Hipskind Seyfarth Risk Solutions LLC respects your privacy. We are committed to protecting your privacy, whether you are a current customer or just visiting our site. We make every effort to keep your information private, just as we do when you provide it over the phone, in person or via email.
For your convenience, we may have provided links to other web sites and/or pages that we do not control. We cannot control those sites and, thus, cannot be held responsible for the privacy practices of any web sites or pages not under our control.
For Marketplace Customers:
A. Not use or disclose PII other than as permitted or required by law; Except as otherwise limited, the producer may use or disclose PII to perform functions, activities, or services for, or on behalf of the covered entity, provided that each use or disclosure would not violate the Privacy Rule. The producer must obtain reasonable assurances from any person to whom the information is disclosed that it will remain confidential and used or further disclosed only as Required By Law or for the purpose for which it was disclosed to the person, and the person notifies the producer of any instances of which it is aware in which the confidentiality of the information has been breached.
B. Use appropriate safeguards to prevent use or disclosure of PII other than as permitted or required by law. The producer shall implement administrative, physical and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of Electronic PII (e-PII) that it creates, receives, maintains or transmits on behalf of the consumer.
C. Report to the covered entity immediately any use or disclosure of PII not permitted or required by law of which it becomes aware, including breaches of unsecured PII, and any security incident of which it becomes aware.
D. Notify the covered entity of a Breach of Unsecured PII within 24 hours of the discovery of such Breach, followed by a report in writing, except where a law enforcement official determines that a notification would impede a criminal investigation or cause damage to national security. The producer’s written notification to the covered entity hereunder shall:
1. Be made to the covered entity within 48 hours of the initial oral report, and
2. Include the individual whose Unsecured PII has been, or is reasonably believed to have been, the subject of a Breach.
E. In the event of an unauthorized use or disclosure of PII or a Breach of unsecured PII, the producer shall mitigate to the extent practicable any harmful effects of said disclosure that are known to it;
F. If applicable, ensure that any subcontractors that create, receive, maintain, or transmit PII on behalf of the producer agree to the same restrictions, conditions, and requirements that apply to the producer with respect to such information;
G. Within 7 days of request, make available PII in a Designated Record Set to the covered entity as necessary to satisfy the covered entity's obligations;
H. Make any amendment to PII in a Designated Record Set as directed or agreed to by the covered entity pursuant to 45 CFR 164.526, or take other measures as necessary to satisfy the covered entity's obligations under 45 CFR 164.526;
I. Maintain and make available, within 7 days after a request for such information, the information required to provide an accounting of disclosures to the covered entity as necessary;
J. With respect to any use, disclosure or request for PII, the producer shall limit the PII to the extent practicable to the limited data set as defined in 45 CFR 164.514(e)(2) or, if needed, to the minimum necessary to accomplish the intended purpose of such use, disclosure or request;
L. Make its internal practices, books, and records available to the covered entity for purposes of determining compliance with the HIPAA Rules; and
M. The producer shall be directly responsible for full compliance with the relevant requirements of the Privacy Rule to the same extent as the covered entity.