Website Privacy Notice
Effective Date: November 12, 2025
VeriSource Services, Inc. (“VeriSource,” “we,” “us,” or “our”) respects your privacy and is committed to protecting personal information collected when providing our benefit administration services. This Privacy Notice explains how we collect, use, and protect personal information and Protected Health Information (“PHI”) and summarizes our practices related to HIPAA-regulated data.
As a Business Associate under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), VeriSource maintains stringent safeguards for any PHI we receive or process on behalf of Covered Entities.
If your inquiry involves PHI received from your health plan or employer, please contact the applicable Covered Entity (your health plan, healthcare provider, or employer) directly. VeriSource does not issue a HIPAA Notice of Privacy Practices because we act solely as a Business Associate.
Our website may contain links to third-party websites, and we are not responsible for the privacy practices or content of those sites. We encourage you to review their privacy policies before providing any personal information.
You can use the links on the left to navigate directly to specific sections of this Privacy Notice.
1. Information We Collect
We may collect the following categories of information when you interact with our website or related administrative systems:
-
Personal Identifiers: Name, email address, phone number, employer name, and job title when you complete contact forms or request information.
-
Professional Information: Employer affiliation and service-related details if you represent a client or Covered Entity.
-
Payment Information: Bank information, including account and routing numbers, when you request payment management services under COBRA, Leave of Absence, or Retiree Billing.
-
COBRA-Related Data: We may receive certain PHI such as enrollment and claims data from group health plans or directly from COBRA participants while administering COBRA coverage and related payment services. This information is collected through secure systems, not through this public website.
-
Health-Related Data: We do not collect or request PHI through this public website. Any PHI shared with us by clients is handled through secure, access-controlled systems governed by HIPAA and contractual terms.
-
Internet Activity Information: IP address, device type, browser settings, pages visited, and usage data collected via cookies or similar technologies through this public website. We use cookies only for functional and analytic purposes, not for targeted advertising. This data is not linked to any PHI or health identifiers.
2. Use of Information
We use personal information for the following purposes:
-
To respond to inquiries and provide information about our services.
-
To fulfill legal, contractual, and regulatory obligations.
-
To manage payments under COBRA, Leave of Absence, or Retiree Billing.
-
To improve the functionality and user experience of our Site.
-
For internal business operations such as audits, compliance monitoring, and recordkeeping.
-
To support marketing and communications efforts consistent with applicable law and user preferences.
All PHI we receive through our Business Associate role is managed in compliance with HIPAA regulations, contractual obligations, and security best practices.
3. HIPAA and Protected Health Information (PHI)
As a Business Associate, VeriSource receives, maintains, or transmits PHI to provide benefit administration services, including COBRA continuation coverage processing, payment, and related claims administration functions.
All PHI is collected and managed through secure, access-controlled systems and governed by Business Associate Agreements (“BAAs”) with the applicable Covered Entities. PHI is never collected through this public website, and our use and disclosure of PHI are limited to what is permitted under HIPAA and our contractual arrangements.
In the event of a potential or actual breach involving PHI, VeriSource follows the HIPAA Breach Notification Rule and promptly notifies affected Covered Entities in accordance with our BAAs.
4. Information Sharing and Disclosure
We do not sell or rent personal information or PHI, and we do not share it for cross-context behavioral advertising.
We may disclose collected information to:
-
Authorized Employees and Contractors for the purposes described above, under confidentiality and security obligations.
-
Service Providers who support our operations under strict data protection agreements.
-
Covered Entities to fulfill contractual obligations under BAAs.
-
Legal or Regulatory Authorities when required to comply with applicable law, legal process, or to protect our rights.
Any disclosure of PHI complies with HIPAA’s Minimum Necessary Standard and is tracked and accounted for as required.
5. Data Security
VeriSource implements administrative, physical, and technical safeguards to protect all data we handle, including:
-
Encryption of data in transit and at rest
-
Role-based access controls and monitoring
-
Security awareness training for staff
-
Incident response protocols and breach notification readiness
We maintain a formal risk management program and periodically review and update our safeguards to ensure ongoing protection of PHI and other personal data. For PHI, these controls align with the HIPAA Security Rule and recognized industry best practices.
6. Your Rights
HIPAA-Regulated PHI
If your PHI is handled by VeriSource as a Business Associate, you may exercise your HIPAA rights – including the right to access, request amendments, receive an accounting of disclosures, or file a complaint – through your health plan or healthcare provider. VeriSource supports these rights through our BAAs.
Website Information
For non-HIPAA personal data collected through this website, you may contact us to request to access, correct, or delete your personal information, or to opt-out of marketing or other communications, subject to applicable law.
To exercise these rights, please contact us at Compliance@verisource.com.
7. Data Retention
VeriSource retains personal information only for as long as necessary to fulfill the purposes for which it was collected or to meet legal, contractual, or operational requirements.
-
Website Data: Information submitted through website forms is retained as needed to respond to inquiries, maintain communication records, and for compliance purposes.
-
PHI: PHI is retained only for the duration and purpose specified in our BAAs with Covered Entities and is securely destroyed or de-identified when no longer required.
We regularly review data retention practices to ensure information is not retained longer than necessary.
8. Cookies and Tracking Technologies
We use cookies and similar technologies to improve the website’s functionality and analyze usage.
We use cookies only for functional and analytic purposes, not for targeted advertising. This data is not linked to any PHI or health identifiers.
You may adjust your browser settings to manage or disable cookies, though doing so may affect some Site features.
9. Children’s Privacy
Our Site is intended for a professional audience and is not directed toward children under 13. We do not knowingly collect information from children.
10. Changes to This Privacy Notice
We may update this Privacy Notice from time to time. The updated version will be posted on this page with a new effective date. Material changes will be communicated appropriately.
11. Contact Us
For questions about this Privacy Notice, our HIPAA-related practices, or to request access to your information, please contact us:
VeriSource Services, Inc.
7600 W Tidwell Rd, #700
Houston, TX 77040
Email: Compliance@verisource.com
If your inquiry involves PHI received from your health plan or employer, please contact the applicable Covered Entity directly.