Gold Harbor Insurance LLC
Code of Conduct & Conflict of Interest Policy
Effective Date: February 14, 2025
1. Purpose
Gold Harbor Insurance LLC ("Gold Harbor") is committed to conducting business with integrity,
honesty, and compliance with all federal and state regulations. This Code of Conduct & Conflict of Interest Policy outlines the
ethical standards that all employees, agents, and contractors must follow to protect the
company, our clients, and the integrity of our Medicare insurance services.
2. Scope
This policy applies to all employees, contractors, and agents
operating under Gold Harbor,
including management, sales agents, and administrative personnel.
3. Code of Conduct
All employees and agents of Gold Harbor must adhere to the following principles:
✅ Compliance with Laws & Regulations
- Follow all federal, state, and industry regulations
related to Medicare, ACA, and
insurance sales.
- Abide by CMS regulations, the False Claims Act, HIPAA, and all relevant consumer
protection laws.
- Complete all mandatory compliance training within 90
days of hire and annually
thereafter.
✅ Honesty & Integrity
- Always act with honesty and transparency in all business dealings.
- Do not misrepresent products, services, or benefits to clients.
- No deceptive sales practices, high-pressure tactics, or
misleading advertising.
✅ Client Protection & Confidentiality
- Protect confidential client information and only use
it for legitimate business
purposes.
- No unauthorized access, disclosure, or sharing of
protected health information (PHI)
or personally identifiable information (PII).
- Comply with HIPAA Privacy & Security regulations at
all times.
✅ Fair & Ethical Sales Practices
- Provide accurate information about Medicare
Advantage, ACA, and related insurance
products.
- Disclose all terms, conditions, and limitations of
policies to clients.
- Obtain clear consent before enrolling clients in any
insurance plan.
✅ No Discrimination or Harassment
- Treat all clients, coworkers, and partners with respect and
professionalism.
- No discrimination based on race, ethnicity, gender,
age, disability, sexual
orientation, religion, or other protected status.
- Report any workplace harassment or discrimination
immediately.
✅ Marketing & Advertising Compliance
- Use only Gold Harbor-approved marketing materials.
- Follow CMS guidelines for marketing and sales
presentations.
- Do not use misleading, unapproved, or deceptive
advertisements.
✅ Gifts & Kickbacks
- Employees must not accept or offer kickbacks, bribes, or
illegal incentives.
- Follow Anti-Kickback Statute and False Claims Act guidelines.
- Report any suspicious financial arrangements that may
violate compliance laws.
✅ 24/7 Reporting
- Employees can report 24/7
4. Conflict of Interest Policy
A conflict of interest occurs when an employee or agent’s
personal interests interfere with
their professional responsibilities at Gold Harbor.
Examples of Conflicts of Interest:
- ❌ Selling competing products outside of Gold Harbor
without
approval.
- ❌ Referring clients to an external agency for personal financial
gain.
- ❌ Having a financial interest in a competitor’s business.
- ❌ Providing preferential treatment to a client based on
personal
relationships.
Conflict of Interest Disclosure
- All employees & agents must disclose potential conflicts of
interest to Gold Harbor
management.
- If a conflict is identified, Gold Harbor will review and
determine appropriate actions.
5. Reporting Violations & Non-Retaliation Policy
Gold Harbor maintains a zero-tolerance policy for violations
of this Code of Conduct.
📢 How to Report Violations:
- Email: compliance[at]goldharborinsurance[dot]com
- 24/7 Anonymous Reporting: Contact Us
🔒 Confidentiality & Protection:
- Reports may be made anonymously and confidentially.
- No retaliation will be taken against employees or agents
who report violations in good faith.
- Employees who violate this policy may face disciplinary
action, up to termination.
6. Annual Certification & Acknowledgment
All employees, agents, and contractors must review and
acknowledge this Code of Conduct
annually.
7. Enforcement & Compliance
Gold Harbor will enforce this policy through:
- Annual training & recertification for all employees and
agents.
- Internal audits to monitor compliance.
- Corrective actions for policy violations.
References & Legal Requirements
📜 Regulatory Compliance:
✔ 42 C.F.R. §§ 422.503(b)(4)(vi)(A), 423.504(b)(4)(vi)(A)
(Medicare Code of Conduct)
✔ HIPAA Privacy & Security Rules
✔ False Claims Act & Anti-Kickback Statute
✔ CMS Marketing & Sales Guidelines
Gold Harbor Insurance LLC
HIPAA Privacy, Security & Breach Reporting Policy
Effective Date: February 14, 2025
1. Purpose
Gold Harbor Insurance LLC is committed to ensuring the confidentiality, integrity, and
security of Protected Health Information (PHI) as
required under the Health Insurance
Portability and Accountability Act (HIPAA). This policy defines the procedures
for HIPAA
training, data security, privacy safeguards, and breach reporting.
2. Scope
This policy applies to all employees, agents, contractors, and
business associates who have
access to PHI while working for Gold Harbor.
Covered Data
- 📌 Protected Health Information (PHI) – Any individually
identifiable health information (electronic, written, or verbal) that is created,
received, or transmitted by Gold Harbor.
- 📌 Personally Identifiable Information (PII) – Any
personal data that can be used to identify an individual, such as Social Security
numbers, addresses, or phone numbers.
3. HIPAA Compliance Training
All employees and agents must complete mandatory HIPAA
training
- ✅ Within 90 days of hire
- ✅ Annually thereafter
Training Topics:
- HIPAA Privacy Rule – How PHI can be used, stored, and
disclosed.
- HIPAA Security Rule – Best practices for securing PHI.
- Data Breach Protocols – Steps to follow if a PHI breach
occurs.
- Employee Responsibilities – What employees must do to
remain HIPAA-compliant.
4. Security & Privacy Safeguards
Gold Harbor enforces physical, administrative, and technical
safeguards to protect PHI:
🔒 Physical Safeguards:
- Restrict office access to authorized personnel only.
- Store physical files in locked cabinets.
💻 Technical Safeguards:
- Multi-factor authentication (MFA) required for access to
PHI systems.
- End-to-end encryption for electronic PHI (emails,
databases, CRM).
- Restricted access permissions for PHI – employees can
only access what is necessary for
their role.
📋 Administrative Safeguards:
- Annual risk assessments to identify potential
vulnerabilities.
- Strict employee authentication procedures for accessing
PHI.
- Workforce training and regular compliance audits.
5. HIPAA Breach Reporting & Response Plan
A data breach is any unauthorized access, disclosure, or theft
of PHI.
🚨 What to Do if a Breach Occurs:
- Step 1: Immediately report
the incident to the Compliance
Officer at compliance[at]goldharborinsurance[dot]com
or
anonymous reporting at Contact Us.
- Step 2: Compliance team investigates and assesses the
breach within 48 hours
- Step 3: If necessary, report the breach to regulatory
authorities (Department of Health & Human Services).
- Step 4: Notify affected individuals within 60 days if PHI
was exposed.
- Step 5: Implement corrective
actions to prevent future
breaches.
🚫 Failure to report a known or suspected
breach may result in
disciplinary action including termination.
6. HIPAA Violation Consequences
- ❌ Fines & Legal Action: Up to $1.5 million per year for
severe violations.
- ❌ Loss of Employment or Licensing: Repeated HIPAA
breaches may result in termination or loss of license.
- ❌ Criminal Charges: Knowingly misusing PHI can lead to
jail time.
7. Annual Certification & Employee Acknowledgment
✅ All employees & agents must complete HIPAA training annually
and
sign an acknowledgment form.
