General Data Protection Regulation (GDPR), the European Union’s (EU) privacy regulation, provides unique rights and protections for personal data from individuals in the EU or European Economic Area (EEA). When it collects personal data that is subject to GDPR, HealthSmart will comply with those rights as explained in this notice. Depending on your relationship to HealthSmart, we may be a Controller or a Processor of your personal data. Where necessary and appropriate, we have implemented organizational and security measures that include an internal data protection policy and documenting our processing activities.
Use of Personal Data
We use personal data to provide the services requested by an individual, including health insurance benefits administration. Personal data may include but is not limited to your name, address, email, and social security number. Health and benefits administration may include enrolling you in a health care plan, providing care management and wellness services, assisting you in locating health care providers, notifying you of changes in your benefits, reporting financial data and fraud prevention. In order to provide services to you, we receive personal data from you, from your medical care providers, from your employer or school and from other third parties. Some of this data may be sensitive personal information (such as information about your race, ethnicity, health, or genetics). We will only use your personal data when allowed by law, this may include the following circumstances:
Sharing Personal Data
We share your personal data with medical providers, our employees and third-parties as directed or authorized by you and in order to provide the requested services and manage our business and services. We also share personal data with third-parties that we have contracted with to provide services, including administrative, security and data storage.
Storing Data
We store personal data for as long as necessary to provide the service and for a reasonable retention period.
Your Rights
You have the following rights with regard to your personal data:
The exercise of certain of these rights may impede our ability to provide a service you have requested, such as if you restrict our ability to process your personal data or your health insurance claim.
Contact
If you have any questions about this notice or our privacy practices, please contact:
Braden Brown, SVP, Corporate Compliance and Regulatory Affairs
Phone: (214) 574-3546
Complaints
You have the right to file a complaint with the relevant data protection authority. However, we would appreciate the opportunity to resolve your concerns before you file a complaint. If you have concerns, please contact us.
Location of Data Processing
All personal data collected by HealthSmart will be processed in the United States.