Privacy & Use Policies

NOTICE OF PRIVACY PRACTICES

This provides notice of the privacy practices and policies of Tomlin Health Insurance. These protections have been adopted to ensure that the information that we obtain and maintain for our clients and customers, which may also include information about the employees, dependents, former employees and dependents, and other eligible participants on a group health plan for which we are providing services (“Protected Parties”), is protected in accordance with relevant state and federal rules. The Notice outlines our practices, policies, and legal duties to maintain and protect against prohibited disclosure of personally-identifiable financial information (as required by the federal Gramm-Leach-Bliley Financial Modernization Act (“GLB Act”), and the various state laws implementing those requirements), Protected Health Information of those Protected Parties (under the privacy regulations mandated by the Health Insurance Portability and Accountability Act and further expanded by the Health Information Technology for Economic and Clinical Health Act provisions in Title XIII of the American Recovery and Reinvestment Act (“HITECH”) and the regulations related to these laws and mandates), and the protection of personally-identifiable information under 45 CFR § 155.260 (collectively referred herein as “Privacy Rules”).

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT A PROTECTED PARTY MAY BE — USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. THE PROTECTION OF THE PRIVACY OF THE INFORMATION WE MAINTAIN IS IMPORTANT TO US. PLEASE REVIEW IT CAREFULLY.

1. Statement of Our Duties. We are required by law to maintain the privacy of non-public personal information (“NPPI”), protected health information (“PHI”), and personally-identifiable information (“PII”) (collectively referred herein as “Protected Information”) of the Protected Parties and to provide our clients with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice. We reserve the right to change the terms of this notice and to adopt any new provisions regarding the Protected Information that we maintain about the Protected Parties. If we revise this notice, we will provide each client or customer with whom there is a current and direct business relationship with a revised notice by mail, electronic mail or any other electronic means, telefacsimile or fax, or hand-delivery.

2. Statement of the Client’s Rights under Privacy Rules. As our client or customer, you have a right to know how we may use or disclose the Protected Information we maintain on those Protected Parties with whom there is a direct relationship. In the event that our customer or client is an employer sponsoring a group health plan, we do not have a direct duty to their employees, dependents, former employees or dependents or other eligible participants on the group health plan. Our obligations to not disclose the Protected Information we maintain about those individuals may arise due to our contractual obligations as a Business Associate of both the client or customer, as well as to any other third party who is a Covered Entity under the Privacy Rules, but does not create a special legal duty to provide notice to those individuals of their rights through a Notice of Privacy Practices. Primary Uses and Disclosures of Protected Information. We use and disclose Protected Information about Protected Parties for payment and health care operations. Privacy Rule does not generally “preempt” (or take precedence over) state privacy or other applicable laws that provide individuals greater privacy protections. As a result, to the extent state law applies, the privacy laws of a particular state, or other federal laws, rather than the Privacy Rules, might impose a privacy standard under which we will be required to operate. For example, where such laws have been enacted, we will follow more stringent state privacy laws that relate to uses and disclosures of the Protected Information concerning HIV or AIDS, mental health, substance abuse/chemical dependency, genetic testing, and reproductive rights.

In addition to these law requirements, we also may use or disclose Protected Information in the following situations: Payment: We might use and disclose your Protected Information for all activities that are included within the definition of “payment” within the Privacy Rules. For example, we might use and disclose a Protected Party’s Protected Information to assist with the payment of claims for services provided to that Protected Party by doctors, hospitals, pharmacies and others for services that are covered by a group health plan. We might also use your information to determine your eligibility for benefits, to coordinate benefits, to examine medical necessity, to obtain premiums, and to issue explanations of benefits to the person who subscribes to the health plan in which you participate. Health Care Operations: We might use and disclose a Protected Party’s Protected Information for all activities that are included within the definition of “health care operations” within the Privacy Rules. For example, we might use and disclose the Protected Information of a Protected Party to an insurer to determine the premiums for your health plan, to conduct quality assessment and improvement activities, to engage in care coordination or case management, and to manage our business.

Business Associate Subcontractors: In connection with our payment and health care operations activities, we contract with individuals and entities (called “subcontractors”) to perform various functions on our behalf or to provide certain types of services. To perform these functions or to provide the services, our subcontractors will receive, have access to, create, maintain, use, or disclose Protected Information, but only after we require the subcontractor to agree in writing to contract terms designed to appropriately safeguard your information.

Other Covered Entities: In addition, we might use or disclose your Protected Information to assist health care providers in connection with their treatment or payment activities, or to assist other covered entities in connection with certain of their health care operations. For example, we might disclose a Protected Party’s Protected Information to a health care provider when needed by the provider to render treatment to that party, and we might disclose Protected Information to another covered entity or subcontractor to conduct health care operations related to billing, claims payment or enrollment. For all other uses and disclosures, we first must obtain your permission.

In addition, you have the following rights:

• The right to request that we place additional restrictions on our uses and disclosures of the Protected Information of Protected Parties. However, we are not obligated to agree to impose any such additional restrictions.

• The right to access, inspect, and copy the protected information pertaining to Protected Parties that we maintain in our files, and the right to have us correct or amend any information that we create in error. Requests to access or amend your health information should be sent to the contact person and address provided below.

• The right to receive an accounting of the disclosures of the Protected Information we maintain on Protected Parties that we make for purposes other than activities related to payment functions or other health care operations.

• The right to request that communications containing a protected party’s Protected Information are sent in a confidential manner.

• If you received this notice electronically, you also have the right to obtain a paper copy of this notice from us on request.

3. Information We Collect About You. We collect the following categories of information for group and/or individual policies from the following sources:

a) Information that we obtain directly from you, in conversations or on applications or other forms that you or a Protected Party completes.

b) Information regarding current or prospective plan participants we obtain about them on applications or other forms.

c) Information about the plan’s transactions with our affiliates, others or us.

d) Information that we obtain as a result of our transactions with you.

4. Permissible Uses and Disclosures of Protected Information. We disclose the information we receive regarding current or prospective plan participants only in accordance with the terms and conditions of the various Business Associate contracts we have entered to with Covered Entities under Privacy Rules and as permitted under state and federal laws concerning the privacy of your insurance and financial information. Those include:

• Situations Permitted or Required by Law. We also may use or disclose your Protected Information without your written permission for other purposes permitted or required by law, including, but not limited to the following:

a) As authorized by and to the extent necessary to comply with workers’ compensation or other no-fault laws;

b) To an oversight or insurance regulatory agency for activities including audits or civil, criminal or administrative actions;

c) To a public health authority for purposes of public health activities (such as to the Federal Food and Drug Administration to report consumer product defects);

d) To a law enforcement official for law enforcement purposes or in response to a court order or in the course of any judicial or administrative proceeding;

e) To organ procurement organizations or other entities for approved research; or

f) To a governmental authority, including a social service or protective services agency, authorized to receive reports of abuse, neglect or domestic violence.

• For Any Purposes to Which You Have Not Objected. In certain limited circumstances, we may use or disclose your Protected Information after we have given you an opportunity to object and you have not objected. For example, if you do not object, we may use limited information about you to maintain an office directory, to notify family members or any other person identified by you regarding issues directly related to such person’s involvement with your care or payment for that care, or in emergency circumstances.

• For Purposes for Which We Have Obtained your Written Permission. All other uses or disclosures of your Protected Information will be made only with your written permission, and you may revoke any permission that you give us at any time.

5. Complaints About Misuse of Health Information. You may complain either directly to us or to the Secretary of Health and Human Services if you believe that your rights with respect to our protection of your health information have been violated. To file a complaint with us, you may send a written statement outlining your complaint, the facts and circumstances surrounding your complaint, including the names, dates and as many details as possible. You will not be retaliated against in any way for filing a complaint.

6. Our Practices Regarding Confidentiality and Security. We restrict access to Protected Information about you to those employees and its subcontractors who need to know that information in order to provide products and services to you. We maintain physical, electronic and procedural safeguards that comply with state & federal regulations to guard your Protected Information.

7. Our Duties. We are required by law to maintain the privacy of Protected Information and to provide individuals with notice of its legal duties and privacy practices with respect to Protected Information. If unsecured Protected Information is acquired, used or disclosed in a manner that is not permitted under the Privacy Rules that compromises the security or privacy of that Protected Information, (referred to as a “Breach”), We are required to provide appropriate Notice as defined by law without unreasonable delay and in no case later than 60 days after the discovery of the Breach or the receipt of information of the Breach. We may delegate this duty to a subcontractor. We are required to abide by the terms of the Notice that is currently in effect. We will provide a paper copy of this Notice to you upon your request.

8. Our Policy Regarding Dispute Resolution. Any controversy or claim arising out of or relating to our privacy policy, or the breach thereof, shall be settled by arbitration in accordance with the rules of the American Arbitration Association, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

9. Revisions to this Notice. We reserve the right to change the terms of this Notice and to make the new Notice provisions effective for all Protected Information we maintain, regardless of whether the Protected Information was created or received prior to issuing the revised Notice. Whenever there is a material change to our use and disclosure of Protected Information, individual rights, our duties, or other privacy practices stated in this Notice, we will promptly revise and distribute the new Notice.

Contact Person for Filing Complaint or Obtaining Other Information. If you believe your privacy rights have been violated, you may file a written complaint with our Privacy Officer at the following address:

Name Jeffrey Tomlin
Title President
Address 1142 Willagillespie Rd. Ste. 10, Eugene, OR 97401
Email jeff@tomlinhealth.com
Phone 541-343-1999

Website Statement of Use Policy

This privacy policy sets out how Tomlin Health Insurance uses and protects any information that you give us when you use this website.

We are committed to ensuring that your privacy is protected. Should we request or you provide certain information by which you can be identified when using this website, then you can be assured that it will only be used in accordance with this privacy statement.

Tomlin Health Insurance may change this policy from time to time by updating this page. Please check this page if you’re looking for details concerning our privacy policy. This policy is effective from May 1, 2017.

What we collect

We may collect the following information:

Name
Contact information including email address and phone number
Demographic information such as postal code, age, gender and preferences and interests
Other information relevant to customer surveys and/or offers

What we do with the information we gather

We may use this information to understand your needs and provide you with a better service, and in particular for the following reasons:

Internal record keeping
We may use the information to improve our products and services
We may periodically send promotional email about new products, special offers or other information which we think you may find interesting, using the email address which you have provided
From time to time, we may also use your information to contact you for market research purposes. We may contact you by email, phone or mail
We may use the information to customize the website according to your interests
We may provide your information to our third party partners for marketing or promotional purposes
We will never sell your information
We will not facilitate the merging of personally-identifiable information with non-personally identifiable information previously collected from Display Advertising features that are based on the DoubleClick cookie unless we have robust notice of, and the user’s prior affirmative (i.e., opt-in) content to, that merger.

Security

We are committed to ensuring that your information is secure. In order to prevent unauthorized access or disclosure, we have put in place suitable physical, electronic and managerial procedures to safeguard and secure the information we collect online.

Analytics, Display Advertising and Interest-Based Advertising Disclosure

Tomlin Health Insurance implements the following Google Analytics features based on Display Advertising: Remarketing, Google Display Network Impression Reporting, and Google Analytics Demographics and Interest Reporting. We utilize these services to serve more relevant ad experiences across the web based on previous visits to our website.

We may use Remarketing with Google Analytics to advertise online. Which means third-party vendors, including Google, may show our ads on sites across the Internet
Tomlin Health Insurance and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the AdWords & DoubleClick cookie) together to inform, optimize, and serve ads based on someone’s past visits to our website.
Tomlin Health Insurance and third-party vendors, including Google, use first-party cookies (such as the Google Analytics cookies) and third-party cookies (such as the DoubleClick cookie) together to report how our ad impressions, other uses of ad services, and interactions with these ad impressions and ad services are related to visits to our site.
We use data from Google’s Interest-based advertising or 3rd-party audience data (such as age, gender, and interests) with Google Analytics to serve more relevant ad experiences across the web – based on previous visits to our website.
Using the Ads Settings, visitors can opt-out of Google Analytics for Display Advertising and customize Google Display Network ads.
Alternatively, visitors can opt out of a third-party vendor’s use of cookies by visiting DoubleClick’s opt-out page or the Network Advertising Initiative opt-out page.

Facebook Remarketing and Custom Audiences

Third parties may use cookies, web beacons, and similar technologies to collect or receive information from your website and elsewhere on the internet and use that information to provide
measurement services and target ads.
You can opt-out of the collection and use of information for ad targeting. To do so, go to www.aboutads.info/choices and set your data collection and ad preferences.

How We Use Cookies

A cookie is a small file which asks permission to be placed on your computer’s hard drive. Once you agree, the file is added and the cookie helps analyze web traffic or lets you know when you visit a particular site. Cookies allow web applications to respond to you as an individual. The web application can tailor its operations to your needs, likes and dislikes by gathering and remembering information about your preferences.

We use traffic log cookies to identify which pages are being used. This helps us analyze data about webpage traffic and improve our website in order to tailor it to customer needs. We use this information for statistical analysis purposes and serve more relevant ad experiences across the web – based on previous visits to our website.

Overall, cookies help us provide you with a better website, by enabling us to monitor which pages you find useful and which you do not. A cookie in no way gives us access to your computer or any information about you, other than the data you choose to share with us.

You can choose to accept or decline cookies. Most web browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies if you prefer. However, this may prevent you from taking full advantage of the website.

Links To Other Websites

Our website may contain links to enable you to visit other websites of interest easily. However, once you have used these links to leave our site, you should note that we do not have any control over that other website. Therefore, we cannot be responsible for the protection and privacy of any information which you provide whilst visiting such sites and such sites are not governed by this privacy statement. You should exercise caution and look at the privacy statement applicable to the website in question.

Controlling Your Personal Information

You may choose to restrict the collection or use of your personal information in the following ways:

Stating your desired restriction of our use of your personal information within the comments section
of the form you are submitting
If you have previously agreed to us using your personal information for direct marketing purposes,
you may change your mind at any time by leaving a message via our contact form or by writing to Tomlin Health Insurance at the mailing address shown on our contact us page.

We will not sell, distribute or lease your personal information to third parties unless we have your permission or are
required by law. We may use your personal information to send you promotional information about third parties
which we think you may find interesting if you tell us that you wish this to happen.