Privacy Protection Policy

1. Privacy Protection Policy at Leumit Health Fund

1. Leumit Health Fund (hereinafter: “Leumit” or “the Fund”) is a health fund as defined in the National Health Insurance Law, 1994 (hereinafter: “National Health Insurance Law”). Within the framework of providing healthcare services under any applicable law, Leumit processes general information and medical information about its insured members and patients (past and present).
2. Leumit is obligated under the Privacy Protection Law, 1981, and the regulations thereunder (hereinafter: “the Privacy Law”), the Patient’s Rights Law, 1996 (hereinafter: “the Patient’s Rights Law”), and the rules of medical ethics, to strictly protect the privacy of such information, and diligently complies with these requirements. The information protected under law is stored in computerized information systems operated by Leumit, in medical records, in documents transferred between Leumit institutions, and between Leumit and external medical institutions, within the framework of medical treatment processes, as required and in accordance with the law.
3. Leumit carries out all of the above processes while strictly safeguarding the privacy of information, through the use of appropriate technologies, defining work procedures that support privacy protection requirements, continuous monitoring by professional entities within Leumit, periodic audits to evaluate the effectiveness and validity of the implemented technologies and procedures, and updating them as necessary.
4. The processes of information protection and periodic audits are entrusted to senior managers at Leumit, who hold the necessary authorizations for fulfilling their duties. In addition, Leumit has appointed a Privacy Protection Officer as required by law.
5. All employees of Leumit, as well as external consultants, service providers, and contract workers, are instructed as part of their onboarding process and periodically thereafter, regarding the Fund’s procedures for handling information protected by law.

2. Sources of Information Input, Collection, Use, and Storage

1. The collection, storage, processing, and transfer of information about Leumit’s patients to parties outside the Fund is carried out under the powers granted to Leumit and in accordance with all applicable law, in particular the Privacy Law, the National Health Insurance Law, and the Patient’s Rights Law.
2. The sources of information stored and processed in Leumit’s information systems and institutions regarding its patients are varied:
   1. Information about patients of the Fund
      1. The initial information about Leumit insured members is received from the National Insurance Institute (and, for other patients, from their insuring institutions). This occurs only after the patient has joined Leumit’s health services, thereby expressing consent to the transfer and processing of the information by Leumit. Information received from public institutions such as the National Insurance Institute is transferred subject to the requirements of the law and in the manner prescribed therein for the transfer of information between public bodies.
      2. Information about the patient is collected primarily by the treating physician at Leumit, or on its behalf, who enters the information into the system where the patient’s medical record is maintained.
      3. Additional activity channels in which patient information is collected include: tests at Leumit laboratories, purchase of medicines and medical supplies at Leumit pharmacies, information received from hospitals, external institutes and laboratories, and external pharmacies, as well as various medical documents submitted by patients through different channels: the personal area on the website and the app, through Leumit’s customer service, or delivered directly to the treating physician and Leumit staff at clinics.
   2. Personal information not related to Fund patients
      1. Personal information of data subjects who are not patients of the Fund may also be collected and processed by Leumit. Such information is provided by the data subject, for example: browsing the website, submitting a form in a campaign for recruiting new members, contacting the Fund through different campaigns (e.g., offering assistance to evacuees during the “Iron Swords” war), and others.
      2. Browsing this website and contacting Leumit provides minimal personal information necessary to establish communication, as well as other personal information voluntarily provided by the user. Leumit’s systems may collect information such as the IP address of the device used to access, the type of device, time of access, pages viewed, and the type of service in which the user expressed interest.

3. Purposes of Use of Personal Information

1. The information collected is used solely for the purposes defined in the documentation of the relevant database.
2. Main purposes include: provision of medical or supportive health services, diagnosis, treatment, follow-up and professional support, management of medical records, documentation, updating and storing medical information as part of routine service, billing and collection, issuance of invoices, reporting to entities authorized by law, service improvement and user experience enhancement, statistical analysis, internal monitoring, surveys and feedback, direct marketing and personalized offers (including sending promotional information by email, SMS, or other means, subject to Section 30A of the Communications Law (Telecommunications and Broadcasting), 1982), compliance with legal and regulatory obligations, retention of medical records in accordance with the Patient’s Rights Law, filing of required reports, providing information to authorities as required by law, and protection of legal rights where necessary to assert or defend the organization’s or third parties’ legal rights.

4. Consent to Collection and Processing of Personal Information

1. By registering on the website and/or in the app and/or by using Leumit’s telephone services, the user consents to this Privacy Policy. The use of the Fund’s services, including the provision of personal information, is carried out by the user voluntarily and in accordance with law, in particular the Privacy Law and its regulations.
2. By browsing the website, submitting forms, or sending online requests to Leumit through various channels, the user agrees that the information will be collected, processed, stored, and used for purposes including the provision of medical or other services, compliance with legal, regulatory, and insurance obligations, internal management and supervision (including quality control, documentation, research, statistics, and service improvement), and contacting the user for service, coordination, and treatment purposes.
   There is no obligation to provide personal information, and the user may refuse to do so. However, it is clarified that withholding essential information may affect the ability to optimally, or at all, provide services. For example, one may browse the website and obtain information (with minimal information for establishing communication) without providing personal information. However, medical services cannot be provided without unique identification of the patient and verification that he/she is insured by Leumit, which requires provision of personal information.

5. Storage of Information and its Safeguarding

1. Leumit ensures that access to information is granted only to those who need it for performing their role at the Fund, and solely for the purpose of fulfilling that role, in accordance with the “need to know” principle. For example, a physician may view and update information in the medical record for treatment purposes, while customer service representatives generally receive access to personal details but not medical information.
2. The procedure for granting access rights to information is regulated in a dedicated policy set by Leumit, considering the high sensitivity of medical information. The granting of access rights is documented and periodically audited.
3. Types of information defined as particularly confidential include mental health and gynecology. Access to such confidential medical information will not be granted to individuals whose role does not require such exposure.
4. Leumit maintains two channels for information storage:
   1. Leumit’s computerized systems: These systems are subject to defined and implemented technological information security requirements appropriate to a high level of data protection. Requirements are periodically reviewed and updated.
   2. Archive facility: A secure facility where archival material is stored. Security requirements for this facility were set based on the legal obligation to adequately protect stored information, as required by law. Each document is stored in the archive for the period defined by Israeli law and Ministry of Health guidelines (for medical records). At the end of the retention period, the document is destroyed. Current storage volume is approximately 3,000 storage containers.

6. Information Security Procedures

1. Leumit’s management has established an information security policy and procedures for its implementation. The two main goals of information security are:
   • Protection of information: safeguarding its integrity and reliability, ensuring availability of access to the various types of information, and survivability of information systems.
   • Protection of privacy.
2. Leumit acts in accordance with the Privacy Protection Regulations (Data Security), 2017, which define the required level of information security for any entity in Israel, public or private, that manages or processes personal information.
   In accordance with these regulations, Leumit has approved an Information Security Policy that establishes mechanisms designed to embed information security into the Fund’s management routine. Among other things, the policy includes:
   1. Instructions for legal compliance and adherence to best practices in privacy and information systems security.
   2. A framework for compliance with international information security standard ISO 27799, for information security management at Leumit and all its facilities.
   3. Instructions aimed at creating continuous commitment and awareness regarding privacy and information security among managers, employees, suppliers, Leumit customers, and any other entity contractually connected to Leumit with access to its information.
   4. A basis for establishing work processes which, when properly combined, address threats and risks arising from the possession, transfer, and processing of sensitive personal information.
3. Additional procedures regulating information security at Leumit, addressing all technological aspects and processes at the Fund, include: Encryption Control Procedure; Supply Chain Security Procedure; Information Security Organization Procedure; Remote Work Security Policy; Portable Media Handling Procedure; Access Control Procedure; Information Asset Management Procedure; Human Resources Processes Security Procedure; Physical Security Procedure; Employee Information Security Procedure; Authorizations Committee Procedure; Information and Cyber Security Incident Management Procedure; Information Security Risk Management Procedure; Customer Service Provision Security Procedure, and others.

7. Transfer of Information to External Parties

1. Information protected under the law is transferred to public bodies in accordance with the procedures set out in the law, as well as to additional parties outside Leumit, subject to the provisions of any law.
   The transfer of information protected under the law to public bodies is carried out under the full supervision of the Information Transfer Committee, which was established and operates at the Fund in accordance with the provisions of the law. Its members are: the Deputy Director General – Chairperson, the Chief Information Officer, the Legal Counsel, and the Information Security Officer – Committee Secretary.
2. Upon approval by the Committee for the transfer of information protected under the law, the exact details of the information to be transferred are determined, as well as the manner and method of transfer, the security measures required as a consequence of the transfer method, the controls ensuring that the information is fully and safely received by the recipient, the manner in which the recipient is required to protect the information, and the control method for monitoring the transfer and for periodic review of the process. All of the above are documented as required.
3. Information is regularly transferred to the following entities:
   • Police – road accidents.
   • Bituch Leumi – work accidents.
   • Magen David Adom (MDA) – evacuation data to hospitals.
   • Ministry of Health – serious diseases and other matters as requested by the Ministry from time to time.

8. Transfer of Personal Information Abroad

1.  As a rule, Leumit does not transfer personal information outside the borders of Israel. Some of the information collected and processed by Leumit is stored in information systems based on cloud infrastructure of Microsoft and Amazon. This information is stored on cloud infrastructures located in Israel (Amazon) and in Ireland (Microsoft). However, as part of certain processes, personal information may be temporarily transferred to Leumit’s servers in Europe, in Ireland.
2. Leumit takes all customary measures to ensure that information transferred abroad is kept confidential and is handled in accordance with Leumit’s strict procedures and with the provisions of the law.
3. Additional information about transfers of information abroad or related conditions may be obtained by contacting the following email address: Privacy@Leumit.co.il

9. Inquiries or Complaints Regarding Privacy Protection

1. Any inquiry or complaint regarding privacy protection at Leumit, as well as lawful requests to review or correct information, must be directed to Leumit’s Public Inquiries Department, with the subject line: “Privacy Protection.”
   Mr. Adam Arutz, Director of Information Protection and Cyber Department at Leumit, is the organization’s appointed Privacy Protection Officer, and can be contacted via the following email address: Privacy@Leumit.co.il

10. Changes to the Privacy Policy, Decision-Making, and Publication of Changes

Any change required in the Privacy Protection Policy (other than changes resulting from amendments to the law) will be brought for approval by the Fund’s management and published here.

11. Patient’s Rights to Review, Update, or Delete Information

1. Every patient of Leumit is entitled to review the information held by Leumit regarding him/her. A full copy of the medical record may be obtained by contacting Leumit’s Information Collection Department via email, subject to the required fee.
2. In accordance with the Privacy Protection Law, every individual has the right to request that the Fund update or delete personal information concerning him/her that is held in Leumit’s databases. Any user may contact Leumit’s Public Inquiries Department with a request to update, correct, or delete information concerning him/her, and the request will be handled in accordance with the law and its regulations, the Patient’s Rights Law, 1996, and the rules of medical ethics.

12. Leumit Application (hereinafter: “the App”)

1. The App can be downloaded from the Apple App Store for iPhone devices and from Google Play for Android devices.
2. For the purpose of improving customer service, Leumit uses data collected and transmitted by the device during use of the App (not operating in the background):
   • Location data (GPS): Leumit uses the device’s location data only while the App is active (not in the background), in order to display services near the device’s location: physicians, medical centers, etc. Location data is not collected or stored.
   • Bluetooth: Required for conducting video calls with a physician or healthcare provider. Actual use occurs only during the video call itself.
   • Wi-Fi State: Required for conducting video calls with a physician or healthcare provider. Actual use occurs only during the video call itself.
   • Camera: For conducting video calls and for photographing documents.
   • Phone number: For conducting video calls. The phone number is not stored in the company’s databases.
   • Files and photos: For attaching documents to a request to a physician, a request for referral (Form 17), or a reimbursement request. The files are stored in the customer’s personal data and enable Leumit to provide personalized service.
   • Calendar: For adding appointment details to a Google or Outlook calendar. The appointment is saved by the customer in his/her preferred calendar. Leumit does not retain data if the customer chooses this option.
   • Microphone/voice: For conducting video calls.