Employer Direct Healthcare, LLC and its affiliates (“EDH”, “we”, “our”) respects the privacy of everyone visiting our website, using our mobile applications, or using any of our other related solutions or tools.
This policy describes the types of information we may collect from you or that you may provide when you visit the website www.edhc.com (our “Website”) and our practices for collecting, using, maintaining, protecting, and disclosing that information.
This policy applies to information we collect:
- On this Website.
- Through mobile, desktop, or web applications (our “Apps”) you download or access directly or via this Website.
- Via email, text, and other electronic messages between you and this Website or Apps.
- Through automated interactions or data-capture devices and other websites, whether operated by third-party service providers or by EDH.
Collectively, the Website, Apps, and other related solutions or tools may be referred to as “Digital Tools.”
This policy doesn’t address, and we’re not responsible for, the privacy, information, or other practices of any third-party, including any third-party service provider or vendor, and any third-party operating software applications or websites to which www.edhc.com contains a link. Having such a link on www.edhc.com does not imply that we or any of our affiliates endorse the linked application or website.
What is Personal Information and Protected Health Information?
Personal information is personal data that identifies you or gives someone the ability to contact you. When personal information is combined with any information related to your health or medical status, we refer to this information as “protected health information” or “PHI.”
What Personal Information and Protected Health Information does EDH collect?
We and our third-party service providers may collect personal information and protected health information from you, including your:
- Mailing address (including billing and shipping addresses)
- Telephone number
- Social Security Number
- Email address
- Credit card or debit card number
- Health plan membership numbers and identifiers
- Medical history, medical condition(s), and other related medical information related to your use of SurgeryPlus
- Other information related to your use of the Services
- If you share any personal information with us or our third-party service providers, you’re representing that you have the authority to do so
How We Collect Your Personal Information
We collect personal information:
- Directly from you when you provide it to us.
- Automatically as you navigate through the site. Information collected automatically may include usage details, IP addresses, and information collected through cookies, discussed further below.
- From third-parties, for example, our business partners.
How We Handle Your Personal Information
We don’t use or disclose personal information you give us online, unless it’s required or permitted under federal and state laws that apply to us. These laws closely regulate how we may handle your information.
Under these laws, we’re permitted to use and disclose your personal information to support our provision of the Services, as well as our offline business functions.
We’ll disclose information to government officials or others if we’re legally required to do so. Additionally, certain statutory authorizations allow us to disclose personal information in emergency situations or to protect our rights and property.
We also may disclose your personal information to our agents or business associates who perform various functions on our behalf, but we require these third-parties to agree in writing to safeguard your information appropriately.
We don’t sell or rent your personal information to third parties.
We and our third-party service providers may use your personal information to:
- Respond to your inquiries and fulfill your requests
- Send you administrative information, including information regarding any solutions or tools we provide on our Digital Tools and changes to our terms, conditions and policies
- Allow you to share data from a tool or solution we provide on our Digital Tools to your friends
- Personalize your experience on our Digital Tools by presenting products or offers tailored to you
- Send you communications related to our benefits offered through your health plan and, if you choose to opt in, related marketing promotions
In addition, we may use personal information you submit to our Digital Tools to create aggregated, anonymous data, which we’ll use to tailor our site to your interests, develop new features, and monitor the usage of the Digital Tools. We may perform statistical analyses of these aggregate data and disclose the results as permitted by law.
How We Collect Your Protected Health Information
We collect protected health information from you only as you authorize in writing or electronically. The means of this collection can include directly from you when you provide it to us, from your health plan and/or employer, from third-parties authorized by you and/or your health plan or employer to share the PHI with us, and from providers involved in your medical care.
How We Handle Your Protected Health Information
We don’t use or disclose any PHI you submit using our Digital Tools unless it’s required or permitted under federal and state laws that apply to us or the Digital Tools. Further, EDH will only gather your PHI if authorized electronically or in writing.
These laws closely regulate how we may handle your PHI. Under these laws, we’re permitted to use and disclose your PHI to support our provision of the SurgeryPlus benefit and related services, including the Services, as well as our offline business functions.
We may disclose your PHI to our agents or business associates who perform various functions on our behalf, but we require these third-parties to agree in writing to safeguard your PHI appropriately. We don’t sell or rent your PHI to third-parties.
We’ll disclose information to government officials or others if we’re legally required to do so. In addition, certain statutory authorizations allow us to disclose personal information or PHI in emergency situations or to protect our rights and property.
We may use the PHI you submit to create aggregated, anonymous data, which we’ll use to tailor our site to your interests, develop new features, and monitor the usage of our site. We may also perform statistical analysis of this aggregate data and disclose the results as permitted by law.
We may disclose, transfer, or sell the personal information collected through our Digital Tools as an asset of the company in conjunction with due diligence for or completion of a merger, reorganization, or sale to a third-party of our company or a major portion of its assets.
We and our third-party service providers may use PHI to:
- Respond to your inquiries and fulfill your requests, such as to send newsletters to you
- Send you administrative information, including information regarding EDH and changes to our terms, conditions, and policies
- Personalize your EDH experience by presenting products and offers tailored to you
In addition, we may use protected health information for our business purposes, such as quality improvement, data analysis, audits, new product development, service improvement, usage and trend identification, and promotional campaign effectiveness.
In addition, we may collect a variety of other information types that aren’t individually identifiable, including:
- Type of browser you use
- Files you request
- Operating system you use
- IP address from the pages you visited
- URLs of the pages that you came from and go to
- Geographic location from where you request information
- Information collected through cookies, pixel tags and other technologies
- Demographic information
- Aggregated information
We may be required to share information you provide us through our Services in other, limited circumstances in which we may share or transfer the information you provide us through our Services, for example, to respond to judicial process, to comply with state, federal, or local laws, to protect the security or integrity of our databases or Digital Tools, to take precautions against liability, in the event of a corporate reorganization or, to the extent required by law, to provide information to law enforcement agencies.
How We May Use and Disclose Other Information
Because the other information we collect isn’t personally identifiable, we reserve the right to use and disclose that information for any purpose.
If we match other information with either personal information or PHI (such as your name and zip code or your name and a medical condition), we treat the combination as personal information or PHI, as appropriate, as long as the information is combined, and will use that information as described above.
We use what’s known as “cookies” to improve your experience on our Digital Tools. Cookies are small pieces of data we place in your computer’s browser to store your preferences.
If you choose not to accept cookies, you may be unable to take full advantage of our Digital Tool’s features.
This information by itself doesn’t itself identify you to EDH, though the information may be unique or consist of or contain details you consider personal.
If you use products and services that are location-enabled (for example, Google Maps) while accessing our Services, you may be sending us your location information. This information may reveal your actual location, such as GPS data.
We may record your phone number when you:
- Send it to us
- Ask us to remember it
- Make a call to us
- Receive from us or send to us a text or SMS (short message service)
The information we collect for mobile may include:
- Device or hardware IDs and device type
- Type of request
- Your phone carrier
- Your carrier user ID
- The content of your request
- Basic usage stats about your device
Some of our Services may allow you to download and/or personalize the content you receive from us. For these Services, we record information about your downloads and preferences, along with any information you provide about yourself. If the product, tool or service requires you to log in with your EDH portal, this information will be associated with your EDH account.
We’ve taken steps to protect information collected from our online visitors against unauthorized access and use.
The chat feature and all online forms that include information captured from our users are secured using a Secured Socket Layer (SSL), which encrypts the information as it travels from a desktop to our server.
We’re committed to ensuring transaction security and privacy. We obtain certification from industry-recognized security vendors to ensure our systems meet security standards.
As an additional security measure, we use a firewall to prevent unauthorized access to our site. Site personnel monitor activity logs at regular intervals to look for unauthorized intrusions.
For your protection, please don’t send e-mail to us that contains your protected health information. We cannot guarantee the security of these emails before they reach us, in contrast to the security precautions in place when you send us personal information through an online form using our Digital Tools. If you’re a member, we suggest you use the EDH portal Inbox to send secure messages and receive secure messages from us.
In addition, EDH’s information security program protects our information and the supporting infrastructure against unauthorized use, disclosure, modification, damage, and loss. EDH’s information security program promotes a culture that understands and respects the value of protecting information while following legal, regulatory, and accreditation requirements and standards that govern online security.
Research, planning, and implementation of technologies, tools, and training programs are used to secure our critical electronic information.
Protecting Your Information Online
Once someone else has your personal information or PHI, that information is no longer in your control. It can be reused, sold, lost, stolen, or misused. Protecting your personal information online is a good and necessary action to take. One of the most obvious reasons would be to prevent identity theft. A good rule of thumb is to always ask yourself this question when it comes to your personal information: Can this information be used to reset the password for my online bank account or some other sensitive online account? If so, then you shouldn’t share that kind of information online or anywhere else for that matter.
Here are some simple actions to protect your personal information online:
- Weigh the benefit against the risk – is what you are getting out of this transaction worth the exposure of your data?
- Read the fine print – understand what websites plan to do with your data, and decide if this is acceptable to you. Provide only the minimum amount of information necessary.
- Create an account using a nickname or made-up name, and use an online email account that you don’t normally use and don’t care if it gets spam.
Use these basic technical controls to prevent yourself from falling victim to a security breach:
- Use anti-virus software.
- Make sure all your devices have the latest security updates.
- Don’t use the same password for all your accounts.
- Use a passphrase to strengthen your passwords.
- Use a password longer than 10 characters. The longer the password, the better your chances of not getting hacked.
- Enable encryption on your home router, disable remote access features, use its firewall and change its default name.
- Be cautious when using free, but not always secure, public Wi-Fi.
- Know what devices are connected to your network.
- Delete any emails that are out of the ordinary.
- If you receive a phone call from technical support and you didn’t ask them to contact you, don’t give away any personal information. Typically, you call technical support when you need help, not the other way around.
- Create backups of your computer.
Links to Third-Party Web Sites
We may provide links and pointers to websites maintained by other companies or third-party websites. From time to time, we may provide materials from other parties or companies on the Services.
Know that these third-party websites are independently owned and operated by someone other than EDH. These websites have their own privacy practices and policies. We provide these materials and links to other websites “as-is” and without warranties of any kind, either express or implied.
To the fullest extent permissible pursuant to applicable law, we disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness. We don’t warrant or make any representations regarding the use or the results of the use of the third-party materials in the third-party websites in terms of their correctness, accuracy, timeliness, reliability or otherwise.
California Resident Privacy Notice
Right to Know and Data Portability
You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months (the “right to know”). Once we receive your request and confirm your identity, we will disclose to you:
- The categories of personal information we collected about you.
- The categories of sources for the personal information we collected about you.
- Our business or commercial purpose for collecting or selling that personal information.
- The categories of third-parties with whom we share that personal information.
- If we sold or disclosed your personal information for a business purpose, two separate lists disclosing:
- sales, identifying the personal information categories that each category of recipient purchased; and
- disclosures for a business purpose, identifying the personal information categories that each category of recipient obtained.
- The specific pieces of personal information we collected about you (also called a data portability request).
Right to Delete
You have the right to request that we delete any of your personal information that we collected from you and retained, subject to certain exceptions (the “right to delete”). Once we receive your request and confirm your identity, we will review your request to see if an exception allowing us to retain the information applies. We may deny your deletion request if retaining the information is necessary for us or our service provider(s) to:
- Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, fulfill the terms of a written warranty or product recall conducted in accordance with federal law, or otherwise perform our contract with you.
- Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
- Debug products to identify and repair errors that impair existing intended functionality.
- Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
- Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 et. seq.).
- Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
- Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
- Comply with a legal obligation.
- Make other internal and lawful uses of that information that are compatible with the context in which you provided it.
We will delete or deidentify personal information not subject to one of these exceptions from our records and will direct our service providers to take similar action.
Exercising Your Right to Know or Delete
To exercise your rights to know or delete described above, please submit a request by either:
- Calling us at (855) 200-2099
- Emailing us at firstname.lastname@example.org
Only you, or someone legally authorized to act on your behalf, may make a request to know or delete related to your personal information. You may only submit a request to know twice within a 12-month period. Your request to know or delete must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you. You do not need to create an account with us to submit a request to know or delete.
We will only use personal information provided in the request to verify the requestor’s identity or authority to make it.
Response Timing and Format
We will confirm receipt of your request within ten (10) business days. If you do not receive confirmation within the 10-day timeframe, please call us at (855) 200-2099 or email us at email@example.com.
We endeavor to substantively respond to a verifiable consumer request within forty-five (45) days of its receipt. If we require more time (up to another 45 days), we will inform you of the reason and extension period in writing. If you have an account with us, we will deliver our written response to that account. If you do not have an account with us, we will deliver our written response by mail or electronically, at your option.
Any disclosures we provide will only cover the 12-month period preceding our receipt of your request. The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.
We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.
We will not discriminate against you for exercising any of your CCPA or CPRA rights. Unless permitted by the CCPA or CPRA, we will not:
- Deny you goods or services.
- Charge you different prices or rates for goods or services than those set forth in your health benefit plan, including through granting discounts or other benefits, or imposing penalties.
- Provide you a different level or quality of goods or services.
- Suggest that you may receive a different price or rate for goods or services or a different level or quality of goods or services.
EDH does not direct this site to children or knowingly collect personal information from children. If you are under 16 years old, do not use or provide any information using our Digital Tools. We’re pleased to work with parents and guardians to delete from our records personal information that a child may have disclosed improperly through our Digital Tools.
Changes in our Corporate Status
We’re sincerely committed to protecting your personal privacy. While information is the cornerstone of our ability to provide superior service, our most important asset is our members’ trust. Keeping member information secure and using it in a responsible manner is a top priority for us. You may contact us to request access to, correct, or delete any personal information that you have provided to us.
If you have any questions or concerns about the information provided via our Digital Tools, please contact us at firstname.lastname@example.org or by phone at (855) 200-2099.