PRIVACY

This Privacy Policy governs the manner in which Healthcare Management Administrators collects, uses, maintains and discloses information collected from users of the www.accesshma.com website.

BY USING THIS WEBSITE OR SUBMITTING ANY INFORMATION, INCLUDING PERSONAL INFORMATION SUCH AS YOUR NAME, EMAIL ADDRESS AND OTHER NON-PUBLIC INFORMATION, YOU (AND IF APPLICABLE ORGANIZATION THAT YOU REPRESENT) ACKNOWLEDGE TO BE BOUND TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE HMA’S WEBSITE OR COMPLETE ANY FORMS OR OTHERWISE PROVIDE HMA WITH ANY OF YOUR INFORMATION.

Personal identification information

We may collect personal identification information from Users in a variety of ways in connection with activities, services, features or resources we make available on our website. We will collect personal identification information from users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Web browser cookies

Our Site may use "cookies" to enhance User experience. User's web browser places cookies on their hard drive for record-keeping purposes and sometimes to track information about them. User may choose to set their web browser to refuse cookies, or to alert you when cookies are being sent. If they do so, note that some parts of the Site may not function properly.

How we use collected information

To personalize user experience; we may use information in the aggregate to understand how our Users as a group use the services and resources provided on our website.
To improve our website; we may use feedback you provide to improve our products and services.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Third party websites

Users may find content on our Site that links to the sites and services of our partners, suppliers, licensors and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

Changes to this privacy policy

HMA has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your acceptance of these terms

By using this Site, you signify your acceptance of this policy. If you do not agree to this policy, please do not use our Site. Your continued use of the Site following the posting of changes to this policy will be deemed your acceptance of those changes.

Annual reporting. As required by the CCPA, for the prior calendar year the following information is provided. Number of Requests to Know that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Delete that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Opt-Out that we received (0), complied with in whole (0) or in part (0), and denied (0). The mean number of days within which we substantively responded to Requests to Know (28 calendar days), Requests to Delete (0 calendar days), and Requests to Opt-out (0 calendar days).

Finally, you may be able to request information contained in the California Citizen Rights section in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information contained within our Privacy Policy.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Healthcare Management Administrators

www.accesshma.com

10700 Northup Way, Bellevue, WA 98004

800-869-7093

California Citizen Rights. Individuals who reside in the state of California, a “consumer,” as that term is defined under California law, have additional rights reserved under the California Consumer Privacy Act (CCPA) and the California Shine the Light law:

Protected Health Information Excluded. If you are a customer of one of our healthcare services, read our HIPAA SECTION to learn how we handle your Protected Healthcare Information. Any personal information you provide or that we collect in connection with administering or providing your healthcare benefits, or your status as a member of our one of our health plans in connection with your healthcare, will be handled in accordance with the Health Insurance Portability and Accountability Act of 1996 (HIPAA) Federal Standards, which preempts and is excluded from the requirements of the CCPA.
Right to Opt-Out. We do not sell personal information.
Right to Request Personal Information. As a consumer, you have the “right to know” and request that we disclose what personal information we collect, use, and disclose. See the instructions below for submitting a verifiable request, including through the online request form offered by us. You have the right to request the categories of personal information, as detailed under the CCPA, we have collected and store about you. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the CCPA. Upon receipt of a verifiable consumer request, described below in this Privacy Statement/Notice, from you to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to exercise of this or other applicable right(s). The information may be delivered by mail or electronically, dependent on portability and technical considerations under the CCPA. We may provide personal information to you at any time following a verified request, but shall not be required to provide personal information to you more than twice in a 12-month period.
Right to Delete Personal Information. You have the right to request we delete personal information we, or our service providers, store about you. Please keep in mind our response to such a request, upon verification, may include an explanation of the business purpose under which we may retain your information (for example, we would need to retain copies of a business transaction for financial records) in accordance with the CCPA.
Non-Discrimination. If you elect to exercise any rights under this section of our Privacy Statement, we will not discriminate or retaliate against you.

If you are a California consumer and have additional questions based on this section of our Privacy Statement, please use this web form, email us at compliance@cambiahealth.com, or call us toll-free at 877-878-2273. Also, be sure to check this policy for updates as we will review it at least every 12 months and make updates as necessary.

Identity Verification Requirement. We are required by law to verify that any data access request submitted under the authority of the CCPA was made by someone with the legal right to access the personal information requested. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, under the terms of the CCPA, we may request that you provide us with additional information in order for us to verify your identity and legal authority.

Access Request Responses. Under the CCPA, there may be certain circumstances where we would deny your request to access, receive, or delete personal information we hold. For example, we would deny requests where any such access or disclosure would interfere with our regulatory or legal obligations or where we cannot verify your identity. We also have the ability under the CCPA to deny requests if it would result in our disproportionate cost or effort. However, even where we will not substantively complete a request made under the CCPA, we will still provide a response and explanation to your request within a reasonable time frame and as required by law.

Disclosure of Categories. As defined by the CCPA, categories of personal information collected from consumers by us within the past 12 months include:

Categories	Examples	Collected (Yes or No)
A. Identifiers.	A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.	Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code §1798.80(e)).	A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.	Yes
C. Protected classification characteristics under California or federal law.	Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).	Yes
D. Commercial information.	Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.	Yes
E. Biometric information.	Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.	Yes
F. Internet or other similar network activity.	Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.	Yes
G. Geolocation data.	Physical location or movements.	Yes
H. Sensory data.	Audio, electronic, visual, thermal, olfactory, or similar information.	Yes
I. Professional or employment-related information.	Current or past job history or performance evaluations.	Yes
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).	Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.	No
K. Inferences drawn from other personal information.	Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.	Yes

Personal information may also be collected in the course of a natural person acting as a current or former job applicant, employee, director, officer, or contractor within the context of that natural person’s role. Additional information collected may include emergency contact and information to administer benefits, including to another person.

“Personal information” does not include publicly available information, meaning information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge. “Personal information” also does not include consumer information that is deidentified or aggregate consumer information. This Notice addresses online and offline practices by us. Information excluded from the CCPA’s scope includes health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Other information excluded includes those covered by the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the CCPA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.

This business has not sold categories of personal information within the meaning of the CCPA, including minors under 16 years of age.

Categories of personal information from our consumers disclosed for a business purpose within the past 12 months include:

(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;

(B) Categories of personal information as described in California Civil Code 1798.80(e);

(D) Commercial information, including records of personal property, products or services purchased, obtain, or considered, or other purchasing or consuming histories or tendencies;

(E) Biometric information;

(F) Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;

(G) Geolocation data;

(H) Audio, electronic, visual, thermal, olfactory, or similar information;

(I) Professional or employment-related information; and

(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology).

Categories of sources from which personal information was directly and indirectly collected in the past 12 months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to.

Categories of third parties with whom the business shared personal information in the past 12 months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.

Year: 2022	Request To Know	Request To Delete	Request to Opt-Out	Average days to respond
Denied	12	4	0	2
Complied in part	0	0	0	N/A
Complied in whole	0	0	0	N/A
Total	12	4	0
Average days to respond	3	1	N/A	N/A

Contact Us. To make a request please contact us at compliance@cambiahealth.com with “CCPA Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant.

View this policy as a pdf document.

This document was last updated on April 21, 2022.