Change Healthcare Website Privacy Notice

Last Updated: December 15, 2017

PRIVACY SHIELD CERTIFICATION

Change Healthcare is Privacy Shield certified. For information, please visit our Privacy Shield notice.

PRIVACY NOTICE

This Privacy Notice (the “Notice”) describes how Change Healthcare ("Change Healthcare"), the operator of this Site, collects, protects and uses information we receive from visitors (“you” “your” “user(s)”) to this website. This Notice applies to all who visit and use our website, ChangeHealthcare.com, and online services as well as the websites and online services offered by our affiliates (collectively the “Site”). Affiliates are those entities that are owned, directly or indirectly, by Change Healthcare, or that are controlled by or under common control with Change Healthcare.

This Privacy Notice excludes those websites and online services operated by Change Healthcare or our affiliates that have separate privacy policies and do not incorporate this Privacy Notice by reference or otherwise. Different privacy policies may also apply to other parts of Change Healthcare’s web presence – for example, password protected areas or web pages for online recruitment. Please note that our Privacy Notice applies only to activities we engage in on the Site and does not apply to activities that are "offline" or unrelated to the Site (even if affiliated with Change Healthcare or linked to by this Site).

This Privacy Notice is incorporated into our Terms https://www.changehealthcare.com/terms-of-use, which also apply when you use our Site. By using the Site, you agree to the terms in this Privacy Notice. If you do not agree with the practices described in this Privacy Notice, please do not provide us with your personal information or otherwise interact with the Site.

1. The Information We Collect

Change Healthcare collects information from its users in several ways: (a) from Change Healthcare web server logs; (b) through cookies; (c) through third party ad services; (d) with web analytics; and (e) directly from you.

(a) IP Addresses (Server Log Information)

An IP address is a number automatically assigned to your computer whenever you access the internet that allows servers to recognize your computer and lets it communicate with others. Change Healthcare collects IP addresses in order to conduct system administration, report aggregate information to affiliates, subsidiaries or partners, and to conduct site analysis. Change Healthcare will also use IP addresses to identify any users who refuse to comply with Change Healthcare's Terms of Use Agreement, and to identify users who misuse or threaten Change Healthcare’s service, site, user, clients or others.

(b) Cookies and Web Beacons

Cookies are pieces of data that a Web site transfers to a user's hard drive for record-keeping purposes. Web beacons are transparent pixel images that are used in collecting information about website usage, e-mail response and tracking.

This Site uses cookies and web beacons to provide enhanced functionality on the site (e.g., user ID and password prompts) and aggregate traffic data (e.g., what pages are the most popular). These cookies may be delivered in a first-party or third-party context. Change Healthcare may also use cookies and web beacons in association with e-mails delivered by Change Healthcare. Our Site also captures limited information (HTTP referrer, last URL requested by the user, client-side and server-side clickstream) about visits to our Site; we may use this information to analyze general traffic patterns and to perform routine system maintenance. You have many choices with regards to the management of cookies on your computer. All major browsers allow you to block or delete cookies from your system. To learn more about your ability to manage cookies and web beacons, please consult the privacy features in your browser.

(c) Third Party Ad Services

Change Healthcare may utilize certain third-party advertising services to display or purchase advertising on its behalf. These third-party services may place a cookie on your computer for the purposes of ad tracking and presentation. Change Healthcare does not share personally identifiable user information with its advertising services.

(d) Web Analytics

Change Healthcare uses the Eloqua Marketing Platform to analyze website traffic on the Site as well as for online form data collection. We do not share this personal information with other third parties. To learn more about Eloqua privacy practices, click here.

Change Healthcare uses Google Analytics to understand Change Healthcare's site usage. Site usage information is used to help design, develop, and support Change Healthcare website. To the extent Change Healthcare uses Google Analytics Google receives and stores Change Healthcare's contributed site usage information (such as pages accessed), but it does not receive any personal or sensitive information as a part of this process. If you do not want data collected by Google Analytics, you can use the Google Analytics Opt-out Browser Add-on available on Google's website.

(e) Registration and Services

Registration. Change Healthcare website registration systems require users to give Change Healthcare contact information such as their name and e-mail address, and demographic information such as organization and/or role for certain areas of the Site. The user's contact information is used to contact the user when necessary. Change Healthcare uses this data to tailor the user's experience on the Change Healthcare website, showing the user content that reflects their stated preferences. This information may be shared with affiliates, subsidiaries, sponsors, advertisers or partners on an aggregate basis, but personal information will not be disclosed without the user’s consent.

Services. If you sign up for a particular service, including the ability to submit and receive electronic payments and remittances through Change Healthcare's ePayment service (the "ePayment Service"), Change Healthcare may collect personal information such as contact information (e.g., name, address, telephone number and e-mail address), demographic information (e.g., zip code, organization and/or role), billing information (e.g., credit or debit card numbers or banking information), or sensitive information (e.g. healthcare information). We use this information to verify that only authorized users are accessing the respective application; to provide you with the services you have selected; and to contact you when necessary, to communicate helpful tips and advice during your participation in this service.

(f) How We Respond to “Do Not Track” Signals

Some web browsers have a “Do Not Track” feature. This feature allows you to tell websites you visit that you do not want to have your online activity tracked over time and across websites. These features are not yet uniform across browsers. Our website does not respond to web browser “Do No Track” signals.

2. How We Use and Share the Information We Collect

Information collected by Change Healthcare may be used by Change Healthcare and its third party providers for general business purposes, including the following:

• For administration and improvement of the Site;
• For forum registration, and for enrollment in and administration of services offered by Change Healthcare and its third-party providers (including, without limitation, the ePayment Service);
• To provide personalized website content based on your preferences;
• To conduct surveys and research;
• To market our products and services and to further develop our products and services to improve our business;
• To communicate with you and respond to your inquiries, requests and applications and/or to send important notices;

We may also share your personal information, with or without notice:

• In response to a subpoena or similar investigative demand, a court order, or a request for cooperation from law enforcement or other government agency; to establish or exercise our legal rights; to defend against legal claims; or as otherwise required by law. In such cases, we may raise or waive any legal objection or right available to us.
• When we believe disclosure is appropriate in connection with efforts to investigate, prevent, or take other action regarding illegal activity, suspected fraud or other wrongdoing; to protect and defend the rights, property or safety of our company, our users, our employees, or others; to comply with applicable law or cooperate with law enforcement; or to enforce our web site Terms and Conditions or other agreements or policies.
• In connection with a substantial corporate transaction, such as the sale of our business, a divestiture, merger, consolidation, or asset sale, or in the unlikely event of bankruptcy.

3. Choice and Opt-Out

You will be given the right to opt-out of receiving any promotional materials about Change Healthcare or its partners whenever you receive a marketing communication or when you are asked to provide Personal information on this Site. If you do not opt-out at that time, but later decide that you do not wish to receive future communications of this nature you can contact us at MarketingCommunications@ChangeHealthcare.com or at the postal address provided below, indicating that you no longer want to receive information relating to this Site or marketing communications from Change Healthcare.

4. Security

Security of information communicated by or to us over the Internet is of utmost concern to us, however, no data transmission over the Internet can be guaranteed to be 100% secure. To help protect the privacy of data and personal information you transmit through use of this Site, we maintain physical, technical and administrative safeguards. We update and test our security technology on an ongoing basis. We restrict access to your personal data to those employees who need to know that information to provide benefits or services to you. In addition, we train our employees about the importance of confidentiality and maintaining the privacy and security of your information. We commit to taking appropriate disciplinary measures to enforce our employees' privacy responsibilities.

5. Children's Privacy

This website is not directed to children under the age of 13, and we do not knowingly collect information from children under the age of 13.

6. External Links

There are a number of places on our Site where you may click on a link to access other web sites that do not operate under this Privacy Notice. We are not responsible for the nature, quality or accuracy of the content or opinions expressed on such websites, or of the services provided through such websites. Even if an affiliation exists between our Site and a third-party website, we exercise no control over linked sites. Each of these linked sites maintains its own independent privacy and data collection policies and procedures. While Change Healthcare expects its partners and affiliates to respect the privacy of our users, Change Healthcare cannot be responsible for the actions of third parties. We recommend that you consult the privacy notices of all web sites you visit by clicking on the "privacy" link typically located at the bottom of the web page before providing any personal information.

7. Data Storage, Retention, Consent and Modifications to Privacy Notice

This Site is controlled, operated and administered within the United States, and your personal information is stored by Change Healthcare on its servers, and on the servers of the cloud-based database management services Change Healthcare engages. Change Healthcare retains data for the duration of our customer’s business relationship with the Change Healthcare, unless as otherwise agreed with our customer. For more information on where and how long your personal data is stored, and for more information on your rights of erasure and portability, please contact Change Healthcare’s Privacy Office at chiefprivacyofficer@ChangeHealthcare.com.

By using this Site, you signify your agreement to the terms of this Notice. If you do not agree with this Notice, please do not disclose any personal information through this Site. This Notice and the use of this Site are governed by Tennessee law. Any claim related to the Site or this Notice shall be brought in a federal or state court in Nashville, Tennessee, within one year after the claim arises. Users of the Site consent to the exclusive jurisdiction and venue of such courts as the most convenient and appropriate for the resolution of disputes concerning this Notice. This Notice and the notices outlined herein are not intended to and do not create any contractual or other legal rights in or on behalf of any third party.

8. Health Insurance Portability and Accountability Act (“HIPAA”)

As a provider of services and technology to the health care industry, Change Healthcare has implemented programs to address the privacy and security requirements established under HIPAA. Under HIPAA, each covered entity (health care provider, health plan or health care clearinghouse) is required to provide or make available to you a Notice of Privacy Practices (NoPP), depending on your interaction with the covered entity. To the extent a Change Healthcare affiliate or subsidiary is a covered entity, a NoPP will be provided to you or made available to you. The NoPP is not related to the practices described in this Privacy Notice.

9. Special Notice to California Residents

California Civil Code Section 1798.83 gives California residents that have provided Personal Information to Change Healthcare pursuant an established business relationship, the right to request certain information with respect to the types of personal information the business shares with third parties for direct marketing purposes by such third party, and the identities of the third parties with whom the business has shared such information during the immediately preceding year. To request a copy of this information disclosure, if any, from Change Healthcare, please send a request to MarketingCommunications@ChangeHealthcare.com with a preference on how our response to your request should be sent.

10. Modifications to Privacy Notice

Change Healthcare may modify this Notice at any time, at its discretion, and modifications are effective upon being posted on this Site. You are responsible for reviewing this Notice periodically to ensure that you are aware of any changes to it.

11. Contact Us

If you have questions regarding this Privacy Notice, please contact us via email at chiefprivacyofficer@ChangeHealthcare.com (please include "Change Healthcare Web Site Privacy Notice" in the subject line), or via US Mail at: Change Healthcare, Privacy Office (Attn: Change Healthcare Web Site Privacy Notice), 5995 Windward Parkway, 5th Floor, Alpharetta, GA 30005.