GATEWAY HEALTH Plan^® - Notice of Privacy Practices

This On-Line Privacy Statement discloses the practices of Gateway Health Plan^® (“Gateway”) regarding information gathering and disclosure from Gateway’s website.

1. Collection of Information from Website Visitors - Gateway may collect information regarding its website visitors and the computers they use, such as e-mail addresses, files downloaded, home server domain names, type of computer, search engine, operating system and web browser. Gateway may also collect information the visitor submits on-line when the visitor completes forms or surveys, sends e-mail messages or enters other data into website fields. In the event an e-mail is addressed to specific Gateway staff or is sent using the “Contact Us” option of this website, Gateway may retain the message for up to one year. Gateway uses information and discloses it to third parties as permitted by law and to the least extent necessary.

Gateway’s website and certain link sites use cookies to facilitate navigation. A cookie is a small piece of information about an Internet session that may be created when a person accesses a website. Cookies may contain a variety of information including the name of the website that issued them, what parts of the website the user accessed, passwords and user’s name. Most web browsers can be modified by users to prevent cookies from being attached.

2. Use of Personal Data Collected - Personal data collected by Gateway may be used by Gateway for many reasons, including analysis of how and when the website gets visited, for development of Gateway services or for changes in the content and appearance of this website. Aggregate data on visitors' home servers may be used for internal purposes or provided to third parties. Individually identifying information, such as names, postal and e-mail addresses, phone numbers and other personal information that visitors voluntarily provide to Gateway may be added to Gateway's databases and/or used for future calls and mailings regarding website updates, new products and services, upcoming events, and for other purposes that comply with federal and state law.

Gateway may contact website visitors regarding membership issues, including specific issues affecting a member and general issues affecting groups of members, for example, changes to the Member Handbook, privacy statement, business practices or Gateway policies.

3. Disclosure of Personal Data to Third Parties - Gateway does not sell its member lists. Unless otherwise authorized by a visitor or validly requested by governmental authorities or legal process, Gateway does not distribute its members’ specific information to outside persons or firms unless a disclosure is needed for the member’s care, payment of members’ claims or the necessary operations of the health plan .

Gateway may disclose to its affiliates and service providers that assist in meeting the needs of Gateway members personal information of users that has been collected through its website, as permitted by law. Information collected by Gateway affiliates and service providers may also be shared with Gateway as permitted by law. Information disclosed by users on-line may be re-disclosed if needed to respond to the user’s requests and inquiries. Gateway affiliates and service providers are required to follow no less than the privacy and confidentiality standards of law.

4. Links to Other Websites - While Gateway may provide links to other websites, a link on Gateway’s website is not and should not be construed as an endorsement of the content, viewpoint, policies, products or services provided or advertised on the linked site. Website visitors linking to other sites receive messages about leaving Gateway's website. Once a visitor leaves the Gateway website by linking to a site not maintained by Gateway, the visitor should become familiar with the on-line privacy statement of the linked website before accessing or supplying information.

5. Security Measures - Although Gateway makes reasonable efforts to protect user information from unauthorized use or alteration, users should be aware that there is always some risk in sending information over the Internet. Gateway uses commercially reasonable security features; however, the confidentiality of any communication or material transmitted to/from Gateway’s website or e-mail cannot be guaranteed. Gateway only grants access to personal information to those employees, affiliates, service providers and other third parties as required by law, as required to provide healthcare products and services or as the user permits.

For private health matters, members of Gateway or their authorized representatives are encouraged to contact Gateway by telephone at the number listed on the member identification cards.

6. Correction of Personal Data Collected On-Line - Gateway will provide website visitors with a summary of their personally identifiable information retained by Gateway from on-line sessions, upon request by mail, e-mail or phone. Website visitors may modify, correct, change or update personally identifiable information that Gateway has collected on-line by contacting Gateway via regular mail, e-mail or telephone.

7. Collection of Personal Data from Minors - To the extent that Gateway is able to determine the age of website visitors by their submissions to or communications with Gateway, Gateway will not knowingly collect or post information from individuals under the age of eighteen without consent of a parent or guardian.

If registration is required on the Gateway website for offered services and a visitor submits information through the website that indicates the visitor is a minor, the minor's parent or guardian will be contacted regarding the registration. If the parent or guardian agrees, the registration processing will continue. If the parent or guardian indicates a desire to withdraw the registration, Gateway will provide instructions to the parent or guardian for deletion of the registration. No information collected through Gateway’s website from users self-identified as minors will be used knowingly for any direct marketing or promotional purposes.

8. Compliance Program - Gateway’s Compliance Program regarding privacy and security of user information includes oversight of privacy practices, training of employees and maintenance and updates to security systems. Gateway will investigate privacy and security complaints through its Compliance Officer.

9. Changes to this Privacy Statement - This On-Line Privacy Statement is subject to change at any time and should be reviewed by interested website visitors periodically. Questions or concerns regarding use of on-line information may be directed to Gateway by clicking “Contact Us” from the top of any of Gateway’s web pages.

Posted May 24, 2005

GATEWAY HEALTH Plan^® PERSONAL AND HEALTH PRIVACY

THIS NOTICE DESCRIBES HOW MEDICAL AND FINANCIAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT CAREFULLY.

Gateway Health Plan^® (“Gateway”) is required to protect the privacy of your personal medical and non-public personal information. Also, Gateway is required to give you this notice about how Gateway uses or gives out (“discloses”) medical and personal (“non-public”) information held by Gateway. This protection extends to all forms of communication (oral, written, and electronic) of this information.

Gateway will use and give your medical information:

• To you or someone who acts for you (your personal representative),
• To the Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected, and
• When required by law.
• To meet your medical needs, to pay for your healthcare and to operate the Gateway benefit program, for example:
  • To give information to help the doctors or other healthcare providers who care for you;
  • To make sure you and other Gateway members get quality health care, to provide member services to you, or to resolve any complaints you have.
  • To pay or deny your claims or to share payments and payment information with your other insurer(s).

Gateway may also use or give your medical information:

• To state and federal agencies that have the legal right to receive such data,
• For public health activities (such as reporting disease outbreaks),
• For government healthcare oversight activities (such as fraud investigations),
• For judicial and administrative proceedings (such as in response to a court order),
• For law enforcement purposes (such as providing limited information to locate a missing person),
• For research studies that meet all privacy law requirements (such as research related to the prevention of disease or disability),
• To avoid a serious and likely threat to health or safety,
• To contact you about new or changed benefits,
• To contact you for appointment reminders or for disease management programs and alternative treatments that may interest you, and
• To create a collection of information that can no longer be traced back to you.

Gateway must have your written permission (an “authorization”) to use or give out your medical information for any purpose that is not listed in this notice. You may take back (“revoke”) your written permission at any time, except if Gateway already took action based on your permission.

You have the right to:

• Ask for your medical information by writing to Gateway or by calling Gateway to request a form for this purpose.
• Ask Gateway to change your medical information if you can show that it is wrong or that information is missing by writing to Gateway or by calling Gateway to request a form for this purpose. If Gateway disagrees, you may have a statement of your disagreement added to your personal medical information.
• Get a list of who received your medical information within a six-year period by writing to Gateway or by calling Gateway to request a form for this purpose. You must tell Gateway the dates for which you are requesting the list. The list will not cover information given out before April 14, 2003, information that was given to you or your personal representative, or information given for healthcare payments, for Gateway operations or for law enforcement needs.
• Ask Gateway to communicate with you in a different manner or at a different place (for example, by sending materials to a P.O. box instead of your home address), by writing to Gateway or by calling Gateway to request a form for this purpose. Gateway must have written reason(s) for your requests and may not be able to honor your request.
• Ask Gateway to limit the way your personal medical information is used or given to others, by writing to Gateway or by calling Gateway to request a form for this purpose. Please note that Gateway may not be able to do what you request.
• Call or write to Gateway to ask for a separate paper copy or e-mail copy of this Notice.

What is the non-public information that Gateway Health Plan^® collects about you?

• It is personal information but is non-medical, for example, the information you completed on your enrollment application that identifies who you are and how you can be contacted.
• Also, it is information collected for a request for services by you or your doctor.
• Also, it is information collected to answer a question or concern from you.

Can anyone receive your non-public information?

• Gateway does not give out your non-public information, except if required or permitted by law.
• Gateway does not give out your non-public information to anyone unrelated to providing your care under the health plan unless you or your representative give permission.

How does Gateway protect your non-public information?

• Gateway does not make your non-public information available to anyone other than those necessary to provide medical or health plan services to you.
• You have the right to give or withhold permission for other uses or disclosures of this information, except as required by law.

If you believe Gateway has violated your privacy rights as stated in this notice, you may file a complaint at the following address:

Privacy Officer
Gateway Health Plan^®
Regulatory, Compliance and Legal Affairs
600 Grant Street, 41st Floor
Pittsburgh, PA 15219

Filing a complaint will not affect your benefits. You may also file a complaint with the Secretary of the Department of Health and Human Services. For more information on filing a complaint or your rights stated in this notice, you may call Gateway’s Member Services Department at 1-800-685-5209 for Pennsylvania or 1-888-447-4505 for Ohio.

Gateway is required to follow the terms in this privacy notice. Gateway has the right to change the way your medical information is used and given out. If Gateway makes any changes, you will get a new notice by mail within sixty (60) days of the change.

These privacy practices went into effect April 14, 2003.