wellPORTAL Privacy Policy

1. wellPORTAL Privacy Policy

The wellPORTAL Privacy Policy describes the personal information that we collect from you, how we use that personal information, and to whom we disclose it. Because wellPORTAL (the Service) operates in conjunction with the medical care provided to you by your primary care physician (PCP), and your health plan, you may also be subject to the Notice of Privacy Practices provided to you by your PCP and your health plan.

2. What Personal Information Do We Collect?

When you register for the Service, we collect certain personal information submitted to us by you, your PCP, and your health plan, including: your name, date of birth, and other data related to your personal identification; your health conditions and status, scheduled and completed health care services; medical orders given by your PCP or related medical providers; medical care plan requirements (“CPRs”), including your confirmations of understanding of CPRs, need for clarification of CPRs, and validation of completed CPRs. Additionally, at times, we may collect your feedback concerning your satisfaction with the Service and participating PCPs.

Some of the information that you, your health plan, or your PCP submit to wellPORTAL, such as, without limitation, information about your specific care plan, may constitute Protected Health Information (“PHI”) protected by the Health Information Portability and Accountability Act (“HIPAA”). For your own security and privacy, you should not submit to wellPORTAL any PHI that is not necessary for us to receive in order to provide the Service to you.

We may also collect certain technical data related to your use of the Service, including your IP address, the web pages you select as you navigate through the Service, your location and language, the operating system and browser for your device, and the identity of your network providers. We use third party service providers, such as Google Analytics, to analyze the operation of the Service. The way Google collects and uses data in providing its analytics is described here. wellPORTAL may also use cookies to recognize users. You may be able to configure your browser or device to reject cookies, but if you do so, it may affect your ability to use the Service.

3. How Do We Use the Personal Information We Collect?

We use the personal information we collect for the following purposes:

• To provide the Service to you. For example, we may use your personal information as follows:
  • To help you schedule PCP appointments.
  • To help coordinate your health care.
  • To help facilitate access to health care services.
  • To send you notifications and reminders of care plan requirements (CPRs) and then notify your PCP when you need clarifications of CPRs or report completed CPRs.
  • To respond to your requests for customer service support from your PCP or your health plan.
• To provide information to your health plan. For example, we may use your personal information to report the completion of CPRs to facilitate your eligibility for enhanced benefits, financial incentives, and/or other rewards that may be available to you from your Health Plan.
• To improve the Service. In particular, we analyze the technical data we collect about the use of the Service to understand how users are using the Service and to improve it.
• To create aggregate-level data that we may publish in reports and marketing materials about the Service (“Aggregated Data”). Aggregated Data does not identify any individual user or user’s personal information. An example of Aggregated Data would be a finding that indicates, “85% of eligible wellPORTAL users completed a given CPR, such as a Colon Cancer Screening.

4. When Do We Disclose Your Personal Information?

We do not disclose the personal information we collect about you to any third party without your permission, other than under the following circumstances (as allowed under HIPAA):

• To facilitate and support the operations of your PCP and your health plan, to support payments for health care services, and to facilitate health care treatment.
• When you submit requests to us for support and services from your PCP or health plan, including but not limited to PCP appointment scheduling, care coordination, care navigation, and general customer service support, we may disclose your personal information to your PCP, health plan, and other health care providers to fulfill your request.
• When you submit responses to care plan requirement notifications provided by the Service, wellPORTAL may use your responses to help clarify your understanding of care plan requirements and validate compliance with the same so that you may earn financial incentives from your health plan.
• When you submit responses to patient satisfaction surveys provided by wellPORTAL, we may use that data to assess the overall performance of wellPORTAL’s participating PCPs.
• When you submit information such as, without limitation, membership identification number, date of birth, log-in and/or password, wellPORTAL may use that data strictly for the purpose of authenticating your identity and granting you access to the Service.
• We may disclose personal information to wellPORTAL service providers and affiliated companies to the extent reasonably necessary to provide the Service to you. For example, if you request support from wellPORTAL for a technical problem with your use of the Service, your support call may be handled by a wellPORTAL-affiliated company that will have access to your information, as necessary, to help you. Any service providers or affiliates who receive personal information have agreed in writing to keep the information confidential and to use it only to provide services to wellPORTAL.
• If the business of wellPORTAL is acquired by a third party, such as in a merger, asset sale or other corporate transaction, your personal information will be transferred to the buyer. The buyer will be required to comply with this Privacy Policy with respect to your personal information.
• We reserve the right to disclose your personal information if compelled to do so by court order or otherwise required by law; or if wellPORTAL believes in good faith that such disclosure is necessary to comply with law or with legal process served on wellPORTAL, to protect the rights or property of wellPORTAL, to act in urgent circumstances to protect the personal safety of Users or the public, or in the event of a medical emergency.

5. Do Not Track Disclosure

wellPORTAL does not track users’ behavior across third party applications or web pages that users access before or after using the Service, and so does not respond to a “Do Not Track” signal. No third parties may track your behavior when using the Service.

6. wellPORTAL Security Standards

wellPORTAL uses reasonable industry-standard security practices designed to protect your data from loss, misuse, unauthorized access or disclosure, alteration, or destruction. To the extent your personal information constitutes PHI protected under HIPAA, wellPORTAL protects PHI in accordance with the security standards required for business associates under HIPAA. Your information may be stored and processed in the United States or any other country where wellPORTAL, its subsidiaries, affiliates, or agents are located. In all instances, wellPORTAL uses HITRUST CSF-certified cloud hosting and security vendors to ensure the safety of personal information.

7. Marketing

As part of the service, you may receive SMS (Text), push, or email messages or notifications regarding certain products, services, and complimentary goods.

8. Updating Your Personal Information

You may update and correct your telephone number, email address, or any other personal information at any time through the Service or by contacting wellPORTAL by email at Clientservices@wellportal.com or by telephone at 702-533-4353.

9. Complaints or Inquiries

If you have any complaints or inquiries about our Services, including how we handle your Personal Information, you may contact our Privacy Officer:

10. Unsubscribing from the Service or from Marketing Messages

You may deregister from the Service anytime by contacting wellPORTAL by email at Clientservices@wellportal.com or by telephone at 702-533-4353.

11. Modifications to this Privacy Policy

wellPORTAL may modify this Privacy Policy from time to time. If wellPORTAL makes any material changes to this Privacy Policy, it will send you a notice with a link to the modified Privacy Policy. If you do not agree with the revised Privacy Policy, you may unsubscribe from the Service. If you continue to use the Service after the effective date of the change, you will be deemed to have agreed to the modified Privacy Policy.

12. Effect of Privacy Policy

This Privacy Policy forms part of and is hereby incorporated into, the wellPORTAL Terms of Service.

13. Effective Date

The effective date of this Privacy Policy is July 1, 2023.