Privacy Center

Notice of Privacy Practices (Download PDF Version)

Version Date: October 18 2022

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION. 

PLEASE REVIEW THIS NOTICE CAREFULLY.

This Notice of Privacy Practices (Notice) describes the privacy practices of Troy Health, Inc. (dba Troy Medicare). (In this Notice, we may also refer to Troy, we, us, or our). It also applies to the members of Troy Medicare. Troy Medicare is a single entity to comply with the Health Insurance Portability and Accountability Act (HIPAA).

Troy Medicare can share Protected Health Information (PHI) with its health plan delegates for the treatment, payment, and health care operations as allowed by HIPAA and this Notice.

Effective date: This Notice became effective on October 18, 2022.

In this Notice, we describe: 

  • Information we collect about you
  • How we use and share your information
  • Times when we must share your information
  • Your rights under the law
  • How we keep your information safe
  • How we comply with the law
  • When this Notice may change

Information we collect about you

We get information about you from many sources, including from you. But we also can get it from other insurers and health care providers such as doctors. This is called Protected Health Information (PHI). It includes personal information that may identify you that is not public information. And it includes information about your health, medical conditions, prescriptions, and payment for health care products and services. 

It may include:

  • Demographic data (like your name and address)
  • Health details (like medical history)
  • Test results (like a lab test)

  • Insurance information (like your member ID)
  • Other information used to identify you or that’s linked to your health care or coverage.

How we use and share your information without your authorization

In supplying your health benefits, we may use and share PHI about you in varied ways. 

  1. Health care operations: We may use and share your PHI for our health care operations. Those are actions we need to do to run our health business, including:
  1. Quality assessment and improvement
  2. Licensing
  3. Accreditation by independent organizations
  4. Performance measurement and outcomes assessment
  5. Health services planning and development activities
  6. Preventive health, disease and case management, and care coordination

For example, we may use your PHI to offer you programs for certain conditions, such as diabetes, asthma, or heart failure. We may also use it for other operations requiring use and disclosure, such as:

  • Administering reinsurance and stop loss
  • Investigating fraud
  • Running pharmaceutical programs and payments
  • Performing general administrative activities (information systems, data management, and customer service)
  • Creating de-identified data (data that no longer identifies you may be used for analytics, business planning, or other reasons).

  1. Payment: We may use and disclose your PHI to help pay for your covered services when:
  1. Doing utilization and medical necessity reviews
  2. Coordinating care
  3. Deciding eligibility
  4. Deciding on drug list compliance
  5. Handling premium payments
  6. Calculating cost-sharing amounts
  7. Responding to complaints, appeals and requests for external reviews

We carry out these tasks to make sure we pay for your care the right way. 

We may use your health history and other PHI to decide on whether a treatment is medically necessary and what the payment should be. During this process, we may share information with your health care provider. 

We may also mail Explanation of Benefits (EOB) forms and other information to the address we have for the member. 

  1. Treatment: We may share your PHI with the health care providers who take care of you – doctors, dentists, pharmacists, and facilities. Sometimes doctors may ask for your medical information from us for their own records. 

Disclosures to other covered entities: We may share your PHI with other covered entities or their business associates. This may be for treatment, payment, or certain health care operations. 

Additional Reasons for Use and Disclosure without your Authorization

We may use or share PHI about you in providing you with other health related benefits and services. We may also use or share your PHI without your authorization in support of:

  • Health Oversight – to health oversight agencies (e.g., agencies that oversee the health care system and government benefit programs) for purposes of oversight activities authorized by law (e.g., investigations, audits, licensure or disciplinary actions).
  • Workers’ Compensation – to comply with workers’ compensation laws.
  • Law Enforcement – to government law enforcement officials as permitted or required by law.
  • Legal Proceedings – in response to a court order or other lawful process.
  • Public Welfare – to address matters of public interest as required or permitted by law (e.g., child abuse, public health threats, investigations, disease controls, product recalls).
  • As Required by Law – to comply with legal obligations and requirements
  • Decedents – to a coroner or medical examiner for the purpose of identification, determining a cause of death, or as authorized by law.
  • Organ Procurement – to respond to organ donation groups for the purpose of facilitating donation and transportation.
  • Abuse, Neglect, or Domestic Violence – to government authorities, social services or adult protective service agencies, authorized to receive such reports, if we believe you are a victim of abuse, neglect, or domestic violence. We will inform you of such a disclosure, unless doing so would place you at risk of serious harm or not be in your best interest.
  • Specialized Government Functions and Correctional Institutions – to authorized government officials for purposes of national security and intelligence activities, protective services for the President, and medical suitability determinations. If you are under the custody of a correctional institution or a law enforcement official, we may disclose your PHI to such parties if certain representations are made (e.g., the information is necessary to provide you with health care or the health and safety of others).


Times when we must share your information

We may share your PHI with people involved in your health care. We may also share with those involved in paying for your care. For example, if a family member or caregiver calls us about a 

claim, we may tell them what processing stage it's in. You have a right to stop or limit this kind of sharing (disclosure). To do so, call Member Services. 

When we need your okay to use or share your information

If we have not described a use or disclosure above, we will need you to say it’s okay in writing to use or disclose your PHI. For example, we will get your okay for:

  • Marketing purposes
  • Sharing any psychotherapy notes
  • If linked to the sale of your PHI
  • For other reasons as required by law

Even if you gave us your okay, you could withdraw it at any time. You just need to let us know in writing. If we haven’t already acted on it, we’ll stop using or sharing your information for that purpose. If you have any questions about written permission, call Member Services. 

We must also follow state privacy laws that may be stricter (or more protective of your PHI) than federal law. 

Your rights under federal privacy laws

You have the right to:

  • Ask us to communicate with you how or where you choose. For example, you may want us to send health information to another person. If it’s a reasonable request, we will make it happen.
  • Ask us to limit the way we use or share your information when it comes to health care operations, payment, and treatment. We will consider but may not agree to such requests. You also have the right to ask us to restrict sharing with people involved in your health care. 
  • Ask us for a copy of PHI that’s part of a “designated record set.” This may include medical records. It may also include other records we keep and use for:

  • Enrollment
  • Payment
  • Claims processing
  • Medical management
  • Other decisions

We may ask you to request this in writing. And we may charge a reasonable fee for making and mailing copies. Sometimes, we may need to deny the request.

  • Ask us to fix your PHI. You need to ask this in writing. And you must include the reason for the request. If we deny it, you may write to us to let us know you disagree.
  • Ask us to give you a list of certain disclosures we have made about you, such as PHI we’ve shared with government agencies that license us. This is called accounting. You need to ask for this in writing. If you ask for this kind of list more than once in a 12-month period, we may charge you a reasonable fee.
  • Be notified after a breach of your PHI.
  • Insurers aren’t allowed to take part in pretext interviews, except in some cases, such as suspected fraud or criminal activity. We don’t take part in those. 

You may make any of the requests (if they apply), ask for a paper copy of this Notice, or ask questions about this Notice. You can do this by calling Member Services. 

You have the right to file a complaint if you think someone has violated your privacy rights. To do so, send a letter to: 

Troy Medicare

Attn: Chief Compliance Officer

P.O. Box 30516

Charlotte, NC 28230-0516

You may also contact the Secretary of the U.S. Department of Health and Human Services, Office of Civil Rights at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf or send an email to OCRMail@hhs.gov, or call 1-800-368-1019, TTY/TDD 1-800-537-7697.

How we keep your information safe

We use administrative, technical, and physical safeguards to keep your information from unauthorized access and other threats and hazards to its security and integrity. We comply with all state and federal laws that apply related to the security and confidentiality of your PHI. 

We don’t destroy your PHI even when you end your coverage with us. We may need to use and share it even after your coverage terminates with us. We will continue to protect your information against inappropriate use or disclosure.

How we comply with the law

Federal privacy laws require us to keep your PHI private. We must tell you about our legal duties and privacy practices. We must also follow the terms of the Notice in effect.

When this Notice may change

We may change the terms of the Notice and our privacy policies anytime. If we do, the new terms and policies will be effective for all the information we now have about you. And they’ll apply to any information that we may get or hold in the future. 

If we make material changes to our privacy policies, we will promptly revise our Notice. We will also post the revised Notice on our website.

You can ask for a copy of the revised Notice by calling Member Services.

We comply with applicable Federal civil rights laws and Troy Medicare does not discriminate on the basis of race, color, national origin, age, disability, or gender. 

If you believe that we have failed to provide language services or discriminated in another way on the basis of race, color, national origin, age, disability, or gender, you can file a grievance by calling Member Services at 1-888-494-8769. TTY users call 711. We are available 8am -8pm Eastern time, Monday through Friday, and from October 1 to March 31, 7 days a week.

GENERAL

Troy Health Inc. (“Company” or “we” or “us” or “our”) respects the privacy of its users (“user” or “you”) that use our website located at troymedicare.com, including other media forms, media channels, mobile website or mobile application related or connected thereto (collectively, the “Website”). The following Company privacy policy (“Privacy Policy”) is designed to inform you, as a user of the Website, about the types of information that Company may gather about or collect from you in connection with your use of the Website. It also is intended to explain the conditions under which Company uses and discloses that information, and your rights in relation to that information. Changes to this Privacy Policy are discussed at the end of this document. Each time you use the Website, however, the current version of this Privacy Policy will apply. Accordingly, each time you use the Website you should check the date of this Privacy Policy (which appears at the beginning of this document) and review any changes since the last time you used the Website.

The Website is hosted in the United States of America and is subject to U.S. state and federal law. If you are accessing our Website from other jurisdictions, please be advised that you are transferring your personal information to us in the United States, and by using our Website, you consent to that transfer and use of your personal information in accordance with this Privacy Policy. You also agree to abide by the applicable laws of applicable states and U.S. federal law concerning your use of the Website and your agreements with us. Any persons accessing our Website from any jurisdiction with laws or regulations governing the use of the Internet, including personal data collection, use and disclosure, different from those of the jurisdictions mentioned above may only use the Website in a manner lawful in their jurisdiction. If your use of the Website would be unlawful in your jurisdiction, please do not use the Website.

BY USING OR ACCESSING THE WEBSITE, YOU ARE ACCEPTING THE PRACTICES DESCRIBED IN THIS PRIVACY POLICY.

GATHERING, USE AND DISCLOSURE OF NON-PERSONALLY-IDENTIFYING INFORMATION

Users of the Website Generally

“Non-Personally-Identifying Information” is information that, without the aid of additional information, cannot be directly associated with a specific person. “Personally-Identifying Information,” by contrast, is information such as a name or email address that, without more, can be directly associated with a specific person. Like most website operators, Company gathers from users of the Website Non-Personally-Identifying Information of the sort that Web browsers, depending on their settings, may make available. That information includes the user’s Internet Protocol (IP) address, operating system, browser type and the locations of the websites the user views right before arriving at, while navigating and immediately after leaving the Website. Although such information is not Personally-Identifying Information, it may be possible for Company to determine from an IP address a user’s Internet service provider and the geographic location of the visitor’s point of connectivity as well as other statistical usage data. Company analyzes Non-Personally-Identifying Information gathered from users of the Website to help Company better understand how the Website is being used. By identifying patterns and trends in usage, Company is able to better design the Website to improve users’ experiences, both in terms of content and ease of use. From time to time, Company may also release the Non-Personally-Identifying Information gathered from Website users in the aggregate, such as by publishing a report on trends in the usage of the Website.

Web Cookies

A “Web Cookie” is a string of information which assigns you a unique identification that a website stores on a user’s computer, and that the user’s browser provides to the website each time the user submits a query to the website. We use cookies on the Website to keep track of services you have used, to record registration information regarding your login name and password, to record your user preferences, to keep you logged into the Website and to facilitate purchase procedures. Company also uses Web Cookies to track the pages that users visit during each Website session, both to help Company improve users’ experiences and to help Company understand how the Website is being used. As with other Non-Personally-Identifying Information gathered from users of the Website, Company analyzes and discloses in aggregated form information gathered using Web Cookies, so as to help Company, its partners and others better understand how the Website is being used. COMPANY USERS WHO DO NOT WISH TO HAVE WEB COOKIES PLACED ON THEIR COMPUTERS SHOULD SET THEIR BROWSERS TO REFUSE WEB COOKIES BEFORE ACCESSING THE WEBSITE, WITH THE UNDERSTANDING THAT CERTAIN FEATURES OF THE WEBSITE MAY NOT FUNCTION PROPERLY WITHOUT THE AID OF WEB COOKIES. WEBSITE USERS WHO REFUSE WEB COOKIES ASSUME ALL RESPONSIBILITY FOR ANY RESULTING LOSS OF FUNCTIONALITY.

Web Beacons

A “Web Beacon” is an object that is embedded in a web page or email that is usually invisible to the user and allows website operators to check whether a user has viewed a particular web page or an email. Company may use Web Beacons on the Website and in emails to count users who have visited particular pages, viewed emails and to deliver co-branded services. Web Beacons are not used to access users’ Personally-Identifying Information. They are a technique Company may use to compile aggregated statistics about Website usage. Web Beacons collect only a limited set of information, including a Web Cookie number, time and date of a page or email view and a description of the page or email on which the Web Beacon resides. You may not decline Web Beacons. However, they can be rendered ineffective by declining all Web Cookies or modifying your browser setting to notify you each time a Web Cookie is tendered, permitting you to accept or decline Web Cookies on an individual basis.  

Analytics

We may use third-party vendors, including Google, who use first-party cookies (such as the Google Analytics cookie) and third-party cookies (such as the DoubleClick cookie) together to inform, optimize and serve ads based on your past activity on the Website, including Google Analytics for Display Advertising. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content and better understand online activity. If you do not want any information to be collected and used by Google Analytics, you can install an opt-out in your web browser (https://tools.google.com/dlpage/gaoptout/) and/or opt out from Google Analytics for Display Advertising or the Google Display Network by using Google’s Ads Settings (www.google.com/settings/ads).

Aggregated and Non-Personally-Identifying Information

We may share aggregated and Non-Personally Identifying Information we collect under any of the above circumstances. We may also share it with third parties and our affiliate companies to develop and deliver targeted advertising on the Website and on websites of third parties. We may combine Non-Personally Identifying Information we collect with additional Non-Personally Identifying Information collected from other sources. We also may share aggregated information with third parties, including advisors, advertisers and investors, for the purpose of conducting general business analysis. For example, we may tell our advertisers the number of visitors to the Website and the most popular features or services accessed. This information does not contain any Personally-Identifying Information and may be used to develop website content and services that we hope you and other users will find of interest and to target content and advertising.

COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION

Website Registration

As defined above, Personally-Identifying Information is information that can be directly associated with a specific person. Company may collect a range of Personally-Identifying Information from and about Website users. Much of the Personally-Identifying Information collected by Company about users is information provided by users themselves when (1) registering for our service, (2) logging in with social network credentials, (3) participating in polls, contests, surveys or other features of our service, or responding to offers or advertisements, (4) communicating with us, (5) creating a public profile or (6) signing up to receive newsletters. That information may include each user’s name, address, email address and telephone number, and, if you transact business with us, financial information such as your payment method (valid credit card number, type, expiration date or other financial information). We also may request information about your interests and activities, your gender, age, date of birth, username, hometown and other demographic or relevant information as determined by Company from time to time. Users of the Website are under no obligation to provide Company with Personally-Identifying Information of any kind, with the caveat that a user’s refusal to do so may prevent the user from using certain Website features.

BY REGISTERING WITH OR USING THE WEBSITE, YOU CONSENT TO THE USE AND DISCLOSURE OF YOUR PERSONALLY-IDENTIFYING INFORMATION AS DESCRIBED IN THIS “COLLECTION, USE AND DISCLOSURE OF PERSONALLY-IDENTIFYING INFORMATION” SECTION.

Company Communications

We may occasionally use your name and email address to send you notifications regarding new services offered by the Website that we think you may find valuable. We may also send you service-related announcements from time to time through the general operation of the service. Generally, you may opt out of such emails at the time of registration or through your account settings, though we reserve the right to send you notices about your account, such as service announcements and administrative messages, even if you opt out of all voluntary email notifications.

Company Disclosures

Company will disclose Personally-Identifying Information under the following circumstances:

•   By Law or to Protect Rights. When we believe disclosure is appropriate, we may disclose Personally-Identifying Information in connection with efforts to investigate, prevent or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of Company, our users, our employees or others; to comply with applicable law or cooperate with law enforcement; to enforce our Terms of Use or other agreements or policies, in response to a subpoena or similar investigative demand, a court order or a request for cooperation from a law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.

•   Marketing Communications. Unless users opt-out from receiving Company marketing materials upon registration, Company may email users about products and services that Company believes may be of interest to them. If you wish to opt-out of receiving marketing materials from Company, you may do so by following the unsubscribe link in the email communications, by going to your account settings (if applicable) or contacting us using the contact information below.

•   Third-Party Service Providers. We may share your Personally-Identifying Information, which may include your name and contact information (including email address) with our authorized service providers that perform certain services on our behalf. These services may include fulfilling orders, providing customer service and marketing assistance, performing business and sales analysis, supporting the Website’s functionality and supporting contests, sweepstakes, surveys and other features offered through the Website. We may also share your name, contact information and credit card information with our authorized service providers who process credit card payments. These service providers may have access to personal information needed to perform their functions but are not permitted to share or use such information for any other purpose.

•  Business Transfers; Bankruptcy. Company reserves the right to transfer all Personally-Identifying Information in its possession to a successor organization in the event of a merger, acquisition, bankruptcy or other sale of all or a portion of Company’s assets. Other than to the extent ordered by a bankruptcy or other court, the use and disclosure of all transferred Personally-Identifying Information will be subject to this Privacy Policy, or to a new privacy policy if you are given notice of that new privacy policy and are given an opportunity to affirmatively opt-out of it. Personally-Identifying Information submitted or collected after a transfer, however, may be subject to a new privacy policy adopted by the successor organization.

Changing Personally-Identifying Information; Account Termination

You may at any time review or change your Personally-Identifying Information by going to your account settings (if applicable) or contacting us using the contact information below.  Upon your request, we will deactivate or delete your account and contact information from our active databases. Such information will be deactivated or deleted as soon as practicable based on your account activity and accordance with our deactivation policy and applicable law. To make this request, either go to your account settings (if applicable) or contact us as provided below. We will retain in our files some Personally-Identifying Information to prevent fraud, to troubleshoot problems, to assist with any investigations, to enforce our Terms of Use and to comply with legal requirements as is permitted by law. Therefore, you should not expect that all your Personally-Identifying Information will be completely removed from our databases in response to your requests. Additionally, we keep a history of changed information to investigate suspected fraud with your account.

General Use

Company uses the Personally-Identifying Information in the file we maintain about you, and other information we obtain from your current and past activities on the Website (1) to deliver the products and services that you have requested; (2) to manage your account and provide you with customer support; (3) to communicate with you by email, postal mail, telephone and/or mobile devices about products or services that may be of interest to you either from us, our affiliate companies or other third parties; (4) to develop and display content and advertising tailored to your interests on the Website and other sites; (5) to resolve disputes and troubleshoot problems; (6) to measure consumer interest in our services; (7) to inform you of updates; (8) to customize your experience; (9) to detect and protect us against error, fraud and other criminal activity; (10) to enforce our Terms of Use; and (11) to do as otherwise described to you at the time of collection. At times, we may look across multiple users to identify problems. In particular, we may examine your Personally-Identifying Information to identify users using multiple user IDs or aliases. We may compare and review your Personally-Identifying Information for accuracy and to detect errors and omissions. We may use financial information or payment method to process payment for any purchases made on the Website, enroll you in the discount, rebate, and other programs in which you elect to participate, to protect against or identify possible fraudulent transactions and otherwise as needed to manage our business.

COLLECTION AND USE OF INFORMATION BY THIRD PARTIES GENERALLY

Company contractually prohibits its contractors, affiliates, vendors and suppliers from disclosing Personally-Identifying Information received from Company, other than in accordance with this Privacy Policy. However, third parties are under no obligation to comply with this Privacy Policy with respect to Personally-Identifying Information that users provide directly to those third parties, or that those third parties collect for themselves. These third parties include advertisers, providers of games, utilities, widgets and a variety of other third-party applications accessible through the Website. Company neither owns nor controls the third-party websites and applications accessible through the Website. Thus, this Privacy Policy does not apply to information provided to or gathered by the third parties that operate them. Before visiting a third party, or using a third-party application, whether by means of a link on the Website, directly through the Website or otherwise, and before providing any Personally-Identifying Information to any such third party, users should inform themselves of the privacy policies and practices (if any) of the third party responsible for that website or application, and should take those steps necessary to, in those users’ discretion, protect their privacy.

SECURITY

We take the security of your Personally-Identifying Information seriously and use reasonable electronic, personnel and physical measures to protect it from loss, theft, alteration or misuse.  However, please be advised that even the best security measures cannot fully eliminate all risks. We cannot guarantee that only authorized persons will view your information. We are not responsible for third-party circumvention of any privacy settings or security measures.

We are dedicated to protect all information on the Website as is necessary. However, you are responsible for maintaining the confidentiality of your Personally-Identifying Information by keeping your password confidential. You should change your password immediately if you believe someone has gained unauthorized access to it or your account. If you lose control of your account, you should notify us immediately.

PRIVACY POLICY CHANGES

Company may, in its sole discretion, change this Privacy Policy from time to time. Any and all changes to Company’s Privacy Policy will be reflected on this page and the date new versions are posted will be stated at the top of this Privacy Policy. Unless stated otherwise, our current Privacy Policy applies to all information that we have about you and your account. Users should regularly check this page for any changes to this Privacy Policy. Company will always post new versions of the Privacy Policy on the Website. However, Company may, as determined in its discretion, decide to notify users of changes made to this Privacy Policy via email or otherwise. Accordingly, it is important that users always maintain and update their contact information.

DO-NOT-TRACK POLICY

Most web browsers and some mobile operating systems include a Do-Not-Track (“DNT”) feature or setting you can activate to signal your privacy preference not to have data about your online browsing activities monitored and collected. Because there is not yet a common understanding of how to interpret the DNT signal, the Website currently does not respond to DNT browser signals or mechanisms.