Sprite Health:Sprite Health Digital Platform Privacy Policy

Sprite Health, Inc., its subsidiaries, and its affiliates (“Sprite Health” or “we” or “us”) have established this Digital Platform Privacy Policy (“Policy”) to describe how we collect, use, and share Personal Information through the Sprite Health member, provider and plan sponsor facing websites and apps. These websites and apps include: the Spritehealth.com, Sprite Health member portal, provider portal, plan sponsor portal, mobile applications, and other digital services (collectively, the “Digital Platform”).

This Policy applies to all individuals and entities who use or access our Digital Platform, including authorized users representing their company, its employees, or other persons using or accessing the Digital Platform individually (each user shall be referred to in this policy as “you”). By visiting spritehealth.com or by accessing or using our Digital Platform, you agree to be bound by this Policy as of the date of such action.

This Policy does not apply to:

Third party sites or applications to which we provide access through our Digital Platform. These sites or applications set their privacy policies and practices independent of Sprite Health. We encourage you to review the privacy policies of these sites and applications before you access, enroll in, or use them.
Your health plan’s privacy practices as they relate to protected health information (“PHI”) as defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Please refer to your health plan’s notice of privacy practices for information about how your health plan handles PHI.
The actions of any company or entity that we do not control and to individuals who we do not directly employ or manage. The medical, physical therapy and other clinical care services as part of our care pathways are covered by the Privacy Policy for Sprite Health MSO, Inc. and its network or affiliated healthcare professionals and available at [Link to Privacy Policy for MSO].
Information that you provide directly to a physician or physical therapist acting within the scope of their license in the provision of services in the care pathways are covered by the Notice of Privacy Practices for Sprite Health MSO, Inc. and its network of affiliated healthcare professionals and available at [Link to MSO Notice of Privacy Practices].

Should you have any questions about this policy or our practices, please send an email to privacy@spritehealth.com.

What Information We Collect

When you interact with our Digital Platform, we collect four types of Personal Information: (1) information necessary for the use of our Digital Platform, (2) information you choose to provide to us through our Digital Platform, (3) information that is automatically collected through your use of our Digital Platform, and (4) information we collect from third parties for your use of our Digital Platform. Personal Information is any information that relates to you, identifies you personally, or could be used to identify you, such as your user ID, name, e-mail address, phone number, and address.

The information we collect about you through the Digital Platform for the purposes of administering your health benefits constitutes PHI and we limit our collection of that PHI as required by HIPAA.

Information necessary for the use of our Digital Platform

To register for and use certain portions of the Digital Platform, you may be required to provide Personal Information to create and verify your account, such as:

Account Information. To create an account on our Digital Platform, we may require you to provide information, including your full name, e-mail address, phone number, subscriber ID, and date of birth.
Identity Verification Information. To verify your account, we may collect identity verification information such as the primary subscriber’s ID number, the last four digits of the primary subscriber’s Social Security Number (SSN), or the primary subscriber’s employee ID number.
Communication Preferences. When creating your account, you may be required to specify communication preferences. You can change these preferences at any time.
Height, weight and health information in connection with the use of our products and services. You may choose not to provide us with certain information, but that may result in our inability to provide you access to the Digital Platform.

Information you choose to provide to us through our Digital Platform

You may choose to provide us with additional Personal Information to use certain features of our Digital Platform.

Contact and Account Information. You may choose to provide alternate contact information for yourself and/or your dependents when registering for the Digital Platform. As a plan sponsor, you may also choose to provide organization or employee/member-related information, such as enrollment and eligibility data, through our Digital Platform for purposes of administering your organization’s plan and benefits.
Information Relating to Specific Health Conditions or Claims.You may choose to provide us with information relating to your health and benefits, such as your health history, specific claims, prescriptions, proofs of payment, and medical provider information, for purposes such as communicating with our Care Concierge teams, submitting claims for reimbursement, conducting a health risk assessment, or personalizing your experience.
Communications with our Care Concierge Teams. You may choose to engage with our Care Concierge teams through our Digital Platform. If you do so, you may choose to provide personal information such as your name, subscriber ID, claim information, medical provider information, prescriptions, or other health related information to enable our Care Concierge teams to answer your questions or to service your account.
Information About your Experiences with Our Services.You may choose to participate in surveys to provide feedback about your experience with our Digital Platform.
Access to Device and Usage Information.You may choose to provide us access to information on your device, including but not limited to, your calendar, call history, and location. You are not required to provide us with this access, but if you choose not to, you may not be able to use certain features of our Digital Platform.

Information that is automatically collected through your use of our Digital Platform

When you use our Digital Platform, we automatically collect information about the services you use and how you use them. This information is necessary to provide and improve functionalities of our Digital Platform and to comply with contractual and legal obligations.

Device and Connection Information.We automatically collect certain information when you access or use our Digital Platform, even if you have not created an account for or logged into our Digital Platform. This information includes your browser type, device information and settings, operating system information, IP address, access dates and times, and any links you clicked to navigate to our Digital Platform. Collecting this information allows us to customize your experience and content when using our Digital Platform.
Tracking Technologies. We use cookies and other tracking technologies for authentication, remembering your settings and preferences, and analyzing your clicks and movements on our sites. You can control the use of cookies through your browser.
Usage Information.We collect information about your interactions with our Digital Platform, such as the content you view, the links you click, and your search queries. We also may track when you open messages from us if your computer supports this type of program.
Geo-location.When you use certain features of our Digital Platform, we may collect information about your approximate location through your IP address or your precise location through your device’s geo-location data, if authorized by you, to offer you an improved experience. You may control the collection of GPS location data in your device or browser settings.

Information we collect from third parties for your use of our Digital Platform

To the extent permitted by applicable law, we may receive additional information about you from publicly available sources, third party service providers, and/or your health plan’s benefit partners and combine it with the information we have about you to provide a more personalized experience.

Information not intended for collection

Our Digital Platform is not for use by children under the age of 13. If you learn that your child has used our Digital Platform to provide us with their Personal Information without your consent, please e-mail us at privacy@spritehealth.com.

Our Digital Platform operates in the United States (U.S.) and is not targeted to individuals who reside in the European Economic Area (EEA) or other countries outside of the U.S. If you believe we may have inadvertently collected information from you in the EEA or outside of the U.S., please e-mail us at privacy@spritehealth.com.

What Information We Disclose

We may share the information provided by you or collected by us through the use of our Digital Platform for legitimate business purposes in accordance with HIPAA.

Sharing for Purposes of Administering your Musculoskeletal Benefits

We may share the information described in Section 1 above for the purposes of administering your musculoskeletal benefits. Your information may be shared with your health plan and any benefit partners or other third parties who assist in the administration of your health plan, for legitimate health plan and benefits administration purposes.

Sharing with Third Party Service Providers

Sprite Health uses a variety of third party service providers, such as internet service providers, website analytics providers, hosting providers, and software platforms to help us provide our Digital Platform. We may share the information described in Section 1 above with these third party service providers. When we do so, we will only provide the information necessary for the third party to perform its agreed upon services.

Sharing with Company Affiliates

To support us in providing our Digital Platform, we may share the information described above with our affiliated companies or subsidiaries for purposes of providing services to you. We will never share or sell your information to affiliated companies or subsidiaries for direct marketing purposes without your explicit consent.

Sharing for Business Transactions

If Sprite Health is involved in any merger, acquisition, sale of assets, bankruptcy, or insolvency event, we may sell or transfer some or all of our assets, including all or a portion of your information in connection with such transaction. We will notify you before your personal information becomes subject to a different privacy policy.

Sharing for Legal and Compliance Purposes

We may share the information collected through the use of our Digital Platform with law enforcement agencies, government agencies, private parties, or external law firms to respond to valid legal process (e.g., a court order or subpoena). We may also share your information to comply with applicable laws, to protect the safety of any person, to address suspected fraud, security, or technical issues, or to enforce this Policy, and any other terms or conditions you have agreed to with us.

By using the Services you consent to and authorize Sprite Health and its affiliates to disclose your eligibility for and participation in the Services (i.e. that you meet the enrollment criteria for the Services and that you have elected at your own discretion to participate) to others, including: Sprite Health senior management and administrators, your Care Concierge and other users of Sprite Health’s Digital Platform.

How to Review and Change Your Personal Information

If you become a Sprite Health member, you may review your personal information by visiting the Sprite Health web and mobile applications and accessing the “Settings menu.” To change or remove any information, please contact us through the application, or at privacy@spritehealth.com.

How We Use Personal Information That We Collect Online

We use, store, and process the Personal Information that you provide to us or that we collect about you to: (1) provide and improve our Digital Platform, (2) provide you with health plan and benefits information, (3) provide musculoskeletal benefits administration, risk and cost management services, (4) disclosure of personal information to third parties and (5) comply with legal requirements and for safety purposes. We limit our use of PHI as required by HIPAA.

Provide and Improve Our Digital Platform

We use information collected about you to deliver and improve your experience with our Digital Platform, such as:

Enable you to register for our Digital Platform and access your account;
Enable you to sign up to receive information about our products and services;
Authenticate you to our Digital Platform and other third party sites from your benefit partners;
Communicate with you;
Provide you with access to particular tools and services;
Personalize your digital health experience;
Conduct research and measurement activities;
Send you personalized emails or secure electronic messages pertaining to your health information;
Collect additional feedback about your experience; and
Conduct research and analytics to improve our products and services.

Provide You with Musculoskeletal Benefits Information

We may use the information collected from you when using our Digital Platform to notify you of account activity or other benefits related information. Example notifications include:

Account activity, such as a new claim received or the availability of a new statement;
New eligible benefits offered by your employer or plan sponsor;
Benefits and services that might be specifically relevant to you; and
Platform security and availability alerts or announcements.

We may combine personal and non-personal information collected by Sprite Health about you, and may combine this information with information provided by external sources.

Provide Musculoskeletal Benefits administration, Risk and Cost management services

We may use the information you provide to us through our Digital Platform to perform services related to the administration of your musculoskeletal benefits, risk and cost management services such as:

Communicate with you through our platform;
Process claims
Add appointment reminders to your calendar; and
Perform coordination of care services.
Perform risk stratification for budgeting and resourcing assignment purposes.
Perform utilization management for cost management purposes.

Disclosure of Personal Information to Third Parties

We will not disclose any personal information about any of our users to any third-party (excluding our vendors or contractors to whom we may provide such information for the limited purpose of providing services to us and who are obligated to keep the information confidential), unless: (1) you have authorized us to do so; (2) we are legally required to do so, for example, in response to a subpoena, court order or other legal process and/or, (3) it is necessary to protect our property rights related to this website. We also may share aggregate, non-personal information about website usage with unaffiliated third parties, or via scientific research papers regarding our Services. This aggregate information does not contain any personal information about our users.

Comply with Legal Requirements and for Safety Purposes

We use certain information collected through your use of our Digital Platform for the purposes of protecting your data and for complying with legal obligations, such as:

Prevent and detect harmful activity including security incidents, spam, fraud, and abuse;
Investigate suspected security incidents;
Comply with legal obligations;
Enforce this Privacy Policy and any other terms you have agreed to; and
Resolve any disputes and enforce our agreements with third parties.

Your Rights and Choices

Your privacy is important to us. HIPAA provides you certain rights with regards to your PHI. You may choose to exercise your rights described in this section by sending an e-mail to privacy@spritehealth.com or by contacting care concierge by phone (1-855-234-1849) or through our Digital Platform.

Managing your Information

You may access, correct, update, or amend the Personal Information you have provided to us through our Digital Platform in your account settings, by contacting a Sprite Health Care Concierge by phone (1-855-234-1849) or through our Digital Platform, or by sending an e-mail to privacy@spritehealth.com. You are responsible for keeping this information up to date.

Data Retention and Erasure

We will retain your Personal Information for as long as necessary to perform the services and to comply with our legal obligations.

Communication Preferences

We may periodically send you communications that promote our services. When you receive such promotional communications from us, you will have the opportunity to opt-out either through your account, on your device, or by following the unsubscribe instructions provided in the e-mail you receive. We do need to send you certain communications regarding our services and products and you will not be able to opt-out of those communications – for example, communications regarding updates to this Policy, information about your health benefits, or certain information about billing.

Cookie Placement

Certain SpriteHealth websites, like many other commercial websites, may use a standard technology called “cookies” to collect information about how our website is used. Cookies were designed to help a website operator determine that a particular user had visited the site previously and thus save and remember any preferences that may have been set. We may use cookies to temporarily keep track of information about your current web browsing session which will be discarded as soon as you log out or close your web browser. This information also allows us to statistically monitor how many people are using our website and for what purpose. We may also make use of “persistent” or “memory based” cookies, which remain on your computer’s hard drive until you delete them. Although you have the ability to modify your browser to either accept all cookies, notify you when a cookie is sent, or reject all cookies, it may not be possible to utilize our services if you reject all cookies.

How We Protect Information Online

We exercise great care to protect your personal information through various administrative and physical safeguards. This includes, among other things, using industry standard techniques such as firewalls, encryption, and intrusion detection for information stored on our systems. However, while we strive to protect your personal information, we cannot ensure or warrant the security of any information you transmit to us or receive from us while that information is in transit. This is especially true for information you transmit to us via email since we have no way of protecting that information until it reaches us since email does not have the security features that are built into our websites.

In addition, we limit Sprite Health’s employees’ and contractors’ access to personal information. Only those employees and contractors with a business reason to know have access to this information, and then may only access or use the minimum necessary for the task at hand. We educate our employees about the importance of maintaining confidentiality of user information.

We also periodically review our security arrangements and safeguards.

How can you help protect your information?

If you are using a Sprite Health website or mobile application for which you registered and choose a password, we recommend that you do not share your password to anyone. We will never ask you for your password in an unsolicited phone call or in an unsolicited email. Always remember to sign out of the Sprite Health website and close your browser window when you have finished using the Services. This is to ensure that others cannot access your personal information and correspondence to us if others have access to your computer or mobile device.

Children

We are committed to protecting the privacy of children. The Sprite Health websites are not designed to be used by or intended to attract children under the age of 13. Individuals who we actually know are under the age of 13 are not permitted to use the Sprite Health websites and we will not collect their personal information.

Links to Other Websites

We want to provide website visitors valuable information, services, and products. Featured programs and other Sprite Health website content may link our users to third-party websites. Sprite Health does not control and is not responsible for privacy or security practices of any third party websites.

Changes to this policy

Sprite Health may make changes to this Policy as needed to accurately reflect our information collection, use, and sharing practices. If we make changes to the Policy, the revised policy will be posted on this site with the effective date. If you are a registered user of our Digital Platform, we will also provide you with notice of the modification before the date the new policy becomes effective. When we change the Policy in a material way, we will notify you by sending you an e-mail to the e-mail address we have on file and you may be required to accept the changes in order to use the Digital Platform.

Contact Us

If you have any questions or comments about this Policy, please e-mail us at privacy@spritehealth.com, or by phone (1-855-234-1849)