NOTICE OF PRIVACY PRACTICES

This provides notice of the privacy practices and policies of Financial Arts, Inc. These protections

have been adopted to ensure that the information that we obtain and maintain for our clients and

customers, which may also include information about the employees, dependents, former employees

and dependents, and other eligible participants on a group health plan for which we are providing

services (“Protected Parties”), is protected in accordance with relevant state and federal rules. The

Notice outlines our practices, policies, and legal duties to maintain and protect against prohibited

disclosure of personally-identifiable financial information (as required by the federal Gramm-Leach-

Bliley Financial Modernization Act (“GLB Act”), and the various state laws implementing those

requirements), Protected Health Information of those Protected Parties (under the privacy

regulations mandated by the Health Insurance Portability and Accountability Act and further

expanded by the Health Information Technology for Economic and Clinical Health Act provisions in

Title XIII of the American Recovery and Reinvestment Act (“HITECH”), the HIPAA Omnibus ruling of

2013, and the regulations related to these laws and mandates), and the protection of personallyidentifiable

information under 45 CFR § 155.260 (collectively referred herein as “Privacy Rules”).

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT A PROTECTED PARTY

MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

THE PROTECTION OF THE PRIVACY OF THE INFORMATION WE MAINTAIN IS IMPORTANT TO US.

1. Statement of Our Duties. We are required by law to

maintain the privacy of non-public personal information

(“NPPI”), protected health information (“PHI”), and

personally-identifiable information (“PII”) (collectively

referred herein as “Protected Information”) of the

Protected Parties and to provide our clients with this notice

of our privacy practices and legal duties. We are required to

abide by the terms of this notice. We reserve the right to

change the terms of this notice and to adopt any new

provisions regarding the Protected Information that we

maintain about the Protected Parties. If we revise this

notice, we will provide each client or customer with whom

there is a current and direct business relationship with a

revised notice by mail, electronic mail or any other

electronic means, telefacsimile or fax, or hand-delivery.

2. Statement of the Client’s Rights under Privacy

Rules. As our client or customer, you have a right to know

how we may use or disclose the Protected Information we

maintain on those Protected Parties with whom there is a

direct relationship. In the event that our customer or client

is an employer sponsoring a group health plan, we do not

have a direct duty to their employees, dependents, former

employees or dependents or other eligible participants on

the group health plan. Our obligations to not disclose the

Protected Information we maintain about those individuals

may arise due to our contractual obligations as a Business

Associate of both the client or customer, as well as to any

other third party who is a Covered Entity under the Privacy

Rules, but does not create a special legal duty to provide

notice to those individuals of their rights through a Notice

of Privacy Practices.

Primary Uses and Disclosures of Protected Information. We

use and disclose Protected Information about Protected

Parties for payment and health care operations. Privacy

Rule does not generally “preempt” (or take precedence

over) state privacy or other applicable laws that provide

individuals greater privacy protections. As a result, to the

extent state law applies, the privacy laws of a particular

state, or other federal laws, rather than the Privacy Rules,

might impose a privacy standard under which we will be

required to operate. For example, where such laws have

been enacted, we will follow more stringent state privacy

laws that relate to uses and disclosures of the Protected

Information concerning HIV or AIDS, mental health,

substance abuse/chemical dependency, genetic testing, or

reproductive rights.

In addition to these law requirements, we also may use or

disclose Protected Information in the following situations:

Payment: We might use and disclose your Protected

Information for all activities that are included within the

definition of “payment” within the Privacy Rules. For

example, we might use and disclose a Protected Party’s

Protected Information to assist with the payment of claims

for services provided to that Protected Party by doctors,

hospitals, pharmacies and others for services that are

covered by a group health plan. We might also use your

2

information to determine your eligibility for benefits, to

coordinate benefits, to examine medical necessity, to obtain

premiums, and to issue explanations of benefits to the

person who subscribes to the health plan in which you

participate.

Health Care Operations: We might use and disclose a

Protected Party’s Protected Information for all activities

that are included within the definition of “health care

operations” within the Privacy Rules. For example, we

might use and disclose the Protected Information of a

Protected Party to an insurer to determine the premiums

for your health plan, to conduct quality assessment and

improvement activities, to engage in care coordination or

case management, and to manage our business.

Business Associate Subcontractors: In connection with our

payment and health care operations activities, we contract

with individuals and entities (called “subcontractors”) to

perform various functions on our behalf or to provide

certain types of services. To perform these functions or to

provide the services, our subcontractors will receive, have

access to, create, maintain, use, or disclose Protected

Information, but only after we require the subcontractor to

agree in writing to contract terms designed to appropriately

safeguard your information.

Other Covered Entities: In addition, we might use or

disclose your Protected Information to assist health care

providers in connection with their treatment or payment

activities, or to assist other covered entities in connection

with certain of their health care operations. For example,

we might disclose a Protected Party’s Protected

Information to a health care provider when needed by the

provider to render treatment to that party, and we might

disclose Protected Information to another covered entity or

subcontractor to conduct health care operations related to

billing, claims payment or enrollment.

For all other uses and disclosures, we first must obtain your

permission.

In addition, you have the following rights:

• The right to request that we place additional

restrictions on our uses and disclosures of the

Protected Information of Protected Parties. However,

we are not obligated to agree to impose any such

additional restrictions.

• The right to access, inspect, and copy the protected

information pertaining to Protected Parties that we

maintain in our files, and the right to have us correct or

amend any information that we create in error.

Requests to access or amend your health information

should be sent to the contact person and address

provided below.

• The right to receive an accounting of the disclosures of

the Protected Information we maintain on Protected

Parties that we make for purposes other than activities

related to payment functions or other health care

operations.

• The right to request that communications containing a

protected party’s Protected Information are sent in a

confidential manner.

• If you received this notice electronically, you also have

the right to obtain a paper copy of this notice from us

on request.

3. Information We Collect About You. We collect the

following categories of information for group and/or

individual policies from the following sources:

a) Information that we obtain directly from you, in

conversations or on applications or other forms

that you or a Protected Party completes.

b) Information regarding current or prospective plan

participants we obtain about them on applications

or other forms.

c) Information about the plan’s transactions with our

affiliates, others or us.

d) Information that we obtain as a result of our

transactions with you.

4. Permissible Uses and Disclosures of Protected

Information. We disclose the information we receive

regarding current or prospective plan participants only in

accordance with the terms and conditions of the various

Business Associate contracts we have entered to with

Covered Entities under Privacy Rules and as permitted

under state and federal laws concerning the privacy of your

insurance and financial information. Those include:

• Situations Permitted or Required by Law. We also may

use or disclose your Protected Information without

your written permission for other purposes permitted

or required by law, including, but not limited to the

following:

a) As authorized by and to the extent necessary to

comply with workers’ compensation or other nofault

laws;

b) To an oversight or insurance regulatory agency for

activities including audits or civil, criminal or

administrative actions;

c) To a public health authority for purposes of public

health activities (such as to the Federal Food and

Drug Administration to report consumer product

defects);

d) To a law enforcement official for law enforcement

purposes or in response to a court order or in the

course of any judicial or administrative

proceeding;

3

e) To organ procurement organizations or other

entities for approved research; or

f) To a governmental authority, including a social

service or protective services agency, authorized to

receive reports of abuse, neglect or domestic

violence.

• For Any Purposes to Which You Have Not Objected. In

certain limited circumstances, we may use or disclose

your Protected Information after we have given you an

opportunity to object and you have not objected. For

example, if you do not object, we may use limited

information about you to maintain an office directory,

to notify family members or any other person identified

by you regarding issues directly related to such

person’s involvement with your care or payment for

that care, or in emergency circumstances.

• For Purposes for Which We Have Obtained your

Written Permission. All other uses or disclosures of

your Protected Information will be made only with

your written permission, and you may revoke any

permission that you give us at any time.

5. Complaints About Misuse of Health Information.

You may complain either directly to us or to the Secretary

of Health and Human Services if you believe that your rights

with respect to our protection of your health information

have been violated. To file a complaint with us, you may

send a written statement outlining your complaint, the facts

and circumstances surrounding your complaint, including

the names, dates and as many details as possible. You will

not be retaliated against in any way for filing a complaint.

6. Our Practices Regarding Confidentiality and

Security. We restrict access to Protected Information about

you to those employees and its subcontractors who need to

know that information in order to provide products and

services to you. We maintain physical, electronic and

procedural safeguards that comply with state & federal

regulations to guard your Protected Information.

7. Our Duties. We are required by law to maintain the

privacy of Protected Information and to provide individuals

with notice of its legal duties and privacy practices with

respect to Protected Information. If unsecured Protected

Information is acquired, used or disclosed in a manner that

is not permitted under the Privacy Rules that compromises

the security or privacy of that Protected Information,

(referred to as a “Breach”), We are required to provide

appropriate Notice as defined by law without unreasonable

delay and in no case later than 60 days after the discovery

of the Breach or the receipt of information of the Breach.

We may delegate this duty to a subcontractor. We are

required to abide by the terms of the Notice that is currently

in effect. We will provide a paper copy of this Notice to you

upon your request.

8. Our Policy Regarding Dispute Resolution. Any

controversy or claim arising out of or relating to our privacy

policy, or the breach thereof, shall be settled by arbitration

in accordance with the rules of the American Arbitration

Association, and judgment upon the award rendered by the

arbitrator(s) may be entered in any court having

jurisdiction thereof.

9. Revisions to this Notice. We reserve the right to

change the terms of this Notice and to make the new Notice

provisions effective for all Protected Information we

maintain, regardless of whether the Protected Information

was created or received prior to issuing the revised Notice.

Whenever there is a material change to our use and

disclosure of Protected Information, individual rights, our

duties, or other privacy practices stated in this Notice, we

will promptly revise and distribute the new Notice.

Contact Person for Filing Complaint or Obtaining Other

Information. If you believe your privacy rights have been

violated, you may file a written complaint with our Privacy

Officer at the following address:

Daniel Fagen

Privacy Officer

921 S Halleck St.

DeMotte, Indiana 46310

dan@financialartsinc.com

(219) 987-4438