HMSA Benefitfocus eEnrollment Web Site Privacy Statement

Welcome to the HMSA Benefitfocus eEnrollment Web Site (the "Site") provided to you by the Hawaii Medical Service Association ("HMSA") and its licensor, Benefitfocus.com, Inc. (“Benefitfocus”). Please read the following Web Site Privacy Statement (“Privacy Statement”) as well as the Terms and Conditions of Use Agreement (“Agreement”) carefully before using the site. To use the services offered by HMSA through this Web Site (the “Services”), a participating employer (“Employer”) must agree to be bound by all of the terms of the Agreement and this Privacy Statement. By entering and using the Site and the Services, Employer acknowledges and agrees to the terms of the Agreement and this Privacy Statement. If Employer does not agree to abide by this Privacy Statement and the Agreement, Employer may not enter, access, or otherwise use this Site.

If you suspect improper use or access to HMSA’s information, please notify HMSA immediately. Contact HMSA’s Compliance and Incident Hotline at 1 (800) 749-HMSA (4672) or via email at incidents@hmsa.com.

All use of the Site is subject to the Agreement and this Privacy Policy. HMSA may only use the information that Employer provides through this Site for purposes permitted or required by law, and as described in this Privacy Statement.

Please note that this Privacy Statement applies only to how HMSA uses individually identifiable personal information that Employer provides when visiting this Site. "Online personal information" is any information or data provided through this Site that is individually identifiable, such as a name, subscriber number, social security number, address, email address, and birth date. "Online personal information" may or may not be individually identifiable health information that is also protected by the HIPAA Privacy Rule. (the "HIPAA Privacy Rule" is a federal regulation officially known as the "Standards for the Privacy of Individually Identifiable Health Information").Where online personal information also constitutes individually identifiable health information under the HIPAA Privacy Rule, the provisions of the HIPAA Privacy Rule also will govern HMSA’s permitted uses and disclosures of the online personal information.

HMSA routinely gathers quantitative information on Web site activity, including the number of users to this Site and the pages visited.

HMSA does not sell, license or disclose online personal information provided to HMSA through the use of the Services outside of HMSA, its contracted agents (e.g., business associates) and affiliated companies.

As permitted by the HIPAA Privacy Rule, individually identifiable health information provided through this Site or that HMSA creates or receives from Employer may be used or disclosed by HMSA in connection with services provided to Employer by HMSA, and for other purposes that are permitted or required by law. Under the HIPAA Privacy Rule this information may include what is called "protected health information." Protected health information is individually identifiable health information, including demographic information, collected or created or received by a health care provider, a health plan, or a health care clearinghouse that relates to: (i) an individuals past, present or future physical or mental health or condition; (ii) the provision of health care to an individual; or (iii) the past, present or future payment for the provision of health care to an individual. HMSA refers to protected health information and individually identifiable health information interchangeably in this Privacy Statement.

HMSA is committed to protecting the privacy of individually identifiable health information (including any online personal information that also constitutes individually identifiable health information) as follows:

1. HMSA does not sell, transfer or disclose individually identifiable health information without prior authorization, except when permitted or required by law. As used in this Privacy Statement, "required by law" includes the permissive and mandatory requirements of state and federal regulations that govern the use and disclosure of individually identifiable information, such as the federal regulation known as the HIPAA Privacy Rule.
   1. Under the HIPAA Privacy Rule, HMSA is permitted to disclose individually identifiable health information to our contracted agents- business associates- who perform various functions or provide services on HMSA’s behalf. To perform these functions or to provide services, business associates will receive, create, maintain, use, or disclose protected health information, but only after HMSA requires the business associates to agree in writing to contract terms designed to safeguard individually identifiable health information.
   2. HMSA is also permitted to use and disclose individually identifiable health information to support the services HMSA provides through this Site, and to support the business functions provided by HMSA. These services and functions may include:
      1. Providing personalized educational health information,
      2. Tailoring the HMSA experience by compiling and displaying content and information that HMSA thinks a covered employee might be interested in,
      3. Appropriately providing a covered employee information about a health plan,
      4. Allowing a covered employee to request a duplicate membership card, or
      5. Notifying us of a change in a covered employee address (if the covered employee is the subscriber on the account).
2. HMSA may use or disclose individually identifiable health information obtained through this Site to assist our business associates or other covered entities in their treatment, payment, or health care operation activities.
3. HMSA may use individually identifiable health information (including online personal information) to create aggregated anonymous information for the purposes of tailoring our Site to meet our customers’ needs and interests. Distribution and use of this aggregated, anonymous information will be restricted to staff, management, agents and business associates of HMSA who need aggregated statistical information about our users as a group, as well as the patterns of their Site usage.
4. HMSA also may use online personal information on an aggregated basis to provide information that is useful in developing new features and content for the Site, and to provide our agents/business associates, affiliated companies, or any others permitted by law to receive aggregated data, information about our users and the usage patterns of the Site.
5. HMSA reserves the right to perform statistical analyses of user behavior on an aggregate basis in order to measure interest in, and use of, the various areas of the Site, and to inform agents/business associates, affiliated companies, or any others permitted by law to receive such information.
6. HMSA uses Secure Socket Layer ("SSL") encryption technology to enhance data privacy and help prevent loss, misuse or alteration of the information under our control. This encryption technology, however, does not absolutely guarantee or safeguard the total privacy of user information that has been voluntarily disclosed to the Site.
7. HMSA may need to change this Privacy Statement from time to time to address new issues and /or reflect changes on our Site. Please refer back to this Privacy Statement regularly, because Employer’s use of the Site signifies that Employer agrees to be bound by this Privacy Statement and the Conditions of Use, as amended from time to time.
8. In the unlikely event that HMSA is acquired, merges with another entity or sells portions of its assets, our databases (which may contain protected health information and online personal information) may be among transferred assets.
9. The names “HMSA” and “hmsa.com” are proprietary trademarks and service marks of HMSA. The contents of the Site, including but not limited to text, graphics, images and software ("Content"), are protected by copyright under both United States and foreign laws, and HMSA retains all right, title and interest in and to the Content, all copies thereof, and all copyrights and other proprietary rights therein.
10. The Site may contain links to other HMSA related Web sites. This Privacy Statement is distinct from that provided for these related sites. Please review the Privacy Statements found on those sites, which describe the use on information on those web sites. These Privacy Statements are distinct from, and in addition to, this HMSA Benefitfocus privacy statement, which describes in detail how HMSA uses individually identifiable health information that it may receive both online and offline to provide services. HMSA publishes these Notices of Privacy Practices in accordance with the HIPAA Privacy Rule (a federal regulation officially known as the "Standards for the Privacy of Individually Identifiable Health Information").
11. The Site may contain links to other third-party Web sites. These links are provided solely as a convenience and not as an endorsement or recommendation by HMSA of the content on such third-party Web sites, or as an indication of any affiliation, sponsorship, or endorsement of or by such third-party Web sites.
    1. These third-party sites may have their own privacy policies or no policy at all. This Privacy Statement and the Agreement do not apply to such other sites. HMSA has no control over the content displayed on such sites, nor over the measures, if any, that are taken by such sites to protect the privacy of user information.
    2. HMSA is not responsible for the content of linked third-party sites, and does not make any representations regarding the privacy practices of, or the content or accuracy of materials on, such third-party Web sites. Any use of third-party Web sites is subject to the terms of use for such sites. Access to third-party Web sites that are linked to this Site is at the user’s own risk.
12. HMSA uses a standard technology called a "session cookie" to enable our website to recognize a user during a visit to this HMSA Site. The session cookie is stored in temporary memory on the user’s computer and is not retained after the user closes his or her browser.

We hope this Privacy Statement answers any questions about HMSA and privacy. It is in addition to, and is not intended to replace, the Terms and Conditions of Use Agreement.