Website Privacy Policy

Last modified May 15, 2015

Welcome to the Massachusetts Health Connector website. Your privacy is one of our top priorities. The following policy applies only to the use of this website. As you navigate this website, you may see links that will take you to websites external to the Massachusetts Health Connector. We strongly suggest that you read the privacy policies for each website that you visit, and any external site that you visit through a link appearing at this site.

Contents:

  • A Privacy Partnership
  • Personally Identifiable Information
  • Information Voluntarily Provided by You
  • Survey and E-mail
  • Information Automatically Collected and Stored by this Site

 

A Privacy Partnership

Your privacy with respect to the use of this site results from a partnership between the Massachusetts Health Connector and you, the user. At this website, we attempt to protect your privacy to the maximum extent possible. However, because some of the information that we receive through this website is subject to the Public Records Law, Massachusetts General Laws Chapter 66, Section 10, and other federal laws we cannot ensure absolute privacy. Information that you provide to us through this site may be made available to members of the public under that law. This page informs you of the information that we collect from you at this site, what we do with it, to whom it may be disseminated, and how you can access it. Based on this information, you can make an informed decision about your use of this site. You can maximize the benefits of your privacy partnership with the Commonwealth by making informed decisions about whether to share personally identifiable information with us through this site. Please review the information on this page about how the Health Connector collects your personal information, and please review the Health Connector’s Notice of Privacy Practices, which describes how we use and disclose that information.

Personally Identifiable Information (PII)

We use the term “personally identifiable information” to mean any information that could reasonably be used to identify you, including your name, address, telephone number, e-mail address, Social Security number, birth date, bank account information, credit card information, or any combination of information that could be used to identify you.

Information Voluntarily Provided by You

This site collects voluntary information from you through surveys and e-mails.

Survey and E-mail

This site collects voluntary information from you through surveys posted at this website and through any e-mail messages you choose to send to the Massachusetts Health Connector. Surveys may collect personally identifiable information you voluntarily submit, such as name, e-mail address or phone number, so that we may contact you for follow-up to your question, concern or recommendation. Any e-mail messages sent by you to this site will contain personally identifiable information such as your e-mail address and any other information you choose to give us to help us answer your inquiry.

Information Automatically Collected and Stored by this Site

This website does not use permanent “cookies”. However, the site uses temporary “session cookies” to allow visitors to interact with the Massachusetts Health Connector and to use online applications. “Session cookies” do not allow us to personally identify a visitor. These cookies are stored only in memory and are deleted when the user’s browser is shut down.

This site does collect and store your “Internet Protocol (“IP”) address,” (which does not identify you as an individual) indefinitely, as well as information about the date and time of your visit, whether a file you have requested exists, and how many “bytes” of information were transmitted to you over the Web from this site. We use your IP address to access the frequency of visits to this site and the popularity of its various pages and functions. We will not attempt to match any personally identifiable information that you provide to us with your IP address, unless there are reasonable grounds to believe that doing so would provide information that is relevant and material to a criminal investigation.

Public Records Law and the Dissemination of Your Personally Identifiable Information

We do not sell any personally identifiable information collected through this website or submitted to the Commonwealth in conjunction with using functions on the website, and there is no direct or online public access to the information. However, once you voluntarily submit personally identifiable information to us related to your use of the Portal, its dissemination is governed by the “Public Records Law,” the “Fair Information Practices Act (Massachusetts General Laws Chapter 66A), “Executive Order 504,” and other applicable laws and regulations. For this reason, part or all of the information you send us may be provided to a member of the public in response to a public records request. There are pieces of information, such as credit card numbers, TIN, username, or password that are not considered public for the purposes of a public records request. For more information on types of data exempted from disclosure under the Public Records Law, please read the Secretary of the Commonwealth’s Public Records Law.

Security

Because e-mail sent to the Commonwealth is not encrypted, you should not send messages containing information that you consider highly sensitive to this website. We use standard security measures to ensure that information provided by you, including your personally identifiable information, is not lost, misused, altered, or unintentionally destroyed. We also use software to monitor network traffic to identify unauthorized attempts to upload or change information, or otherwise cause damage. Except for authorized law enforcement investigations, no attempts are made to identify individual users or their usage habits.

Policy changes

We will post substantive changes to this policy at least 30 days before they take effect. Any information we collect under the current privacy policy will remain subject to the terms of this policy. After any changes take effect, all new information we collect, if any, will be subject to the new policy.

Contact Information

For questions about your privacy while using this website please contact the Health Connector’s privacy and security officer at ConnectorPrivacy@state.ma.us.

Definitions:

  • Cookies are files that a website can place on your computer. A cookie file contains unique information that a website can use to track such things as your password, lists of Web pages you have visited, and the date when you last looked at a specific Web page, or to identify your session at a particular website. A cookie file allows the website to recognize you as you click through pages on the site and when you later revisit the site. A website can use cookies to “remember” your preferences, and to record your browsing behavior on the Web. Although you can prevent websites from placing cookies on your computer by using your browser’s preference menu, disabling cookies may affect your ability to view or interact with some websites.
  • An “Internet Protocol Address” or “IP Address” is a series of numbers that identifies each computer and machine connected to the Internet. An IP address enables a server on a computer network to send you the file that you have requested on the Internet. The IP address disclosed to us may identify the computer from which you are accessing the Internet, or a server owned by your Internet Service Provider. Because it is machine-specific, rather than person-specific, an IP address is not, in and of itself, personally identifiable information.

Notice of Privacy Practices

Last modified January 3, 2017

THIS NOTICE DESCRIBES HOW INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED, AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

The Health Connector has personally identifiable information about you because it provides you access to health insurance through its role as a health insurance Marketplace. Personally identifiable information (“PII”) includes things such as your name, social security number, and address. The PII about you that the Health Connector collects includes information you provided on your application for coverage, and information about what health plan you enroll in, and the premium you pay. By law, the Health Connector must protect the privacy of your personally identifiable information and provide you with notice of our legal duties and privacy practices. This notice explains your rights and our legal duties and privacy practices.

Required and Permitted Uses and Disclosures

We may use and disclose PII in a number of ways to carry out our responsibilities. The following describes the types of uses and disclosures of PII that federal law requires or permits the Health Connector to make without your authorization:

Payment activities: The Health Connector may use and share PII for payment activities, such as determining if you are eligible to purchase health insurance or to receive federal or state subsidies to help you pay for that insurance; enrolling you in health plans; collecting premium payments; or transmitting subsidy payments to health insurance carriers for your coverage.

Health care operations: The Health Connector may use and share PII to operate its programs, including evaluating the quality of health care services you get, and performing studies to reduce health care costs and improve plan performance.

Other Permitted Uses and Disclosures: The Health Connector may use and share PII as follows:

  • with public health authorities, when authorized by law;
  • with health oversight agencies, for oversight activities authorized by law;
  • in response to a judicial or administrative order, or lawful process, such as a subpoena;
  • for research studies that meet all privacy requirements;
  • to prevent or respond to a serious and imminent health or safety emergency; or
  • to tell you about new or changed benefits and services or health care choices.

Required Disclosures: Generally, the Health Connector must use and share PII when requested by you or someone with the legal right or authorization to act for you; when requested by the U.S. Department of Health and Human Services to make sure your privacy is protected; and when otherwise required by law.

Organizations that Assist Us: In connection with payment and operations, we may share your PII with third party “Business Associates” that perform activities on our behalf. These business associates will be legally and contractually bound to safeguard the privacy of your PII. Except as described above, the Health Connector cannot use or share your PII without your written permission. You may cancel your permission at any time, as long as you tell us in writing. However, we cannot take back any PII that we used or shared when we had your permission.

Your Rights

Uses and Disclosures Requiring Authorization: The Health Connector requires your authorization to

  • Use or disclose your PII for marketing purposes, including treatment notifications; or
  • Sell your PII.

Most uses and disclosures not described in this Notice of Privacy Practices will only be made with your authorization. You may revoke an authorization by writing to the Health Connector at the address below.

Further, you have the right to:

  • Ask to see and get a copy of your PII that the Health Connector maintains. If the Health Connector stores your PII in electronic format, you have the right to receive that PII in electronic format. You must ask for this in writing. The Health Connector may charge to cover certain costs, such as copying and posting.
  • Ask the Health Connector to correct your PII if you believe that it is wrong or incomplete and the Health Connector agrees. You must ask for this in writing along with a reason for your request. The Health Connector may not always be able to grant this request.
  • Ask the Health Connector to restrict certain uses and disclosures of your PII to carry out payment and health care operations. You must ask for this in writing. The Health Connector may not always be able to grant this request.
  • Receive a separate paper copy of this notice upon request.
  • Be notified in the event the security of your PII has been breached.

For more information about your rights, and about how to request to see, correct or restrict your PII, please see the Health Connector’s Policy and Procedures for the Protection of Member Privacy Rights.

The Health Connector must abide by the terms of this notice. The Health Connector may change how we use and share your health information. If the Health Connector makes important changes, we will revise our notice and will provide you a new notice if you are participating in our programs at the time of the revision. That new notice will apply to all of the PII that the Health Connector has about you.

The Health Connector takes your privacy very seriously. If you would like to exercise any of the rights we describe in this notice, or if you feel that the Health Connector has violated your privacy rights, contact the Health Connector in writing at the following address or by email:

Mail:

Attn: Privacy Officer
Massachusetts Health Connector Compliance Unit
P.O. Box 960189
Boston, MA 02196

Email: ConnectorPrivacy@state.ma.us

Filing a complaint or exercising your rights will not affect any health insurance coverage you have through the Health Connector.

For more information, or if you need help understanding this notice, please call 617-933-3095.