Privacy policy

Effective January 2021

Signify Health, Inc. is concerned with safeguarding your privacy on-line. Accordingly, Signify Health has developed this policy statement to assist you in understanding why Signify Health collects particular personal identifying information and how Signify Health will protect your personal privacy within its website (the "Privacy Policy"). By making you aware of Signify Health's data collection and use practices, we can provide you with better service.

The following information summarizes our personal identifying information gathering and dissemination practices for the Signify Health's website located at the URL, www.signifyhealth.com, (the "Site"). Personal identifying information includes information that can be linked to a specific individual, such as a name, address, phone number, or email address.

We collect and process personal information in two capacities. When you visit the Site, we may collect and process information for our own business purposes. In addition, when we are providing services for a “covered entity” partner, we act as a “business associate” under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). In that capacity, we collect, receive, maintain, use, and disclose Protected Health Information (“PHI”) only as permitted or required under applicable laws and contract, and our partner’s privacy notice describes and controls how we collect and process PHI.

Signify Health reserves the right to change this Privacy Policy at any time. If Signify Health makes material changes to this Privacy Policy, Signify Health will post those changes at this location so that you are aware what information we collect, how we use it, and under what circumstances, if any, we disclose it. Please review this Privacy Policy on a periodic basis.

By using our website, you consent to the collection and use of your information by Signify Health, as described below.

 

What Information Does Signify Health Collect?

Users may visit the website without giving Signify Health any personal information. However, users will need to register to gain access to resource content, receive customized information or enroll in a Signify Health-sponsored education or training program.

Signify Health will collect name, title, employer, mailing address, telephone number, fax number and email address. Contact demographic information may be voluntarily provided by individuals who register on Signify Health's website. We also collect Internet Protocol (IP) addresses from all users of our Site, the date and time of access, and may catalog the type of computer, browser, or operating system used by the user. If we conduct a video assessment with you, we will receive audio and video images of you and information about your health status.

 

How Does Signify Health Use that Information?

Until you register to gain access to the resources section of the Signify Health website or enroll in an Signify Health-sponsored education or training program, you are able to browse the Site without providing any personal identifying information, although your browser may tell us what type of computer and operating system you are using as well as other kinds of technical information.

Below, is more detail on how Signify Health uses the personal identifying information of those individuals who have registered for the resource section of the Site or enrolled in an Signify Health -sponsored education or training program. Signify Health collects, receives, maintains, uses, and discloses PHI on behalf of our “covered entity” partners, as permitted or required under applicable law and contract.

 

Contact Information: Where permitted by applicable law and contract, Signify Health may use your contact information to provide its services, to advertise its services, to provide you with news, updates, products, services, upcoming events and other information, to send you text messages and SMS notifications, to communicate with you via email, and to get in touch with you when necessary with respect to transactions. We do share your contact information with our business partners, as is necessary to provide our services and, if permitted by law and contract, for advertising purposes. For example, we may disclose your information to our communications vendors to enable a video assessment or to send you emails or text messages. Except for sharing arrangements with Signify Health's business partners, we do not share your contact information with other types of third parties for any other purpose, except to a court or governmental agency if required by law or unless we first obtain consent from you to do so. Site visitors who do not wish to receive notifications or other information via email can choose to opt out of receiving such information at any time upon receipt of any promotional email.

 

Demographic Information: Where permitted by applicable law and contract, Signify Health may use or share, lease, rent, license, and/or sell demographic data on an aggregated basis, which will not identify any particular user, with our business partners, suppliers, and, if permitted by law and contract, for advertising purposes.

 

Transactional Information: Where permitted by applicable law and contract, Signify Health may use or share, lease, rent, license, and/or sell transactional data on an aggregated basis, which will not identify any particular user with advertisers or other third parties, including our business partners, suppliers, sponsors, and vendors, for business purposes.

 

Technical Information: We use technical information, such as your IP address or browser type, to help diagnose problems with our servers, analyze Site usage trends, track user movements on the Site, to provide our services, and to otherwise manage and monitor our Site.

 

Training and Examination Information for Users Which Enroll in Certain Signify Health Training Programs: Individuals may enroll in Signify Health training programs through this Site. If agreed to by the individual enrolled in a program, Signify Health may share certain training and examination information about that individual with third parties upon request.

 

Video Consultations: If we conduct a video assessment with you, we will receive audio and video images of you and information about your health status. We use and share this information as necessary to provide our services. For example, we will share your results with the covered entity and our communications vendors. Our “covered entity” partner’s privacy notice controls how we collect and process PHI.

 

What About the Use of Cookies?

Signify Health may use cookies on the Site to personalize and customize the experience of its visitors. Cookies are pieces of information, which Signify Health uses for record-keeping purposes, which the Site transfers to your computer’s Web browser for storage on your computer’s hard drive. Cookies allows us to better understand and monitor how many people are using our site and for what purpose. We may also use cookies to retrieve certain information to help us determine which features and services are most important to you. Signify Health, however, will not use cookies to record passwords or credit card or other financial information. Moreover, you can delete any cookies residing on your hard drive by following the instructions for your Web browser.

Many consider the use of cookies to be an industry standard. Consequently, your Web browser is likely set to accept cookies. If you would prefer not to receive cookies, you can alter the configuration of your browser to refuse cookies. If you choose to have your browser refuse cookies, you should understand that it is possible that some areas of our Site will not function properly when you view them.

By registering for a password and logging on to the member-level areas of the Signify Health site, registered members need only enter their username and password once, utilizing enabled cookies. For subsequent visits, the website grants the user the option to "remember" username and password. If a user's browser is configured to reject the cookie, they may still use our site.

 

What About External or Third Party Websites?

To the extent hyperlinks or gateways (whether through banner advertisements or otherwise) are utilized to access external or third party sites, you should be aware that these external or third party site are not controlled by Signify Health and therefore, are not subject to this Privacy Policy. Signify Health suggests that you check the privacy policies of these sites to determine how the proprietors of these third party sites will utilize your personal identifying information.

 

What About Security?

Signify Health places a premium on making sure that personal identifying information remains private and secure and is not subject to misuse or manipulation. Accordingly, this Site has industry standard security measures in place, including storage of personal identifying information in a secure environment, to protect against the loss, misuse, and alteration of the information under Signify Health's control. Although Signify Health has endeavored to create a secure and reliable Site, the confidentiality of any communication or material transmitted via the Internet cannot be guaranteed. Accordingly, you should consider carefully if you want to submit sensitive information via the Internet. Messages that you send to us via e-mail may not be secure. Signify Health suggests that you do not send any confidential information to us by e-mail. If you choose to send confidential information to us by email, you accept the risk that a third party may intercept your information. Signify Health urges you to take every precaution to protect your personal identifying information when online.

 

What About Correcting, Deleting, or Updating Information?

At any time, you may contact Signify Health at webmaster@SignifyHealth.com to correct, modify, or delete the information you provide to Signify Health through this Site, namely, your name, address, e-mail address and phone number. Moreover, when you cease to use Signify Health's services and no longer wish to be included in Signify Health database, you may contact Signify Health at webmaster@SignifyHealth.com to request to have your information removed from our database. In the event that Signify Health receives such a request or change, Signify Health may require you to confirm or verify any change to your record. Please note, however, that the collection and uses of certain personal identifying information is necessary to provide certain products and services through the Site and the deletion of such necessary information (e.g., an e-mail address) may render a particular service or Signify Health's ability to provide it inoperable.

 

What About Children?

Signify Health cares about the safety of children on its Site and encourages parents and guardians to monitor their children’s use of the Internet. Although the Site is suitable for a general audience, this Site is intended for use only by users who are over 18 years of age. Accordingly, Signify Health does not knowingly solicit personal identifying information from children or send them requests for personal information.

 

 

Privacy Notice for California Residents

Effective: February 3, 2021

This Privacy Notice for California Residents supplements and is expressly made part of the information contained in Signify Health, LLC’s Privacy Policy and applies solely to all visitors, users, and others who reside in the State of California (“consumers” or “you”) when they visit the Signify website or subscribe to receive the Signify services (collectively, our “Services”). In this Notice, Signify Health, LLC may refer to itself as “we”, “us” or “our”, and doing so may also include our related companies. We adopt this Notice to comply with the California Consumer Privacy Act of 2018 (CCPA).  Any terms defined in the CCPA have the same meaning when used in this Notice.

The CCPA is a law related to protecting the privacy of consumers who reside in the State of California. This Notice describes when, why and how we collect, use and otherwise handle personal information of California residents.

 

What Personal Information Do We Collect?

We collect information that identifies, relates to, describes, references, is capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or device (“personal information”). 

 

Personal information does not include:

  • Publicly available information from government records
  • Deidentified or aggregated consumer information
  • Information excluded from the CCPA’s scope, like:
    • health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the California Confidentiality of Medical Information Act (CMIA) or clinical trial data;
    • personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FRCA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

We obtain the categories of personal information listed above from the following categories of sources:

  • Directly from our client/customers or their agents. For example, from information our clients/customers provide to us related to the Services for which they engage us.
  • Directly from you. For example, through information we ask from you when our clients or their agents subscribe to and engage with our Services, or when you are our one of our workforce members.
  • Directly and indirectly from you when using our Services or visiting our website. For example, usage details collected automatically in the course of your interaction with our platform or website.

Notwithstanding the foregoing, we may have collected the following categories of personal information from consumers within the last twelve (12) months:

  • Category A – Identifiers

Examples: Name, postal address, Internet Protocol address, email address, Social Security number, driver’s license number, passport number, an alias or unique personal/online identifier (such as user name or login name), or other similar identifiers.

  • Category B – Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Examples: Name, signature, voice, photograph, physical characteristics, Social Security number, address, telephone number, fax number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, bank account number, credit card number, debit card number, or any other financial information, physical illness, mental illness or disabilities.

  • Category C – Protected classification characteristics under California or federal law

Examples: Age, ethnicity, citizenship, religion or creed, marital status, physical illness, mental illness or disabilities, gender, veteran status.

  • Category D – Commercial information

Examples: Records of personal property, dates and locations of products or services purchased, obtained, or considered; or other purchasing or consuming histories or tendencies.

  • Category E – Internet or other similar network activity

Examples: Access history and information on your interaction with our website and Services.

  • Category F – Geolocation Data

Examples: Location information collected by a browser or inferred by IP addresses, mobile device signals.

  • Category G – Sensory Information

Examples: Audio recordings, electronic, visual or similar information.

  • Category H – Professional or employment-related information

Examples: Occupation, employer information.

  • Category I – Non-public education information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99))

Examples: Education level, school attended.

  • Category J – Inferences drawn from personal information

Examples: Consumer type, potential purchasing behavior.

 

Use of Personal Information

We may use or disclose the personal information we collect for one or more of the following business purposes:

  • To provide our Services and fulfill our obligations as an employer.
  • To provide you with email alerts and other notices concerning our Services, or updates to your account.
  • To improve our Services to you.
  • For testing, research, analysis and product development.
  • As necessary or appropriate to protect the rights, property or safety of us, our clients/customers or others.
  • To respond to law enforcement requests and as required by applicable law, court order, or governmental regulations.
  • As described to you when collecting your personal information or as otherwise set forth in the CCPA.
  • To evaluate or conduct a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of our assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by us is among the assets transferred.

We will not collect additional categories of personal information or use the personal information we collected for materially different, unrelated, or incompatible purposes without providing you notice.

 

Sharing Personal Information

We may disclose your personal information to a third party for a business purpose. When we disclose personal information for a business purpose, we enter a contract that describes the purpose and requires the recipient to both keep that personal information confidential and not use it for any purpose except performing the contract.

In the preceding twelve (12) months, we have disclosed the following categories of personal information for a business purpose:

  • Category A: Identifiers.
  • Category B: California Customer Records personal information categories.
  • Category C: Protected classification characteristics under California or federal law.
  • Category D: Commercial information.
  • Category F: Internet or other similar network activity.
  • Category G: Geolocation Data
  • Category H: Sensory Information
  • Category I: Professional or employment-related information
  • Category J: Non-public education information
  • Category K: Inferences drawn from personal information

 We disclose your personal information for a business purpose to the following categories of third parties:

  • Our clients/customers or their agents for which we have engaged in a business contract.
  • Service providers, including employee benefits providers.
  • Third parties to whom you or your agents authorize us to disclose your personal information in connection with our Services or our role as an employer.

In the preceding twelve (12) months, we have not sold any personal information.

 

Your Rights and Choices

The CCPA provides California residents with specific rights regarding their personal information. This section describes your CCPA rights and explains how to exercise those rights.

 

Access to Specific Information and Data Portability Rights

You have the right to request that we disclose certain information to you about our collection and use of your personal information over the past 12 months. Once we receive and confirm your verifiable consumer request, we will disclose to you:

  • The categories of personal information we collected about you.
  • Our business or commercial purpose for collecting that personal information.
  • The categories of third parties with whom we share that personal information.
  • The specific pieces of personal information we collected about you (also called a data portability request).

 

Deletion Request Rights

You have the right to request that we delete any of your personal information we collected from you and retained, subject to certain exceptions. Once we receive and confirm your verifiable consumer request, we will delete (and direct our service providers to delete) your personal information from our records, unless an exception applies.

We may deny your deletion request if retaining the information is necessary for us or our service providers to:

  1. Complete the transaction for which we collected the personal information, provide a good or service that you requested, take actions reasonably anticipated within the context of our ongoing business relationship with you, or otherwise perform our contract with you.
  2. Detect security incidents, protect against malicious, deceptive, fraudulent, or illegal activity, or prosecute those responsible for such activities.
  3. Debug products to identify and repair errors that impair existing intended functionality.
  4. Exercise free speech, ensure the right of another consumer to exercise their free speech rights, or exercise another right provided for by law.
  5. Comply with the California Electronic Communications Privacy Act (Cal. Penal Code § 1546 seq.).
  6. Engage in public or peer-reviewed scientific, historical, or statistical research in the public interest that adheres to all other applicable ethics and privacy laws, when the information’s deletion may likely render impossible or seriously impair the research’s achievement, if you previously provided informed consent.
  7. Enable solely internal uses that are reasonably aligned with consumer expectations based on your relationship with us.
  8. Comply with a legal obligation.
  9. Make other internal and lawful uses of that information that are compatible with the context in which you provided it.

 

Exercising Access, Data Portability, and Deletion Rights

To exercise the access, data portability, and deletion rights described above, please submit a verifiable consumer request to us by email at privacy@signifyhealth.com.

Only you or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information.

You may only make a verifiable consumer request for access or data portability twice within a 12-month period. The verifiable consumer request must:

  • Provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative.
  • Describe your request with sufficient detail that allows us to properly understand, evaluate, and respond to it.

We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority to make the request and confirm the personal information relates to you.  Making a verifiable consumer request does not require you to create an account with us. We will only use personal information provided in a verifiable consumer request to verify the requestor’s identity or authority to make the request.

 

Response Timing and Format

We strive to respond to a verifiable consumer request within 45 days of its receipt.  If we require more time (up to 90 days), we will inform you of the reason and extension period in writing.  If you have an account with us, we will deliver our written response to the registered email associated with the account.  If you do not have an account with us, we will deliver our written response by mail or electronically, at your option. Any disclosures we provide will only cover the 12-month period preceding the verifiable consumer request’s receipt.  The response we provide will also explain the reasons we cannot comply with a request, if applicable. For data portability requests, we will select a format to provide your personal information that is readily useable and should allow you to transmit the information from one entity to another entity without hindrance.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded.  If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

 

Non-Discrimination

We will not discriminate against you for exercising any of your CCPA rights. Unless permitted by the CCPA, we will not:

  • Deny you use of our Services.
  • Provide you a different level or quality of Services.
  • Take any adverse employment actions if you are a Signify workforce member

 

Changes to Our Privacy Notice

We reserve the right to amend this Privacy Notice at our discretion and at any time. The date this Privacy Notice was last updated is identified at the top of this Notice. You are responsible for periodically visiting the Signify website and this Privacy Notice to check for any changes.

 

Contact Information

If you have any questions or comments about this Privacy Notice, our Privacy Policy, the ways in which we collect and use your personal information, your choices and rights regarding such use, or wish to exercise your rights under California law, you may contact us via email at privacy@signifyhealth.com.

 

What About Any Other Questions?

If you have any questions about this Privacy Policy, the information collection and dissemination practices of this Site, or Signify Health's use of your personal identifying information, you can contact Signify Health at Signify Health LLC, 4055 Valley View Lane, Ste 400, Dallas, TX 75244 ATTN: Privacy Department or email Privacy@signifyhealth.com.

If you have any questions about Signify Health's security policies, you can contact Signify Health at Signify Health LLC, 4055 Valley View Lane, Ste 400, Dallas, TX 75244 ATTN: Security Department or email Security@signifyhealth.com.