As a representative of National Guardian Life Insurance Company (“NGL”), you will collect and maintain Protected Health Information (“PHI”) on behalf of and about our applicants and insureds. The federal Health Insurance Portability and Accountability Act (“HIPAA”) regulations on privacy and security limit how insurance companies and their representatives may use and/or disclose this information whether in paper or electronic form. You are required by federal law to abide by such limitations. In many cases, authorization from an applicant or insured must be obtained for the use or disclosure of such information. In order to protect the privacy and security of an applicant’s or insured’s PHI and to comply with federal law, you are required to comply with the policies and procedures as set forth below and in your NGL Agent Agreement.

Definitions
Breach - The acquisition, access, use or disclosure of PHI in a manner that compromises the security or privacy of the PHI.

Disclosure - The release, transfer, provision of access to, or divulging in any manner of PHI to persons not employed by or working on behalf of or within NGL.

Electronic PHI (EPHI) - PHI that is transmitted or maintained using electronic media.

Health Care Operations - Health Care Operations include NGL’s operations.

Protected Health Information (PHI) - PHI includes information that is created or received by NGL and relates to the past, present, or future physical or mental health or condition of an applicant or insured; the provision of health care to an applicant or insured; or the past, present, or future payment for the provision of health care to an applicant or insured; and that identifies the applicant or insured or for which there is a reasonable basis to believe the information can be used to identify the applicant or insured, whether living or deceased, as well as all non-public personal information. For purposes of this policy, PHI includes all of the following:

• Names
• Street address, city, county, zip code
• Dates directly related to an applicant or insured, including birth date, health care facility admission and discharge date, dates of service, date of claim, and date of death
• Telephone numbers, fax numbers, and electronic mail addresses
• Social Security numbers
• Medical record numbers
• Policy numbers or health plan beneficiary numbers
• Account numbers
• Certificate/license numbers
• Vehicle identifiers and serial numbers, including license plate numbers
• Web Universal Resource Locators (URLs)
• Biometric identifiers, including finger and voice prints
• Full face photographic images and any comparable images
• Any other unique identifying number, characteristic, or code

Use - The sharing, employment, application, utilization, examination, or analysis of PHI by any person working for or within NGL or by a representative of NGL.

As a condition of your NGL Agent Agreement, you are required to comply with the following regarding the PHI of applicants and insureds.

Breach of PHI
The acquisition, access, use or disclosure of PHI in a manner not permitted by the HIPAA privacy and security rules is presumed to be a breach. For example, if a fax containing PHI is sent to an unintended recipient, this is presumed to be a breach. You must contact NGL immediately if there is any reason to believe that there has been, may be or will be a breach of PHI. Once a Breach is reported, LifeCare’s Privacy Officer/Security Officer will conduct a full risk assessment to determine if the presumption of breach can be overcome and the appropriate action will be taken. The company is required by law to report all confirmed breaches to the U.S. Department of Human and Health Services.

Electronic Messaging That Contains EPHI
Encryption will be used when electronic messaging documents containing EPHI to and from secured domains. Documents containing EPHI are not to be electronically sent to unsecured domains (e.g. AOL, Yahoo, etc.) unless you use secure messaging. If you are unsure if a domain is secure, you are to contact privacy@ngl-essentialltc.com or (888) 505‑2332 before transmitting any documents containing EPHI.

Mitigating Misuses of PHI
All NGL representatives must immediately notify NGL if they become aware of any possible privacy or security violations. Such representatives must cooperate with NGL to mitigate, to the extent practicable, any harmful effect that is known to them that is the result of the use or disclosure of PHI in violation of this or any other policy of NGL.

Reporting Violations

• Any NGL representative who discovers a privacy or security violation must immediately notify privacy@ngl-essentialltc.com or (888) 505‑2332.
• Any representative who discovers a privacy or security violation but does not report the violation may be subject to termination of the business relationship, depending on the severity of the misconduct.

Any questions about this policy may be directed to the Security Officer or Privacy Officer at privacy@ngl-essentialltc.com or (888) 505‑2332.