclosure of your medical information to your relatives or friends that are involved with your care.

You also have the right to request to receive information from us at a mailing address other than the one we have on file; or to request to be called at a phone number other than the one we have on file. To do this, you must send your request in writing to AFMC’s Call Center and specify how and/or where you wish to be contacted.

If you feel that your medical information is incorrect or incomplete, you have the right to request that your medical information be corrected. The healthcare provider (i.e., doctor, hospital, clinic, etc.) that created your medical information is responsible for amending it. For more information on how to submit a request, contact your employer, insurance company, third party administrator, local network, or your healthcare provider.

You have a right to ask for a list of people that we have shared your information with. This is called an Accounting of Disclosures. There are some things that are not on that listing. Examples of this are when you give us permission to give someone your medical information, or those times that we use and share your medical information for our operations. To request a list of disclosures, you must send a request in writing to AFMC’s Call Center. Your request must state a time period, which may not be longer than six years prior to the date of your request and may not include dates before April 14, 2003. Your request should indicate the form in which you want the information (for example, paper or by e-mail). You have the right to a paper copy of this Notice even if you have agreed to accept this Notice electronically.

Changes to this Notice

We may change this Notice. The changes to the Notice might involve medical information we already have about you, as well as any information we get in the future. If we do change the Notice, we will send you the new one. You will always know which one is the most current because we print the effective date of the Notice in the top of the front page.


If you believe your privacy rights have been violated and that AFMC has not followed what we have said in this Notice, you may file a complaint, in writing, with AFMC (the address is at the bottom of this Notice). If we do not answer all of your questions, you may complain to the Secretary of the Department of Health and Human Services. You will never be penalized or discriminated against for filing a complaint.

Other Privacy Rights

Another law provides additional privacy protections to patients of alcohol and drug treatment programs. For more information, go to the website at

For More Information

This is a brief summary of your rights and protections under the federal health information privacy law. You can learn more about health information privacy and your rights in a fact sheet called “Your Health Information Privacy Rights”. You can get this from the website at You can also call 1-866-627-7748; the phone call is free.

If you have concerns about AFMC’s privacy policies or procedures, or our compliance with the HIPAA Privacy Regulation, you may communicate your complaint to:

Tracy Mitchell, Executive Vice President

Arizona Foundation for Medical Care
PO Box 840
Black Canyon City, AZ 85324-9997

Phone: 800-624-4277 or 602-252-4042

To obtain a Complaint Form, please call AFMC’s Call Center at the phone numbers listed above or below.

You may also submit a written complaint to the Secretary of the U.S. Department of Health and Human Services. Complaints filed directly with the Secretary must: (1) be in writing; (2) contain the name of the entity against which the complaint is lodged; (3) describe the relevant problems; and (4) be filed within 180 days of the time you became or should have become aware of the problem.

We support your right to protect the privacy of your PHI. You can be assured there will be no retaliation of any kind if you choose to file a complaint with your network or with the U.S. Department of Health and Human Services.

Arizona Foundation for Medical Care
PO Box 840
Black Canyon City, AZ 85324-9997
Phone: 800-627-4277 or 602-252-4042
Main Fax: 602-417-2871
Call Center Fax: 602-256-7816


The following terms and phrases have specific meaning when used in reference to the HIPAA Privacy Regulations:

Authorization – Authorization refers to a specific and detailed permission given to a Covered Entity by an individual to use or disclose PHI for a specific purpose. With certain exceptions, a Covered Entity must always seek authorization to use or disclose PHI for purposes other than treatment, payment or other healthcare operations. Please refer to the HIPAA training packet for more detailed information about authorizations.

Business Associate – A person or organization that performs a function or activity on behalf of a Covered Entity, but is not part of the Covered Entity’s workforce.

Covered Entity – A health plan, a healthcare clearinghouse and a healthcare provider who transmits any Protected Health Information (PHI) in electronic form in connection with a transaction covered by the HIPAA electronic transaction regulations.

Health Plan – Includes an individual or group plan that provides or pays the cost of medical care.

HIPAA – The acronym for the Health Insurance Portability and Accountability Act of 1996. Title I of HIPAA (HIPAA Health Insurance Reform) protects health insurance coverage for workers and their families when they change or lose their jobs. Title II of HIPAA (HIPAA Administrative Simplification) addresses the security and privacy of health data and authorizes the Department of Health and Human Services to establish national standards for electronic healthcare transactions and national identifiers for providers, health plans and employees.

Minimum Necessary – To make reasonable effort to limit the use or disclosure of PHI to the minimum amount necessary to accomplish the intended use or disclosure. In addition, when AFMC is requesting information from a Covered Entity or a business partner, reasonable effort will be made to limit the amount of PHI requested to the minimum amount necessary for the intended use or disclosure. Please refer to the HIPAA training packet for more information about minimum necessary.

Protected Health Information (PHI) – Individually identifiable health information. Health information is any information that AFMC receives from a health plan or healthcare provider if the information relates to an individual’s health condition, healthcare or payment for healthcare. This also applies to information received from any source if AFMC is operating as a healthcare clearinghouse. Health information is individually identifiable if there is a reasonable possibility that the identity of the individual can be determined from the information.

PHI includes health information that contains names, addresses and Social Security numbers as well as any other detail from which an individual’s identity might be determined under the context in which it has been released.

PHI does not include health information received or maintained by AFMC with respect to an employer’s FMLA, short-term disability, workers’ compensation or other employment records that are not related to a health plan.

Plan Sponsor – The entity that maintains the health plan.