Privacy policy

This privacy policy describes the types of information Priority Health (“Priority Health” or "we," "our", or "us") may collect from you or that you may provide when you visit the website priorityhealth.com (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information.

Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use our Website. By accessing or using this Website, you agree to this privacy policy. This policy may change from time to time (see Changes to Our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.

Learn more about Interoperability and Priority Health

The Centers for Medicare & Medicaid Services (CMS) put forth new rules that create a more consistent framework for interoperability and shifted responsibility of your health care data to you as the member and owner of that data. Part of these changes include a simplified and consistent mechanism for applications (apps) to be able to ask you to allow their app to access your data. This rule requires Priority Health to implement and maintain a secure but "open" Application Programming Interface (API) for developers to create apps that can help you access your health care data and to help health care systems exchange information in an interoperable format when you allow them to do so. The information includes claims and encounter information for as long as Priority Health maintains it in its records. This access is for any member who has a Medicaid, including MIChild, Healthy Michigan Plan and Children's Special Health Care Services (CSHCS) plan, Medicare Advantage plan, or purchased a Qualified Health Plan (QHP) on the Federally-Facilitated exchanges through Priority Health. Priority Health has partnered with 1UpHealth to enable this capability. Members can request this information using one of the approved third-party applications (app).

CMS rules on interoperability limit what health insurance companies can do to stop apps from asking you to access your health data. This shift in responsibility for protecting your data means that you as the member have more control over who can access your health care data and you have more responsibility to protect your health care data. Priority Health believes it is important to provide you with educational resources concerning the privacy and security of your protected health information (PHI) in the context of disclosures of your information to third-party apps.

Steps you may take to protect your privacy and security

1. Review the app’s Privacy Policy and/or Terms of Service

You should feel comfortable asking whether the third-party app has a Privacy Policy and/or Terms of Service. In some instances, the app's privacy and security language may be in the app's Terms of Service and not a separate Privacy Policy. If the app does not have a Privacy Policy, you should evaluate the possible risks in moving forward with the app.

You can consider the questions noted below when reviewing the Privacy Policy. If the app's Privacy Policy does not clearly answer the below questions, you should reconsider using the app to access your health information. Health information is very sensitive, and you should be careful to choose apps with strong privacy and security standards to protect it.

What health data will be collected?
Will non-health data be collected from my device (ex: my location or any Internet search information)?
Will my data be stored in a deidentified or anonymized form (ex: someone would not know the data was about me)?
Will my data be stored or accessed outside the United States?
How will the app use my data?
What are the secondary uses of my data?
Will my data be disclosed to third parties (other companies) by the app for any purposes (ex: research and advertisement)?
Will this app sell my data to third parties for any reason?
Will this app share my data for any reason? If so, with whom and for what purpose?
How can I limit this app's use, disclosure, or sale of my data?
What security measures will be used to protect my data?
How will I be notified if there are any security concerns or any data breaches?
What impact could sharing my data with this app have on others, such as my family members?
How can I access my data and correct inaccuracies in the data retrieved by this app? (Note that correcting inaccuracies in data collected by the app will not affect inaccuracies in the source of the data.)
Does this app have a process for collecting and responding to user complaints?
Does this app allow its customers to see user complaints and how they were resolved? Or does this app provide a question-and-answer forum?
How do I terminate the app's access to my data if I no longer want to use the app or if I no longer want this app to have access to my health information? How difficult will it be to terminate access?
What is the app's policy for deleting my data from the company's records once I terminate access? Is it more than just deleting the app from my device?
How will this app inform me of changes in its privacy practices?

2. What should a member consider if they are part of an enrollment group?

Some members, particularly members who are covered by Qualified Health Plans (QHPs) on the Federally-facilitated Exchanges (FFEs), may be part of an enrollment group where they share the same health plan as multiple members of their tax household.

Information will only be shared per HIPAA guidelines, meaning that unless you are a minor, Protected Health Information (PHI) cannot be shared without a release. If you prefer that we do not share any information with anyone else on the plan you have the ability to set up security questions which would need to be answered in order to access the account.

3. What are a member’s rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification rules along with the Patient Safety Act and Rule. The HIPAA Privacy Rule covers health plans, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically. Priority Health is subject to HIPAA.

Learn more about rights under HIPAA and who is obligated to follow HIPAA.

You can also read more about HIPAA FAQs for individuals.

4. Are third-party apps covered by HIPAA?

Most third-party apps will not be covered by HIPAA because they are not affiliated with entities governed by the HIPAA Privacy Rule. Third-party apps likely fall under the Federal Trade Commission (FTC)'s jurisdiction and the protections provided by the FTC Act. Among other things, the FTC Act protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy stating that it will not do so).

Learn more from the FTC about mobile app privacy and security.

5. What should a member do if they think their data has been breached or an app has used their data inappropriately?

You should keep in mind that once health information leaves Priority Health that there is a potential that the information released may be disclosed (released/shared) by the recipient (the third-party app) and that it may no longer be protected by HIPAA.

If a you believe your data with the third-party has been used inappropriately or breached you can submit complaints to the Office for Civil Rights or to the Federal Trade Commission (FTC).

Learn more from the FTC about mobile app privacy and security.

The privacy team can be reached by emailing privacy@spectrumhealth.org or by calling the privacy hotline at 616.486.4113.

6. Additional resources

Summary of our practices

We don't collect your name, contact information, Social Security Number or other similar information unless you choose to provide it. We do collect other limited information automatically from visitors who read, browse, and/or download information from our site. We do this so we can understand how the site is being used and how we can make it more helpful. Go to the section below titled Types of Information We Collect for more information.

Personally identifiable information (PII) refers to information which can be used to distinguish or trace an individual’s identity, such as their name, Social Security Number, biometric records, etc. alone, or when combined with other personal or identifying information which is linked or linkable to a specific individual, such as date and place of birth, mother’s maiden name, etc.

If you create a Priority Health member account, fill out an application for health care coverage, and use other tools on the site, we collect the personally identifiable information. This information is collected in order to provide you services, such as, to compare health plans and benefits, determine eligibility for health coverage, to choose a plan, and/or to enroll in coverage.

How we collect and use your personal information

Your Priority Health member account registration collects information such as your name, date of birth, member ID number and other contract information. We use it to verify that you have access to the personal, health and billing information your member account displays.
Our Secure Message form asks for your name, email address, phone number, mailing address and other information. We use it to reply to you when answering your questions or comments.
Our Web Feedback form saves your email address IF you enter your email address in the form. We use it to reply to your questions and comments.
Claims we get from doctors, hospitals, pharmacies and other health care professionals are used to pay for your health care give us information about your health. We use this information:
- To track whether doctors are making sure you get all the preventive care you need.
- To let you know that you might be due for preventive care, such as a mammogram or cholesterol test.
- To see if you are having more than one health problem at a time and may need the help of a care manager.
- To show employers if conditions like diabetes are costing them more than average. This information is shared as a percentage of all employees ("20% have diabetes"), NOT as a list of individual employees ("Jane Doe and John Smith have diabetes").
The online personal health planner and health risk assessment that you can access at WebMD^® when you are logged in to your member account on this website collects information you voluntarily provide about your physical condition and health and family history. Our medical department may use the health information to help us determine if you have a health condition that we can help you manage. Note: When you register your member account on our website, you also accept the WebMD^® privacy policy and their terms and conditions of use.
The Cost Estimator and Coverage Check tool collects information about what health procedures you search for and what providers you choose. This lets us determine if you have earned a reward for choosing a lower-cost provider when we get a claim for one of the reward-eligible medical and surgical procedures.
Lead Ads are advertisements served by third parties on our behalf across the Internet and to provide analytics services. These third parties, including Facebook, may use cookies, web beacons, and other technologies to collect information about your use of the Applications and other websites and software applications, including your IP address, web browser, pages viewed, time spent on pages, links clicked, and conversion information. This information may be used by us and these third parties to analyze and track data, determine the popularity of certain content, deliver advertising and content targeted to your interests in our services and other websites and software applications, and better understand your online activity. We do not sell Lead Ad-generated data under any circumstances . This privacy policy does not apply to, and we are not responsible for, third party cookies, web beacons, or other tracking technologies and we encourage you to check the privacy policies of these third parties to learn more about their privacy practices.
Mobile - This information by itself doesn't identify you to us, though the information may be unique or consist of or contain details you consider personal. If you use products and services that are location-enabled (for example, Google Maps) while accessing our Website, tools or services, you may be sending us your location information. This information may reveal your actual location, such as GPS data.

We may record your phone number when you:

Send it to us
Ask us to remember it
Make a call to us
Receive from us or send to us a text or SMS (short message service)

The information we collect for mobile may include:

Device or hardware ID's and device type
Type of request
Your phone carrier
Your carrier user ID
The content of your request
Basic usage state about your device

Some of our products, tools and services may allow you to download and/or personalize the content you receive from us. For these products and services, we record information about your downloads and preferences, along with any information you provide about yourself. If the product, tool or service requires you to log in with your Priority Health member account, this information will be associated with your Priority Health member account.

Cookie policy and other tracking technology

As you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:

Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
Information about your computer and internet connection, including your IP address, operating system, and browser type.

Estimate our audience size and usage patterns.
Store information about your preferences, allowing us to customize our Website according to your individual interests.
Speed up your searches.
Recognize you when you return to our Website.

Some of the technology we use for this automatic collection of data may include browser cookies and Flash cookies. Browser cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.

If you do not wish to allow browser cookies, please disable cookies by changing your browser settings before continuing to use this Website. Please be aware that some of the Website's functions or features may not work properly without cookies.

Certain features of our Website may also use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.

Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).

We also use web beacons to know when a user is redirected to the Website by clicking or otherwise interacting with an advertisement that we ran on another website. This is known as “click tracking” or “conversion tracking,” and we use it to better target our advertisements (known as “retargeting”) to inform you about the services available through our Website.

In addition to our tracking technology, we collaborate with various third-party service providers who also use cookies to help us optimize our Website, understand more about the visitors to our Website, or place advertisements for our services on sites and applications operated by others (also called interest-based advertising). For example, we use Google Analytics to provide us with demographic information about our visitors and to help us analyze how people use our website.

Disclosure of your information

Any personally identifiable information you give us will be used only as permitted by law, including to provide the product, service or information you have requested, like a price quote, or to support the programs for which you registered. Unless you specifically consent to let us do so, your personally identifiable information, including your email address (or mobile phone number), will not be sold or rented other than our subsidiaries and affiliates, to contractors, vendors, service providers, and other third parties we use to support our business or who provide services to us, affiliates or business partners as appropriate. Additionally, unless subject to your consent, to fulfill a request from you, or as otherwise set forth in this Privacy Policy, we won’t send you any unsolicited email("spam").

The personally identifiable information we gather in aggregate form may be used to improve our Website and business, and we may share that information with our business partners, third-party vendors working on our behalf, or our health and wellness sponsors and vendors.

We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.

We don't use or disclose personal information you give us online, unless it's required or permitted under federal and state laws that apply to us. These laws closely regulate how we may handle your information.

Under these laws, we're permitted to use and disclose your personal information to support the services provided on this Website, as well as our offline business functions. We'll disclose information to government officials or others if we're legally required to do so. In addition, certain statutory authorizations allow us to disclose personal information in emergency situations or to protect our rights, property, and safety of Priority Health, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.

We also may disclose your personal information to our agents or business associates who perform various functions on our behalf, but we require these third parties to agree in writing to safeguard your information appropriately.

We and our third-party service providers may use your personal information to:

Respond to your inquiries and fulfill your requests
Send you administrative information, including information regarding any solutions or tools we provide on our Website and changes to our terms, conditions and policies
Allow you to share data from a tool or solution we provide on our Website to your friends
Personalize your experience on our Website by presenting products or offers tailored to you
Send you communications related to your health plan and, if you choose to opt in, related marketing promotions

In addition, we may use personal information you submit to our Website to create aggregated, anonymous data, which we'll use to tailor our site to your interests, develop new features, and monitor the usage of our site. We may perform statistical analyses of these aggregate data and disclose the results as permitted by law.

We may also disclose personal information that we collect or you provide as described in this privacy policy:

For treatment, payment or health care operations as allowed by the Health Insurance Portability and Accountability Act of 1996 (HIPAA).
To enforce or apply our terms of use and other agreements, including for billing and collection purposes.
For any other purpose disclosed by us when you provide the information.
With your consent.

Choices about how we use and disclose your information

We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:

Tracking technologies. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. To learn how you can manage your Flash cookie settings, visit the Flash player settings page on Adobe's website. If you disable or refuse cookies, please note that some parts of this site may then be inaccessible or not function properly.
Interest-based advertising. We may provide links and pointers to websites maintained by other companies or third-party websites. From time to time, we may provide materials from other parties or companies on this Website. Know that these third-party websites are independently owned and operated by someone other than Priority Health. These websites have their own privacy practices and policies. We provide these materials and links to other websites as a courtesy and "as is" without warranties of any kind, either express or implied. To the fullest extent permissible pursuant to applicable law, we disclaim all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness. We don't warrant or make any representations regarding the use or the results of the use of the third-party materials in the third-party websites in terms of their correctness, accuracy, timeliness, reliability or otherwise.

Children

We believe in the importance of protecting the privacy of children online. The Children’s Online Privacy Protection Act (COPPA) governs information gathered online from or about children under the age of 13. Our Website is not intended or directed at children under the age of 13 and we will not knowingly collect information about children under the age of 13. If you are under the age of 13, please do not submit your personal information. If you are a parent who believes that we have collected information about a child under age 13, please contact us as detailed below and we can delete the information.

Rights with respect to your personal health information

Federal law requires that we publish a Notice of Privacy Practices describing how we handle our members' PHI collected both online and offline. You'll find all the details of how we protect your PHI in our Notice of Privacy Practices. You may want to read this Notice to learn how we process your protected health information as well as what rights you have concerning such information.

We don't use or disclose any PHI you submit to our Website or our tools and services unless it's required or permitted under federal and state laws that apply to us or our Website.

These laws closely regulate how we may handle your PHI. Under these laws, we're permitted to use and disclose your PHI to support the services we provide on this Website, as well as our offline business functions.

We may disclose your PHI to our providers, agents or business associates who perform various functions on our behalf, but we require these third parties to agree in writing to safeguard your PHI appropriately. We don't sell or rent your PHI to third parties.

We'll disclose information to government officials or others if we're legally required to do so. In addition, certain statutory authorizations allow us to disclose personal information in emergency situations or to protect our rights and property.

We may use the PHI you submit to create aggregated, anonymous data, which we'll use to tailor our site to your interests, develop new features and monitor the usage of our site. We may also perform statistical analysis of this aggregate data and disclose the results as permitted by law.

We may disclose, transfer or sell the personal information collected through our Website as an asset of the company in conjunction with due diligence for or completion of a merger, reorganization or sale to a third-party of our company or a major portion of its assets.

We and our third-party service providers may use Protected Health Information to:

Respond to your inquiries and fulfill your requests, such as to send newsletters to you
Send you administrative information, including information regarding changes to our terms, conditions and policies
Personalize your experience by presenting products and offers tailored to you

In addition, we may use protected health information for our business purposes, such as quality improvement, data analysis, audits, new product development, service improvement, usage and trend identification, and promotional campaign effectiveness.

We won’t use or disclose your protected health information in any way other than those described in our Notice of Privacy Practices unless we have a signed authorization.

Data security

When you use our online services, you may be asked to provide personal information that is necessary for us to process your request. To ensure your transaction remains confidential, the information is sent to us using an encrypted form in a "secure session." We have implemented industry accepted information security measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. We also require the use of authentication, such as user ID and password, which allows us to verify your identity when you access our online services. We also use firewall technology to safeguard your information from outside access. However, the safety and security of your information also depends on you.

Security tips

Choose unique passwords. Don't use your Social Security number, birth date, middle name, names of spouse or children, or anything else that someone could easily guess as a password.
Do not share your user ID and password with anyone else.
After you have submitted information online, we recommend that you close your browser before leaving your computer. This practice ensures you are not leaving personally identifiable information on the computer for those who may use it after you. This is especially important if you are using a computer in a public place.
Do not leave your computer unattended during an online session.
Contact us immediately at ph-compliance@priorityhealth.com if you suspect that someone has accessed your information online without your authorization.

The transmission of information via the internet is not completely secure. Although we implement industry accepted information security measures to protect your personal information, we cannot guarantee the security of your personal information stored, processed, shared, or otherwise transmitted on or through our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.

Data retention

We typically retain your personal information related to marketing activities for as long as you accept marketing communications from us. We will securely delete such data, in accordance with and as permitted under applicable law, upon request.

For personal information that we collect and process for other purposes, we typically retain such personal information for no longer than the period necessary to fulfill the purposes outlined in this Privacy Notice and as otherwise specified in applicable record retention policies and procedures. We may retain your personal information even after you have unsubscribed from our communications or closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or enforce our terms and conditions. We will retain de-personalized information after we have otherwise deleted your personal information.

Cross border transfers of information

Any information you provide to us through the use of the Website may be stored, processed, transferred among, and accessed from the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Privacy Notice regardless of where your personal information is kept. Regarding transfers from the European Economic Area ("EEA") to the United States, we rely on the derogations for transfers which are necessary to perform the transaction with you. Where required by law, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below. If you reside in other non-US jurisdictions outside the EEA, your use of the Website or provision of any personal information constitutes your consent for the transfer of such data to the United States for the purposes identified above. If you have questions about cross-border transfers, please contact us as detailed below.

Do-not-track

At this time the Website does not recognize automated browser signals regarding tracking mechanisms, which may include “do not track” instructions. However, you can change your privacy preferences regarding the use of cookies and similar technologies through your browser or mobile device.

Changes to our privacy policy

We may need to change this online privacy policy from time to time to address new issues relating to our Website or the solutions or tools we provide on our Website. We recommend you check this policy page regularly.

Contact us

If you have any questions or complaints about our privacy practices or this policy, contact the Priority Health Compliance Department.

Email: ph-compliance@priorityhealth.com

Mailing address:

Priority Health
MS 3230
1231 East Beltline NE
Grand Rapids, MI 49525

Last modified: Feburary 2023