PRIVACY STATEMENT

You can browse our web site without providing any personal information. There are points in the web site at which you have the option of entering information. If you choose to do so, that information will be received by Sierra-Cedar and used for its own purposes in assisting you and for other internal purposes. It will not be sold to third parties.

Such information as you decide to submit to Sierra-Cedar via its web page is used to provide information you request, answer questions or concerns, or otherwise in the normal course of Sierra-Cedar’s business. We do not intend to share your information with people or entities outside of Sierra-Cedar and its affiliates except as is required to provide you with the service or information you have requested via the web site. If we are required by law to disclose the information you have provided to us, we will do so.

This privacy statement may be modified from time to time. It is intended as a statement of our current practices, and not as an offer or contract of any sort. If the privacy statement is amended, the amendment will be included on our web page.

Sierra-Cedar is not responsible for the privacy practices of any organization or entity to which we may provide a link on our web page. If you are concerned about those entities’ privacy policies, you should read their policies as found on their web pages.

PRIVACY SHIELD PRIVACY STATEMENT

We self-certify compliance with the Privacy Shield Framework. A list of participating organizations can be found at http://www.privacyshield.gov/list.

Privacy Shield Standards

This Privacy Shield Privacy Statement (the “Statement”) sets forth the privacy principles followed by Sierra-Cedar, Inc. and its subsidiaries (Sierra-Cedar) in connection with the transfer and protection of “personal information” received from the European Union (EU).

About The Privacy Shield

The “Privacy Shield” program was jointly established in July 2016 by the United States Department of Commerce and the European Commission, as a method for transferring personal information from the European Union (EU) to companies in the United States. The program is a voluntary self-certification process for companies operating in the United States. Companies that certify represent that they are upholding privacy standards for personal information received from the EU that have been jointly accepted by the EU Commission and the US Department of Commerce. Sierra-Cedar has certified to the Privacy Shield program and makes that commitment.

“Personal Information” means information that can directly or indirectly lead to the identification of a living person, such as an individual’s name, address, e-mail, telephone number, license number, medical identification number, photograph, or other identifying characteristic. The identification can occur by reference to one or more factors specific to the individual’s physical, physiological, mental, economic, cultural or social identity. Personal information does not include information that has been anonymized, encoded or otherwise stripped of its identifiers, or information that is publicly available, unless combined with other non-public personal information.

Scope

This Statement governs personal information transferred from countries in the EU to the United States on behalf of Sierra-Cedar. It applies to personal information in electronic and off-line formats.

Privacy Shield Privacy Principles
The following privacy principles apply to the transfer, collection, use, or disclosure of personal information from the EU by Sierra-Cedar.

Notice:

Sierra-Cedar informs individuals in the EU about the purposes for which it collects and uses their personal information, how to contact Sierra-Cedar, the types of third parties with which Sierra-Cedar shares their personal information, and the choice and means Sierra-Cedar offers for limiting the use and disclosure of their personal information.

Consistent with the Privacy Shield requirements, Sierra-Cedar may not be in a position to furnish notice in certain limited situations. Specifically, notice is not required where the processing of EU personal information is necessary to respond to a government inquiry; is required by applicable laws, court orders or government regulations; or is necessary to protect Sierra-Cedar’s legal interests and providing notice would interfere with those interests.

Choice: Sierra-Cedar will not process personal information about EU individuals for purposes other than those for which the information was originally obtained or subsequently authorized by the EU individual unless the individual affirmatively and explicitly consents (“opt-in”) to the processing, or unless an exception applies. Sierra-Cedar also provides EU individuals with the opportunity to withdraw consent at any time (“opt-out”), in which case their personal information will not be further processed.

Data Integrity: Sierra-Cedar seeks to ensure that any personal information held about EU individuals is accurate, complete, current, and otherwise reliable in relation to the purposes for which the information was obtained. Sierra-Cedar collects personal information that is adequate, relevant, and not excessive for the purposes for which it is to be processed. EU individuals have a responsibility to assist Sierra-Cedar in maintaining accurate, complete, and current personal information about them.

Transfers To Third Parties: Sierra-Cedar will only transfer personal information about EU individuals to third-parties where the third-party (a) has provided satisfactory assurances to Sierra-Cedar that it will protect the information consistently with this Statement; or (b) is located in the EU or a country considered “adequate” for privacy by the EU Commission, and therefore is required to comply with the EU data protection laws or substantially equivalent privacy laws; or (c) the third-party has also certified to the Privacy Shield, and is accordingly independently responsible for complying with the Privacy Shield requirements. Sierra-Cedar assumes responsibility for such onward transfers as required by the Privacy Shield.

Where Sierra-Cedar has knowledge that a third-party to whom it has provided EU personal information is processing that information in a manner contrary to this Statement or the Privacy Shield requirements, Sierra-Cedar will take reasonable steps to prevent or stop the processing. Sierra-Cedar will disclose personal information in response to lawful requests by public authorities, including to meet national security or law enforcement requirements.

Access and Correction: Upon written request to Sierra-Cedar, Sierra-Cedar will provide EU individuals with reasonable access to their personal information. Sierra-Cedar will also take reasonable steps to allow EU individuals to review their information for the purposes of correcting their information. There are certain limitations to the Access and Correction rights, as set forth in the US Department of Commerce’s Privacy Shield website.

Security: Sierra-Cedar takes reasonable precautions to protect EU personal information in its possession from loss, misuse, unauthorized access, disclosure, alteration, and destruction.

Enforcement: Sierra-Cedar has established internal mechanisms to verify its ongoing adherence to this Statement. Sierra-Cedar also encourages individuals covered by this Statement to raise any concerns about our processing of their personal information by contacting Sierra-Cedar’ Privacy Office at the address below. Sierra-Cedar will seek to resolve any concerns. Sierra-Cedar has also agreed to participate in the dispute resolution program provided by JAMS. Disputes will be subject to binding arbitration when so required by the Privacy Shield. Sierra-Cedar is subject to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

How to Contact Us: Questions, comments or complaints about Sierra-Cedar’s Privacy Shield Data Privacy Statement or data collection and processing practices can be e-mailed to Privacy@Sierra-Cedar.com, or mailed to Privacy Office, Sierra-Cedar, Inc., 1255 Alderman Drive, Alpharetta, GA 30005. In the event that a complaint is not satisfactorily addressed by Sierra-Cedar within a reasonable time frame, you may contact the Federal Trade Commission at http://www.ftc.gov/ftc/complaint.htm, or via phone at 202.382.4357.

EFFECTIVE DATE: August 1, 2016

HIPAA NOTICE OF PRIVACY PRACTICES FOR PERSONAL HEALTH INFORMATION

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

Dear Sierra-Cedar Employee:

This is your Health Information Privacy Notice from Sierra-Cedar, Inc. You have received this notice because you have health insurance coverage through Sierra-Cedar that is administered by one or more of the following companies: United Health Care, Delta Dental, Vision Service Plan, Discovery Benefits, or Mercer Consulting. Sierra-Cedar is obligated by law to protect the confidentiality and security of health information Sierra-Cedar collects about you. It is Sierra-Cedar’s intent that this notice comply with all relevant laws; if there is any aspect in which it does not comply with currently existing laws or laws that are modified in the future, it is Sierra-Cedar’s intent that the Notice be viewed as consistent with those legal requirements.

This notice describes how Sierra-Cedar protects the personal health information it has which relates to your Sierra-Cedar health insurance coverage (“Personal Health Information”), and how Sierra-Cedar may use and disclose this information. Personal Health Information includes individually identifiable information which relates to your past, present or future health, treatment, or payment for health care services. This notice also describes your rights with respect to the Personal Health Information and how you can exercise those rights.

Sierra-Cedar is required to provide this Notice to you by a United States law called the Health Insurance Portability and Accountability Act (“HIPAA”). For additional information regarding Sierra-Cedar’s privacy policies, please see the privacy notices contained at Sierra-Cedar’s website, www.Sierra-Cedar.com. You may submit questions to Sierra-Cedar there or you may write to Sierra-Cedar directly at Sierra-Cedar, Inc., 1255 Alderman Drive, Alpharetta, Georgia, 30005, c/o Human Resources Director.

Sierra-Cedar is required by law to:

  • maintain the privacy of your Personal Health Information;
  • provide you this notice of Sierra-Cedar’s legal duties and privacy practices with respect to your Personal Health Information; and
  • comply with the provisions of this notice.

Sierra-Cedar protects your Personal Health Information from inappropriate use or disclosure. Sierra-Cedar’s employees, and those of companies that help Sierra-Cedar service your Sierra-Cedar Health Insurance, are required to protect the confidentiality of Personal Health Information. Sierra-Cedar and those companies will look at your Personal Health Information only when there is an appropriate reason to do so, such as to administer health-related services or charges.

Sierra-Cedar will not disclose your Personal Health Information to any other companies for their use in marketing their products to you. However, as described below, Sierra-Cedar will use and disclose Personal Health Information about you for business purposes relating to your Health Insurance coverage.

The main reasons for which Sierra-Cedar may use and may disclose your Personal Health Information are to evaluate and process any requests for coverage and claims for benefits you may make. The following describe these and other uses and disclosures, together with some examples.

  • For Payment: Sierra-Cedar or its vendors may use and disclose Personal Health Information to pay for benefits under your Health Insurance coverage. For example, Sierra-Cedar or its vendors may review Personal Health Information contained on claims to reimburse providers for services rendered. Sierra-Cedar may also disclose Personal Health Information to insurance carriers to coordinate benefits with respect to a particular claim. Additionally, Sierra-Cedar may disclose Personal Health Information to a health plan or an administrator of an employee welfare benefit plan for various payment-related functions, such as eligibility determination, audit and review or to assist you with your inquiries or disputes.
  • For Health Care Operations: Sierra-Cedar may also use and disclose Personal Health Information for evaluating a request for Health Insurance services, administering those services, and processing transactions requested by you. Sierra-Cedar may also disclose Personal Health Information to the companies providing healthcare services or processing payments related to your healthcare benefits, if they need to receive Personal Health Information to provide a service to Sierra-Cedar or you and will agree to abide by specific HIPAA rules relating to the protection of Personal Health Information. Examples of such companies, in addition to those providing the actual healthcare services, are: billing companies, data processing companies, or companies that provide general administrative services. Personal Health Information may be disclosed to reinsurers for underwriting, audit or claim review. Personal Health Information may also be disclosed as part of a potential merger or acquisition involving Sierra-Cedar’s business in order to make an informed business decision regarding any such prospective transaction.
  • Where Required by Law or for Public Health Activities: Sierra-Cedar will disclose Personal Health Information when required by federal, state, or local law. Examples of such mandatory disclosures include notifying state or local health authorities regarding particular communicable diseases, or providing Personal Health Information to a governmental agency or regulator with health care oversight responsibilities. Sierra-Cedar may also release Personal Health Information to a coroner or medical examiner to assist in identifying a deceased individual or to determine the cause of death.
  • To Avert a Serious Threat to Health or Safety: Sierra-Cedar may disclose Personal Health Information to avert a serious threat to someone’s health or safety. It may also disclose Personal Health Information to federal, state or local agencies engaged in disaster relief as well as to private disaster relief or disaster assistance agencies to allow such entities to carry out their responsibilities in specific disaster situations.
  • For Health-Related Benefits or Services: Sierra-Cedar may use Personal Health Information to provide you with information about benefits available to you under your current coverage or policy and, any changes to that coverage or policy.
  • For Law Enforcement or Specific Government Functions: Sierra-Cedar may disclose Personal Health Information in response to a request by a law enforcement official made through a court order, subpoena, warrant, summons, or similar process. It may disclose Personal Health Information about you to federal officials for intelligence, counterintelligence, and other national security activities authorized by law.
  • When Requested as Part of a Regulatory or Legal Proceeding: If you or your estate are involved in a lawsuit or a dispute, Sierra-Cedar may disclose Personal Health Information about you in response to a court or administrative order. Sierra-Cedar may also disclose Personal Health Information about you in response to a subpoena, discovery request, or other lawful process by someone else involved in the dispute. Sierra-Cedar will attempt to notify you before making such a disclosure. Sierra-Cedar may disclose Personal Health Information to any governmental agency or regulator with whom you have filed a complaint or as part of a regulatory agency examination.
  • Other Uses of Personal Health Information: Other uses and disclosures of Personal Health Information not covered by this notice and permitted by the laws that apply to Sierra-Cedar will be made only with your written authorization or that of your legal representative. If Sierra-Cedar is authorized to use or disclose Personal Health Information about you, you or your legally authorized representative may revoke that authorization, in writing, at any time, except to the extent that Sierra-Cedar has taken action relying on the authorization or if the authorization was obtained as a condition of obtaining your Health Insurance coverage. You should understand that Sierra-Cedar will not be able to take back any disclosures it has already made with authorization.

Your Rights Regarding Personal Health Information Sierra-Cedar Maintains About You

The following are your various rights as a consumer under HIPAA concerning your Personal Health Information. Should you have questions about a specific right, please write to the administrator of the applicable aspect of Health Insurance coverage as follows:

Sierra-Cedar, Inc.
1255 Alderman Drive
Alpharetta GA 30327
ATTN: Human Resources

United HealthCare Services, Inc.
P.O. Box 30432
Salt Lake City, UT 84130

Delta Dental Insurance Company
1130 Sanctuary Parkway, Ste. 600
Alpharetta, GA 30009

Vision Service Plan Insurance Company
3333 Quality Drive
Rancho Cordova, CA 95670

Discovery Benefits
4321 20th Avenue SW
Fargo, ND 58103

Mercer Inc.
1225 17th Street, Ste. 1300
Denver, CO 80202

  • Right to Inspect and Copy Your Personal Health Information: In most cases, you have the right to inspect and obtain a copy of the Personal Health Information that Sierra-Cedar maintains about you. To inspect and copy Personal Health Information, you must submit your request in writing to the applicable administrator listed above. To receive a copy of your Personal Health Information, you may be charged a fee for the costs of copying, mailing, or other supplies associated with your request. In very limited circumstances Sierra-Cedar may deny your request to inspect and obtain a copy of your Personal Health Information. If Sierra-Cedar does, you may request that the denial be reviewed. The review will be conducted by an individual chosen by Sierra-Cedar who was not involved in the original decision to deny your request. Sierra-Cedar will comply with the outcome of that review.
  • Right to Amend Your Personal Health Information: If you believe that your Personal Health Information is incorrect or that an important part of it is missing, you have the right to ask Sierra-Cedar to amend your Personal Health Information while it is kept by or for Sierra-Cedar. You must provide your request and your reason for the request in writing, and submit it to the applicable company listed above. Sierra-Cedar may deny your request if it is not in writing or does not include a reason that supports the request. In addition, Sierra-Cedar may deny your request if you ask us to amend Personal Health Information that:
    • is accurate and complete;
    • was not created by Sierra-Cedar, unless the person or entity that created the Personal Health Information is no longer available to make the amendment;
    • is not part of the Personal Health Information kept by or for Sierra-Cedar; or
    • is not part of the Personal Health Information which you would be permitted to inspect and copy.
  • Right to a List of Disclosures: HIPAA provides you with the right to request a list of the disclosures Sierra-Cedar has made of your Personal Health Information. To request a list of such disclosures (subject to any HIPAA-permitted exclusions), you must submit your request in writing to the applicable administrator listed above. Your request must state the time period from which you want to receive a list of disclosures. The time period may not be longer than six years and may not include dates before February 26, 2003. Your request should indicate in what form you want the list (for example, on paper or electronically). The first list you request within a 12-month period will be free. Sierra-Cedar may charge you for responding to any additional requests. Sierra-Cedar will notify you of the cost involved and you may choose to withdraw or modify your request at that time before any costs are incurred.
  • Right to Request Restrictions: You have the right to request a restriction or limitation on Personal Health Information Sierra-Cedar uses or discloses about you for treatment, payment, or health care operations, or that Sierra-Cedar discloses to someone who may be involved in your care or payment for your care, like a family member or friend. While Sierra-Cedar will consider your request, it is not required to agree to it. If Sierra-Cedar does agree to it, it will comply with your request. To request a restriction, you must make your request in writing to the applicable administrator listed above. In your request, you must state: (1) what information you want to limit; (2) whether you want to limit use, disclosure, or both; and (3) to whom you want the limits to apply (for example, disclosures to your spouse or parent). Sierra-Cedar will not agree to restrictions on Personal Health Information uses or disclosures that are legally required, or which are necessary to administer its business.
  • Right to Request Confidential Communications: You have the right to request that Sierra-Cedar communicate with you about Personal Health Information in a certain way or at a certain location if you tell Sierra-Cedar that communication in another manner may endanger you. For example, you can ask that Sierra-Cedar only contact you at work or by mail. To request confidential communications, you must make your request in writing to the applicable administrator listed above and specify how or where you wish to be contacted. Sierra-Cedar will accommodate all reasonable requests.
  • Right to File a Complaint: If you believe your HIPAA privacy rights have been violated, you may file a complaint with Sierra-Cedar or with the Secretary of the Department of Health and Human Services. To file a complaint with Sierra-Cedar, please contact Sierra-Cedar, Privacy Office, 1255 Alderman Drive, Alpharetta, GA 30005. All complaints must be submitted in writing. You will not be penalized for filing a complaint. If you have questions as to how to file a complaint, please contact Sierra-Cedar via phone at 678.385.7540 or via email at Privacy@Sierra-Cedar.com.

ADDITIONAL INFORMATION

Changes to This Notice: Sierra-Cedar reserves the right to change the terms of this notice at any time. It reserves the right to make the revised or changed notice effective for Personal Health Information it already has about you as well as any Personal Health Information it receives in the future. The effective date of this notice and any revised or changed notice may be found on the last page, on the bottom right hand corner of the notice. You will receive a copy of any revised notice from Sierra-Cedar by mail or by e-mail.

Further Information: For additional information regarding Sierra-Cedar’s HIPAA Privacy Policy, please contact Sierra-Cedar at Privacy@Sierra-Cedar.com, 678.385.7540 or write to Sierra-Cedar, Privacy Office, 1255 Alderman Drive, Alpharetta, GA 30005.

EFFECTIVE DATE: September 23, 2013