Last Updated: April 2024
This notice supplements our Privacy Notice and applies to the category of personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA). If you are a Washington resident or if your consumer health data has been collected in Washington, please review this notice.
1. Consumer Health Data We Collect
Our collection, use, disclosure, and processing of consumer health data about individuals will vary depending upon the circumstances. This notice is intended to describe our overall privacy and data protection practices concerning consumer health data. Because consumer health data is defined very broadly, to include personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status, many of the categories of data we collect could also be considered consumer health data. Examples of consumer health data we collect may include:
- Health conditions, diseases, treatments, or diagnoses
- Social, psychological, behavioral, and medical interventions
- Health-related surgeries or procedures
- Use or purchase of prescribed medication
- Bodily functions, vital signs, symptoms, or measurements of same, and/or
- Data that identifies a consumer seeking health care services
2. Sources of Consumer Health Data
As described further in the Personal Information Collected section of our Privacy Notice, we collect personal data (which may include consumer health data) from a variety of sources, including insurance producers and third-party claims administrators.
3. Our Collection and Use of Consumer Health Data
We collect and may use consumer health data for the following purposes:
- Providing support and services: including to provide our Services, operate our Websites, applications and online services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
- Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct.
- Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
- Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
- Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.
4. Our Sharing of Consumer Health Data
We may share the following categories of consumer health data:
- Health conditions, diseases, treatments, or diagnoses
- Social, psychological, behavioral, and medical interventions
- Health-related surgeries or procedures
- Use or purchase of prescribed medication
- Bodily functions, vital signs, symptoms, or measurements of same
- Data that identifies a consumer seeking health care services
As necessary for the purposes described above, we share consumer health data with our clients in connection with providing professional services to them, insurance producers, and claims administrators. We also share consumer health data with third party service providers that help us provide our services and operate our business and with law enforcement, regulators, and others when disclosure of such information is required or to protect our legal interests.
5. How to Exercise Your Rights
MHMDA provides certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise these rights by contacting us, toll-free at 1-888-796-7920, submitting a request through this link, or emailing us at privacy@veritainc.com.
If your request to exercise a right under the MHMDA is denied, you may appeal that decision by emailing us at privacy@veritainc.com with the subject line “MHMDA Appeal.” If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.