Privacy Policy

At HealthSmart, the privacy of our customers is of utmost importance to us. HealthSmart strives to maintain high standards for the protection of your privacy and it is a top priority to keep the protected health information you share with us secure. Below you will find how HealthSmart might use and disclose information about you and how you can get access to this information. Please read this statement carefully and thoroughly. 
For our customers located in the EU, please click here to learn how we comply with the General Data Protection Regulation (GDPR). 

Protected Health Information

The Health Insurance Portability and Accountability Act (HIPAA) has established standards to ensure the privacy of your protected health information. Protected Health Information is information about your past, present, or future health or medical condition. HealthSmart maintains full compliance with HIPAA’s privacy and security regulations, and has implemented various administrative, physical and technical safeguards to comply with its provisions.

Measures to Safeguard Your Protected Health Information

HealthSmart will never share non-public protected health information with non-affiliated third parties. We restrict access to only those HealthSmart affiliates, subsidiaries, employees and contractors who need to know this information in order to provide you with HealthSmart’s products and services, and who are under an obligation to keep such information confidential. We also maintain physical, electronic, and procedural safeguards that comply with federal and state regulations to protect your information. In addition, HealthSmart internally utilizes non-identifying personal information for the proper management, administration and development of our products and services. Unless you specifically consent to a disclosure, your protected health information will not be sold, shared, licensed, or rented to third parties.
In the context of an onward transfer, HealthSmart has responsibility for the processing of personal information it receives under the Privacy Shield and subsequently transfers to a third party acting as an agent on its behalf. HealthSmart shall remain liable under the Principles if its agent processes such personal information in a manner inconsistent with the Principles, unless the HealthSmart proves that it is not responsible for the event giving rise to the damage.

Customary Purposes for Disclosing Your Protected Health Information

While it is HealthSmart's policy never to share non-public protected health information with non-affiliated third parties, HealthSmart may use your protected health information for a number of reasons as detailed below.
•    Treatment: We may disclose your protected health information to doctors, nurses, and other licensed healthcare personnel who are involved in providing your healthcare services.
•    Payment: We may use or disclose your information to assist in obtaining payment for healthcare services rendered to you.
•    For Healthcare Operations: We may disclose your information in the course of administering our various healthcare services. 
•    Care Reminders: We may use your contact information to remind or notify you of the benefits of a health service.
•    Legal Requirements: If necessary, we may be legally required to disclose your protected health information to comply with applicable laws, regulations, search warrants, subpoenas, discovery requests, or court orders.
•    Other Uses and Disclosures: We may use medical information for other disclosures; however, this will only be done with your prior written authorization. 
In addition, in some cases, HealthSmart contracts with various entities (“Contracting Entities”) to assist with the provision of medical services and products to members. HealthSmart and its affiliates may, from time to time, negotiate and enter into contracts on their own behalf with Contracting Entities, and you agree we may use or disclose your information to Contracting entities. Agreements with Contracting Entities may provide for administrative fees, penalties, credits, rebates, guarantees, or other kinds of payments or fees (collectively, “CE Payments”) to be paid to HealthSmart.  HealthSmart will retain such CE Payments which may be used for various HealthSmart business considerations, including offering competitive medical service prices to our customers.  You understand and agree that CE Payments received by us may be based on the utilization of data of certain services or products by certain persons, some of whom may be HealthSmart members.

Your Rights Regarding Your Protected Health Information

You have the following rights regarding your protected health information:
•    Right to Inspect and Copy: Upon written request, you have the right to inspect your health information.
•    Right to Amend: If you feel there is a mistake or oversight in any of our records, you may request in writing that we amend your information.
•    Right to Previously Disclosed Information: You may request a list of when, to whom, and for what purpose your information has been released over a six year period.
•    Right to Receive Notice: You have the right to receive a paper copy of this privacy notice and/or an electronic copy by email upon your request.
•    Right to Revoke Notice: You have the right to revoke prior authorizations to disclose your information upon written notice to HealthSmart.
•    Right to Request Restrictions on Certain Uses & Disclosures: You may request that we restrict the disclosure of certain confidential information, subject to various limitations.
•    Right to Receive Protected Health Information by Alternative Means or in Alternative Locations: You have the right to request that your protected health information be provided by alternative means or at alternative locations.

This privacy notice may be revised from time to time. Any new notice will be effective immediately for any and all confidential information we maintain. Upon revision, this notice will be available upon request and displayed prominently on our website and in our office locations. For more information on your rights regarding protected health information, please contact HealthSmart at 214.574.3546.


If you believe your privacy rights have been violated, you may file a complaint with HealthSmart or with the Secretary of the Department of Health and Human Services. To file a complaint with HealthSmart, please contact Brian DuPerre, Deputy General Counsel of UnitedHealthcare, 185 Asylum St., Hartford CT 06103 or All complaints must be submitted in writing.

EU-U.S. Privacy Shield Notice

HealthSmart complies with the EU-U.S. Privacy Shield Framework as set forth by the U.S. Department of Commerce regarding the collection, use, and retention of personal information transferred from the European Union to the United States. HealthSmart has certified to the Department of Commerce that it adheres to the Privacy Shield Principles.  If there is any conflict between the terms in this privacy policy and the Privacy Shield Principles, the Privacy Shield Principles shall govern. To learn more about the Privacy Shield program, and to view our certification, please visit

In compliance with the Privacy Shield Principles, HealthSmart commits to resolve complaints about our collection or use of your personal information. Individuals in the European Union with inquiries or complaints regarding our Private Shield policy should first contact HealthSmart at: 

Privacy Officer: Brian DuPerre, Deputy General Counsel of UnitedHealthcare
Contact Address: 
Attn: Privacy Officer
Hartford CT 06103

HealthSmart has further committed to refer unresolved Privacy Shield complaints to the American Arbitration Association an alternative dispute resolution provider located in the United States. If you do not receive timely acknowledgment of your complaint from us, or if we have not addressed your complaint to your satisfaction, please contact or visit for more information or to file a complaint.  The services of the American Arbitration Association are provided at no cost to you. HealthSmart commits to cooperate with EU data protection authorities (DPAs) and comply with the advice given by such authorities with regard to data transferred from the EU in the context of the employment relationship. Under certain circumstances, binding arbitration may be invoked in pursuit of satisfaction of claims brought under this agreement.  HealthSmart subjects itself to the investigatory and enforcement powers of the Federal Trade Commission (FTC).

Updated August 2, 2023