Notice: See if you qualify to enroll in health coverage now. The application is available daily from 6 a.m. to 11 p.m.
Notice: See if you qualify to enroll in health coverage now. The application is available daily from 6 a.m. to 11 p.m.
Updated September 2020:
Notice of change: In an effort to improve our operations, we implement new technologies from time to time while maintaining your privacy.
YOUR PRIVACY MATTERS TO US
Welcome to Maryland Health Benefit Exchange’s Privacy Notice that is applicable to the three sites it maintains namely MarylandHealthConnection.gov, MarylandHBE.com and Maryland Small Business. We are committed to protect your personal information! Every decision we make is based upon that fundamental principle, including how we collect, maintain and utilize your personal information. We want you to enroll with confidence and to be informed and empowered with regard to your personal privacy.
View or download a copy of:
Our Authority to Collect Personally Identifiable Information (PII)
We collect PII pursuant to federal and state laws namely the Affordable Care Act (ACA) and Title 31 of the Insurance Article of the Maryland Code Annotated (MD Code Ann., Insurance §31-101 et seq.).
Types of PII We Collect
The specific elements of PII we collect include your or your family member’s name, date of birth, social security number, ID, employment status, income, citizenship, immigration documents, email, phone number, address, insurance member ID / policy number, military status, race, photographic identifiers, driver’s license number, mother’s maiden name, certificates and/or legal documents.
We do not solicit information of any kind from children under age 13 as the law requires. If you believe that we have received information from a child under age 13, please contact Maryland Health Connection’s customer service center at 1-800-318-2596. Deaf and hard of hearing, please use Relay service.
Purpose for Which We Collect PII
We collect, create, use, store and disclose your PII to determine whether you are eligible for and, if so, enroll you in health coverage, dental coverage and programs that make insurance more affordable for you such as advance payment of premium tax credits (APTC), cost sharing reductions (CSR), Maryland Medicaid or Maryland Children’s Health Program (MCHP). If necessary, we may also collect or disclose your information to carry out other functions the law requires, or if the Secretary of U.S. Department of Health and Human Services specifically allows it. We strive to ensure that all PII we collect and maintain is accurate, relevant, timely and complete for the intended purpose.
In addition, we collect information on pages you visit, user specific information on accessed pages and information volunteered by you such as surveys and/or site registrations. The information we collect is used for internal review to improve our web pages, customize content and/or layout for individual consumers and to contact consumers for marketing purposes. Moreover, we use Google Analytics to provide relevant advertisements to you; and, our web site uses “cookies” to improve the consumer experience and services/products offered. We do not store information from cookies on our systems. The persistent cookies used with third-party tools on MarylandHealthConnection.gov can be stored on a user’s local system and are set to expire at varying time periods depending upon the cookie.
How We Use PII Internally
We use your Personally Identifiable Information to:
Why and How We Share PII Externally
We may share your information with State and federal agencies to determine your eligibility for health insurance and other insurance affordability programs through secure electronic portals guided by data sharing agreements. The federal agencies may include the Health and Human Services (HHS), Centers for Medicare and Medicaid Services (CMS), Social Security Administration (SSA), the Internal Revenue Service (IRS), the Department of Homeland Security (DHS), the Department of Defense (DoD) and the Veterans Health Administration (VHA). In addition, we may share your information with the National Death Registry to ensure that deceased individuals’ names are not fraudulently used.
State agencies may include the Maryland Department of Health (MDH), Maryland Medicaid and Children’s Health Insurance Program (CHIP), Department of Human Services (DHS), Maryland Insurance Administration (MIA), Office of Comptroller of Maryland, Department of Information Technology (DoIT). In addition, if you opt in, we provide you the opportunity to register to vote through Maryland State Board of Elections (SBE).
We may also share your information with the employer(s) listed on your application by mail for the limited purposes of verifying whether you are eligible for or are enrolled in employer-sponsored coverage.
Other entities we share your PII with may also include consumer reporting agencies for income verification purposes; agents, brokers, issuers of health plans; and/or our contractors that are engaged to perform various functions of the Exchange such as consumer assistance services, information technology services, fulfillment services, third-party administration and other services as needed.
Additionally, we may partner with entities, such as educational institutions, to understand better ways of improving our consumers’ understanding, use, and access of their health benefits.
Of course, we share your information with you or the authorized representative to whom you consent to us to share information.
Your Consent to Use and Share Your PII
We cannot – and do not – collect your information without your knowledge or consent. You provide your consent by clicking a check-box when applying for insurance coverage online, electronically signing at the time of the application, providing wet signature when applying in person, or verbally consenting when prompted by the call center representative in case of an over-the-phone application. Your consent means that under the penalty of perjury, you confirm the accuracy of the information provided and agree to promptly report any change in your or your family’s personal circumstances such as, including but not limited to, address, income, immigration or health insurance status.
Although providing information is voluntary – and your consent may be withdrawn at any time – failing to provide certain information may delay or prevent your ability to obtain insurance through us or enroll in insurance affordability programs such as advance payment of premium tax credits (APTC), cost sharing reductions (CSR), Maryland Medicaid or Maryland Children’s Health Program (MCHP). Please note that knowingly and willfully providing false or fraudulent information may make you subject to a penalty or other law enforcement actions. If you wish to rescind your consent to use your personal information, please either:
Terms & Conditions for Text Alerts
We offer text messaging as a way to communicate with you. You do not have to receive text messages to apply for health coverage. To receive text messages from Maryland Health Connection, you must consent by providing a mobile phone number and opting in. Text messaging from Maryland Health Connection may also include one-time texts for Multi-factor Authentication (MFA).
How You May Access, Inspect and Amend Your Record
You have the right to access, inspect or update any record containing your personal information, and print submitted applications at any time. A change in your information may trigger the need for you to provide supporting documentation.
We maintain your information to achieve the specific objective for which you provided it to us. The data is then archived or destroyed in accordance with our records schedules which, at a minimum, reflect the Affordable Care Act data retention requirements.
How We Protect Your Personal Information
We strictly adhere to a wide range of federal and state privacy and information security related requirements under Affordable Care Act privacy regulations as enlisted in 45. C.F.R §155.260, federal guidance on Preparing and Responding to a Breach of Personally Identifiable Information in OMB M-17-12 memorandum, Minimum Acceptable Risk Standards for Exchanges as prescribed in MARS-E, privacy and security policy / guidance by the Maryland Department of Information Technology , Md. State Government Code Ann. § 10-1301 et. seq. for the Protection of Information by Governmental Agencies and our Computer Matching Agreement with CMS.
Privacy and Information Security Safeguards
To ensure that any personal information you provide remains safe and secure, we have established and implemented strong technical, administrative and physical safeguards based upon these privacy and security-related legal requirements to ensure that:
We utilize advanced encryption, data loss prevention measures, and strict access controls to safeguard your information. Our staff and third-party representatives receive ongoing privacy and information security training and attest to the adherence of our privacy and security practices on an annual basis.
Application to Non-Exchange Entities
In the event we are required to disclose your personal information to another government agency, a qualified health plan or any other non-exchange entity in order to fulfill a required Exchange function, we first require any such organization to enter into a legally-binding contract in which they agree to abide by privacy and security controls as stringent as those developed and implemented by us. We also monitor the performance of these agreements and may actually terminate our contract with any such non-exchange entity should it fail to comply.
Notification of Potential Privacy Breach
Our employees and non-exchange entities are required to immediately contact the Privacy Office should they ever suspect or know that the confidentiality of your personal information has been compromised. Upon notification, the Privacy Office immediately investigates and takes any remedial measures needed to ensure the continuing security of your personal information. In the event that your personal information is disclosed to an unauthorized person, we will notify you in accordance with the applicable law.
How We Protect Your Federal Tax Information (FTI)
During the course of performing Exchange functions mandated by the law, we legally receive your FTI from either the Internal Revenue Service (IRS) or from secondary sources such as the Social Security Administration. Pursuant to Internal Revenue Code Section 6103, we have implemented adequate protections – physical and technological – to keep your FTI safe and only allow access to it on a need-to-know basis. We also require our procured contractors with access to FTI to adhere to the same security protocols. In addition, our procedures and protections pertaining to FTI security are frequently assessed by the IRS through on site audits, Safeguard Review Reports, Safeguard Security Reports and Corrective Action Plans, if any.
You have the right to authorize a third party, in both the individual and the small group market, to act on your behalf, and in your best interest, to apply for health insurance eligibility, sign an application, update or respond to an eligibility redetermination, and carry out other ongoing communications with us. The designation remains in effect until you inform us that the representative is no longer authorized or the designated authorized representative informs us that they are not acting in that capacity anymore. To designate an authorized representative, or to remove/replace one, please either:
Activities Impacting Your Privacy Generally
Use of PII for Research or Remuneration
We do not sell your information or allow access to it for purposes such as testing or research without your consent and/or legal authority.
Non-Identifying Information Collected & Stored Automatically
When you browse this website or download information, we gather and store certain information about your visit for statistical purposes to provide relevant experiences and advertisements to our visitors. The following information, which does not identify you personally, is gathered:
Marketplace Email Messages
If you have given us your permission to send you marketing messages via email, you will receive important updates, deadlines or reminders related to the health insurance marketplace via the provided email address. In sending these email reminders, MHBE remains compliant with Federal Trade Commission’s guidelines on e-mail marketing: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
We use electronic surveys (email, online) to collect opinions and feedback. You do not have to answer these questions. If you do answer these questions, please do not include any personally identifiable information in your answers. We analyze and use the information from these surveys to improve the site’s operation and content. The information is available only to MHBE managers, members of the MHBE communications and web teams, and other designated state staff and contractors who require this information to perform their duties.
Third-Party Websites & Applications
We use a variety of third-party tools and links to third-party websites (public and private) to connect with you through social networking & media sites, for digital advertising and to gather information for web analytics. Your activity on the third-party websites that our websites link to (such as Facebook, Twitter, healthcare providers) is governed by the security and privacy policies of those sites. We do not own, manage, or control these third-party sites. You should review the privacy policies of all websites before using them so that you understand how your information may be used, and adjust the privacy settings on your account with them to match your preferences.
Accounting of Disclosures
You have the right to request a report on non-routine disclosure(s) of your information including the type(s) of information disclosed, the date of disclosure, by whom, to whom and for what purpose. An example of a non-routine disclosure is when an external auditor reviews your record. There may be instance(s) where law enforcement requires us not to disclose such information for a period of time if such a disclosure could cause harm or impede justice. To request such an accounting of disclosure(s), please:
Changes to Our Privacy Notice or IT Systems
This Privacy Notice may at our discretion be updated and revised from time-to-time and any such updates or revisions will be automatically applicable to any personal information you have provided. Any major changes relevant to the use of your personal information or changes in the system will be posted prominently on our website.
Contact the Privacy Officer
Should you have any questions or concerns regarding this Privacy Notice, please feel free to contact the Privacy Office at 410-547-6862. Deaf and hard of hearing, please use the Relay service.