Skip to main content
Edit Page Style Guide Control Panel

Privacy

ONLINE PRIVACY AND SECURITY

Your Acceptance of These Terms

By using this Site, you signify your acceptance of these policies. If you do not agree to these policies, please do not use our Site. Your continued use of the Site following the posting of changes to these policies will be deemed your acceptance of those changes.

Updates to this Statement

Evolving technology will continue to provide RGA OF ID with new and better ways to safeguard your information. We may update this statement in the future to reflect these technological advances, and we encourage you to return to this page from time to time for any updates.

Security Practices

RGA OF ID attempts to protect online information according to applicable laws and established company security standards and practices. We have Security measures in place to protect against the loss, misuse, or alteration of information under our control, and we continually evaluate new technologies for safeguarding your information. However, we cannot guarantee the confidentiality or security of electronic transmissions via the Internet because they may potentially use unsecure computers and links, and data may be lost or intercepted by unauthorized parties during such transmission.

Sensitive information you provide to us online is protected by Secure Socket Layer (SSL) technology. SSL is the leading security protocol for data transfer on the Internet. This technology encrypts your account information as it moves between your Internet browser and RGA OF ID computer systems. When information is encrypted in this way, it becomes nearly impossible for anyone other than RGA OF ID to read it. This secure session helps protect the safety and confidentiality of your information when you interact with RGA OF ID online.

Personal identification information

We may collect personal identification information from Users in a variety of ways in connection with activities, services, features or resources we make available on our website. We will collect personal identification information from users only if they voluntarily submit such information to us. Users can always refuse to supply personal identification information, except that it may prevent them from engaging in certain Site related activities.

Non-personal identification information

We may collect non-personal identification information about Users whenever they interact with our Site. Non-personal identification information may include the browser name, the type of computer and technical information about Users means of connection to our Site, such as the operating system and the Internet service providers utilized and other similar information.

Cookies, Pixels, & Similar Technologies

Technologies like cookies, pixels, device or other identifiers (collectively, "Cookies and similar technologies") are used to deliver, secure, and understand products and services offered by RGA OF ID. Cookies are small files that are placed on your browser or device by the website you are viewing or app you are using. Pixel tags (also called clear GIFs, web beacons, or pixels) are small blocks of code on a website or app that allow them to do things like read and place cookies and transmit information to us.

We use cookies and similar technologies for a variety of reasons, such as allowing us to show you content and material that's most relevant to you, improving our products and services, and helping to keep our products and services secure. While specific names of the cookies and similar technologies that we use may change from time to time as we improve and update our products and services, they generally fall into the following categories of use: authentication, security, insights and measurements, localization, and site features and performance.

We sometimes use service providers or partner with third parties to help us provide or inform you of certain products and services. RGA OF ID may contract with these other companies that use cookies and similar Technology to collect information regarding your interaction with RGA OF ID advertisements and your use of both RGA OF ID and third-party websites. We may transfer information to service providers and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our products and services are used, measuring the effectiveness of ads and services, providing customer service, and facilitating payments.

If you do not want to receive cookies and similar technologies from this site, you can set your browser to not accept them.

How we protect your information

We adopt appropriate data collection, storage and processing practices and security measures to protect against unauthorized access, alteration, disclosure or destruction of your personal information, username, password, transaction information and data stored on our Site.

Sensitive and private data exchange between the Site and its Users happens over a SSL secured communication channel and is encrypted and protected with digital signatures.

Sharing your personal information

We do not sell, trade, or rent Users personal identification information to others. We may share generic aggregated demographic information not linked to any personal identification information regarding visitors and users with our business partners, trusted affiliates and advertisers for the purposes outlined above.

Use of Email

Use your own best judgment when sending information via the Internet to an email address. Email sent via the Internet may pass through private and public networks with varying levels of security. Some networks may have taken steps to secure email transmissions while others have not, thereby compromising the privacy and integrity of an email. An email may be copied, altered or destroyed. RGA OF ID will respect your request not to be contacted by email.

After your email is received, RGA OF ID preserves the content of your email, your email address and our response so we can efficiently respond to questions you might have. We also do this in an effort to meet legal and regulatory requirements.

Third Party Websites

Users may find content on our Site that links to the websites and services of our partners, suppliers, licensors, and other third parties. We do not control the content or links that appear on these sites and are not responsible for the practices employed by websites linked to or from our Site. In addition, these sites or services, including their content and links, may be constantly changing. These sites and services may have their own privacy policies and customer service policies. Browsing and interaction on any other website, including websites which have a link to our Site, is subject to that website's own terms and policies.

Washington My Health My Data Act (“MHMDA”) Privacy Policy

Important note: This Policy applies only to data specifically subject to the protections of the Washington My Health My Data Act (“MHMDA”). Your information may be subject to protections under other laws, and RGA OF ID follows applicable laws based on the type of information.

For more on the types of information subject to MHMDA, please review the Washington Attorney General’s website.

Job Candidate Data

If you express interest in a job at RGA OF ID, by registering with our site or submitting a resume, cover letter or application, the data you share with us will be “aggregated.” This means that data or information regarding your career history, such as education, occupation, location, and experience, will be collected and that your anonymity will be preserved. Aggregated data is not identifiable to you as an individual and is used by RGA OF ID or our vendor Broadbean/CareerBuilder for analysis and understanding trends.

Washington Citizen Rights

Individuals who reside in the state of Washington or who have their data collected, stored, shared or sold in Washington, have additional rights reserved under the Washington My Health My Data Act (MHMDA) related to data specifically defined as Consumer Health Data (refer to Disclosure Categories). The purpose of this policy is to notify you of the categories of information we may collect about you that may be subject to the MHMDA; to describe your opportunity to opt-in to such data collection, as well as the process for you to request your data be deleted or corrected. If we make any changes to the types of data we collect or the uses we collect such data, we will provide notice and obtain your consent.

Restriction on Geofencing. MHMDA prohibits the practice of using Consumer Health Data for “geofencing” Purposes. RGA OF ID does not engage in this practice.

Right to Opt-Out. We do not sell personal information. Additionally, your decision to opt-out of data collection will be documented at the point such data collection occurs.

Right to Opt-In. MHMDA requires prior opt-in consent for the collection of consumer health data. RGA OF ID will request and document your consent at the point data collection occurs.

Right to Request Personal Information. As a consumer, you have the “right to know” and request that we disclose what personal information we collect, use, and disclose. See the instructions below for submitting a verifiable request, including through the online request form offered by us. You have the right to request the categories of personal information, as detailed under the MHMDA, we have collected and store about you. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the MHMDA. Upon receipt of a verifiable consumer request, described below in this Privacy Statement/Notice, from you to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to exercise of this or other applicable right(s). The information may be delivered by mail or electronically, dependent on portability and technical considerations under the MHMDA. We may provide personal information to you at any time following a verified request
but shall not be required to provide personal information to you more than twice in a twelve (12)-month period.
Right to Correct Personal Information. If you feel the personal information that we maintain about you is incorrect or incomplete, you have the right to request correction to your personal information.

Right to Delete Personal Information. You have the right to request we delete personal information we, or our service providers, store about you. Please keep in mind our response to such a request, upon verification, may include an explanation of the business purpose under which we may retain your information (for example, we would need to retain copies of a business transaction for financial records) in accordance with the MHMDA. If you are a Washington consumer and would like to submit a request based on this section of our Privacy Statement, please email us at PrivacyOffice@accesstpa.com with “MHMDA Delete Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant.

Non-Discrimination. If you elect to exercise any right(s) under this section of our Privacy Statement, we will not discriminate or retaliate against you.
If you are a Washington consumer and would like to submit a request based on this section of our Privacy Statement, please email us at PrivacyOffice@accesstpa.com or call us toll-free at (877) 878-2273. Also, be sure to check this policy for updates as we will review it at least every twelve (12) months and make updates as necessary.
Identity Verification Requirement. We reserve the right to verify that any data access request submitted under the authority of the MHMDA was made by someone with the legal right to make the request. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, under the terms of the MHMDA, we may request that you provide us with additional information in order for us to verify your identity, your request, and legal authority (ex. authorized representative). Only you, or a person authorized on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Please indicate in your request if either of these apply, as additional verification may apply (ex. verify consumers identify and confirm with impacted person(s) that the authorized agent has permission to submit the request).

A verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it.

Access Request Responses. Under the MHMDA, there may be certain circumstances where we would deny your request to access, receive, or delete personal information we hold. For example, we would deny requests where any such access or disclosure would interfere with our regulatory or legal obligations, where we cannot verify your identity, and/or where exemptions/exceptions permitted by the MHMDA apply.

Disclosure of Categories. As defined by the MHMDA, categories of personal information collected from consumers by us within the past twelve (12) months include:

MHMDA Disclosure of Categories

CategoriesExamplesCollected
( Yes or No )
IdentifiersA real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.Yes
Personal information categories listed in the My Health My Data Act (MHMDA) (44.28 RCW 19).We may, at times, collect information that meets the definition of “Consumer Health Data”. "Consumer health data" means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status. For the purposes of this definition, physical or mental health status includes: individual health conditions, treatment, diseases, or diagnoses; social, psychological, behavioral, and medical interventions; health-related surgeries or procedures, diagnostic testing, and treatment; use or purchase of prescribed medication; bodily functions, vital signs, symptoms, or related measurements; gender-affirming care information; reproductive or sexual health information; biometric and genetic data; precise location information that could reasonably indicate a consumer's attempt to acquire or receive health services or supplies; data that identifies a consumer seeking health care services; and any information that a regulated entity or a small business, or their respective processor, processes to associate or identify a consumer with the data that is derived or extrapolated from non-health information, such as proxy, derivative, inferred, or emergent data.Yes
Protected classification characteristics under Washington or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).Yes
Commercial information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Yes
Biometric information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.Yes
Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.Yes
Geolocation data.Geolocation data.Yes
Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.Yes
Professional or employment-related information.Current or past job history or performance evaluations.Yes
information (per the Family Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records.Yes
Inferences drawn from other personal information.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes

Exemptions. The Act does not apply to personal information that is collected, used, or disclosed pursuant to specified federal and state laws, including: protected health information for the purposes of the HIPAA; health care information collected, used, or disclosed in accordance with the state UHCIA; patient identifying information collected, used, or disclosed in accordance with federal law relating to confidentiality of substance use disorder records; and personal information governed by the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and statutes and regulations applicable to the Washington Health Benefit Exchange Exemptions. The Act does not apply to personal information that is collected, used, or disclosed pursuant to specified federal and state laws, including: protected health information for the purposes of the HIPAA; health care information collected, used, or disclosed in accordance with the state UHCIA; patient identifying information collected, used, or disclosed in accordance with federal law relating to confidentiality of substance use disorder records; and personal information governed by the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and statutes and regulations applicable to the Washington Health Benefit Exchange.

Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the MHMDA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.

This business has not sold categories of personal information within the meaning of the MHMDA, including minors under sixteen (16) years of age. Categories of personal information from our consumers disclosed for a business purpose within the past twelve (12) months include:

(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;

(B) Categories of personal information described as "consumer health data" (44.28 RCW 19)

(C) Characteristics of protected classifications under Washington or federal law;

(D) Commercial information, including records of personal property, products or services purchased, obtain, or considered, or other purchasing or consuming histories or tendencies;

(E) Biometric information;

(F) Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;

(G) Geolocation data;

(H) Audio, electronic, visual, thermal, olfactory, or similar information;

(I) Professional or employment-related information; and

(J) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology). Categories of sources from which personal information was directly and indirectly collected in the past twelve (12) months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to.

Categories of third parties with whom the business shared personal information in the past twelve (12) months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.

Contact Us. To make a request please contact us at PrivacyOffice@accesstpa.com with “MHMDA Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant. You can also use the other contact methods mentioned previously. If you are from another area (ex. state) and believe you are entitled to exercise applicable right(s), please use the email address and/or phone number given and include relevant details. If you have questions or concerns about our privacy policies and practices, you can use the contact methods mentioned above (ex. telephone, email) in this Notice to contact us.

NOTICE OF PRIVACY PRACTICES

THIS NOTICE DESCRIBES HOW MEDICAL INFORAMTION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

We, at RGA OF ID, know you value your privacy. That is why we are committed to the confidentiality and security of information that we collect about you (“protected health information” or “PHI”). We maintain physical, administrative and technical safeguards to protect against unauthorized access, use, or disclosure of your personal information, including information we share internally either orally, electronically, or in writing.
We are required by law to maintain the privacy of PHI and to explain our legal duties and privacy practices. We are also required by law to notify affected individuals following a breach of unsecured
protected health information. This notice applies to all protected health information that we maintain, including information of former members who are no longer covered by us. We hope this notice will clarify our responsibilities to you and give you an understanding of your rights. We are required to abide by the notice that is currently in effect.

BY USING THIS WEBSITE OR SUBMITTING ANY INFORMATION, INCLUDING PERSONAL INFORMATION SUCH AS YOUR NAME, EMAIL ADDRESS AND OTHER NON-PUBLIC INFORMATION, YOU (AND IF APPLICABLE ORGANIZATION THAT YOU REPRESENT) ACKNOWLEDGE TO BE BOUND TO THE TERMS OF THIS PRIVACY POLICY. IF YOU DO NOT AGREE TO THIS PRIVACY POLICY, DO NOT USE RGA OF ID’S WEBSITE OR COMPLETE ANY FORMS OR OTHERWISE PROVIDE RGA OF ID WITH ANY OF YOUR INFORMATION.

Changes to this Privacy Policy

RGA OF ID has the discretion to update this privacy policy at any time. When we do, we will revise the updated date at the bottom of this page. We encourage Users to frequently check this page for any changes to stay informed about how we are helping to protect the personal information we collect. You acknowledge and agree that it is your responsibility to review this privacy policy periodically and become aware of modifications.

Your Rights

You may exercise the following rights by calling our Customer Care Department or writing to our Privacy Office. See “Contacting Us” at the end of this notice.

Inspection and Copies

You have the right to request, to inspect, or receive a copy of protected health information that we maintain about you in a “designated record set.” A “designated record set” generally includes the information we use to administer your health benefits, such as enrollment information and claims. We are permitted to charge a fee for copies you request.

Amendment

If you believe that PHI we maintain about you in a designated record set is inaccurate or incomplete, you have the right to request an amendment to correct or complete the information. You must submit your request in writing and explain the reason for the amendment. If we agree to make the change, we will make reasonable efforts to inform others, including people you identify, that the information has been amended and we will use our best efforts to include the amendment with any future disclosure. If we decline to amend information (for example, if we did not create the original record), you have the right to submit a statement of disagreement which we will include in future discloses of the relevant information. We may attach a rebuttal statement to your statement of disagreement.

Accounting

You have the right to request a list of certain disclosures of your PHI. The list will not include disclosures we made for treatment, payment, or health care operations, that took place more than six (6) years ago, or that were made for certain other reasons (as permitted by law). We will supply this list free of charge one (1) time a year, at your request. If you request an accounting more than once in a twelve (12) month period, we may charge a reasonable fee.

Complaints

You have the right to submit a complaint if you believe we have violated your privacy rights. To submit a complaint, please either complete and electronically submit the Privacy Complaint form located under the Member Forms section of this Site, or contact us

Permitted Uses and Disclosures

To administer your health benefits, RGA OF ID collects, uses, and discloses PHI for a variety of purposes:

Treatment

RGA OF ID may disclose PHI to a health care provider in order for the provider to treat you, including providing case management to you. For example, we may provide information about your prescriptions to your provider to ensure the provider has information that may affect your treatment.

Payment

RGA OF ID may use or disclose PHI for payment purposes, including to adjudicate claims, issue Explanation(s) of Benefits (EOBs), or to coordinate benefits with other entities responsible for paying your claims.

Healthcare Operations

RGA OF ID may disclose PHI to facilitate operations, including underwriting, customer service and the prevention of fraud or abuse. We may not, however, use or disclose genetic information for underwriting purposes.

Business Associates

RGA OF ID contracts with Business Associates to perform health plan related functions on our behalf. We disclose PHI to these Business Associates and we permit them to collect, use, or disclose PHI on our behalf to perform these functions. RGA OF ID contractually obligates our Business Associates (and they are required by law) to provide the same Privacy protections that we provide.

Employers and Other Plan Sponsors

You are enrolled in an employer-sponsored group health plan. Therefore, RGA OF ID may disclose PHI to your group health plan or Plan Sponsor to facilitate the administration of the Plan. When we provider your personal information to your employer (or other Plan Sponsors), we comply with the required safeguards to protect your information.

As Permitted or Required by Law

RGA OF ID uses or discloses PHI as permitted or required by law. For example, some laws permit or require us to disclose PHI for workers’ compensation programs or to certain government agencies, such as the Food and Drug Administration (“FDA”).

Public Health Activities

RGA OF ID may disclose your PHI for Public Health Activities, such as to:

(A) Public health agencies for the prevention and control of disease;

(B) Coroners or medical examiners for their duties;

(C) Agencies that engage in the procurement, banking, or transportation of organs and/or tissue(s) for donation and/or transplant services;

(D) Researchers for research intended to improve the health care system; and

(E) Third parties as necessary to avert a serious threat to the health or safety of a person.

Health Oversight

RGA OF ID may disclose PHI to health oversight agencies (which regulate health plans, health care providers, and the health systems, and who investigate healthcare fraud). These agencies include:

(A) The State Commissioner of Insurance;

(B) State Board of Medicine;

(C) The US Department of Health and Human Services (“HHS”);

(D) The US Department of Labor (“DOL”); and

(E) The Federal Bureau of Investigation (“FBI”).

Legal Proceedings

RGA OF ID may disclose Phi in the course of a judicial or administrative proceeding, and in response to a court order, subpoena, discovery request, or other lawful process.

Law Enforcement

RGA OF ID may disclose PHI to law enforcement officials in response to an administrative subpoena, a warrant, or an administrative request intended to identify or locate a suspect, victim, or witness. We may also disclose PHI for the purpose of reporting a crime on our premises.

Military and National Security

RGA OF ID may disclose PHI to armed forces personnel for military activities and to authorized federal officials for national security and intelligence activities.

Correctional Institution

RGA OF ID may disclose PHI of an inmate to a correctional institution for treatment purposes or to ensure the safety of the inmate and others.

You

RGA OF ID may disclose your PHI to you at your request, to inform you about the status of your claims, or for other purposes.

Others Involved in Your Care

RGA OF ID may disclose PHI to a Personal Representative, such as a court-appointed guardian, executor, conservator, and parents of minor children under the age of thirteen (13), as well as to attorneys in fact when a valid power of attorney exists. In addition, if you give us verbal permission or if your permission can be implied (for example, if you call our Customer Care team with a family member or friend on the line), we may disclose PHI to them on your behalf. This permission is only valid for a limited time. If you want to authorize on-going disclosures to family members or friends, you must submit written authorization.

Authorizations

You may give RGA OF ID written authorization to use PHI or to disclose PHI about yourself to anyone, for any purpose. An Authorization remains valid for two (2) years. You may revoke an Authorization at any time by submitting a written revocation (see “Contacting Us,” below) but a revocation will not affect any use or disclosure that we made relying on the Authorization while it was in effect. An Authorization is required for us to use or disclose your PHI for purposes other than those described in this notice. In particular, we need your written Authorization to use or disclose psychotherapy notes, except in limited circumstances such as when the disclosure is required by law. We would also need to obtain your written Authorization if we wanted to sell information about you to a third-party or send you communications about products and services that are not related to your health.

CALIFORNIA CITIZEN RIGHTS

Individuals who reside in the state of California, a “consumer,” as that term is defined under California law, have additional rights reserved under the California Consumer Privacy Act (CCPA) and the California Shine the Light law:

Right to Opt-Out. We do not sell personal information.

Right to Request Personal Information. As a consumer, you have the “right to know” and request that we disclose what personal information we collect, use, and disclose. See the instructions below for submitting a verifiable request, including through the online request form offered by us. You have the right to request the categories of personal information, as detailed under the CCPA, we have collected and store about you. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the CCPA.

Upon receipt of a verifiable consumer request, described below in this Privacy Statement/Notice, from you to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to exercise of this or other applicable right(s). The information may be delivered by mail or electronically, dependent on portability and technical considerations under the CCPA. We may provide personal information to you at any time following a verified request, but shall not be required to provide personal information to you more than twice in a twelve (12) -month period.

Right to Delete Personal Information. You have the right to request we delete personal information we, or our service providers, store about you. Please keep in mind our response to such a request, upon verification, may include an explanation of the business purpose under which we may retain your information (for example, we would need to retain copies of a business transaction for financial records) in accordance with the CCPA.

Non-Discrimination. If you elect to exercise any right(s) under this section of our Privacy Statement, we will not discriminate or retaliate against you.

If you are a California consumer and would like to submit a request based on this section of our Privacy Statement, please use this web form, email us at compliance@cambiahealth.com, or call us toll-free at 877-878-2273. Also, be sure to check this policy for updates as we will review it at least every twelve (12) months and make updates as necessary.

Identity Verification Requirement. We are required by law to verify that any data access request submitted under the authority of the CCPA was made by someone with the legal right to access the personal information requested. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, under the terms of the CCPA, we may request that you provide us with additional information in order for us to verify your identity, your request, and legal authority (ex. authorized representative). Only you, or a person registered with the California Secretary of State that you authorize to act on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Please indicate in your request if either of these apply, as additional verification may apply (ex. verify consumer’s identify and confirm with impacted person(s) that the authorized agent has permission to submit the request).

A verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it.

In general, our verification process includes reviewing the information submitted in the request, comparing it to the right(s) requested; the number of verification points/methods required by the

CCPA; and the type, sensitivity, and risk of information requested, including to the consumer, from unauthorized disclosure or deletion. An account is not required with us in order to make a request. We will use personal information provided in a verifiable consumer request to verify the requestor's identity and authority to make the request, or otherwise as permitted by the CCPA (ex. record retention). We will respond to a verifiable consumer request within 45 days of its receipt, and if we require more time (up to ninety [90] total days), we will inform you of the reason of the extension in writing. A response to a consumer request will be provided as required by the CCPA, such as through an account (if one exists), or otherwise by mail or electronically.

Access Request Responses. Under the CCPA, there may be certain circumstances where we would deny your request to access, receive, or delete personal information we hold. For example, we would deny requests where any such access or disclosure would interfere with our regulatory or legal obligations, where we cannot verify your identity, and/or where exemptions/exceptions permitted by the CCPA apply. We also have the ability under the CCPA to deny requests if it would result in our disproportionate cost or effort. Further, certain rights granted by the CCPA will not be effective until January 1, 2021. However, even where we will not substantively complete a request made under the CCPA, we will still provide a response and explanation to your request within a reasonable time frame and as required by law.

Disclosure of Categories. As defined by the CCPA, categories of personal information collected from consumers by us within the past twelve (12) months include:

CategoriesExamplesCollected
( Yes or No )
A. Identifiers.A real name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver's license number, passport number, or other similar identifiers.Yes
B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)).A name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver's license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. Some personal information included in this category may overlap with other categories.Yes
C. Protected classification characteristics under California or federal law.Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information).Yes
D. Commercial Information.Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies.Yes
E. Biometric Information.Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, face prints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data.Yes
F. Internet or other similar network activity.Browsing history, search history, information on a consumer's interaction with a website, application, or advertisement.Yes
G. Geolocation data.Physical location or movements.Yes
H. Sensory data.Audio, electronic, visual, thermal, olfactory, or similar information.Yes
I. Professional or employment-related information.Current or past job history or performance evaluations.Yes
J. Non-public education information (per the Family
Educational Rights and Privacy Act (20 U.S.C. Section 1232g, 34 C.F.R. Part 99)).
Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student
disciplinary records.
No
K. Inferences drawn from other personal information.Profile reflecting a person's preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.Yes

Personal information may also be collected in the course of a natural person acting as a current or former job applicant, employee, director, officer, or contractor within the context of that natural person’s role. Additional information collected may include emergency contact and information to administer benefits, including to another person.

“Personal information” does not include publicly available information, meaning information that is lawfully made available from federal, state, or local government records. “Publicly available” does not mean biometric information collected by a business about a consumer without the consumer’s knowledge. “Personal information” also does not include consumer information that is deidentified or aggregate consumer information. This Notice addresses online and offline practices by us. Information excluded from the CCPA’s scope includes health or medical information covered by the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Other information excluded includes those covered by the California Confidentiality of Medical Information Act (CMIA) or clinical trial data, and personal information covered by certain sector-specific privacy laws, including the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (FIPA), and the Driver’s Privacy Protection Act of 1994.

Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the CCPA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.

This business has not sold categories of personal information within the meaning of the CCPA, including minors under sixteen (16) years of age.

Categories of personal information from our consumers disclosed for a business purpose within the past twelve (12) months include:

(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;
(B)
Categories of personal information as described in California Civil Code 1798.80(e);
(C)
Characteristics of protected classifications under California or federal law;
(D)
Commercial information, including records of personal property, products or services purchased, obtain, or considered, or other purchasing or consuming histories or tendencies;
(E)
Biometric information;
(F)
Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;
(G)
Geolocation data;
(H)
Audio, electronic, visual, thermal, olfactory, or similar information;
(I)
Professional or employment-related information; and
(J)
Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology).

Categories of sources from which personal information was directly and indirectly collected in the past twelve (12) months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to.

Categories of third parties with whom the business shared personal information in the past twelve (12) months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.

Annual reporting. As required by the CCPA, for the prior calendar year the following information is provided. Number of Requests to Know that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Delete that we received (0), complied with in whole (0) or in part (0), and denied (0). Number of Requests to Opt-Out that we received (0), complied with in whole (0) or in part (0), and denied (0). The mean number of days within which we substantively responded to Requests to Know (28 calendar days), Requests to Delete (0 calendar days), and Requests to Opt-out (0 calendar days).

There were no CCPA requests for 2023.

Finally, you may be able to request information contained in the California Citizen Rights section in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information contained within our Privacy Policy.

Year: 2023

Request to KnowRequest to DeleteRequest to Opt - OutAverage days to respond
Denied000N/A
Complied in Part000N/A
Complied in Whole000N/A
Total000N/A
Average Day(s) to RespondN/AN/AN/AN/A

Finally, you may be able to request information contained in the California Citizen Rights section in another language where we provide such notices in the ordinary course of business or in an alternative format if you have a disability. Please see our contact information contained within our Privacy Policy.

Contact Us. To make a request please contact us at please contact the us at compliance@cambiahealth.com with “CCPA Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information and any other detail you feel is relevant. If you are from another area (ex. state) and believe you are entitled to exercise applicable right(s), please use the email address and/or phone number given and include relevant details.

Contacting us

If you have any questions about this Privacy Policy, the practices of this site, or your dealings with this site, please contact us at:

Regence Group Administrators of Idaho 

https://id.accessrga.com/

PO Box 85001, Bellevue, WA 98015-5001

PrivacyOffice@accesstpa.com

800-869-7093

If you feel we have violated your Privacy rights, you can submit a complaint, using this form.

You may also file a complaint with the U.S. Department of Health and Human Services Office for Civil Rights by sending a letter to:

Office for Civil Rights

200 Independence Avenue, S.W.

Washington, D.C. 20201

This notice was last updated on March 1, 2025.