(888) 224-5244

Bedrock, Inc. d.b.a. Tri-State Motor Transit Co. (TSMT) recognizes that its relationships with current and former employees are based on integrity and trust. TSMT and its management strongly believe in ensuring the confidentially of the personal information its employees entrusts to us. This statement describes TSMT policies and practices concerning our handling of employee personal information.

The Health Insurance Portability and Accountability Act ("HIPAA") and subsequent amendments protect an individual’s private information. TSMT is required by law to maintain the privacy of Protected Health Information ("PHI"). This statement provides you with information about your rights and TSMT’s legal duties and practices with regard to the privacy of your information. PHI includes any identifiable information that we obtain from you or others that relates to your physical or mental health, the health care you have received, or payment for your health care. This notice also discusses the uses and disclosures that we will make of your PHI. We must comply with the provisions of this Statement, and we reserve the right to change the terms of this Statement. You can at any time request a copy of our most current Privacy Statement, or you can access it on our website at www.tsmtco.com.

We also have obtained Privacy Statements from each of our service providers (i.e. Blue Cross and Blue Shield, Delta Dental of Mo., etc.). You can request a copy of any of those Statements as well from our Privacy Official.

TSMT understands its obligations under the HIPAA statutes, and we have made every effort to conform to those rules and regulations. As such, we want you to be aware of how we handle personal information. Our policies and procedures for collecting and disclosing personal information are detailed below:

Effective Date: This policy is in effect as of April 14, 2004.

Expiration Date: This policy shall remain in effect until superceded or cancelled.

It is the policy of TSMT that specific individuals within our workforce are assigned the responsibility of implementing and maintaining the HIPAA Privacy and Security Rule’s requirements. It is the policy of TSMT that these individuals be provided sufficient resources and authority to fulfill their responsibilities. At a minimum, it is the policy of TSMT that there will be one individual or job description designated as the Privacy Official. At TSMT this person is the CFO.

We may collect nonpublic personal information about employees from, but not limited to, the following sources:

• Information from health, dental, and life insurance enrollment forms, the TSMTCO 401(k)enrollment form, Flexible Spending Program;

• Information we receive from Benefit Administration Providers or Insurance Companies;

• Information we collect from such other sources as employment application forms, previous employers and references provided by employee themselves;

• Information we receive from governmental agencies such as Social Security Administration, and

• Information we receive from Workmen’s Compensation claims.

It is the policy of TSMT that a valid authorization is obtained for all disclosures. We restrict access to nonpublic personal information about our employees to only agencies or organizations that need to know that information to provide products or services to the employee. Otherwise, we do not disclose any nonpublic personal information about our employees or former employees unless authorized by the employee or as permitted/required by law.

TSMT may disclose your PHI as authorized to comply with workers’ compensation laws and other similar legally established programs.

We do not send you marketing materials regarding treatment, care, or alternative treatments or providers. Neither do we sell your name to companies or individuals that market such materials, services or products.

TSMT maintains physical, electronic, and procedural safeguards that comply with applicable regulatory standards to guard your nonpublic personal information.

You have the right to inspect and copy your protected health information. This means you may inspect and obtain a copy of PHI about you that is contained in a designated record file for as long as we maintain the PHI. A "designated record file" contains benefit enrollment forms and any other records that TSMT uses to process claims for you.

If you believe your privacy rights have been violated, you may file a written complaint with the Privacy Official at TSMT or with the Office of Civil Rights of the Department of Health and Human Services. TSMT will not retaliate against you for filing a complaint.

For further information regarding HIPAA go to the http://www.hhs.gov/ocr/hipaa/ website. Click on "Questions" for a listing of over 300 frequently asked questions.