Legal

Privacy Policy

Last updated: April 27, 2026

This Privacy Policy describes how Source Health Insurance ("Source Health Insurance," "we," "us," or "our") collects, uses, and discloses information about you when you use our website, mobile application, and related services (collectively, the "Services"). Please read this policy carefully.

1. Information We Collect

1.1 Information You Provide

We collect information you provide directly to us, including when you create an account, apply for insurance coverage, contact us for support, or otherwise interact with our Services. This may include:

  • Name, date of birth, and government-issued identification numbers
  • Contact information (email address, phone number, mailing address)
  • Health information necessary for insurance enrollment and administration
  • Financial information, including bank account or payment card details
  • Employment information for ICHRA enrollment purposes
  • Communications you send us

1.2 Information Collected Automatically

When you use our Services, we automatically collect certain information about your device and usage, including:

  • Log data (IP address, browser type, pages visited, time spent)
  • Device information (hardware model, operating system, unique device identifiers)
  • Cookie and similar tracking technology data (see Section 6)
  • Location information derived from your IP address

1.3 Information From Third Parties

We may receive information about you from third parties, including healthcare providers, pharmacies, other insurers (for coordination of benefits), government agencies (for eligibility verification), and our business partners.

2. HIPAA and Health Information

To the extent Source Health Insurance is a covered entity or business associate under the Health Insurance Portability and Accountability Act (HIPAA), we will handle your Protected Health Information (PHI) in accordance with applicable HIPAA regulations and our Notice of Privacy Practices.

Our Notice of Privacy Practices, which describes your rights regarding your health information and our obligations to protect it, is available upon request and will be provided to enrolled members at the time of enrollment. You may request a copy by contacting us at privacy@sourcehealthinsurance.com.

Your PHI may be used and disclosed for treatment, payment, and healthcare operations without your authorization, as permitted under HIPAA. Other uses and disclosures require your written authorization, which you may revoke at any time.

3. How We Use Your Information

We use the information we collect to:

  • Provide, administer, and improve our insurance products and Services
  • Process applications, enrollments, and premium payments
  • Administer claims, benefits, and your Investment Premium Reserve account
  • Communicate with you about your coverage, account, and our Services
  • Comply with legal and regulatory obligations, including state insurance requirements
  • Detect, investigate, and prevent fraud and abuse
  • Analyze usage and improve our website and Services
  • Send you marketing communications (with your consent where required)

4. How We Share Your Information

4.1 Service Providers

We share information with vendors and service providers who perform functions on our behalf, including claims administration, payment processing, IT services, customer support, and analytics. These parties are contractually prohibited from using your information for any purpose other than providing services to us.

4.2 Healthcare Partners

We may share information with healthcare providers, pharmacies, and laboratories in connection with your care, and with reinsurance carriers for catastrophic risk coverage.

4.3 Legal and Regulatory

We disclose information as required by law, including to state insurance regulators, law enforcement, and in response to valid legal process.

4.4 Business Transfers

In the event of a merger, acquisition, or sale of assets, your information may be transferred as a business asset. We will notify you of any such transfer and any choices you may have.

4.5 With Your Consent

We share information in other circumstances with your explicit consent.

We do not sell your personal information or health information to third parties for their marketing purposes.

5. Your Rights

Depending on your state of residence, you may have the following rights regarding your personal information:

  • Access: Request a copy of the personal information we hold about you
  • Correction: Request correction of inaccurate personal information
  • Deletion: Request deletion of your personal information (subject to legal and regulatory retention requirements)
  • Restriction: Request that we restrict processing of your information
  • Portability: Receive your information in a structured, machine-readable format
  • Opt-out of marketing: Unsubscribe from marketing communications at any time

To exercise these rights, contact us at privacy@sourcehealthinsurance.com or by mail at the address in Section 9. We will respond within 30 days. We may require verification of your identity before processing requests.

6. Cookies and Tracking Technologies

We use cookies, web beacons, and similar technologies to operate our Services, analyze usage, and deliver relevant content. Types of cookies we use:

  • Strictly necessary: Required for the Services to function. Cannot be disabled.
  • Functional: Remember your preferences and settings.
  • Analytics: Help us understand how visitors use our site (e.g., Google Analytics).
  • Marketing: Used to deliver relevant advertisements. Only with your consent.

You can manage cookie preferences through your browser settings or our cookie consent tool. Note that disabling certain cookies may affect Service functionality.

7. Data Security

We implement administrative, technical, and physical safeguards designed to protect your information against unauthorized access, disclosure, alteration, and destruction. These include encryption of data in transit and at rest, access controls, and regular security assessments.

No security system is impenetrable. In the event of a security breach affecting your information, we will notify you as required by applicable law.

8. Data Retention

We retain personal information for as long as necessary to provide our Services, comply with legal and regulatory obligations (including state insurance record-keeping requirements, which typically range from 5–10 years), resolve disputes, and enforce our agreements. Health information may be subject to longer retention requirements under HIPAA and state law.

9. Contact Us

For privacy-related questions, requests, or concerns:

Privacy Office — Source Health Insurance

Source Health Insurance, a brand of Open Enrollment, Inc.

Address available upon request

Email: privacy@sourcehealthinsurance.com

Phone: Contact us at support@sourcehealthinsurance.com

If you are a California resident, you may also contact the California Privacy Protection Agency. If you believe we have violated your HIPAA rights, you may file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights.

10. Changes to This Policy

We may update this Privacy Policy from time to time. We will notify you of material changes by posting the updated policy on our website with a new effective date and, where required by law, by direct notification. Your continued use of our Services after any changes constitutes acceptance of the updated policy.