Updated: October 3, 2013
1. Personal Information.
When you log on to our Website and communicate with us via our site, we do not collect personal information about you unless you provide it to us voluntarily. Personal information (“Personal Information”) is any information or data that is unique to an individual such as a name, social security number, address, e-mail address, birth date, etc. Portions of our Website may allow you to provide us with Personal Information in order to deliver requested materials, products or services to you, submit a grievance, respond to your questions, or enable to you to update information. Additionally, registration may be required and Personal Information may be collected in certain portions of the Website in which you specifically and knowingly provide such information (e.g., subscription registration, suggestions, or customer service requests).
2. Use of Personal Information.
3. Anonymous Information.
Through your use of the Website, we may also gather certain information that does not identify you individually (“Anonymous Information”). Generally, this information is collected through “traffic data” and may involve the use of “Cookies,” “IP Addresses” or other numeric codes used to identify a computer.
4. Use of Anonymous Information.
We use Anonymous Information to help us determine how people use parts of the Website and who our readers are so we can improve our Website and ensure that it is as appealing as we can make it for as many people as possible. We also use Anonymous Information to provide statistical “ratings” information in aggregated form to our partners and other third parties about how our users collectively use the our Website. We may also use or share Anonymous Information (or other information, other than Personal Information) in any other manner that we deem appropriate or necessary.
5. Policies for Children Under 13.
We do not knowingly collect any information from persons under the age of 13, without permission of the child’s parent or legal guardian. If we learn that your child has submitted Personal Information, and you would like to request that such information be removed from our system, please contact us by telephone at (415) 615-4500. Our Website is designed for adults. Our Website is not intentionally targeted to children under the age of 13. Children under the age of 13 should not use our Website without obtaining prior parental consent.
7. Internet Protocol Addresses.
An Internet Protocol Address (“IP Address”) is a number that automatically identifies the computer or machine that you are using to access the Internet. The address enables our server to send you the web pages that you want to visit. It may disclose the server owned by your Internet Service Provider. We utilize your IP Address to help diagnose problems with our server and to support our site administration.
We never use or install spyware on your computer, nor do we use spyware to retrieve information from your computer.
9. Third-party Agents.
We occasionally have third-party agents, subsidiaries, affiliates and joint ventures that perform functions on our behalf. These entities may have access to the Personal Information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of that Personal Information. They are restricted from using or altering this data in any way other than to provide the requested services to the Website.
10. Links to Other Websites.
11. Security Policy.
The importance of security for all Personal Information associated with you is of utmost concern to us. We exercise great care in providing secure transmission of your information from your PC to our servers. Personal Information collected by our Website is stored in secure operating environments that are not available to the public. We employ the use of built-in firewalls (a combination of computer hardware and software) to keep unauthorized users from accessing information through our computer network. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you at our site.
For on-line payment transactions, information provided to us is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. Absolutely no use whatsoever is made of payment information aside from the transactions made on this site and there is no disclosure to third parties except as required for the on-line payment processing or as otherwise required under law. We also protect information by placing it on a secure portion of our web sites that is only accessible by certain qualified employees of San Francisco Health Plan. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information. The personally identifiable information we collect about you is stored in limited access servers. We will maintain safeguards to protect the security of these servers and your personally identifiable information.
Only those employees who need access to your Personal Information in order to do their jobs are allowed access, each having signed confidentiality agreements. Any employee who violates our privacy and/or security policies is subject to disciplinary action, including possible termination and civil and/or criminal prosecution.
We aim to protect and keep confidential all information that is voluntarily provided to us through the Website, and to treat such information with the same consideration and confidentiality as any information sent to us by the US mail or communicated to us by telephone. The nature of the Internet, however, prevents us from guaranteeing the confidentiality of information we receive through the Website or via e-mail. If you wish, you may contact us instead by telephone at (415) 615-4500.
12. Communications With Our Website.
Healthy San Francisco
P.O. Box 194287
San Francisco, CA 94119-4287
14. Notice of Privacy Practice for Health Information.
San Francisco Health Plan, as a business associate of the Department of Public Health, is required by law to make your health information private. We are also required to let you know of our privacy practices regarding your protected health information (PHI). PHI means “protected health information” and will be used in the rest of this notice.
How does SFHP use and share my PHI?
SFHP stores health-related records about you, which includes:
- Healthy San Francisco enrollment information; and
- Any personal information you have voluntarily provided to us as described above.
We use this information and share it with others for the following reasons:
- Treatment. SFHP uses your PHI to plan your health care. For example, we share your PHI with hospitals, clinics, physicians and other health care providers to help them provide care to you.
- Payment. SFHP uses and shares your PHI to pay for health care services you receive. For example, we tell providers that you are a participant of Healthy San Francisco, and we tell them about your covered services.
- Health Care Operations. SFHP uses and shares your PHI, when needed, to help us as the third party administrator. For example, we use PHI to provide quality studies to the Department of Public Health.
- Contractors and Agents. We share PHI with our contractors and agents who help us in the tasks listed above. Confidentiality agreements are obtained before we share information for payment or business purposes. For example, companies that provide or maintain our computer services may have access to computerized PHI when providing services to us.
- Contacting You. We may contact you to provide health reminders or re-enrollment information to you. We may also contact you about other health services.
Can others involved in my care get information about me?
Yes, if we feel it is needed, we may release information to a friend or family member who is authorized to be involved in your care, or is paying for your care. This includes answering phone calls about eligibility.
Can my PHI ever be given without my consent?
Yes, we may share PHI without your consent. PHI can be shared with government agencies and others at times where we are required or authorized by law. The following is a list of when we can share your PHI without your consent:
- Disclosures that are required by state or federal law.
- Disclosures to agencies responsible for governing the health care system, for audits, inspections or investigations; or
- Upon a receipt of a court order.
Are there any times when my PHI is not released?
Your PHI may be covered under laws that may limit or stop some uses or disclosures. For example, there are limits on the sharing of PHI related to:
- HIV/AIDS status,
- mental health treatment,
- developmental disabilities, and
- drug and alcohol abuse treatment.
We comply with these limits in our use of your PHI. We will not allow other sharing or uses of your PHI without your written consent. Please note, however, that SFHP does not hold any medical records.
Your Individual Rights
What rights do I have as a Healthy San Francisco participant?
You have the following rights:
- You have the right to ask us to limit certain sharing and uses of your PHI. SFHP is not required to agree to any restrictions requested by its members.
- You have the right to ask us to contact you only in writing or at a different address, post office box, or by telephone. We will accept requests when necessary to protect your privacy.
- If you believe the information in our records is wrong, you have the right to ask us to change it. We may deny your request. If your request is denied, you have the right to submit a statement to be placed in the record.
- You have the right to get a report of non-routine sharing of your PHI that we have made. Your request may be up to six years prior from the date of your request. There are some limitations. For example, we do not have records of :
- information shared with your consent;
- information shared for the purposes of health care treatment, checking payment for health services, or conducting the health plan operations of SFHP;
- information shared with you; and
- certain other disclosures.
What can I do?
You can exercise any of your rights by sending a written letter to our Privacy Officer at the address listed below. To assist with your request, call us at the phone number listed below as well.
How do I file a complaint if my privacy rights are broken?
You have the right to file a complaint with our Privacy Officer. You must provide us with specific, written facts to support your complaint. You may also file a complaint with the Secretary of Health and Human Services.
SFHP will not hold anything against you in any way for filing a complaint. Filing a complaint will not affect the quality of health care services you receive as a SFHP member.
Contact SFHP at:
San Francisco Health Plan
Attn: Privacy Officer
P.O. Box 194247
San Francisco, CA 94119-4247
Contact the Secretary of Health and Human Services at:
Secretary of Health and Human Services
Office for Civil Rights
Mailing address: 200 Independence Avenue SW, Room 509F, HHH Building, Washington, DC 20201