Welcome to the Arbitman Insurance Services (AIS) website. The term, “Arbitman Insurance Services” refers to Arbitman Insurance Services. Through this Privacy Statement, Arbitman Insurance Services wants to assure you of our commitment to privacy and security. Arbitman Insurance Services. We are committed to the protection of your privacy.

This Privacy policy details our collection, use and disclosure of personal and non-personal data that you give when you visit our website or submit requests. By using our Website, you agree and consent to our collection, use and sharing of your information and other activities, as described below.

Personal Information Collection

Arbitman Insurance Services may directly collect several types of “personal information” about users of our website, including:

• Identifiers: such as name, postal address, email address, telephone number,
• Customer records information: name, address, telephone number, provider specialty and other business related demographics
• Geolocation Data: In addition, data may be collected directly or indirectly with third party services,
• Commercial Information: such as products purchased, considered or other consumer histories or tendencies
• Internet or other electronic network activity: such as browsing history, search history, cookies, online identifiers, account names, IP addresses, or clientID
• Inferences: preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence or abilities.

For more information about this indirect data, please see the Analytics section below. You will be able to update the information provided to us at any time. We will also take the necessary steps to ensure that we process any updates provided by you in a timely and complete manner.

Our Use of Your Personal Information

We will use information voluntarily provided in order to respond to your requests, follow up on sales inquiries, and provide relevant materials related to such requests. We may also use your IP address to help protect Arbitman Insurance Services and our Internet Service Providers from fraud.

Additional uses of your non-personal and personal information will allow us to tailor products and services specific to your needs, to conduct business, to perform functions that are described to you at the time of collection.

Arbitman Insurance Services may use your Personal Information for “business purposes” as defined by CCPA. The categories of Personal Information used for such purposes may include:

• Identifiers
• Customer Records Information
• Geolocation Data
• Commercial Information
• Internet or other electronic network activity

Arbitman Insurance Services may also disclose your personal information as is necessary to: (a) comply with a subpoena or court order; (b) cooperate with law enforcement or other government agency; (c) establish or exercise our legal rights; (d) protect the property or safety of our company and employees, contractors, vendors, and suppliers; (e) defend against legal claims; (f) help with internal and external investigations; or (g) as otherwise required by law or permitted by law. We may disclose your information in connection with the sale or merger of AIS or any transaction that involves the sale or assignment of some or all of our assets.

Third Parties and Data Sharing

Your personal information will not be used or shared with non-affiliated outside third parties for their direct marketing purposes. In the future, if we anticipate selling or disclosing your personal information to any party, we will provide the options to opt-out and opt-in as required by law.

Third Party Links

Do note that some pages on the Arbitman Insurance Services Website may contain links to other websites that are beyond Arbitman Insurance Services control and you should read that website’s privacy policy before accessing their website or disclosing any information to them. Arbitman Insurance Services shall not be responsible or liable in any manner whatsoever, should you choose to access the third party links on the Arbitman Insurance Services website.

Analytics

We may use third-party analytics services on our site, such as Google Analytics. These services are used to track website behavior and improve our website experience. For example, our Internet Service Providers may report to us that there were a particular number of visitors to a certain area of our website, or that a certain number of visitors completed our registration form. Such information may also be used to analyze the effectiveness of our business and advertising models. Any consumer information received has been de-identified or is provided in aggregate and would not be reasonably linked to any one individual.

You may opt out of Google’s use of analytics by installing the plug-in provided at Google Advertising Opt-out Page or by visiting Google Ad Settings.

Cookies

We use “Cookies” (unique identifiers usually made up of small bits of text or code stored on your computer) to optimize our website and our service. These technologies can be used to collect, create, or track Personal Information as defined previously. We used these cookies for the purposes of identification, delivering content, and keeping track of your specified preferences, as well as to prevent fraudulent activity and improve security. You can change your preferences regarding cookies by choosing to disable, enable or block cookies. However, blocking cookies may limit access or functionality on our Website. To learn more about cookies, including how to enable/disable and delete them, you may visit the following website: www.aboutcookies.org.

In addition to using cookies, we also may permit certain third-party companies, such as Google AdWords remarketing service, to assist AIS to tailor advertising based on the use of our website and user interest.

If you do not wish to participate in our Google AdWords Remarketing, you can opt out by visiting Google Ad Settings.

You can also opt out of any third-party vendor’s use of cookies by visiting www.networkadvertising.org/choices/.

Data Storage and Security

AIS makes reasonable efforts to ensure that our Internet Service Providers have implemented physical, electronic, and procedural security measures to assist with safeguarding your personal information, and to help protect against unauthorized access and disclosure. Only our authorized personnel and our Internet Service Providers who perform legitimate business functions for AIS are authorized to access your personal information.

AIS stores your Personal Information until it is no longer necessary to provide our services, or until you request us to delete your Personal Information.

Notwithstanding our efforts, the Internet has inherent security risks. AIS cannot promise, and you should not expect, that your personal information, personal searches, and other communications will always remain secure. You should take care with regard to how you handle and disclose your personal information.

Children and Data Collection

The AIS website is directed toward only those individuals who are of legal age of majority in their state or local jurisdiction. AIS’s content is neither directed toward minors, nor children of any age. We do not knowingly collect personal information from children or minors. If AIS or its Internet Service Providers become aware that a minor or a child has provided us with personal information, that information will be deleted from our databases. Parents who have questions about personal information that may have been submitted by a child or minor should email us at info@arbitmaninsuranceservices.com 

Your Rights with Respect to Personal Data

You have the right to opt-out of receiving marketing communications from us. You can exercise this right by clicking the “unsubscribe” or “opt-out” link in the marketing emails we send to you. You can also opt-out of emails and other marketing campaigns by contacting us via the details provided below.

You may have additional rights based on residency. For example, if you are a resident of a state, like California, you may be afforded additional rights based on the California Consumer Privacy Act “CCPA” and other related guidance.

These additional rights may include:

• Right to be Informed – to know what personal information is being collected.
• Right to Access – to request access and/or correct personal information that we have collected.
• Right of Disclosure – to request disclosure of information that may be sold and to whom.
• Right to Opt-Out – to opt-out of the sale of personal information
• Nondiscrimination – to not be discriminated against by exercising any of the above listed rights.

The above rights are subject to verification to ensure that proper authorization is afforded to the individual making the request and to ensure the security of your Personal Information. To request access, correction or deletion of your personal information download and complete the CCPA Privacy Request form and return via e  info@arbitmaninsuranceservices.com  info@arbitmaninsuranceservices.com 

Updates

AIS reserves the right to change our policies without prior notice. Should we do so, we will post a notification on the website. Changes will take effect from the date they are posted.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) mandates the management of access to Protected Health Information (PHI) to ensure the integrity, confidentiality, and availability of electronic PHI (ePHI) data.

I. Organization-Specific Information

Organization Details

• Organization Name:

○      Arbitman Insurance Services (AIS)

• Physical Address:

○      3120 14^th Avenue Ct NW, Puyallup. WA 98371

• Mailing Address (if different):

○      P.O. Box 211, Puyallup, WA 98371

• Contact Information:

○      Main Phone: 253-208-5023

○      Fax: 253-378-0514

○      Email: info@arbitmaninsuranceservices.com

Compliance Officer

• Name: Steven Arbitman

     Contact Information:

○      Phone: 253-208-5023

○      Email info@arbitmaninsuranceservices.com

By providing this organization-specific information, your HIPAA Compliance Policy will be better equipped to address specific scenarios and operational setups, enhancing your compliance stance and readiness to protect Protected Health Information (PHI).

II. Policy Statement

Purpose

This policy establishes the guidelines for ensuring compliance with the Health Insurance Portability and Accountability Act (HIPAA) to protect the privacy and security of Protected Health Information (PHI).

Scope

This document applies to all employees, contractors, and business associates engaged with the handling, receiving, maintaining, or transmitting of PHI within the organization.

III. Definitions

• Protected Health Information (PHI): Information that concerns health status, provision of health care, or payment for health care that can be linked to an individual.
• Covered Entity: A healthcare provider, health plan, or healthcare clearinghouse that processes PHI.
• Business Associate: A person or entity that performs activities or services for or on behalf of a Covered Entity involving the use or disclosure of PHI.

IV. Roles and Responsibilities

• HIPAA Compliance Officer: Appointed individual responsible for implementing and overseeing compliance with HIPAA regulations within the organization.
• Employees: Must adhere to all policies and procedures outlined in this document and report any security incidents or breaches.

V. Privacy Procedures

• Minimum Necessary Use and Disclosure: PHI should be disclosed only to the extent necessary to accomplish the intended purpose.
• Patient Rights: Detailed explanation of patients’ rights to access, amend, and receive an accounting of disclosures regarding their PHI.
• Authorizations: Conditions under which authorization from a patient is required prior to the use or disclosure of their PHI.

VI. Security Procedures

• Risk Analysis and Management: Regular assessments of potential risks and vulnerabilities to the confidentiality, integrity, and availability of PHI.
• Data Protection: Implementation of appropriate safeguards such as encryption, secure data storage, and controlled access to protect PHI.
• Incident Response: Procedures for responding to security incidents, including immediate containment and mitigation.

VII. Training and Awareness

• Training Requirements: All workforce members must receive training on HIPAA policies and procedures as applicable to their job functions.
• Documentation of Training: Maintain records of training sessions, including dates, topics, and attendees.

VIII. Breach Notification Procedures

• Detection and Reporting: Mechanisms for detecting and reporting breaches of PHI in compliance with federal and state laws.
• Investigation and Notification: Steps for investigating a breach and notifying affected individuals and necessary agencies within legally mandated timeframes.

IX. Sanctions for Non-Compliance

• Disciplinary Actions: Outline of disciplinary measures for employees who fail to comply with HIPAA policies.
• Continuous Improvement: Procedures for regularly reviewing and updating HIPAA policies to adapt to changes in law or operational requirements.

X. Documentation and Record Retention

• Retention Schedule: Specifications for how long records of PHI and related documents should be retained according to legal and regulatory requirements.
• Secure Destruction: Procedures for the secure disposal of PHI when it is no longer needed and at the end of its retention period.

XI. Assumptions

This HIPAA Compliance Policy is based on several assumptions that are critical for its effective implementation and adherence. The following are the key assumptions:

1. Regulatory Stability:

    

○      The policy assumes that the federal HIPAA regulations will remain stable over time, with only minor changes. Significant legislative or regulatory amendments will necessitate an immediate review and possible revision of this policy.

1. Organizational Commitment:

    

○      Effective implementation of this policy requires full commitment and support from senior management to ensure that necessary resources and authority are allocated to HIPAA compliance efforts.

1. Employee Compliance:

    

○      It is assumed that all employees, contractors, and business associates who come into contact with PHI will comply with the training, policies, and procedures outlined herein. Non-compliance will be addressed through disciplinary measures as detailed in the Sanctions for Non-Compliance section.

1. Technological Capabilities:

    

○      This policy assumes that the organization has access to and will maintain the necessary technological tools and systems to protect PHI adequately. This includes secure communication channels, encryption methods, and other security measures as technology evolves.

1. Third-Party Cooperation:

    

○      The effectiveness of this policy depends on the cooperation of third-party service providers and business associates who must also comply with HIPAA requirements. It is assumed that all relevant third parties will have similar policies in place and will adhere to the same standards of compliance as our organization.

1. Incident Response Effectiveness:

    

○      The policy assumes that the procedures outlined for incident response and breach notification are effective and that all personnel will execute their roles as expected during an incident. This includes timely reporting and escalation of potential security incidents.

1. Continuity of Oversight:

    

○      It is assumed that the designated HIPAA Compliance Officer and any supporting compliance staff will remain in their roles with minimal turnover. Changes in key personnel involved in HIPAA compliance are anticipated to be managed without disrupting ongoing compliance efforts.

XII. Acknowledgment of Receipt and Understanding

• Employee Certification: Requirement for all employees to sign an acknowledgment form confirming they have received, read, and understood the organization’s HIPAA policies.