Insurance Services (owner of
is strongly committed to protecting your
privacy. At no time does
RiverRock Insurance Services sell or provide to other companies
your personal information resulting from inquiries to our website.
We only use your personal information to
help you find and apply for medical insurance
and complementary products that may be of
interest to you as per our HIPAA compliant
Privacy Statement below. We
additionally use leading technologies to
protect the security and privacy of your
personal information. If you have any further questions regarding our policy, please address your questions to
Policy discloses the information privacy
practices for the website you are currently
Insurance Services - www.plansforhealth.com
privacy policies and procedures implement our obligation as an insurance
office to protect the “nonpublic personal information” that we create,
receive or maintain on consumers or customers.
Throughout the policy, we refer to
information that can identify you as a
specific individual, such as your name,
phone number, email address, Social Security
number or credit card number, as
"personal information." Further,
personal information includes any
information involving your medical or medical
No use or disclosure: Our insurance office will not use or
disclose nonpublic personal information except as these Privacy Policies
& Procedures or our annual privacy practices notice permit, require or
as permitted by law.
Medical Information Privacy: Our office will not disclose or
share medical or other specified information at any time as defined in CIC
Section 791.13(k) with out an expressed written consent from the
consumer/customer may at any time revoke their consent to disclose or
share information by written notice. The revocation will be placed in the
consumer/customers file and notations made in any electronic records.
do not sell, trade or give away
your personal information to anyone.
do not disclose your personal
information to third parties, unless one
of the following limited exceptions
Companies and Licensed Agents. If
you submit an application for an
insurance product offered by us,
then we will disclose your personal
information to your chosen insurance
company to process your
Obligations. We may disclose or
report your personal information
when we believe, in good faith, that
the disclosure is required or
permitted under law, for example, to
cooperate with regulators or law
enforcement authorities or to
resolve consumer disputes.
of these exceptions, we will not share
your personal information with third
collect personal information in the
normal course of business in order to
process your insurance application and
to serve you better.
With Us. We begin collecting
personal information from you when
you register with us. You may
register with us through our website
by entering your email address and,
if you are creating an account,
choosing your password. Under our
current process, you must submit PHI
before (i) starting an application
for an individual or family plan or
for a Medicare Supplement plan, or
(ii) obtaining a quote for a small
business plan. You may register with
us via phone or email by providing
certain personal or contact
information (e.g., email address,
phone number, gender, date of birth)
to one of our customer service
you with a quote or processing your
application. We may use your
personal information to get in touch
with you when necessary to process
your application or to provide you
with a quote. For example, emails
will be sent to you throughout the
application process to inform you of
the status of your application and
to seek additional information that
is requested as part of the
gather anonymous information about you
for our internal purposes, and we may
share this anonymous information with
information is any information that
does not personally identify you,
including aggregate demographic
information such as the number of
visitors to our website from a
use anonymous information primarily
for marketing purposes and to
improve the services we offer you.
may use "Cookies,"
addresses or other numeric codes to
gather anonymous information. For a
more detailed discussion on cookies,
please see below.
Notice of Privacy Procedures:
Our office will provide an initial and annual Privacy Practices Notice to
each customer as required by CIC Section 791 and Title 10 California Code
of Regulations Sections 2689.1 to 2689.24 and to all consumers before
disclosure of any nonpublic personal financial information to
nonaffiliated third parties for marketing purposes.
We will promptly revise our Privacy
Notice when there is a material change to our use or disclosure of
nonpublic personal information, nonpublic personal financial information,
legal duties, consumers or customers rights or to other privacy practices
that render the statements in that notice no longer accurate.
notices are available upon request.
customer/consumer will receive their initial privacy practices notice
prior to disclosure and or sharing of their nonpublic personal financial
information with nonaffiliated third parties for marketing purposes as
required by CIC Section 791.13 and Title 10 California Code of Regulations
Section 2689.8. Additionally they will receive an opt-out notice a minimum
of 30 days, before any sharing or disclosure of nonpublic personal
financial information with any nonaffiliated third party as required by
CIC Section 791.04 and Title 10 California Code of Regulations Section
2689.8(f). A consumer may exercise the right to opt-out at any time by
completing our opt-out form and returning it to us.
Our insurance office will include the completed opt-out form in the
consumer’s physical file and make the appropriate notation and changes
to their electronic records. Our insurance office will not share or
disclose any customer / consumer nonpublic personal financial information
with any person except as allowed under CIC Section 791.13 or with written
consent once we receive a completed opt-out notice.
consumer/customer may at any time revoke their opt-out by written notice.
The revocation will be placed in the consumer/customers physical file and
notations made in any electronic records.
Distribution of Our Notice:
Each customer will receive his or her initial privacy practices notice
from this office no later than the delivery of an insurance policy,
service or financial product. Each customer will receive a notice annually
on a date established by us, which reflects our current privacy practices.
This annual privacy notice supercedes all prior initial or annual notices.
Minimum Necessary Disclosure:
Our office will make reasonable efforts to protect consumer/customer
privacy by disclosing or sharing the minimum necessary nonpublic personal
information to accomplish the intended function, transaction, or service.
Customer / Consumer Rights: Our
insurance office will honor customer’s and consumer’s rights regarding
their nonpublic personal information.
insurance office will honor requests in writing to view and copy customer
/ consumer records that are reasonably identified, reasonably locatable
and retrievable. We will with in 30 days of receipt of the request contact
the customer / consumer and inform them of the nature and substance of the
recorded information and make arraignments for them to view the
information and make copies for them for which we will charge $.10 per
page plus $10 per hour for staff time.
have the right to request an amendment, correction or deletion to their
nonpublic personal information held by us.
Our office will, within 30 days of such request, inform the
customer/consumer of our decision to amend, correct, or delete or our
decision to not amend, correct or delete. If we decide to amend, correct
or delete we will notify the customer/consumer in writing.
If we decide not to make any changes the customer/consumer has a right to
submit in writing a concise statement setting forth what the
customer/consumer thinks is the correct, relevant or fair information and
why they disagree with our refusal to amend, correct, or delete nonpublic
personal information in their file. Our office will put this statement in
the customer’s/ consumer’s file. In the future if we share or disclose
any nonpublic personal information from the file we will also furnish a
copy of the customers/consumers request to amend, correct, delete, our
letter informing them of our decision and their response.
rights granted in this section do not extend to information about the
customer/consumer that relates to and is collected in connection with or
in reasonable anticipation of a claim or civil or criminal proceeding
Privacy Officer: Our
insurance office will designate one person to be the privacy officer. He
or she will have primary responsibility for privacy and security issues.
He or she will also be the contact for all complaints involving privacy or
Staff Training: Our insurance office will train all members of our
workforce in these Privacy Policies & Procedures, as needed and
appropriate for them to carry out their functions.
All members of our workforce will acknowledge in writing within a
reasonable time of employment their receipt and training on these Privacy
Policies & Procedures.
Data Safeguards: Our insurance office will
develop, implement, annually review and maintain reasonable and
appropriate administrative, technical and physical safeguards to ensure
the integrity and confidentially of the nonpublic personal information we
hold and maintain.
a. Physical Access--- Our insurance office will monitor and ensure
that during normal business hours no person is unescorted or unmonitored
within the office unless they are an employee or a business associate with
whom we have a contract that appropriately limits their use and disclosure
of nonpublic personal information held or maintained by this office. Our
insurance office will identify, monitor and control who is authorized to
posses and who possess keys or the necessary codes for securing and
entering the office. Upon any termination of employment keys will be
collected and codes changed to maintain the security of the office.
b. Business Associates: Our insurance office will obtain a written
contract from all nonaffiliated third parties who will have access to or
receive nonpublic personal information in the course of their duties for
us. This contract will provide for appropriate safeguards and limit their
use and disclosure of the nonpublic personal information we share or
disclose to them.
c. Physical Data: Our insurance office will secure all physical
data that contains nonpublic personal information. All files not in use
will be filed. No files will be left out of the filing containers over
night. All file containers will be secured when the office is closed or
d. Electronic Data: Our insurance office will provide controls on
access to and authentication of persons using electronic data. Our office
will install, maintain, and update necessary virus protection, firewall
protection and software updates as needed.
All employees who must have access to electronic data will have
their own unique user ID and unique password. These will be controlled and
changed periodically by the Privacy Officer as needed for employee
terminations, updates, new software, etc.
Our office will ensure that floppies, CDs, DVDs, zip drives, hard
drives, electronic tape, off-site storage etc. are included in the access
and authentication procedures. We will ensure that the intentional
destruction of data is done using a secure method.
e. Employee training: Our office will provide annual training on
the Privacy Policies and Procedures for protecting the electronic data or
form of nonpublic personal information we hold or maintain.
We will document the time, date, persons in attendance and subjects
Annual Security Assessment: Our insurance office will do an annual
Cal-GLBA Privacy and Security Gap Assessment to ensure these policies and
procedures are being preformed and working as intended. Our Security
Officer will initiate the assessment.
Privacy Policies & Procedures July 2003 (Latest Update)
are small files that are stored by your web
browser to help a particular system
recognize you and the pages you visited in a
your online experience more convenient. For
example, we may use a cookie to store your
account information between sessions and to
maintain information about the quotes you've
requested during your session. Additionally,
we may use data from cookies for a variety
of internal purposes, such as studying how
users navigate our website. We do not
collect any personal information from
cookies. Further, no other information we
collect from cookies can be linked back to
your personal information. Most browsers
automatically accept cookies, but if you
Even without a cookie, you can still use
most of the features on our website,
including obtaining quotes and applying for
an insurance policy.
and Internet Security
time you enter or provide personal
information in our website, we encrypt it
using Secure Socket Layer ("SSL")
technology. SSL protects information as it
crosses the Internet. To support this
technology, you need an SSL-capable browser.
RiverRock Insurance Services recommends using
a strong encryption, 128-bit browser such as
Microsoft's Internet Explorer 4.01 or higher
or Netscape Navigator 4.06 or higher. These
browsers will activate SSL automatically
whenever you begin shopping for plan on our
website and when you return to our website
to complete an application.
can tell if you are visiting a secure area
within a website by looking at the symbol on
the bottom of your browser screen. If you
are using Internet Explorer or Netscape
Navigator, you will see either a lock or a
key. When the padlock is in the locked
position, your session connection is taking
place via a secure server.
you need a strong encryption browser, you
can go to the Microsoft website or the
Netscape website to download the latest
Internet Explorer or Navigator browser. We
do not recommend the use of beta browser
Risk of Using Non-Approved Automated
security reasons to guard the safety of your
data, access to this website is limited to
SSL-capable browsers such as Microsoft's
Internet Explorer 4.01 or higher or Netscape
Navigator 4.06 or higher. Under no
circumstance should you use any software,
program, application or any other device to
access or log-in to the
website, or to automate the process of
obtaining, downloading, transferring or
transmitting any content to or from our
computer systems, website or proprietary
to Other Websites
website contains links to other websites.
Please note that when you click on one of
these links you are "clicking" to
another website. RiverRock Insurance Services
is not responsible for the information
privacy practices or the content of such
websites. We encourage you to read the
privacy policies of these linked websites as
their information privacy practices may
differ from ours.