PRIVACY POLICY FOR PERSONAL HEALTH INFORMATION

NOTICE OF HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996 (HIPAA) PRIVACY PRACTICES AND ADMINISTRATIVE SIMPLICATION RULES FOR ASSURANCE PARTNERS.

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

OUR DUTIES
We are required by law to maintain the privacy of personal health information and to provide you with notice of our legal duties and privacy practices with respect to personal health information. We are required to abide by the terms of this Notice so long as it remains in effect. We reserve the right to change our Privacy practices, procedures, and terms of this HIPAA Notice of Privacy Practices as necessary, and to make the new Notice effective for all personal health information maintained by us. If a material change is made to the terms of this Notice, a revised notice will be provided to all primary insureds. You may obtain a copy of the HIPAA Privacy Notice by accessing our website at www.yourassurance.com or by mailing a request to the address below.

PROTECTED HEALTH INFORMATION
Individually identifiable health information held or transmitted, in any form or media, whether electronic, paper, or oral is included in the definition of Protected Health Information and is protected by this Privacy Policy. Individually identifiable health information is information, including demographic data that relates to:

• The individual’s past, present or future physical or mental health or condition,

• The provision of health care to the individual, or,

• The past present, or future payment for the provision of health care to the individual, and that identifies the individual or for which there is a reasonable basis to believe can be used to identify the individual. Individually identifiable health information includes many common identifiers (e.g., name, address, birth date, Social Security Number).

The Privacy Rule excludes from protected health information employment records that a covered entity maintains in its capacity as an employer and education and certain other records subject to, or defined in, the Family Educational Rights and Privacy Act, 20. U.S.C. §1232g.

USES AND DISCLOSURES OF YOUR PERSONAL HEALTH INFORMATION

YOUR AUTHORIZATION
Except as outlined below, we will not use or disclose your personal health information for any purpose unless you have signed a form authorizing the use or disclosure. You have the right to revoke that authorization in writing unless we have taken any action in reliance on the authorization.

USES AND DISCLOSURES FOR PAYMENT
We may use and disclose your personal health information as necessary for payment purposes. For instance, we may use and disclose information regarding your medical care to process and pay claims.

USES AND DISCLOSURES FOR HEALTH CARE OPERATIONS
We may use and disclose your personal health information as necessary, and as permitted by law, for our health care operations such as customer service, premium rating, fraud and abuse prevention and detection, and other functions related to your health policy. We may use and disclose your personal health information to provide you with information about treatment alternatives or other benefits and services that may be of interest to you.

FAMILY, FRIENDS, AND OTHERS INVOLVED IN YOUR CARE
With your approval, we may disclose your personal health information to designated family, friends, and others, to assist that person in caring for you or in paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation and we determine that a limited disclosure may be in your best interest, we may share limited personal health information with such individuals without your approval. If you have designated a person to receive information regarding payment of the premium on your Health Insurance or Long-Term Care policy, we will inform that person when your premium has not been paid.

BUSINESS ASSOCIATES
At times it may be necessary for us to provide some personal health information to one or more outside persons or organizations who assist us with our business activities. We require these business associates to appropriately safeguard the privacy of your information.

ADDITIONAL USES AND DISCLOSURES WITHOUT YOUR AUTHORIZATION
We are permitted or required by law to make certain other uses and disclosures of your personal health information without your authorization, including under the following conditions:

• for any purpose as required by law;

• for public health activities, such as required reporting of certain diseases; for FDA regulatory purposes; or OSHA compliance reporting.

• as required by law if we suspect child abuse or neglect; we may also release your personal health information as required by law if we believe you to be a victim of abuse, neglect, or domestic violence;

• if required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings;

• if required to do so by a court or administrative ordered subpoena, discovery request, or qualified protective order; • to law enforcement officials as required by law;

• to coroners and/or funeral directors consistent with law;

• if necessary to arrange an organ or tissue donation from you or a transplant for you;

• for certain research purposes when such research is approved by an institutional review board with established rules to ensure privacy; vif necessary to avert a serious threat to health or safety;

• if you are a member of the military as required by armed forces services; we may also release your personal health information if necessary for national security or intelligence activities;

• to workers’ compensation agencies if necessary for your workers’ compensation benefit determination.

YOUR HIPAA PRIVACY RIGHTS

ACCESS TO YOUR PERSONAL HEALTH INFORMATION
You have the right to obtain a copy and inspect specific items of your personal health information, such as your policy or claim information, for as long as we maintain it. We may deny your request to access certain personal health information, as permitted or required by law. We may require your request for access in writing. Your request for access should contain as much detail as possible regarding the personal health information you wish to review. We may charge a reasonable fee for access to your personal health information.

AMENDMENTS TO YOUR PERSONAL HEALTH INFORMATION
You have the right to request an amendment of the personal health information we maintain about you if you believe it is incorrect. We are not legally obligated to make all requested amendments but will give each request appropriate consideration consistent with the requirements of the Correction Principle in the Privacy and Security Framework. Requests for amendment must be in writing and must state the reasons for the amendment request. We will respond to you in writing whether your request for amendment has been accepted or denied. This response may be provided to you electronically. If your request is denied, you may submit a statement of disagreement for inclusion in your records.

ACCOUNTING FOR DISCLOSURES OF YOUR PERSONAL HEALTH INFORMATION
You have the right to request a list or accounting of certain disclosures of your personal health information. We are not legally obligated to provide an accounting of every disclosure but will give each request appropriate consideration. Requests must be made in writing. The accounting will not include disclosures made prior to April 14, 2003 or more than six years prior to the date of your request.

RESTRICTIONS ON USES AND DISCLOSURES OF YOUR PERSONAL HEALTH INFORMATION
You have the right to request restrictions on certain uses and disclosures of your personal health information for treatment, payment, or health care operations by notifying us of your request for a restriction in writing. We are not legally required to agree to your restriction request. We will limit the information we disclose in any manner as provided in this policy, to the extent practical to the limited data set as defined in 45CFR section 164.514(e)(2) or, if needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure or request.

CONFIDENTIAL COMMUNICATION OF PERSONAL HEALTH INFORMATION
You have the right to request to receive communications from us regarding your personal health information by another method of contact or at an alternative address. We will accommodate reasonable requests, which must clearly state that disclosure of all or part of the information could endanger your health or safety.

COMPLAINTS
If you believe your privacy rights have been violated, you can file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services in Washington D.C. There will be no retaliation for filing a complaint. Complaints should be addressed to the Privacy Officer at the address below.

HOW TO CONTACT US
If you have questions or need further assistance regarding this Notice, or wish to exercise any of the above-mentioned rights, you may contact the HIPAA/Privacy Administrator at the address closest to you:

Assurance Partners
201 E. Iron Avenue
P.O. Box 1213
Salina, Kansas 67402-1213
785-825-0286

YOUR STATE PRIVACY RIGHTS
Your state law may provide greater or different privacy rights.

EFFECTIVE DATE
This Notice of Privacy Practices is effective