Introduction
In order to provide insurance coverage and/or health plan administrative services, we must obtain and maintain Protected Health Information (PHI). This privacy notice describes the types of information that are collected and your rights regarding how that information can be used.

PHI is individually identifiable health information that is created or received by your provider, your health plan or insurer, a data clearinghouse, a health authority, employer, school or university. PHI can be maintained or transmitted in any form or medium. It relates to the past, present or future:

• condition of your physical or mental health
• health care provided to you
• payment for the health care provided to you.

PHI does not include summary health information or information that has been de-identified according to the standards for de-identification provided in the HIPAA Privacy Rule.

Permitted/Required Uses and Disclosures of PHI
Your PHI will be used and disclosed for the purpose of routine treatment, payment and health care operations.

Use and Disclosure for Treatment
Your PHI may be used by, and disclosed to, health care providers including, but not limited to, doctors, nurses, laboratory technicians, medical students and other health care personnel involved in your treatment.

Use and Disclosure for Payment
Your PHI may be used by, and disclosed to, individuals involved in the collection of your premium and the payment of your benefits and other claims administration, including claim payment and adjudication or subrogation of health benefit claims. The use and disclosure also includes verification of participation or enrollment in the plan, eligibility for coverage and plan benefits. Your PHI may be shared with persons involved in utilization review, including pre-certification, pre-authorization, and concurrent and retrospective review, to assist in reimbursement of health care claims or other claims payment.

Use and Disclosure for Health Care Operations
Your PHI may be used and disclosed for plan operation purposes including, but not limited to: underwriting; premium rating, billing and premium adjustments; submitting claims; placing a contract for reinsurance of risk relating to claims for health care, including stop-loss and excess loss insurance; quality review assessments; audits, including fraud and abuse detection and compliance programs; business management and planning; the sale, transfer, merger or consolidation of a covered entity; legal or administrative services; actuarial pricing, studies and review; complaint review; and regulatory review and other legal compliance. In addition, your PHI may be used and disclosed for case management and care coordination, contacting of health care providers and patients with information about treatment, drug and disease management alternatives and other related functions that do not include treatment.

We may share this information with our business associates for purposes of utilization reviews, appropriateness of care reviews, peer review for resolution of grievances, consultation with outside health care providers, consultants and attorneys, and other health related benefits and services that may be of interest to you. We require our business associates to sign an agreement specifying their compliance with our privacy policies.

We have developed privacy policies and procedures in order to ensure the privacy of your PHI. These policies and procedures are based on appropriate administrative, technical and physical safeguards necessary to maintain confidentiality. Access to your PHI is limited to those individuals who have a legitimate business need for that information. This protection extends to the use of your PHI by our business associates.

Other Permitted/Required Uses and Disclosures of PHI
We, or our approved business associates, may use and disclose your protected health information for reasons permitted by the HIPAA Rule, including but not limited to the following:

• those required by law
• in response to a court order or other legal proceeding
• judicial and administrative proceedings
• law enforcement purposes
• to comply with worker's compensation or other similar laws
• public health activities
• health oversight activities
• reporting abuse, neglect or domestic violence
• the military if you are a member of the armed services
• correctional institutions if you are an inmate
• disclosures of decedent’s information to coroners, medical examiners and funeral directors
• organ, eye or tissue donation purposes
• national security and intelligence agencies as authorized by law.

We will use or disclose only the minimum amount necessary to perform these functions. We may disclose PHI to the sponsor of your health plan for any purpose described in this section. If you are a member of a group health plan, contact your employer for the name of your plan sponsor.

Other Uses and Disclosures of PHI
Uses and disclosures of PHI for purposes other than those described in Permitted/Required Uses and Disclosures of PHI will be made only with your written authorization. If you provide us authorization to use or disclose your PHI, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose information for the specific purpose contained in the authorization. You understand that we are unable to take back any disclosures already made with your authorization, and that we are required to retain any records we may have containing your PHI. If you revoke your authorization for payment or health care operations, you may jeopardize the administration of the benefits under your health plan.

Your Individual Rights with Respect to PHI>
Upon written request, you have the right to:

• request restrictions on certain uses and disclosures of your PHI, although we are not required to agree to a requested restriction
• receive confidential communication of PHI
• access our records containing descriptions of your PHI
• request an amendment to your PHI, although we are not required to agree to a requested amendment
• receive an accounting of impermissible PHI disclosures or disclosures made in compliance with the Rule for which an accounting is required.

Unless specifically requested otherwise, we will communicate PHI in connection with treatment, payment or health care operations, with any family member covered under your plan. Should any family member want a restriction on such disclosure of PHI, they must request such restriction in writing. Although we are not required to agree to a requested restriction, we will consider all factors explained in the request.

Except for uses and disclosures associated with treatment, payment, or health care operations, we do not use or disclose PHI when specifically protected by more stringent state law. Examples of more stringent state laws include those protecting HIV status, results of genetic testing, and indications of domestic abuse. We will follow state privacy laws that are more stringent than this federal law.

If you have chosen to receive this privacy notice electronically, you may also receive a paper copy from us upon your request.

Our Duties Regarding the Use and Disclosure of PHI
We are committed to maintaining your privacy and are required by law:

• to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI
• to abide by the terms of the Notice of Privacy Practices currently in effect.

We reserve the right to change the terms of this privacy notice and have such change be effective for all PHI that is maintained. Notification of a revised privacy notice will be provided through one of the following:

• U.S. Postal Service
• Revised Plan Document
• Internet E-mail.

Up-to-date privacy notices are maintained on our Website.

How to File a Complaint Regarding the Use and Disclosure of PHI
If you believe your privacy rights have been violated, you may file a complaint with us or with the Secretary of Health and Human Services. All complaints must be in writing. Please be assured that you may not be retaliated against for filing a complaint.

How to Contact Us
You may contact our representative at the following address:

Privacy Officer
HIPAA Compliance Department
Trustmark Insurance Companies
P.O. Box 7961
Lake Forest, IL 60045-7961
E-mail - HIPAAComplianceDepartment@Trustmarkinsurance.com
Website - http://www.trustmarkinsurance.com/

 

TRUSTMARK INSURANCE COMPANY
TRUSTMARK LIFE INSURANCE COMPANY
(We, Us, Our)

NOTICE OF PRIVACY PRACTICES
Effective date of this notice: April 1, 2006

Our Commitment to Protecting Your Privacy

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

As you may be aware, recent laws require that we provide you with notice as to how we protect an insured’s “Nonpublic Personal Information.” We want you to know that we are guided by our respect for the confidentiality of your Personal Information. We are providing you with this notice in accordance with recent laws and because we want you to know that we value your privacy.
You do not need to respond to this notice in any way.

Information We Collect Personal Information is any information that we obtained about you in the course of issuing insurance, or providing you with any of our services. The information we obtain could include but is not limited to:

• Social Security number;
• Medical history;
• Employment history;
• Credit history;
• Income information; or
• Bank or credit card numbers.

This information may have been obtained from several sources including:

• Applications or other forms you complete;
• Your business dealings with us and other companies; or
• Consumer reporting agencies.

Our Privacy and Security Procedure
We protect your Personal Information. The only employees who have access to this information are those who must have it to provide products or services to you. Below are some examples of our guidelines for protecting information.

• Paper copies, when used, are viewed, discussed, and retained in private surroundings.
• Individuals viewing information stored in a computer must have passwords to gain access. Passwords are provided only to individuals who must have access to provide products or services to our insureds.
• We have guidelines in place to make sure that our business associates use information only for the purpose provided. Each business associate signs a contract agreeing to follow our privacy procedures.

Information We Disclose
We do not disclose any information about you to anyone, except as allowed by law, including the Fair Credit Reporting Act. We may share all of the information we collect with insurance companies, agents, companies that help us to conduct our insurance business, companies that are self-insured, or others as permitted by law. Below are examples of the times we may share information for plan business purposes.

• Underwriting;
• Premium rating;
• Submitting claims;
• Reinsuring risk;
• Assessing quality;
• Business management and planning; and
• Sales, transfer, merger or consolidation of the business.
• It may be shared to assess eligibility for insurance benefits or payment.
• It may be shared to find or prevent criminal activity, fraud, material misrepresentation or material non-disclosures in connection with an insurance issue.
• It may be shared with a medical care institution or professional to verify coverage.
• It may be shared with a medical care institution or professional relating to a medical problem of which the insured may not be aware.
• It may be shared with a medical care institution or professional to conduct an audit of their activities.
• It may be shared for case management activities.
• It may be shared to coordinate care.
• We may share information about drug and disease management approaches and treatment, and related information that is not treatment.
• It may be shared for the collection of premium, the payment of benefits and other claims administration.
• It may be shared with a regulatory authority.
• It may be shared with a law enforcement authority or other government authority as required by law.
• It may be shared as otherwise permitted or required by law.
• It may be shared in response to an administrative or judicial order, including a search warrant or subpoena.
• It may be shared to conduct actuarial or research studies. In this case individuals would not be identified in the research report. Material identifying an individual would be destroyed as soon as it was no longer needed.
• It may be shared with our business associates for use in auditing services or operations, or auditing marketing services.
• It may be shared with a group policyholder for reporting claims experience, or for conducting an audit of our operations or services.
• It may be shared to consult with outside health care providers, consultants and attorneys, and other health related services.

We require those with whom we share information to agree to follow our privacy guidelines. In sharing information, we share only that which is reasonably necessary to accomplish the task. Please note that information that we get from a report made by a company that assists us to conduct insurance business may be retained by that company and used for other purposes.

Uses and disclosures of Personal Information for purposes other than those described above will be made only with your written authorization. If you provide us authorization to use or disclose your Personal Information, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose information for the specific purpose contained in the authorization. You understand that we are unable to take back any disclosures already made with your authorization, and that we are required to retain any records we may have containing your Personal Information. If you revoke your authorization for payment or health care operations, you may jeopardize the administration of the benefits under your health plan.

Our Privacy Commitment We understand the importance of protecting your private information. Our highest priority is to maintain your trust and confidence. We will maintain our commitment to safeguarding the information now and in the future. We are committed to maintaining your privacy and are required by law:

• to maintain the privacy of Personal Information and to provide you with notice of our legal duties and privacy practices with respect to Personal Information
• to abide by the terms of the Notice of Privacy Practices currently in effect.

We reserve the right to change the terms of this privacy notice and have such change be effective for all Personal Information that is maintained. Notification of a revised privacy notice will be provided through one of the following:

• U.S. Postal Service
• Revised Plan Document
• Internet E-mail.

Upon written request, you have the right to:

• request restrictions on certain uses and disclosures of your Personal Information, although we are not required to agree to a requested restriction
• receive confidential communication of Personal Information
• access our records containing descriptions of your Personal Information
• request an amendment to your Personal Information, although we are not required to agree to a requested amendment
• receive an accounting of impermissible Personal Information disclosures or disclosures made in compliance with the Rule (or state regulations, if applicable) for which an accounting is required.

The written request must reasonably describe the information. The information requested must be reasonably locatable and retrievable.

How to File a Complaint Regarding the Use and Disclosure of Personal Information
If you believe your privacy rights have been violated, you may file a complaint with us, your respective state insurance department or with the Secretary of Health and Human Services. All complaints must be in writing. Please be assured that you may not be retaliated against for filing a complaint.

How to Contact Us
You may contact our representative at the following address:
Privacy Officer
Privacy Request
Trustmark Companies
PO Box 7961

Lake Forest, Il 60045-7961
Email – PrivacyComplianceDepartment@Trustmarkinsurance.com

Any right a consumer, claimant, or beneficiary may have under this notice is not limited by any other privacy notice used by Us.

The customer is always the primary focus of the Trustmark Companies. We are committed to ensuring your privacy as you access our websites. Because we want to demonstrate this commitment to you, we have disclosed our privacy practices in this statement. If you feel that Trustmark is not abiding by its posted privacy policy, you should contact us by sending an e-mail to webprivacy@trustmarklife.com.

Information Collection and Use
In general, there are two types of information collected over the Internet: personally identifiable information and anonymous information. Personally identifiable information refers to that information that is unique to an individual, such as a name, address, social security number, or e-mail address. Anonymous information is that information typically collected in aggregate for statistical purposes, with no reference to personally identifiable information of website visitors.
Trustmark is the sole owner of the information collected on its sites. We will not sell, share, or rent this information to others in ways different from what is disclosed in this statement. Trustmark collects information from our users at several different points on our websites.

Links
This privacy statement only applies to the Trustmark websites. Though our websites may contain links to other sites, please be aware that these other sites have different privacy practices than Trustmark. We encourage visitors to review the privacy statements of other websites they visit.

Registration
You can visit our websites without sharing information about yourself or revealing any information about who you are. Sometimes, however, a user must first complete a registration form in order to access certain services. We request this information in order to identify you as the owner of the information you are attempting to access, or an authorized user of the service you are requesting. If you use a password or other confidential information you should not share that password or confidential information with others. Users are required to login only as themselves. If Trustmark becomes aware that a visitor to a Trustmark website has logged in as another user in order to gain access to personal and confidential information, this would be considered a breach of security. Trustmark reserves the right to terminate access for a particular user's login if a breach has been determined.

Cookies
A cookie is a piece of data stored on the user's hard drive containing information about the user. Usage of a cookie is in no way linked to any personally identifiable information while on our site. Cookies are required to gain access to secured areas of the site, and can be a convenience by limiting the need for the user to enter duplicate information as they advance from page to page through the site. Cookies can also enable us to track and target the interests of our users to enhance the experience on our site.
Trustmark respects the privacy of personal files in the computers of our visitors. Trustmark does not access, read, upload or store data contained in or derived from these private files.

Log Files
We use IP addresses to analyze trends, administer the site, track user's movement, and gather broad demographic information for aggregate use. IP addresses are not linked to personally identifiable information.

Sharing
We may share aggregate demographic information with our partners. This is not linked to any personal information that can identify any individual person. Partners are not allowed to use personally identifiable information except for the purpose of providing the services requested of them.

Surveys
From time-to-time our site may request information from users via surveys. Participation in these surveys is completely voluntary and the user therefore has a choice whether or not to disclose this information. Information requested may include contact information (such as name and address), and demographic information (such as zip code, age level). Each survey offered will contain a statement disclosing the purpose and use of the survey information. Please read this disclosure before proceeding with any survey.

Security
Trustmark takes precautions on our websites to protect our users' information. When users submit sensitive information via a Trustmark website, your information is protected both online and off-line.
When our registration process asks users to enter sensitive information (such as a social security number), that information is protected with 128-bit SSL encryption.
While we use SSL encryption to protect sensitive information online, we also do everything in our power to protect user information off-line. All of our users' information, not just the sensitive information mentioned above, is restricted in our offices. Only employees who need the information to perform a specific job or requested service are granted access to personally identifiable information. All employees of the Trustmark Companies are required to comply with the company's Confidentiality Agreement, which is reviewed and signed by each employee. The servers that we store personally identifiable information on are kept in a secure environment, in a locked data center.
Please note that your e-mail is a non-encrypted form of Internet communication and may be accessed and viewed by other Internet users without your knowledge or permission while in transit to us. Please exercise caution when using e-mail to communicate any information that you consider confidential.

Site and Service Updates
Site and service updates will be provided on the Trustmark website(s). We also may send update announcements to users.

Notification of Changes
If we decide to change our privacy policy, we will post those changes on our Homepage so our users are always aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it.
The above Web privacy statement is effective as of March 1st, 2001. Trustmark reserves the right to change this Web privacy statement from time to time. This privacy policy is not intended to and does not imply any contractual or other legal rights in respect to Trustmark or any other party.

Consent
You have the ability and right to exit and not continue to remain in an active session with the Trustmark website if you do not agree with the above Web privacy statement. If you remain in session with the site, you implicitly consent to the above policies and security doctrines.