Benesyst, a TASC company, takes your privacy very seriously. We share a commitment to protect your privacy and the confidentiality of your personal information.
This Notice is provided to help you better understand how we at Benesyst obtain, use, share, and protect your non-public personal financial information. As a provider of services to you as a client, we often collect personal and sometimes sensitive information. Protecting the confidentiality of that information has been and will continue to be, a top priority at Benesyst. We believe that you should know about the information we collect, the measures we take to safeguard it, and the situations in which we might share information.
Information We Collect
The information we collect and the extent to which we use it will vary depending on the service involved. We collect only the information necessary to consistently deliver responsive services to you as the client. Information we collect may include, but is not necessarily limited to, the following: your name, address, phone number, social security number, age, sex, information regarding your assets and income, employment status, dependent information, and other information provided on plan applications and related forms . We also maintain information about your relationships with us, such as payment history and account balances.
How We Collect Information
The information above may be obtained from you using various methods which may include information in writing or email, during telephone or internet transactions, or from data gathering software when you are completing information on the Benesyst website. Non-public personal information may also be collected through your transactions with our contracted representatives, affiliates, and others.
How We Protect Your Information
We have implemented and maintain physical, electronic, and procedural safeguards to protect your non-public personal financial information. We use and share your non-public personal financial information to the extent minimally necessary and only with those employees who use your information as a means to service your account. They are required to respect the confidentiality of all client information. We also require each unaffiliated third party with whom we contract to assist in servicing your account to agree to abide by safeguards and privacy standards that are the same or substantially similar to those followed by Benesyst.
The privacy and security of your non-public personal financial information will be maintained beyond the termination of your relationship with Benesyst.
How, and With Whom, We Share Information
First and foremost, we do not sell lists of our clients, nor do we disclose client information to marketing companies.
Where reasonably necessary, we may share any of your non-public personal financial information we obtain with affiliated and unaffiliated third parties as otherwise permitted or required by law. For example, we may share your information to protect against or prevent fraud, or in response to a subpoena, court order, judicial process, or regulatory authorities.
We may also share information about you with our service providers, affiliates, and representatives to help us service your accounts. Our service providers, affiliates, and representatives may include TASC contracted Providers, and Wholesale and Association accounts. The information provided to these service providers, affiliates, and representatives may include the categories of information described above under “Information We Collect,” and is limited to the information that we deem appropriate for these third parties to carry out their functions.
Benesyst takes privacy very seriously. We share a commitment with Covered Entities to protect the privacy and confidentiality of Protected Health Information (PHI) that we obtain subject to the terms of a Business Associate Agreement.
This Policy is provided to help you better understand how we at Benesyst, use, disclose and protect PHI in accordance with the terms of Business Associate Agreements.
Business Associate Agreement (BA Agreement). A Business Associate Agreement is a formal written contract between Benesyst and a Covered Entity that requires Benesyst to comply with specific requirements related to PHI.
Covered Entity. A Covered Entity is a health plan, health care provider, or healthcare clearinghouse that must comply with the HIPAA Privacy Rule.
Protected Health Information (PHI). PHI includes all “individually identifiable health information” that is transmitted or maintained in any form or medium by a Covered Entity. Individually identifiable health information is any information that can be used to identify an individual and that was created, used, or disclosed in (a) the course of providing a health care service such as diagnosis or treatment, or (b) in relation to the payment for the provision of health care services.
Use and Disclosure of PHI
We may use PHI for our management, administration, data aggregation and legal obligations to the extent such use of PHI is permitted or required by the BA Agreement and not prohibited by law. We may use or disclose PHI on behalf of, or to provide services to, Covered Entities for purposes of fulfilling our service obligations to Covered Entities, if such use or disclosure of PHI is permitted or required by the BA Agreement and would not violate the Privacy Rule.
In the event that PHI must be disclosed to a subcontractor or agent, we will ensure that the subcontractor or agent agrees to abide by the same restrictions and conditions that apply to us under the BA Agreement with respect to PHI, including the implementation of reasonable and appropriate safeguards.
We may also use PHI to report violations of law to appropriate federal and state authorities.
We use appropriate safeguards to prevent the use or disclosure of PHI other than as provided for in the BA Agreement. We have implemented administrative, physical, and technical safeguards that reasonably and appropriately protect the confidentiality, integrity, and availability of the electronic protected health information that we create, receive, maintain, or transmit on behalf of a Covered Entity. Such safeguards include:
- Maintaining appropriate clearance procedures and providing supervision to assure that our workforce follows appropriate security procedures;
- Providing appropriate training for our staff to assure that our staff complies with our security policies;
- Making use of appropriate encryption when transmitting PHI over the Internet;
- Utilizing appropriate storage, backup, disposal and reuse procedures to protect PHI;
- Utilizing appropriate authentication and access controls to safeguard PHI;
- Utilizing appropriate security incident procedures and providing training to our staff sufficient to detect and analyze security incidents; and
- Maintaining a current contingency plan and emergency access plan in case of an emergency to assure that the PHI we hold on behalf of a Covered Entity is available when needed.
Mitigation of Harm
In the event of a use or disclosure of PHI that is in violation of the requirements of the BA agreement, we will mitigate, to the extent practicable, any harmful effect resulting from the violation. Such mitigation will include:
- Reporting any use or disclosure of PHI not provided for by the BA Agreement and any security incident of which we become aware to the Covered Entity; and
- Documenting such disclosures of PHI and information related to such disclosures as would be required for Covered Entity to respond to a request for an accounting of disclosure of PHI in accordance with HIPAA.
Access to PHI
As provided in the BA Agreement, we will make available to Covered Entities, information necessary for Covered Entity to give individuals their rights of access, amendment, and accounting in accordance with HIPAA regulations.
Upon request, we will make our internal practices, books, and records including policies and procedures, relating to the use and disclosure of PHI received from, or created or received by the BA on behalf of a Covered Entity available to the Covered Entity or the Secretary of the U.S. Department of Health and Human Services for the purpose of determining compliance with the terms of the BA Agreement and HIPAA regulations.
The content on www.benesyst.net (the "Site") is general information of interest which is provided "as is" without any warranties of any kind, expressed or implied. Benesyst has made every attempt to ensure that the content contained on this Site is complete, timely, and accurate. However, we make no representation or warranty of any kind with respect to the Site and the content provided herein. We may change the content at any time without notice and will not be liable for errors or omissions in the content. Nothing contained in this Site shall be construed as conferring any right to any copyright, trademark, or other proprietary interest of Benesyst or any third party. You agree not to infringe upon any copyright, trademark, service mark, or patent right. You also agree that you will not alter or remove any copyright, trademark, or any other notice from any authorized copy of the content on this Site. Some sections of our web applications contain links to other sites. We provide these links as a service to participants and users. Please be aware that Benesyst cannot attest to the privacy practices of such other sites. We encourage our users to be aware when they leave our site and to read the privacy statements of each and every web site that collects personally identifiable information. This privacy statement applies solely to information collected and displayed here. In no event will Benesyst be liable for any damages, expenses or losses, including without limitation direct, indirect, consequential, special, incidental, or punitive damages resulting from or caused by the use of this Site or the information herein (or any information on a linked Web site); the inability to use this Site or the information herein; any delay in operation or transmission; communication line or system failure. Your access to and use of this Site are subject to the terms and conditions contained herein. By accessing and using this Site, you accept these terms and conditions, without limitation or qualification.
Copyright and Trademark Information
Site contents copyright © 2013 Benesyst