Privacy Policy

Virginia's Insurance Marketplace Privacy Policy


Virginia’s Insurance Marketplace (“the Marketplace”) is administered by the Health Benefit Exchange Division of the Virginia State Corporation Commission.

The Marketplace can help you find out if you are eligible, and to sign up for Qualified Health Plans (QHPs) and Qualified Dental Plans (QDPs). To do this, the Marketplace will need to collect certain information from you, including personally identifiable information (PII). 

PII refers to any information that can be used, either alone or in combination with other information, to identify an individual. Examples of PII include things like social security numbers (SSNs), names, home addresses, email addresses, phone numbers, medical information, financial information, and employment information. 

Virginia's Marketplace respects and values your right to privacy and will protect your information in accordance with applicable laws, regulations, and standards for security and privacy, including but not limited to section 155.260 of the Affordable Care Act’s (ACA) regulations. See 45 C.F.R. § 155.260.

PII collected through the Marketplace is required in order to perform ACA-mandated functions such as enrollment in QHPs / QDPs, and determining eligibility for Advance Premium Tax Credits (APTC) and Cost-Sharing Reductions (CSR). 

This Privacy Policy describes why and how the PII you provide the Marketplace may be used and shared so that you can make informed decisions about your interactions with the Marketplace, including whether to share your PII. This Privacy Policy may be amended from time to time without notice. 

Collection of PII  

PII that you voluntarily provide to the Marketplace may be collected through: 

  • Health Insurance Application Process
    • To determine eligibility for and facilitate enrollment in QHPs / QDPs and financial assistance programs. 
  • Surveys you agree to complete
    • Data is used to make the Marketplace more responsive to customer needs.
  • Email you choose to send to the Marketplace
    • To help the Marketplace answer your inquiry.
  • Verbal interactions with Marketplace staff and customer service call center representatives
    • To address any issues, concerns or questions you may have.
    • Calls to the customer service call center may be recorded for audit, training and appeals purposes.
  • Appeals
    • To verify your identity and accurately process any appeals you may file.

PII that may be collected includes, but is not limited to: 

  • Demographic Data
    • Name, age, address, telephone number, email.
  • Income Data
    • Tax filing status, marriage status, tax dependents, employer, annual or monthly income.
  • Citizenship and Immigration Data
    • SSN, Resident Alien Number, Native American Tribe ID Number, incarceration status.
  • Disability Information
    • Whether the applicant / household member is blind, disabled, or requires assistance with daily living (this information cannot be used to deny coverage, but may be used to determine eligibility for Medicaid).
  • Medical Insurance Coverage Information
    • Past and current health insurance coverage, customer plan selections, and other information necessary to facilitate enrollment.

PII may also be used by the Marketplace to generate summary statistics about website usage; conduct audits to detect fraud or misuse of data; improve operation and development of the Marketplace; and to fulfill any legal obligations (including, as necessary, to protect the rights, safety, or property of the Marketplace or of others; comply with applicable law; or cooperate with law enforcement or government requests). 

The PII you provide us will be used only by authorized Marketplace staff, business partners, grantees, contractors, designees, governmental agencies, insurance companies and, where necessary, by law enforcement officials. Use of PII will be on a “need to know” basis, and only to fulfill necessary job responsibilities or duties in connection with Marketplace operations (e.g., website maintenance, improving customer experience, or assisting with processing of your application.) 

The PII you provide to the Marketplace will not be shared, sold, or transferred to any third party for the third party’s direct marketing purposes without your prior consent and will only be disclosed to accomplish legally-authorized Marketplace functions. 

From time-to-time, the Marketplace may combine PII collected from you with information from other sources (e.g., Medicaid eligibility information from the Virginia Department of Medical Assistance Services). Any combined information will be considered PII. 


When interacting with the Marketplace website (, your browsing experience may be customized by browser “cookies.” A cookie is a small text file that is saved on your computer when you visit a website. 

Cookies created by using our website and stored on your computer do not contain PII and do not compromise your privacy or security. You can refuse cookies or delete them from your computer’s browser at any time by using any one of several widely available methods.

Session cookies allow you to move through pages of a website quickly and easily without having to authenticate or reprocess each new area you visit. Session cookies are destroyed automatically after successful completion of a transaction, after a few minutes of inactivity, or when the browser is closed. 

Persistent cookies help websites remember your information and settings when you visit them in the future. They continue to exist after a few minutes of inactivity, after the browser is closed, or after a user completes a single session. 


Virginia's Marketplace website may include hyperlinks to information created and maintained by other public and / or private organizations (external websites). These links are provided for your information and convenience. When you select a link to an outside website, you are leaving the Marketplace website and are subject to the privacy and security policies of the owners / sponsors of the external website. 

The Marketplace does not control or guarantee the accuracy, relevance, timeliness, or completeness of information contained on an external website. The Marketplace does not endorse the organizations sponsoring external websites, does not endorse the views they express or the products / services they offer, and is not responsible for communications you may receive from external websites. The Marketplace cannot guarantee that external websites comply with accessibility requirements.

Do I have to Give PII to Virginia's Marketplace?  

No, you do not have to give PII to the Marketplace. However, not sharing it may prevent you from enrolling in health or dental insurance, and may prevent the Marketplace from determining your eligibility for assistance in paying for health insurance coverage or determining your eligibility for benefits, programs or exemptions. 

By using Virginia's Marketplace services, you consent to the collection, use, and sharing of your PII as outlined in this Privacy Policy and to the limitations on our responsibilities to you. By providing information to the Marketplace, you are agreeing to be bound by these terms, all applicable laws and regulations, and any other applicable policies, terms, and guidelines established by Virginia’s Marketplace. 

Be sure to provide correct information. Anyone who fails to provide correct information or who knowingly and willfully provides false or untrue information to the Marketplace may be subject to a penalty and other law enforcement action. 

If you do not agree with any of these terms, do not access the Marketplace website or customer service center. 

Authority to Collect  

Section 155.260 of the United States Department of Health and Human Services regulations authorizes Virginia’s Marketplace to collect PII to determine eligibility for enrollment in QHPs, to determine eligibility for Medicaid / FAMIS and other insurance affordability programs, and to determine eligibility for exemptions from the individual mandate to maintain health insurance coverage. See 45 CFR § 155.260. 

Virginia’s Marketplace will only create, collect, use or disclose PII for purposes that are authorized under this regulation. 

In following this regulation, the Marketplace will provide: 

  • Individual Access: You will be provided with a simple and timely means to access and obtain your PII. 
  • Correction: You will be provided with a timely means to dispute the accuracy of your PII and to have erroneous information corrected.
  • Openness and Transparency: All policies, procedures, and technologies that affect PII are fully disclosed to the public.
  • Individual Choice: You will be provided a reasonable opportunity to make informed decisions about the collection, use, and disclosure of your PII. 
  • Collection, Use, and Disclosure Limitations: PII will be created, collected, used, and / or disclosed only to the extent necessary to accomplish Marketplace goals. 
  • Data Quality and Integrity: Reasonable steps will be taken to ensure PII is complete, accurate, and up-to-date to the extent necessary to provide services to the customers of Virginia’s Marketplace. 
  • Safeguards: PII is protected with reasonable operational, administrative, technical, and physical safeguards to ensure confidentiality, integrity, and availability and to prevent unauthorized access, use, or disclosure.
  • Accountability: These principles are implemented, and adherence assured, through security audits conducted by an independent third party. 

Sharing PII with External Entities  

Virginia’s Marketplace will need to share PII with authorized insurance carriers and federal and state agencies (for example, the Virginia Department of Medical Assistance Services, the Internal Revenue Service, the Social Security Administration) only for legally authorized purposes including processing requests for enrollment in QHPs / QDPs, and determining eligibility for health / dental coverage, APTC, CSR, and Medicaid / FAMIS. 

PII will be used only by those authorized to receive it, and no more PII will be requested or used than is necessary. Tax return information may be shared with and by Virginia’s Marketplace, but it will be kept confidential in accordance with section 6103 of the Internal Revenue Code. 26 U.S.C. § 6103. 

Any person who knowingly and willfully uses or discloses PII in violation of the ACA may be subject to civil penalties in addition to other penalties that may be prescribed by law or contract. See generally 42 U.S.C. § 18081. 

Information Sharing with Enrollment Professionals  

You may also choose to share PII with enrollment professionals when getting help with the application and enrollment process. Enrollment professionals include insurance agents, Navigators, Certified Application Counselors (CACs), Certified Application Counselor Designated Organizations (CDOs). 

The roles of Navigators, CACs and CDOs were created under the ACA to provide impartial education to customers regarding ACA health / dental plans and subsidies, but these assisters are not permitted to recommend specific plans. Private insurance agents can offer plan recommendations based on a customer’s specific requirements as well as provide ACA education and enrollment assistance. 

All enrollment professionals are required to comply with the terms of this privacy policy, as well as any other criteria established by Virginia’s Marketplace. 

You may explicitly designate a Navigator or agent / broker by using the Marketplace website, or by calling the Marketplace customer service center. You may change or terminate your designation at any time. 

Individual Access/Correction of Information

Section 155.260 of the ACA regulations provide you with certain rights to get information about you that is in our records. 45 C.F.R. § 155.260. You may access your PII collected by the Marketplace at any time through the Marketplace user portal. You are encouraged to review your application information on a regular basis to ensure its continued accuracy. Information errors can be corrected directly through the user portal, or by contacting the Marketplace customer service center. Designated enrollment professionals can also correct information on your behalf should you so choose.  

Please note that in accordance with ACA regulations, corrections to information provided on an application for coverage may result in a redetermination of eligibility. 

Protecting Your PII

Virginia’s Marketplace follows standards, policies, and procedures designed to safeguard PII. The Marketplace portal and supporting systems adhere to federal security laws, mandates, and standards, specifically:

  • National Institute of Standards and Technology guidelines, industry practices for security, confidentiality and auditing; and 
  • Virginia-specific security requirements to secure data and information. 

Consistent with applicable laws and regulations, the Marketplace takes all reasonable steps to protect your PII, including integrating security measures into the design, implementation, and day-to-day practices of the entire Marketplace. 

These measures include operational, administrative, technical, and physical safeguards to help prevent unauthorized access, use, or disclosure of PII. The Marketplace uses a variety of methods and mechanisms for PII protection, such as firewalls, intrusion monitoring, encryption and passwords, device locking, premises monitoring, and website security measures. 

PII will be protected against any reasonably-anticipated threats to its confidentiality, integrity, and availability. It will also be protected against any reasonably-anticipated uses or disclosures that are not permitted by law. 

PII will be kept no longer than required to achieve the specified objective for which it was collected. It will then be securely destroyed or disposed of in accordance with federal and state laws, regulations, and Marketplace retention schedules. 

Your privacy is best protected through a partnership between Virginia’s Marketplace and you. The Marketplace protects your privacy in accordance with the privacy and security standards for the protection of PII established in the ACA and its regulations. See 45 C.F.R. § 155.260. You should also take steps to help keep your PII safe by not sharing your Marketplace password with anyone and by being mindful of potential fraud when asked to provide such personal information. 

Complaints Regarding the Improper Handling of PII

If you feel that your PII has been handled improperly, you may submit a complaint by email to the Virginia Marketplace Privacy Officer at You may also call the Marketplace customer assistance center at 1-888-687-1501 (TTY 711 for those who are deaf, hard of hearing or speech disabled). 

Privacy Act Statement

This statement provides the notice required by the Privacy Act of 1974 (5 U.S.C. § 552a(e)(4)).

The Patient Protection and Affordable Care Act (Public Law No. 111-148), as amended by the Health Care and Education Reconciliation Act of 2010 (Public Law No. 111-152), and the Social Security Act authorizes Virginia's Insurance Marketplace to collect the information on your application and any necessary supporting documentation, including social security numbers, to determine whether you and the listed people on your application are eligible for health coverage or help paying for health coverage. 

Virginia's Marketplace uses the information you provide about yourself and the other people included in your household to determine eligibility for: (1) enrollment in a qualified health plan (QHP) through Virginia's Marketplace, (2) insurance affordability programs (such as Medicaid, APTC, and CSR), and (3) certifications of exemption from the individual responsibility requirement. 

As part of that process, the Marketplace will verify the information you provided on your application; communicate with you (or your authorized representative, if you choose to have one); and provide the information to the health plan you select so that you or other eligible individuals can be enrolled in a QHP or insurance affordability program. 

To determine if you and the people on your application are eligible for health coverage, or for help in paying for health coverage, the Marketplace will electronically verify the information you provided using information in other data sources, including: 

  1. Other federal and state government agencies, such as the Internal Revenue Service, the Social Security Administration, and the United States Department of Homeland Security, the United States Department of Health and Human Services, and the Virginia Department of Medical Assistance Services; 
  2. Consumer reporting agencies; 
  3. Employers identified on applications for eligibility determinations; 
  4. Applicants / enrollees; 
  5. The authorized representatives of applicants / enrollees; 
  6. Agents, brokers, and QHP issuers, as applicable, who are certified by Virginia's Marketplace to assist applicants / enrollees; 
  7. Contractors engaged to help operate Virginia's Marketplace; and 
  8. Anyone else as required by law.

Virginia’s Marketplace will also use the information to conduct activities such as verifying your continued eligibility for health coverage or for help paying for health coverage, processing appeals, reporting on and managing insurance affordability programs for eligible individuals, performing oversight and quality control activities, combatting fraud, and responding to any concerns about information security or confidentiality.

While providing information via the application is voluntary, failing to provide the information may delay or prevent you from obtaining health coverage or help in paying for health coverage through Virginia's Marketplace. It is important to provide correct information. Knowingly and willfully providing false or fraudulent information may result in civil penalties or other law enforcement action.