As a licensed agent, we are required to protect the information we collect and maintain. We respect your right to privacy and will protect the information we maintain about you in the ongoing operation of your health insurance in accordance with all required laws, regulations, and standards.
Your privacy is very important to us and we will make every reasonable effort to safeguard any information we collect. We are committed to the spirit and letter of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), including but not limited to the Privacy Rule. A major provision of the Privacy Rule is to safeguard sensitive, personal information about members. This information is referred to as Protected Health Information (PHI), and includes individually identifiable health care and demographic data.
When you apply for health coverage or an exemption, your information may be used to help you with the application process, verify information like your identity and any income history you provide, and give you accurate information about many different cost-saving programs available to you. We need your information to assist you in completing your enrollment application, determine eligibility for enrollment in a marketplace plan, help you resolve questions about the results of your application, communicate with you during the eligibility and enrollment process, and help you enroll. After you enroll in health coverage, your information may be used to continue communications with you regarding your coverage.
We will only share your information as needed and authorized or required by law. We restrict access to nonpublic personal information about you to those employees who need to know that information in order to provide services to you. We maintain physical, electronic, and procedure safeguards that comply with federal regulations to guard nonpublic personal information.
A privacy incident is a reportable event that involves PII or Protected Health Information (PHI) where there is a loss of control, compromise, unauthorized disclosure, unauthorized acquisition, unauthorized access, or any similar term referring to situations where persons other than authorized users, and for an other than authorized purpose, have acess to PII/PHI in usable form, whether physical or electronic. Agents and brokers must report any incident involving the loss or suspected loss of PII. A breach is a privacy incident that poses a reasonable risk of harm to the applicable individuals. Any privacy or breach incident must be reported in conjunction with CMS’s Incident & Breach Notification Procedures.