At Glatfelter Insurance Group, protecting your privacy is very important to us. We recognize that our relationships with current and prospective clients are based on integrity and trust. We work hard to maintain your privacy and are very careful to preserve the private nature of our relationship with you. At the same time, the very nature of our business sometimes requires that we collect or share certain information about you with other organizations or companies. Therefore, we want you to be aware of how we handle personal information.
PURPOSE OF THIS NOTICE
This Notice of Privacy Policies and Practices is being provided on behalf of Glatfelter Insurance Group (“GIG”) and its affiliates to the extent required by the Gramm-Leach-Bliley Act (GLBA), the Health Insurance Portability and Accountability Act of 1996 (HIPAA), and the California Consumer Privacy Act of 2018 (CCPA). Please click on the applicable links below for more information.
LAST UPDATE: 12/12/2019
Title V of the Gramm-Leach-Bliley Act (GLBA) generally prohibits any financial institution, directly or through its affiliates, from sharing nonpublic personal information about you with a non-affiliated third party unless the institution provides you with a notice of its privacy policies and practices, such as the type of information that it collects about you and the categories of persons or entities to whom it may be disclosed. In compliance with the GLBA, we are providing you with this document, which notifies you of the privacy policies and practices of GIG and its affiliated companies. For a complete list of GIG affiliated companies, please see the section below titled, "Glatfelter Insurance Group Family of Companies."
GIG and its affiliated companies do not and will not sell or share nonpublic personal information about you with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law.
Our "affiliates" are companies with which we share common ownership and which offer property and casualty, life and health and certain benefit products.
Under the Fair Credit Reporting Act, you may exercise your right to opt out of Glatfelter Insurance Group’s sharing of non- transactional information about you with GIG affiliates. GIG may share other information about you with its affiliates as permitted by law.
Changes to this GLBA Notice
We may change or update this GLBA Notice from time to time. When we do, we will post the revised GLBA Notice on this page with a new “Last Updated” date.
We are committed to protecting the privacy of your protected health information (PHI). PHI is your individually identifiable health information, including demographic information, collected from you or created or received by a health care provider, a health plan, your employer, or health care clearinghouse which is then provided to us and that relates to: (i) your past, present or future physical or mental health or condition; (ii) the provision of health care to you; or (iii) the past, present or future payment for the provision of health care to you. We are required by law to maintain the privacy of your PHI and to provide you with this notice of our privacy practices and legal duties. We are required to abide by the terms of this notice.
WE RESERVE THE RIGHT TO CHANGE THE TERMS OF THIS NOTICE AND MAKE ANY NEW PROVISIONS EFFECTIVE TO ALL OF THE PHI WE MAINTAIN ABOUT YOU. IF WE CHANGE OUR NOTICE, WE WILL POST IT ON OUR WEBSITE AND SEND YOU A COPY IN OUR ANNUAL MAILING, OR YOU MAY OBTAIN A COPY OF THE REVISED NOTICE BY CONTACTING OUR PRIVACY COORDINATOR USING THE INFORMATION IN PARAGRAPH 9.
2. Statement of Your Rights
You have a right to know how we may use or disclose your PHI. This notice informs you of those uses and disclosures. There are certain uses and disclosures of your PHI that we are permitted or required to make by law without your permission. For all other uses and disclosures, we first must obtain your permission or written authorization. In addition, you have the following rights:
3. Information We Collect About You
In order to administer your health benefit programs effectively, we collect the following categories of PHI about you from the following sources:
4. Uses and Disclosures of Protected Information
A. For Treatment, Payment and Operations.
In order to administer your health benefit programs effectively, we use and disclose PHI for certain of our activities, including:
B. Uses and Disclosures of PHI to Other Entities.
We also may use and disclose PHI to other covered entities, business associates or other individuals (as permitted by the HIPAA Privacy rule) who assist us in administering your benefit plan and delivering services to its members. In connection with our payment and operations activities, we may contact individuals and other entities (“Business Associates”) to perform various functions on our behalf or to provide certain types of services (such as enrollment or member service support). To perform these functions, Business Associates must agree in writing to contract terms designed to appropriately safeguard your PHI.
C. Other Possible Uses and Disclosures of PHI
We may use and disclose your PHI without your written permission for the following purposes:
D. For Any Purposes to Which You Have Not Objected.
Unless you object, we may disclose your PHI to a friend or family member that you have identified as being involved in your health care. We also may disclose your PHI to an entity to assist in disaster relief efforts and so that your family can be notified about your condition, status and location. If you are not present or able to agree to these disclosures of your PHI, then we may determine whether the disclosure is in your best interest.
E. As Permitted By Plan Documents.
In certain limited circumstances where we may be acting as a third party administrator, we may disclose your PHI to plan sponsors pursuant to the restrictions imposed on the plan sponsor in the sponsor’s plan documents.
5. Required Disclosures of Your PHI
We are required to disclose your PHI to the Secretary of the U.S. Department of Health and Human Services when the Secretary is investigating or determining compliance with the HIPAA Privacy Rule. We are required to disclose to you most of your PHI that is in a “designated record set” when you request access to this information. We are also required to provide, upon written request, an accounting of any disclosures of PHI that are for reasons other than payment or health benefits operations.
6. Other Uses and Disclosures of Your PHI
Sometimes we are required to obtain written authorization for use and disclosure of your health information. The uses and disclosures that require an authorization under 45 C.F.R. §164.508(a) are: (i) for marketing purposes; (ii) if we intend to sell your PHI; or (iii) for psychotherapy notes. We do not and will not sell or share your PHI with any non-affiliated third party for any purpose unless you authorize it or it is otherwise permitted by law. Other uses and disclosures of your PHI that are not described above will be made only with your written, permission, and any permission that you give us may be revoked by you at any time. However, the revocation will not be effective for information that we already have used or disclosed, relying on the authorization.
7. Questions and Complaints About Use of PHI
If you want more information about our privacy policies or practices or have any questions or concerns, please contact us using the information in paragraph 9. You may submit a written complaint either directly to us or to the U.S. Department of Health and Human Services (HHS) if you believe that your rights with respect to our protection of your PHI have been violated. We will provide you with the address to file your complaint with HHS upon request. To file a complaint with us, you may submit a complaint in writing that includes as many details (such as names and dates) as possible to our Privacy Officer at the address in Paragraph 9. We support your right to protect the privacy of your PHI. You will not be retaliated against in any way for filing a complaint.
8. Our Practices Regarding Confidentiality and Security
We restrict access to PHI about you to those employees who need to know that information in order to provide products or services to you. We maintain physical, electronic, and procedural safeguards that comply with federal regulations to guard your PHI. We do not engaged in fundraising activities using PHI, however, if we did engage in such activity, then you would have the opportunity to opt out of receiving fundraising communications. Subject to applicable regulatory reporting requirements, exceptions and safe harbors, we will notify affected individuals following a breach of their unsecured PHI.
9. Contact Person For Filing Complaint or Obtaining Further Information
GLATFELTER INSURANCE GROUP
ATTN: PRIVACY COORDINATOR
P.O. BOX 2726
YORK, PENNSYLVANIA 17405
Our Policy Regarding Dispute Resolution
Glatfelter Insurance Group Family of Companies
This Notice is being provided on behalf of the following Glatfelter Insurance Group affiliates:
Arthur J. Glatfelter Agency, Inc.
Glatfelter Brokerage Services
Glatfelter Claims Management, Inc.
Glatfelter Commercial Ambulance
Glatfelter Healthcare Practice
Glatfelter Insurance Services
Glatfelter Program Managers
Glatfelter Public Practice
Glatfelter Religious Practice
Glatfelter Underwriting Services, Inc.
Susquehanna Agents Alliance, LLC
The Glatfelter Agency, Inc.
Volunteer Firemen’s Insurance Services, Inc.
Changes to this HIPAA Notice
We may change or update this HIPAA Notice from time to time. When we do, we will post the revised HIPAA Notice on this page with a new "Last Updated" date.
This Consumer Privacy Notice (“Notice”) is provided on behalf of Glatfelter Insurance Group (“GIG”) and its affiliates. We are providing this Notice in accordance with our obligations under applicable law and as part of our commitment to handling your personal information responsibly and transparently. Please review this Notice to understand our privacy practices, including what personal information we collect, why we collect it, how we collect it, and how you can exercise your rights with respect to your personal information.
This Notice applies to individuals associated with corporations, partnerships, other non-individual clients, and other non-client individuals who are California residents and whose personal information GIG collects. The Notice should be read in conjunction with any other privacy notices you receive from all GIG companies and affiliates. We refer to any company that is not part of GIG as a non-affiliated third party.
This Notice is not applicable to current and former individual clients of GIG who purchased or are seeking to purchase products primarily for personal, family or household use such as life insurance, retirement products, home owner’s insurance, travel insurance etc. If you are an individual client who has obtained or is covered by such a product or service from GIG, federal law requires that we provide you with a separate notice at the establishment of the customer relationship and annually thereafter, which explains what personal information we collect and what rights you may exercise with respect to your personal information.
1. What Personal Information Does GIG Collect?
The type of personal information we collect may vary depending on your relationship with us, such as if you are a client, a representative of one of our corporate or institutional clients, or a third party filing a claim. We may have collected the following categories of personal information:
2. What Are GIG’s Sources of Personal Information?
We collect the personal information described above directly from you such as through your transactions with GIG and our business partners, and your interactions with us on our websites and social media pages. We also collect this personal information from other categories of sources such as publicly available databases, consumer reporting agencies, commercially available sources, third parties authorized by you such as doctors, financial advisors, and prior and current employers, when they share the information with us.
3. How Does GIG Use Personal Information?
Depending on your relationship with us, we may use the personal Information described above for the following purposes:
4. How Does GIG Share Personal Information?
Due to the size and complexity of our operations, we cannot identify every recipient of your personal information. Depending on your relationship with us, we may share your personal information for the purposes described in Section 3 above with the following categories of recipients: entities within the GIG family, including subsidiaries and affiliates; insurance and distribution parties; service providers; providers of Internet-connected devices and associated software; governmental authorities and third parties involved in court action; parties to a merger or acquisition; and our business partners or other third parties as may be required and where we have obtained the appropriate authorization.
The following categories of personal information may have been disclosed as described above:
When we share personal information with a non-affiliated third party, that third party cannot use the information except to perform services for GIG, or as may be permitted or required by law.
5. What Rights Are Available?
If you are a California resident and this Notice applies to you, you may request that we:
(1) Disclose to you the following information covering the 12 months preceding your request:
· The categories of personal information we collected about you and the categories of sources from which we collected such personal information;
· The specific pieces of personal Information we collected about you;
· The business or commercial purpose for collecting personal information about you;
· The categories of personal information about you that we otherwise shared or disclosed, and the categories of third parties with whom we shared or to whom we disclosed such personal information (if applicable).
(2) Delete certain personal information we collected from you. In the event that you choose to exercise this right, please note that we may nevertheless retain your personal information as permitted under applicable law, including but not limited to the following purposes:
· To provide goods or services within the context of our relationship with you;
· To detect security incidents or other fraudulent or illegal activity;
· To comply with GIG’s legal and regulatory obligations; and
· To enable other uses that are compatible with your expectations or appropriate given the context in which the personal information was collected.
In order to make either of the requests listed above, please contact us using either of the methods below:
(1) Call us at (800) 233-1957 and ask for the Privacy Coordinator; or
(2) Submit a request via the web links below:
Policy/Contract/Account Owners, Claimants, Insurance Applicants, Beneficiaries, etc. at Glatfelter Insurance Group - Customer
Agents, Brokers, Registered Representatives, etc. at Glatfelter Insurance Group - Agent
Employees, Non-Employee Workers, Interns, Job Applicants, etc. at Glatfelter Insurance Group - Employee
Either method will include instructions about how to submit a verifiable request, which will require that you or your authorized representative provide certain identifying information. Authorized representatives will also be required to provide proof of their authority to act on your behalf. If we are unable to verify your identity, or confirm that you have authorized the request, we may not be able to respond to your request in full.
Under California law, you are entitled to exercise your rights without experiencing any discriminatory treatment.
Changes to this CCPA Notice
We may change or update this CCPA Notice from time to time. When we do, we will post the revised CCPA Notice on this page with a new “Last Updated” date.