Privacy Policy


Effective Date: July 15, 2025 (updated from July 2, 2025)

1. Introduction: 

This Privacy Policy outlines how CHL Insurance Solutions, LLC ("Company," "we," or "us") handles your personal information on our website, https://www.chlinsurancesolutions.com ("Website"), through our social media presence (e.g., Facebook Business Page, Instagram Profile), our Google Business Profile, and through our services ("Service"). As a licensed health insurance agency, we are committed to protecting your privacy and ensuring your data is handled responsibly and in compliance with all applicable laws and regulations, including the Health Insurance Portability and Accountability Act (HIPAA) where applicable.

2. Definitions:

3. Information Collection and Use: 

We collect personal information, such as your name, contact details, and health-related data, solely for the purposes of assisting you with health insurance enrollment, determining plan eligibility, and providing ongoing support for your selected plans. This information is collected through various methods, including forms on our Website, phone conversations, and in-person meetings, and interactions on our social media pages (e.g., direct messages, comments, lead forms on Facebook or Instagram), and interactions with our Google Business Profile (e.g., direct messages, review responses). The specific purposes for which we collect and use your information, along with your explicit authorization, will be detailed in consent forms presented to you at the time of collection (e.g., for ACA enrollment assistance or Medicare Scope of Appointment).

4. Data Security and Fraud Prevention: 

While no online transmission or storage method is completely secure, we implement reasonable administrative, technical, and physical safeguards designed to protect your personal data from unauthorized access, loss, or misuse. This includes adhering to strict guidelines and industry best practices. In the unlikely event of a security incident affecting your data, we will comply with all applicable legal requirements regarding notification.

We prioritize safeguarding your personal information, handling it with the utmost care and in accordance with applicable privacy regulations. We are committed to promptly reporting any instances of suspected fraud (as defined above) to the appropriate state and federal agencies. Your vigilance helps protect everyone; if you suspect you've been a victim of health insurance fraud related to Medicare, the Health Insurance Marketplace, or Georgia Access Exchange, here's how you can report it:

5. Use of Google Workspace & HIPAA Compliance: 

CHL Insurance Solutions leverages the robust security infrastructure of Google Workspace for our digital operations, including our website platform, contact forms, email, document management, and client communications. As part of our commitment to HIPAA compliance, we have a Business Associate Agreement (BAA) (Effective: September 6, 2022) with Google, which establishes the responsibilities of both parties in protecting Protected Health Information (PHI). While Google provides the secure platform, we diligently configure and manage our Google Workspace services (such as Gmail, Drive, Forms, etc.) in accordance with HIPAA Security Rule requirements, implementing strict access controls, data encryption, and regular auditing to ensure the privacy and security of your information at all times.

6. Information Sharing with Third Parties: 

We protect your information, sharing it only with official sources such as the insurance carriers you choose, Health Insurance Marketplace platforms, and other secure, industry-standard quoting and enrollment platforms utilized in our operations, or other entities explicitly authorized by you or required by law. We limit the sharing of your information strictly to trusted, authorized parties, and only when necessary to determine plan eligibility or to submit applications for enrollment on your behalf. Any other instances of information sharing would only occur with your explicit written and/or recorded verbal consent.

6.1. Use of Third-Party Enrollment Platforms: 

To efficiently assist you with health insurance quoting and enrollment, we utilize several secure, industry-standard online platforms. For Medicare Advantage (Part C), Medicare Part D Prescription Drug Plans, and Medicare Supplement Insurance (Medigap), we may use PlanEnroll, MedicareCENTER, CSG Actuarial, HealthSherpa for Medicare, SunFire Matrix, or direct-to-carrier quoting portals. For Affordable Care Act (ACA) Marketplace plans (including the Georgia Access Exchange), we primarily use HealthSherpa for ACA. For Supplemental coverage, we primarily use direct-to-carrier portals. When you consent to discuss or enroll in these plans, certain personal information, including Protected Health Information (PHI) when required, may be entered into or transmitted through these platforms to obtain quotes, determine eligibility, compare plan options, and submit applications to the insurance carriers you select. Each of these platforms is designed to protect your data in accordance with applicable privacy and security regulations, and your information shared via these services is used solely for the purpose of assisting with your health plan selection, enrollment, and ongoing service needs.

6.2. Personalized URLs (pURLs): 

To make your health insurance journey even more convenient and secure, we utilize Personalized URLs (pURLs) for efficient information gathering. A pURL is a unique, secure webpage link that allows you to easily provide necessary personal information. This may include Protected Health Information (PHI) (e.g., your current prescriptions, preferred providers, and other relevant health details - only in cases where the specific plan type or eligibility requires it). For instance, most Medicare Advantage plans do not generally require health information for enrollment but do require your Medicare Beneficiary Identifier (MBI) for eligibility verification; however, health information may be needed for eligibility verification for certain Special Needs Plans (SNPs) designed for individuals with specific chronic conditions. Medicare Supplement Insurance (Medigap) may require health information for non-Guaranteed Issue medical-underwritten plans. This digital method streamlines the collection of your information, ensuring it's handled securely while helping us accurately assess your eligibility, provide tailored plan recommendations, and help you enroll in coverage.

6.3. Social Media Platforms (Facebook, Instagram) and Google Business Profile: 

We maintain a presence on social media platforms, including Facebook and Instagram, as well as a Google Business Profile. When you interact with our profiles or send messages on these platforms, the respective platform provider (e.g., Meta for Facebook, Instagram; Google for Google Business Profile) collects certain data about your interactions.

7. Cookies and Tracking Technologies: 

We do not directly place or collect data through cookies on our Website. However, please note that third-party services, such as Google Analytics, may employ their own cookies or tracking technologies to gather information about your Website usage. Similarly, when you visit or interact with our social media profiles (e.g., Facebook, Instagram) or our Google Business Profile, the respective platform may place cookies or use other tracking technologies to collect data about your activity. If we utilize tools like the Facebook Pixel on our Website, this technology may also collect data to help us understand user behavior and optimize our advertising on Facebook and Instagram. We do not have direct access to or control over these third-party cookies or the data they collect, and we encourage you to review the privacy policies of Google, Meta (Facebook, Instagram), and any other relevant third-party services for more information on their practices and how to manage your privacy settings with them.

8. Links to Other Websites: 

Our Website may contain links to third-party sites (e.g., Medicare.gov, Healthcare.gov, and our social media profiles like Facebook, Instagram, Google Business Profile). We are not responsible for the privacy practices or content of these sites. We encourage you to review their privacy policies before providing any information.

9. Transfer of Account Upon Business Sale: 

If CHL Insurance Solutions, LLC is sold, your client record and associated personal data may be transferred to another licensed insurance agent. We will notify you of any such change and ensure the new agent adheres to this Privacy Policy.

10. Your Right to Data Deletion & Consent Preferences: 

You may request deletion of your personal data or revoke consent to be contacted at any time by completing this form. We will promptly fulfill these requests, ceasing contact and deleting non-essential data.

Important Note on Retention: Federal regulations (e.g. CMS) require us to maintain specific Medicare and Marketplace-related records (e.g., consent forms, call recordings, scope of appointment forms) for a period of 10 years. These legally mandated records are exempt from deletion.

11. No Interaction with Children: 

Our Service is not directed at individuals under 18. We do not knowingly collect data from children and request that minors refrain from using our Website or Service. If we learn of unintended data collection from a child, we will delete it immediately upon notification.

12. Law Enforcement and Legal Obligations: 

We may disclose your personal information to law enforcement or other authorities if required by law, such as in response to a court order, subpoena, or to comply with legal obligations. Such disclosures will be limited to what is necessary to meet those requirements.

13. Changes to This Privacy Policy: 

We may update this Privacy Policy to reflect changes in our practices or legal requirements. Any revisions will be posted on this page, and we encourage you to review it periodically for updates. We will post an updated "Effective Date" at the top of this policy.

14. Contact Us: 

For questions about this Privacy Policy, your data, or to request deletion, contact: 

Justin Tomlin