Notice of Confidentiality and Privacy Practices

Purpose of This Notice

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Administration Simplification, created a set of rules for standardizing electronic health care transactions, protecting privacy and security of health information and establishing unique health identifiers for various parties within the health care industry.

The administrative simplification provisions of HIPAA require that Business Associate Entities (Pappas Financial) comply with detailed standards relating to Protected Health Information (PHI).

PHI is broadly defined as information that can be linked to a specific individual and is about the individual’s health status, or related to the provision of health care for that member. This includes, but is not limited to the enrollee’s name, address, telephone and/or fax number, social security number or other identification number, enrollment information, claims information, treatment records, etc. All this data becomes protected information when it exists in electronic, paper or verbal form.

It is Pappas Financial’s policy to comply fully with all HIPAA privacy, security and electronic data interchange transaction standards and in doing so has created the following Privacy Policy.

Pappas Financial Confidentiality & Privacy Practices

1. Pappas Financial does not sell personal information about our clients, former clients or their accounts for any purpose. We will not disclose personally identifiable medical information for purposes other than performing insurance functions, administration of a policy, claim or account, or as requested by you or required or permitted by law. If, at any time in the future, it is necessary to disclose any of your personal information in a way that is inconsistent with this policy, we will give you advance notice of the proposed change so that you will have the opportunity to opt out of such disclosure.

2. Technical and Physical Safeguards and Firewall (Protection and Security of PHI)

Access to client information is strictly limited to Pappas Financial employees, other persons hired by Pappas Financial or consultants who need to know the information to provide products and services to you and to otherwise service your account(s) with us. These individuals are required to respect the confidentiality of all client information. We maintain physical, electronic and procedural safeguards that comply with applicable federal regulations to guard your nonpublic personal information.

Our electronic infrastructure is protected by an ICSA Certified Firewall to which our remote locations are connected. The remote locations use an authenticated and encrypted VPN tunnel through which all work data is passed. Any attack attempts send alarms to the network administrator. Web based summaries are monitored to make sure that there is no unauthorized activity. We have ongoing maintenance of operating systems patches and fixes.

For data security within the building we have a locked server room in which all the network equipment is located. Every computer requires logon authentication to be able access any of the servers. Employees are instructed to log off their computer each time they leave their workstation. Each employee is part of a different security group which has restricted access to specific folders on the file server. Within these folders users have the ability to password protect and\or encrypt their files.

Pappas Financial standard hours of operation are Monday through Friday, 8:00 A.M. to 5:00 P.M. Eastern Standard Time. All doors are to remain locked during non-business hours. Only the main door is opened during business hours and is closely monitored at all times by a Pappas Financial employee. Visitors to our facilities must be accompanied at all times by a Pappas Financial employee. Employees are instructed to lock PHI sensitive materials in secure paper files and immediately shred PHI sensitive materials that are no longer relevant to a working task.

3. Your right to access and amend your personal information

You have the right to request access to the personal information we record about you. You have the right to know the source of the information and the identity of the person, institutions or types of institutions to whom we have disclosed such information. You may view such information and copy it in person, or request that a copy of it be sent to you by mail. You may request corrections, amendments or deletions of any information in our possession.

To obtain access to your information: You should submit a request in writing to:

Privacy Policy Department
Pappas Financial
30301 Northwestern Highway
Suite 200
Farmington Hills, MI  48334

To correct, amend, or delete any of your information: You should submit a request in writing to:

Privacy Policy Department
Pappas Financial
30301 Northwestern Highway
Suite 200
Farmington Hills, MI  48334

4. Pappas Financial policy regarding dispute resolution

Any controversy or claim arising out of or relating to our privacy policy, or the breach thereof, shall be settled by arbitration in accordance with the rules of the American Arbitration Association, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

5. Changes to the Pappas Financial Privacy Policy:

If we decide to change our privacy promise, we will post those changes to this privacy statement so that you are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here or by email.