Braden Brown, SVP,Corporate Compliance and Regulatory AffairsAt HealthSmart, the privacy of our customers is of utmost importance to us. HealthSmart strives to maintain high standards for the protection of your privacy and it is a top priority to keep the protected health information you share with us secure. Below you will find how HealthSmart might use and disclose information about you and how you can get access to this information. Please read this statement carefully and thoroughly.
For our customers located in the EU, please click here to learn how we comply with the General Data Protection Regulation (GDPR).
Protected Health Information
The Health Insurance Portability and Accountability Act (HIPAA) has established standards to ensure the privacy of your protected health information. Protected Health Information is information about your past, present, or future health or medical condition. HealthSmart maintains full compliance with HIPAA’s privacy and security regulations, and has implemented various administrative, physical and technical safeguards to comply with its provisions.
Measures to Safeguard Your Protected Health Information
HealthSmart will never share non-public protected health information with non-affiliated third parties. We restrict access to only those HealthSmart affiliates, subsidiaries, employees and contractors who need to know this information in order to provide you with HealthSmart’s products and services, and who are under an obligation to keep such information confidential. We also maintain physical, electronic, and procedural safeguards that comply with federal and state regulations to protect your information. In addition, HealthSmart internally utilizes non-identifying personal information for the proper management, administration and development of our products and services. Unless you specifically consent to a disclosure, your protected health information will not be sold, shared, licensed, or rented to third parties.
Customary Purposes for Disclosing Your Protected Health Information
While it is HealthSmart’s policy never to share non-public protected health information with non-affiliated third parties, HealthSmart may use your protected health information for a number of reasons as detailed below.
In addition, in some cases, HealthSmart contracts with various entities (“Contracting Entities”) to assist with the provision of medical services and products to members. HealthSmart and its affiliates may, from time to time, negotiate and enter into contracts on their own behalf with Contracting Entities, and you agree we may use or disclose your information to Contracting Entities.Agreements with Contracting Entities may provide for administrative fees, penalties, credits, rebates, guarantees, or other kinds of payments or fees (collectively, “CE Payments”) to be paid to HealthSmart.HealthSmart will retain such CE Payments which may be used for various HealthSmart business considerations, including offering competitive medical service prices to our customers. You understand and agree that CE Payments received by us may be based on the utilization of data of certain services or products by certain persons, some of whom may be HealthSmart members.
Your Rights Regarding Your Protected Health Information
You have the following rights regarding your protected health information:
Changes
This privacy notice may be revised from time to time. Any new notice will be effective immediately for any and all confidential information we maintain. Upon revision, this notice will be available upon request and displayed prominently on our website and in our office locations. For more information on your rights regarding protected health information, please contact HealthSmart at 214.574.3546.
Complaints
If you believe your privacy rights have been violated, you may file a complaint with HealthSmart or with the Secretary of the Department of Health and Human Services. To file a complaint with HealthSmart, please contact, 222 W. Las Colinas Blvd., Suite 500N, Irving, Texas 75039. All complaints must be submitted in writing.
EU-U.S. Privacy Shield Notice
HealthSmart complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. HealthSmarthas certified to the Department of Commerce that it adheres to the Privacy Shield Principles. If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit https://www.privacyshield.gov/
In compliance with the Privacy Shield Principles, HealthSmart commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact HealthSmart at:
Braden Brown, SVP,Corporate Compliance and Regulatory Affairs
HealthSmart Benefit Solutions, Inc.
222 W. Las Colinas Blvd., Ste 500N
Irving, TX 75039
HealthSmart has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit www.adr.org for more information or to file a complaint. The services of the American Arbitration Association are provided at no cost to you.HealthSmart commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to human resources data transferred from the EU in the context of the employment relationship. Under certain circumstances, binding arbitration may be invoked in pursuit of satisfaction of claims brought under this agreement. HealthSmart subjects itself to the investigatory and enforcement powers of the Federal Trade Commission (FTC).