Privacy Policy

**Effective Date: June 1st, 2025

**Last Updated: June 15th, 2025

1. Introduction

National Health Advocates (“National Health Advocates”,“we,” “us,” or “our”) operates this website to connect users with licensed health insurance agents. We are committed to protecting your privacy and complying with applicable laws, including:

HIPAA (Privacy & Security Rules)

Affordable Care Act (ACA) & CMS guidelines

TCPA/ FCC rules & Telephone Consumer Protection Act

CalOPPA, CCPA/CPRA, and state-level health data laws (e.g. California, Washington)

Other applicable state and federal privacy and consumer protection laws.

By submitting information, you consent to our practices as described herein.

---

2. Information We Collect

2.1. Web Form: Name, Date of Birth, State/Zip code, phone, and email.

2.2. Phone Call (if you engage): Address, income, occupation, lifestyle, medical history, medications, Qualifying Life Events (QLEs), etc. We collect only the minimum necessary to determine plan eligibility and agent matching.

---

3. Legal Basis for Collection

CONSENT: Expressed when you submit a form via site.

HIPAA: Permissible uses include treatment, payment, and healthcare operations. Personal Health Information is disclosed only with your authorization as required by CMS.
TCPA/FCC: Express written and topical consent for autodialed calls/texts.

---

4. How We Use Information

We use data to:

Evaluate your plan eligibility. Connect with vetted, state-licensed insurance agents. Conduct follow-up communications via phone, SMS, and email.Train staff and maintain audit logs for regulatory compliance (ACA, HIPAA, CMS). Ensure compliance with advertising and communication regulations.

---

5. Disclosure and Sharing

We do **not** sell or rent your data. We may share information with:

Licensed insurance agents under HIPAA-compliant Business Associate Agreements.Vendors (secure storage or call systems) under confidentiality obligations. Legal authorities when required (e.g. court order).

---

6. Communications & Consent

By submitting your information, you consent to:

Phone, email, or SMS outreach including autodialed or prerecorded messages

Messaging focused strictly on health insurance (logically related to consent). You may Opt‑out at any time via “STOP” reply, email, web form, or phone. We’ll process opt‑outs within mandated FCC timelines.

---

7. Telemarketing Standards

In compliance with FCC rules:

We provide agent names & contact details at the start of each call. Keep calls up to 60 seconds; up to 160 characters; and no more than 3 calls per week or 1 text a day. We will not misrepresent offerings or conceal material restrictions for health plan qualifications.

---

8. HIPAA & CMS Compliance

We only take minimum necessary personal health information only; and do not market without written authorization. Written patient authorization must be in plain language, including expiration & revocation rights per CMS. Beneficiary QLE documentation and verification will be accounted for. CMS requires full recording of marketing or enrollment calls; records retained for up to 10 years. We maintain HIPAA Privacy and Security Rules for EPHI: administrative, physical & technical safeguards.

---

9. State‑Level and Sensitive Health Data Laws

CalOPPA: Prominently link and fully disclose data practices for CA residents ([en.wikipedia.org][4])

* **CCPA/CPRA**: California residents may opt out of data sales, correct or delete data; provide toll-free request method ([en.wikipedia.org][11])

* **CHD Laws** (e.g., WA, CT): Explicit consent required, separate rights notification & deletion requests ([reuters.com][7])

---

10. Data Security

We apply robust measures to assure your information is protected and stored correctly.

SSL encryption, secure storage with access controls. Regular audits and staff training, and Business Associate Agreements for vendors handling personal health information are all in place to provide security for any information shared via website or phone call.

---

11. Your Rights

Across federal and state laws, you may:
Access, correct, or request deletion of your data. Withdraw communications consent. View marketing and enrollment recordings when requested where applicable. Submit complaints to federal (OCR, FCC, FTC) or state agencies.

California residents: toll-free access, "Do Not Sell My Personal Info" link, and 12-month opt‑out bar per CCPA/CPRA ([covelaw.com][17], [security.cms.gov][8], [en.wikipedia.org][18], [privacyanddatasecurityinsight.com][10], [psmbrokerage.com][2], [en.wikipedia.org][11])

---

12. Updates to This Policy

Policy changes will be published with updated dates. Continued use post-update implies acceptance.

---