EVERNORTH MOBILE APPLICATION PRIVACY NOTICE
Date: April 20, 2023 Version: 1.0
This Privacy Notice applies to information collected by Evernorth Health, Inc. (“Evernorth,” “we,” “our,” or “us”) from users of the mobile application on which it is posted (our “Services”). Our Services are intended for patients of Evernorth Care Group (d/b/a of Cigna Healthcare of Arizona, Inc.) (“Evernorth Care Group”), an affiliate of Evernorth, and are designed to facilitate access to care and enhance the care experience.
In providing these Services, Evernorth is acting as a business associate to Evernorth Care Group under the Heath Insurance Portability and Accountability Act (“HIPAA”). A business associate is a contractor that provides services on behalf of HIPAA covered entities, including health care providers. Accordingly, when Evernorth receives identifiable information about patients through the use of these Services, we will treat that information as protected health information (“PHI”) and will abide by HIPAA and our agreements with respect to that information. Additional information about how we may use your PHI, as well as rights you may have with respect to that information, may be found in the Notice of Privacy Practices that Evernorth Care Group has separately provided you.
Your Use Our Services
Information We Collect and How We Collect It
How We May Use and Disclose Your Information
To Whom We May Disclose Your Information
Your Rights Regarding Your Information and Accessing and Correcting Your Information
Do Not Track Signals
Children Under the Age of 18
Changes to Our Privacy Notice
1. Your Use Our Services
2. Information We Collect and How We Collect It
We collect different types of information about you, including information that may directly identify you, information that relates to your use of the Services but individually does not identify you, and information that we combine with our other users. When information identifies you or when there is a reasonable basis to believe the information can identify you, we treat that information as PHI.
Information Collection Practices Generally
The information we collect from and about users of our Services includes the following:
- information by which you may be personally identified, such as name, address, e-mail address and credentials, demographic information, date of birth and age, images and videos of you, gender, Social Security Number, your medical history, health insurance subscriber information, and health information;
- information related to your health, such as sleep habits, mental or behavioral health, health or exercise data, disability information, prescription information, and medical diagnoses,
- information related to your sex or gender, marital status, including sexual orientation, and
- information related to your life experiences, among others.
We may collect this information when you provide it directly in the course of using our Services, such as when you respond to questions, fill in forms, or correspond with us. We may receive this and other information from your care provider at Evernorth Care Group, from your insurance company, or other third parties or affiliates for the purpose of providing our Services.
Cookies and Information Collected Through Automatic Data Collection Technologies
As you navigate through and interact with our Services, we may use automatic data collection technologies, such as cookies, web beacons, tags, and similar technologies, to collect certain information about your equipment, browsing actions, and patterns. This information may include the following:
- details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources that the end user accesses and uses on or through the Services;
- information about your mobile device and internet connection, including electronic identifiers such as unique device identifiers and IP addresses, as well as operating system, browser type, mobile network information, and the device’s telephone number;
- real-time information about the location of your device.
3. How We May Use and Disclose Your Information
We use or disclose PHI for any purpose that would be allowed by HIPAA and our business associate agreements. Some examples of permissible uses and disclosures include the following:
- To provide our Services and allow you to obtain treatment from your provider(s) at Evernorth Care Group. As part of this process we may disclose your PHI to your health provider or other third parties involved in facilitating care, such as companies that host medical records.
- To obtain payment for our services as well as those of Evernorth Care Group, and to process, fulfill, support, and administer transactions and orders for products and services.
- To carry on our own business planning and administrative operations. We need to do this so we can continue to provide high-quality services.
- To provide you with information about products or services that relate to your treatment, such as treatment options or alternatives.
- To provide you with notices and contact you.
- For various public health and safety issues, such as preventing disease, helping with product recalls, reporting adverse reactions, reporting suspected abuse, or preventing or reducing a serious threat to anyone’s health or safety.
- To respond to organ and tissue donor requests.
- To our business associates or other business associates of Evernorth Care Group for purposes that would be allowed by HIPAA.
- To personal representatives or persons involved in your care.
- For research purposes.
- To respond to lawsuits and legal actions.
- To comply with the law and to respond to requests from government agencies, to address workers’ compensation claims, and for law enforcement purposes.
- For the transfer of business assets, in the event we are purchased or we merge with another company.
- To create de-identified data sets by removing certain identifying elements, such as your name and address. We may use and share de-identified information for any purpose as allowed by law and our contracts.
- For any other purpose with your authorization, or at you request, which may require an authorization.
For specifics on how your PHI may be used, please consult the Notice of Privacy Practices from Evernorth Care Group.
We may use non-identifiable information for any purpose allowed by law and our agreements.
4. To Whom We May Disclose Your Information
We disclose PHI to parties involved with your care or benefits, such as your care providers, laboratory testing and processing companies, and your insurance company. We share PHI with business associates who help us provide our Services. We may share anonymous, de-identified information with other service providers to enable us to provide and improve our Services. Some of this information may be shared through the automatic data collection technologies described above. You may be able to limit the sharing of this information by configuring your device as described above.
5. Your Rights Regarding Your Information and Accessing and Correcting Your Information
You may notify us if the information displayed in our Services is incorrect. In addition, you may have certain rights under HIPAA with respect to PHI in our possession. Please consult the Notice of Privacy Practices from Evernorth Care Group for details about these rights.
6. Do Not Track Signals
We do not honor do-not-track signals that may be sent by some browsers or devices.
7. Children Under the Age of 18
Our Services are not intended for, and do not support, access for children under the age of 18.
8. Data Security
We are committed to protecting the privacy and security of our Services. We take reasonable technical and procedural precautions to protect the information received by us. Our infrastructure is protected using industry recognized commercial security products, including encryption technologies, and best practices for maintenance of the Services. In addition, our infrastructure is monitored 24 hours a day, seven days a week.
No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.
9. Linked Sites
Our Services may contain hyperlinks allowing our users to connect to other websites and mobile applications owned by us and our affiliated companies, as well as websites and apps owned by third parties (“Linked Sites”). We have no responsibility for the content or practices of any Linked Site. Please note that once you click on a hyperlink that transfers you to a Linked Site, this Privacy Notice will cease to apply to any subsequent activity on the Linked Site. Please refer to the applicable policies on the Linked Site.
10. Changes to Our Privacy Notice
We reserve the right to amend this Privacy Notice at any time. If changes are made, we will post the revised Privacy Notice on our Services. You can determine when we revised the Privacy Notice by referring to the date listed at the top of this notice. Any changes will become effective when we post the Privacy Notice on our Services. By continuing to use the Services following such changes, you will be deemed to have consented to such changes. If you do not agree with the terms of this Privacy Notice, in whole or in part, please do not use the Services.
11. Contact Information
If you have any questions about this Privacy Notice please feel free to email us or call us toll-free at 1.800.234.4077.