RiverRock Insurance Services (owner of www.plansforhealth.com) is strongly committed to protecting your privacy. At no time does RiverRock Insurance Services sell or provide to other companies your personal information resulting from inquiries to our website. We only use your personal information to help you find and apply for medical insurance and complementary products that may be of interest to you as per our HIPAA compliant Privacy Statement below. We additionally use leading technologies to protect the security and privacy of your personal information. If you have any further questions regarding our policy, please address your questions to firstname.lastname@example.org
RiverRock Insurance Services - www.plansforhealth.com
California Medical/Life License: 0D76274
These privacy policies and procedures implement our obligation as an insurance office to protect the “nonpublic personal information” that we create, receive or maintain on consumers or customers.
Throughout the policy, we refer to information that can identify you as a specific individual, such as your name, phone number, email address, Social Security number or credit card number, as "personal information." Further, personal information includes any information involving your medical or medical history.
1. No use or disclosure: Our insurance office will not use or disclose nonpublic personal information except as these Privacy Policies & Procedures or our annual privacy practices notice permit, require or as permitted by law.
2. Medical Information Privacy: Our office will not disclose or share medical or other specified information at any time as defined in CIC Section 791.13(k) with out an expressed written consent from the consumer/customer. A consumer/customer may at any time revoke their consent to disclose or share information by written notice. The revocation will be placed in the consumer/customers file and notations made in any electronic records.
We do not sell, trade or give away your personal information to anyone.
We do not disclose your personal information to third parties, unless one of the following limited exceptions applies.
Insurance Companies and Licensed Agents. If you submit an application for an insurance product offered by us, then we will disclose your personal information to your chosen insurance company to process your application.
Legal Obligations. We may disclose or report your personal information when we believe, in good faith, that the disclosure is required or permitted under law, for example, to cooperate with regulators or law enforcement authorities or to resolve consumer disputes.
Outside of these exceptions, we will not share your personal information with third parties.
We collect personal information in the normal course of business in order to process your insurance application and to serve you better.
Registering With Us. We begin collecting personal information from you when you register with us. You may register with us through our website by entering your email address and, if you are creating an account, choosing your password. Under our current process, you must submit PHI before (i) starting an application for an individual or family plan or for a Medicare Supplement plan, or (ii) obtaining a quote for a small business plan. You may register with us via phone or email by providing certain personal or contact information (e.g., email address, phone number, gender, date of birth) to one of our customer service representatives.
Providing you with a quote or processing your application. We may use your personal information to get in touch with you when necessary to process your application or to provide you with a quote. For example, emails will be sent to you throughout the application process to inform you of the status of your application and to seek additional information that is requested as part of the application.
We gather anonymous information about you for our internal purposes, and we may share this anonymous information with third parties.
Anonymous information is any information that does not personally identify you, including aggregate demographic information such as the number of visitors to our website from a particular state.
We use anonymous information primarily for marketing purposes and to improve the services we offer you.
We may use "Cookies," "Internet Protocol" addresses or other numeric codes to gather anonymous information. For a more detailed discussion on cookies, please see below.
4. Notice of Privacy Procedures: Our office will provide an initial and annual Privacy Practices Notice to each customer as required by CIC Section 791 and Title 10 California Code of Regulations Sections 2689.1 to 2689.24 and to all consumers before disclosure of any nonpublic personal financial information to nonaffiliated third parties for marketing purposes. We will promptly revise our Privacy
Practices Notice when there is a material change to our use or disclosure of nonpublic personal information, nonpublic personal financial information, legal duties, consumers or customers rights or to other privacy practices that render the statements in that notice no longer accurate.
The notices are available upon request.
Opt-out notice: Each customer/consumer will receive their initial privacy practices notice prior to disclosure and or sharing of their nonpublic personal financial information with nonaffiliated third parties for marketing purposes as required by CIC Section 791.13 and Title 10 California Code of Regulations Section 2689.8. Additionally they will receive an opt-out notice a minimum of 30 days, before any sharing or disclosure of nonpublic personal financial information with any nonaffiliated third party as required by CIC Section 791.04 and Title 10 California Code of Regulations Section 2689.8(f). A consumer may exercise the right to opt-out at any time by completing our opt-out form and returning it to us. Our insurance office will include the completed opt-out form in the consumer’s physical file and make the appropriate notation and changes to their electronic records. Our insurance office will not share or disclose any customer / consumer nonpublic personal financial information with any person except as allowed under CIC Section 791.13 or with written consent once we receive a completed opt-out notice.
A consumer/customer may at any time revoke their opt-out by written notice. The revocation will be placed in the consumer/customers physical file and notations made in any electronic records.
5. Distribution of Our Notice: Each customer will receive his or her initial privacy practices notice from this office no later than the delivery of an insurance policy, service or financial product. Each customer will receive a notice annually on a date established by us, which reflects our current privacy practices. This annual privacy notice supercedes all prior initial or annual notices.
6. Minimum Necessary Disclosure: Our office will make reasonable efforts to protect consumer/customer privacy by disclosing or sharing the minimum necessary nonpublic personal information to accomplish the intended function, transaction, or service.
7. Customer / Consumer Rights: Our insurance office will honor customer’s and consumer’s rights regarding their nonpublic personal information.
a. Access---Our insurance office will honor requests in writing to view and copy customer / consumer records that are reasonably identified, reasonably locatable and retrievable. We will with in 30 days of receipt of the request contact the customer / consumer and inform them of the nature and substance of the recorded information and make arraignments for them to view the information and make copies for them for which we will charge $.10 per page plus $10 per hour for staff time.
b. Amendments---Customers/consumers have the right to request an amendment, correction or deletion to their nonpublic personal information held by us. Our office will, within 30 days of such request, inform the customer/consumer of our decision to amend, correct, or delete or our decision to not amend, correct or delete. If we decide to amend, correct or delete we will notify the customer/consumer in writing.
c. If we decide not to make any changes the customer/consumer has a right to submit in writing a concise statement setting forth what the customer/consumer thinks is the correct, relevant or fair information and why they disagree with our refusal to amend, correct, or delete nonpublic personal information in their file. Our office will put this statement in the customer’s/ consumer’s file. In the future if we share or disclose any nonpublic personal information from the file we will also furnish a copy of the customers/consumers request to amend, correct, delete, our letter informing them of our decision and their response.
The rights granted in this section do not extend to information about the customer/consumer that relates to and is collected in connection with or in reasonable anticipation of a claim or civil or criminal proceeding involving them.
8. Privacy Officer: Our insurance office will designate one person to be the privacy officer. He or she will have primary responsibility for privacy and security issues. He or she will also be the contact for all complaints involving privacy or security matters.
9. Staff Training: Our insurance office will train all members of our workforce in these Privacy Policies & Procedures, as needed and appropriate for them to carry out their functions. All members of our workforce will acknowledge in writing within a reasonable time of employment their receipt and training on these Privacy Policies & Procedures.
10. Data Safeguards: Our insurance office will develop, implement, annually review and maintain reasonable and appropriate administrative, technical and physical safeguards to ensure the integrity and confidentially of the nonpublic personal information we hold and maintain.
a. Physical Access--- Our insurance office will monitor and ensure that during normal business hours no person is unescorted or unmonitored within the office unless they are an employee or a business associate with whom we have a contract that appropriately limits their use and disclosure of nonpublic personal information held or maintained by this office. Our insurance office will identify, monitor and control who is authorized to posses and who possess keys or the necessary codes for securing and entering the office. Upon any termination of employment keys will be collected and codes changed to maintain the security of the office.
b. Business Associates: Our insurance office will obtain a written contract from all nonaffiliated third parties who will have access to or receive nonpublic personal information in the course of their duties for us. This contract will provide for appropriate safeguards and limit their use and disclosure of the nonpublic personal information we share or disclose to them.
c. Physical Data: Our insurance office will secure all physical data that contains nonpublic personal information. All files not in use will be filed. No files will be left out of the filing containers over night. All file containers will be secured when the office is closed or not occupied.
d. Electronic Data: Our insurance office will provide controls on access to and authentication of persons using electronic data. Our office will install, maintain, and update necessary virus protection, firewall protection and software updates as needed. All employees who must have access to electronic data will have their own unique user ID and unique password. These will be controlled and changed periodically by the Privacy Officer as needed for employee terminations, updates, new software, etc. Our office will ensure that floppies, CDs, DVDs, zip drives, hard drives, electronic tape, off-site storage etc. are included in the access and authentication procedures. We will ensure that the intentional destruction of data is done using a secure method.
e. Employee training: Our office will provide annual training on the Privacy Policies and Procedures for protecting the electronic data or form of nonpublic personal information we hold or maintain. We will document the time, date, persons in attendance and subjects covered.
11. Annual Security Assessment: Our insurance office will do an annual Cal-GLBA Privacy and Security Gap Assessment to ensure these policies and procedures are being preformed and working as intended. Our Security Officer will initiate the assessment.
Privacy Policies & Procedures July 2003 (Latest Update)
Browsers and Internet Security
Any time you enter or provide personal information in our website, we encrypt it using Secure Socket Layer ("SSL") technology. SSL protects information as it crosses the Internet. To support this technology, you need an SSL-capable browser. RiverRock Insurance Services recommends using a strong encryption, 128-bit browser such as Microsoft's Internet Explorer 4.01 or higher or Netscape Navigator 4.06 or higher. These browsers will activate SSL automatically whenever you begin shopping for plan on our website and when you return to our website to complete an application.
You can tell if you are visiting a secure area within a website by looking at the symbol on the bottom of your browser screen. If you are using Internet Explorer or Netscape Navigator, you will see either a lock or a key. When the padlock is in the locked position, your session connection is taking place via a secure server.
If you need a strong encryption browser, you can go to the Microsoft website or the Netscape website to download the latest Internet Explorer or Navigator browser. We do not recommend the use of beta browser versions.
Security Risk of Using Non-Approved Automated Software Applications
For security reasons to guard the safety of your data, access to this website is limited to SSL-capable browsers such as Microsoft's Internet Explorer 4.01 or higher or Netscape Navigator 4.06 or higher. Under no circumstance should you use any software, program, application or any other device to access or log-in to the www.plansforhealth.com website, or to automate the process of obtaining, downloading, transferring or transmitting any content to or from our computer systems, website or proprietary software.
Links to Other Websites
Our website contains links to other websites. Please note that when you click on one of these links you are "clicking" to another website. RiverRock Insurance Services is not responsible for the information privacy practices or the content of such websites. We encourage you to read the privacy policies of these linked websites as their information privacy practices may differ from ours.