Notice of Privacy Policies and Practices
At Glatfelter Insurance Group, protecting your privacy is very important to us. We recognize that our relationships with current and prospective clients are based on integrity and trust. We work hard to maintain your privacy and are very careful to preserve the private nature of our relationship with you. At the same time, the very nature of our business sometimes requires that we collect or share certain information about you with other organizations or companies. Therefore, we want you to be aware of how we handle personal information.
PURPOSE OF THIS NOTICE
Title V of the Gramm-Leach-Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a non-affiliated third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories of persons or entities to whom it may be disclosed. In compliance with the GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of the Glatfelter Insurance Group and its affiliated companies (hereafter referred to as “Glatfelter Insurance Group” or “GIG”). For a complete list of Glatfelter Insurance Group affiliated companies, please see the section titled, “Glatfelter Insurance Group Family of Companies.”
The Glatfelter Insurance Group and its affiliated companies do not and will not sell or share nonpublic personal information about you with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law.
Our “affiliates” are companies with which we share common ownership and which offer property and casualty, life and health and certain benefit products.
OUR PRIVACY POLICIES AND PRACTICES
1. Information we collect:
We collect nonpublic personal information about you from various sources to help serve your financial and insurance needs, provide customer service, offer new products or services and fulfill legal and regulatory requirements. The type of information that GIG collects varies according to the products or services you request, and may include:
- Information we receive from you on applications, interviews, or by other means (such as name, address, Social Security number, assets and income)
- Information about your transactions with us, our affiliates or others (such as products or services purchased, account balances and payment history)
- Information from your employer, benefit plan sponsor, or association for any insurance product you may purchase through GIG (such as name, address, Social Security number, age and marital status)
- Information we receive from a consumer reporting agency (such as credit relationships and history)
- Information from other non-GIG sources (such as motor vehicle reports, medical information, and demographic information)
- Information from visitors to GIG websites (such as that provided through online forms, site visitor data and online information collecting devices known as “cookies”)
2. Information we may disclose to third parties:
We may disclose all of the information we collect, as described above, about our customers or former customers, to companies that perform marketing services on our behalf or to other financial institutions with whom we have joint marketing agreements. We also may disclose information about our customers or former customers as permitted by law.
3. Nonaffiliated third parties to whom disclosures may be made:
We may disclose nonpublic personal information about you, such as we have described above, to the following types of third parties that perform marketing services on our behalf or with whom we have joint marketing agreements:
- Fulfillment service providers, such as envelope stuffing services;
- Financial institutions with whom we have joint marketing agreements, such as insurance companies, agencies and brokerages; and
- Non-Financial Institutions with whom we have joint marketing agreements or who may be performing services or functions on our behalf, such as trade associations and affinity groups.
These disclosures will be made only to the extent permitted by law. We may also disclose nonpublic personal information about you to non-affiliated third parties as permitted by law.
4. Affiliates with whom we share certain information protected by the Fair Credit Reporting Act, unless you tell us not to:
A. Categories of Information We Disclose to Affiliated Companies:
We may disclose the following kinds of nonpublic personal information about you to our affiliates:
- Information we receive from you on applications or other forms, such as name,address and Social Security number and information we may receive from you inconnection with insurance products, such as your assets and income
- Information about your transactions with us, our affiliates or others, such astypes of insurance you have through us, your policy information payment history,and parties to the transaction; and
- Information we receive from consumer reporting agencies and other agencies,such as your creditworthiness, credit history and motor vehicle report.
We disclose this information to our affiliates for a number of reasons, such as to assist us in administering your insurance or to identify products or services our affiliates may offer that may be of interest to you. Our affiliates observe the same practices we do to protect the privacy of information about you.
B. Categories of Affiliates to Whom We Disclose Information:
We may disclose nonpublic personal information about you to the following types of our affiliated companies: our insurance agency and brokerage companies and our insurance agents and brokers.
Under the Fair Credit Reporting Act, you may exercise your right to opt out of Glatfelter Insurance Group’s sharing of non-transactional information about you with GIG affiliates. GIG may share other information about you with its affiliates as permitted by law. If you prefer that GIG not share non-transactional information about you with GIG affiliates as provided under the Fair Credit Reporting Act, then you may direct us not to share this information by writing us at:
Glatfelter Insurance Group, Attn: Privacy Coordinator
P.O. Box 2726
York, Pennsylvania 17405
and simply state, “I wish to exercise my right under the Fair Credit Reporting Act to opt out of Glatfelter Insurance Group’s sharing of non-transactional information about me with GIG affiliates.” We will honor your request.
5. Our practices regarding information confidentiality and security:
We restrict access to nonpublic personal information about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your nonpublic personal information.
6. Reservation of the right to disclose information in unforeseen circumstances:
In connection with the potential sale or transfer of its interests, GIG and its affiliates reserves the right to sell or transfer your information (including but not limited to your address, name, age, sex, zip code, state and country of residency and other information that you provide through other communications) to a third party entity that
(1) Concentrates its business in a similar practice or service
(2) Agrees to be GIG’s successor in interest with regard to the maintenance and protection of the information collected; and
(3) Agrees to the obligations of this privacy statement
HIPAA PRIVACY NOTICE
This HIPAA Privacy Notice is effective as of September 23, 2013.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
1. Statement of Our Duties
We are committed to protecting the privacy of your protected health information (PHI). PHI is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or health care clearinghouse which is then provided to us and that relates to: (i) your past, present or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present or future payment for the provision of health care to you. We are required by law to maintain the privacy of your PHI and to provide you with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice.
WE RESERVE THE RIGHT TO CHANGE THE TERMS OF THIS NOTICE AND TO MAKE ANY NEW PROVISIONS EFFECTIVE TO ALL OF THE PHI THAT WE MAINTAIN ABOUT YOU. IF WE CHANGE OUR NOTICE, WE WILL POST IT ON OUR WEBSITE AND SEND YOU A COPY IN OUR ANNUAL MAILING OR YOU MAY OBTAIN A COPY OF THE REVISED NOTICE BY CONTACTING OUR PRIVACY COORDINATOR USING THE INFORMATION IN PARAGRAPH 9.
2. Statement of Your Rights
You have a right to know how we may use or disclose your PHI. This notice informs you of those uses and disclosures. There are certain uses and disclosures of your PHI that we are permitted or required to make by law without your permission. For all other uses and disclosures, we first must obtain your permission or written authorization. In addition, you have the following rights:
- The right to request, in writing, that we place additional restrictions on our usesand disclosures of your PHI. However, we are not obligated to agree to imposeany such additional restrictions.
- The right to access, inspect and copy the protected information pertaining to youthat we maintain in our files about you, and the right to have us correct or amendany information that we create in error. Requests to access or amend your PHImust be made in writing and sent to the contact person and address provided inparagraph 9.
- The right to receive an accounting of the disclosures of your PHI that we makefor purposes other than activities related to your treatment, or our paymentfunctions or other health care operations. You must request an accounting inwriting by contacting us at the address in paragraph 9. Your request may be fordisclosures made up to 6 years before the date of your request, but in no event,for disclosures made before April 14, 2003.
- The right to request, in writing, that you receive communications about your PHIin a confidential manner, for example, by alternative means or an alternativelocation, such as your work address or work email.
- The right to request an amendment to your PHI if you believe that your PHI isincorrect or incomplete. Your request must be in writing and explain why thePHI should be amended.
- The right to obtain a paper copy of this notice from us on request.
3. Information We Collect About You
In order to administer your health benefit programs effectively, we collect the following categories of PHI about you from the following sources:
- PHI that we obtain directly from you, in conversations or on applications orother forms that you fill out.
- PHI that we obtain as a result of our transactions with you.
- PHI that we obtain from your medical records or from medical professionals,which is provided by you or to us with your permission.
- PHI that we obtain from other entities, such as health care providers or otherinsurance companies, in order to service your policy or carry out otherinsurance-related needs.
4. Uses and Disclosures of Protected Information
A. For Treatment, Payment and Operations.
- To Carry Out Treatment Functions. We may use or disclose your PHI withoutyour permission to enable health care providers to provide you with treatment.
- To Carry Out Payment Functions. We may use or disclose your PHI without yourpermission to carry out activities relating to reimbursing you for the provisionof health care, obtaining premiums, determining coverage, and providing benefitsunder the policy of insurance that you are purchasing, such as enabling a healthcare provider to make payment arrangements. Such functions may includereviewing health care services with respect to medical necessity, coverage underthe policy, appropriateness of care, or justification of charges.
- To Carry Out Certain Operations Relating To Your Benefit Plan. We also may usefor disclose your PHI without your permission to carry out certain limitedactivities relating to your health insurance benefits, including reviewing thecompetence or qualifications of health care professionals, placing contracts forstop-loss insurance and conducting quality assessment activities.
- To facilitate the underwriting of insurance; however, we are prohibited from usingor disclosing your genetic information for the purpose of underwritinginsurance.
B. Uses and Disclosures of PHI to Other Entities.
We also may use and disclose PHI to other covered entities, business associates or other individuals (as permitted by the HIPAA Privacy rule) who assist us in administering your benefit plan and delivering services to its members. In connection with our payment and operations activities, we may contact individuals and other entities (“Business Associates”) to perform various functions on our behalf or to provide certain types of services (such as enrollment or member service support). To perform these functions, Business Associates must agree in writing to contract terms designed to appropriately safeguard your PHI.
C. Other Possible Uses and Disclosures of PHI
We may use and disclose your PHI without your written permission for the following purposes:
- To plan sponsors of your group health plan to permit the plan sponsor toperform administrative functions, such as to address member questions,concerns or issue regarding claims, benefits, services, coverage, etc., and summaryhealth information about enrollees in the plan to obtain premium bids for healthinsurance coverage offered through the group health plan or to modify, amendor terminate your group plan.
- To the extent that federal or state law requires the use or disclosure, such as toHealth and Human services upon request for purposes of determiningcompliance with federal privacy laws, as required by law enforcement officials orpursuant to a court order or subpoena.
- As authorized by and to the extent necessary to comply with workers’compensation or other similar programs that provide benefits for work-relatedinjuries or illnesses.
- As authorized by law and to the extent necessary to service insurance policiesand benefits that are exempt benefits, such as in connection with servicing life,disability, property and casualty, accident and sickness, workers’ compensationand auto insurance or other similar insurance coverage under which benefits formedical care are secondary or incidental to other insurance benefits.
- To a public health authority for purposes of public health activities as permittedor required by law.
- To a coroner or medical examiner for purposes of identifying a deceased person,determining cause or death or for such official to perform other dutiesauthorized by law. Also to funeral directors so they may carry out their dutiesand to organizations that handle organ, eye or tissue donation or transplantation.
- To a government authority, including a social service or protective servicesagency, authorized to receive reports of abuse, neglect or domestic violence orto prevent a serious threat to the health or safety of the public.
D. For Any Purposes to Which You Have Not Objected.
Unless you object, we may disclose your PHI to a friend or family member that you have identified as being involved in your health care. We also may disclose your PHI to an entity to assist in disaster relief efforts and so that your family can be notified about your condition, status and location. If you are not present or able to agree to these disclosures of your PHI, then we may determine whether the disclosure is in your best interest.
E. As Permitted By Plan Documents.
In certain limited circumstances where we may be acting as a third party administrator, we may disclose your PHI to plan sponsors pursuant to the restrictions imposed on the plan sponsor in the sponsor’s plan documents.
5. Required Disclosures of Your PHI
We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining compliance with the HIPAA Privacy Rule. We are required to disclose to you most of your PHI that is in a “designated record set” when you request access to this information. We are also required to provide, upon written request, an accounting of any disclosures of PHI that are for reasons other than payment or health benefits operations.
6. Other Uses and Disclosures of Your PHI
Sometimes we are required to obtain written authorization for use and disclosure of your health information. The uses and disclosures that require an authorization under 45 C.F.R. §164.508(a) are: (i) for marketing purposes; (ii) if we intend to sell your PHI; or (iii) for psychotherapy notes. We do not and will not sell or share your PHI with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law. Other uses and disclosures of your PHI that are not described above will be made only with your written, permission, and any permission that you give us may be revoked by you at any time. However, the revocation will not be effective for information that we already have used or disclosed, relying on the authorization.
7. Questions and Complaints About Use of PHI
If you want more information about our privacy policies or practices or have any questions or concerns, please contact us using the information in paragraph 9. You may submit a written complaint either directly to us or to the U.S. Department of Health and Human Services (HHS) if you believe that your rights with respect to our protection of your PHI have been violated. We will provide you with the address to file your complaint with HHS upon request. To file a complaint with us, you may submit a complaint in writing that includes as many details (such as names and dates) as possible to our Privacy Officer at the address in Paragraph 9. We support your right to protect the privacy of your PHI. You will not be retaliated against in any way for filing a complaint.
8. Our Practices Regarding Confidentiality and Security
We restrict access to PHI about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your PHI. We do not engaged in fundraising activities using PHI, however, if we did engage in such activity, then you would have the opportunity to opt out of receiving fundraising communications. Subject to applicable regulatory reporting requirements, exceptions and safe harbors, we will notify affected individuals following a breach of their unsecured PHI.
9. Contact Person For Filing Complaint or Obtaining Further Information
GLATFELTER INSURANCE GROUP
ATT: PRIVACY COORDINATOR
P.O. BOX 2726
YORK, PENNSYLVANIA 17405
Our Policy Regarding Dispute Resolution
Glatfelter Insurance Group Family of Companies
This Notice is being provided on behalf of the following Glatfelter Insurance Group affiliates:
Arthur J. Glatfelter Agency, Inc.
Glatfelter Program Managers
The Glatfelter Agency, Inc.
Susquehanna Agents Alliance, LLC
GIG of Missouri, Inc.
Volunteer Firemen’s Insurance Services, Inc.
Glatfelter Claims Management, Inc.
Glatfelter Brokerage Services
Glatfelter Underwriting Services, Inc.
Glatfelter Healthcare Practice
Glatfelter Religious Practice
Glatfelter Public Practice