Notice of Confidentiality and Privacy Practices & Privacy Policy

Purpose of This Notice

The Gramm-Leach-Bliley Act (GLBA) and the laws of the State of California generally prohibit Sitzmann Morris & Lavis Insurance Agency (SML) from sharing nonpublic, personal information about you with a third party unless we provide this Notice of Confidentiality & Privacy Practices.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Administration Simplification, created a set of rules for standardizing electronic health care transactions, protecting privacy and security of health information and establishing unique health identifiers for various parties within the health care industry.

The administrative simplification provisions of HIPAA require that Business Associate Entities (Sitzmann Morris & Lavis Insurance Agency) comply with detailed standards relating to Protected Health Information (PHI).

PHI is broadly defined as information that can be linked to a specific individual and is about the individual’s health status, or related to the provision of health care for that member. This includes, but is not limited to the enrollee’s name, address, telephone and/or fax number, social security number or other identification number, enrollment information, claims information, treatment records, etc. All this data becomes protected information when it exists in electronic, paper or verbal form.

It is SML’s policy to comply fully with all HIPAA privacy, security and electronic data interchange transaction standards and in doing so has created the following Privacy Policy.

SML Confidentiality & Privacy Practices & Privacy Policy

1. Information we collect

We collect nonpublic, personal information about you from the following sources:

  • Information we receive from you on applications and other forms.
  • Information about your transactions with SML, our affiliates or others.
  • Information we receive from medical records or medical professionals.
  • Information a carrier may need to provide an accurate insurance quote.

2. Information we may disclose to third parties:

In the course of our general business practices, we may disclose the information that we collect (as described above) about you or others without your permission to the following types of institutions for the reasons described:

  • To a third party or other service providers such as insurance carriers, investment service providers including our broker/dealer, M Holdings Securities, Inc. or other vendors to service or process your transactions with us or to assist us in delivering services on your behalf. To a medical care institution or medical professional in order to verify coverage or benefits, inform you of a medical problem of which you may not be aware or conduct an audit that would enable us to verify treatment.
  • To an insurance institution or agent, as permitted by law, in order to detect or prevent criminal activity, fraud or misrepresentation in connection with an insurance transaction involving you.
  • To an insurance regulatory authority, law enforcement, or other governmental authority, as permitted by law, in order to protect our interests in preventing or prosecuting fraud, or if we believe that you have conducted illegal activities.
  • To a group policyholder for the purpose of reporting claims experience.

SML does not sell personal information about our clients, former clients or their accounts for any purpose. We will not disclose personally identifiable medical information for purposes other than performing insurance functions, administration of a policy, claim or account, or as requested by you or required or permitted by law. If, at any time in the future, it is necessary to disclose any of your personal information in a way that is inconsistent with this policy, we will give you advance notice of the proposed change so that you will have the opportunity to opt out of such disclosure.

3. Technical and Physical Safeguards and Firewall (Protection and Security of PHI)

Access to client information is strictly limited to SML employees, other persons hired by SML or consultants who need to know the information to provide products and services to you and to otherwise service your account(s) with us. These individuals are required to respect the confidentiality of all client information. We maintain physical, electronic and procedural safeguards that comply with applicable federal regulations to guard your nonpublic personal information.

Our electronic infrastructure is protected by an ICSA Certified Firewall to which our remote locations are connected. The remote locations use an authenticated and encrypted VPN tunnel through which all work data is passed. Any attack attempts send alarms to the network administrator. Web based summaries are monitored to make sure that there is no unauthorized activity. We have ongoing maintenance of operating systems patches and fixes.

For data security within the building we have a locked server room in which all the network equipment is located. Every computer requires logon authentication to be able access any of the servers. Employees are instructed to log off their computer each time they leave their workstation and change their computer pass codes every three months. Each employee is part of a different security group which has restricted access to specific folders on the file server. Within these folders users have the ability to password protect andor encrypt their files and must do so when in contact with PHI.

SML standard hours of operation are Monday through Friday, 8:00 A.M. to 5:00 P.M. Pacific Standard Time. All doors are to remain locked during non-business hours. Only the main door is opened during business hours and is closely monitored at all times by an SML employee or HIPAA trained receptionist. Visitors to our facilities must be accompanied at all times by an SML employee. Employees are instructed to lock PHI sensitive materials in secure paper files and immediately shred PHI sensitive materials that are no longer relevant to a working task.

4. Your right to access and amend your personal information

You have the right to request access to the personal information we record about you. You have the right to know the source of the information and the identity of the person, institutions or types of institutions to whom we have disclosed such information. You may view such information and copy it in person, or request that a copy of it be sent to you by mail. You may request corrections, amendments or deletions of any information in our possession.

To obtain access to your information: You should submit a request in writing to:

Privacy Policy Department

Sitzmann Morris & Lavis Insurance Agency

3697 Mt. Diablo Blvd., Suite 100

Lafayette, CA 94549

To correct, amend, or delete any of your information: You should submit a request in writing to:

Privacy Policy Department

Sitzmann Morris & Lavis Insurance Agency

3697 Mt. Diablo Blvd., Suite 100

Lafayette, CA 94549

5. SML policy regarding dispute resolution

Any controversy or claim arising out of or relating to our privacy policy, or the breach thereof, shall be settled by arbitration in accordance with the rules of the American Arbitration Association, and judgment upon the award rendered by the arbitrator(s) may be entered in any court having jurisdiction thereof.

6. Changes to the SML Privacy Policy:

If we decide to change our privacy policy, we will post those changes to this privacy statement so that you are aware of what information we collect, how we use it, and under what circumstances, if any, we disclose it. We reserve the right to modify this privacy statement at any time, so please review it frequently. If we make material changes to this policy, we will notify you here or by email.



You are leaving the SML web site and you will be viewing material from other web sites that may not be regulated by the Financial Industry Regulatory Authority and the U.S. Securities and Exchange Commission.

Information in this section is not to be considered a recommendation or an offer to purchase securities.