EVERNORTH MOBILE APPLICATION PRIVACY NOTICE

Date: April 20, 2023 Version: 1.0

This Privacy Notice applies to information collected by Evernorth Health, Inc. (“Evernorth,” “we,” “our,” or “us”) from users of the mobile application on which it is posted (our “Services”). Our Services are intended for patients of Evernorth Care Group (d/b/a of Cigna Healthcare of Arizona, Inc.) (“Evernorth Care Group”), an affiliate of Evernorth, and are designed to facilitate access to care and enhance the care experience.

In providing these Services, Evernorth is acting as a business associate to Evernorth Care Group under the Heath Insurance Portability and Accountability Act (“HIPAA”). A business associate is a contractor that provides services on behalf of HIPAA covered entities, including health care providers. Accordingly, when Evernorth receives identifiable information about patients through the use of these Services, we will treat that information as protected health information (“PHI”) and will abide by HIPAA and our agreements with respect to that information. Additional information about how we may use your PHI, as well as rights you may have with respect to that information, may be found in the Notice of Privacy Practices that Evernorth Care Group has separately provided you.   

Contents

1. Your Use Our Services

2. Information We Collect and How We Collect It

3. How We May Use and Disclose Your Information

4. To Whom We May Disclose Your Information

5. Your Rights Regarding Your Information and Accessing and Correcting Your Information

6. Do Not Track Signals

7. Children Under the Age of 18

8. Data Security

9. Linked Sites

10. Changes to Our Privacy Notice

11. Contact Information

1. Your Use Our Services

Please read this Privacy Notice carefully to understand our policies and practices regarding the collection and use of information we receive through the use of our Services. If you do not agree with our policies and practices, you should not use our Services. You are deemed to have read and acknowledged the terms in this Privacy Notice when you use the Services and/or when you have indicated in your online registration that you accept the Terms of Use into which this Privacy Notice is referenced. You are deemed to have read and acknowledged this Privacy Notice each time you access or use our Services after initial registration. This Privacy Notice may change from time to time (see the Changes to Our Privacy Notice section, below). Your continued use of our Services after we make changes is deemed acknowledgement of those changes, so please check this Privacy Notice periodically for updates.

2. Information We Collect and How We Collect It

We collect different types of information about you, including information that may directly identify you, information that relates to your use of the Services but individually does not identify you, and information that we combine with our other users. When information identifies you or when there is a reasonable basis to believe the information can identify you, we treat that information as PHI.

Information Collection Practices Generally

The information we collect from and about users of our Services includes the following:

• information by which you may be personally identified, such as name, address, e-mail address and credentials, demographic information, date of birth and age, images and videos of you, gender, Social Security Number, your medical history, health insurance subscriber information, and health information;
• information related to your health, such as sleep habits, mental or behavioral health, health or exercise data, disability information, prescription information, and medical diagnoses,
• information related to your sex or gender, marital status, including sexual orientation, and
• information related to your life experiences, among others.

We may collect this information when you provide it directly in the course of using our Services, such as when you respond to questions, fill in forms, or correspond with us. We may receive this and other information from your care provider at Evernorth Care Group, from your insurance company, or other third parties or affiliates for the purpose of providing our Services.

Cookies and Information Collected Through Automatic Data Collection Technologies

As you navigate through and interact with our Services, we may use automatic data collection technologies, such as cookies, web beacons, tags, and similar technologies, to collect certain information about your equipment, browsing actions, and patterns. This information may include the following:

• details of your access to and use of the Services, including traffic data, location data, logs, and other communication data and the resources that the end user accesses and uses on or through the Services;
• information about your mobile device and internet connection, including electronic identifiers such as unique device identifiers and IP addresses, as well as operating system, browser type, mobile network information, and the device’s telephone number;
• real-time information about the location of your device.

We may store cookies on your device in order to improve your experience with our Services. For example, we may use cookies to recognize you when you return to the Services, maintain data you have entered across multiple sessions, and store information about your personal preferences. Two types of cookies may be used for these purposes:  session cookies and persistent cookies. Session cookies exist only during an online session. Persistent cookies remain on a device after a session.

It may be possible to refuse to accept cookies by changing the settings on your device or operating system to prevent cookies or similar technologies from being set. However, if you select this setting you may be unable to access certain parts of the Services. Unless you have adjusted your device settings so that it will refuse cookies, our system may issue cookies when you use the Services.

3. How We May Use and Disclose Your Information

We use or disclose PHI for any purpose that would be allowed by HIPAA and our business associate agreements. Some examples of permissible uses and disclosures include the following:

• To provide our Services and allow you to obtain treatment from your provider(s) at Evernorth Care Group. As part of this process we may disclose your PHI to your health provider or other third parties involved in facilitating care, such as companies that host medical records.
• To obtain payment for our services as well as those of Evernorth Care Group, and to process, fulfill, support, and administer transactions and orders for products and services.
• To carry on our own business planning and administrative operations. We need to do this so we can continue to provide high-quality services. 
• To provide you with information about products or services that relate to your treatment, such as treatment options or alternatives. 
• To provide you with notices and contact you.
• For various public health and safety issues, such as preventing disease, helping with product recalls, reporting adverse reactions, reporting suspected abuse, or preventing or reducing a serious threat to anyone’s health or safety.
• To respond to organ and tissue donor requests.
• To our business associates or other business associates of Evernorth Care Group for purposes that would be allowed by HIPAA.
• To personal representatives or persons involved in your care.
• For research purposes.
• To respond to lawsuits and legal actions.
• To comply with the law and to respond to requests from government agencies, to address workers’ compensation claims, and for law enforcement purposes.
• For the transfer of business assets, in the event we are purchased or we merge with another company.
• To create de-identified data sets by removing certain identifying elements, such as your name and address. We may use and share de-identified information for any purpose as allowed by law and our contracts.
• For any other purpose with your authorization, or at you request, which may require an authorization.

For specifics on how your PHI may be used, please consult the Notice of Privacy Practices from Evernorth Care Group.  

We may use non-identifiable information for any purpose allowed by law and our agreements.  

4. To Whom We May Disclose Your Information

We disclose PHI to parties involved with your care or benefits, such as your care providers, laboratory testing and processing companies, and your insurance company. We share PHI with business associates who help us provide our Services. We may share anonymous, de-identified information with other service providers to enable us to provide and improve our Services. Some of this information may be shared through the automatic data collection technologies described above. You may be able to limit the sharing of this information by configuring your device as described above.

5. Your Rights Regarding Your Information and Accessing and Correcting Your Information

You may notify us if the information displayed in our Services is incorrect. In addition, you may have certain rights under HIPAA with respect to PHI in our possession. Please consult the Notice of Privacy Practices from Evernorth Care Group for details about these rights.

6. Do Not Track Signals

We do not honor do-not-track signals that may be sent by some browsers or devices.

7. Children Under the Age of 18

Our Services are not intended for, and do not support, access for children under the age of 18.

8. Data Security

We are committed to protecting the privacy and security of our Services. We take reasonable technical and procedural precautions to protect the information received by us. Our infrastructure is protected using industry recognized commercial security products, including encryption technologies, and best practices for maintenance of the Services. In addition, our infrastructure is monitored 24 hours a day, seven days a week.

No method of transmission over the Internet or storage of data on an Internet server is 100% secure. Although we use commercially acceptable and reasonable precautions to protect your information, we do not guarantee its absolute security.

9. Linked Sites

Our Services may contain hyperlinks allowing our users to connect to other websites and mobile applications owned by us and our affiliated companies, as well as websites and apps owned by third parties (“Linked Sites”). We have no responsibility for the content or practices of any Linked Site. Please note that once you click on a hyperlink that transfers you to a Linked Site, this Privacy Notice will cease to apply to any subsequent activity on the Linked Site. Please refer to the applicable policies on the Linked Site.

10. Changes to Our Privacy Notice

We reserve the right to amend this Privacy Notice at any time. If changes are made, we will post the revised Privacy Notice on our Services. You can determine when we revised the Privacy Notice by referring to the date listed at the top of this notice. Any changes will become effective when we post the Privacy Notice on our Services. By continuing to use the Services following such changes, you will be deemed to have consented to such changes. If you do not agree with the terms of this Privacy Notice, in whole or in part, please do not use the Services.

11. Contact Information

If you have any questions about this Privacy Notice please feel free to email us or call us toll-free at 1.800.234.4077.