2023 Compass Code of Conduct

Compass Code of Ethical

Business Conduct

Guiding Integrity and Ethics

2023

GuideWell Mutual Holding Corporation

As GuideWell continues to grow and build the future of health, it’s important for us to lean

on our mission and values in everything we do for our customers, our patients, our team

members, and the communities we serve. Our mission and values drive the culture that

enables our success as a health solutions enterprise.

This year, as part of our effort to strengthen our shared GuideWell culture and culture of

compliance, we’re expanding the Code of Ethical Business Conduct (Code of Conduct)

across the GuideWell enterprise. This Code of Conduct is a valuable resource that guides us

to conduct business ethically and in accordance with our Enterprise values as we advance

health together.

We’re proud of the way the GuideWell companies embrace our values of Respect, Integrity,

Inclusion, Imagination, Courage, and Excellence.

Each one of us has an obligation to uphold our culture of compliance and ethics and live the

values that make us who we are. Please join us as we pledge to keep ethics, integrity, and

compliance at the heart of all we do.

Cordially,

Patrick J. Geraghty

Thomas G. Kuntz

Colleen D. Brennan

Member, GuideWell Board of Directors and

Chair, Audit and Compliance Committee

President and CEO VP, Chief Integrity &

Compliance Oﬃcer

LEADERSHIP MESSAGE

The beliefs and priorities that drive our company’s culture

OUR VALUES

RESPECT

Everyone deserves to be

valued and treated with

dignity

INTEGRITY

Honesty, truthfulness and

adherence to the highest

ethical standards

INCLUSION

Realizing the value everyone

brings to the table is what

will drive us forward

IMAGINATION

Embracing new and diﬀerent

ideas help us advance health

together

COURAGE

Speaking up and taking the

right action, even when it is

hard, is how we get better

EXCELLENCE

Driving high quality results

that cultivate customer

satisfaction

TABLE OF CONTENTS

Integrity and Ethics 6

Our Commitment 7

Why We Have a Code of Conduct 7

Who the Code of Conduct Applies To 7

Disciplinary Action 8

Why Ethics, Integrity and Compliance Matter 8

Our Ethical Decision-making Framework 9

Our Responsibility and Reporting Concerns 11

Our Shared Responsibility 1

Management Responsibility 12

Reporting Situations 13

We Will Not Tolerate Retaliation 14

Our Environment 15

Maintaining a Safe Work Environment 16

Human Rights 17

Diversity, Equity and Inclusion 17

Discriminatory and Sexual Harassment 17

Equal Employment Opportunity 18

Soliciting and/or Distributing Literature 20

Environmental Standards 20

Dealing with the Marketplace and Business Partners 21

Fair Dealing and Competition and Business Ventures 22

Advertising and Marketing 24

Use of Company Assets 25

Company Assets 26

Internet, Email and Social Media 26

TABLE OF CONTENTS

Conflicts of Interest 28

Conﬂicts of Interest 29

Gifts and Entertainment 30

Gis and Entertainment 31

Charitable Giving and Community Investment 33

Accurate Company Records and Financial Integrity 34

Accurate Record Keeping 35

Retention of Records 38

Protecting Information and Property 39

Privacy 40

Conﬁdential, Proprietary and Other Non-public Information 42

Employee Data 43

Information Security 44

Information Security 45

Dealings with Government Programs

and Interactions with the Public 47

Working with Government Customers 48

Political Contributions and Lobbying Activities 50

Activities Abroad 52

Legal and Regulatory Requirements 53

Legal and Regulatory Requirements 54

Resources 57

INTEGRITY

AND ETHICS

o Our Commitment

o Why We Have a Code of Conduct

o Who the Code of Conduct Applies To

o Disciplinary Action

o Why Ethics, Integrity and Compliance Matter

o Our Ethical Decision-making Framework

OUR COMMITMENT

We are committed to conducting business ethically, with integrity and in compliance with

laws and regulations.

Our goal is to advance our corporate culture of compliance, guided by the highest standards

of integrity and ethical business conduct. Strengthening our commitment to compliance

and ethics not only reinforces our values, but also distinguishes us as a company and

provides us with a competitive advantage in the marketplace.

WHY WE HAVE A CODE OF CONDUCT

The Compass Code of Ethical Business Conduct (Code of Conduct) is designed to educate

all company board members, oﬃcers, employees, temporary workers, contractors, and

representatives of the company* on ethical behavior in the workplace. It supplements

policies and procedures, which provide more detailed guidance on company expectations

and requirements for behavior in the workplace and while conducting company business.

WHO THE CODE OF

CONDUCT APPLIES TO

The Code of Conduct applies to GuideWell Mutual Holding

Corporation (GMHC), certain wholly-owned subsidiaries, certain

aﬃliates and employees of the company. GMHC, certain wholly-

owned subsidiaries and aﬃliates, are collectively referred to as the

“company.”

We are required to read, understand and comply with the Code of Conduct, in addition

to complying with all company policies and procedures. If your business area has

policies and procedures that are more speciﬁc than the Code of Conduct, you should

follow those policies or procedures. Likewise, in the event that the Code of Conduct

conﬂicts with any local law, you should follow the law.

*All referred to as

“employees” in this

Code of Conduct

DISCIPLINARY ACTION

Disciplinary action, including termination of employment and/or

legal action, may result in response to violations of law, regulation,

company policies or the Code of Conduct, or in cases of other

misconduct or unethical behavior.

Misconduct that is likely to result in disciplinary action includes,

but is not limited to:

• Violating or directing others to violate the law or company

policies;

• Failing to promptly raise a concern regarding illegal, non-

compliant or unethical activity;

• Failing to cooperate with investigations into allegations;

• Retaliating against an employee who has made a good faith report of potential

misconduct or who has cooperated in an investigation; and/or

• Making an allegation in bad faith and/or other intentionally false allegation of

misconduct.

WHY ETHICS, INTEGRITY AND

COMPLIANCE MATTER

Acting ethically, with integrity and in compliance with laws and regulations is as important

as any aspect of our business. It helps us uphold our commitment to our communities, our

customers, and our patients. How we conduct ourselves reﬂects on us and the company.

Retaliation is any adverse

action taken against an

individual for ﬁling, in

good faith, a report or

inquiry or participating

in an investigation of a

report or inquiry.

OUR ETHICAL DECISIONMAKING

FRAMEWORK

When faced with an ethical dilemma, the best course of action may not always be clear. The

Code of Conduct does not address every situation we could face, nor does it summarize

all the laws, rules and regulations applicable to our company. Therefore, it is important to

understand the principles behind the Code of Conduct and how to apply them.

The ethical decision-making framework is a series of questions that we should ask ourselves

anytime we are not sure about what to do in a particular situation. This is especially

important if there is something about the situation which makes us question whether what

we are about to do, or what we are being asked to do, is right or wrong.

Consider the following questions when unsure whether an action or situation is appropriate:

We are expected to:

Identify and clarify the ethics

issue at stake in a situation.

Gain Clarity

• What feels wrong about the situation?

• Can we identify the ethics issue involved?

• Does this situation conﬂict with our values?

• Promote the safety and welfare of our fellow employees, our customers, and our patients;

• Encourage a cooperative and professional work environment;

• Protect personal rights and company property;

• Demonstrate the highest standard of integrity and ethical behavior; and

• Treat our fellow employees, our customers, and our patients with dignity and respect.

Consult Resources

Consult with your immediate

manager or other company

resources to determine whether

a situation is inconsistent with

our Code of Conduct, company

policy or the law.

• Does anything about this situation violate

our Code of Conduct, company policy or

the law?

Consider the Consequences

Focus on the impact decisions

will have on our customers,

patients and fellow employees.

Who has an interest at stake?

Who will be helped or hurt by

the decision? Would we want to

read about this in the news?

• How will our customers, patients or

others be aﬀected by this decision?

• What eﬀect could this decision have on

the company’s reputation and on my

own?

RESPONSIBILITIES

AND REPORTING

CONCERNS

o Our Shared Responsibility

o Management Responsibility

o Reporting Situations

o We Will Not Tolerate Retaliation

OUR SHARED RESPONSIBILITY

We must question or challenge situations suspected of being unethical or in violation of

company policies, the Code of Conduct, laws or regulations. By doing so, we are protecting

ourselves, our fellow employees, our company, our customers and our patients.

Here are some basics to remember:

• We should raise concerns or seek guidance if we are unsure or have an uneasy feeling

about whether certain behaviors or activities are compliant or ethical.

• We must fully cooperate with any internal or external investigations.

• We are not expected to have the answer to every compliance or ethics question, but

we are expected to know when to ask for help and where to go for help.

MANAGEMENT RESPONSIBILITY

All levels of management are expected to clearly articulate our commitment to compliance

and ethics, lead by example, and not ignore non-compliant or unethical behavior.

Here are some basics to remember:

• All levels of management are responsible for:

o Understanding and enforcing the Code of Conduct;

o Maintaining an open-door environment where employees feel comfortable

reporting unethical or non-compliant situations, regardless of what the outcome

may be, without fear of retaliation; and

o Addressing compliance-related questions or concerns promptly and engaging

the appropriate parties (e.g., human resources, compliance, legal) who can work

toward a resolution, all while keeping conﬁdentiality to the extent possible.

REPORTING SITUATIONS

Reporting activities that violate our Code of Conduct is the right thing to do. We should

speak up, even if we do not have complete information about the situation.

First, discuss the situation with your immediate manager. If the matter is not handled to

your satisfaction, or you are not comfortable talking to your immediate manager, there

are additional ways to make an inquiry or report a situation without fear of retaliation. All

reporting mechanisms are equal, and based on your preference or comfort level, you may

use any one of them.

You may also ask a question or ﬁle a report conﬁdentially or

anonymously. If a report is made anonymously, be sure to provide

enough information about the situation to allow for a thorough

investigation. It is sometimes diﬃcult to investigate situations without

involving you, so you may be asked if you are willing to identify

yourself. Our company has a non-retaliation policy to protect you.

When making a report:

• Provide honest, veriﬁable facts and describe the situation in detail.

• Identify dates when the events occurred.

• Indicate if the activity was observed directly or found out through another source.

• Advise how the situation occurred (e.g., Was a policy not followed? Was someone told

to do something inappropriate?).

• Provide relevant documents or supporting evidence that could help with the

investigation.

Once you make a report, an inquiry/investigation will be initiated as quickly as possible.

Refer to the

appendix for a list of

available resources.

WE WILL NOT TOLERATE RETALIATION

We can be conﬁdent in knowing that our company will not retaliate or permit retaliation if

we, in good faith, report non-compliant or unethical behavior.

Here are some basics to remember:

• It is a violation of the Code of Conduct and considered misconduct to retaliate against

someone for reporting a concern, in good faith.

• Retaliation will result in disciplinary action up to and including termination and, in

some cases, retaliation is also against the law.

• Suspected retaliation should be reported immediately to the human resources,

compliance or legal department.

OUR

ENVIRONMENT

o Maintaining a Safe Work Environment

o Human Rights

o Diversity, Equity and Inclusion

o Discriminatory and Sexual Harassment

o Equal Employment Opportunity

o Soliciting and/or Distributing Literature

o Environmental Standards

MAINTAINING A SAFE WORK

ENVIRONMENT

We are committed to maintaining a safe and healthy workplace that is free from hazards and

promotes a productive work environment.

Here are some basics to remember:

• Disruptive behavior in the workplace or while conducting business will not be tolerated.

• Adherence to applicable drug-free workplace policies (e.g., alcohol, tobacco,

substance abuse) is a condition of continued employment.

• Acts or threats of violence, harassment, intimidation, or destruction of company

property will not be tolerated.

• Weapons of any type are not permitted on company premises except by law

enforcement oﬃcers and company security oﬃcers who have been authorized by the

company to do so.

• Report convictions, indictments, charges, and updated court dispositions of any

criminal misdemeanor or felony to the human resources department.

• Comply with all company policies, laws and regulations aﬀecting safety, health and

environmental protection.

• Immediately report any work conditions, whether in the oﬃce, facility or remote,

perceived to be unsafe, unhealthy or hazardous to the human resources or security

department.

A coworker has been a target of bullying by one of her peers. The

behavior I observed is intimidating, and I’m afraid of also becoming

a target if I speak up about the situation. What should I do?

A: Any form of intimidation (e.g., bullying) or retaliation will not be tolerated.

Report the situation to your immediate manager or the human resources,

compliance or legal department.

HUMAN RIGHTS

We must uphold the human rights of workers and comply with all applicable labor laws. We are

prohibited from engaging in any form of human traﬃcking and suspicions of such should be

reported immediately to the human resources, compliance or legal department.

Examples of human traﬃcking include, but are not limited to:

• Procuring commercial sex acts;

• Using forced labor in the performance of a contract;

• Destroying, concealing, conﬁscating or otherwise denying access by an employee to

the employee’s identity or immigration documents, regardless of issuing authority;

• Using misleading or fraudulent practices during the recruitment or oﬀering of

employment, such as making material misrepresentations in the conditions of

employment, wages, and fringe beneﬁts, as well as failing to disclose information in a

language understood by the employee or potential employee, among others; and/or

• Using recruiters that do not comply with local labor laws of the country in which the

recruiting takes place.

DIVERSITY, EQUITY AND INCLUSION

We value a diverse workforce and strive for an inclusive culture. We all beneﬁt from a variety

of diverse experiences, thoughts, views, and backgrounds. Our value of inclusion emphasizes

how important it is to help each other be our best selves at work and to seek out diﬀerent

perspectives. Diversity, equity and inclusion play a big part in everything we do.

DISCRIMINATORY AND SEXUAL

HARASSMENT

Discriminatory harassment is misconduct based on race, color, religion, national origin,

disability, sex, age, gender identity or expression, sexual orientation, veteran status, marital

status, or any other status or condition protected under federal, state or local law. We are

all responsible for promoting an inclusive work environment where everyone feels valued,

respected and that they belong. Discriminatory harassment, including

racism, impacts our work culture and is prohibited.

Sexual harassment is a speciﬁc form of sex discrimination. It includes,

but is not limited to, any unwelcome sexual advances, requests for sexual

favors, and other verbal, physical, or written conduct of a sexual nature in

any of these situations:

• When submission to conduct is made either explicitly or implicitly a

term or condition of an individual’s employment;

• When submission to or rejection of conduct by an individual is used

as a basis for employment decisions aﬀecting such individual; and/

• When conduct has the purpose or eﬀect of unreasonably interfering with an

individual’s work performance or creating an intimidating, hostile or oﬀensive

working environment.

Here are some basics to remember:

• Treat fellow employees, customers, patients and the public with

professionalism, respect and dignity.

• Report and constructively confront all incidents of harassment.

• Do not retaliate against anyone for reporting harassment or

assisting in an investigation. Retaliation will not be tolerated and

may result in disciplinary action up to and including termination of

employment.

• Do not engage in any form of harassment.

Incidents of

discriminatory and/

or sexual harassment

must be reported

immediately.

Discriminatory or

sexual harassment

will not be tolerated.

Any such conduct will

result in disciplinary

action up to and

including termination

of employment.

EQUAL EMPLOYMENT OPPORTUNITY

Applicants will be recruited, selected, hired and promoted based on their individual merit

and ability.

Our continued success depends on the strength and abilities of our

employees, regardless of race, color, religion, national origin, disability,

sex, age, gender identity or expression, sexual orientation, veteran

status, marital status, or any other status or condition protected by

federal, state or local law. We are committed to promoting equal

employment opportunities and a diverse and inclusive workforce that

prohibits discriminatory practices. This is demonstrated through our

aﬃrmative action program, to employ, promote and treat employees

according to their ability and without discrimination.

Here are some basics to remember:

• All employment decisions and practices are based on job performance, experience

and qualiﬁcations. This includes recruitment, hiring, training, development,

compensation, beneﬁts, promotions, transfers, corrective action, corporate-sponsored

educational, social and recreational programs and terminations.

• All levels of management are accountable for supporting the applicable company

policies pertaining to equal employment opportunity and aﬃrmative action programs.

• Employment-related discriminatory practices will not be tolerated.

My department has an open position for which we are actively

recruiting. I am part of the interview panel and feel that applicants

are being overlooked based on their race. What should I do?

A: Our company does not tolerate discrimination of any kind. Report the

situation to your immediate manager or the human resources, compliance

or legal department.

We have a continuing

obligation to hire and

develop the best people

we can ﬁnd, basing our

assessment on job-

related qualiﬁcations.

SOLICITING AND/OR

DISTRIBUTING LITERATURE

To prevent disruption of business activities and minimize distractions for all employees,

solicitation by employees during work time is prohibited. Distribution of literature by

employees during work time or in work areas is also prohibited.

Here are some basics to remember:

• Soliciting or distributing literature by non-employees on company property or using

company assets is prohibited at all times.

• Do not distribute literature in work areas or during work time.

• Get approval from the appropriate corporate social responsibility contact before

soliciting for charitable contributions.

Q: Our division would like to participate in an online basketball pool

just for fun. Is this allowed?

A: No. Gambling is not allowed in the workplace, during company time or

while using company assets.

Q: My child’s school is holding a virtual fundraiser with the funds

going towards the purchase of new sporting equipment. Is it OK for

me to email the fundraising link to my co-workers? After all, they

can choose not to participate if they are not interested.

A: No. Soliciting is not allowed during company time or using company assets.

ENVIRONMENTAL STANDARDS

Our company recognizes the critical role the environment plays in the health of the

communities where we live and work. We are committed to delivering health care

sustainability and the advancement of programs that promote environmentally responsible

practices throughout our business (e.g., minimizing waste, increasing recycling, adopting

measures to save energy). We are all responsible for exercising good environmental

judgment and supporting the company’s standards for protecting the environment.

DEALING WITH

THE MARKET-

PLACE AND

BUSINESS

PARTNERS

o Fair Dealing and Competition and

Business Ventures

o Advertising and Marketing

FAIR DEALING AND COMPETITION AND

BUSINESS VENTURES

We are committed to fair dealing and competition and do not engage in unfair business

practices (e.g., manipulation, cover-up, concealment or the abuse of privileged information,

misrepresentation of facts) or practices that illegally restrain trade or reduce competition.

Business activities must comply with federal, state, and local antitrust laws that encourage

competition and prohibit certain activities limiting competition. Additionally, many of the

activities that violate federal, state, or local antitrust laws may also violate federal, state,

or local unfair trade practice, trade secret, and procurement laws and regulations. Some

examples of practices and agreements that are considered unlawful activities in restraint

of trade include price ﬁxing, bid collusion, allocating or dividing customers or markets, and

agreements to boycott or refuse to deal with competitors, customers or suppliers.

Another unlawful practice is the use of market power to unfairly or unreasonably exclude

competitors or suppliers, or to inﬂuence product or service tie-ins where the availability of

one product or service to a customer is conditioned upon the purchase of another.

Q: My friend works for a competitor and our conversation over

dinner turned work-related. He began to ask questions about our

company’s market strategy and pricing. Since I’m not at work can

I discuss this information?

A: No. You should avoid discussions with current or potential competitors

on topics such as this, whether at work, in social settings, or at trade/

professional association meetings.

Here are some basics to remember:

• Oﬀer true and accurate information about our services or products.

• Communicate clearly so that our customers understand the terms of our business

relationships, including contract performance criteria, schedules, prices and

responsibilities.

• Set pricing for products and services independently, and not in consultation with any

other potential provider of those products or services.

• Avoid discussing or sharing pricing or any other proprietary or conﬁdential information

with individuals who do not work for the company, especially at trade or professional

meetings or events that competitors may attend. If such a discussion begins, and

regardless of the setting, we should excuse ourselves immediately. An unlawful

agreement involving us may end up being implied by our attendance at such

discussions even if we do not participate in them.

• Avoid discussing the company’s business relationships with vendors or customers

with anyone uninvolved in those relationships.

• Clear all agreements involving exclusive relationships, preferential pricing terms or

commitments not to deal with others through the compliance or legal department.

• Coordinate all merger and acquisition, joint venture and teaming arrangement

discussions and agreements through the legal department.

Here are some situations to always avoid:

• Agreements with one business or individual that limit the company’s ability to seek the

most competitive terms possible with another business or individual.

• Formal or informal alliances with health care providers or others that seek to insulate

the company or others from competition.

• Any statements, whether written or not, to competitors or others that could be

understood to be an agreement to set prices, collude or engage in some other non-

competitive arrangement.

• Making promises that we do not believe that we will be able to keep.

Q: At a meeting of my professional association, some of the

members talked about a plan to divide their sales territories to

reduce competition. I did not agree to participate, but what should

I say if this happens again?

A: Collusion is a serious violation of law. Any time you are in a meeting

with competitors and the discussion turns to topics that could be or are

anticompetitive, you should excuse yourself from the meeting and contact

the legal or compliance department.

ADVERTISING AND MARKETING

Advertising, including written marketing materials and oral representations by employees,

agents, or business partners, should always be clear, complete and accurate.

All company advertising must be reviewed and approved by the marketing department or

the appropriate designee. Additionally, there are special rules that apply to certain lines of

business (e.g., Medicare) with which we should be familiar.

Here are some basics to remember:

• Do not make misrepresentations or misleading statements to anyone. If we make

speciﬁc claims about the company’s beneﬁt plans, products or services, we must have

a good faith basis for those claims.

• Plans, products or services should not be marketed in any way that might cause

confusion between our plans, products or services and those of competitors. If we

believe a customer or potential customer may have misunderstood us, promptly

correct any misunderstanding.

• We should be alert to any situation where a competitor may attempt to mislead

potential customers and inform management or the legal department of these

situations.

• Do not disparage any of the products, services or employees of any competitor.

USE OF

COMPANY

ASSETS

o Company Assets

o Internet, Email and Social Media

COMPANY ASSETS

We are responsible for ensuring that company assets are used

appropriately.

Company assets include both tangible and intangible property ranging

from computers, oﬃce or medical equipment, Wi-Fi, furniture and

supplies to intellectual property, data, strategies and ﬁnancial and

other business and customer information. The the, misappropriation

or unauthorized copying, storing, selling, destroying or modifying

company assets is misconduct that may result in disciplinary and/or

legal action.

Here are some basics to remember:

• Do not use company assets for personal gain.

• Do not transfer any company assets to other people or entities, unless it is required

in the ordinary course of business, and the appropriate safeguards (e.g., contracts)

are in place.

• Do not extend credit to any board member or employee (other than assisting with

authorized relocation expenses or emergency disaster relief eﬀorts).

• Report incidences of lost, damaged or stolen assets to the human resources,

information technology or security department.

INTERNET, EMAIL AND SOCIAL MEDIA

The company provides information technology resources, including Internet and email, for

business purposes. The company allows professional and limited personal use of information

technology resources, including social media, for occasional, brief activities that do not

interfere with job responsibilities or violate the law or any company policy.

Email and Internet usage is monitored to ensure compliance with policies and standards and

to identify and prevent inappropriate or malicious content. Internet usage and the content

of ﬁles and emails are not private. Although limited personal use of the Internet is allowed,

not all Internet sites will be accessible (e.g., sites that conﬂict with our security policies) and

exceptions are not granted for personal use.

Examples of

intellectual property

include, but are not

limited to, information

security architecture,

application source

code, programs, and

prototypes.

Monitoring may result in the deletion or quarantining of any email

content and delivery of an email is not guaranteed. Usage is logged,

retained and monitored. Use discretion and good judgment before

using company property for personal use and assume that any

“personal” content is not conﬁdential.

Here are some basics to remember:

• Follow all applicable laws, regulations and company policies

when using information technology resources, including the

Internet, the company Wi-Fi network, when using email and

when posting content on social media.

• Check with management if unsure about a speciﬁc department’s

policy. Information technology resources, including Internet

and email capabilities, are provided at the sole discretion of

management.

• Exercise sound judgment when using information technology resources, including

email and the Internet. This also includes publishing or posting content on social media

websites (e.g., Facebook, Linkedin, Twitter, YouTube, Pinterest). Refer to the applicable

social media or email, internet and intranet policies for additional guidance.

• Posting personal comments and/or opinions to the Internet, including social

media websites, must not in any way imply that the opinions represent the opinions

of the company.

• Transmit conﬁdential and proprietary information securely using approved encryption

capabilities (e.g., secure email, secure ﬁle transfer).

• Use approved mechanisms when sending protected health information (PHI) and other

restricted conﬁdential and proprietary data to outside entities.

Q: May I access social media (e.g., Twitter, Facebook, Instagram)

from work?

A: Yes. Facebook and some other social media websites are accessible

from your company computer. However, use is at your management’s

discretion and may involve occasional, brief activities and must not

interfere with your job responsibilities. Remember, you must comply with

all applicable company policies.

Remember, we

are responsible for

activity performed

under our login

credentials and

when using the

company Wi-Fi

network. We should

never share our user

ID and password

with anyone.

CONFLICTS OF

INTEREST

o Conﬂicts of Interest

CONFLICTS OF INTEREST

A conﬂict of interest (COI) may arise when personal interest or

personal gain potentially inﬂuences or interferes with a business

decision or other employment or professional responsibility.

A COI may also arise as a result of our own outside activities or

ﬁnancial interests, or as a result of the activities or ﬁnancial interests

of family members or close personal or business associates.

Business is to be conducted in such a manner so as to avoid even the

appearance of a COI in our business dealings and relationships.

Here are some basics to remember:

• Avoid activities and situations that create a COI between personal or outside interests,

including monetary interests, and the business interests of our company.

• Disclose conﬂicts by completing a COI disclosure form when hired, annually and when

your situation changes.

• Keep your COI disclosure form updated at all times with new disclosures as changes occur.

• Consult with the human resources, compliance or legal department before holding

employment or consulting discussions with any current or former government oﬃcial

or employee.

• Be aware of, and comply with, the laws and regulations governing organizational conﬂicts

of interest that may arise when dealing with government agencies and programs. For

more information, refer to the Fair Dealing, Competition and Business Ventures and

Dealings with Government Programs and Interactions with the Public sections.

• Seek help if there is a doubt about what may arise to a COI as it is impossible to

describe all of the situations that may lead to a COI.

Q: I am a customer service representative and have an

opportunity to take a second job in the admissions department of

a hospital. Can I take the job?

A: In this situation, you will need to check with your immediate manager or

the compliance or legal department before you take any outside position.

There are certain guidelines that should be followed, and you will need to

disclose this on your COI disclosure form.

The very

appearance

of a COI can

create problems

regardless of the

intent.

GIFTS AND

ENTERTAINMENT

o Gis and Entertainment

o Charitable Giving and Community Investment

GIFTS AND ENTERTAINMENT

Oﬀering or accepting business gis or entertainment can sometimes create a perception of

an inappropriate relationship or conﬂict of interest even if the intent is innocent and there is

no inﬂuence on our business judgment.

In addition to perception, there are various circumstances in which the oﬀer or acceptance

of a gi, including anything of value, cash, entertainment, gi cards, tickets to events, travel,

or other favorable treatment, is illegal or, at a minimum, creates a conﬂict of interest.

There are certain situations in which the giving or accepting of gis and entertainment may

be acceptable on an infrequent occasion if it is clear that there is no intent to inappropriately

inﬂuence one in connection with a business transaction or decision, and the gi or

entertainment is unsolicited. However, we may not oﬀer or accept any bribe, kickback, or

other valuable consideration in connection with the sale of any of our products or services or

the provision of health care services.

Refer to the applicable gi and entertainment policy for speciﬁc guidance on what is or is

not acceptable. Additionally, for general guidelines to follow when dealing with government

employees or oﬃcials, refer to the Working with Government Customers section.

Q: I received a small fruit basket from a vendor as a symbol of

appreciation for work done throughout the year. I did not solicit

the gift basket. Can I keep it?

A: Yes. If received in the oﬃce, be sure to share the basket with your

department.

Here are some basics to remember:

• We may accept gis of nominal value, which includes small gi baskets or ﬂowers.

• We may accept reimbursement for, waiver of, or a discount on seminar fees and/

or reasonable related travel and hotel when the waiver, reimbursement or discount

is given in exchange for presenting or speaking at a conference or seminar or

participating on a panel or focus group and, provided that, other similarly situated

presenters are also provided with the waiver, reimbursement or discount.

• We may accept or provide modest meals and entertainment where the primary

purpose of the meal or entertainment is business-related or related to our duties

with the company, and the expense is reasonable and customary. It should also not

suggest a conﬂict of interest or improper attempt to inﬂuence business decisions,

including procurement activities.

• We may not oﬀer gis, meals or entertainment to any government oﬃcial under any

circumstance. Dealing with government oﬃcials requires special attention.

• We should seek help if there are any doubts about a particular situation. Contact the

human resources, compliance or legal department.

Here are some situations to always avoid:

• Accepting cash or cash equivalents. If you are oﬀered or receive cash or cash

equivalents, either at home, at the oﬃce, or a facility, tell your immediate manager

right away. Return the item and inform the sender that our policy does not allow us to

accept cash or cash equivalents.

• Oﬀering gis or entertainment to inﬂuence any potential customers or any group

administrator or person who has authority over an ERISA (Employee Retirement

Income Security Act of 1974) health plan choice.

• Accepting gis from or oﬀering gis to a government agency or public entity. This

includes employees of the state, local government or a public entity, including a

school board or a public hospital.

• For more information on general guidelines to follow when dealing with government

employees or oﬃcials, refer to the Working with Government Customers section.

CHARITABLE GIVING AND

COMMUNITY INVESTMENT

We support qualiﬁed charitable organizations with ﬁnancial and non-ﬁnancial assistance

(e.g., employee volunteers). To maximize the impact of our resources, corporate social

responsibility activities are to be coordinated. A streamlined, strategic approach to

distributing our charitable resources allows us to help those we serve in a meaningful way.

For guidance on community service activities and organizations that may be supported by

the company, refer to the applicable corporate social responsibility and charitable giving

policies, as applicable.

Here are some basics to remember:

• Be sure to forward all inquiries about community investments to the appropriate

corporate social responsibility contact.

• Do not make any commitments for community investments without consulting with

the appropriate corporate social responsibility contact.

• Follow all relevant company policies and procedures when volunteering as a

representative of the company.

ACCURATE

COMPANY

RECORDS AND

FINANCIAL

INTEGRITY

o Accurate Record Keeping

o Retention of Records

ACCURATE RECORD KEEPING

Accurate record keeping is an important aspect of doing business. Certain laws and

regulations require our contracts with government and non-government customers and

our ﬁnancial reporting and records to accurately reﬂect our business transactions.

We have a system of internal controls, which includes policies,

procedures and internal and external audits to help ensure that business

transactions have appropriate approvals and are properly recorded.

However, it is your responsibility to ensure the accuracy of data, records

and reports, whether for internal or external purposes. Inaccuracies

or discrepancies must be promptly reported to management or to the

human resources or compliance department.

We are required to retain records for a variety of our regulated activities

and contracts, but it is also a good business practice to retain records in a

consistent, systematic and reliable manner.

All company payments and other transactions must be properly

authorized by management in accordance with company policies

and procedures, and accurately and completely recorded in

our company’s books and records in accordance with generally

accepted accounting principles.

Under no circumstance may we create a false or misleading record or entry in any company

record or report, or submit any false record, data, report or claim to anyone. Such activities

can have serious criminal and/or civil legal consequences and would be considered employee

misconduct, as would creating a record that was false or misleading by the omission of a

material fact or data element. Permanent entries in company records should not be altered

in any way and any corrections to any record must be made in good faith, with supporting

justiﬁcation, and approved, in advance, by your management.

Accurate record keeping also includes ensuring that all contract and consulting expenses,

travel, timesheets and any other business-related expenses and supporting data are

accurate and complete, including ensuring the proper allocation of costs. Failure to make

an accurate record and submission could result in a violation of our agreement with

business partners and customers, including government agencies, or violate certain laws

and regulations.

Failure to maintain

accurate records could

result in criminal and/

or civil liability, improper

payments, disallowance

of costs, adverse ﬁndings

in judicial and quasi-

judicial proceedings,

inaccurate statements

and false claims.

Q: I suspect that the financial report my coworker is accountable

for contains discrepancies and may not be an accurate reflection

of our financial records. I have questioned the inaccuracies

before but nothing seemed to change. What should I do?

A: The company must have a ﬁnancial accounting framework that can

generate reports that are readily veriﬁable with traceable data. The accuracy

of our company’s ﬁnancial records and the proper functioning of our internal

accounting controls are vital to the company. Discrepancies or issues

must be reported. If you are comfortable doing so, talk to your immediate

manager about it to make sure you understand the situation. You can also

contact the human resources or compliance department.

Here are some basics to remember:

• Disclose and record all corporate transactions. ”Off-the-book” transactions are

not allowed.

• Protect and regularly compare all company assets to ensure they are the same as

what is actually on hand. Any variances should be reconciled.

• Monitor fraud, waste and abuse by using the controls in place to aid in the

detection, investigation, and prevention of such activities.

• Cooperate fully and honestly with internal and external auditors.

• Be alert to irregularities in the way payments are made, including large cash

payments and any unusual transactions and report any suspicious activity to

the human resources, compliance or legal department. Our company does not

condone, facilitate or support money laundering.

• Report irregularities in accounting, auditing practices or internal controls to the

human resources, compliance or legal departments.

• Report any suspected fraud, waste or abuse involving our employees to the human

resources, compliance or legal department.

• Report any suspected fraud, waste or abuse involving providers, patients,

subscribers, agents or other persons, who are not our employees to the special

investigation unit or fraud investigation unit.

Here are some situations to always avoid:

• Placing company funds in a personal or non-corporate account.

• Intentionally causing any record to be inaccurate. Examples of prohibited acts include:

o Making records appear as though payments were made to one person when they

were made to another.

o Submitting expenses for reimbursement which do not accurately reﬂect the true

nature of the expense.

o Falsifying time in the timekeeping system by recording time as worked when you

are not working, or by working “oﬀ the clock.”

o Changing the recipient on a claim to channel payments to an improper recipient.

o Deleting claims from the computer system without rerouting for reprocessing and

properly documenting the action.

o Creating any other record which does not accurately reﬂect the true nature of

the transaction.

• Fraudulently inﬂuencing, coercing, manipulating or misleading any auditor

engaged in auditing our company (e.g., ﬁnancial statements, government

programs, SOC-1 and SOC-2 audits).

Q: I suspect my co-worker is falsifying his timesheets. What

should I do?

A: Falsiﬁcation of any company record, ﬁnancial or otherwise, is

prohibited. The company has programs in place to help employees when

times are diﬃcult. Talk to your immediate manager about this and contact

the human resources, compliance or legal department.

RETENTION OF RECORDS

It is good business practice to retain information assets (e.g., data, information, documents

and records) in a consistent, systematic and reliable manner so that they can be retrieved

promptly when required.

Failure to keep records in good order can result in adverse consequences for the company.

All employees who create, receive, use or manage the company’s information assets must

comply with all applicable records management and retention policies.

Q: Do we still have to follow records management rules while

working from home?

A: Yes. Policies related to records management and retention apply to all

information assets, regardless of where they are created or received.

Here are some basics to remember:

• All information assets regardless of storage medium or storage location, are subject to a

retention period.

• Records may be: (a) paper documents, forms, reports, manuals, correspondence, and ﬁles;

(b) computer ﬁles, such as spreadsheets, word-processed documents and email messages;

or (c) information in other formats, such as video streams, audiotape, microﬁlm and

photographs.

• Make sure you manage, retain and destroy all company-owned information assets business

records in a manner that supports both ongoing business operations and compliance with

various accounting, audit, customer, legal, regulatory and tax requirements. Refer to the

applicable records management and retention policy for additional guidance.

• Follow legal hold notices issued by the legal department. In certain cases, a legal hold notice

is sent out by the legal department suspending retention requirements for certain documents

and records. A legal hold notice requires preservation of certain documents and records

under special circumstances, such as pending or actual litigation, government investigation,

audits or consent decrees and supersedes the requirements of the applicable records

management and retention policy for the duration of the legal hold.

• Do not destroy, discard, withhold or alter documents and records pertinent to a legal matter,

governmental audit or investigation. Criminal penalties can result from these actions.

PROTECTING

INFORMATION

AND PROPERTY

o Privacy

Conﬁdential, Proprietary and other

Non-public Information

o Employee Data

PRIVACY

We have a legal and ethical obligation to safeguard and protect the conﬁdential information

of our customers and patients. As such, we must comply with all applicable privacy laws.

Here are some basics to remember:

• Read and comply with the applicable privacy policies and related standard operating

procedures and any contractual obligations that may also apply.

• Protect all health, ﬁnancial and/or employment information. This includes information

such as names, addresses, telephone numbers or any other data that can be used to

identify an individual. Such information may only be accessed, used and/or disclosed

as permitted by federal, state and local privacy laws and/or policies and procedures.

• Limit access, use and disclosure of information to the minimum amount of information

necessary to achieve the intended purpose of the access, use or disclosure.

• Use de-identiﬁed data whenever possible.

• Use of Social Security numbers internally or externally is prohibited unless there is an

approved compelling business need.

• Report any known or potential breach of privacy or non-permitted use or disclosure of

PHI to the appropriate privacy or compliance contact immediately. This includes any

loss or the of information.

• Ensure disclosure of information is only to an authorized individual or entity.

• Only use employee, member, and patient information as allowed by law, regulation and

policy.

• Check for accuracy of information.

• Send all PHI securely using company approved methods.

Q: A vendor of the company has requested a list of our members

who are diabetic. This information is necessary for the vendor

to fulfill its contractual obligations. Is it OK for me to provide the

vendor with the requested member information?

A: It depends. PHI should always be protected and not disclosed or shared

without ensuring proper approvals are in place. Contractual agreements

such as a business associate agreement and/or other agreements are

required. In addition, approval through a formal governance process may

be required.

Here are some situations to always avoid:

• Sharing information with someone who is not authorized to receive it, both internally

and externally.

• Accessing information that is not needed to do our job.

• Not using caution when sharing information via email, fax, mail or other distribution

means.

• Not protecting information that could result in a non-permitted disclosure, including

inadvertent ones that could arise in social conversations or in business relations with

individuals outside the company.

• Not protecting information that could aid others in the commission of fraud, waste,

abuse or misuse of company products or services, or invasion of privacy.

Q: I accidentally sent an email containing PHI to the wrong

person, who is external to the company. Do I need to report this?

A: Yes, improper disclosures of PHI should be reported to the compliance

or privacy department.

CONFIDENTIAL, PROPRIETARY AND

OTHER NONPUBLIC INFORMATION

We must respect the sensitive nature of company conﬁdential and proprietary information.

Conﬁdential, proprietary and other non-public information that is obtained about our

company, customers, patients and vendors is oen subject to non-disclosure agreements

or policies and speciﬁc privacy laws and regulations. The disclosure or personal use of

such information may also violate trade secrets, securities and procurement laws and

regulations. We are prohibited from using any unlawful or deceptive means to seek or

obtain conﬁdential, trade secret or other non-public information of competitors or regarding

competing products and services.

Here are some basics to remember:

• The company is assigned all rights to intellectual property that we may develop or create

during our employment.

• We may not disclose or use at any time, either during or subsequent to employment,

any conﬁdential and proprietary information gained during employment, whether or not

developed by us, except as required to perform our duties as an employee of the company.

• We must promptly return all company property upon termination, including all manuals,

letters, notes, notebooks, reports and all other conﬁdential and proprietary materials.

• Violations by an employee or former employee may result in disciplinary and/or

legal action.

• While GuideWell is not a publicly traded company, it does business with vendors

who may be subject to insider trading laws.

Q: I saw an article on the GuideWell intranet that I would like

to share with a family member. Is it OK to give it to them?

A: No. Although conﬁdential and proprietary information can be shared

with company employees, approval is required to share or disclose this

information with individuals or organizations outside of the company.

Never share employee

information with other

employees unless there

is a business reason

and it is within their

designated scope of

duties.

EMPLOYEE DATA

The company recognizes the importance of privacy and conﬁdentiality with regard to

employee information. This includes, but is not limited to, demographic information, wage/

salary data, ﬁnancial/banking information, and claims/medical information.

Generally, disclosure of employee information to third parties outside the company is not

allowed unless:

• The employee authorizes the disclosure;

• A court orders such disclosure; or

• The company is under some other obligation to make the disclosure.

Here are some basics to remember:

• Protect employee information from unwarranted exposure by providing only the

minimum amount of information necessary to accomplish the intended task.

• Access to or use of any employee information is allowed

only on a documented, need-to-know basis and must only

be used to support the specific business function for which

access was granted.

• Follow normal business processes when dealing with personal

insurance-related business and do not request that others in the

business intervene to assist.

• When asked to provide employment references, refer the

individual to the company approved veriﬁcation method (e.g.,

automated employment veriﬁcation line, dedicated veriﬁcation

website) or contact the human resources department for

additional guidance.

Here are some situations to always avoid:

• Using employee information as test data, for training purposes or to provide examples

or testimonials.

• Bypassing normal operating procedures. Any requests to do so should be reported to

the human resources, compliance or legal department.

INFORMATION

SECURITY

o Information Security

INFORMATION SECURITY

We protect our technology and information through a combination of policies, standards,

procedures and technology. Ongoing monitoring of information and system access and

use is routinely performed for appropriateness, unauthorized activity, new threats and

opportunities for improvement.

Information assets are secured according to classiﬁcation level as deﬁned in company

policies. If uncertain about the classiﬁcation level for any particular use of information,

it is our policy to protect the information at the highest level of classiﬁcation. Employee

access to protected information is limited based upon the job function of the employee

and the classiﬁcation of the information requested. We are required to provide access and

authentication credentials prior to accessing protected resources.

Here are some basics to remember:

• Correctly identify organizational information as appropriate (e.g., confidential,

proprietary) and in alignment with company policies as well as legal requirements

and business agreements needed to protect it.

• Limit sharing and use to those who need to know, and limit access based upon job role.

• Obtain appropriate approvals or authorizations or ensure contractual arrangements

are in place before sharing information with anyone outside of the company.

• Store information according to its classification. If the classification level is not

determined or is unknown, treat the information as it should be protected at the

highest level of restriction until we know for certain.

• Never store confidential and proprietary information on a personal mobile

computing device.

• Lock our workstation when away from our desk.

• Physically secure your laptop or portable device(s). Use extra care to protect

mobile devices when traveling. Never leave mobile items in an unlocked car.

• Report lost, stolen or damaged computing equipment, portable devices or media

immediately to security.

• Keep your login credentials secure and never share with others.

• Choose complex passwords that are not easily guessed.

• Email and Internet usage is monitored.

• Be alert to cybersecurity defenses and do not fall victim to phishing emails.

• Be skeptical of unfamiliar emails or requests for your login credentials.

Q: I received an email that appears to be from our company. It is

asking me to click a link and provide my password. Is it OK for me

to provide this information when asked to do so?

A: No. If you receive an email that appears to be from our company and

asks for your login credentials, this may be a phishing email and should be

reported immediately to the appropriate IT security department.

Dealings with

Government

Programs and

Interactions with

the Public

o Working with Government Customers

o Political Contributions and Lobbying Activities

o Activities Abroad

WORKING WITH GOVERNMENT

CUSTOMERS

We conduct business with the U.S. government and various federal,

state and local government entities and agencies. The laws and

regulations that govern those activities are strict and oen complex.

Therefore, we must be aware of and abide by all laws, regulations,

rules and other requirements that govern the conduct of government

programs, contracts and associated transactions.

If unsure about the applicable legal, regulatory or contractual

requirements in a particular situation, seek guidance from the

compliance or legal department. Interacting with government

agencies and oﬃcials also requires a continuing commitment to

the highest ethical standards, attention to detail and signiﬁcant due

diligence in order to protect the company’s reputation and on-going

participation in government markets.

Here are some basics to remember:

• Always be accurate and truthful when interacting with government agencies and oﬃcials.

Documents and other records provided as well as oral or written representations made to the

government must always be clear, complete and not misleading.

• Cooperate fully and honestly with government audits and inquiries.

• Never give/receive payments, or anything of value, to or from anyone in exchange for referrals

for services paid under a federal health care program.

• Adopt and follow controls and processes that ensure the accuracy of data and

representations communicated to the government and/or used in connection with

government contracts and/or government programs.

• Ensure consultant, vendor and supplier adherence to government requirements and

company policies and contract terms.

• Ensure that charges to government contracts and the use of appropriated funds are accurate

and authorized, including ensuring that work time is accurately recorded and unallowable

expenses are excluded.

Remember that

a violation of any

law or regulation

can result in

disciplinary action

up to and including

termination of

employment.

• Promptly report to the compliance or legal department activity that is believed to be unlawful,

could result in a false claim, or could result in an overpayment by the government to us or in

the retention of funds that are owed to the government. Conduct appropriate due diligence on

prospective suppliers and vendors.

• Never accept gis from or oﬀer gis to a government agency or public entity. This includes

employees of the federal, state or local government or a public entity, including a school board

or a public hospital.

• Never make any form of payment, promises of payment, or give anything of value to employees

or representatives of any government, company, or public or international organization for the

purpose of wrongfully obtaining, retaining or directing business. Bribes, kickbacks, or other

valuable considerations are prohibited under any circumstance.

• Violation of the laws and regulations regarding gis to government employees can result in

serious criminal and/or civil legal consequences.

Here are situations to always avoid:

• Deviating from contract requirements without proper written approval from an authorized

government oﬃcial.

• Oﬀering, promising, or giving a gi, cash, or anything of value to a government employee

or oﬃcial.

• Requesting or accepting gis, cash, or anything of value from a government employee

or oﬃcial.

• Engaging in employment discussions with a government oﬃcial who has decision- making or

procurement responsibility for contracts with the government. Because there are signiﬁcant

restrictions regarding employment discussions with current and former government

employees and oﬃcials, consult with the compliance or legal department prior to engaging in

any such discussions.

• Accepting or seeking to obtain non-public source selection or competitive information about

government procurement or a competitor’s bid or proposal.

• Hiring or contracting with individuals or entities that are excluded from federal procurement

and non-procurement programs for performance under any government contract or program,

including the Federal Employees Health Beneﬁts Program (FEHBP), Medicare and Medicaid.

Q: The company is thinking about how to create new provider

arrangements that give incentives to providers for better

managing the outcomes of our members and increasing

their patient base. Is it OK for me to negotiate as part of the

arrangement that our company compensates the provider group

for an increase in our company’s membership?

A: No. An arrangement that oﬀers payment in return for referrals of patients

may be prohibited. Check with the compliance or legal department for

guidance on how to proceed with this proposed arrangement.

Q: We are seeking to expand our government business segment.

Several government officials will be in town and have offered to

meet with us for dinner. To thank them for their time, we think it

would be a nice gesture to pay for their dinner. Is this OK?

A: No. Oﬀering anything of value, including meals, to a government

employee or oﬃcial is not allowed.

POLITICAL CONTRIBUTIONS AND

LOBBYING ACTIVITIES

We are encouraged to vote and be active in the political process. While doing so, it is

important to know that the political process is highly regulated and there are laws that

restrict individual and company political participation.

The GuideWell Political Action Committee (GPAC), our non-partisan political action

committee, is one way that eligible employees may voluntarily participate in the

political process. Political contributions made by GPAC are funded entirely by voluntary

contributions from eligible employees. Participation is completely voluntary at the discretion

of eligible employees.

Lobbying is described as a person making contact with a public oﬃcial or politician

regarding legislation, rules, regulations, programs and contracts. It does not include routine

contacts made in the course of normal government business like the administration of a

government contract (including submission of a proposal), responding to a government

request (including requests for comments on rulemaking), responding to legal process, or

ﬁling required reports.

Here are some basics to remember:

• Be aware of laws, restrictions and requirements regarding political activities and

contributions. Due diligence in keeping track of lobbying activities and contributions is

required.

• Reimbursement is not allowed for personal political contributions,

including contributions to political action committees.

• When engaging in political activities, we may do so in our

individual capacity, and not as a company representative.

• Do not work on political campaigns during work hours.

• Do not use company assets (e.g., telephones, copy machines,

email, fax machines) as part of a campaign eﬀort, including

fundraising.

• Seek guidance from the applicable government relations

department before agreeing to do anything that could be construed as involving the

company in any political activity.

Here are some situations to always avoid:

• Soliciting political contributions on company property is not allowed. (Our GPAC may

solicit eligible employees on company property during work time.)

• Distribution of literature on company property or use of company assets for political

purposes is not permitted.

Q: I am a volunteer for a political candidate. Is this OK?

A: Yes, as long as your activities are done on your own time, at your own

expense, and without the use of company assets.

Lobbying disclosure

laws require the

reporting of contacts

and expenses and

include activities

beyond promoting or

opposing legislation.

ACTIVITIES ABROAD

For those employees involved in international activities and transactions, there are

additional rules to follow. It is of critical importance that employees understand it is a

criminal violation of U.S. law to pay or promise to pay or give cash or anything of value to

a foreign oﬃcial in order to obtain or retain business or receive favorable treatment. This

applies to our employees and our business partners working overseas on our behalf.

Certain programs, products and accounts do not permit the oﬀshoring of services to be

performed or may require prior approval for it to occur. Oﬀshoring refers to our company’s

use of a vendor that provides all or some of the services for us outside the borders of the

United States. Know the requirements of the programs, products and accounts you are

working on. Check with the compliance or legal department immediately if you become

aware of oﬀshore activities involving our State Group, Federal Employee Program,

Medicare, or Medicaid business.

LEGAL AND

REGULATORY

REQUIREMENTS

o Legal and Regulatory Requirements

LEGAL AND REGULATORY

REQUIREMENTS

We are subject to many federal, state and, in some cases, even local laws and regulations

that apply to our business. Although not inclusive and all are not mentioned in the Code

of Conduct, the following are some of the laws with which we should become familiar. As

with any law or regulation, if you question whether a particular law or regulation applies to

our company or have concerns that we are not fully complying with a law or regulation, you

should consult with the compliance or legal department.

OUR ENVIRONMENT

Age Discrimination in Employment Act

The Age Discrimination in Employment Act prohibits discrimination on the basis of age

in hiring, promotion, discharge or other privileges of employment by any applicant and

employee 40 years of age or older.

Americans with Disabilities Act of 1990

The Americans with Disabilities Act prohibits discrimination on the basis of disability

in employment, governmental activities, public accommodations, transportation and

communications.

Civil Rights Act of 1964 (Title VII)

Title VII of the Civil Rights Act prohibits discrimination on the basis of race, color, religion,

sex or national origin. Title VII also prohibits discrimination against an individual because

of his or her association with another individual of a particular race, color, religion, sex or

national origin.

Fair Labor Standards Act of 1938

The Fair Labor Standards Act of 1938 mandates a basic minimum wage and overtime

pay for most private and public employers. It also prohibits the use of workers under the

age of 16 in most jobs and the use of workers under the age of 18 in those occupations

deemed dangerous.

Executive Order 13627- Strengthening Protections Against Traﬃcking in

Persons in Federal Contracts

The Executive Order requires federal contractors to adopt and enforce a zero-tolerance

policy regarding traﬃcking in persons, which includes prohibitions in engaging in severe

forms of traﬃcking in persons, procuring commercial sex acts, or the use of forced labor in

the performance of the contract.

DEALING WITH THE MARKETPLACE AND

BUSINESS PARTNERS

Antitrust Laws

Federal and state antitrust laws prohibit business practices that unfairly deprive consumers

of the beneﬁts of competition. Without competition, consumers may pay higher prices for

goods and services.

Health Insurance Portability and Accountability Act of 1996 (HIPAA)

HIPAA is a federal law that principally reformed the group health insurance market. HIPAA

creates greater access to health care insurance, promotes standardization and eﬃciency in

the health care industry, protects the privacy of health care information and sets standards

for the security of electronic health care information.

DEALING WITH GOVERNMENT PROGRAMS AND

INTERACTIONS WITH THE PUBLIC

Anti-Kickback Statute

The Anti-Kickback Act prohibits knowingly and willfully soliciting, receiving, oﬀering or

paying remuneration, including any kickback, bribe, rebate, or anything of value, for referrals

for services that are paid, in whole or in part, under a federal health care program or is

provided to any federal contractor or subcontractor for the purpose of improperly obtaining

or rewarding favorable treatment in connection with a federal contract or subcontract.

Bribery and Gratuities

Federal law makes it illegal to directly or indirectly oﬀer or promise anything of value to

a public oﬃcial with the intent to inﬂuence an oﬃcial act (bribery) or to oﬀer or promise

anything of value to a public oﬃcial “for or because of” an oﬃcial act (illegal gratuity).

No corrupt intent is required in order to be considered an illegal gratuity and the statute

prohibits gratuities for past and future oﬃcial acts.

Excluded Parties

As a general rule, federal contractors and federal health program participants are prohibited

from entering into contracts with and making payments to parties suspended or debarred

from procurement and non-procurement programs and parties excluded from participation

in federal health care programs. This includes for items or services furnished, ordered or

prescribed by an excluded individual or entity.

Federal and State False Claims Acts

Federal and state false claims acts prohibit the knowing submission of a false claim or causing

another to submit a false claim payable under a federal or state program. This includes

knowingly submitting inaccurate data under a federal program. In addition, the failure to return

any overpayment of government funds may also be a false claim.

Foreign Corrupt Practices Act

The Foreign Corrupt Practices Act prohibits certain classes of persons and entities from,

directly or indirectly, paying or oﬀering, bribes, kickbacks, or other payments of money

or anything of value to anyone, including oﬃcials, employees, or representatives of any

government, company, or public or international organization, or to any other third party, for

the purpose of wrongfully obtaining, retaining or directing business.

The Stark Law (Physician Self-Referral Law)

The Stark Statute, otherwise known as the Physician Self-Referral Law, prohibits a physician

from making a referral for certain designated health services to an entity in which the

physician (or a member of his or her family) has an ownership or investment interest or with

which he or she has a compensation arrangement.

OTHER

Aﬀordable Care Act

The Aﬀordable Care Act includes many reforms that have overhauled the U.S. healthcare

system, including the establishment of health insurance exchanges, the elimination of pre-

existing condition exclusions and lifetime maximums, the requirement that plans include

certain essential health beneﬁts, and the availability of cost sharing subsidies and premium

tax credits, among numerous other provisions.

Section 1557 of the Aﬀordable Care Act

Section 1557 prohibits discrimination on the basis of race, color, national origin, sex,

age, or disability in certain health programs and activities.

Telephone Consumer Protection Act

The Telephone Consumer Protection Act (TCPA) is a federal law that restricts use of an

automated telephone dialing system for certain types of telemarketing activities. TCPA

implemented the national Do-Not-Call list in 2003.

FLORIDA BLUE

Report a

compliance or

ethics matter

Immediate manager, as applicable

Helpline: 1-800-477-3736 ext. 56300

File an online report: www.compass.ethicspoint.com

Email: [email protected]

QR Code:

Chief Integrity and Compliance Oﬃcer: (904) 905-5068

Director, Business Ethics: (904) 905-4264

Human Resources (Employee Relations): (904) 905-4994

Legal Aﬀairs: (904) 905-8720

RESOURCES

We are not expected to have the answer to every compliance or ethics question, but we are

expected to know when to ask for help and where to go for help. Below are several resources

available to assist us:

Privacy Privacy Helpline: 1-888-574-2583

Security

Non-emergency incident: (904) 905-2009

File an online report: https://ﬂoridablue.omnigo.one

Email: securitycommandcenter@bcbsﬂ.com

QR Code:

Special

Investigation Unit

Telephone: (800) 678-8355

Fax: (904) 905-5925

Email: specinvestunit@ﬂoridablue.com

Complete a Fraud and Abuse Report at: ﬂoridablue.com or the

Intranet at: http://cag.bcbsﬂ.com/sites/beic/SIU/default.aspx

Mail:

Florida Blue, Special Investigation Unit

P.O. Box 44193

Jacksonville, Fl 32231-4193

Company Policies

http://cpol.bcbsﬂ.com/Pages/Home.aspx

HR Policies

http://hr.bcbsﬂ.com/Pages/HRPolicyView.aspx

DIAGNOSTIC CLINIC MEDICAL GROUP DCMG

Report a

compliance or

ethics matter

Immediate manager, as applicable

Helpline: (800) 477-3736 ext. 56300

File an online report: www.compass.ethicspoint.com

DCMG Compliance: (727) 581-8767 ext. 2026 or ext. 2061

Privacy DCMG Privacy Oﬃcer: (727) 585-8767 ext. 2026

POPHEALTHCARE PHC

Report a

compliance or

ethics matter

Immediate manager, as applicable

PHC Compliance Hotline: (855) 574-1154

File an online report: www.pophealthcare.ethicspoint.com

Compliance: compliance@pophealthcare.com

Human Resources: hr@pophealthcare.com

WEBTPA/COMMUNITAS

Report a

compliance or

ethics matter

Immediate manager, as applicable

WebTPA Compliance Line: (800) 371-2919

Communitas Compliance Line: (800) 371-2919

File an online report:

www.webtpa.com/compliance-and-ethics

Director of Compliance: (469) 417-1894

Director of Human Resources: (469) 417-1846

GuideWell Mutual Holding Corporation

022223