Change Healthcare is now a part of Optum. This Privacy Notice is currently accurate but may be updated as company product and service integration continues. 

CALIFORNIA PRIVACY RIGHTS

NON-U.S. RESIDENTS PRIVACY RIGHTS

EFFECTIVE DATE: MMDDYYYY

Privacy matters to Change Healthcare, so we follow a privacy framework that helps us to manage and protect your personal information in the products and services we provide (“Services”) and on our websites (“Sites”).  This Global Privacy Notice (“Global Notice”) describes how Change Healthcare collects, uses, and shares the personal information from our Sites and Services, the rights, and choices that you have about your personal information, and how you can contact us about our privacy practices. Whether you are new to Change Healthcare or a long-time user, please take a moment to review our practices, and if you have any questions contact us through the information in the How to Contact Us section below.

When this Global Notice mentions “Change Healthcare”, “we”, “our” and “us,” it is referring to Change Healthcare and current and future affiliated entities, subsidiaries, agents, contractors, or vendors of Change Healthcare, as applicable, and when it mentions “you” or “your,” it is referring to individuals using the Sites where we display or link to this Global Notice. Our Sites and Services may contain links to third party websites, products, and services. 

This Global Notice does not apply to (i) third party websites and mobile applications, products, or services that may link to or are linked from our Sites and Services, (ii) certain Services we offer where we act as a processor for our customers or, (iii) Services we offer in the United States (“U.S.”) as a Business Associate on behalf of health care organizations. Please consult those websites and applications directly to understand their privacy practices.

In addition to this Global Notice, our Sites and Services may include a supplementary privacy notice detailing specific privacy practices for that Site or Service (“Supplemental Notice”). These Supplemental Notices can generally be found in the footer of a Site or within a Service. If you find that there is a difference between this Global Notice and a Supplemental Notice, the Supplemental Notice will control.

Change Healthcare functions as a HIPAA business associate for its HIPAA covered entity payer and provider customers as its primary business function, so Change Healthcare’s collection, use and disclosure of protected health information is guided by HIPAA and the terms of a business associate agreement and other contracts.

Change Healthcare collects personal information directly from you, automatically from your devices when you interact directly with our Sites and Services, and from other sources described in the Supplemental Notices. When you interact directly with our Sites and Services, you may not be required to provide us with certain data requested; however, some data is necessary for the purposes described in this Global Notice and if you fail to provide any required data, you may not be able to access our Sites and Services. Where possible, we will allow you to interact with us anonymously or using a pseudonym. However, for most of our functions and activities we usually need your name and contact information.

• Identifiers:
  • We collect your name, phone number, email address, mailing address, and contact address when you create an account or contact us via the Site and the Services. If you choose to create an account, you will also be asked to create a username and password, and we will assign one or more unique identifiers to your profile. We use this information to provide our Services, respond to your requests, and send information and advertisements to you.
  • We collect a unique numerical identifier, assigned to you by a Cookie, automatically when you use the Sites and Services in order to identify you, provide our Services, keep you logged in to our Sites, prevent fraud, and provide you with targeted information and offers. 

• Payment information.  We, or a service provider working on our behalf, collect your payment information when you provide it in order to complete a transaction. This information includes your credit card number or bank account number. We use this information to facilitate payments and transactions.
• Commercial information: When you engage in transactions with us, we create records of transactions. We may use this information to measure the effectiveness of our Sites and Services and to provide you with targeted information, advertisements, and offers.
• Visual information: We may collect visual information such as profile pictures associated with any account you create if you choose to upload one.
• Professional or employment-related information: We collect your business contact information when you contact us regarding our Site or Services, or when you interact with us at trade shows. We may also collect your business contact information in the course of providing the Services. We otherwise do not collect your professional or employment-related information.
• Inferences drawn to create a profile about a consumer reflecting the consumer’s preferences or characteristics: We analyze your actual or likely preferences through a series of computer processes and add our observations to your internal profile. We use this information to gauge and develop our marketing activities, to measure the appeal and effectiveness of our Sites and Services, applications, and tools, and to provide you with targeted information, advertisements, and offers.
• Browser and device data: We may collect your device type, operating system and version, IP address, general geographic location as indicated by your IP address, browser type, screen resolution, device manufacturer and model, language, plug-ins, add-ons and the language version of the Site you are visiting.
• Usage data: We collect information about the time you spend on the Site, the content you view and features you access, the pages that led or referred you to our Site, language preferences, how you interact with available content, and entered search terms.
• Your Site Activity: We collect any information you choose to include in your messages or responses when interacting with us through our Sites and Services, including via online communities and forums, inquiry forms, our support portal, or our Chatbox messaging service and other messaging services, including any information you provide when you complete a survey administered by us or by a supplier acting on our behalf.
• Social media: We collect information that you make available to us on social media platforms (such as by clicking on a social media icon linked from our Sites and Services), including your account ID or username and other information included in your posts.

Our Sites and Services may use Cookies and other technologies such as web beacons. We use the term “Cookies” to refer to all technologies which store and access information on the device that you use to access the Site or Service, such as your computer, tablet, or mobile phone. We use Cookies to enhance the online experience of our visitors and to better understand how the Site and Services are used.

Most web browsers automatically accept Cookies but, if you prefer, you can usually modify your browser setting to disable or reject Cookies. If you delete your Cookies or if you set your browser to decline Cookies, some features of our Sites and Services may not be available, work, or work as designed.

Please visit our Cookie Notice for further information on how we use Cookies and the specific Cookies for this Site.

We may obtain information about you from other sources such as data brokers, customers, credit reporting agencies, social networks, partners with which we offer co-branded services or engage in joint marketing activities, and publicly available sources such as data in the public domain.

We also may receive information about you from outside suppliers through your online activities on websites and connected devices over time and across websites, devices, apps and other online features and services.

These other sources help us update, expand, and analyze our records; identify new customers; determine you or your organization’s advertising or purchasing preferences; or prevent or detect fraud. We combine such information with information we have collected about you through our Sites and Services. We will treat the combined information in accordance with this Privacy Notice.

In certain countries, we must identify a legal basis to process your personal information. The table below explains why we may use (“process”) your data and the lawful basis we rely on. 

When we process personal information to meet our legitimate interests, we have undertaken an assessment where we have balanced your rights against ours to ensure that your privacy is protected. 

When we rely on consent to process your personal information, you may withdraw your consent at any time by contacting us through the information in the How to Contact Us section below. Withdrawing consent will not affect the processing that occurred prior to withdrawal. 

We share your data with:

• Suppliers: We share your data with suppliers that provide us services and process your data on our behalf, such as providers of marketing and survey services, payment processors, website and customer experience hosting, data analysis, data storage, customer service, auditing and accounting firms, and security vendors. We authorize these suppliers to use your data only as necessary to perform the services on our behalf or to comply with legal requirements. We require all such suppliers to agree in writing to protect the security and confidentiality of the data they process for us.
• Group companies: Change Healthcare is a global organization and works closely with other Change Healthcare groups and companies. We share certain personal information with other Change Healthcare entities to provide our Sites and Services, and for internal administrative purposes. We share this data on the basis of our legitimate interests to facilitate the operation of our business.
• Customers: We share personal information with our customers for the purposes of providing the Services, for our customers’ legal and administrative requirements, for security purposes, and as required by law. We share this data on the basis of our legitimate interests to facilitate the operation of our business, or on the basis of the legitimate interests of our customers.
• Governmental authorities: We share personal information with law enforcement agencies, courts, or other government authorities where we believe it is necessary to: (i) comply with a legal obligation; (ii) protect the rights, safety, and property of Change Healthcare, you or others; or (iii) respond to requests from courts, law enforcement agencies, regulatory agencies and other public and government authorities. We share this data on the basis of our legitimate interests to facilitate the operation of our business and our compliance with local laws and regulations.
• Parties to a corporate transaction: We may share personal information in connection with the consideration, negotiation, or completion of a corporate transaction, such as a merger, acquisition, sale of assets or any line of business, change in ownership control, or financing transaction, including during the course of any due diligence process. We share this information on the basis of our legitimate interests to facilitate the operation of our business.
• With our advertising partners: We share your information with our advertising partners.
• With social media platforms: Where you choose to interact with us through social media, your interaction with these programs typically allows the social media company to collect some information about you through cookies they place on your device and other tracking mechanisms. In some cases, the social media company may recognize you through its digital cookies even when you do not interact with their application. Please visit the social media companies’ respective privacy policies to better understand their data collection practices and controls they make available to you.

We implement and maintain organizational, technical, and administrative security measures designed to safeguard the data we process against unauthorized access, destruction, loss, alteration, or misuse. These measures are aimed at providing on-going integrity and confidentiality of data, including your personal information. We evaluate and update these measures on an ongoing basis. Your Personal Information is only accessible to personnel who need to access it to perform their duties. However, while we take precautions to safeguard data, we cannot guarantee the absolute security of the data we process as no networks, systems, servers, devices, and databases we operate or that are operated on our behalf can be 100% secure.

We retain your data for as long as we have a relationship with you. When deciding how long to keep your data after our relationship with you has ended, we consider our legal and regulatory obligations and internal information management policies. For example, we may be entitled to retain records to investigate or defend against potential legal claims or where required by law. Where we retain personal information, we do so in accordance with any limitation periods and records retention obligations that are imposed by applicable law.

We may process your data in any country where we operate, as permitted by applicable law. In some cases, your data will be transferred to, stored, and processed in a country that is not regarded as providing the same level of protection for personal information as the laws of your home country (for example, for personal information transferred from Canada, the European Union (“EU”) or the United Kingdom (“UK”) to the U.S.) and may be available to the government of those countries under a lawful court order made in those countries.

When we conduct such transfers, we have put in place appropriate safeguards (such as standard contractual clauses) in accordance with applicable legal requirements to provide adequate protections for your data. For more information on the safeguards in place or for a copy of these safeguards, please contact us through the information in the How to Contact Us section below.

For United Arab Emirates only

We store your data in the United States or America.  If you are using this Service in the United Arab Emirates, by agreeing to this notice, you are agreeing to your data being transferred to the United States of America. 

If at any time you would like to unsubscribe from receiving promotional or commercial emails from us, you can click the unsubscribe link at the bottom of any email or you can unsubscribe by clicking the link here. We will comply with your request(s) as soon as reasonably practicable. Please note that if you opt out of receiving marketing-related emails from us, we may still send you important administrative messages.

Your privacy rights will vary depending on where you live. We describe the rights that apply to residents of California and individuals located outside the U.S. in the following sections:

California Residents: Please visit our California Privacy Rights Supplemental Notice for specific information relevant to you and your personal information.

Non-US Residents: Please visit our Non-U.S. Resident Privacy Rights Supplemental Notice for specific information relevant to you and your personal information.

Our Sites and Services are intended for users aged sixteen and over. We do not knowingly collect information from children. If we discover that we have inadvertently collected information from anyone younger than the age of 16, we will delete that information.

As we grow, and our organization and Sites and Services change, this Global Notice and Supplemental Notices are expected to change as well. If we do so, those changes will appear in this notice. We will also provide notice and choices to you, in our Sites and Services and in other appropriate locations, based on the scope and extent of changes. You may always visit this Notice to learn of any updates. The “Effective Date” at the top of this Global Notice indicates when it was last revised. Your continued access to or use of the Sites or Services constitutes your consent to these changes.

If you have questions or complaints related to your privacy, please contact us at.

U.S.:                                   

privacy@optum.com       

Outside the U.S.:

Information_governance@optum.com  

or by physical mail addressed to:

U.S.:                                                            

Optum Privacy Office                                    

MN101-E013, 11000 Optum Circle                

Eden Prairie, MN 55344

Attention: Enterprise Privacy Office  

Outside the U.S.:

Information Governance

10^th Floor

5 Merchant Square

Paddington

London W2 1AS

United Kingdom

Attention: Data Protection Officer

For Saudi Arabia only

By virtue of this Global Notice, you explicitly agree to us carrying any of the rights and/or obligations contemplated herein. To the extent reasonably practicable, you are entitled to access the data relating to you by contacting us using the details in the How to Contact Us section above and specifying the type of data you want to access. 

You acknowledge that the collection, processing, and transfer of data is important to operate and improve our Sites and Services and that failure to consent to the same may prevent your use of our Sites and Services.