General Data Protection Regulation (GDPR), the European Union’s (EU) privacy regulation, provides unique rights and protections for personal data from individuals in the EU or European Economic Area (EEA). When it collects personal data that is subject to GDPR, HealthSmart will comply with those rights as explained in this notice.
Depending on your relationship to HealthSmart, we may be a Controller or a Processor of your personal data. Where necessary and appropriate, we have implemented organizational and security measures that include an internal data protection policy and documenting our processing activities.
Use of Personal Data
We use personal data to provide the services requested by an individual, including health insurance benefits administration. Personal data may include but is not limited to your name, address, email, and social security number. Health and benefits administration may include enrolling you in a health care plan, providing care management and wellness services, assisting you in locating health care providers, notifying you of changes in your benefits, reporting financial data and fraud prevention.
In order to provide services to you, we receive personal data from you, from your medical care providers, from your employer or school and from other third parties. Some of this data may be sensitive personal information (such as information about your race, ethnicity, health, or genetics). We will only use your personal data when allowed by law, this may include the following circumstances:
- To enter into or perform the insurance contract you have requested, like processing your application for insurance coverage
- To comply with a legal or regulatory obligation, such as to fulfilling a regulatory reporting requirement
- To fulfill a business need, including keeping business and accounting records and analyzing our business and services to improve our services
- For sensitive personal data, to fulfill the substantial public interest in complying with your contact for insurance with us
- For sensitive personal data, to establish, exercise or defend a legal right
- For sensitive personal data, when you have given your consent
Sharing Personal Data
We share your personal data with medical providers, our employees and third-parties as directed or authorized by you and in order to provide the requested services and manage our business and services. We also share personal data with third-parties that we have contracted with to provide services, including administrative, security and data storage.
We store personal data for as long as necessary to provide the service and for a reasonable retention period.
You have the following rights with regard to your personal data:
- The right to be informed about the collection and use of your personal data
- The right to access your personal data (to know what personal data we have about you)
- The right to correct or update your personal data if it is inaccurate or incomplete
- The right to request erasure of your personal data (in whole or in part) where there is no compelling reason for HealthSmart to continue processing that personal data
- The right to restrict processing of your personal data
- The right to request data portability which would allow you to obtain a copy of your personal data for your own use
- The right to object to the processing of personal data under certain circumstances
- The right to request that your personal data not be subject to certain types of automated decision making or profiling
The exercise of certain of these rights may impede our ability to provide a service you have requested, such as if you restrict our ability to process your personal data or your health insurance claim.
If you have any questions about this notice or our privacy practices, please contact:
Braden Brown, SVP, Corporate Compliance and Regulatory Affairs
Phone: (214) 574-3546
You have the right to file a complaint with the relevant data protection authority. However, we would appreciate the opportunity to resolve your concerns before you file a complaint. If you have concerns, please contact us.
Location of Data Processing
All personal data collected by HealthSmart will be processed in the United States.