You can count on us to keep your data secure
We take the protection of your employees’ personal information very seriously. That’s why we’ve implemented state-of-the-art electronic security systems and certifications that exceed industry standards.
Ameriflex maintains a comprehensive HIPAA Privacy/Security Policy and an FTC Red Flags policy. Ameriflex uses an internal HIPAA committee led by a corporate HIPAA Privacy/Security officer. Additionally, every department that comes in contact with protected health information (PHI) maintains department-level procedures that are updated on a regular basis. All employees are trained and evaluated in part based upon compliance with HIPAA and Ameriflex security policies. All infrastructure, facilities and computer systems are governed by our HIPAA security procedures.
We take this commitment to HIPAA compliance a step further by contracting with an outside firm to perform a HIPAA audit every two years. The auditors provide an accurate and thorough assessment of any potential risks and vulnerabilities by examining our business processes, systems infrastructure, and access control. The auditors also perform vulnerability scans on external-facing and select internal infrastructure devices and servers in order to determine high-risk vulnerabilities, as well as operational details such as patch levels, configuration errors, and filtering rules. While the law does not require this audit, we have made it standard protocol so as to ensure that we are truly maintaining the highest data integrity levels possible.
Hosting Site Security
We maintain multiple hosting sites, both on-location with redundant backups between our Texas and New Jersey operations centers (with automatic failover), and off-location at geographically diverse data centers that exceed Department of Defense (DoD) standards for a Sensitive Compartmented Information Facility (SCIF). The security and reliability features of our data centers and network provider are too numerous to list; however, we boast 99.99%+ uptime. Ameriflex and all its subcontractors are SAS 70 or SSAE 16 (SOC1) Type II reviewed. All data transmitted to our self-service systems is done using PGP with customizable password and CAPTCHA requirements on a client-by-client basis.
Ameriflex employees undergo PHI and HIPAA training during their onboarding process. They are also instructed on a comprehensive visitor security policy at each facility location, as well as clean desk and computer workstation security policies.
Ameriflex has redundant operating centers in Texas and New Jersey, along with automatic database replication and system failover in the event that one site temporarily goes down. Critical systems and databases are not only replicated multiple times per day between the two operating centers, but they are also backed up and hosted in off-site datacenters. We run continuous database backups and store encrypted copies off-site per our SSAE 16 control list. We have a disaster recovery plan that takes advantage of our infrastructure and allows us to service clients from either of our operating centers; in addition, with the redundancies built into our systems and datacenters, clients can continue to self-service in the event of an outage at an office location.
Your privacy is very important to us. Accordingly, we have developed this Policy in order for you to understand how we collect, use, communicate and disclose and make use of personal information.
We are committed to conducting our business in accordance with these principles in order to ensure that the confidentiality of personal information is protected and maintained.
The information sharing practices described above are in accordance with federal law. California and Vermont, and various other state law places additional restrictions on sharing information about their residents, and our policies comply with such restrictions.
Some states, including California, permit you to request certain information regarding disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an e-mail to email@example.com.
Cal. Bus. And Prof. Code Section 22575 also require us to notify you how we deal with the “Do Not Track” settings in your browser.
Yes, if you are a resident of California, you are granted specific rights regarding access to your personal information.
California Civil Code Section 179883, also known as the “Shine The Light” law, permits our users who are California residents to request and obtain from us, once a year and free of charge, information about categories of personal information (if any) we disclosed to third parties for direct marketing purposes and the names and addresses of all third parties with which we shared personal information in the immediately preceding calendar year If you are a California resident and would like to make such a request, please submit your request in writing to us using the contact information provided below.
On January 1, 2020, the California Consumer Privacy Act of 2018 (CCPA) took effect and sets new requirements and rights relating to personal information of California consumers. This section for California residents applies solely to visitors, users, and others who reside in the State of California (“consumers” or “you”). We adopt this notice to comply with the California Consumer Privacy Act of 2018 (“CCPA”) and other California privacy laws. Any terms defined in the CCPA have the same meaning when used in this notice.
Information We Collect
We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). In particular, we have collected the following categories of personal information from consumers within the last twelve (12) months:
|A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers.
|B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).
|A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.
|C. Protected classification characteristics under California or federal law.
|Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).
|D. Commercial information.
|Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.
|E. Biometric information.
|Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.
|F. Internet or other similar network activity.
|Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement.
|G. Geolocation data.
|Physical location or movements.
|H. Sensory data.
|Audio, electronic, visual, thermal, olfactory, or similar information.
|I. Professional or employment-related information.
|Current or past job history or performance evaluations.
|J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
|Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.
|K. Inferences drawn from other personal information.
|Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
|L. Sensitive Personal Information
We will use and retain the collected personal information as needed to provide the Services or for:
Category A – As long as the user has an account with us
Category B – As long as the user has an account with us
Category G – As long as the user has an account with us
We may also collect other personal information outside of these categories through instances where you interact with us in person, online, or by phone or mail in the context of:
The Services are hosted and operated in the United States (“U.S.”) through and its service providers, and if you do not reside in the U.S., laws in the U.S. may differ from the laws where you reside. By using the Services, you acknowledge that any Personal Data about you, regardless of whether provided by you or obtained from a third party, is being provided in the U.S. and will be hosted on U.S. servers, and you authorize Ameriflex to transfer, store and process your information to and in the U.S., and possibly other countries.
Your Right to Correction. You have the right to request the correction of any inaccurate personal information that we maintain about you, taking into account the nature of the personal information and the purposes of the processing of the personal information. We will use commercially reasonable efforts to correct the inaccurate personal information as you may direct.
To help protect the privacy of data and personally identifiable information you transmit through use of this site and any other related services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees’ privacy responsibilities.
The CCPA information we collect comes directly from you when you inquire about our products and services via our website or by telephone or when you file a claim for reimbursement or view our website; from your employer (where applicable) where your employer is providing benefits; and from third parties that assist us in providing these benefits.
We may use or disclose the personal information listed above for the following purposes, as permitted by CCPA and other applicable law:
We do not sell your CCPA information.
In the future, where the CCPA applies to the product or service we offer, you may have the right to request access, data portability, and deletion rights.
We will not discriminate against you for exercising your CCPA rights.
You may be able to request this notice in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information below to request an alternative format.
Attn: General Counsel
2508 Highlander Way, Suite 200
Carrollton, TX 75006
By accessing this website, you are agreeing to be bound by these website Terms and Conditions of Use, all applicable laws and regulations, and agree that you are responsible for compliance with any applicable local laws. If you do not agree with any of these terms, you are prohibited from using or accessing this site. The materials contained in this website are protected by applicable copyright and trademark law.
2. User License
Permission is granted to temporarily download one copy of the materials (information or software) on Ameriflex’s website for personal, non-commercial transitory viewing only. This is the grant of a license, not a transfer of title, and under this license you may not:
The materials on Ameriflex’s website are provided “as is”. Ameriflex makes no warranties, expressed or implied, and hereby disclaims and negates all other warranties, including without limitation, implied warranties or conditions of merchantability, fitness for a particular purpose, or non-infringement of intellectual property or other violation of rights. Further, Ameriflex does not warrant or make any representations concerning the accuracy, likely results, or reliability of the use of the materials on its Internet website or otherwise relating to such materials or on any sites linked to this site.
In no event shall Ameriflex or its suppliers be liable for any damages (including, without limitation, damages for loss of data or profit, or due to business interruption) arising out of the use or inability to use the materials on Ameriflex’s Internet site, even if Ameriflex or a Ameriflex authorized representative has been notified orally or in writing of the possibility of such damage. Because some jurisdictions do not allow limitations on implied warranties, or limitations of liability for consequential or incidental damages, these limitations may not apply to you.
5. Revisions and Errata
The materials appearing on Ameriflex’s website could include technical, typographical, or photographic errors. Ameriflex does not warrant that any of the materials on its website are accurate, complete, or current. Ameriflex may make changes to the materials contained on its website at any time without notice. Ameriflex does not, however, make any commitment to update the materials.
Ameriflex has not reviewed all of the sites linked to its Internet website and is not responsible for the contents of any such linked site. The inclusion of any link does not imply endorsement by Ameriflex of the site. Use of any such linked website is at the user’s own risk.
8. Governing Law
Any claim relating to Ameriflex’s website shall be governed by the laws of the State of Texas without regard to its conflict of law provisions.
HEALTH SAVINGS ACCOUNT CUSTODIAL AGREEMENT AND FEE DISCLOSURE STATEMENT
The Account Owner named (“Account Owner,” and also referred to herein using pronouns such as “you” and “your”) is establishing this Health Savings Account (“HSA” or “Custodial Account” or the “Account”) exclusively for the purpose of paying or reimbursing Qualified Medical Expenses of the Account Owner, his or her spouse, and Dependents. The Account is being opened by Acressa Insurance, Inc. (“Custodian,” and also referred to herein using pronouns such as “we,” “us” and “our”). The Account Owner has assigned to this Custodial Account the funds described related to their Health Savings Account. For married persons, each spouse who is eligible to open an HSA and wants to contribute to an HSA must establish his or her own account. The identifying number for an HSA will be the Account Owner’s individual HSA account number.
As Custodian for the Account, we will cause the Account Owner’s funds to be placed into a deposit account (the “Deposit Account”) at a depository institution (the “Depository”) selected by us in our sole discretion. Depository is UMB Bank. You will receive periodic Account statements that will reflect your ownership of your HSA funds held in the Deposit Account. You should retain the Account statement(s) for your records.
While we are acting as Custodian for your Account, all contributions to your HSA (made by you, your employer, a family member or any other person) will be made to us, and we will cause the funds to be deposited to the Deposit Account. We will cause funds to be disbursed from the Deposit Account pursuant to this Health Savings Account Custodial Agreement (as defined below, the “Agreement”. You may not transfer the Deposit Account directly to another depository institution.
At your election, you may dismiss us as Custodian in accordance with Article XII, below, and appoint a successor custodian or trustee authorized to act as such in relation to HSAs under the Code. As soon as is practicable following written notice of the appointment of such a successor custodian or trustee, we will cause the funds in the Deposit Account to be transferred to the successor custodian or trustee.
ACCOUNT OWNER REPRESENTATIONS OF ELIGIBILITY
The Account Owner represents that, unless this Account is used solely to make Rollover or Transfer Contributions as defined below, he or she is eligible to contribute to this HSA; specifically, that he or she: (1) is covered under a High Deductible Health Plan (“HDHP”); (2) is not also covered by any other health plan that is not an HDHP (with certain exceptions described herein for plans providing preventive care and limited types of permitted insurance and permitted coverage); (3) is not enrolled in Medicare; and (4) cannot be claimed as a Dependent on another person’s tax return. Custodian has no obligation to verify that any applicant for an Account is eligible to establish an HSA under applicable laws and regulations.
PURPOSE OF FORM 5305-C
IRS Form 5305-C, on which this section of the Health Savings Account Custodial Agreement is based, is a model custodial account agreement that has been approved by the IRS, with permissible additional provisions that may be agreed to between Custodian and Account Owner. The model agreement provisions provided by the IRS as well as the additional provisions added by Custodian are contained within this Agreement. Also, further provisions applicable to the HSA, including certain disclosures required by various banking laws and regulations, are contained here. An HSA is established subject to the acknowledgment of this Agreement. The Account Owner may acknowledge this Agreement any time during the tax year. An HSA must be created in the United States for the exclusive benefit of the Account Owner.
Do not file Form 5305-C or any part of this Agreement with the IRS. Instead, keep the Agreement with your records.
For more information on HSAs, see Notice 2004-2, 2004-2 I.R.B. 269, Notice 2004-50, 2004-33 I.R.B. 196, Pub. 969, Health Savings Accounts and Other Tax-Favored Health Plans, and other IRS published guidance.
Certain terms used in this Agreement, which are not defined elsewhere herein, shall have the following meanings:
The Account Owner and Custodian make the following Agreement:
It is the responsibility of the Account Owner to determine whether contributions to this HSA have exceeded the maximum annual contribution limit described in Article II. If contributions to this HSA exceed the maximum annual contribution limit, the Account Owner shall notify Custodian that there exist excess contributions to the HSA. It is the responsibility of the Account Owner to request the withdrawal of the excess contributions and any net income attributable to such excess contributions.
The Account Owner’s interest in the balance in this custodial account is non-forfeitable.
If the Account Owner dies before the entire interest in the Account is distributed, the entire Account will be disposed of as follows:
Notwithstanding any other Article that may be added or incorporated in this Agreement, the provisions of Articles I through VIII and this sentence are controlling. Any additional Article or provision in this Agreement that is inconsistent with Section 223 of the Code or IRS published guidance will be void.
This Agreement will be amended from time to time to comply with the provisions of the Code or IRS published guidance. Other amendments may be made in accordance with Article XIV.
Except as hereinafter provided, the Account Owner hereby directs Custodian to invest contributions to the Account in an interest-bearing deposit account with a bank or similar depository institution.
You acknowledge that you have read and or printed a copy of this Health Savings Custodial Agreement and agree to abide by the terms of that Agreement.
HEALTH SAVINGS ACCOUNT DEPOSIT AGREEMENT
The terms “you” and “your” refer to the Account Owner, the term “Depository” refers to the depository institution into which your HSA funds are deposited as set forth herein, and the terms “we”, “us” and “our” refer to Custodian. You understand that this Health Savings Account Deposit Agreement (“Deposit Agreement”) governs your deposit account (the “Account”) with a depository institution (“Depository”), along with any other documents applicable to your Deposit Account, including the attached Truth in Savings Account Disclosure (“Disclosures”), which are incorporated herein by reference. You understand that your Account is also governed by applicable law.
YOUR RELATIONSHIP WITH US – CUSTODIAL RELATIONSHIP
As Custodian for your HSA, we will place your funds into a deposit account at a Depository selected by us in our sole discretion. Depository may be any depository institution. The Account will be recorded on the records of Depository in our name as Custodian.
While we are acting as Custodian for your HSA, all contributions to your HSA (made by you, your employer, a family member or any other person) will be made to us, and we will deposit the funds into your Account. We will disburse funds from the Account pursuant to your Deposit Agreement with us.
You may not transfer the Account directly to another Depository. At your election, you may dismiss us as Custodian in accordance with the terms of the Custodial Agreement, and appoint a successor custodian authorized to act as such in relation to HSAs under the Code and applicable law. As soon as is practicable following written notice of the appointment of such a successor custodian, we will cause the funds in the Account to be transferred the successor trustee or custodian as soon as is practicable. Upon transfer of the Account to a successor trustee or custodian, the successor trustee or custodian shall automatically become custodian of the Account and we shall have no liability from any actions or failures to act following the transfer, either on the part of any successor custodian or trustee for any tax consequences that result from the transfer of the account or the funds therein.
TERMS AND CONDITIONS
If Depository permits you to withdraw funds from your Deposit Account before final settlement has been made for any deposited item, and final settlement is not made, Depository has the right to charge your Deposit Account or obtain a refund from you.
In addition, Depository may charge back any deposited item at any time before final settlement for whatever reason. Depository shall not be liable for any damages resulting from the exercise of these rights. Except as may be attributable to Depository’s lack of good faith or failure to exercise ordinary care, Depository will not be liable for dishonor resulting from any reversal of credit, return of deposited items or for any damages resulting from any of those actions.
I acknowledge that:
I have provided my correct taxpayer identification number (or I am waiting for a number to be issued to me), and
I am not subject to backup withholding because: (a) I am exempt from backup withholding, or (b) I have not been notified by the Internal Revenue Service (IRS) that I am subject to backup withholding as a result of a failure to report all interest or dividends, or (c) the IRS has notified me that I am no longer subject to backup withholding; and
I am a U.S. citizen or legal resident of the U.S.; and
You have read and or printed a copy of this Deposit Agreement and agree to abide by the terms of this Deposit Agreement.
All signers authorize Custodian and Depository to make inquiries from any consumer reporting agency, including a check protection service, in connection with the Account and the Deposit Account.
HEALTH SAVINGS ACCOUNT FEE DISCLOSURE
Custodian reserves the right to charge the below fees:
FEES AND CHARGES
|Trustee to Trustee transfer or Rollover (outgoing)
|Non-sufficient funds (NSF)(can be created by check or other electronic means)
|Periodic paper statement
|Up to a $1.95
|**Paper statement fee charged periodically – Please note you may opt in to receive free electronic statements online by choosing HSA statements and setting your preference.
Deposit Accounts cannot be transferred without consent from Custodian. We reserve the right to require at least seven days written notice before any withdrawal or transfer.
You acknowledge that you have read and or printed a copy of this Fee Disclosure and agree to abide by the terms of such.