Your Information. Your Rights. Our Responsibilities.
This notice describes how certain Protected Health Information (PHI) or medical information, that is Personally Identifiable Information (PII) about you may be used and disclosed. Please review it carefully.
This Notice describes how your broker may use and disclose PHI to carry out payment and health care operations, and for other purposes that are permitted or required by law.
If you have questions or concerns about your information, or you want to exercise your privacy rights, you should contact your broker agent.
Summary of Our Uses and Disclosures
We may use and share your information as we:
- Administer the plan
- Pay for your health services or help resolve claims issues
- Comply with the law
- Respond to lawsuits and legal actions
- Address law enforcement and other government requests
What is Protected Health Information (“PHI”)?
PHI means individually identifiable health information, as defined by HIPAA, that is created or received by a medical provider or the plan or an insurance company that relates to the past, present, or future physical or mental health or condition of an individual; the provision of health care to an individual; or the past, present, or future payment for the provision of health care to an individual; and that identifies the individual or for which there is a reasonable basis to believe the information can be used to identify the individual. PHI includes information of persons living or deceased.
Your Rights – Additional Details
When it comes to your health information, you have certain rights. This section explains your rights and some of our responsibilities to help you.
Summary of Your Rights
You have the right to:
- Get a copy of your protected health information
- Correct your protected health information
- Request confidential communication
- Ask us to limit the information we share
- Get a list of those with whom we’ve shared your information
- Get a copy of this privacy notice
- Choose someone to act for you
- File a complaint if you believe your privacy rights have been violated
File a complaint if you feel your rights are violated
- You can complain if you feel we have violated your rights by contacting us using the information on page 1. (Privacy Official contact information)
- You can file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C. 20201, calling 1-877-696-6775, or visiting: hhs.gov/ocr/privacy/hipaa/complaints/
- We will not retaliate against you for filing a complaint.
Our Uses and Disclosures
How do we typically use or share your health information?
In order for you to utilize our services you will need to provide PII on an entirely voluntary basis. We may use your PHI and PII for the following permitted purposes.
Pay for your health services
We can request, use and disclose your PHI as we help resolve claims at your request.
Family and Friends Involved in Your Care
If you are available and do not object, we may disclose your PHI to your family, friends, and others who are involved in your care or payment of a claim. If you are unavailable or incapacitated and we determine that a limited disclosure is in your best interest, we may share limited PHI with such individuals. For example, we may use our professional judgment to disclose PHI to your spouse concerning the processing of a claim.
Broker Relations Usage
We may use your personally identifiable information such as your name and address only for purposes of providing you a superior customer experience. For example, to help you register online, sign up for a newsletter or other marketing communications for which you may receive periodic emails responding to your customer service requests, plan information or for other similar purposes, including:
- Broker services available through us or our platform and/or to deal with any requests or inquiries you may have.
- Legitimate interest to carry out business or operations related to your plan, coverage or solicitation of.
- Contracting of various kinds related to products or services of interest to you.
How else can we use or share your health information?
We do not sell, trade, or otherwise transfer to outside parties your Personally Identifiable Information.
- We are required by law to maintain the privacy and security of your protected health information.
- We will let you know promptly if a breach occurs that may have compromised the privacy or security of your information.
- We must follow the duties and privacy practices described in this notice and give you a copy of it.
- We will not use or share your information other than as described here unless you tell us we can in writing. If you tell us we can, you may change your mind at any time. Let us know in writing if you change your mind.
For more information see: hhs.gov/ocr/privacy/hipaa/understanding/consumers/noticepp.html.
Changes to the Terms of this Notice
We can change the terms of this notice, and the changes will apply to all information we have about you. The new notice will be available upon request, on our web site, and we will mail a copy to you.
Fair Information Practices
The Fair Information Practices Principles form the backbone of privacy law in the United States and the concepts they include have played a significant role in the development of data protection laws around the globe. Understanding the Fair Information Practice Principles and how they should be implemented is critical to comply with the various privacy laws that protect personal information.
In order to be in line with Fair Information Practices we will take the following responsive action, should a data breach occur:
- We will notify you via email within 7 business days.
- We will notify the users via in-site notification within 7 business days.
We also agree to the Individual Redress Principle which requires that individuals have the right to legally pursue enforceable rights against data collectors and processors who fail to adhere to the law. This principle requires not only that individuals have enforceable rights against data users, but also that individuals have recourse to courts or government agencies to investigate and/or prosecute non-compliance by data processors.