|
|
Privacy Policy
BECAUSE YOUR TRUST IS SO IMPORTANT
Your trust is the cornerstone of our relationship. That is why we work so diligently
to safeguard your privacy. The information that you provide us is kept in the
strictest of confidence. We have no intentions of selling personal
information about our customers to third-party businesses. We are proud to
make that commitment to you, because your trust is the foundation of our
business.
The following privacy policy explains how we use and protect the information
about our customers. We ask that you read it carefully.
NOTICE OF YOUR FINANCIAL PRIVACY RIGHTS
We, our, and us,
when used in this notice, mean Cornerstone National Bank.
This is our privacy notice for our customers. When we use the
words 'you' and 'your' we mean the following types of customers:
- Our consumer customers
who have a continuing relationship by purchasing or holding financial
products or services such as a(n):
- Deposit
account
- Loan account
- Credit
card account
- Safe deposit
box
- Self-directed
Individual Retirement Account
- Former customers
We will tell you the sources of
the information we collect about you. We will tell you what measures we
take to secure that information. We first define some terms.
Nonpublic personal information means information about you that
we collect in connection with providing a financial product or service to
you. Nonpublic personal information does not include information that is
available from public sources, such as telephone directories or government
records. Hereafter, we will use the term "information" to mean
nonpublic personal information as defined in this section. An affiliate is a company we own or control, a company that owns or
controls us, or a company that is owned or controlled by the same company
that owns or controls us. Ownership does not mean complete ownership, but means
owning enough to have control. A nonaffiliated third party is a person we do not employ
or a company that is not an affiliate of ours. This is
also known as nonaffiliated third party, or simply, an "other
party". THE INFORMATION WE COLLECT
We collect information about you from the
following sources:
- Information you give us on applications or other forms
- Information about your transactions with us
- Information about your transactions with our affiliates
- Information about your transactions with other parties
- Information from a consumer reporting agency
- Information we receive through our Customer Identification Program
INFORMATION WE DISCLOSE ABOUT YOU
We do NOT disclose any information about you to anyone, except as
permitted by law. Examples of this might include disclosures
necessary to service your account or prevent unauthorized transactions.
THE CONFIDENTIALITY, SECURITY, AND INTEGRITY OF YOUR INFORMATION
We restrict access to information about you to those employees who need to
know that information to provide products or services to you. We maintain
physical, electronic, and procedural safeguards to protect this
information.
INFORMATION ABOUT FORMER CUSTOMERS
We have the same policy about disclosing information about
former customers as we do about current customers.
CORNERSTONE NATIONAL BANK BENEFIT PLAN
NOTICE OF PRIVACY PRACTICES
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED
AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. PLEASE REVIEW IT
CAREFULLY.
The Cornerstone National Bank Benefit Plan (the “Plan”) is required by the Health
Insurance Portability and Accountability Act (“HIPAA”) to protect the privacy
of your personal health information held by the Plan. The Plan provides health and/or dental
benefits to you through one or more health care related benefit programs
described in your summary plan description(s). The Plan is sponsored by Cornerstone National Bank (the
“Company”).
The Plan receives and maintains your personal health information in the course of
providing these benefits to you. The Plan hires business associates, such as Blue Cross Blue Shield of South
Carolina and the South Carolina Bankers Employee Benefit Trust, to help it
provide these benefits to you. These business associates also receive and maintain your personal health
information in the course of assisting the Plan.
THE EFFECTIVE DATE OF THIS NOTICE IS APRIL 14, 2004.
The Plan is required to follow the terms of this notice until
it is replaced. The Plan reserves the right to change the terms of this notice at any time. If the Plan makes
significant changes to this Notice, the Plan will revise it and send a new notice at that time. The Plan reserves
the right to make the new changes apply to all your personal health information maintained by or
for the Plan before and after the effective date of the new notice.
General Privacy Standard.
Under HIPAA, the Plan and its business associates may use or
give out (“disclose”) your personal health information without
your authorization (written
permission) for the purposes described below unless there is
a state or federal law that provides you with greater protection
of your privacy rights
than HIPAA. For example, state or federal law may require that
the Plan take additional precautions before using or disclosing
certain types of health information such as mental health
records, alcohol or substance abuse records, or prescription
information. State or federal law may also give you greater
access to your personal health information than HIPAA.
The Plan will make every effort to comply with the requirements of the applicable
state or federal law and HIPAA. This means that regardless of which law applies, your health information will be
afforded the greatest level of privacy protection and you will be granted the
most access to your health information.
Purposes for which the Plan May Use or Disclose Your Personal Health
Information Without Your Permission or An Opportunity to Agree or Object
The Plan and
its business associates may use or disclose your personal health
information without your authorization
or an opportunity to agree or object for the purposes described
below. The Plan and its business associates have their own
policies and procedures to ensure these uses or disclosures
are
limited to the minimum amount of your personal health information
reasonably necessary to accomplish the described purpose.
- Payment.
The Plan has the right to use and disclose
your personal health information to make decisions about payment for your
health care. “Payment” includes a variety of activities, including decisions about your eligibility or
coverage; processing claims (including paying claims and seeking payment from
other responsible third parties); reviewing medical necessity, coverage,
appropriateness of care and support for charges; conducting utilization
review (precertification, concurrent or retrospective reviews); and making
limited disclosures to collection or credit reporting agencies concerning
your payment of premiums. Examples: The Plan reviews and uses
information about treatment you have received to determine whether that
treatment is covered under a Benefit Program and whether to pay or deny a
claim. The Plan also uses your personal health information to make decisions when
you or your health care provider appeals the denial of a claim.
- Health Care Operations.
The Plan has the right to use and disclose your personal health information to conduct its
health care operations. “Health Care Operations” of the Plan include quality improvement activities, case
management and care coordination and evaluating Plan performance. They also include accreditation, licensure
or credentialing activities. The Plan also conducts activities related to creating, renewing or replacing Benefit
Programs or contracts for those programs. The Plan performs or contracts for audit, fraud detection and
compliance services. The Plan also does business planning and development for the Plan and its Benefit Programs
(including developing or improving benefits, payment methods and coverage
policies), along with general business management and administrative
activities. The Plan may also use your personal health information to contact you about other health-related
benefits and services offered by the Plan. Examples: The Plan may use or disclose your
personal health information for the purpose of coordinating your care to
reduce the cost of your care. The Plan may also use or disclose your personal health information when it is
evaluating the financial performance of the Plan or any of its Benefit
Programs, or deciding whether to offer or continue offering certain benefits.
- To Business Associates.
The Plan may disclose your personal health information to those business associates with whom the Plan contracts to
assist the Plan in performing the payment and health care operations activities of the Plan and its Benefit Programs such
as Blue Cross Blue Shield of South Carolina and the South Carolina Bankers Employee Benefit Trust. Each business
associate of the Plan must agree in writing to ensure the continuing privacy and security of
your personal health information it creates, receives or uses. Certain business associates may have the
only copies of your personal health information, and will assist the Plan in carrying out its responsibilities with regard to
your rights to access and amend that information. These rights are described below.
- To the Company as Plan Sponsor
The Plan may disclose to the Company as the Plan sponsor claims history and other similar
information. This will be summary information that does not disclose your name or other distinguishing
characteristics. The Plan may also disclose to the Company as Plan sponsor the fact that you are enrolled in, or
disenrolled from the Plan or any of its Benefit Programs.
The Plan may disclose your personal health information to certain designated employees of the
Company whose job responsibilities include assisting the Plan in performing
payment and health care operations activities for the Plan and its Benefit
Programs. The Company has agreed to ensure the continuing privacy and security of your personal health
information. The Company has also agreed not to routinely use or disclose your personal health information for
employment-related activities or for the purpose of administering any other benefit plans that are exempt from
the HIPAA privacy regulations.
- Required by Law
The Plan may use or disclose your personal health information to the extent required by law. These laws include any
applicable federal, state or local laws that would require the Plan or its business associates to make a specific use
or disclosure of your personal health information. The way these disclosures are made and the amount and type of
personal health information disclosed will be limited to the legal requirement. In certain cases the Plan may be required
to notify you that a disclosure has been or will be made.
- Public Health and Health Oversight Activities
The Plan may disclose your personal health information to public health authorities
that are authorized by state, federal or local law to collect information for
purposes such as preventing or controlling disease, injury or disability or
notification of exposure to communicable diseases. The Plan may also disclose your personal health information to
a federal, state or local agency required by law to oversee, license, inspect or investigate programs where health
related information is collected or used.
- Lawsuits or Similar Proceedings
The Plan may disclose your personal health information in response to a court order or
an administrative order. The Plan may also disclose your personal health information in response to a subpoena or
other type of lawful request from an attorney involved in a lawsuit, or from
a government agency or investigator involved in an administrative proceeding. In the case of a subpoena or other lawful
request, the Plan is required to make sure you are aware of the request or
obtain an assurance that your personal health information will be used appropriately.
- Law Enforcement
The Plan may disclose your relevant personal health information in response to a court
ordered warrant, subpoena or summons; a grand jury subpoena; or a civil
investigative demand made by an agency or officer for legitimate law enforcement inquiry.
- Coroners and Medical Examiners
The Plan may disclose your personal health information to a coroner or medical
examiner for purposes of identifying a deceased person or determining the cause of death.
- Organ, Eye or Tissue Donation
The Plan may disclose your personal health information to facilitate organ, eye or
tissue donation or transplantation as allowed by the state’s organ procurement laws.
- Threats to Public Health
The Plan may be required to disclose limited personal health information to the extent
the Plan in good faith determines such disclosure is necessary to prevent or
lessen a serious and imminent threat to public health or safety, or to the
health or safety of a specific individual.
- Specialized Government Functions
The Plan may be required to disclose your personal health information to the United
States or a State government if you are an active or veteran member of the
military, seeking a government security clearance or permission to travel
abroad, if you are in lawful custody, or if the government requires such
information to conduct lawful national security activities.
- Worker’s Compensation
The Plan may disclose your personal health information as authorized by the state’s
workers compensation laws.
Purposes for which the Plan Must Give You and Opportunity to Agree or
Object to Use or Disclose Your Personal Health Information
The Plan may disclose personal health information related to payment for your health care under the Plan to your
family members, other relatives or anyone else identified by you as involved
in your care in the following circumstances:
- If you bring the individual with you to discuss an issue arising from payment for your
health care under the Plan, unless you object or notify us otherwise at
the time we may infer from their presence that you agree we may discuss
your personal health information with that individual;
- If you are incapacitated or in a situation such as a medical emergency and cannot
agree or object, we may disclose your personal health information to
your personal representatives to assist them in obtaining payment for
your health care; or
- If you sign an authorization specifically allowing the Plan to disclose your personal health
information to such an individual.
Uses and Disclosures with Your Written Permission (Authorization)
The Plan will not use or disclose your personal health information for any purposes other than those described above
unless you give your written permission (“authorization”) to do so, using a form approved or supplied by the Plan
or its business associate. If you give a valid written authorization to use or disclose your personal health information
then, in most cases, you may revoke it in writing at any time.>Your revocation will be effective for all the personal health
information the Plan and its business associates maintain, unless the information has already been disclosed in reliance on
your prior written authorization. Except in limited eligibility and enrollment circumstances, your right to receive benefits under
the Plan cannot be conditioned upon your signing an authorization allowing the Plan to use or disclose your personal health
information in a manner not described in this Notice.
Your Rights
You may make a written request to the Plan to do one or more of the following
concerning your personal health information that the Plan maintains:
- To put additional
restrictions on the Plan’s use and disclosure of your personal health
information. The Plan does not have to agree to your request.
- To ask the Plan
communicate with you in confidence about your personal health information by
a different means or at a different location than the Plan is currently
using. The Plan does not have to agree to your request unless necessary to avoid endangering you. Your request must
specify the alternative means or location to communicate with you in confidence.
- To see and get copies
of your personal health information that is created or maintained by the Plan
or its business associates. In limited cases, the Plan does not have to agree to your request.
- To correct your personal health information that is created or maintained by the Plan. In some cases,
the Plan does not have to agree to your request.
- To receive a list of disclosures
of your personal health information that the Plan and its business associates
made for the last 6 years (but not for disclosures made before April 14,
2004). The Plan is not required to list disclosures made for treatment, payment or health care operations, or
disclosures made with your authorization.
- To send you a paper copy of this notice if you received this notice by e-mail or on the internet.
If you want to exercise any of these rights described in this Notice, please
contact the designated Plan Contact at the address provided below. The Plan Contact will give you the
necessary information and forms for you to complete and return. In some cases, the Plan may charge you a
nominal, cost-based fee to carry out your request.
Complaints
If you believe your privacy rights have been violated by the Plan, you have the
right to complain to the Plan or to the Secretary of the U.S. Department of Health and Human Services. You may
file a complaint with the Plan Contact designated below, or ask for the address of the appropriate regional office
of the Secretary of the USDHHS. Neither the Plan nor the Company will retaliate against you if you choose to file a complaint.
Contact Office
To request additional copies of this notice or to receive more information about our
privacy practices or to exercise any of your rights, including your right to file a complaint, please contact us at the
following Contact Office:
Privacy Officer
c/o South Carolina
Bankers Association
Telephone:
803-779-0850
Fax:
803-256-8150
E-mail:
teresataylor@scbankers.org
Address:
P.O. Box 1483 Columbia, South Carolina 29202
|
|
|
