FANNFANN Notice of Privacy Practices

WHO WE ARE

FANNFANN is a healthcare enrollment assistance platform serving Michigan residents. We help you navigate Medicare and Medicaid applications and connect you with appropriate health insurance coverage.

YOUR PROTECTED HEALTH INFORMATION (PHI)

Protected Health Information (PHI) is information about you, including demographic information, that may identify you and relates to:

• Your past, present, or future physical or mental health or condition
• The provision of health care services to you
• Past, present, or future payment for health care services

Examples of PHI we may collect:

• Name, address, phone number, email address
• Date of birth and Social Security number
• Employment and income information
• Health insurance information
• Medical conditions and diagnoses
• Information about dependents
• Medicaid/Medicare eligibility information

HOW WE MAY USE AND DISCLOSE YOUR PHI

1. FOR PAYMENT AND HEALTH CARE OPERATIONS

We may use and disclose your PHI without your written authorization for the following purposes:

Enrollment Assistance: To help you apply for and maintain state-funded or federally-funded healthcare coverage (Medicare and Medicaid). This includes communicating with government agencies, completing applications on your behalf, and helping you maintain ongoing eligibility for these programs.

Payment and Eligibility: To determine your eligibility for Medicare, Medicaid, and related programs; to verify insurance coverage; and to coordinate enrollment in appropriate coverage programs.

Health Care Operations: To improve our enrollment assistance services, train staff, conduct quality assurance activities, and operate our business efficiently.

Note: FANNFANN provides enrollment assistance and coverage navigation services. We do not provide medical treatment, diagnosis, or direct healthcare services.

2. REQUIRED BY LAW

We will disclose your PHI when required to do so by federal, state, or local law, including:

• Reporting to the Michigan Department of Health and Human Services (MDHHS)
• Responding to lawful requests from government agencies
• Complying with Medicare and Medicaid regulations

3. PUBLIC HEALTH ACTIVITIES

We may disclose your PHI to public health authorities for activities such as preventing or controlling disease, injury, or disability.

4. TO BUSINESS ASSOCIATES

We may disclose your PHI to third-party service providers ("Business Associates") who perform services on our behalf, such as:

• Cloud storage providers (AWS or Google Cloud Platform)
• Database management services
• Email and communication platforms
• Customer relationship management (CRM) systems

All Business Associates are required to sign agreements protecting your PHI and must comply with HIPAA regulations.

5. WITH YOUR WRITTEN AUTHORIZATION

For any use or disclosure not described above, we will obtain your written authorization. You may revoke your authorization at any time in writing, except to the extent that we have already taken action based on your authorization.

Uses requiring authorization include:

• Marketing purposes (we do not sell your information)
• Disclosures for purposes not related to enrollment assistance
• Sharing information with family members or friends (unless you give verbal permission in an emergency)

YOUR RIGHTS REGARDING YOUR PHI

You have the following rights regarding your Protected Health Information:

1. RIGHT TO INSPECT AND COPY

You have the right to inspect and obtain a copy of your PHI that we maintain. To request access:

• Submit a written request to our Privacy Officer
• We will respond within 30 days
• We may charge a reasonable fee for copying and mailing costs

We may deny your request in certain limited circumstances as permitted by law.

2. RIGHT TO AMEND

If you believe your PHI is incorrect or incomplete, you may request that we amend it. To request an amendment:

• Submit a written request explaining what should be changed and why
• We will respond within 60 days
• We may deny your request if the information is accurate and complete

3. RIGHT TO AN ACCOUNTING OF DISCLOSURES

You have the right to receive a list of certain disclosures we have made of your PHI. This does not include disclosures for treatment, payment, and health care operations, or disclosures made with your authorization.

To request an accounting:

• Submit a written request specifying the time period (not to exceed 6 years)
• The first accounting in a 12-month period is free
• We will respond within 60 days

4. RIGHT TO REQUEST RESTRICTIONS

You have the right to request restrictions on how we use or disclose your PHI. To request a restriction:

• Submit a written request specifying what information you want to limit and how
• We are not required to agree to your request, except in limited circumstances
• If we agree, we will comply with your request unless the information is needed for emergency treatment

5. RIGHT TO REQUEST CONFIDENTIAL COMMUNICATIONS

You have the right to request that we communicate with you about your PHI in a certain way or at a certain location. For example:

• Request we contact you only at work
• Request we send mail to a P.O. Box instead of your home address

We will accommodate reasonable requests. Submit your request in writing and specify how or where you wish to be contacted.

6. RIGHT TO A PAPER COPY OF THIS NOTICE

You have the right to receive a paper copy of this Notice at any time, even if you previously agreed to receive it electronically. You may request a copy by:

• Visiting www.fannfann.com/privacy.html
• Contacting our Privacy Officer
• Asking during any interaction with our staff

7. RIGHT TO BE NOTIFIED OF A BREACH

You have the right to be notified if your unsecured PHI is breached. We will notify you without unreasonable delay and no later than 60 days after discovering a breach.

OUR RESPONSIBILITIES

We are required by law to:

• Maintain the privacy and security of your PHI
• Provide you with this Notice of our legal duties and privacy practices
• Follow the terms of the Notice currently in effect
• Notify you if we are unable to agree to a requested restriction
• Accommodate reasonable requests for confidential communications
• Notify you following a breach of your unsecured PHI

CHANGES TO THIS NOTICE

We reserve the right to change this Notice at any time. Any changes will apply to PHI we already have as well as PHI we receive in the future.

When we make a material change:

• We will post the updated Notice on our website (www.fannfann.com/privacy.html)
• The new Notice will include the effective date on the first page
• You may request a copy of the current Notice at any time

COMPLAINTS

If you believe your privacy rights have been violated, you may file a complaint with:

You will not be penalized or retaliated against for filing a complaint.

ACKNOWLEDGMENT OF RECEIPT

By using FANNFANN's services, you acknowledge that you have received and reviewed this Notice of Privacy Practices. You may be asked to sign an acknowledgment form confirming receipt.

If you have questions about this Notice or our privacy practices, please contact our Privacy Officer.