Priority Health respects your privacy and is committed to protecting it through our compliance with this policy. This policy describes the types of information we may collect from you or that you may provide when you visit the website priorityhealth.com (our "Website") and our practices for collecting, using, maintaining, protecting, and disclosing that information
Learn more about Interoperability and Priority Health
The Centers for Medicare & Medicaid Services (CMS) put forth new rules that create a more consistent framework for interoperability and shifted responsibility of your health care data to you as the member and owner of that data. Part of these changes include a simplified and consistent mechanism for applications (apps) to be able to ask you to allow their app to access your data. This rule requires Priority Health to implement and maintain a secure but "open" Application Programming Interface (API) for developers to create apps that can help you access your health care data and to help health care systems exchange information in an interoperable format when you allow them to do so. The information includes claims and encounter information for as long as Priority Health maintains it in its records. This access is for any member who has a Medicaid, including MIChild, Healthy Michigan Plan and Children's Special Health Care Services (CSHCS) plan, Medicare Advantage plan, or purchased a Qualified Health Plan (QHP) on the Federally-Facilitated exchanges through Priority Health. Priority Health has partnered with 1UpHealth to enable this capability. Members can request this information using one of the approved third-party applications (app).
CMS rules on interoperability limit what health insurance companies can do to stop apps from asking you to access your health data. This shift in responsibility for protecting your data means that you as the member have more control over who can access your health care data and you have more responsibility to protect your health care data. Priority Health believes it is important to provide you with educational resources concerning the privacy and security of your protected health information (PHI) in the context of disclosures of your information to third-party apps.
Steps you may take to protect your privacy and security
- What health data will be collected?
- Will non-health data be collected from my device (ex: my location or any Internet search information)?
- Will my data be stored in a deidentified or anonymized form (ex: someone would not know the data was about me)?
- Will my data be stored or accessed outside the United States?
- How will the app use my data?
- What are the secondary uses of my data?
- Will my data be disclosed to third parties (other companies) by the app for any purposes (ex: research and advertisement)?
- Will this app sell my data to third parties for any reason?
- Will this app share my data for any reason? If so, with whom and for what purpose?
- How can I limit this app's use, disclosure, or sale of my data?
- What security measures will be used to protect my data?
- How will I be notified if there are any security concerns or any data breaches?
- What impact could sharing my data with this app have on others, such as my family members?
- How can I access my data and correct inaccuracies in the data retrieved by this app? (Note that correcting inaccuracies in data collected by the app will not affect inaccuracies in the source of the data.)
- Does this app have a process for collecting and responding to user complaints?
- Does this app allow its customers to see user complaints and how they were resolved? Or does this app provide a question-and-answer forum?
- How do I terminate the app's access to my data if I no longer want to use the app or if I no longer want this app to have access to my health information? How difficult will it be to terminate access?
- What is the app's policy for deleting my data from the company's records once I terminate access? Is it more than just deleting the app from my device?
- How will this app inform me of changes in its privacy practices?
Some members, particularly members who are covered by Qualified Health Plans (QHPs) on the Federally-facilitated Exchanges (FFEs), may be part of an enrollment group where they share the same health plan as multiple members of their tax household.
Information will only be shared per HIPAA guidelines, meaning that unless you are a minor, Protected Health Information (PHI) cannot be shared without a release. If you prefer that we do not share any information with anyone else on the plan you have the ability to set up security questions which would need to be answered in order to access the account.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification rules along with the Patient Safety Act and Rule. The HIPAA Privacy Rule covers health plans, health care clearinghouses, and health care providers who conduct certain financial and administrative transactions electronically. Priority Health is subject to HIPAA.
Learn more about rights under HIPAA and who is obligated to follow HIPAA.
You can also read more about HIPAA FAQs for individuals.
Learn more from the FTC about mobile app privacy and security.
You should keep in mind that once health information leaves Priority Health that there is a potential that the information released may be disclosed (released/shared) by the recipient (the third-party app) and that it may no longer be protected by HIPAA.
Learn more from the FTC about mobile app privacy and security.
Summary of our practices
We collect the following information:
- Personal information that you provide us on a voluntary basis.
- Information that your browser routinely shares with websites.
We use and disclose the information we collect for the following purposes:
- To create and maintain your account.
- To provide you information about products and services that you request or that we think may interest you.
- To help us improve our Website, understand its users and their preferences, and to market our services.
- To protect our business interests or the rights of others, when required by law, to cooperate with law enforcement, or in connection with the sale or merger of all or part of our business.
The Site uses the following tracking technologies:
- Cookies and other similar technology track movement across our website and keep track of our users and their preferences.
Other details about our practices:
- Although the Website may contain links to other websites, this policy applies only to websites owned and operated by Priority Health.
- We use your personal information only for the purposes for which it is collected and consistent with this policy, and we retain your information only as long as permitted by applicable law.
- We may update this policy from time to time, but we will allow you to opt in to any material changes in how we use your previously collected personal information.
How we collect and use your personal information
- Your member account registration collects information such as your name, date of birth, member ID number and other contract information. We use it to verify that you have access to the personal, health and billing information your member account displays.
- Our Secure Message form asks for your name, email address, phone number, mailing address and other information. We use it to reply to you when answering your questions or comments.
- Our Web Feedback form saves your email address IF you enter your email address in the form. We use it to reply to your questions and comments.
- Claims we get from doctors, hospitals, pharmacies and other health care professionals to pay for your health care give us information about your health. We use this information:
- To track whether doctors are making sure you get all the preventive care you need.
- To let you know that you might be due for preventive care, such as a mammogram or cholesterol test.
- To see if you are having more than one health problem at a time and may need the help of a care manager.
- To show employers if conditions like diabetes are costing them more than average. This information is shared as a percentage of all employees ("20% have diabetes"), NOT as a list of individual employees ("Jane Doe and John Smith have diabetes").
- The Cost Estimator tool collects information about what health procedures you search for and what providers you choose. This lets us determine if you have earned a reward for choosing a lower-cost provider when we get a claim for one of the reward-eligible medical and surgical procedures.
As is commonly done on websites, as you navigate through and interact with our Website, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Details of your visits to our Website, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Information about your computer and internet connection, including your IP address, operating system, and browser type.
The information we collect automatically is only statistical data and does not include personal information, but we may maintain it or associate it with personal information we collect in other ways or receive from third parties. It helps us to improve our Website and to deliver a better and more personalized service, including by enabling us to:
- Estimate our audience size and usage patterns.
- Store information about your preferences, allowing us to customize our Website according to your individual interests.
- Speed up your searches.
- Recognize you when you return to our Website.
Some of the technology we use for this automatic collection of data may include browser cookies and Flash cookies. Browser cookies are files with a small amount of data that is commonly used as an anonymous unique identifier. These are sent to your browser from the website that you visit and are stored on your computer's hard drive.
If you do not wish to allow browser cookies, please disable cookies by changing your browser settings before continuing to use this Website. Please be aware that some of the Website's functions or features may not work properly without cookies.
Certain features of our Website may also use local stored objects (or Flash cookies) to collect and store information about your preferences and navigation to, from, and on our Website. Flash cookies are not managed by the same browser settings as are used for browser cookies. For information about managing your privacy and security settings for Flash cookies, see Choices About How We Use and Disclose Your Information.
Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Disclosure of your information
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction.
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Priority Health's assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by Priority Health about our Website users is among the assets transferred.
- To fulfill the purpose for which you provide it.
- For any other purpose disclosed by us when you provide the information.
- With your consent.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of Priority Health, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices about how we use and disclose your information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Interest-based advertising. We do not control third parties' collection or use of your information to serve interest-based advertising. However these third parties may provide you with ways to choose not to have your information collected or used in this way. You can opt out of receiving targeted ads from members of the Network Advertising Initiative ("NAI") on the NAI's website.
Accessing and correcting your information
You can review and change your personal information by logging into the Website and visiting your account profile page. You may also send us an email at email@example.com to request access to, correct or delete any personal information that you have provided to us. We may not be able to delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect.
Our Website is not directed at children under the age of 13 and we will not knowingly collect information about children under the age of 13. If you are under the age of 13, please do not submit your personal information. If you are a parent who believes that we have collected information about a child under age 13, please contact us as detailed below and we will be happy to delete the information.
Your California privacy rights
For California residents: We may share your personal information with affiliated third parties, some of which do not share the Priority Health name, for their direct marketing purposes. These categories of affiliate are considered unaffiliated parties under California law, you may request information about our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to firstname.lastname@example.org. Please include your name and email address in such request.
California law may also provide you with additional rights regarding our use of your personal information. To learn more about your California privacy rights, visit California's "Shine the Light" law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to email@example.com.
Rights with respect to your personal health information
You'll find all the details of how we protect your personal health information in our Notice of Privacy Practices.
You can ask us to share your information
Priority Health members can give us permission to discuss or provide information about their health, their plan and their billing and payments with people they name. They can also cancel that permission. Here's how:
- To name someone who can act for you: You can give someone the power to make decisions for you and agree to medical expenses, pay bills on your behalf, and do everything you are able to do with your health and financial information. You use a Power of Attorney form or an Appointment of Representative form to give someone that power. Call Customer Service at the number on your membership card to let us know that you have appointed a representative or given a Power of Attorney to someone and learn how to send us a copy of the signed form.
- To name someone who can see your information, but cannot act for you:
- HIPAA Authorization (English or Spanish): Fill out this form to give us permission to share your health information, financial information or both with someone else. Mail, fax or email it to us.
HIPAA Authorization Form or Autorización para la divulgación de información personal
- HIPAA Revocation (English or Spanish): Fill out this form to cancel a HIPAA authorization you signed. Mail, fax or email it to us.
Revocation of HIPAA Authorization form or Revocación de autorización para la divulgación de información personal
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone.
Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
We retain your account information as long as you have an account with us. We typically retain your personal information related to marketing activities for as long as you accept marketing communications from us. We will securely delete such data in accordance with, and to the extent permitted by applicable law, upon request. For personal information that we collect and process for other purposes, we typically retain such personal information for no longer than for the period necessary to fulfill the purposes outlined in this Privacy Notice and as otherwise specified in applicable record retention policies and procedures. We may retain your personal information even after you have unsubscribed from our communications or closed your account if reasonably necessary to comply with our legal obligations (including law enforcement requests), meet regulatory requirements, resolve disputes, maintain security, prevent fraud and abuse, or enforce our terms and conditions. We will retain de-personalized information after we have otherwise deleted your personal information.
Cross border transfers of information
Any information you provide to us through the use of the Website may be stored, processed, transferred among, and accessed from the United States and other countries which may not guarantee the same level of protection of personal information as the one in which you reside. However, we will handle your personal information in accordance with this Privacy Notice regardless of where your personal information is kept. Regarding transfers from the European Economic Area ("EEA") to the United States, we rely on the derogations for transfers which are necessary to perform the transaction with you. Where required by law, you may request a copy of the suitable mechanisms we have in place by contacting us as detailed below. If you reside in other non-US jurisdictions outside the EEA, your use of the Website or provision of any personal information constitutes your consent for the transfer of such data to the United States for the purposes identified above. If you have questions about cross-border transfers, please contact us as detailed below.
Third party sites
The Website may contain links to other websites. We are not responsible for the privacy practices or content of any linked sites. We encourage our users to be aware when they leave our Website and to read the privacy statements of each website to which we may link that may collect personal information.
If you have any questions or complaints about our privacy practices or this policy, contact the Priority Health Compliance Department.
1231 East Beltline NE
Grand Rapids, MI 49525
Last modified: June 2021