We respect the privacy of our visitors to our website. We collect only such information on this website as is needed to provide our services.

Information We Collect Automatically

If you visit our website, you consent to our use of Google Analytics, which uses cookies to collect non-personally identifiable information. Google Analytics uses cookies to track visitors who use our website. We then use the information to compile reports and to help us improve our website. We do not send such information to any third parties. Google Analytics collects the information anonymously. It reports website trends without identifying individual visitors.

We will use this information as aggregate data to help us maintain this site. However, you can opt out of Google Analytics without affecting how you visit our website. For more information on opting out of being tracked by Google Analytics across all website you use, visit this Google page: https://tools.google.com/dlpage/gaoptout.

Protecting PHI

CoreSource is a third party administrator that acts on behalf of covered entities. CoreSource understands the importance of protecting your private information. The law defines protected health information ("PHI") as individually identifiable health information on the physical or mental condition of an individual that is transmitted or maintained in any form or medium. This includes facts about the provision of and payment for health care services for individuals. This PHI is covered by federal and state privacy rules. This Notice is intended to help you understand how we treat the PHI that we obtain from you or other sources, including your health plan, its business associates, agents or subcontractors, in the course of providing you with our products and services. When you are conducting business with CoreSource, you can have confidence that we respect your privacy and that we will protect information that we may obtain about you.

• We have established physical, electronic, and procedural safeguards to protect your personal information.
• All personnel within CoreSource are trained on the importance of protecting your personal information.
• We require any persons or businesses that provide services on our behalf to keep your personal information confidential and to use and disclose it only to provide the services we have asked them to perform.
• We do not sell your personal information.

Our Responsibilities and Privacy Commitment

We understand the importance of protecting your private information. Our highest priority is to maintain your trust and confidence. We will maintain our commitment to safeguarding your information now and in the future. We are required by law to:

• Maintain the privacy of your personal information.
• Provide you with certain rights with respect to your personal information.
• Provide you with a copy of this Notice of our legal duties and privacy practices with respect to your personal information.
• Follow the terms of the Notice that is currently in effect.

We are guided by our respect for the confidentiality of your personal information. We are providing you with this notice in accordance with privacy laws and because we want you to know that we value your privacy.

Information We Collect

Personal Information is any information we obtain about you in the course of issuing insurance and/or providing services. The information we may obtain includes, but is not limited to, your past, present, or future physical or mental health or condition, the provision of health care to you, payment for the provision of health care to you, your Social Security number, employment history, credit history, income information, and bank or credit card information.

We obtain this information from several sources, including but not limited to applications or other forms you complete, your business dealings with us and other companies, and consumer reporting agencies.

Our Privacy and Security Procedures

Our employees who have access to this information are those who must have it to provide products or services to you. Below are some examples of our guidelines for protecting information.

• Paper copies, when used, are viewed, discussed, and retained in private surroundings.
• Individuals viewing information stored in a computer must have passwords to gain access. Passwords are provided only to individuals who must have access to provide products or services to our insureds.
• Our business associates use information only for the purpose provided. Business associates sign a contract agreeing to follow our privacy procedures.

Information We Disclose

We will not disclose any Personal Information about you, except as allowed by law, including the Fair Credit Reporting Act. We may share all of the information we collect with insurance companies, agents, companies that help us to conduct our insurance business, companies that are self-insured, or others as permitted by law. Below are examples of the times we may share information for business purposes.

• Underwriting;
• Premium rating;
• Submitting claims;
• Reinsuring risk;
• Assessing quality;
• Business management and planning; andSales, transfer, merger or consolidation of the business.

Your information may also be shared:

• For purposes of treatment, payment, and operations, including assessment of eligibility, case management activities, coordination of care, collection of premium, payment of benefits, and other claims administration.
• With a regulatory, law enforcement, or other government authority as required by law. This may include finding or preventing criminal activity, fraud, material misrepresentation or material nondisclosures in connection with an insurance issue.
• In response to an administrative or judicial order, including a search warrant or subpoena.
• With a medical care institution or professional, to verify coverage, conduct an audit of their activities, discuss a medical problem of which the insured may not be aware, discuss drug and disease management approaches, and other purposes permitted or required by law.
• To conduct actuarial or research studies. In this case, individuals are not identified in the research report. Material identifying an individual is destroyed as soon as it is no longer needed.
• With our business associates for use in auditing services or operations, auditing marketing services, performing various functions on our behalf, or to provide certain services.
• With a group policyholder for reporting claims experience, or for conducting an audit of our operations or services.
• To consult with outside health care providers, consultants and attorneys, and other health related services.
• As otherwise permitted or required by law.

We require those with whom we share information to implement appropriate safeguards regarding your Personal Information. We share only that which is minimally necessary to accomplish a task. Information that we get from a report made by a company that assists us to conduct insurance business may be retained by that company and used for other purposes.

Your written authorization is required for uses and disclosures of Personal Information for purposes other than those described above. If you provide us authorization to use or disclose your Personal Information, you may revoke that authorization, in writing, at any time. If you revoke your authorization, we will no longer use or disclose information for the specific purpose contained in the authorization. We are required to retain any records we may have containing your Personal Information for the periods specified in document retention laws. If you revoke your authorization for payment or health care operations, you may jeopardize the administration of the benefits under your health plan.

Your Rights

Upon written request, you have the right to:

• Inspect and copy certain Personal Information. We may charge a reasonable fee for the costs of copying or mailing.
• Receive confidential communication of Personal Information.
• Request restrictions on certain uses and disclosures of your Personal Information, although we are not required to agree to a requested restriction.
• Request an amendment to your Personal Information, although we are not required to agree to an amendment.
• Receive an accounting of impermissible Personal Information disclosures or disclosures made in compliance with federal law (or state regulations, if applicable) for which an accounting is required.
• Be notified of a breach of unsecured Personal Information.

The written request must reasonably describe the information. The information requested must be reasonably locatable and retrievable.

How to File a Complaint Regarding the Use and Disclosure of Personal Information

If you believe your privacy rights have been violated, you may file a complaint with us, your respective state insurance department, or with the Secretary of Health and Human Services. All complaints must be in writing.

You may not be retaliated against for filing a complaint.

How to Contact Us

You may contact our representative at the following address:

Privacy Officer
Privacy Request
Trustmark Companies
PO Box 7961
Lake Forest, Il 60045-7961

Email – privacymanagementoffice@trustmarkins.com

Notification of a revised privacy notice will be provided through one of the following:

• U.S. Postal Service
• Revised Plan Document
• Internet E-mail

Any right a consumer, claimant, or beneficiary may have under this notice is not limited by any other privacy notice used Trustmark Mutual Holding Company or its subsidiaries and affiliates.