Digital Services Privacy Policy and Terms of Use

Effective Date: May 10, 2019

Thank you for visiting a website, mobile application, or digital property (collectively known as “the Services” or “the Site”) of the EmblemHealth family of companies. The EmblemHealth family of companies (hereby referred to as “EmblemHealth”) includes the EmblemHealth Enterprise and its subsidiaries including, but not limited to, WellSpark Health, Inc.

It is our policy to protect your information and use it the right way. Please read the following to learn more about our Digital Services Privacy Policy and Terms of Use (“the Policy”).

By using or accessing the Services in any manner, regardless of whether you register or create an Account through the Services, you acknowledge that you accept the practices and policies outlined in this Policy, and you hereby consent that we will collect, use, and share your information in the following ways.

Remember that your use of EmblemHealth’s Services is at all times subject to the Policy.

What does this Policy cover?

This Policy covers our treatment of personally identifiable information (“Personal Information”) that we gather when you are accessing or using our Services, and to the treatment of personally identifiable information by our partners, but not to the practices of other companies we don’t own or control, or people that we don’t manage. We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information in connection with our Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.

How do we collect and use Personal Information?

We receive and store any information you provide to us. For example, when you enroll in one of our plans, you, your group (or the applicable state or federal exchange, depending on how you enroll) provide us with some information about you, including your name, address, social security number, age, annual household income and if applicable, names and ages of your immediate family members.

When you use our Services, the information that is collected will be used to associate your Account with your plan enrollment information. Each member uses a unique username to access their Account information through the Site; only you should use your username and the password you choose to log into your Account. Do not give this username and password to others. EmblemHealth also maintains data that has been provided to us or uploaded to EmblemHealth by you, our member, as well as our “Business Associates” (those vendors who perform work on our behalf for the purpose of payment, treatment, or healthcare operations – and who have written agreements with us that specifically indicate how they will protect your information). We maintain claims information, information about prior authorizations that you requested and any other information needed to provide you with the healthcare services that you need. In some cases, we may request additional consent from you if we think that there is other information that will help us better coordinate your care or better personalize it towards your needs.

To the extent permitted by law, and if you have provided your contact information to us, we may store and use that information to contact you for health plan and related services by various means, including regular mail, email, telephone, including voicemail, or SMS (text message). You may receive messages about wellness programs or other programs sponsored by EmblemHealth or its Business Associates. You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any program or service relating to a Business Associate or affiliated business of ours, please review all such businesses’ or websites’ policies.

We may receive a confirmation and activity confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. To the extent you voluntarily opt to have SMS notifications sent directly to your mobile phone, we receive and store the information you provide, including your telephone number. You can adjust the types of notifications you receive and when you receive them by editing your SMS notification settings. We may also use your information to notify you about payment information and/or to communicate with you about your Account. You will have the ability to opt out of any marketing or advertising SMS communications, but we may still send you communications relating to your Account for purposes important to the Services, such as password recovery or a payment reminder.

If you choose to use a bank account to make payments through the Services, our payment processing vendor(s) may collect and store your bank account information. If you use a payment card to make payments through the Services, that information may be collected and stored by our third-party payment processing companies (the “Payment Processors”), and use and storage of that information is governed by the Payment Processor’s applicable terms of service and privacy policy. However, we may from time to time request and receive some of your financial information from our Payment Processor for the purposes of completing transactions you have initiated through the Services, enrolling you in discount, rebate, and other programs in which you elect to participate, protecting against or identifying possible fraudulent transactions, and otherwise as needed to manage our business.

Other information; “cookies” and “tags”

You should also be aware that when you use our Services, we collect certain “usage data,” such as the number of visitors we receive or what pages are visited most often. This data helps us to analyze and improve the usefulness of the information of our Services. We may also collect, or receive from third parties, information based on your IP address that provides us your geolocation data in order to identify relevant markets for users and to provide a better mobile experience. We do not sell this data; however, we may store, disclose or use this data to serve appropriate advertisements personalized to your relationship with EmblemHealth.

Like most commercial website owners, we may use what is known as “cookie” technology. A “cookie” is an element of data that a website can send to your browser when you link to that website. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. Our cookies do not extract personal information about you, such as your name or address. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our Site’s features. We may also use what is known as “client-side page tagging,” which uses code on each page to write certain information about the page and the visitor to a log when a page is displayed by your web browser. This technique is also commonly used on commercial websites. “Tagging” causes a JavaScript program to run on your computer, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files or execute any additional programs. It does not extract any personal information about you, such as your name or address. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our Site’s functions. Because there is not yet a common understanding of how to interpret the “Do Not Track” signal, we do not currently respond to browser “Do Not Track” signals.


How do we share Personal Information?

We do not rent or sell your Personal Information in personally identifiable form to anyone. We may share your Personal Information with third parties as described in this section. EmblemHealth will not sell, license, transmit or disclose outside of EmblemHealth the information you provide to us unless (a) expressly authorized by you, (b) necessary to enable our Business Associates to perform certain functions for us, or (c) required or permitted by law. In all cases, we will disclose the information consistent with applicable laws and regulations and we will require our Business Associates to protect the information and use it only for the purpose it was provided and as necessary to assist us. EmblemHealth takes the Health Insurance Portability and Accountability Act of 1996 (HIPAA) seriously and provides appropriate safeguards to your protected health information (PHI), which may include your name, address, social security number, email address, telephone number and certain claims data.

We may de-identify your Personal Information so that you are not identified as an individual, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they can provide you with an optimal online experience. We disclose usage data for our non-member portal site to partners who may provide you with additional information about EmblemHealth products and services.

We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.

We may retain your information as needed for business purposes. Notwithstanding any provision to the contrary, we will retain, access, use and disclose your information as we believe is necessary to comply with our legal obligations, resolve disputes, enforce our Policy and other agreements, or to protect the rights, property or safety of EmblemHealth, our employees, our users or others. For more information about our privacy practices, including what information is provided to our Business Associates for payment, treatment and healthcare operations purposes, please see our Notice of Privacy Practices.

Children under 18

Our Site and Services are not intended to be used by children under 18 years old. You represent and warrant that you are at least 18 years of age. If you are under age 18, you may not use the Site or Services. We do not knowingly collect Personal Information from, or target our Site or Services to, children under the age 18. We understand that there may be exceptions to this rule including, but not limited to, children who are emancipated. If we discover that the Site is being used inappropriately, we may disable the user ID so that the individual may no longer access our Site.

Your feedback

We welcome your comments or questions about our Site and Services. You can provide your comments to our Customer Service team via our Website Feedback Form or by calling the regular number you call to reach us with questions. We will share your comments and questions with our Customer Service representatives and those employees most capable of addressing your questions and concerns. Please note that email, like all non-encrypted Internet email communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us. For that reason, to protect your privacy, please do not use email to communicate information to us that you consider confidential. If you wish, you may contact us by calling us, or using a secure message in your secure portal.

How can you stop receiving emails?

Certain emails we send to you contain an unsubscribe link through which you may easily opt-out of receiving future commercial emails from us. If you do not wish to receive certain emails from EmblemHealth, simply click the unsubscribe link and follow the instructions to unsubscribe your email address. If you have unsubscribed but continue to receive email from us or from one of our Business Associates, you may report this to us. Please note that unsubscribe requests may take up to 7 – 10 days to process. You will have the ability to opt out of any marketing or advertising communications, but we may still send you transactional communications relating to your Account for purposes important to the Services, such as password recovery or a payment reminder.

Linking to other sites

From time to time, EmblemHealth may provide links to other websites that we think might be useful or interesting. These websites are not owned or controlled by EmblemHealth and may be subject to separate terms and conditions and privacy policies. Although we try to be proactive and ensure that appropriate protections are in place, we cannot be responsible for the privacy practices used by other website owners or the content or accuracy of those websites. Links to various non-EmblemHealth websites do not constitute or imply endorsement by EmblemHealth of these websites, any products or services described on these sites, or of any other material contained in them.

Security

EmblemHealth has adopted and adheres to stringent security standards designed to protect non-public personal information collected on the Site against accidental or unauthorized access or disclosure. Among the safeguards that EmblemHealth has developed for this Site are administrative, physical and technical barriers that together form a protective firewall around the information stored at this Site. We are committed to being HIPAA compliant and ensuring that our Business Associates meet the same standards. We periodically subject our Site to simulated intrusion tests and have developed comprehensive disaster recovery plans. For registered users, your Account is protected by a password for your privacy and security. You must prevent unauthorized access to your Account and Personal Information by selecting and protecting your password and other sign-on mechanisms appropriately and limiting access to your computer or device and browser. We endeavor to protect the privacy of your Account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Your login credentials are yours alone and should not be shared with anyone, even a family member, for any reason. Colleagues should not use shared credentials to access an account for any reason. If we detect the shared use of an account, we may disable that account for security reasons.

What Personal Information can I access?

In some cases, registered users will be able to change their password and update the information that they provide to us, such as address, contact information and health information, by going to the profile page of their Account on the Site. In other cases, registered users may need to contact their benefit administrator, or the appropriate state or federal health insurance exchange to update their information. Registered and unregistered users can access and delete cookies through their web browser settings.

The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact Customer Service. Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please contact Customer Service.

What choices do I have?

You can use certain features of the Services without registering, thereby limiting the types of information that we collect. You can always opt not to disclose information to us, but keep in mind that some information may be needed to register with us or to take advantage of some of our Site’s features.

If you have registered for the Services, you may be able to add, update, or delete information in your Account as explained above. When you update information, we may maintain a copy of the unrevised information in our records. You may request deactivation of your Account by calling Customer Service. Some or all of your information may remain in our records after your deactivation of such information from your Account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete your Account, but not in a manner that would identify you personally.

Changes to this Privacy Policy

EmblemHealth may change this Policy from time to time. When material updates are made, the Policy version date will also be updated to reflect that a revision occurred, and we will alert you to changes by placing a notice on the Site, by sending you an email or by some other means. We encourage you to periodically re-read this Policy to see if there have been any changes that may affect you. A user is bound by any changes to the Policy when you use the Site or Services after such changes have been first posted. This Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.

Contact Us

To find out how to reach us, use the Contact Us section of our website.