30 Mechanic Street
Suite 5Foxborough, MA 02035

Insurance professionals that have your back

Call Us 508-543-1067
Request a Quote

Call Us Today!

508-543-1067

Business

We are happy to assist you in selecting the best coverage.

Get a Quote

Personal Lines

We get you the right coverage for the right price.

Get a Quote

Life & Disability

We offer free quotes and dedicated personal service.

Get a Quote

HIPAA / Health Information Privacy

Last Updated: November 7, 2025

HIPAA & Health Information Privacy Policy

Last Updated: November 7, 2025

This policy describes how JED Insurance & Financial Service Agency, Inc. (“JED Insurance,” “we,” or “our”) protects your health and disability-related personal information (“Protected Health Information” or “PHI”) in compliance with federal and state privacy laws, including the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and applicable state-specific regulations.

Our Commitment to Privacy

We are committed to safeguarding your PHI and maintaining the confidentiality, integrity, and security of all personal information we handle in the course of providing insurance, financial, and benefits-related services.

This policy applies to all PHI we receive, create, maintain, or transmit in any form (paper, electronic, or verbal).

What Constitutes Protected Health Information (PHI)

PHI includes any individually identifiable health information such as:

  • Medical history, treatment, or diagnosis
  • Disability-related information or medical underwriting
  • Claims information submitted for health, disability, or life
  • Any other health-related data that can be linked to an identifiable

How We Collect PHI

We may collect PHI from:

  • Insurance applications or claim
  • Communications with healthcare providers or plan
  • Your employer (for group benefits) when
  • Other insurers or third-party administrators during coordination of

 

How We Use and Disclose PHI

We may use or disclose PHI for the following purposes, as permitted under federal and state law:

a.  For Insurance Operations

  • Processing applications, underwriting, and risk
  • Claims management, policy servicing, and
  • Quality assurance, auditing, and fraud

b.  For Legal and Regulatory Compliance

  • To comply with requests from insurance regulators, auditors, or law enforcement
  • To respond to subpoenas, court orders, or other lawful

c.  For Authorized Business Associates

We may share PHI with vendors or contractors (called Business Associates) who perform functions on our behalf (e.g., data hosting, policy administration). Each Business Associate is required by law and contract to safeguard PHI and comply with HIPAA.

d.  With Your Authorization

We will not use or disclose your PHI for purposes other than those listed above without your express written authorization. You may revoke this authorization at any time, except to the extent already acted upon.

Your Rights Regarding PHI

Under HIPAA and applicable state laws, you have the right to:

  • Access and obtain copies of your
  • Request corrections to incomplete or inaccurate
  • Request restrictions on certain uses or disclosures of
  • Receive an accounting of disclosures we have
  • Request confidential communications (e.g., using a specific address).
  • File a complaint if you believe your privacy rights have been

Requests may be submitted in writing to:

Privacy Officer

JED Insurance & Financial Service Agency, Inc. 30 Mechanic Street, Suite 5

Foxborough, MA 02035

Phone: 508-543-1067

Safeguards and Security Measures

We use physical, electronic, and procedural safeguards to protect your PHI.

In the event of a data breach involving PHI, JED Insurance will notify affected individuals as required under HITECH Act breach notification rules.

State-Specific Compliance

Massachusetts

We comply with 201 CMR 17.00, which requires businesses to protect personal information of MA residents through written information security programs (WISPs).

All PHI is encrypted in transit and at rest, and access is limited to authorized personnel only.

California (CCPA / CPRA)

While HIPAA-covered entities are generally exempt from CCPA, California residents still retain certain rights:

  • Right to know what health-related data is collected and
  • Right to deletion (if not subject to HIPAA retention obligations).
  • Right to non-discrimination when exercising privacy

Colorado (CPA)

We comply with the Colorado Privacy Act, granting residents the right to opt out of the processing of sensitive personal data (including health-related data) unless explicitly required for insurance administration or claims.

Connecticut (CTDPA)

Connecticut residents may request to access, correct, or delete health-related personal data and may opt out of targeted data processing.

We do not process PHI for marketing or profiling purposes.

Virginia (VCDPA)

We process PHI only as necessary for legitimate insurance-related activities and do not disclose it for targeted advertising or profiling.

Utah (UCPA)

Utah residents’ health data is treated as sensitive personal data and is never sold or shared beyond legal necessity or explicit consent.

Minnesota

We comply with the Minnesota Health Records Act, which provides stronger protections for patient consent and prohibits the release of health records without written authorization unless required by law.

New York

Under NY GBL §399-dd, we employ reasonable safeguards to protect residents’ private information and promptly notify consumers of any unauthorized access.

Other States (DE, TN, OR, WA, VT, etc.)

We will continue to monitor and comply with emerging state privacy statutes to ensure PHI and sensitive health data are protected in accordance with the highest standards.

Retention and Disposal of PHI

We retain PHI only as long as necessary to fulfill legal, contractual, or business requirements, typically in accordance with applicable record retention laws.

When disposal is required, PHI is securely destroyed or anonymized.

Complaints

If you believe your privacy rights have been violated, you may file a complaint with:

Privacy Officer

JED Insurance & Financial Service Agency, Inc. 30 Mechanic Street, Suite 5

Foxborough, MA 02035

Phone: 508-543-1067

Or directly with the:

U.S. Department of Health and Human Services (HHS)

Office for Civil Rights

200 Independence Avenue, S.W. Washington, D.C. 20201

Website: https://www.hhs.gov/ocr/privacy/hipaa/complaints/

We will not retaliate against anyone who files a privacy complaint.

Updates to This Policy

We may revise this policy from time to time to reflect legal updates or changes in our business practices. Any revisions will be posted on this page with an updated “Last Updated” date.

Contact Information

JED Insurance & Financial Service Agency, Inc.

30 Mechanic Street, Suite 5

Foxborough, MA 02035

Phone: 508-543-1067

How can we help you?

Our expert advisors are ready to assess your needs.

Call Us 508-543-1067

This website uses cookies to provide you with a great user experience. By using it, you accept our use of cookies.