Notice of Privacy Practices and Privacy Policy
Association Master Trust d/b/a Association Member Trust ("AMT")
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
Effective Date: December 29, 2025
Last Revised: December 29, 2025
This Notice describes how AMT may use and disclose certain information about you, and how you can access and control that information. AMT provides and administers group health and welfare benefit programs for eligible members and their covered dependents.
Key Terms
"Protected Health Information" ("PHI") is individually identifiable health information (oral, written, or electronic) that relates to your past, present, or future physical or mental health or condition, health care services you receive, or payment for those services, and that is created or received by AMT in its role as a health plan or plan administrator.
"Nonpublic Personal Information" ("NPI") is certain nonpublic financial and related information about you that may be protected under federal and state financial privacy laws (such as the Gramm–Leach–Bliley Act).
In this Notice, we refer to PHI and NPI collectively as "Private Information."
HIPAA generally does not preempt state or federal laws that provide greater privacy protections. If a law gives you more protection, we will follow that law in addition to HIPAA.
Our Responsibilities
AMT is required by law to:
Maintain the privacy and security of your PHI.
Provide you with this Notice of our legal duties and privacy practices.
Follow the terms of this Notice currently in effect.
Notify you (and, if applicable, others) following a breach of your unsecured PHI, as required by law.
We will not use or disclose your PHI other than as described in this Notice unless you authorize us in writing or the law permits or requires us to do so.
Collection and Protection
What Private Information we collect
In providing and administering benefits, we may collect Private Information from sources such as:
Information you (or the subscriber) provide on applications, forms, or through websites we sponsor.
Information from your transactions with us and others (such as health care professionals and other plans).
Information from consumer reporting agencies and government programs, as permitted by law.
Information from third-party sources and publicly available sources, as permitted by law.
How we protect Private Information
We maintain reasonable administrative, technical, and physical safeguards designed to protect Private Information. Our workforce receives privacy and security training and is subject to disciplinary action for violations. We also apply the HIPAA “minimum necessary” standard where required.
How We May Use and Disclose Your PHI
HIPAA allows (and sometimes requires) health plans to use and disclose PHI for certain purposes. Below are examples of how we typically use and disclose PHI, and other situations where we may be permitted or required to do so.
Treatment
We may use and disclose PHI to help manage the treatment you receive and to coordinate care with your health care providers.
Example: We may share information with a doctor, hospital, or other provider to help coordinate benefits and services.
Payment
We may use and disclose PHI to pay claims and administer coverage, including eligibility determinations, claims processing, utilization review, and case management.
Health Care Operations
We may use and disclose PHI for health care operations, such as quality assessment and improvement, fraud and abuse detection, audits, compliance, underwriting and rate-setting (where permitted), business planning and management, and customer service. We are prohibited from using or disclosing genetic information for underwriting purposes.
Plan Administration and Plan Sponsor Disclosures
If you participate in an employer-sponsored plan, we may disclose PHI to the plan sponsor (for example, your employer or association) as permitted by HIPAA and only for plan administration functions, or as otherwise authorized by law. The plan sponsor must agree to safeguard the information.
Business Associates and Service Providers
We may share PHI with vendors and other service providers (“business associates”) that perform services for us (such as claims administration, analytics, printing and mailing, legal services, or IT support). Business associates are required by contract and law to protect PHI and to use it only as permitted.
Disclosures to Individuals Involved in Your Care or Payment
We may share relevant PHI with the subscriber, a family member, or another person involved in your care or payment for your care, consistent with HIPAA and your preferences when possible.
Public Health, Safety, and Other Permitted or Required Disclosures
We may use or disclose PHI as permitted or required by law, including for:
Public health activities (such as reporting disease, adverse events, or product recalls).
Health oversight activities (such as audits, investigations, inspections, and licensure).
Workers’ compensation and similar programs.
Law enforcement purposes and judicial or administrative proceedings (for example, in response to a court order or subpoena, as permitted by law).
Special government functions (such as military and national security activities).
Organ and tissue donation and certain functions of medical examiners, coroners, and funeral directors.
Substance Use Disorder (SUD) Treatment Records (42 CFR Part 2)
Some SUD treatment records created by certain federally assisted programs are subject to special federal confidentiality rules at 42 CFR Part 2. If we receive SUD treatment records that are subject to 42 CFR Part 2, those records generally may not be used or disclosed in civil, criminal, administrative, or legislative proceedings against you unless you provide written consent or a court issues an order that meets Part 2 requirements after notice and an opportunity to be heard, as applicable.
We will handle Part 2 records in accordance with applicable law, including any additional restrictions beyond HIPAA.
Your Choices
For certain situations, you can tell us your preferences about how we share your PHI. For example, you can tell us whether to:
Share information with the subscriber, your family, close friends, or others involved in payment for your care.
Share information in a disaster relief situation.
If you are not able to tell us your preference (for example, if you are unconscious), we may share information if we believe it is in your best interest, and only as permitted by law.
Uses and Disclosures Requiring Your Written Authorization
We will not use or disclose your PHI for the following purposes without your prior written authorization:
You may revoke an authorization at any time in writing. Your revocation will apply going forward after we process it, but it will not affect uses or disclosures that already occurred in reliance on your authorization.
Your Rights
When it comes to your PHI, you have certain rights. To exercise a right, contact us using the information in the “Contact Us” section below.
Get a copy of your health and claims records
You can ask to inspect or obtain a copy of certain PHI we maintain about you (including health and claims records). You may request a paper copy or, if we maintain the information electronically, an electronic copy in the form and format you request if it is readily producible; otherwise we will work with you to provide it in a readable electronic form. We generally will respond within 30 days of your request. If we need more time, we may extend the response time once by up to 30 additional days, and we will notify you in writing.
We may charge a reasonable, cost-based fee in accordance with law.
Ask us to correct (amend) health and claims records
You can ask us to amend PHI you believe is incorrect or incomplete. We generally will respond within 60 days. If we need more time, we may extend the response time once by up to 30 additional days and will notify you in writing. We may deny your request in certain circumstances, but we will provide a written explanation and information about your right to submit a statement of disagreement.
Request confidential communications
You can ask us to contact you in a specific way (for example, at work or by mail to a different address). We will accommodate reasonable requests and may ask you to make your request in writing. We must accommodate a request if you tell us you would be in danger if we do not.
Ask us to limit what we use or share
You can ask us not to use or disclose certain PHI for treatment, payment, or health care operations. We are not required to agree to most requests. However, we must agree to your request to restrict disclosure of PHI to a health plan if the disclosure is for payment or health care operations and relates solely to a health care item or service for which you (or someone on your behalf) has paid out-of-pocket in full, unless a law requires us to share it.
Get a list of those with whom we have shared PHI
You can request an accounting of certain disclosures of your PHI made in the six years before the date you ask, excluding disclosures for treatment, payment, and health care operations and certain other disclosures permitted by law.
We will provide one accounting in a 12‑month period at no charge. We may charge a reasonable, cost-based fee for additional accountings.
Get a copy of this Notice
You can ask for a paper copy of this Notice at any time, even if you have agreed to receive it electronically.
Choose someone to act for you
If you have a medical power of attorney, or if someone is your legal guardian or personal representative, that person can exercise your rights and make choices about your PHI. We will verify their authority before taking action.
File a complaint
You can complain if you believe your privacy rights have been violated. We will not retaliate against you for filing a complaint.
You may file a complaint with AMT by contacting our Privacy Office:
AMT – Attn: Privacy Office
636 Morris Turnpike, Suite 2A, Short Hills, NJ 07078
Phone: (973) 379‑1090
Email: info@amt-nj.com
You may also file a complaint with the U.S. Department of Health and Human Services, Office for Civil Rights (OCR):
Online: OCR Complaint Portal (ocrportal.hhs.gov)
Mail: Office for Civil Rights, U.S. Department of Health and Human Services, 200 Independence Avenue, SW, Washington, D.C. 20201
Phone: (800) 368‑1019
Changes to This Notice
We reserve the right to change the terms of this Notice, and the changes will apply to all PHI we maintain. If we make a material change, we will update this Notice and make the revised Notice available on our website and upon request. If you are currently covered, we will provide the revised Notice or information about the material change as required by law.
Contact Us
If you have questions about this Notice or would like to exercise your rights, contact AMT’s Privacy Office:
