Online Services Privacy Policy
We recognize that the privacy of your information is important. This Online Services Privacy Policy ("Privacy Policy" or "Policy") describes our practices in connection with information we collect through the online and mobile websites, platforms, technology, and applications that we own or operate and that contain a link to this Privacy Policy (collectively, "Online Services").
As used in this Policy, terms such as "we," "us," "our," and "Company" refer to UMR, Inc. and its current and future affiliated entities, subsidiaries, agents, contractors or vendors. UMR, Inc. (UMR) is a third-party administrator of certain benefit plans sponsored by Government Employees Health Association, Inc. (GEHA). GEHA, as the health plan sponsor, has the right to use the Information (as defined below) in accordance with applicable laws and GEHA's Notices of Privacy Practices. Nothing in this Policy supersedes or amends the terms and conditions of the agreement between UMR, Inc. and GEHA nor the information in the member's applicable plan brochure.
Our Online Services are intended for a United States (“U.S.”) audience. Any information you provide, including any personal information, will be transferred to and processed by a computer server located within the U.S.
By using the Online Services, you consent to our collection, use, disclosure, and storage of information as described in this Privacy Policy.
Our Privacy Policy explains:
Our Policy applies to Online Services that we own or operate and that contain a link to this Privacy Policy. Our Policy does not apply to information collected through other means such as by telephone, via Online Services that do not link to this Privacy Policy, or in person, although that information may be protected by other privacy policies.
Our Policy does not apply to the practices of other companies or other websites or software applications that may be linked from or made available through our Online Services.
The inclusion of a link on our Online Services or the ability to utilize a third-party website or software application through our Online Services does not imply that we endorse, or otherwise monitor the privacy or security practices of that third-party website or software application or the accuracy of its content, and your use of the third-party website or software application is governed by the third-party's privacy policy.
Some of our products and services are regulated by certain state and federal laws, including the Health Insurance Portability and Accountability Act ("HIPAA") and may have specific privacy practices ("Product Privacy Notices") such as a HIPAA Notice of Privacy Practices or other specific privacy practices of which we want you to be aware. This information can be found in the
Specific Product Privacy Notices section of this Privacy Policy. When a Product Privacy Notice exists, the content of the Product Privacy Notice applies to your use of the product and service.
This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
We may collect two basic types of information through the Online Services:
(1) information you provide directly to us, and
(2) information that is automatically provided to us or collected through your use of our Online Services (collectively, “Information”).
Such Information may include information that identifies you such as your full name, telephone number, email address, postal address, certain account numbers, your User ID that you create or is assigned to you, health and medical information, including Protected Health Information, as defined by HIPAA, financial information and other information described in this Privacy Policy.
When you use the Online Services, you may provide certain Information directly to us. For example, you may input a telephone number or email address into a webform or enter information into a chat functionality. We also may make certain information available to you on the Online Services that we collect from other sources. For example, we may pre-populate certain demographic information in an online form or make health or medical information viewable on the Online Services that you have provided to us on paper forms or maintained in other information systems.
We also may obtain Information that is automatically collected through the Online Services. The automatically collected Information may include demographic, de-identified, aggregated, or certain information from your device such as technical information about your device, web-browser
information, and server log files collected by us or provided by you. See
Cookies and Tracking for more information on automatically collected information.
You may limit the Information you provide or make available to us if you want to; however, that may limit your ability to access or use certain functions of the Online Services or to request certain services or information.
Mobile Devices and Applications
In addition to the Information identified above, we may collect the following Information:
Information that Identifies You
- Health, medical, therapy, or financial information;
- Information created by the Company;
- Location data such as GPS, Wi-Fi, or carrier network location (see below for more details); and
- User files stored on your device like calendars, photos, and videos, if you grant permission through your device settings.
What You Do on Your Device
- Camera use. Certain features may have access to your camera if you grant permission in your device settings;
- Local storage;
- Phone dialer;
- Use of screen, e.g., what points are touched, frequency, etc.; and
- Patterns of app usage.
Device or System Data
- Mobile Device Identifier, e.g., Unique Device Identifier (“UDID”), Android ID; and
- Technical information about your device and system and application software, e.g., type of phone, Operating System (OS), and IP address.
We may obtain location data from your device to provide location-related services (e.g., driving directions or distance calculation, via the mobile application). You may withdraw consent to use precise, real-time, or network location data at any time by turning off the location-based feature on your mobile device or by not using any location-based features. If you withdraw your consent, functionality associated with precise, real-time, or network location (e.g., navigation) will no longer work.
For Android Users – Required Disclosures for Certain Health Applications
Google has determined that certain applications are subject to their COVID-19 applications requirements (“COVID-19 requirements”). As a result, we are providing the following information related to our applications that may be deemed in scope for their COVID-19 requirements:
- Our applications were not created specifically for the COVID-19 pandemic.
- Our applications interact with your camera and camera roll only if you grant permission in device settings. This information is not specifically collected or used in connection with COVID-19 related data. For example, you may grant permission to access your camera or camera roll to take or save a photo of your ID card or other document to store within the application or share with your provider or health plan at your direction.
We may use your Information:
- To respond to an email, chat or other instant message or particular request from you;
- To communicate with you;
- To provide you with content, services, and functionality through our Online Services or other services that we may offer;
- To process an application for a product or service as requested by you;
- To authenticate you on any portion of our Online Services and with vendors acting on our behalf;
- To administer surveys and promotions;
- To personalize your experience on our Online Services;
- To provide you with informational or promotional offers, as permitted by law, and with consent when required, that we believe
may be useful to you, such as information about products or services provided by us or other businesses;
- To perform analytics and to improve our Online Services;
- To facilitate the provision of software updates and product support;
- To improve services related to the Online Services;
- To comply with applicable laws, regulations, and legal process;
- To protect someone's health, safety, or welfare;
- To protect our rights, the rights of affiliates or third parties (including GEHA), or to take appropriate legal action, such as to enforce our Terms of Use;
- To keep a record of our transactions and communications; and
- As otherwise necessary or useful for us to conduct our business, so long as such use is permitted by law or for any other purpose with your consent.
We may contact you using the Information you provide through our Online Services, including any email address, telephone number, cell phone number, or fax number. We may communicate, electronically or via telephone with you about your benefit plan, programs, products, or services
that are or may be available to you in connection with your transactions with us including, but not limited to, Online Services updates, account information, general wellness, prescription or appointment reminders, general health information, newsletters, and surveys. These electronic
communications may contain protected health information. You acknowledge and accept that such communications may be sent unencrypted and there is some risk of disclosure or interception of the contents of these communications.
We may, when permitted, combine your Information with other information, whether online or offline, maintained or available to us from you or from other sources, such as from our vendors, and we may use and disclose combined data for the purpose described in this Section in connection with our administration of the GEHA plans or for GEHA’s internal business purposes. We or GEHA may, when permitted, use and disclose de-identified and aggregated data for any purpose, which may include, without limitation, disclosures to third parties for analytics purposes such as evaluating the Online Services and providing additional benefits, programs, and services.
We will only share your Information with third parties as outlined in this Policy and as otherwise permitted by law or as permitted with your consent.
We may share Information if all or part of the Company is sold, merged, dissolved, acquired, or disbanded to any extent in a similar transaction, or in connection with steps that may need to be taken in anticipation of such events.
We may share Information in response to a court order, subpoena, search
warrant, or to comply with law or regulation. We may cooperate with law
enforcement authorities in investigating and prosecuting activities that are
illegal, violate our rules, or may be harmful to other visitors.
We may also share Information when permitted by law within the Company,
including among affiliates, or with our parent company, or subsidiaries.
We may also share Information with other third-party companies with which
we have a business relationship or hire to perform services on our behalf.
For example, we may hire a third-party company to help us send and
manage email, and we might provide that third-party company with your
email address and certain other Information for them to send you an email
message on our behalf. Similarly, we may hire third-party companies to
host or operate some of our Online Services and related computers and
software applications.
Our Online Services may permit you to view your profile, if applicable, and
access related Information about you and to request changes to such
Information. Please remember, however, if we have already disclosed some
of this Information to third parties, we may not have access to that
disclosed information and may not be able to force the modification of any
Information by the third parties to whom we have made those disclosures.
Communication Preference Management
Our Online Services may permit you to select how you would like to receive
certain communications. You can view and update your communication
preferences in the Notifications tab/Account Settings page. For
OneHealthcare ID users, you can view and update your communication
preferences by clicking on the
Manage Your One Healthcare ID link located
on your log-in page.
We may offer mobile applications that enable us to communicate with you
through push notifications. Where mobile applications are offered, you may
be able to manage push notifications in your mobile phone or tablet
settings. You may also be able to control preview settings in your email
applications.
If you need additional assistance in opting out of a communication,
please
Contact Us for assistance. Please be aware that opt-outs may not
apply to certain types of communications, such as account status, Online
Service updates, or other communications.
Informational Electronic Communications
We may provide you with Informational Electronic Communications.
Communications. Informational Electronic Communications include, but
are not limited to, information about your benefit plan, programs, products,
or services that are or may be available to you in connection with your
transactions with us, Online Services updates, account information, general
wellness, prescription or appointment reminders, general health
information, newsletters, and surveys.
Any request to opt-out of receiving Informational Electronic
Communications will be effective only after we have a reasonable period of
time to process your request. Opt-outs may not apply to certain types of
communications, such as account status, Online Service updates, or other
communications.
Communications sent electronically may be provided either (1) via email;
(2) by access to a website that we will designate in a notice we send to you
when the information is available; or (3) by other electronic means. At
times, in our sole discretion, we may still send you paper communications
in lieu of, or in addition to, sending them electronically.
Informational Calls and Texts
When you provide us a telephone number, whether landline or mobile, we
may contact you, using automated, pre-recorded, or non-automated means,
to provide you information about existing benefits, programs, products,
services, or tools in compliance with the requirements applicable state and
federal law, including the Telephone Consumer Protection Act.
Personal Information collected through our texting programs will not be
shared, sold, or disclosed to third parties for their own marketing purposes.
We reserve the right to modify this section at any time. The modified
section will be effective immediately upon posting. Your continued receipt
of Informational Electronic Communications and Informational Calls and
Texts will constitute your acceptance of the modified section.
Our
Texting Terms and Conditions, as well as any program-specific
requirements apply to your interactions with us via text and are
incorporated in this Privacy Policy by reference.
The Company may use various technologies, including cookies, tokens,
tags, web logs, web beacons, scripts, and web server logs to gather
automatically collected information and may aggregate this information
from visitors of our Online Services or to enable certain features of our
Online Services. This information may include demographic data, technical
information about the technology (
e.g., phone, computer) you use to
connect to the Online Services, web browser information, your IP address,
and browsing behavior such as pages visited and how often they are visited
(collectively, "Activity Information"). We may also use third-party analytics
companies to provide these services.
We may also allow third parties to use cookies and other technologies to
collect Activity Information and to track browsing activity over time and
across third-party websites such as web browsers used to read our Online
Services, which websites are referring traffic or linking to our Online
Services, and to deliver targeted advertisements to you. We do not control
these third-party technologies, and their use of such technologies is
governed by their own privacy policies. For more information about third-party advertising networks and similar entities that use these technologies,
see
youradchoices.com/control, and to opt-out of such ad networks' and services' advertising practices, go to
optout.aboutads.info and
optout.networkadvertising.org/. Once you click the links, you may choose to
opt out of such advertising from all participating advertising companies or
only from advertising provided by specific advertising companies. Please
note that, to the extent advertising technology is integrated into the Online
Services, you may still receive advertisements even if you opt out of tailored
advertising. In that case, the ads will just not be tailored. Also, we do not
control any of the above opt-out links and are not responsible for any
choices you make using these mechanisms or the continued availability or
accuracy of these mechanisms.
Activity Information is captured using various technologies and may include
cookies. "Cookies" are small text files that may be placed on your computer
or mobile device when you visit an Online Service or click on a URL using
your web browser. Cookies may include "single-session cookies" which
generally record information during only a single visit to a website and then
are erased, and "persistent" cookies which are generally stored on a
computer or mobile device unless or until they are deleted or are set to
expire. You may disable cookies and similar items by adjusting your
browser preferences at any time; however, this may limit your ability to take
advantage of all the features on our Online Services. In addition, you may
also have additional means to manage the collection of Activity Information
by:
- Managing the use of "flash" technologies, with the Flash management tools available at Adobe's website;
- Visiting the Adobe Digital Marketing Suite to "Opt-Out" of data aggregation and analysis;
- Clicking on the "Opt-Out" link at the bottom of the home web page, if applicable; and
- Visiting Google to "Opt-Out" of display advertising or customize Google display network ads.
Please note that we do not currently respond to web browser "Do Not
Track" signals that provide a method to opt out of the collection of
Information about online activities over time and across third-party
websites or online services because, among other reasons, there is no
common definition of such signals and no industry-accepted standards for
how such signals should be interpreted.
We gather Activity Information about you to improve the quality of our
Online Services, such as the best method and time to contact you. Without
limiting the other ways in which we may use Information as described
herein, we may otherwise use and disclose your Activity Information unless
restricted by this Policy or by law. Some examples of the ways we may use
your Activity Information include:
- Customizing your experiences, including managing and recording your preferences;
- Authenticating your account information;
- Online Services development, and research purposes;
- Tracking resources and data accessed on the Online Services;
- Developing reports regarding Online Service usage, activity, and statistics;
- Assisting users experiencing problems with our Online Services;
- Updating and servicing our Online Services;
- Enabling certain functions and tools on the Online Services; and
- Tracking paths of visitors to the Online Services and within the Online Services.
As described above, we may use tracking technologies that allow us to
recognize your device when you return to our Online Services within a
period of time, as determined by us, and to support automatic login to your
Online Services if enabled by you. To maintain your privacy, you should
affirmatively log out of your account prior to your session ending (whether
you end your session or we end your session, for example if our Online
Services has "timed out" - i.e., we have ended your session automatically
after a period of inactivity as determined by us in our sole discretion).
Unless you affirmatively log out of your account, you may be automatically
logged back in the next time you or any user of your devices visits the
Online Services.
Retention of Data
We will retain your personally identifiable information (PII) and Activity
Information for as long as is necessary for the purposes set out in this
Privacy Policy. We will retain and use your PII to the extent necessary to
comply with our legal obligations (for example, if we are required to retain
your data to comply with applicable laws), resolve disputes, and enforce our
legal agreements and policies.
Posting Messages, Comments and Content
Our Online Services may have voluntary collaboration areas, including but
not limited to "blogs," "bulletin boards," "leader boards," and "health games,"
that permit users to have collaborative discussions and/or share
Information. Some of our Online Services may permit you to select a display
name or image that will be your "nickname" on the Online Service. Please
note, any Information you submit or post to these collaboration areas,
including your display name or image, may be visible by other users of the
Online Service, and such users may be able to identify you and make
information public. Out of respect for the privacy of others, please avoid
referring to the full names of others in your response and refrain from
sharing other participants’ identities or comments outside of these
discussions.
We maintain administrative, technical, and physical safeguards designed to
protect the Information that you provide on our Online Services. These
safeguards vary based on the sensitivity of the Information that is being
collected, used, and stored. We cannot guarantee the security of our Online
Services, nor can we guarantee the security of the Information you transmit
to us over the Internet, including your use of email. We are not liable for the
illegal acts of third parties such as criminal hackers.
It is your responsibility to safeguard the devices you use to access our
Online Services (such as laptops, tablets, and mobile devices), and to use
appropriate security settings on those devices. If those devices are lost,
stolen or misplaced, others may be able to access your account and your
personal Information using those devices. You should affirmatively log out
of your account (i) prior to ending your session, or (ii) if you will be inactive
on the Online Services for more than a few minutes; otherwise, the next
user of that computer or device, particularly a public one or one not owned
by you, may be able to access your account and the Information in your
account if your session has not ended.
You agree that you are solely responsible for any harm that may result from
someone accessing your account or personal Information on any computer
or device where you do not, for any reason, take the necessary steps to log
out of your account prior to ending a session on such device or computer.
We retain Information for as long as necessary for the purpose for which it
is collected, subject to a longer period if the Information is relevant to a
legal challenge.
We will not intentionally collect any personal information (as that term is
defined in the Children's Online Privacy Protection Act) from children under
the age of 13 through our Online Services without receiving parental
consent. If you think that we have collected such personal information from
a child under the age of 13 through our Online Services, please Contact Us immediately.
California “Shine the Light” Privacy Rights
California law permits our customers who are California residents to
request certain information regarding the disclosure of certain personal
information to third parties for their direct marketing purposes.
If we have disclosed any personal information to third parties for direct
marketing purposes, we will provide a list of the categories of personal
information, along with the names and addresses of these third parties to
you at your request. To make such a request, write us at the postal or email
address found in the
Contact Us section of this Policy.
This request may be made no more than once per calendar year. We
reserve our right not to respond to requests submitted other than to the
specified email or postal address. You should put "California Privacy Rights-Direct Marketing" in the email subject line and in the body of your request.
You must provide us with specific information regarding yourself so that we
can accurately respond to the request.
California Minors Under 18
If you are a California resident under the age of 18 and are a registered user
of our Online Services, you may request that we remove from our Online
Services any content you post to our Online Services that can be accessed
by any other user (whether registered or not). Please note that any content
that is removed from visibility on our Online Services may still remain on
our servers and in our systems. To request removal of content under this
provision, please write or email us at the postal or email address found in
the Contact Us section of this Policy. When you write to us, please provide
us with a description of the content and the location of the content on our
Online Services, along with any other information that we may require to
consider your request. Please note that removal of content under this
provision does not ensure complete or comprehensive removal of the
content or information posted on the Online Services by you.
Some of our products and services are regulated by certain laws, including
the Health Insurance Portability and Accountability Act (“HIPAA”).
Health Information Privacy Practices
If you receive healthcare products or services, visit the applicable HIPAA
Notice of Privacy Practices, available in the Specific Product Privacy
Notices section of this Policy, to learn about how we protect, use, and share
Protected Health Information (PHI) for your medical treatment, payment for
services, our operations, or as permitted by law. The HIPAA Notice of
Privacy Practices also describes your right to:
- See and obtain a copy of certain PHI, including your medical, billing, claims, and case management records;
- Request confidential communications;
- Request certain restrictions on the use and disclosure of your PHI;
- Request a correction to your PHI; and
- Request a paper copy of the HIPAA Notice of Privacy Practices.
Please note, we do not use PHI for activities or secondary purposes not
permitted by HIPAA.
You may notify us of a personal representative permitted to act on your
behalf by contacting the toll-free member phone number on your
membership ID card.
The following Product Privacy Notices supplement this Policy and explain
specific privacy notices with respect to certain products and services that
you may use, including access to more information about health or
financial privacy notices
It is our policy to protect the confidentiality of Social Security numbers
(“SSNs”) that we receive or collect in the course of business. We secure the
confidentiality of SSNs through various means, including physical,
technical, and administrative safeguards that are designed to protect
against unauthorized access. It is our policy to limit access to SSNs to that
which is lawful and to prohibit unlawful disclosure of SSNs.
We may change this Policy at any time. If we do so, such change will
appear on this page. We will also provide notice and choices to you, on the
Online Services and in other appropriate locations, based on the scope and
extent of changes. You may always visit this Policy to learn of any updates.
Your continued access to or use of the Online Services constitutes your
consent to these changes to this Policy.
Contact us regarding this Policy or related privacy practices. If you believe
we or any company associated with us has misused your Information,
please contact us immediately.
Privacy Office
PO Box 8006
Wausau, WI 54402-8006
Email:
uhc_privacy_office@uhc.com
Effective Date
October 1, 2024