IF APPLICABLE: THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Our Commitment to Your Privacy

Please note that this Notice does not fully describe every use or disclosure. And we may have to meet conditions in HIPAA before we can use or disclose your information for the described purposes.

We understand that your protected health information (“PHI”) is personal and we are committed to protecting that information. We create a record of your benefits, eligibility status and claims history. We need this record to provide you with quality health care services and to comply with certain legal requirements. Hospitals, physicians and other health care providers providing health care services to you may have different policies or notices regarding their uses and disclosures of your PHI.

This Notice will tell you about the ways in which we may use and disclose PHI about you. This Notice will also describe your rights and certain obligations we have regarding the use and disclosure of PHI.

We are required by law to abide by the terms of this Notice to: (1) make sure that PHI that identifies you is kept private; (2) give you this Notice of our legal duties and privacy practices with respect to PHI about you; (3) follow the terms of the Notice that is currently in effect; and (4) notify you following a breach of your unsecured PHI.

You may have additional privacy rights under state law. An applicable state law that provides for greater privacy protection or privacy rights will continue to apply.

Payment

We may use and disclose your PHI to pay for your medical benefits. These activities may include determining eligibility or coverage for insurance benefits, reviewing services provided to you to determine medical necessity, and undertaking utilization review or case management activities with respect to your claims. For example, we may use and disclose your PHI to pay your claims or process your premium payments.

Health Care Operations

We may use or disclose PHI about you for our insurance operations. These uses and disclosures are necessary to run the insurance company and make sure that our insureds receive quality service. Here are some examples of the ways that we use your PHI for our health care operations: creation, renewal, replacement or maintenance of your insurance contract; placing an insurance contract for reinsurance of our insurance risks; claims adjudication; disclosures to medical consultants to determine the medical necessity of treatment recommended by your physician; policy administration, underwriting and premium rating; eligibility determinations; detection and investigation of fraud and other unlawful conduct; recovery of overpayments; conduct of grievances and appeals programs; and disclosures to PPO networks for purposes of repricing claims.

We are prohibited from using or disclosing PHI that is genetic information of an individual for underwriting purposes.

We may use or disclose your PHI as necessary to provide you with information about other health-related products or services that are included in your insurance benefits, including communications about replacement of, or enhancements to, an insurance contract. For example, your name and address may be used to send you a newsletter about our organization and your insurance benefits. You may opt-out of receiving such materials. We will not disclose your PHI to third parties for marketing purposes without your written authorization.

To Avert a Serious Threat to Health or Safety

We may use and disclose PHI about you when necessary to prevent a serious threat to your health and safety or to the health and safety of the public or another person. Any disclosure, however, would only be to someone able to help prevent the threat.

Public Health Risks

We may disclose PHI about you for public health activities. These activities may include (1) the prevention or control of disease, injury or disability and (2) notifying people of recalls of products they may be using.

Law Enforcement

We may release PHI if asked to do so by a law enforcement official: (1) in response to a court order, subpoena, warrant, summons or similar process; (2) to identify or locate a suspect, fugitive, material witness or missing person; (3) about the victim of a crime if, under certain limited circumstances, we are unable to obtain the person’s agreement; (4) about a death we believe may be the result of criminal conduct; or (5) in emergency circumstances to report a crime, the location of the crime or victims, or the identity, description or location of the person who committed the crime.

Workers’ Compensation

We may disclose your PHI as authorized to comply with workers’ compensation laws and other similar programs established by law.

De-Identified Information

We may use your PHI to create information that is not is not individually identifiable health information. We are not required to obtain your authorization when we use or disclose de-identified information.

Other Uses and Disclosures

We may also use or disclose your PHI in the following ways, in accordance with applicable requirements under HIPAA:

• to a close friend or family member involved in or who helps pay for your health care;
• To advise a family member or close friend about your condition, your location (for example, that you are in the hospital), or your death;
• to proper authorities with regard to victims of abuse, neglect or domestic violence;
• for organ or tissue donation purposes;
• to coroners and funeral directors, with respect to decedents; or
• to health information researchers when the individual identifiers within the PHI have been removed or when an institutional review board or privacy board has reviewed the research proposal and established protocols to ensure the privacy of the requested information, and approves the research.

Right to Inspect and Copy

You have the right to inspect and obtain a copy of your PHI. You may inspect and obtain a copy of PHI about you for as long as we maintain the PHI. We may charge you a fee for the costs of copying, mailing or other supplies that are necessary to grant your request. You have the right to choose to obtain a summary instead of a copy of your PHI.

Under federal law, however, you may not inspect or copy psychotherapy notes or information compiled in reasonable anticipation of, or for use in a civil, criminal or administrative action or proceeding. We may deny your request to inspect and copy your PHI in certain circumstances, as permitted by HIPAA. If you are denied access to PHI, you may have the right to request that the denial be reviewed. A review will be granted as and to the extent required by HIPAA.

Right to an Accounting of Disclosures

You have the right to request an accounting of disclosures (that is, a list of certain disclosures of your PHI) that we have made within the six-year period immediately preceding the date on which the accounting is requested. You do not have a right to an accounting of disclosures under certain circumstances including, but not limited to, the following:

• for treatment, payment or health care operations;
• to you about your own health information;
• incidental to other permitted disclosures;
• where authorization was provided;
• to family or friends involved in your care (where disclosure is permitted without authorization);
• for national security or intelligence purposes or to correctional institutions or law enforcement officials in certain circumstances; or
• as part of a limited data set where the information disclosed excludes identifying information.

To request this list or accounting of disclosures you must submit your request, which shall state a time period, which may be for a period of time less than six years from the date of the request. Your request should indicate in what form you want the list (for example, paper or electronic). The first list you request within a 12-month period will be free. For additional lists, we may charge you for the costs of providing the list. We will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.

Right to Request Confidential Communications

You have the right to request that we communicate with you about medical matters in a certain way or at a certain location. For example, you can ask that we only contact you at work or by mail. We will accommodate all reasonable requests. We are required by law to accommodate reasonable requests to receive communications of PHI by alternative means or at alternative locations if you clearly state in your written request for confidential communications that disclosure of all or part of the information could endanger you. Your request must specify how or where you wish to be contacted.

Changes to Notice

We can change the terms of this Notice at any time. If we do, the new terms and policies will be effective for all of the PHI we already have about you as well as any information we receive in the future. If there is a material change to the way we use or disclose your PHI, your rights, our legal duties or other privacy practices as stated in this Notice, we will send you a copy of the revised notice.

HOW TO CONTACT US

Please address all inquiries, requests, and other communications regarding your personal information or this Privacy Notice to:

Contact: Data Protection Officer Email: [email protected] Address: 10000 Avalon Boulevard, Suite 200, Alpharetta, GA 30009 Phone: 1 888 914 9661, PIN 292703

Effective: 11 May 2023

Revised: 1 April 2024