Brown & Brown, Inc. Consumer Health Data Privacy Policy

Last updated: January 1, 2025

Brown & Brown, Inc., and its covered subsidiaries and affiliates worldwide (collectively, “Brown & Brown”, the “Company”, “we”, “us”, “our”), take your privacy seriously. This Consumer Health Data Privacy Policy (“Policy”) supplements the Brown & Brown, Inc. Global Privacy Statement and describes how we collect, use, and disclose consumer health data of (a) Washington and Nevada residents, and (b) individuals, who reside outside of those states and whose consumer health data is collected by a Brown & Brown affiliate located in Washington or Nevada; and, as applicable, their rights under the Washington My Health My Data Act and the Nevada Health Data Privacy Act. In the event of any inconsistency between this Policy and the Global Privacy Statement, this Policy controls.

This Policy contains the following sections:

Scope of this Policy
Consumer Health Data We Collect
Sources of Consumer Health Data
How We Use Consumer Health Data
How We Disclose Consumer Health Data
Your Rights Relating to Consumer Health Data
Changes to this Policy

1. Scope of this Policy

This Policy applies to individuals who (a) reside in the states of Washington and Nevada, and (b) reside outside those states and whose personal information is collected in Washington or Nevada, but only to the extent that their personal information is “consumer health data” as that term is defined under the Washington My Health My Data Act and the Nevada Health Data Privacy Act.

Subject to applicable exceptions, the term “consumer health data” as used in this Policy includes personal information that is linked, or reasonably linkable to, an individual and that identifies that individual’s past, present, or future physical or mental health status.

This Policy does not apply to:

information publicly available from government records or made publicly available by you or with your permission;
deidentified or aggregated information;
protected health information as defined by the Health Insurance Portability and Accountability Act (“HIPAA”) or the Health Information Technology for Economic and Clinical Health Act (“HITECH”);
personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (“FCRA”), or the Gramm-Leach-Bliley Act (“GLBA”);
any other personal information or entities excluded from the scope of the Washington My Health My Data Act or the Nevada Health Data Privacy Act;
information about our own employees, contractors, agents, or job applicants, and does not apply to information we handle as a “data processor” on behalf of our clients (in which case our client, and not Brown & Brown, controls how your information is handled).

2. Consumer Health Data We Collect

Depending upon the reason that you are interacting with us, the categories of consumer health data we may collect about you include the following:

Individual health conditions, treatment, diseases, or diagnosis;
Health-related surgeries or procedures;
Use or purchase of medications;
Information about bodily functions, vital signs, symptoms, or measurements of health information;
Diagnoses or diagnostic testing, treatment, or medication;
Data that identifies you as an individual seeking health care services;
Information about your purchase of health-related products or services; and
Other information that may be used to infer or derive data related to the above or other health information.

3. Sources of Consumer Health Data

We collect consumer health data from multiple sources, including from the following categories of sources: (a) you when you interact with us, (b) your employer, (c) a third party acting on your behalf (such as a family member), (d) insurance carriers, (e) third-party insurance agent/brokers, and (f) other third parties as described further in Section 3 of the Brown & Brown, Inc. Global Privacy Statement.

4. How We Use Consumer Health Data

We collect and use consumer health data as necessary to provide services or products to you or on your behalf. For example, we may use your consumer health data to administer health insurance policies and process claims.

We may use consumer health data for other purposes, in which case we will provide you with a separate notice and request your consent whenever legally required to do so.

5. How We Disclose Consumer Health Data

We do not, and will not, sell your consumer health data. We may disclose consumer health data in limited circumstances to the categories of third parties described in Section 5 of the Brown & Brown, Inc. Global Privacy Statement, including, but not limited to, service providers, professional advisors, and related third parties, such as your spouse or other family members. We may also disclose consumer health data to corporate affiliates within the Brown & Brown corporate group.

We disclose consumer health data to these third parties, including affiliates, as necessary to provide services or products to you or on your behalf, as described in Section 4 of this Policy. If we disclose consumer health data to a third party for any other purposes, we will provide you with a separate notice and request your consent whenever legally required to do so.

6. Your Rights Relating to Consumer Health Data

Subject to any applicable limitations and exceptions, you have certain rights with respect to consumer health data, including

the right to confirm whether we are collecting or disclosing your consumer health data;
the right to access your consumer health data, including a list of all third parties and affiliates to whom we have disclosed your consumer health data;
the right to delete your consumer health data, and
the right to withdraw your consent to the collection, use, and/or disclosure of your consumer health data in which case we will stop such collection, use or disclosure.

To exercise your rights, please submit a request to us by visiting our online privacy rights portal and completing the request webform.

Alternatively, you may call us at +1 (888) 914-9661 and enter the following PIN: 363 845 when prompted to do so. You will be asked to provide information necessary for us to process your request.

If your request to exercise a right is denied, you may appeal that decision by using the webform or by calling us at the telephone number listed above. If your appeal is unsuccessful, you can raise a concern or lodge a complaint with, as applicable, the Washington State Attorney General at www.atg.wa.gov/file-complaint, or the Nevada Attorney General at https://ag.nv.gov/Contact/.

7. Changes to this Policy

We review this Policy regularly and may make changes at any time to take account of changes in our business activities, legal requirements, or the manner in which we handle consumer health data. We will place updates on this website and where appropriate we will give reasonable notice of any changes. You should periodically review this Policy to ensure you understand how we collect and use your consumer health data. If we make material changes to this Policy, we will notify you by using the contact information which you have provided to us.

4900-8647-5783.1 / 074059-1026

About Us

Committed to Diversity, Inclusion & Belonging

Email Alerts

Annual Report

What We Do

Find Your Solution

Careers

Brown & Brown, Inc. and Team of Companies Certified as a Great Place to Work® Again

Latest News