IEHP's Internet Privacy Policy

The privacy of our Members is important to us. We understand that visitors to iehp.org need to be in control of their personal information. 

Therefore, the following is IEHP’s Internet Privacy Policy:

You do not have to give us personal information to visit our site. If you choose not to provide personal information, you can still visit iehp.org.

Cookies

What is a cookie?

A cookie is a small piece of information that is sent to your browser – along with a Web page – when you access a Web site.

There are two kinds of cookies. A session cookie is a line of text that is stored temporarily in your computer's memory. Because a session cookie is never saved, it is destroyed as soon as you close your browser. A persistent cookie is a more permanent line of text that gets saved by your browser to a file on your hard drive.

IEHP uses session cookies only. We do not use any persistent cookies.

IEHP's Use of Cookies

Certain applications on the iehp.org web site require session cookies to function correctly. If you have session cookies disabled, you may not be able to use these applications or features of our site.

Where they are used, IEHP's session cookies remember your selection criteria. For example, if you use the "Screen Reader Friendly" version of iehp.org with cookies disabled, you will need to choose this option for every page. If you have cookies enabled, this preference will be remembered for the duration of your visit.

You do not need to have session cookies enabled to view static web content on iehp.org.

We have set our software so that your browser will only return cookie information to iehp.org. No other site can request it.

Note: Regardless of the particular uses for cookies on IEHP website, we will not share any cookie information with any third parties.

Linking to other sites

From time to time we will provide links to other websites, not owned or controlled by IEHP. We do this because we think this information might be of interest or use to you or where, as a Member, we can provide you with additional information and/or services.

While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of other sites. A link to a non-IEHP Web site does not constitute or imply endorsement by IEHP.

Additionally, we cannot guarantee the quality or accuracy of information presented on non-IEHP websites. We encourage you to review the privacy practices of any website you visit.

The IEHP website clearly displays when a User is leaving the home website and going to a linked site.

How will information collected about me be used?

We may collect personally identifiable information (name, e-mail address, physical address, and other unique identifiers) only if specifically and knowingly provided by you.

Personally identifying information collected, such as information you give us when submitting a grievance, will be used only in connection with iehp.org, or for such purposes as are described at the point of collection.

IEHP will protect the personal information that you share with us. IEHP does not disclose, give, sell, or transfer any personal information to third parties. If we share demographic information with third parties, we will give them aggregate information only.

Information collected is for statistical purposes. IEHP performs analyses of user behavior in order to measure Member interest in the various areas of our sites. 

To change any information that you provided to us online, call IEHP Member Services at 1-800-440-IEHP (4347)/TTY (909) 890-0731.

We manage and maintain retained personal health information for six years in compliance with federal and state regulations. Deletion and/or removals are handled in accordance with Grievance Policy and Procedures: Deletions and Removals.

Use of Electronic Mail

While IEHP will make every attempt to protect the personal information that you share with us, electronic mail is not secure against interception. If your communication is very sensitive, you may want to send it by mail instead. Or call IEHP Member Services at 1-800-440-IEHP (4347)/TTY (909) 890-0731.

We want to be very clear: We will not obtain personally identifying information about you when you visit our site, unless you choose to provide such information.

E-mail sent to Member Services at memberservices@iehp.org will be responded to within 24 hours.

Grievances submitted online will be acknowledged in writing within 5 calendar days.

Requesting Policy and Procedures

You can view our Policy and Procedures detailing editorial policies, security, accountability, and access online, or request a copy by calling IEHP Member Services at 1-800-440-IEHP (4347)/TTY (909) 890-0731.

Changes to Our Web Privacy Statement

The foregoing Web Privacy Statement, effective September 1, 2002, was revised on July 8, 2004.

IEHP may change this statement from time to time without notice. This statement is not intended to and does not create any contractual or other legal right in or on behalf of any party.

Protect yourself against email scams called “phishing” or “spoof” emails.

Protecting Member privacy is a priority at IEHP. We also strongly encourage our Members to take every precaution in guarding their personal information against the Email scam known as “phishing.”

Spoofing and phishing are two different, but interrelated, techniques employed by scammers to steal your personal information. Spoofing refers to the practice of "impersonating" someone else in an e-mail or on the Web. Phishing attempts to trick users into revealing their private information, usually in tandem with a spoofed e-mail and Web page.

What is Email phishing?

“Phishing” is designed to steal identities. Through fraudulent Emails masking as emails from legitimate businesses, criminals attempt to con individuals into providing personal information such as credit card numbers, passwords, account data, or other valuable information.

How does Email phishing work?

The Emails usually display well-known brand names such as your bank, your insurance carrier, or even your wireless provider. These deceptive emails are called "Spoof Emails" because they fake the appearance of a popular website or company in an attempt to commit identity theft. Typically, the Email tries to create a sense of urgency, requesting that the recipient update or confirm their personal information. Links may be provided to a website that may also display the company logo or other well-known elements of the company.

What to watch out for:

1. Generic greetings. Instead of using your name, many fraudulent emails begin with a general greeting, such as: "Dear [Company Name] customer”.
   (IEHP will always send emails that include either your Member ID number or your full name in each email.)
2. A false sense of urgency. The Email will attempt to deceive you with the threat that your account is in jeopardy if you don't update your information as soon as possible. 
3. Fake links. The text in a link may look valid, and then send you to a “spoof” address. Always check where a link is going before you click. Move your mouse over it and look at the URL on your browser or status bar. If it looks suspicious, don’t click on the link.
4. What happens if I receive an Email that is fraudulent or seems to be fraudulent? 
   We suggest that you do not respond to the Email or the Email address in the body of the message. If you receive a suspicious Email purporting to be from IEHP, please contact IEHP Member Services immediately by calling 1-800-440-IEHP.
5. Practice good general computer security measures. This includes installing and maintaining antivirus and firewall software. Some phishing e-mails include spyware that can track your Internet activity and compromise the security of your system.

Note: IEHP does not send Email notices asking for customer payment information, username, or passwords used to manage account.

Messages and transactions

Comments or questions sent to us using e-mail or secure messaging forms may be shared with IEHP staff and health care professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response. All IEHP staff considers Member information confidential. Your Privacy is priority to IEHP.
 
When you use a service on the secure section of this Web site to interact directly with IEHP health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.

Children 
We do not knowingly allow IEHP Members under the age of 18 to create accounts that allow access to the secured features of this site.

Opt out 
If a user makes a request to receive information in an ongoing manner through this Web site by providing their e-mail address (for example, requesting a subscription to one of our online publications), a user may make a request to discontinue future mailings. Similarly, if you receive information about an IEHP service through e-mail, you may make a request to discontinue receiving similar messages in the future. All such materials sent to you by e-mail will contain information about how to opt out.

To stop receiving emails from IEHP, log into your Member account. Click on your “Update Profile” tab and uncheck the box stating, “Email Contact” (do so for each Member in your family).

Also, if as a member you register to use protected features on our Web site, you may be given an opportunity to receive e-mails about different types of IEHP products, services, announcements, and updates. You may change your preferences anytime by calling IEHP Member Services at 1-800-440-IEHP.

Again, we hope to make your online experience enjoyable and secure. Thank you for taking the time to read this Privacy Statement.

Sharing Your Health Information

Privacy guidance when selecting third-party apps

We are required to provide you with access to detailed information about your health history through a “Patient Access API.” While you are a current member, you may access this information by downloading an application (app) on your smartphone, tablet, computer, or other similar device. The information available through the Patient Access API includes information we collect about you while you have been enrolled in certain lines of business since January 1, 2016. The information includes the following information for as long as we maintain it in our records:

• Claims and encounter data concerning your interactions with health care providers
• Clinical data that we collect in the process of providing case management, care coordination, or other services to you.

The information we will disclose may include information about treatment for substance use disorders, mental health treatment, HIV status, or other sensitive information.

It is important for you to understand that the app you select will have access to all your information. The app may not be subject to the Health Insurance Portability and Accountability Act (HIPAA) rules and other privacy laws, which generally protect your health information. Instead, the app’s privacy policy describes self-imposed limitations on how the app will use, disclose, and (possibly) sell information about you. It is important for you to know once we send your data to the app, we no longer control how the app uses or shares your information. If you decide to access your information through the Patient Access API, you should carefully review the privacy policy of any app you are considering using to ensure you are comfortable with what the app may do with your information.

IEHP asks that any app developer planning to access the IEHP Patient Access API attest that it complies with basic privacy and security standards, but you can consent to sharing your data with the app even if they do not attest. When you access a third-party app and select to share your data, IEHP will provide a warning to you if an app did not attest that it complies with basic privacy and security standards.

Things you may wish to consider when selecting an app:

• Will this app sell my data for any reason?
• Will this app disclose my data to third parties for purposes such as research or advertising?
• How will this app use my data? For what purposes?
• Will the app allow me to limit how it uses, discloses, or sells my data?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, can I terminate the app’s access to my data? If so, how difficult will it be to terminate access?
• What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
• How will this app inform me of changes in its privacy practices?
• Will the app collect non-health data from my device, such as my location?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family members?
• Will the app permit me to access my data and correct inaccuracies? (Note that correcting inaccuracies in data collected by the app will not affect inaccuracies in the source of the data.)
• Does the app have a process for collecting and responding to user complaints?

If the app’s privacy policy does not satisfactorily answer these questions, you may wish to reconsider using the app to access your health information. Your health information may include very sensitive information. You should therefore be careful to choose an app with strong privacy and security standards to protect it.

Covered entities and HIPAA enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. IEHP is subject to HIPAA as are most health plans and health care providers, such as hospitals, doctors, and clinics.

You can:

• Find more information about your rights under HIPAA and who is obligated to comply with HIPAA
• Learn more about filing a complaint with OCR related to HIPAA requirements
• File a complaint by calling 1-800-440-4347; or completing the grievance form on our website here: GRIEVANCE FORM.

Apps and privacy enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts (such as an app that discloses personal data in violation of its privacy notice). An app that violates the terms of its privacy notice may be subject to the jurisdiction of the Federal Trade Commission (FTC). The FTC provides information about mobile app privacy and security for consumers.

If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC and file a complaint.