BridgeSpan is required to provide you with access to detailed information about your health history through a “Patient Access API.” While you are a current member, you may access this information by downloading a third-party application (the “App”) on your smart phone, tablet, computer or other similar device. To learn more click here.
Categories | Examples | Collected (Yes or No) |
|---|---|---|
A. Identifiers. | A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers. | YES |
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)). | A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories. | YES |
C. Protected classification characteristics under California or federal law. | Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information). | YES |
D. Commercial information. | Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies. | YES |
E. Biometric information. | Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data. | YES |
F. Internet or other similar network activity. | Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement. | YES |
G. Geolocation data. | Physical location or movements. | YES |
H. Sensory data. | Audio, electronic, visual, thermal, olfactory, or similar information. | YES |
I. Professional or employment-related information. | Current or past job history or performance evaluations. | YES |
J. Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)). | Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records. | NO |
K. Inferences drawn from other personal information. | Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes. | YES |
Personal information may also be collected in the course of a natural person acting as a current or former job applicant, employee, director, officer, or contractor within the context of that natural person’s role. Additional information collected may include emergency contact and information to administer benefits, including to another person.
“Personal information” does not include publicly available information, meaning information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge. “Personal information” also does not include consumer information that is deidentified or aggregate consumer information. This Notice addresses online and offline practices by us. Information excluded from the CCPA’s scope includes health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Other information excluded includes those covered by the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.
Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the CCPA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.
This business has not sold categories of personal information within the meaning of the CCPA, including minors under 16 years of age.
Categories of personal information from our consumers disclosed for a business purpose within the past 12 months include:
(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;
(B) Categories of personal information as described in California Civil Code 1798.80(e);
(C) Characteristics of protected classifications under California or federal law;
(F) Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;
(G) Geolocation data;
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.
Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology).
Categories of sources from which personal information was directly and indirectly collected in the past 12 months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to.
Categories of third parties with whom the business shared personal information in the past 12 months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.
Annual reporting. As required by the CCPA, for the prior calendar year the following information is provided. Number of Requests to Know that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Delete that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Opt-Out that we received (0), complied with in whole (0) or in part (0), and denied (0). The mean number of days within which we substantively responded to Requests to Know (0 calendar days), Requests to Delete (0 calendar days), and Requests to Opt-out (0 calendar days).
Finally, you may be able to request information contained in the California Citizen Rights section in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information contained within our Privacy Policy.
Request To Know | Request To Delete | Request to Opt Out | Average days to respond | |
|---|---|---|---|---|
Denied | 0 | 0 | 0 | N/A |
Complied in part | 0 | 0 | 0 | N/A |
Complied in whole | 0 | 0 | 0 | N/A |
Total | 0 | 0 | 0 | |
Average days to respond | N/A | N/A | N/A | N/A |
To make a request please contact us at info@bridgespanhealth.com with “CCPA Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant. You can also use the other contact methods mentioned previously. If you are from another area (ex. state) and believe you are entitled to exercise applicable right(s), please use the email address and/or phone number given and include relevant details. If you have questions or concerns about the business’s privacy policies and practices, you can use the contact methods mentioned above (ex. telephone, email) in this Notice to contact us.
Evolving technology will continue to provide BridgeSpan with new and better ways to safeguard your information. We may update this statement in the future to reflect these technological advances, and we encourage you to return to this page from time to time for any updates.
THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.
PLEASE REVIEW IT CAREFULLY.
We, at BridgeSpan Health, know you value your privacy. That is why we are committed to the confidentiality and security of information that we collect about you (“protected health information”). We maintain physical, administrative and technical safeguards to protect against unauthorized access, use, or disclosure of your personal information, including information we share internally either orally, electronically, or in writing.
We are required by law to maintain the privacy of protected health information and to explain our legal duties and privacy practices. We are also required by law to notify affected individuals following a breach of unsecured protected health information. This notice applies to all protected health information that we maintain, including information of former members who are no longer covered by us. We hope this notice will clarify our responsibilities to you and give you an understanding of your rights. We are required to abide by the notice that is currently in effect. This notice is in effect as of January 1, 2023.
You may exercise the following rights by calling our Customer Service department or writing our Privacy Official. See “Contacting Us” at the end of this notice.
You have the right to request, to inspect, or receive a copy of protected health information that we maintain about you in a “designated record set.” A “designated record set” generally includes the information we use to administer your health benefits, such as enrollment information and claims. We are permitted to charge a fee for copies you request.
If you believe that protected health information we maintain about you in a designated record set is inaccurate or incomplete, you have the right to request an amendment to correct or complete the information. You must submit your request in writing and explain the reason for the amendment. If we agree to make the change, we will make reasonable efforts to inform others, including people you identify, that the information has been amended and we will use our best efforts to include the amendment with any future disclosure. If we decline to amend information (for example, if we did not create the original record), you have the right to submit a statement of disagreement which we will include in future discloses of the relevant information. We may attach a rebuttal statement to your statement of disagreement.
You have the right to receive a paper copy of this notice upon request.
You have the right to request a list of certain disclosures of your protected health information. The list will not include disclosures we made for treatment, payment, or health care operations, that took place more than six years ago, or that were made for certain other reasons (as permitted by law). We will supply this list free of charge once a year at your request. If you request an accounting more than once in a 12-month period, we may charge a reasonable fee.
You have the right to request restrictions on our use or disclosure of protected health information in addition to the restrictions imposed by law. We are not required to agree to your request and we may be unable to do so. If we do agree, we will comply with your request except in the case of emergency. You also have the right to request that we communicate with you in confidence with respect to communications you believe may endanger you. We will make every effort to accommodate your request if it is reasonable and you provide an alternate means to communicate. You should know that redirecting communication may not prevent others on your policy from discovering that you sought medical care. Accumulated deductibles and co- payment information may reveal that you obtained services. In addition, historic claims reports may include services that were obtained during the time communications were redirected.
You have the right to submit a complaint if you believe we have violated your privacy rights. To submit a complaint, write to: BridgeSpan Health, ATTN: Privacy, 200 SW Market St. 11th Floor, Portland, OR 97201 or call our Customer Service department at the phone number provided at the end of this notice. You also have the right to submit a complaint to the Secretary of the U.S. Department of Health & Human Services. Be assured that we will not retaliate against you for submitting a complaint.
To administer health benefits, we collect, use and disclose protected health information for a variety of purposes:
We may disclose protected health information to a health care provider in order for the provider to treat you, including providing case management to you. For example, we may provide information about your prescriptions to your provider to ensure the provider has information that may affect your treatment.
We may use or disclose protected health information for payment purposes, including to adjudicate claims, issue Explanation of Benefits, or coordinate benefits with other entities responsible for paying your claims.
We may use or disclose protected health information to facilitate operations, including underwriting, customer service, and detection or prevention of fraud or abuse. We may not, however, use or disclose genetic information for underwriting purposes.
BridgeSpan Health engages in arrangements with other covered entities (such as health care providers and employer-based health plans) to improve health or reduce costs. We may exchange protected health information with other participants in these arrangements for treatment, payment, and health care operations related to our joint activities.
We contract with business associates to perform health plan-related functions on our behalf. We disclose protected health information to these business associates and we permit them to collect, use, or disclose protected health information on our behalf to perform these functions. We contractually obligate our business associates (and they are required by law) to provide the same privacy protections that we provide.
If you are enrolled in an employer-sponsored group health plan (or a group health plan sponsored by another entity), we may disclose protected health information to the group health plan or plan sponsor to facilitate administration of the plan. When we provide your personal information to your employer or other plan sponsors we comply with the required safeguards to protect your information.
We use or disclose protected health information as permitted or required by law. For example, some laws permit or require us to disclose protected health information for workers’ compensation programs or to certain government agencies, such as the Food and Drug Administration.
We may disclose protected health information for public health activities, such as to: (a) public health agencies for the prevention and control of disease; (b) coroners or medical examiners for their duties; (c) agencies that engage in the procurement, banking, or transportation of organs or tissue for donation and transplantation services; (d) researchers for research intended to improve the health care system; and (e) third parties as necessary to avert a serious threat to the health or safety of a person.
We may disclose protected health information to health oversight agencies, which regulate health plans, health care providers, and the health system and investigate healthcare fraud. These agencies include: State Commissioner of Insurance, State Board of Medicine, the U.S. Department of Health and Human Services, and the FBI.
We may disclose protected health information in the course of a judicial or administrative proceeding, and in response to a court order, subpoena, discovery request, or other lawful process.
We may disclose protected health information to law enforcement officials in response to an administrative subpoena, a warrant, or an administrative request intended to identify or locate a suspect, victim, or witness. We also may disclose protected health information for the purpose of reporting a crime on our premises.
We may disclose protected health information to armed forces personnel for military activities and to authorized federal officials for national security and intelligence activities.
We may disclose protected health information of an inmate to a correctional institution for treatment purposes or to ensure the safety of the inmate and others.
We may disclose your protected health information to you at your request, to inform you about the status of your claims, or for other purposes.
We may disclose protected health information to personal representatives such as court-appointed guardians, executors, conservators, and in many cases parents of minor children, as well as to attorneys in fact when a valid power of attorney exists. In addition, if you give us verbal permission or if your permission can be implied (for example, if you call Customer Service with a family member or friend on the line), we may disclose protected health information to them on your behalf. This permission is valid only for a limited time. If you want to authorize on-going disclosures to family members or friends, you must submit written authorization.
You may give us written authorization to use protected health information or disclose protected health information about yourself to anyone for any purpose. An authorization remains valid for two years unless the authorization states otherwise or you revoke it. You may revoke an authorization at any time by submitting a written revocation (see “Contacting Us,” below), but a revocation will not affect any use or disclosure that we made relying on the authorization while it was in effect. An authorization is required for us to use or disclose your protected health information for purposes other than those described in this notice. In particular, we need your written authorization to use or disclose psychotherapy notes, except in limited circumstances such as when the disclosure is required by law. We would also need to obtain your written authorization if we wanted to sell information about you to a third party or send you communications about products and services that are not related to your health.
We reserve the right to change our privacy practices and this notice at any time without advance notice. Before we make any material change in our privacy practices, we will change this notice and post the new notice on our website. We will provide a copy of the new notice (or information about the changes to our privacy practices and how to obtain the new notice) in our next annual mailing to members who are then covered by one of our health plans. The new notice will apply to all protected health information in our possession, including any information created or received before the new notice became effective.
You may reach us during regular business hours by calling our Customer Service department at a number below:
| Location | Phone number |
|---|---|
| Idaho and Garfield and Asotin Counties, Washington | 855-857-9944 |
| Oregon and Clark County, Washington | 855-857-9943 |
| Utah | 855-238-9319 |
| Location | Phone number |
|---|---|
| Idaho, Oregon, and Utah | (855) 238-9319 |
For more information about this notice or matters described in the notice, you may write to: BridgeSpan Health, ATTN: Privacy, 200 SW Market St. 11th Floor, Portland, OR 97201; E-mail: privacy_office@bridgespanhealth.com; Fax: 1-888-875-6893.