California Residents: To learn more about our privacy practices under the California Consumer Protection Act of 2018 (“CCPA”), see our California Consumer Privacy Notice
HIPAA NOTICES OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.
MEDICAL INFORMATION PRIVACY NOTICE (Effective January 1, 2021)
We (including our affiliates listed at the end of this notice) are required by law to protect the privacy of your health information. We are also required to send you this notice, which explains how we may use information about you and when we can give out or “disclose” that information to others. You also have rights regarding your health information that are described in this notice. We are required by law to abide by the terms of this notice.
The terms “information” or “health information” in this notice include any information we maintain that reasonably can be used to identify you and that relates to your physical or mental health condition, the provision of health care to you, or the payment for such health care. We will comply with the requirements of applicable privacy laws related to notifying you in the event of a breach of your health information.
We have the right to change our privacy practices and the terms of this notice. If we make a material change to our privacy practices, we will provide to you in our next annual distribution, either a revised notice or information about the material change and how to obtain a revised notice. We will provide this information either by direct mail or electronically in accordance with applicable law. In all cases, we will post the revised notice on our websites, such as www.chesapeakeplus.com or www.midwestlife.com. We reserve the right to make any revised or changed notice effective for information we already have and for information that we receive in the future.
We collect and maintain oral, written and electronic information to administer our business and to provide products, services and information of importance to our customers. We maintain physical, electronic and procedural security safeguards in the handling and maintenance of our enrollees’ information, in accordance with applicable state and Federal standards, to protect against risks such as loss, destruction or misuse.
How We Use or Disclose Information
We must use and disclose your health information to provide information:
- To you or someone who has the legal right to act for you (your personal representative) in order to administer your rights as described in this notice; and
- To the Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected.
We have the right to use and disclose health information for your treatment, to pay for your health care and operate our business. For example, we may use or disclose your health information:
- For Payment of premiums due us, to determine your coverage and to process claims for health care services you receive including for subrogation or coordination of other benefits you may have. For example, we may tell a doctor whether you are eligible for coverage and what percentage of the bill may be covered.
- For Treatment. We may use or disclose health information to aid in your treatment or the coordination of your care. For example, we may disclose information to your physicians or hospitals to help them provide medical care to you.
- For Health Care Operations. We may use or disclose health information as necessary to operate and manage our business activities related to providing and managing your health care coverage. For example, we might conduct or arrange for medical review, legal services, and auditing functions, including fraud and abuse detection or compliance programs.
- To Provide Information on Health-Related Programs or Products such as alternative medical treatments and programs or about health-related products and services.
- To Plan Sponsors. If your coverage is through an employer group health plan, we may share summary health information and enrollment and disenrollment information with the plan sponsor. In addition, we may share other health information with the plan sponsor for plan administration if the plan sponsor agrees to special restrictions on its use and disclosure of the information in accordance with Federal law.
- For Underwriting Purposes. We may use or disclose your health information for underwriting purposes; however, we will not use or disclose your genetic information for such purposes.
- For Reminders. We may use or disclose health information to contact you for appointment reminders with providers who provide medical care to you.
We may use or disclose your health information for the following purposes under limited circumstances:
- As Required by Law. We may disclose information when required to do so by law.
- To Persons Involved with Your Care. We may use or disclose your health information to a person involved in your care, such as a family member, when you are incapacitated or in an emergency, or when you agree or fail to object when given the opportunity. If you are unavailable or unable to object, we will use our best judgment to decide if the disclosure is in your best interests. Special rules apply regarding when we may disclose health information to family members and others involved in a deceased individual’s care. We may disclose health information to any persons involved, prior to the death, in the care or payment for care of a deceased individual, unless we are aware that doing so would be inconsistent with a preference previously expressed by the deceased.
- For Public Health Activities such as reporting disease outbreaks to a public health authority.
- For Reporting Victims of Abuse, Neglect or Domestic Violence to government authorities, including a social service or protective service agency.
- For Health Oversight Activities such as licensure, governmental audits and fraud and abuse investigations.
- For Judicial or Administrative Proceedings such as in response to a court order, search warrant or subpoena.
- For Law Enforcement Purposes such as providing limited information to locate a missing person or report a crime.
- To Avoid a Serious Threat to Health or Safety by, for example, disclosing information to public health agencies or law enforcement authorities, or in the event of an emergency or natural disaster.
- For Specialized Government Functions such as military and veteran activities, national security and intelligence activities, and the protective services for the President and others.
- For Workers’ Compensation including disclosures required by state workers’ compensation laws that govern job-related injury or illness.
- For Research Purposes such as research related to the prevention of disease or disability, if the research study meets Federal privacy law requirements.
- To Provide Information Regarding Decedents. We may disclose information to a coroner or medical examiner to identify a deceased person, determine a cause of death, or as authorized by law. We may also disclose information to funeral directors as necessary to carry out their duties.
- For Organ Procurement Purposes. We may use or disclose information to entities that handle procurement, banking or transplantation of organs, eyes or tissue to facilitate donation and transplantation.
- To Correctional Institutions or Law Enforcement Officials if you are an inmate of a correctional institution or under the custody of a law enforcement official, but only if necessary (1) for the institution to provide you with health care; (2) to protect your health and safety or the health and safety of others; or (3) for the safety and security of the correctional institution.
- To Business Associates that perform functions on our behalf or provide us with services if the information is necessary for such functions or services. Our business associates are required, under contract with us and pursuant to Federal law, to protect the privacy of your information and are not allowed to use or disclose any information other than as specified in our contract and as permitted by Federal law.
- Additional Restrictions on Use and Disclosure. Certain Federal and state laws may require special privacy protections that restrict the use and disclosure of certain health information, including highly confidential information about you. Such laws may protect the following types of information: Alcohol and Substance Abuse, Biometric Information, Child or Adult Abuse or Neglect, including Sexual Assault, Communicable Diseases, Genetic Information, HIV/AIDS, Mental Health, Minors’ Information, Prescriptions, Reproductive Health, and Sexually Transmitted Diseases.
If a use or disclosure of health information described above in this notice is prohibited or materially limited by other laws that apply to us, it is our intent to meet the requirements of the more stringent law.
Except for uses and disclosures described and limited as set forth in this notice, we will use and disclose your health information only with a written authorization from you. This includes, except for limited circumstances allowed by Federal privacy law, not using or disclosing psychotherapy notes about you, selling your health information to others or using or disclosing your health information for certain promotional communications that are prohibited marketing communications under Federal law, without your written authorization. Once you give us authorization to release your health information, we cannot guarantee that the person to whom the information is provided will not disclose the information. You may take back or “revoke” your written authorization, except if we have already acted based on your authorization. To revoke an authorization, you may call us toll-free at 1-800-815-8535 (TTY/RTT 711).
What Are Your Rights
The following are your rights with respect to your health information.
- You have the right to ask to restrict uses or disclosures of your information for treatment, payment, or health care operations. You also have the right to ask to restrict disclosures to family members or to others who are involved in your health care or payment for your health care. We may also have policies on dependent access that may authorize certain restrictions. Please note that while we will try to honor your request and will permit requests consistent with our policies, we are not required to agree to any restriction.
- You have the right to ask to receive confidential communications of information in a different manner or at a different place (for example, by sending information to a P.O. Box instead of your home address). We will accommodate reasonable requests where a disclosure of all or part of your health information otherwise could endanger you. In certain circumstances, we will accept verbal requests to receive confidential communications; however, we may also require you to confirm your request in writing. In addition, any request to modify or cancel a previous confidential communication request must be made in writing. Mail your request to the address listed below.
- You have the right to see and obtain a copy of health information that we maintain about you such as claims and case or medical management records. If we maintain your health information electronically, you will have the right to request that we send a copy of your health information in an electronic format to you. You can also request that we provide a copy of your information to a third party that you identify in some cases you may receive a summary of this health information. You must make a written request to inspect and copy your health information or have it sent to a third party. Mail your request to the address listed below. In certain limited circumstances, we may deny your request to inspect and copy your health information. If we deny your request, you may have the right to have the denial reviewed. We may charge a reasonable fee for any copies.
- You have the right to ask to amend information we maintain about you such as claims and case or medical management records, if you believe the health information about you is wrong or incomplete. Your request must be in writing and provide the reasons for the requested amendment. Mail your request to the address listed below. If we deny your request, you may have a statement of your disagreement added to your health information.
- You have the right to receive an accounting of certain disclosures of your information made by us during the six years prior to your request. This accounting will not include disclosures of information: (i) for treatment, payment, and health care operations purposes; (ii) to you or pursuant to your authorization; and (iii) to correctional institutions or law enforcement officials; and (iv) other disclosures for which Federal law does not require us to provide an accounting.
- You have the right to a paper copy of this notice. You may ask for a copy of this notice at any time. Even if you have agreed to receive this notice electronically, you are still entitled to a paper copy of this notice. In addition, you may obtain a copy of this notice at our websites, such as www.chesapeakeplus.com or www.midwestlife.com.
- You have the right to be considered a protected person. (New Mexico only) A “protected person” is a victim of domestic abuse who also is either; (i) an applicant for insurance with us; (ii) a person who is or may be covered by our insurance; or (iii) someone who has a claim for benefits under our insurance.
Exercising Your Rights
- Contacting your Health Plan. If you have any questions about this notice or want to exercise any of your rights, please call us toll-free at 1-800-815-8535 (TTY/RTT 711).
- Filing a Complaint. If you believe your privacy rights have been violated, you may file a complaint with us at the address listed below.
- Submitting a Written Request. Mail to us your written requests to exercise any of your rights, including modifying or cancelling a confidential communication, requesting copies of your records, or requesting amendments to your record at the following address:
- Attn: Privacy Office, 7440 Woodland Drive, Indianapolis, Indiana 46278-1719
- You may also notify the Secretary of the U.S. Department of Health and Human Services of your complaint. We will not take any action against you for filing a complaint.
Fair Credit Reporting Act Notice
In some cases, we may ask a consumer-reporting agency to compile a consumer report, including potentially an investigative consumer report, about you. If we request an investigative consumer report, we will notify you promptly with the name and address of the agency that will furnish the report. You may request in writing to be interviewed as part of the investigation. The agency may retain a copy of the report. The agency may disclose it to other persons as allowed by the Federal Fair Credit Reporting Act. We may disclose information solely about our transactions or experiences with you to our affiliates.
FINANCIAL INFORMATION PRIVACY NOTICE (Effective January 1, 2021)
We (including our affiliates listed at the end of this notice) are committed to maintaining the confidentiality of your personal financial information. For the purposes of this notice, “personal financial information” means information, other than health information, about an insured or an applicant for coverage that identifies the individual, is not generally publicly available and is collected from the individual or is obtained in connection with providing coverage to the individual.
Information We Collect
Depending upon the product or service you have with us, we may collect personal financial information about you from the following sources:
- Information we receive from you on applications or other forms, such as name, address, age, medical information and Social Security number;
- Information about your transactions with us, our affiliates or others, such as premium payment and claims history; and
- Information from a consumer reporting agency.
Disclosure of Information
We do not disclose personal financial information about our insureds or former insureds to any third party, except as required or permitted by law. For example, in the course of our general business practices, we may, as permitted by law, disclose any of the personal financial information that we collect about you, without your authorization, to the following types of institutions:
- To our corporate affiliates, which include financial service providers, such as other insurers, and non-financial companies, such as data processors;
- To nonaffiliated companies for our everyday business purposes, such as to process your transactions, maintain your account(s), or respond to court orders and legal investigations; and
- To nonaffiliated companies that perform services for us, including sending promotional communications on our behalf.
We restrict access to personal financial information about you to employees, affiliates and service providers who are involved in administering your health care coverage or providing services to you. We maintain physical, electronic and procedural safeguards that comply with Federal standards to guard your personal financial information.
Confidentiality and Security
We maintain physical, electronic and procedural safeguards, in accordance with applicable state and Federal standards, to protect your personal financial information against risks such as loss, destruction or misuse. These measures include computer safeguards, secured files and buildings, and restrictions on who may access your personal financial information.
Questions About this Notice
If you have any questions about this notice, you may contact a Customer Call Center Representative at 1-800-815-8535 (TTY/RTT 711).
The Financial Information Privacy Notice, effective January 1, 2021 is provided on behalf of The Chesapeake Life Insurance Company and Mid-West National Life Insurance Company of Tennessee.
To obtain an authorization to release your personal information to another party, please go to the appropriate website listed in this Notice.
Products are either underwritten or administered by The Chesapeake Life Insurance Company and Mid-West National Life Insurance Company of Tennessee.
CALIFORNIA CONSUMER PRIVACY NOTICE
This privacy notice is for California residents in compliance with the California Consumer Privacy Act of 2018 (CCPA). It explains what Personal Information (PI) we collect about you, where and from whom we obtain it, why we collect it, and your rights regarding it.
PI We Collect And Disclose For Business Purposes
In the preceding twelve (12) months, we may have collected the following PI about California residents and have disclosed it for business purposes described:
|Category||Examples||Collected||Categories of Third Parties To Which We Disclose PI For Business Purposes|
|Identifiers||A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.||Yes||Contracted Service Providers, Vendors, Insurance Carriers, State Agencies, Specifically Authorized Individuals (i.e., attorney, personal reps, etc.)|
|Personal information categories listed in the California Customer Records law||A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some Personal Information included in this category may overlap with other categories.||Yes||Contracted Service Providers, Vendors, Insurance Carriers, State Agencies, Specifically Authorized Individuals (i.e., attorney, personal reps, etc.)|
|Protected classification characteristics under California or federal law||Gender||Yes||Contracted Service Providers, Vendors, Insurance Carriers, State Agencies, Specifically Authorized Individuals (i.e., attorney, personal reps, etc.)|
|Commercial information||Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.||No|
|Biometric information||Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.||Yes|
|Internet and/or network activity||Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.||No|
|Geolocation data||Physical location or movements.||Yes|
|Sensory data||Audio, electronic, visual, thermal, olfactory, or similar information.||Yes|
|Professional or employment-related information||Current or past job history or performance evaluations.||Yes|
|Education information subject to the Family Educational Rights and Privacy Act||Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.||No|
|Inferences drawn from other personal information||Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.||No|
PI does not include:
- De-identified or aggregated consumer information
- Publicly available information from government records
- Health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data
- PI covered by other privacy laws, including: The Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA), the California Financial Information Privacy Act (FIPA), and
- the Driver’s Privacy Protection Act of 1994
Categories of Sources of PI
We obtain the categories of PI listed above from:
- You or your authorized agent,
- Service providers,
- Publicly available information,
- Organizations with which you are employed or affiliated, or
- Activity on our apps and websites.
The collections from these sources can occur online, in person, paper or other electronic means.
Why We Collect PI
We collect your PI for one or more of the following business purposes:
- To respond to an email or particular request from you
- To communicate with you
- To personalize services for you
- To process an application as requested by you
- To administer surveys and promotions
- To provide you with information that we believe may be useful to you, such as information about products or services provided by us or other businesses
- To perform analytics and to improve our products, websites, and advertising
- To comply with applicable laws, regulations, and legal processes
- To protect someone’s health, safety, or welfare
- To protect our rights, the rights of affiliates or related third parties, or take appropriate legal action
- To keep a record of our transactions and communications
- To detect and protect against security incidents
- To debug to identify and repair errors
- As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law
In the preceding twelve (12) months, we have not sold any PI.
Third parties are not allowed to use or disclose your PI other than as specified in our contract and as permitted by law.
If we seek to use your PI for a materially different purpose than we previously disclosed in this notice, we will notify you and will not use your PI for this new purpose without your explicit consent.
- You have the right to request that we disclose certain information to you about our collection and use of your PI over the preceding twelve (12) months prior to your request. Once we receive and confirm your verifiable consumer request, we will disclose to you:
- What PI we collect about you
- Where and from whom we collect PI about you
- Our business purpose for collecting PI about you
- The types of third parties with whom we share your PI
- The specific pieces of PI we collect about you (however, we will not disclose your actual Social Security number, driver’s license number or other government-issued identification number, financial account number, any health insurance or medical identification number, an account password, or security questions and answers)
- The types of PI that we disclosed about you for a business purpose, and the categories of third parties to whom we disclosed your PI
- You have the right to be informed about the PI that we collect about you at the time that or before we collect it. This is that notice.
- You have the right to request that we delete any PI about you that we have. Applicable law may require or permit us to decline your request. If we decline your request, we will tell you why.
- You will not be discriminated against or penalized for exercising your rights to your PI, and we will honor your rights by not:
- Denying you services,
- Charging you different prices or rates for services,
- Imposing penalties, or
- Providing you with a different level or quality of services.
How to Exercise Your Rights
- You can submit requests for information about your PI by calling us at 1-800-815-8535 or emailing us at ConsumerAffairsGroup@SureBridgeInsurance.com.
- You may be required to submit proof of your identity for these requests to be processed.
- We will not be able to comply with your request if we are unable to confirm your identity.
- You may designate an authorized agent to make a request on your behalf subject to proof of identity and authorization.
- Our responses to any of your requests for the information described above will be limited to information that we have collected in the preceding twelve (12) months before our receipt of your verified request.
- You will receive our response to your request within 45 days of your request, unless we provide you with notice that it will take more than 45 days to respond (in that case, we won’t take more than 90 days to respond).
We will review this CCPA Notice annually and update it from time to time. Any changes will be posted on this page and will become effective as of the “Last Revised” date. We encourage you to review this notice periodically to be sure you are aware of those changes.
Last Revised: February 1, 2021