Change Healthcare Privacy Notice – DEX™ Diagnostics Exchange

Effective Date: 2/18/2019

This Change Healthcare Privacy Notice ("Privacy Notice") explains (1) what information we collect and why we collect it; (2) how we use and protect that information; and (3) the choices and rights you have in relation to your information. This Privacy Notice applies to Personal Information we Process about you in the course of your use of the DEX™ Diagnostics Exchange products and/or services (collectively, the "Services"). "Personal Information" is information, or a combination of pieces of information, that (a) could reasonably be used to identify, locate, contact or otherwise link to an individual [or household], (b) relates to an identified or identifiable natural person, (c) is defined as ‘protected health information' under the Health Insurance Portability and Accountability Act ("HIPAA"), or (d) is subject to additional personal or related privacy protections under applicable law. "Processing" means using cookies on a computer or mobile device or using or touching information in any way, including but not limited to, collecting, storing, deleting, using, combining, and disclosing information.

By using the Services, you accept the privacy practices presented in this Privacy Notice. Privacy matters to Change Healthcare, so whether you are new to Change Healthcare or a long-time user, please read this Privacy Notice in full to understand our privacy practices before using the Services or submitting any personal or other information. If you have any questions, please contact us using the contact information at the bottom of this Privacy Notice.

This Privacy Notice applies only to the Services. Change Healthcare affiliates and subsidiaries may have separate websites, sub-domains, and services through other web, mobile, or cloud platforms which are not subject to this Privacy Notice. Additionally, Change Healthcare business partners, ad networks and other third parties have their own websites and services with separate privacy practices. We encourage you to read their privacy notices and understand their privacy practices.

This Privacy Notice is incorporated into our Terms of Use, which also apply when you use our Site. By using the Site, you agree to the terms in this Privacy Notice. If you do not agree with the practices described in this Privacy Notice, please do not provide us with your Personal Information or otherwise use the Services. Except to the extent required by law or regulation, certain provisions of this Privacy Notice may be superseded by other written agreements that your Institution (as defined below) has entered into with Change Healthcare.

Privacy Shield

Change Healthcare is Privacy Shield certified. For information, please visit our Privacy Shield notice.

Information controlled by your Institution

The Services access information in a database in connection with the license of Change Healthcare products or services by your health agency or institution ("Institution"). Upon licensed access, Change Healthcare will provide you the Services as authorized by your Institution such as access to your Institution's servers and databases. Information transmitted to your Institution shall be stored, collected, used, retained, or shared by your Institution according to its policies and procedures.

What information is collected through the Services?

Licensed users of the Services may access information contained in your Institution's or Change Healthcare's database. Based on your Institution's configuration, the Services may also collect Personal Information and other information from a variety of sources, including from you directly as well as through your use of the Services. This data may include:

Information we may collect directly from you:

  • Personal details (e.g., full name, initials, age, date of birth).
  • Contact details (e.g., personal and business phone number, email address, postal address, title).
  • Account details (e.g., username, password, customer ID, license number and other product registration information).
  • Professional and Employment (occupation and title).

Information we may collect through your use of the Services:

  • Technical information collected from your computer or mobile device (e.g. your IP address, browser type, operating system).
  • Transaction-related information (e.g., product download ID/name, account contact information, device ID, download frequency/time).
  • Information about your usage of the Services (e.g. the pages you visit, how often you use the Services, content sent or received using the Services, the pages you access before and after accessing the Services).
  • Device event information (e.g., errors, system activity, hardware settings, the date and time of your request).

Information we may collect from other sources:

  • Information captured during account registration.

We may also be required by law to collect certain Personal Information about you or as a consequence of any contractual relationship we have with you. Failure to provide this information may prevent or delay the fulfilment of these obligations.

Information on your location

We may collect information about your location for troubleshooting or to enhance your experience with the Services. Furthermore, we may share your geolocation with your Institution. Geolocation information is a critical component of certain Services.

How Does Change Healthcare Use the Information We Collect?

Change Healthcare uses the information we collect to provide, maintain, protect and improve the quality of our services, to develop new products and services, and to protect Change Healthcare and our users.

Information we collect may be used to:

  • Activate your access to the Services or related databases.
  • Identify and authenticate you as a user.
  • Improve our services (e.g., perform diagnostic services such as error reporting).
  • Provide personalized user services or customized site content.
  • Perform location verification and identify applicable state regulations.
  • Identify usage trends.
  • Perform data analysis and audits.
  • Send push notifications.
  • Communicate with you (e.g., respond to questions you send us).
  • Exercise our legal rights (e.g., detect, prevent and respond to fraud claims, intellectual property infringement claims or violations of law or our Terms of Use).
  • Log into the Services.

We may also de-identify (e.g., pseudonymize) or anonymize your Personal Information in such a way that you may not reasonably be re-identified, and may use this information for any additional purpose allowable by law.

Processing of Sensitive Personal Information

We may Process certain special categories of Personal Information where necessary and in compliance with applicable local data privacy and data protection laws and otherwise as required by law. Examples of such information are data that reveals racial or ethnic origin, political opinions, religious or philosophical beliefs, or trade-union membership, that concerns health or sex life and sexual orientation, or that involves genetic data or biometric data.

How Does Change Healthcare Share the Information We Collect?

Information entered through the Services may be shared with your Institution. Change Healthcare exercises no authority over your Institution's privacy and data collection practices and policies or how your Institution may use information transmitted through the Services. Change Healthcare may also share information with companies, organizations or individuals outside of Change Healthcare if we have a good faith belief that access, use, preservation, or disclosure of that information is reasonably necessary to:

  • Meet applicable laws, regulations, legal processes or enforceable governmental requests.
  • Provide services you have requested.
  • Enforce applicable Terms of Service, including investigation of potential violations.
  • Detect, prevent, or otherwise address fraud, security or technical issues.
  • Protect against harm to the rights, property or safety of our users, Change Healthcare, or the public as required or permitted by law.
  • Engage in a merger, acquisition, reorganization, or sale of all or a portion of Change Healthcare assets.

We may share personal information with other Change Healthcare Business Units when permitted by law. Change Healthcare may also share information with our service partners who do work on our behalf, and have agreed to adhere to appropriate privacy, security and confidentiality provisions. User is given an option to opt-out of future outreach by Change Healthcare.

Health Information

As a key provider of services and technology to the healthcare industry, Change Healthcare has implemented programs to address the privacy and security rules required by applicable regulations, including HIPAA and the Health Information Technology for Economic and Clinical Health (HITECH) Act.

Health Information transmitted through the Services is controlled and maintained by your Institution. The Services may store up to a 15 day window of information of your scheduled patients on your device based on your Institution's settings.

Information from Children

The Services are not intended for any user under the age of 13.

Information Security

To help protect the privacy of data and Personal Information you transmit through use of the Services, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your Personal Information to those employees who need to know that information to provide the Services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

Information Retention

Your Personal Information is stored by Change Healthcare on its and/or your Institution's servers, and on the servers of the cloud-based database management services that we and/or your Institution engage. We retain your Personal Information (a) for the duration of your Institution's business relationship with Change Healthcare and for a period of time thereafter to allow your Institution to recover data if your Institution decides to renew its business relationship with Change Healthcare, (b) to analyze the data for Change Healthcare's own operations, (c) for Change Healthcare's historical and archiving purposes, and (d) for as long as we deem necessary to comply with contract, our legal obligations or defend against potential legal claims.

Do Not Track Signals

The Services do not track users over time and across third party websites to provide targeted advertising, and therefore does not respond to Do Not Track (DNT) signals. However, some third party sites do keep track of your browsing activities when they serve you content, which enables them to tailor what they present to you. If you are visiting such sites and do not want to be tracked, please adjust your web browser settings so third parties know you do not want to be tracked.

Privacy Notice Changes

As Change Healthcare grows, and our organization and products change from time to time, this Privacy Notice and our Terms of Use are expected to change as well. We reserve the right to amend the Privacy Notice and Terms of Use at any time, for any reason, without notice to you, other than the posting of the amended Privacy Notice and Terms of Use through the Services. Where required by law, if we make any revisions to this Privacy Notice or our Terms of Use that materially alter the ways in which we Process your Personal Information, we will notify you of these changes before applying them to that Personal Information.

Consent

By using the Services, you agree to the terms and conditions contained in this Privacy Notice, the Terms of Use and/or any other agreement that we might have with you. If you do not agree, you should not use the Services or any other Change Healthcare products or services. By using the Services, you are agreeing to our Processing of information as set forth in this Privacy Notice.

Contact Us

If you have questions or concerns about this Privacy Notice, please contact us via email at: chiefprivacyofficer@changehealthcare.com (please include "Change Healthcare DEX™ Diagnostics Exchange Privacy Notice" in the subject line), or via US Mail at: Change Healthcare, Privacy Office (Attn: Privacy Notice, DEX™ Diagnostics Exchange), 5995 Windward Parkway, 5th Floor, Alpharetta, GA 30005.

We are committed to working with you to obtain a fair resolution of any complaint or concern about privacy. If, however, you believe that we have not been able to assist with your complaint or concern, you may have the right to make a complaint to the data protection authority of your country of residence.