MEHIP Privacy Policy Notice
Privacy Policy
At Stirling Benefits, we understand and respect your privacy concerns. We recognize our obligation to our customers, community, and online visitors to adhere to the highest standards of decency and integrity in all operations. Likewise, we are dedicated to the fundamentals of protecting consumer privacy on the Internet and safeguard your non-public information. The following information offers an overview of how Stirling Benefits handles information provided on our web site.

Privacy Notice
Our Privacy Notice describes our practices for handling your personal information and the steps we take to protect it. This notice describes our policy regarding the confidentiality and disclosure of member personal health information that we collect in the course of conducting business. Stirling Benefits is committed to protecting the integrity, accuracy, and privacy of your data. All of our business practices are in full compliance with the privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA).

Stirling Benefits uses "cookie" technology to obtain information from its online visitors. Cookies are lines of text that are transmitted to your web browser when you click on a link. Your browser stores the information on your hard drive and when you return to that site later, the cookie is transmitted back to the server that originally sent it to you. Cookies provide a way for a server to recall a previous request from a particular web browser. The cookies Stirling Benefits use are only for site management purposes. No personal information is extracted by the use of cookies. In order to provide you with the best possible service, we use cookies to track the resources our online visitors use to help develop more relevant information for them.

We welcome online visitors to contact us by e-mail. E-mail is a tool you can use to receive relevant information from Stirling Benefits. E-mail addresses will not be sold to any third party and are strictly for our use. E-mail is not a secure method of communication, so in an effort to protect you, we urge you not to send any vital information via e-mail to us. It is possible that your e-mail communication may be accessed or viewed inappropriately by another Internet user while in transit to us. If you wish to keep your information completely private, you should not use e-mail.

For other than general information viewing, Stirling Benefit's web site must be used with a Secure Sockets Layer (SSL) compatible browser or terminal (for example, Netscape or Internet Explorer versions 3.0 or greater). Our SSL web server uses authentication and offers the highest level (128-bit) of encryption technology commercially available.

You can tell when you are secure by looking at the location (URL) field. If the URL begins with https:// (instead of http://), the document comes from a secure server. This means your data cannot be read or deciphered by unauthorized individuals. You can tell whether you are truly connected to Stirling Benefits by viewing the digital certificate. This certificate verifies the connection between the Stirling Benefits server's public key and the server's identification (just as a driver's license verifies the connection between your photograph and your personal identification). Cryptographic checks, using digital signatures, ensure that information within a certificate can be trusted.

User names and passwords provide two layers of authentication. Passwords and user names are stored in an encrypted database that is isolated from the Internet.

You have the ability and right to exit and not continue to remain in an active session on this site if you do not agree with the above privacy and security policies. If you remain in session with the site, you implicitly consent to our security policy.

Privacy Notice Concerning Health Information
At Stirling Benefits, protecting the privacy of the personal information we have about our customers and members is extremely important and we take this responsibility very seriously. This information must be and is maintained in a manner that protects the privacy rights of those individuals. This notice describes our policy regarding the confidentiality and disclosure of member personal health information that Stirling collects in the course of conducting its business. Our policy applies to both current and former customers and members.

Information We Collect and Maintain
We collect non-public, personal health information about you from the following sources:

  • Information we receive from you on applications or other forms (such as name,address, telephone number, marital status, social security number, medical information and date of birth)
  • Information we receive from health care providers
  • Information we receive from federal or local governmental agencies
  • Information from your employer
  • Information gathered from other policies, or programs available to you.

Information We Disclose
We may use and share the non-public personal information, but only as permitted or required by law. For example, we may provide the non-public information to affiliates and other third parties involved in underwriting; to service or process an insurance transaction; or provide information to insurance regulators or law enforcement authorities upon request. In general, we are permitted to share this information for purposes of payment, treatment, or health care plan operations. They are required to keep the information confidential.

We may have to provide the above described non-public information that we collect to authorized persons or entities to comply with a subpoena or summons by federal, state or local authorities and to respond to judicial process or regulatory authorities having jurisdiction over our company for examination, compliance or other purposes as required by law.

There are circumstances that occur where the use of personal information requires an authorization in writing from the member, or consenting adult (guardian) before it’s released.

Confidentially and Security Practices
We are very sensitive to privacy issues. We emphasize the importance of confidentiality through employee training, the implementation of procedures designed to protect the security of our records, and our privacy policy. All of our business practices are in compliance with the privacy requirements under the Health Insurance Portability and Accountability Act (HIPAA).

We restrict access to the non-public personal financial information of our customers and members to those employees who need to know that information to perform their job responsibilities. We maintain physical, electronic, and procedural safeguards that comply with state and federal standards to guard your non-public, personal financial information.

If we become aware that an item of personal information may be materially inaccurate, we will make reasonable effort to re-verify its accuracy and correct any error as appropriate.
Stirling Benefits, Inc.                                                           October 1, 2008
Connecticut Public Act 08-167 requires all persons in possession of other’s personal information to safeguard the data, computer files, and documents containing personal information against misuse by third parties.  The same provision also requires the secure disposal of such personal information by destroying, erasing, or making the information otherwise unreadable prior to disposal.

Examples of PI include but are not limited to:

  • Social Security Number
  • Name
  • Street Address, City, Zip Code
  • Telephone and Fax Numbers
  • Account Numbers
  • Certificate/License Number
  • Internet Protocol Address
  • Medical Record Number
  • Vehicle ID/Serial Number/License Plate Number
  • Email Address
  • Health Plan Beneficiary Number
  • All Dates (DOB, Admission Date, Discharge Date, Date of Death etc.)

The Personal Information Privacy Protection Act requires that “any person who collects Social Security number in the course of business shall create a privacy protection policy which shall be published or publicly displayed”.  This policy must (1) protect the confidentiality of SSNs; (2) prohibit unlawful disclosure of SSNs; and (3) limit access to SSNs.

Stirling Benefits, Inc. has long had Security Guidelines to safeguard PI and PHI.  These guidelines not only include protection of SSN’s but many other identifiers.  They are part of our overall Security and Privacy compliance and protection policy and include but are not limited to:

  • Employees receive training on privacy/security best practices for Desktop, Email, Workstation, Copying, Conversation, Printer, Faxing, Record Storage of PHI or PI.  Supervisors oversee compliance of these practices.
  • In addition, employees are directed to place documents with identifiers in locked storage bins if they are to be destroyed.  The material in these bins is shredded on site on a monthly basis.
  • Electronic emails contain a disclaimer.  Attachments with PHI or PI are password protected.
  • IT establishes employee user accounts and passwords.  Passwords are changed on a routine basis.
  • IT Systems have established privacy/security procedures for electronic Access, Accountability, Data Backup, Data Storage, Media Disposal and Equipment control.
  • Controls for Physical Access and Facility Security are in place for employees and visitors.
  • Stirling Benefits, Inc. completes security/privacy agreements with employees, business associates and vendors.

Stirling Benefits, Inc.’s employees are subject to disciplinary actions in the event they fail to comply with the company’s privacy/security policies and procedures.