Statement (HIPAA - CAL GLBA)
Insurance Services - www.calhealth.net
privacy policies and procedures implement our obligation as an insurance
office to protect the "nonpublic personal informationĒ that we create,
receive or maintain on consumers or customers.
No use or disclosure: Our insurance office will not use or
disclose nonpublic personal information except as these Privacy Policies
& Procedures or our annual privacy practices notice permit, require or
as permitted by law.
Medical Information Privacy: Our office will not disclose or
share medical or other specified information at any time as defined in CIC
Section 791.13(k) with out an expressed written consent from the
consumer/customer may at any time revoke their consent to disclose or
share information by written notice. The revocation will be placed in the
consumer/customers file and notations made in any electronic records.
Exemption to Consent:
Our office may disclose or share nonpublic personal information without
express notice or consent in the course of performing an insurance or
financial function or transaction authorized by the consumer/customer or
as permitted in CIC Section 791.13
Notice of Privacy Procedures:
Our office will provide an initial and annual Privacy Practices Notice to
each customer as required by CIC Section 791 and Title 10 California Code
of Regulations Sections 2689.1 to 2689.24 and to all consumers before
disclosure of any nonpublic personal financial information to
nonaffiliated third parties for marketing purposes.
We will promptly revise our Privacy
Notice when there is a material change to our use or disclosure of
nonpublic personal information, nonpublic personal financial information,
legal duties, consumers or customers rights or to other privacy practices
that render the statements in that notice no longer accurate.
notices are available upon request.
customer/consumer will receive their initial privacy practices notice
prior to disclosure and or sharing of their nonpublic personal financial
information with nonaffiliated third parties for marketing purposes as
required by CIC Section 791.13 and Title 10 California Code of Regulations
Section 2689.8. Additionally they will receive an opt-out notice a minimum
of 30 days, before any sharing or disclosure of nonpublic personal
financial information with any nonaffiliated third party as required by
CIC Section 791.04 and Title 10 California Code of Regulations Section
2689.8(f). A consumer may exercise the right to opt-out at any time by
completing our opt-out form and returning it to us.
Our insurance office will include the completed opt-out form in the
consumerís physical file and make the appropriate notation and changes
to their electronic records. Our insurance office will not share or
disclose any customer / consumer nonpublic personal financial information
with any person except as allowed under CIC Section 791.13 or with written
consent once we receive a completed opt-out notice.
consumer/customer may at any time revoke their opt-out by written notice.
The revocation will be placed in the consumer/customers physical file and
notations made in any electronic records.
Distribution of Our Notice:
Each customer will receive his or her initial privacy practices notice
from this office no later than the delivery of an insurance policy,
service or financial product. Each customer will receive a notice annually
on a date established by us, which reflects our current privacy practices.
This annual privacy notice supercedes all prior initial or annual notices.
Minimum Necessary Disclosure:
Our office will make reasonable efforts to protect consumer/customer
privacy by disclosing or sharing the minimum necessary nonpublic personal
information to accomplish the intended function, transaction, or service.
Customer / Consumer Rights: Our
insurance office will honor customerís and consumerís rights regarding
their nonpublic personal information.
insurance office will honor requests in writing to view and copy customer
/ consumer records that are reasonably identified, reasonably locatable
and retrievable. We will with in 30 days of receipt of the request contact
the customer / consumer and inform them of the nature and substance of the
recorded information and make arraignments for them to view the
information and make copies for them for which we will charge $.10 per
page plus $10 per hour for staff time.
have the right to request an amendment, correction or deletion to their
nonpublic personal information held by us.
Our office will, within 30 days of such request, inform the
customer/consumer of our decision to amend, correct, or delete or our
decision to not amend, correct or delete. If we decide to amend, correct
or delete we will notify the customer/consumer in writing.
If we decide not to make any changes the customer/consumer has a right to
submit in writing a concise statement setting forth what the
customer/consumer thinks is the correct, relevant or fair information and
why they disagree with our refusal to amend, correct, or delete nonpublic
personal information in their file. Our office will put this statement in
the customerís/ consumerís file. In the future if we share or disclose
any nonpublic personal information from the file we will also furnish a
copy of the customers/consumers request to amend, correct, delete, our
letter informing them of our decision and their response.
rights granted in this section do not extend to information about the
customer/consumer that relates to and is collected in connection with or
in reasonable anticipation of a claim or civil or criminal proceeding
Privacy Officer: Our
insurance office will designate one person to be the privacy officer. He
or she will have primary responsibility for privacy and security issues.
He or she will also be the contact for all complaints involving privacy or
Staff Training: Our insurance office will train all members of our
workforce in these Privacy Policies & Procedures, as needed and
appropriate for them to carry out their functions.
All members of our workforce will acknowledge in writing within a
reasonable time of employment their receipt and training on these Privacy
Policies & Procedures.
10. Data Safeguards: Our insurance office will
develop, implement, annually review and maintain reasonable and
appropriate administrative, technical and physical safeguards to ensure
the integrity and confidentially of the nonpublic personal information we
hold and maintain.
Annual Security Assessment: Our insurance office will do an annual
Cal-GLBA Privacy and Security Gap Assessment to ensure these policies and
procedures are being preformed and working as intended. Our Security
Officer will initiate the assessment.