Change Healthcare is now a part of Optum. 

This Privacy Notice is currently accurate but may be updated as company product and service integration continues. 

Effective Date: MMDDYYYY

This Supplemental Notice applies to California residents. In addition to the Global Notice, this Supplemental Notice describes the categories of personal information we collect, how we use it, and the rights that California residents have under California law. If you find that there is any discrepancy between the Global Notice and this Supplemental Notice, the Supplemental Notice will control.

In this Supplemental Notice, “personal information” means information that identifies, relates to, describes, references, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. Information that is publicly available, and certain health and financial information that is protected under other federal laws (such as the Gramm–Leach–Bliley Act, the Health Insurance Portability and Accountability Act (“HIPAA”), or the Fair Credit Reporting Act is not considered “personal information” for purposes of this policy.

This section describes our data collection practices, including the personal information we have collected over the 12 months prior to the effective date of this Supplemental Notice, the sources of that information, the purposes for which we collect it, and whether we disclose it to external parties.

• Identifiers:
  1. We collect your name, phone number, email address, mailing address, and contact address when you create an account or contact us via the Site and Services. If you choose to create an account, you will also be asked to create a username and password, and we will assign one or more unique identifiers to your profile. We use this information to provide our Services, respond to your requests, and send information and advertisements to you.
  2. We collect a unique numerical identifier, assigned to you by a Cookie, automatically when you use the Sites and Services in order to identify you, provide our Services, keep you logged in to our Sites, prevent fraud, and provide you with targeted information and offers. 
• Payment information:  We, or a service provider working on our behalf, collect your payment information when you provide it in order to complete a transaction. This information includes your credit card number or bank account number. We use this information to facilitate payments and transactions.
• Commercial information: When you engage in transactions with us, we create records of transactions. We may use this information to measure the effectiveness of our Sites and Services and to provide you with targeted information, advertisements, and offers.
• Internet or other electronic network activity information: We collect your IP address and Device ID automatically when you use our Sites and Services. We use this information to identify you, gauge online activity on our Sites, measure the effectiveness of online services, applications, and tools, and provide you with targeted advertisements and offers based on your online activities. When you navigate to and use our Sites and Services, we also collect information such as your Internet domain, the domain of your Internet service provider, the date and time that you access the Site or Service, the Internet address of the website from which you linked directly to the Site or Service, and the pages you visit on our Sites and Services.
• Visual information: We may collect visual information such as profile pictures associated with any account you create if you choose to upload one.
• Professional or employment-related information: We collect your business contact information when you contact us regarding our Site or Services, or when you interact with us at trade shows. We otherwise do not collect your professional or employment-related information.
• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We analyze your actual or likely preferences through a series of computer processes and add our observations to your internal profile. We use this information to gauge and develop our marketing activities, to measure the appeal and effectiveness of our Sites and Services, applications, and tools, and to provide you with targeted information, advertisements, and offers.

We may use any and all of the personal information for any of the purposes described in the Global Notice or this Supplemental Notice unless limitations are listed. We may use any of the categories of personal information listed above for other business or operational purposes compatible with the context in which the personal information was collected.

We collect personal information in the categories above from:

• You – either directly or indirectly, including from the devices you use to interact with us
• Our records, for example, when we analyze personal information we have collected about you
• Publicly available records
• Government records

We may share personal information from the categories above with service providers, which are external parties that we engage for business purposes, who are restricted from using the personal information for any purpose that is not related to our engagement. The categories of service providers with whom we share information and the services they provide are described in the How We Share Your Information section of the Global Notice. We also disclose personal information to external parties who are not listed in the Global Notice or this Supplemental Notice when required by law, to protect us, or for other purposes as described in the Global Notice or this Supplemental Notice.

Under California privacy law, “sharing” is defined as the targeting of advertising to a consumer based on that consumer’s personal information obtained from the consumer’s activity across websites, and “selling” is defined as the disclosure of personal information to third parties in exchange for monetary or other valuable consideration. We “share” information to provide more relevant and tailored advertising to you regarding our Services. While we do not disclose Your personal information to third parties in exchange for money, our use of third-party analytics services and online advertising services may result in the sharing of online identifiers (e.g., cookie data, IP addresses, device identifiers, and usage information) in a way that may be considered a “sale” under the CCPA. These third parties are our partners and customers who we allow to use personal information for their own purposes, which may include advertising and marketing, as well as data analytics. You have the right to opt-out of this disclosure of your information, which may be considered a “sale” under California law.

We may have shared the following categories of information with certain categories of third parties, as described below:

THIRD PARTIES AND CATEGORIES OF PERSONAL INFORMATION

In addition to the categories of third parties identified above, we may have shared personal information about you with government entities, self-regulatory organizations and third parties that may assume or have assumed control of our business as part of a merger or acquisition.

We do not knowingly sell or share the personal information of individuals under 16 years of age. We also do not use or disclose sensitive information to create inferences or profiles about you.

Access to Deidentified Information. We license access to deidentified health information that is derived from Protected Health Information (“PHI”), as defined by HIPAA. We use both the safe-harbor or expert determination requirements to deidentify PHI, depending on the circumstances. We do not reidentify data sets that we have deidentified, except that we may attempt reidentification to test our deidentification methodology, and we do not allow any of our licensees to reidentify or attempt to reidentify health information.

We offer online resources whereby we incentivize you to share certain pieces of information with us. The value of the data shared with us is equal to the value of the incentive provided. Participation is voluntary and you may opt out of the data sharing at any time.

• Right to Access Information. You have the right to request access to personal information collected about you, information regarding the source of that personal information, the purposes for which we collect it, and the third parties and service providers with whom we share it. To protect your personal information, we will verify your identity before we act on your request.
• Right to Request Deletion of Information. You have the right to request, in certain circumstances, that we delete any personal information that we collected directly from you. To protect your personal information, we will verify your identity before we act on your request. We may have a reason under the law why we do not have to comply with your request or why we may comply with it in a more limited way than you anticipated. If we do, we will explain that to you in our response.
• Right to Opt-Out of the Sale/Share of Personal Information to Third Parties. You have the right to opt out of any sale or share of your Personal Information to third parties. To exercise this right, please visit our “Do Not Sell or Share My Personal Information” webpage here. We also respond to browser-based opt-out signals. When you opt out of sale or share on your browser, we will respond to the control signal to disable targeting cookies until an explicit consent is received.
• Right of Non-Discrimination. You have the right not to be discriminated against – such as denying a good or service, providing a different level or quality of service, or charging different prices – for exercising any of your rights under the law.

You can exercise the rights in this section by: (1) filling out a Consumer Data Request Form available here, or (2) calling us at 1-844-698-8905. You must provide any information marked with an asterisk in the Consumer Data Request Form. Once we have received your request, we will review the request to determine whether it can be verified. In some cases, we may contact you to request additional information to verify your identity.

You may also submit a request via an authorized agent. If you submit a request through an authorized agent, the authorized agent must provide us with your signed written permission that provided them with authorization. We may also request that any authorized agents verify their identity and may reach out to you directly to confirm that you have provided the agent with your permission to submit the request on your behalf.