Privacy Notice, Policies and Accessibility
|Fraud Protection||Social Policy|
|Public Information Act Policy||Nondiscrimination and Accessibility Requirements Notice|
|Terms and Conditions for Text Alerts|
Updated July 2020:
Notice of change: In an effort to improve our operations, we implement new technologies from time to time while maintaining your privacy. To validate the demographic information of consumers who are eligible for Medicaid and/or Maryland Children's Insurance Program, we implemented a Robotic Process Automation that matches information in consumers' applications with that maintained by the Department of Human Services. We also implemented Optical Character Recognition technology in the mobile application which reads your information from document(s), such as a license or passport, and automatically populates some of your information into forms for you.
YOUR PRIVACY MATTERS TO US
Welcome to Maryland Health Benefit Exchange’s Privacy Notice that is applicable to the three sites it maintains namely MarylandHealthConnection.gov, MarylandHBE.com and Maryland Small Business. We are committed to protect your personal information! Every decision we make is based upon that fundamental principle, including how we collect, maintain and utilize your personal information. We want you to enroll with confidence and to be informed and empowered with regard to your personal privacy.
- We will not collect personal information from you without your knowledge or consent;
- We will not knowingly disclose your personal information to a third party, except as provided in this Privacy Notice;
- We will allow you to inspect and correct your personal information;
- We will take any and all reasonable measures to protect the security of any personal information you provide;
- We will inform you of our activities that impact your privacy such as collection, use, sharing, safeguarding, maintenance and disposal of your personal information; and
- We will notify you if we think that the privacy of any personal information you provide may have been compromised.
Our Authority to Collect Personally Identifiable Information (PII)
We collect PII pursuant to federal and state laws namely the Affordable Care Act (ACA) and Title 31 of the Insurance Article of the Maryland Code Annotated (MD Code Ann., Insurance §31-101 et seq.).
Types of PII We Collect
The specific elements of PII we collect include your or your family member’s name, date of birth, social security number, ID, employment status, income, citizenship, immigration documents, email, phone number, address, insurance member ID / policy number, military status, race, photographic identifiers, driver’s license number, mother’s maiden name, certificates and/or legal documents.
We do not solicit information of any kind from children under age 13 as the law requires. If you believe that we have received information from a child under age 13, please contact Maryland Health Connection’s customer service center at 1-800-318-2596. Deaf and hard of hearing, please use Relay service.
Purpose for Which We Collect PII
We collect, create, use, store and disclose your PII to determine whether you are eligible for and, if so, enroll you in health coverage, dental coverage and programs that make insurance more affordable for you such as advance payment of premium tax credits (APTC), cost sharing reductions (CSR), Maryland Medicaid or Maryland Children’s Health Program (MCHP). If necessary, we may also collect or disclose your information to carry out other functions the law requires, or if the Secretary of U.S. Department of Health and Human Services specifically allows it. We strive to ensure that all PII we collect and maintain is accurate, relevant, timely and complete for the intended purpose.
In addition, we collect information on pages you visit, user specific information on accessed pages and information volunteered by you such as surveys and/or site registrations. The information we collect is used for internal review to improve our web pages, customize content and/or layout for individual consumers and to contact consumers for marketing purposes. Moreover, we use Google Analytics to provide relevant advertisements to you; and, our web site uses “cookies” to improve the consumer experience and services/products offered. We do not store information from cookies on our systems. The persistent cookies used with third-party tools on MarylandHealthConnection.gov can be stored on a user’s local system and are set to expire at varying time periods depending upon the cookie.
- To opt out of our use of Google Analytics, visit the Google Analytics Opt-Out page.
How We Use PII Internally
We use your PII to verify your identity, determine whether you are eligible for health and/or dental coverage, whether you qualify for the insurance affordability programs, enroll you in insurance affordability programs, create and maintain your online account, process appeals, assist you in making a payment for the insurance plan you select, send automated reminders if you consent to receive them, combat fraud, survey you about your customer experience and control quality.
If you send us an email, we use the information you send to respond to your inquiry. Please note that an email correspondence may be disclosed to other parties upon their request, if applicable, pursuant to Maryland’s Public Information Act.
Why and How We Share PII Externally
We may share your information with State and federal agencies to determine your eligibility for health insurance and other insurance affordability programs through secure electronic portals guided by data sharing agreements. The federal agencies may include the Health and Human Services (HHS), Centers for Medicare and Medicaid Services (CMS), Social Security Administration (SSA), the Internal Revenue Service (IRS), the Department of Homeland Security (DHS), the Department of Defense (DoD) and the Veterans Health Administration (VHA). In addition, we may share your information with the National Death Registry to ensure that deceased individuals’ names are not fraudulently used.
State agencies may include the Maryland Department of Health (MDH), Maryland Medicaid and Children’s Health Insurance Program (CHIP), Department of Human Services (DHS), Maryland Insurance Administration (MIA), Office of Comptroller of Maryland, Department of Information Technology (DoIT). In addition, if you opt in, we provide you the opportunity to register to vote through Maryland State Board of Elections (SBE).
We may also share your information with the employer(s) listed on your application by mail for the limited purposes of verifying whether you are eligible for or are enrolled in employer-sponsored coverage.
Other entities we share your PII with may also include consumer reporting agencies for income verification purposes; agents, brokers, issuers of health plans; and/or our contractors that are engaged to perform various functions of the Exchange such as consumer assistance services, information technology services, fulfillment services, third-party administration and other services as needed.
Of course, we share your information with you or the authorized representative to whom you consent to us to share information.
Your Consent to Use and Share Your PII
We cannot – and do not – collect your information without your knowledge or consent. You provide your consent by clicking a check-box when applying for insurance coverage online, electronically signing at the time of the application, providing wet signature when applying in person, or verbally consenting when prompted by the call center representative in case of an over-the-phone application. Your consent means that under the penalty of perjury, you confirm the accuracy of the information provided and agree to promptly report any change in your or your family’s personal circumstances such as, including but not limited to, address, income, immigration or health insurance status.
Although providing information is voluntary – and your consent may be withdrawn at any time – failing to provide certain information may delay or prevent your ability to obtain insurance through us or enroll in insurance affordability programs such as advance payment of premium tax credits (APTC), cost sharing reductions (CSR), Maryland Medicaid or Maryland Children’s Health Program (MCHP). Please note that knowingly and willfully providing false or fraudulent information may make you subject to a penalty or other law enforcement actions. If you wish to rescind your consent to use your personal information, please either:
- Contact Maryland Health Connection’s consumer support center at 1-855-642-8572. Deaf and hard of hearing, please use the Relay service.
- Contact the Privacy Officer at 410-547-6862. Deaf and hard of hearing, please use the Relay service.
Terms & Conditions for Text Alerts
We offer text messaging as a way to communicate with you. You do not have to receive text messages to apply for health coverage. To receive text messages from Maryland Health Connection, you must consent by providing a mobile phone number and opting in. Text messaging from Maryland Health Connection may also include one-time texts for Multi-factor Authentication (MFA).
- To stop delivery of text messages related to the status of your application, deadlines, health care benefits and general health information, reply STOP from your mobile phone.
- If you want to specify the type of text messages you will receive, you can go to Manage Account Settings to manage your text subscriptions.
- For security reasons, if you would like to stop MFA, go to the “Enable or Disable Additional Security” section on your account home page and click “Opt Out.”
- If you have any questions about text messages, you can contact Maryland Health Connection’s consumer support center at 1-855-642-8572. Deaf and hard of hearing, please use Relay service.
How You May Access, Inspect and Amend Your Record
You have the right to access, inspect or update any record containing your personal information, and print submitted applications at any time. A change in your information may trigger the need for you to provide supporting documentation.
- If you would like to access, inspect or amend your Maryland Health Connection records, please either:
- Log in to your online account for immediate access, or
- Contact Maryland Health Connection’s consumer support center at 1-855-642-8572. Deaf and hard of hearing, please use Relay service.
- If you believe your privacy rights have been violated, please contact the Privacy Officer at 410-547-6862. Deaf and hard of hearing, please use Relay service. Maryland Health Connection will not take any retaliatory action against you if you make a complaint in good faith and the complaint will not affect your eligibility and enrollment in health insurance through Maryland Health Connection.
We maintain your information to achieve the specific objective for which you provided it to us. The data is then archived or destroyed in accordance with our records schedules which, at a minimum, reflect the Affordable Care Act data retention requirements.
How We Protect Your Personal Information
We strictly adhere to a wide range of federal and state privacy and information security related requirements under Affordable Care Act privacy regulations as enlisted in 45. C.F.R §155.260, federal guidance on Preparing and Responding to a Breach of Personally Identifiable Information in OMB M-17-12 memorandum, Minimum Acceptable Risk Standards for Exchanges as prescribed in MARS-E, privacy and security policy / guidance by the Maryland Department of Information Technology , Md. State Government Code Ann. § 10-1301 et. seq. for the Protection of Information by Governmental Agencies and our Computer Matching Agreement with CMS.
Privacy and Information Security Safeguards
To ensure that any personal information you provide remains safe and secure, we have established and implemented strong technical, administrative and physical safeguards based upon these privacy and security-related legal requirements to ensure that:
- The confidentiality, integrity, and availability of any personal information created, collected, used or disclosed by or to us is preserved;
- Your personal information is only used by or disclosed to those authorized to receive or view it;
- Any federal tax information we receive from the Internal Revenue Service (IRS) is kept confidential in accordance with the Internal Revenue Code;
- Your personal information is protected against any reasonably anticipated threats or hazards to its confidentiality, integrity or availability;
- Your personal information is protected against any reasonably anticipated uses or disclosures of such information which are not permitted or required by law;
- Any personal information you provide is securely destroyed or disposed of in an appropriate and reasonable manner and in accordance with retention schedules; and
- Your personal information is complete, accurate and up-to-date to the extent necessary for its intended purposes and has not been altered or destroyed in an unauthorized manner.
We utilize advanced encryption, data loss prevention measures, and strict access controls to safeguard your information. Our staff and third-party representatives receive ongoing privacy and information security training and attest to the adherence of our privacy and security practices on an annual basis.
Application to Non-Exchange Entities
In the event we are required to disclose your personal information to another government agency, a qualified health plan or any other non-exchange entity in order to fulfill a required Exchange function, we first require any such organization to enter into a legally-binding contract in which they agree to abide by privacy and security controls as stringent as those developed and implemented by us. We also monitor the performance of these agreements and may actually terminate our contract with any such non-exchange entity should it fail to comply.
Notification of Potential Privacy Breach
Our employees and non-exchange entities are required to immediately contact the Privacy Office should they ever suspect or know that the confidentiality of your personal information has been compromised. Upon notification, the Privacy Office immediately investigates and takes any remedial measures needed to ensure the continuing security of your personal information. In the event that your personal information is disclosed to an unauthorized person, we will notify you in accordance with the applicable law.
How We Protect Your Federal Tax Information (FTI)
During the course of performing Exchange functions mandated by the law, we legally receive your FTI from either the Internal Revenue Service (IRS) or from secondary sources such as the Social Security Administration. Pursuant to Internal Revenue Code Section 6103, we have implemented adequate protections – physical and technological – to keep your FTI safe and only allow access to it on a need-to-know basis. We also require our procured contractors with access to FTI to adhere to the same security protocols. In addition, our procedures and protections pertaining to FTI security are frequently assessed by the IRS through on site audits, Safeguard Review Reports, Safeguard Security Reports and Corrective Action Plans, if any.
You have the right to authorize a third party, in both the individual and the small group market, to act on your behalf, and in your best interest, to apply for health insurance eligibility, sign an application, update or respond to an eligibility redetermination, and carry out other ongoing communications with us. The designation remains in effect until you inform us that the representative is no longer authorized or the designated authorized representative informs us that they are not acting in that capacity anymore. To designate an authorized representative, or to remove/replace one, please either:
- Log in to your online account [LINK IT TO THE URL FOR ACCOUNT LOGIN] to do so yourself;
- Contact Maryland Health Connection’s consumer support center at 1-855-642-8572. Deaf and hard of hearing, please use Relay service;
- Mail a written document with signature, or another legally binding format, subject to applicable authentication and data security standards, designating an authorized representative to P.O. Box 857, Lanham, MD 20703 or fax to 855-642-8574; or
- Visit a local navigator or broker for in-person assistance. A list of sources for free, in-person help can be found here.
Activities Impacting Your Privacy Generally
Use of PII for Research or Remuneration
We do not sell your information or allow access to it for purposes such as testing or research without your consent and/or legal authority.
Non-Identifying Information Collected & Stored Automatically
When you browse this website or download information, we gather and store certain information about your visit for statistical purposes to provide relevant experiences and advertisements to our visitors. The following information, which does not identify you personally, is gathered:
- The internet domains (example: aol.com) and IP addresses of user
- The type of browser and operating system used to access the site
- The date and time of visits
- The pages visited by users
- The address from which users link to the website
- Browser language
- Device type
- Screen resolution
- Approximate geographic location based on the IP address of the user’s local system
- Geographic location
- Scroll Depth-the measure of how much of a web page was viewed
- User events (e.g. clicking a button)
- Time spent on page
Marketplace Email Messages
If you have given us your permission to send you email messages, you will receive important updates, deadlines or reminders related to the health insurance marketplace via the provided email address. In sending these email reminders, MHBE remains compliant with Federal Trade Commission’s guidelines on e-mail marketing: https://www.ftc.gov/tips-advice/business-center/guidance/can-spam-act-compliance-guide-business
- To opt out of emails, please use the “unsubscribe” link at the bottom of every Maryland Health Connection email.
We use electronic surveys (email, online) to collect opinions and feedback. You do not have to answer these questions. If you do answer these questions, please do not include any personally identifiable information in your answers. We analyze and use the information from these surveys to improve the site’s operation and content. The information is available only to MHBE managers, members of the MHBE communications and web teams, and other designated state staff and contractors who require this information to perform their duties.
Third-Party Websites & Applications
We use a variety of third-party tools and links to third-party websites (public and private) to connect with you through social networking & media sites, for digital advertising and to gather information for web analytics. Your activity on the third-party websites that our websites link to (such as Facebook, Twitter, healthcare providers) is governed by the security and privacy policies of those sites. We do not own, manage, or control these third-party sites. You should review the privacy policies of all websites before using them so that you understand how your information may be used, and adjust the privacy settings on your account with them to match your preferences.
Accounting of Disclosures
You have the right to request a report on non-routine disclosure(s) of your information including the type(s) of information disclosed, the date of disclosure, by whom, to whom and for what purpose. An example of a non-routine disclosure is when an external auditor reviews your record. There may be instance(s) where law enforcement requires us not to disclose such information for a period of time if such a disclosure could cause harm or impede justice. To request such an accounting of disclosure(s), please:
- Fill out this Release of Information [LINK IT or PROVIDE DOWNLOADABLE PDF] form in order to receive or release documentation containing your personal information, for example, a copy of your application;
- Contact the Privacy Officer at 410-547-6862. Deaf and hard of hearing, please use the Relay service.
Changes to Our Privacy Notice or IT Systems
Contact the Privacy Officer
Should you have any questions or concerns regarding this Privacy Notice, please feel free to contact the Privacy Office at 410-547-6862. Deaf and hard of hearing, please use the Relay service.