PSHP by Sharecare Privacy Policy
Thanks for using our PSHP by Sharecare platform and services (“Services”). The Services are provided by Sharecare, Inc. (“Sharecare”) on behalf of our customer, Peach State Health Plan, an affiliate of Centene Corporation. By using our Services, you are agreeing to this Privacy Policy. Please read it carefully.
Sharecare provides web and mobile delivery of traditional health, wellness, and other services designed to allow you to manage all of your health information in one place. Sharecare’s digital platform and services may be offered through your health plan or other program sponsor, always on a voluntary basis. Sharecare is a U.S. based corporation, organized under the laws of the State of Delaware, and is headquartered at 255 East Paces Ferry Road NE, Suite 700, Atlanta, Georgia, 30305.
Sharecare values your trust, and protecting your information is our highest priority. Sharecare is committed to your privacy. This Privacy Policy explains what information Sharecare and its affiliates (collectively, “Sharecare” or “We”) protects your information when you use our products and services (“Services”), including the following:
- What information Sharecare and its affiliates collect;
- How we collect the information;
- How we use the information;
- Legal grounds for the processing of your information;
- With whom we may share the information;
- Privacy rights, choices, and account termination;
- Retention Periods and protection of your information;
- Children’s privacy;
- When this Privacy Policy applies;
- Compliance and cooperation with regulatory authorities;
- Privacy Policy updates; and
- How you can contact us.
Please visit our Terms page for additional terms and conditions applicable to the Services.
Information We Collect
The information Sharecare collects is highly variable based on the type of Services you use and the manner in which you access them. Depending on these factors, Sharecare may collect the following information about you:
Personal Information. This is any information that directly or indirectly identifies you, such as your name, email address, or other identifying information about you.
Protected Health Information (“PHI”). PHI is your Personal Information that is protected under the U.S. Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA and other laws closely regulate how Sharecare may handle, protect, and share your (and/or your dependents’) PHI. Sharecare may offer certain Services to you and/or your dependents based on your relationship with employers, healthcare providers, insurance companies, or other entities (each an “Enterprise Organization”) with an interest in your health (“Enterprise Programs”). If such Enterprise Organizations are Covered Entities as defined by HIPAA, Sharecare must comply with HIPAA in connection with the corresponding Enterprise Program. PHI is considered a subset of Personal Information.
Location Information. Only with your express consent via your device, Sharecare may collect precise location information for purposes of its nagivation features. Such information may, in certain circumstances, identify types and providers of healthcare you are seeking.
SNAP Benefits Information. If you are participating in the Supplemental Nutrition Assistance Program (“SNAP”), we may collect information related to your SNAP balance and payments made using your SNAP benefits. To the extent it is identifiable, this information is a subset of Personal Information.
Other Information. Other Information is information that, by itself, does not individually identify you such as browser type, operating system, technical data, and usage. We may link together different types of Other Information or link Other Information to Personal Information.
How We Collect Information
We collect information in the following ways:
- Information You Give Us Upon Registration. Many of our Services require you to sign up for a Sharecare account. When you do, we’ll ask for Personal Information like your name, date of birth, email address, or telephone number.
- Information from Your Employer or Health Plan. When you are eligible to participate in an Enterprise Program, an Enterprise Organization may provide us with PHI such as your name, date of birth, gender, mailing address, health coverage details, and health plan identification number, among other things. Depending on your use of the Services, we may also receive claims and other health-specific information from your health plan and/or its carriers. We use this information to provide services to you on behalf of your health plan or employer, in our capacity as a business associate under HIPAA.
- Information Provided to Us by Your Healthcare Provider or Third-Party Lab. When you participate in an Enterprise Program and engage with an advocate or participate in a health screening, with your authorization we may receive information from your health provider or third-party lab such as your health records, biometric data and blood test data and results.
- Information from Other Sources. We may obtain information about you from affiliates, partners, and other third parties. This information may be used to provide Services to you and to provide analysis about you in comparison to people who are demographically similar to you. We may combine the information we obtain from third parties with information that we have collected about you.
- Information We Get from Your Use of Services. We may collect information about the Services that you use and how you use them. This information includes:
- Information You Provide. We may collect information provided by you while using our Services. For example, your completion of the RealAge Test results in our collection of the information you provide in response to its questions.
- Computer, Tablet, or Mobile Telephone information. We may collect device-specific information such as your hardware model, operating system version, unique device identifiers, device sensors and mobile network information including phone number. Sharecare may associate your device identifiers or phone number with your Sharecare Account. We will comply with the usage/license restrictions and requirements applicable to the device from which the information comes.
- Information from Wearables: When you connect your wearable fitness tracker, heart rate monitor, pedometer or other wearable technology (“Wearable”) with the Services, we may collect information about your steps, fitness activities, exercise frequency, sleep, and information about nutrition, such as calorie intake, nutritional statistics, blood pressure, and other biometric data. You may disable this integration through your device.
- Log Information. When you use our Services or view content provided by Sharecare, we may automatically collect and store certain information in server logs. This may include:
- details of how you used our service;
- Internet protocol address;
- device event information such as crashes, system activity, hardware settings; browser type, browser language, the date and time of your request and referral URL; and
- cookies that may uniquely identify your browser or your Sharecare Account.
- Location Information. The large majority of Sharecare services do not depend on your location; however, some Services are location-enabled. When you use a location-enabled Sharecare service, we may collect and process information about your actual location, like GPS signals sent by a mobile device. We may also use various technologies to determine location, such as sensor data from your device that may, for example, provide information on nearby Wi-Fi access points and cell towers.
- Unique Application Numbers. Certain Services include a unique application number. This number and information about your installation (for example, the operating system type and application version number) may be sent to Sharecare when you install or uninstall that service or when that service periodically contacts our servers, such as for automatic updates.
- Local Storage. We may collect and store information (including Personal Information) locally on your device using mechanisms such as browser web storage (including HTML 5) and application data caches.
- Cookies and Anonymous Identifiers. We use various technologies to collect and store information when you visit a Sharecare service, and this may include sending one or more cookies or anonymous identifiers to your device, pursuant to our Cookie Policy. We also use cookies and anonymous identifiers when you interact with Services we offer to our partners, such as Sharecare features that may appear on other sites.
How We Use Information We Collect
To Provide Services To You. We use the information that we collect about you to provide, maintain, protect and improve the Services that Sharecare provides to you.
To Provide Enterprise Programs To You. We use the information that we collect about you to provide Services on behalf of an Enterprise Organization to you and the Enterprise Organization.
Analytics. We use analytics tools and other third-party technologies, such as Google Analytics, to collect non-Personal Information in the form of various usage and user metrics when you use our site. These tools and technologies collect and analyze certain types of information, including cookies, IP addresses, device and software identifiers, referring and exit URLs, onsite behavior and usage information, feature use metrics and statistics, usage and demographics, and other similar information. You can deactivate Google Analytics using a browser add-on if you do not wish the website analysis to take place. You can download the add-on here: tools.google.com/dlpage/gaoptout.
To Improve Our Services. We use de-identified, anonymous information that we collect about you for statistical and analysis purposes to improve our products and services, and to provide population statistical analysis and well-being trend information. In addition, we use information (including Personal Information) obtained by way of our chatbot for purposes of improving and training our artificial intelligence-based large language model; in this context, all Personal Information remains within Sharecare’s systems and is not shared with external AI models.
Legal Grounds for Processing Your Personal Data
We rely on the following legal grounds to process your Personal Information:
Consent. We may use your Personal Information as described in this Privacy Policy subject to your consent. To withdraw your consent for any uses of Personal Information described above, please review the section titled “Privacy Rights, Choices, and Account Termination” or contact us at privacy@sharecare.com.
Performance of Services. We may need to collect and use your Personal Information to enter into and perform under an agreement with you or an Enterprise Organization.
Legitimate Interests. We may use your Personal Information for our legitimate interests, including but not limited to marketing, to provide our Services and to improve our Services and the content on our sites.
What Information We Share
We take your privacy seriously. We do not sell your Personal Information to third parties as part of any Enterprise Program and all information disclosed is the minimum amount necessary to fulfill the legitimate business purpose. We do not sell anyone’s sensitive data to data miners or data brokers. We do not share Personal Information with companies, organizations and individuals outside of Sharecare except in the following circumstances:
- With Your Consent. We may share your Personal Information with companies, organizations or individuals outside of Sharecare when we have your consent to do so.
- As Part of an Enterprise Program. We may share your information according to the direction of your Enterprise Organization and any privacy policy and/or contractual requirements that they may ask us to comply with. Your Enterprise Organization may require Sharecare to share your Personal Information with the following:
- Enterprise Organization. Under U.S. laws, we may share PHI with your health plan for the administration of your plan. If you receive Services through your relationship with a non-US-based Enterprise Organization, we will adhere to the applicable laws in your country.
- Healthcare Providers. We may share information with your healthcare providers and any clinics or organized healthcare organizations with whom they are associated, provided such sharing is allowable under HIPAA.
- Your Employer. We will not share your PHI with your employer for employment-related purposes. We may only share the information needed for your employer to deliver Enterprise Programs. For example, we may share completion status of a wellness plan requirement but not the actual results of the required action or activity.
- Third-Party Service Providers. We may disclose your PHI to our business associates who perform various functions on our behalf, but Sharecare requires these third parties to agree in writing to safeguard your PHI appropriately and in accordance with the law. Sharecare does not sell or rent your PHI to third parties. Sharecare does not use your PHI to market, sell, or otherwise promote goods or services that are not health-related benefits provided by your health plan, employer, or provider.
- For External Services. We may, from time to time, outsource some or all of the operations of our business to third-party service providers. In such cases, it may be necessary for us to disclose your information to those service providers. In some cases, the service providers may collect information directly from you on our behalf. We restrict how such service providers may access, use and disclose your information. We employ other companies and individuals to perform functions on our behalf. Examples include processing compensation, providing employee benefits, and performing legal and other professional services. These agents may have access to your information as needed to perform their functions, but they are not permitted to use it for other purposes.
- For Legal Reasons. We may disclose any information about you when, in our opinion, such disclosure is necessary to prevent fraud or to comply with any statute, law, rule or regulation of any governmental authority or any order of any court of competent jurisdiction. We will share Personal Information with companies, organizations or individuals outside of Sharecare if we have a good-faith belief that access, use, preservation or disclosure of the information is reasonably necessary to: enforce applicable Terms of Use, including investigation of potential violations; detect, prevent, or otherwise address fraud, security or technical issues; and protect against harm to the rights, property or safety of Sharecare, our users or the public as required or permitted by law.
- In a Transaction. As we continue to develop our business, we might sell, buy or merge with companies, subsidiaries, or business units. In such transactions, data generally is one of the transferred business assets but remains subject to the promises made in any pre-existing privacy statement (unless, of course, the person consents otherwise). Also, in the unlikely event that Sharecare or all of its assets is acquired, your information may be one of the transferred assets.
- After Being Fully Deidentified, Incapable of Reidentification. We may share aggregated, de-identified information publicly and with our partners to evaluate the effectiveness, value, and analytic trends of the Services.
How We Protect Your Information
We work hard to protect Sharecare and our users from unauthorized access to or unauthorized alteration, disclosure or destruction of information we hold. Sharecare is committed to using industry-leading security practices such as ISO27001 and HITRUST. In particular:
- We comply with HIPAA’s security rule.
- We encrypt many of our Services using SSL.
- We review our information collection and storage and processing practices, including physical security measures, to guard against unauthorized access to systems.
- We restrict access to Personal Information to Sharecare employees, contractors and agents who need to know that information in order to process it for us, and who are subject to strict contractual confidentiality obligations and may be disciplined or terminated if they fail to meet these obligations.
We keep Personal Information housed on servers in the United States.
Opting Out of Communications. You have the right to object at any time to receiving marketing or promotional materials from us by either following the opt-out instructions in commercial e-mails or by contacting us, as well as the right to object to any processing of your Personal Information or to participating in any program. We will consider any request you make to us, and provide a reply in a timely manner, according to our legal, ethical and contractual obligations. Some non-marketing communications are not subject to a general right to opt out, such as communications about transactions and disclosures to comply with legal or ethical requirements. In addition, if you are part of an Enterprise Program, you may need to opt out of services with your Enterprise Organization, such as your employer or health plan. Sharecare will make reasonable attempts to communicate such opt-out requests to the applicable Enterprise Organization.
Terminating Your Account. You may terminate your account with us at any time through the account settings in your Sharecare account, by contacting our Customer Service, or emailing privacy@sharecare.com. Terminating your account will revoke any applicable consents or opt-ins but will be subject to any data retention requirements as described below.
If you wish to keep your Sharecare account but opt out of certain parts of your Enterprise Program (e.g. Sharecare’s receipt of claims information), please contact your health plan or contact us at privacy@sharecare.com. Sharecare cannot unilaterally cause your health plan and its carriers to not share certain information with us, but we will work with you and your health plan to ensure your privacy requests are honored.
Your Use After Termination of Enterprise Program. Upon termination by you or Sharecare of the relationship with your Enterprise Organization, you may have the opportunity, under certain Services, to continue to use your personal profile and to access information about yourself, including Personal Information provided by an Enterprise Organization, in that profile. In order for you to continue to access the personal health information provided by your Enterprise Organization, you may need to execute a voluntary HIPAA Authorization or other express consent allowing Sharecare to receive and use your personal health information. If you choose not to authorize Sharecare to receive such information about you, you may not be able to use some of the Services or features of the Services. Information that you were able to access as part of an Enterprise Program may no longer be available to you post-termination without such authorization. If you continue to use Services made available by Sharecare after termination of the relationship with your Enterprise Organization, your Sharecare account will continue to be governed by the Sharecare Terms of Use and Privacy Policy.
Retention of Collected Information. Except as otherwise permitted or required by applicable law or regulatory requirements, we will retain your Personal Information only for as long as we believe it is necessary to fulfill the purposes for which the Personal Information was collected (including for the purpose of meeting any legal, accounting or other reporting requirements or obligations). Where there is no legal, fiscal, administrative, or contractual requirement to retain information for a longer or shorter period, information will be destroyed within five (5) years of its collection.
Cookies. We use a cookie banner to obtain your consent to the use of cookies on our websites. In addition to refusing to provide your consent, you may also set your browser or device to block all cookies, including cookies associated with our Services, or to indicate when a cookie is being set by us. However, many of our Services may not function properly if your cookies are disabled. For example, we may not remember your location preferences. See our Cookie Policy for more information.
Information Shared By You. Many of our Services let you share information with others. Remember that when you share information publicly, it may be indexable by search engines. Our Services provide you with different options on sharing and removing your content.
Information of Minors. The Services are not directed to or intended for use by minors. In compliance with laws, we will not intentionally collect any Personal Information from children under the age of 18. If you think that we have collected Personal Information from a minor, please contact us.
In connection with some Enterprise Programs, adult plan-holders may enter or request information about minor dependents to be incorporated into the Services; such information may be processed by Sharecare as authorized and directed by the adult plan-holder and/or the applicable health plan. Such data is protected per applicable law, including but not limited to HIPAA. Sharecare maintains policies to prevent the unauthorized disclosure of sensitive information between plan-holders and dependents.
If you are a minor who wishes for Sharecare to withhold information from your adult planholder, you may contact us at privacy@sharecare.com. We will review applicable state and federal law to determine whether your request can be honored. We will follow applicable law in responding to such requests.
Compliance and Cooperation with Regulatory Authorities
We regularly review our compliance with our Privacy Policy. When we receive a formal written complaint, we will contact the person who made the complaint to follow up. We work with the appropriate regulatory authorities, including local data protection authorities, to resolve any complaints regarding the transfer of Personal Information that we cannot resolve with our users directly.
Changes to this Privacy Policy
Our Privacy Policy may change from time to time. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party. If we change this Privacy Policy, we will post any privacy policy changes on this page and, if the changes are material, we will provide a more prominent notice by sending you an email and/or posting a notice in the Services. Sharecare reserves the right to modify this Privacy Policy at any time, so please review it frequently.
Last modified: May 10, 2024