Privacy and Security
The Centers for Medicare and Medicaid Services (CMS), requires that prior to collecting Personally Identifiable Information (PII) and/or Personal Health Information (PHI), agents and brokers must provide a Privacy Notice Statement (PNS) that is prominently and conspicuously displayed on a public-facing website, if applicable, or in paper format upon request.
PII is information that can be used to distinguish or trace an individual’s identity, alone or when combined with other personal or identifying information that is linked or linkable to a specific individual. Examples of PII include name, address, email, date of birth, Social Security Number, etc.
PHI as defined by federal privacy regulation is information that:
Contains data elements or combinations of data elements that could identify a person, or provides a reasonable basis to believe someone could be identified;
Contains health-related information about that person; and
Is maintained or transmitted in any form (electronic, written, or oral).
Purpose of the Information Collection
With your agreement, during our communications about your situation, CBI65 agents will gather PII on you and/or your family.
CBI65 will use the PII gathered to determine suitability and eligibility of insurance products, and to quote insurance products that protect you and or your family financially from accidents and illness.
Effects of non-disclosure
Disclosure of your PII is voluntary. You are under no obligation to work with CBI65.
Your nondisclosure of the PII request will render CBI65 unable to pursue the suitability and eligibility of insurance products, and to quote insurance products.
Individual Privacy Rights
According to HIPAA Title II regulations, individuals are entitled to individual privacy rights that include the following items:
Right to Notice of Privacy Practices
Right to Restrictions on Use and Disclosure of PHI
Right to Alternate Communications
Right of Access to PHI
Right to Amend PHI
Right to an Accounting of Disclosures of PHI
Right to file a privacy complaint
USES AND DISCLOSURES OF INFORMATION
This agency may use and disclose PHI (referred to in this policy as PHI) as described in the Federal HIPAA Privacy regulation, 45 C.F. R. §164.501 and as outlined in this Policy.
Permitted and Required Uses and Disclosures – This agency is allowed to use and disclose any PHI for the following purposes (refer to the Privacy Officer or obtain assistance from legal counsel for other allowed uses and disclosures):
Provide and conduct administrative functions related to payment and health care operations for and on behalf of a covered entity that include the following:
· For conducting enrollment
· To allow for and/or audit claims payments
· To allow for quoting
· For underwriting activities
· To allow for case issuance
· Use of eligibility information for commissions and bonus processing and inquiries.
· For conducting Customer Service activities
· To assist with request for identification cards
· To assist with requested demographic changes
· Use of financial information for of quoting and processing insurance premiums
· To respond to the Secretary of the Department of Health and Human Services to determine compliance with regulations
· For compliance programs and oversight audit functions
· To report privacy violations to the appropriate Federal and State authorities consistent with the HIPAA Privacy regulations
· For data aggregation to permit data analysis for contracted covered entities
· To public health and safety authorities
· To report abuse, neglect or domestic violence
· To law enforcement officials under certain circumstances
· For judicial and administrative proceedings
· To fulfill any obligations under workers’ compensation laws or contract
· To an individual upon request to provide access to his or her own PHI
· To an individual to provide an accounting of disclosures of PHI
· To request proposals for services to be provided to or on behalf of a covered entity
· To investigate fraud