MaxStaff HR Management  is committed to protecting the privacy of our customers both online and offline. As a result, we have established policies and practices that respect the privacy of all our customers. We keep information about our clients confidential and only may share information, as described below, with our affiliated companies, third parties with whom you have business and as otherwise required by law.

Consent
You have the ability and the right to exit and not remain in session with the MaxStaff web site at any time if you do not agree with the above policies. If you choose to remain connected to our site you implicitly consent to our policies.

Operating Standards—Health Information Privacy (HIPAA)
Health plans need to create, receive, and maintain certain records, some of which contain health information about individual participants, in order to administer the plan and provide health care benefits. In addition to creating guidelines regulating this activity, the Health Insurance Portability and Accountability Act of 1996 (HIPAA) requires health plans to notify participants about policies and practices related to the plan’s handling of such information. While the content of such notices is determined mainly by each plan’s specific provisions and administrative practices, the information below describes the general nature of health information privacy practices that must be followed by most group health plans. MaxStaff’ practices and procedures fully support these operating standards for its affected clients. Please see our HIPAA Information Page for more details on specific HIPAA criteria.

General Guidelines
HIPAA requires health plans to protect information that identifies specific persons and that relates to a physical or mental health condition. Such individually identifiable health information is known as “protected health information,” or “PHI.” Except for purposes related to health care treatment, payment of plan benefits or other aspects of the plan’s administration (known collectively as “treatment, payment or health care operations,” or “TPO”), PHI may generally not be used or disclosed without a written authorization from the individual who is the subject of the PHI. Plans may use and disclose PHI without authorization for reasons in addition to TPO, including: Communication with participants regarding wellness programs, treatment alternatives and health-related benefits and services; court orders, administrative law proceedings, subpoenas, discovery requests or similar legal processes; medical research; interaction with government officials in national security or public health matters; and under certain other circumstances required or permitted by HIPAA and/or other federal and state law.

Notice of Privacy Practices
Health plans subject to HIPAA must publish and make available a notice of the plan’s legal obligations and privacy practices, as well as a summary of participants’ rights regarding the use and disclosure of PHI. Depending on the plan’s administrative practices, this notice may be included with other plan documents or produced and distributed separately.

Participant Rights
HIPAA extends certain rights to plan participants regarding: Access and changes to PHI; obtaining an “accounting,” or record of certain PHI disclosures; requests for restrictions on PHI disclosures; confidentiality of PHI-related communications; and formal complaint procedures. Such rights are detailed in each plan’s Notice of Privacy Practices or equivalent document.

Operating Standards—Financial Information Privacy (GLBA)
In 1999, Congress adopted the Gramm-Leach-Bliley Financial Services Modernization Act (“GLBA”) to allow affiliation among banks, securities firms and insurance companies—affiliations that had traditionally been prohibited by Depression-era securities laws. Title V of GLBA created privacy standards for the handling of “non-public personal information” by GLBA-regulated entities, and requires such entities to make certain disclosures with regard to consumer privacy policies. Generally, GLBA standards for the insurance industry are enforced under state law.

MaxStaff does not use, disclose, sell, or otherwise make available non-public personal information or any PHI to any party unaffiliated with, or for any purpose unrelated to, the administration of its clients’ benefit plans, unless required to do so by law, regulatory authority, court proceeding, or pursuant to a specific authorization by the affected individual (s).

The Types of Information About You That We Collect. In the ordinary course of business, we collect, retain and use information about you to administer your account's) and benefits. This information, known as nonpublic personal information, is collected from several sources and includes: information we receive from you on applications or other forms (for example, name, Social Security number, address); information about your transactions with us, our affiliates and non-affiliated third parties (for example, information about your account balance, contributions, premiums).

Security of Your Information. We have implemented strict procedures and policy guidelines to safeguard the privacy of your nonpublic personal information from unauthorized use or improper access. These guidelines include implementation of physical, electronic and procedural safeguards.

Access to Information. Access to customer information is authorized for business purposes only. We permit authorized employees who need to know such information to provide products or services to you or to conduct our business to have access to customer information. Employees who have access to customer information are required to protect it and keep it confidential. Employees who violate this policy will be subject to our disciplinary policies and procedures.

Our Information-Sharing Practices. We restrict the types of information about you that we share and the types of entities with whom we share it. The primary reason for sharing information about you is to provide you with more convenience and efficiency in transactions with the benefit carriers and employers so more choices about employee services and benefit products can be offered. The type of information we collect varies according to the products or services you request, and may include information:

Sharing Information with Service Providers. We may disclose information about you to non-MaxStaff companies that perform services on our behalf.  For example, we may share information with:

• companies that perform services for us or on our behalf (such as vendors we hire to respond to customer requests, to provide you with information about products or services, or to maintain or develop software for us); or
• financial institutions (such as banks, insurance companies, securities brokers or dealers) and non-financial institutions (such as financial publications) with whom we have marketing agreements.

We require our service providers and those with whom we have joint-marketing agreements to adhere to similar and equally stringent polices concerning the privacy of your information. These companies may use and disclose the information provided to them by us only for the purposes for which it is provided or to the extent otherwise permitted by law. Additionally, we may disclose information to non-affiliated third parties as allowed by law. For example, we may disclose information in response to a subpoena, to prevent fraud, or to comply with an inquiry by a governmental agency or regulator.

Sharing Information with Other Third Parties. We do not share your protected information with outside marketing agents.

Our Treatment of Information About Former Customers. Our protection of your nonpublic personal information extends beyond the period of your customer relationship with us. If our customer relationship ends, we will not disclose your information to non-affiliated third parties other than as permitted by law.

Customer Access to Information. If you would like to inquire about the personal information we have retained in our files or have any other questions concerning the privacy of the information we may have in our files about you, please contact the Privacy Officer at the address listed below and this information will be provided to you, subject to legal and ethical considerations.