• Terms of use
• Washington My Health My Data Act (MHMDA)
• Online privacy and security
• Notice of privacy practices

Asuris Northwest Health (the "Health Plan") provides its website (the "Site") and mobile application (the "App") (collectively, the "Platform") subject to these terms and conditions (the "Terms"), in addition to, and not in limitation of, the provisions of any other agreement you may enter into with Health Plan.

BY USING EITHER THE SITE OR THE APP, YOU SIGNIFY YOUR AGREEMENT WITH THE FOLLOWING TERMS OF USE. IF YOU DO NOT AGREE TO THESE TERMS OF USE, DO NOT USE EITHER THE SITE OR THE APP.

The information provided on the Site or through the App is not a substitute for the advice of your personal physician or other qualified health care professional. Always seek the advice of your physician or other qualified health care professional with any questions you may have regarding medical symptoms or a medical condition. Never disregard professional medical advice or delay in seeking it because of something you have read on the Site or through the App. If you think you have a medical or psychiatric emergency, call 911 or go to the nearest hospital.

Health Plan may revise the information on the Site or App or otherwise change or update the Site or App, including these Terms, without notice to you (except to the extent required by law), effective immediately upon posting. Health Plan may also make changes or add new features to the Site or App at any time without notice. We encourage you to periodically read these Terms to see if there have been any changes that may affect you. Your continued access or use of either the Site or App shall constitute acceptance of such modifications of the Terms.

No content on the Site or App is intended to replace or amend language for coverage that you may have with Health Plan. You should always consult your benefit booklet and contract for details about what your health plan covers.

The Site or the App does not provide medical advice and neither the information available nor any email responses to your questions shall create a physician-patient relationship or constitute the practice of medicine. The information available on the Site or the App and from any linked sites or third party should not be used as a substitute or supplement for professional medical advice. If you have medical or health-related questions, contact your physician.

Communications that you post to the Site or the App are not confidential. You are responsible for your own communications and the consequences of such posting. Health Plan does not represent or guarantee the truthfulness, accuracy or reliability of any communications posted by other users or endorse any opinions expressed by other users. Any reliance on material posted by others is at your own risk.

You may not use the Site or App in any manner that may: adversely affect the resources or the availability of either the Site or the App to others; violate any local, state, national or international law; delete or revise any content on either the Site or the App; or, use the Site or the App to harass any other person or to collect or store personal information about other visitors. If you have a unique user identifier and/or password to access secure areas, you are responsible for protecting the identifier and/or password and for any unauthorized use by others, with or without your permission.

Some parts of the Site or the App may allow you to post, or to email to Health Plan, materials or information ("Visitor Content"); or to access or use Visitor Content posted or emailed by other visitors to the Site or the App. You grant Health Plan the unrestricted right to use or distribute, free of charge, any Visitor Content posted on the Site or the App by you. You may not submit or post any material or information that is illegal, obscene, threatening, defamatory, invasive of privacy, or infringing of proprietary rights of any person or entity, or which contains software viruses, corrupted data, cancel bots, commercial solicitations, or mass mailings or any form of "spam." You may not use a false email address to impersonate any person or otherwise mislead as to the origin of any material or information you submit or post.

Health Plan may review, remove or edit any Visitor Content at its discretion. Health Plan has no responsibility and assumes no liability for Visitor Content posted by you or by any other party.

You are responsible for taking all reasonable steps to ensure that no unauthorized person shall have access to your password or account. It is your sole responsibility to (1) control the disclosure and use of your user name and password; (2) authorize, monitor, and control access to and use of your account and password; and (3) promptly inform the Health Plan of any need to deactivate a password. You agree not to provide your sign-in credential in a manner that allows for any use of data mining, robots, or similar data gathering and extraction tools or any downloading or copying of account information for the benefit of another party.

We offer the option to sign into the App using biometric authentication (e.g., iOS Face ID or Touch ID, or Android Fingerprint or Face Authentication). You can stop using biometric authentication at any time. You can elect this option by going to the settings in the App and turning off biometric authentication. If other people use the biometric authentication method enabled on your device, they may be able to gain access to your account via the App and view information you consider to be private. It is your responsibility to understand the risks of biometric authentication enabled on your mobile device. Health Plan does not have access to your biometric authentication information. If you choose to save your user name and password, which is required to enable biometric authentication, they will be stored in accordance with the terms of use of your mobile device.

When you are signed in to the App, you may receive a message asking if you would like to allow push notifications. Push notifications are a way for an application to deliver information, including alerts, sounds and icon badges, to your mobile device. Push notifications can be delivered whether or not you are currently signed in and/or using the application and whether or not your device is in locked and/or in sleep mode. If you do not wish for others to view your notifications, you should adjust the privacy settings on your device. If you do not wish to receive push notifications from us, click "Don't Allow" or a similar button when prompted. If you allow push notifications from us but later decide you no longer want to receive them, you can adjust your settings options, or turn them off through your device notifications settings.

Health Plan manages and protects your personal information in accordance with applicable laws and established company security standards and practices. For more information about privacy and security, see Online privacy and security or, for more information about how Health Plan generally manages your personal information, see Notice of privacy practices.

You agree that we may collect the following information periodically and without further notice to you as a result of your use of the App: technical data and related information, including but not limited to technical information about your device, system and application software, and peripherals.

Although we attempt to maintain the accuracy and integrity of the content on the Site and the App, Health Plan makes no guaranty as to its correctness, completeness, or accuracy. The Site and the App along with all information, content, materials, and other services included on or otherwise made available to you are provided by Health Plan on an "as is" and "as available" basis. Health Plan makes no representations or warranties of any kind, express or implied, as to the operation of the Site or the App, or the information, content, materials, or other services included on or otherwise made available to you through either the Site or the App. You expressly agree that your use of the Site services, the App, and the submission of any information by you is at your sole risk. Health Plan disclaims all warranties, express or implied, including, but not limited to, implied warranties of merchantability and fitness for a particular purpose.

Health Plan and its suppliers and licensors (including, for the purposes of this entire section, all providers of services and content for this website) shall not be liable to you, under any circumstances or under any theory of liability or indemnity, for any damages or penalties whatsoever (including, without limitation, incidental indirect, exemplary, punitive and consequential damages, lost profits, or damages resulting from lost data or business interruption) in connection with the use or inability to use the Site or the App, even if any of them have been advised of the possibility of such damages.

The contents of the Site and the App are protected by copyright. The collective work of the Site or the App may also include work that is the property of others, which work is also protected by copyright or other intellectual property laws. Unauthorized use may violate copyright, trademark and other laws. Health Plan authorizes you to view and download material on the Site solely for your own use. You must keep all copyright and other proprietary notices on any copies you make. You may not sell or modify the material or otherwise use it for any public or commercial purpose.

Health Plan respects the intellectual property of others. If you believe that your work has been copied in a way that constitutes copyright infringement, you may send us a notice requesting that the material be removed. When submitting a notice, provide us with the following information: (i) a physical signature of the person authorized to act on behalf of the owner of the copyright interest; (ii) description of the copyrighted work that you claim has been infringed upon; (iii) a description of where the material that you claim is infringing is located on the Site or the App; (iv) your address, telephone number, and email address;(v) a statement by you, made under penalty of perjury, that the above information in your notice is accurate, that you are the copyright owner or authorized to act on the copyright owner's behalf, and that you have a good-faith belief that the disputed use is not authorized by the copyright owner, its agent or the law. Health Plan's Copyright Agent for notice of claims of copyright infringement can be reached as follows: Copyright Agent, Attn: Legal Department, PO Box 1271, Portland, OR 97207.

Health Plan's name and any other names of Health Plan or its websites, publications, products, content or services referenced on the Site or the App are the exclusive trademarks or service marks of Health Plan, including without limitation the "look and feel" of the Site and the App and the color combinations, layout and other graphical elements. You may not use Health Plan's trademarks in any manner without the express, written permission of Health Plan. Other product and company names that appear may be subject to trademark or other rights of other parties.

This Site or App provides links to other websites ("Third Party Websites") that are not owned or controlled by Health Plan in order to connect you easily to additional sources of health information or third-party services that may be of interest to you. We may not have any business relationship with the party that controls this type of Third Party Website and a link to such a site is offered only as a convenience to you. In each such instance, where practicable, we will let you know when you are leaving the Site or App and linking to a Third Party Website or accessing third-party services. Health Plan is not responsible for the content, security or the privacy practices of Third Party Websites. Please review the privacy statement and any terms of use of each Third Party Website you visit. Unless we specifically advise you otherwise, links to Third Party Websites do not constitute or imply endorsement by Health Plan of those sites, the information they contain or any products or services they describe. Health Plan does not receive payment or other remuneration in exchange for your linking to or using any Third Party Websites. Health Plan also provides links to websites managed by vendors (“Vendor Websites”) that Health Plan has entered into an agreement with to provide information to you on Health Plan's behalf. These Vendor Websites may be co-branded, but they are owned and controlled by the Third Party. Please review the privacy statement and any terms of use of each Vendor Website you visit.

You may not frame any Health Plan content, or use any trademark, logo or other proprietary information on this Site, without Health Plan's express written consent. You may not use Health Plan's name or trademarks in any metatags or other hidden text without the express written consent of Health Plan. You may link to this Site for noncommercial purposes only. Health Plan reserves the right to demand you remove any such link at any time, for any or no reason, and at Health Plan's sole discretion.

The Site is not directed at children under the age of 13. Health Plan complies with the Children's Online Privacy Protection Act and does not knowingly permit registration or submission of personally identifiable information by anyone younger than 13 years of age.

Health Plan may terminate your right to access or use the Site or App at any time without notice. Health Plan reserves the right to block, delete or stop the uploading of materials and communications that it in its sole discretion finds unacceptable for any reason.

These Terms, and any dispute that may arise between you and Health Plan, will be governed by the laws of the State of Oregon without regard to conflict of laws or principles. The Terms, as may be amended from time to time, set forth the entire understanding between you and Health Plan as to the subject matter of the Terms, unless otherwise specifically provided under a written agreement. Jurisdiction and venue will be in the courts of Multnomah County, Ore. for any disputes arising out of or relating to these Terms.

If any provision of the Terms is found to be invalid or unenforceable, the remainder of the Terms shall remain in full force and effect, and all Terms shall be enforced to the fullest extent permitted by law. No waiver or failure to assert any provision of the Terms shall be valid unless in writing and signed by an officer of Health Plan. Health Plan may assign its rights and duties under the Terms to any party, at any time, without notice. Health Plan reserves all rights not expressly granted in these Terms.

Some of the features on the Site or the App are administered or powered by third-party products and services. To the extent those features are used by you through the Site or the App the following third-party terms would apply:

• Transparency features are powered by HealthSparq, Inc. the use of which is also governed by the HealthSparq terms of use.

At Asuris Northwest Health, protecting your personal information is important to us. Whether you are a current customer or visiting this site, we are as committed to protecting the information you provide through this website as when you provide it to us over the phone, in person or through the mail. However, we recognize, and want you to recognize, that while electronic communications have many benefits, they are not as secure as other means of communication. Read the following information carefully to better understand how using this site affects your privacy.

Asuris attempts to protect online information according to applicable laws and established company security standards and practices. We have security measures in place to protect against the loss, misuse, or alteration of information under our control, and we continually evaluate new technologies for safeguarding your information. However, we cannot guarantee the confidentiality or security of electronic transmissions via the Internet because they may potentially use unsecure computers and links, and data may be lost or intercepted by unauthorized parties during such transmission. If you wish to submit personal or confidential information by a more secure means of communication, contact us.

Sensitive information you provide to us online is protected by Secure Socket Layer (SSL) technology. SSL is the leading security protocol for data transfer on the Internet. This technology encrypts your account information as it moves between your Internet browser and Asuris computer systems. When information is encrypted in this way, it becomes nearly impossible for anyone other than Asuris to read it. This secure session helps protect the safety and confidentiality of your information when you interact with Asuris online.

Technologies like cookies, pixels, device or other identifiers (collectively, "Cookies and similar technologies") are used to deliver, secure, and understand products and services offered by Asuris. Cookies are small files that are placed on your browser or device by the website you are viewing or app you are using. Pixel tags (also called clear GIFs, web beacons, or pixels) are small blocks of code on a website or app that allow them to do things like read and place cookies and transmit information to us.

We use cookies and similar technologies for a variety of reasons, such as allowing us to show you content and material that's most relevant to you, improving our products and services, and helping to keep our products and services secure. While specific names of the cookies and similar technologies that we use may change from time to time as we improve and update our products and services, they generally fall into the following categories of use: authentication, security, insights and measurements, localization, and site features and performance.

We sometimes use service providers or partner with third parties to help us provide or inform you of certain products and services. Asuris may contract with these other companies that use cookies and similar Technology to collect information regarding your interaction with Asuris advertisements and your use of both Asuris and third-party websites. We may transfer information to service providers and other partners who globally support our business, such as providing technical infrastructure services, analyzing how our products and services are used, measuring the effectiveness of ads and services, providing customer service, and facilitating payments.

If you do not want to receive cookies and similar technologies from this site, you can set your browser to not accept them.

Use your own best judgment when sending information via the Internet to an email address. Email sent via the Internet may pass through private and public networks with varying levels of security. Some networks may have taken steps to secure email transmissions while others have not, thereby compromising the privacy and integrity of an email. An email may be copied, altered or destroyed. Asuris will respect your request not to be contacted by email.

After your email is received, Asuris preserves the content of your email, your email address and our response so we can efficiently respond to questions you might have. We also do this in an effort to meet legal and regulatory requirements.

Important note: This Policy applies only to data specifically subject to the protections of the Washington My Health My Data Act (MHMDA). Your information may be subject to protections under other laws, and Asuris follows applicable laws based on the type of information.

For more on the types of information subject to MHMDA, please review the Washington Attorney General’s website.

For more information on Asuris’s privacy practices, please review our Privacy Policy.

If you express interest in a job at Asuris, by registering with our site or submitting a resume, cover letter or application, the data you share with us will be “aggregated.” This means that data or information regarding your career history, such as education, occupation, location, and experience, will be collected and that your anonymity will be preserved. Aggregated data is not identifiable to you as an individual and is used by Asuris or our vendor Broadbean/CareerBuilder for analysis and understanding trends.

Individuals who reside in the state of Washington or who have their data collected, stored, shared or sold in Washington, have additional rights reserved under the Washington My Health My Data Act (MHMDA) related to data specifically defined as Consumer Health Data (refer to Disclosure Categories). The purpose of this policy is to notify you of the categories of information we may collect about you that may be subject to the MHMDA; to describe your opportunity to opt-in to such data collection, as well as the process for you to request your data be deleted or corrected. If we make any changes to the types of data we collect or the uses we collect such data, we will provide notice and obtain your consent.

Restriction on Geofencing. MHMDA prohibits the practice of using Consumer Health Data for “geofencing” Purposes. Asuris does not engage in this practice.

Right to Opt-Out. We do not sell personal information. Additionally, your decision to opt-out of data collection will be documented at the point such data collection occurs.

Right to Opt-In. MHMDA requires prior opt-in consent for the collection of consumer health data. Asuris will request and document your consent at the point data collection occurs.

Right to Request Personal Information. As a consumer, you have the “right to know” and request that we disclose what personal information we collect, use, and disclose. See the instructions below for submitting a verifiable request, including through the online request form offered by us. You have the right to request the categories of personal information, as detailed under the MHMDA, we have collected and store about you. In addition, you have the right to request categories of sources of personal information we collected about you, the business or commercial purpose for collecting, the categories of third parties with whom we share that personal information, and the specific pieces of personal information we have collected about you. Categories of personal information that we disclosed about you for a business purpose may also be requested, with the appropriate lists provided under the MHMDA. Upon receipt of a verifiable consumer request, described below in this Privacy Statement/Notice, from you to access personal information, we will promptly take steps to disclose and deliver, free of charge to you, the personal information required by this section and within the timeframes permitted for responding to exercise of this or other applicable right(s). The information may be delivered by mail or electronically, dependent on portability and technical considerations under the MHMDA. We may provide personal information to you at any time following a verified request but shall not be required to provide personal information to you more than twice in a 12-month period.

Right to Correct Personal Information. If you feel the personal information that we maintain about you is incorrect or incomplete, you have the right to request correction to your personal information.

Right to Delete Personal Information. You have the right to request we delete personal information we, or our service providers, store about you. Please keep in mind our response to such a request, upon verification, may include an explanation of the business purpose under which we may retain your information (for example, we would need to retain copies of a business transaction for financial records) in accordance with the MHMDA. If you are a Washington consumer and would like to submit a request based on this section of our Privacy Statement, please email us at compliance@cambiahealth.com with “MHMDA Delete Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant.

Non-Discrimination. If you elect to exercise any right(s) under this section of our Privacy Statement, we will not discriminate or retaliate against you.

If you are a Washington consumer and would like to submit a request based on this section of our Privacy Statement, please email us at compliance@cambiahealth.com or call us toll-free at (877) 878-2273. Also, be sure to check this policy for updates as we will review it at least every 12 months and make updates as necessary.

Identity Verification Requirement. We reserve the right to verify that any data access request submitted under the authority of the MHMDA was made by someone with the legal right to make the request. Therefore, prior to accessing or divulging any information pursuant to a data subject access request, under the terms of the MHMDA, we may request that you provide us with additional information in order for us to verify your identity, your request, and legal authority (ex. authorized representative). Only you, or a person authorized on your behalf, may make a verifiable consumer request related to your personal information. You may also make a verifiable consumer request on behalf of your minor child. Please indicate in your request if either of these apply, as additional verification may apply (ex. verify consumers identify and confirm with impacted person(s) that the authorized agent has permission to submit the request).

A verifiable consumer request must provide sufficient information that allows us to reasonably verify you are the person about whom we collected personal information or an authorized representative. A verifiable request must also include sufficient detail that allows us to properly understand, evaluate, and respond to it.

Access Request Responses. Under the MHMDA, there may be certain circumstances where we would deny your request to access, receive, or delete personal information we hold. For example, we would deny requests where any such access or disclosure would interfere with our regulatory or legal obligations, where we cannot verify your identity, and/or where exemptions/exceptions permitted by the MHMDA apply.

Disclosure of Categories. As defined by the MHMDA, categories of personal information collected from consumers by us within the past 12 months include:

Exemptions. The Act does not apply to personal information that is collected, used, or disclosed pursuant to specified federal and state laws, including: protected health information for the purposes of the HIPAA; health care information collected, used, or disclosed in accordance with the state UHCIA; patient identifying information collected, used, or disclosed in accordance with federal law relating to confidentiality of substance use disorder records; and personal information governed by the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and statutes and regulations applicable to the Washington Health Benefit Exchange Exemptions. The Act does not apply to personal information that is collected, used, or disclosed pursuant to specified federal and state laws, including: protected health information for the purposes of the HIPAA; health care information collected, used, or disclosed in accordance with the state UHCIA; patient identifying information collected, used, or disclosed in accordance with federal law relating to confidentiality of substance use disorder records; and personal information governed by the Gramm-Leach-Bliley Act, the Fair Credit Reporting Act, and statutes and regulations applicable to the Washington Health Benefit Exchange.

Personal information is collected and may be used to provide the services to you, to perform obligations under agreements, to provide information and notifications to you or an authorized representative, to protect the rights and safety of you and/or others, to comply with court and other legal requirements, for business purposes and as otherwise set forth in the MHMDA, to conduct organizational and operational needs, and as otherwise described when collecting personal information or within this page. A request for personal information collected and/or deletion, noted above, may involve categories and/or specific pieces of information. However, certain exemptions and exceptions may apply in responding to a request.

This business has not sold categories of personal information within the meaning of the MHMDA, including minors under 16 years of age. Categories of personal information from our consumers disclosed for a business purpose within the past 12 months include:
(A) Identifiers such as real name, alias, postal address, unique identifiers, online identifiers, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or similar identifiers;
(B) Categories of personal information described as "consumer health data" (44.28 RCW 19);
(C) Characteristics of protected classifications under Washington or federal law;
(D) Commercial information, including records of personal property, products or services purchased, obtain, or considered, or other purchasing or consuming histories or tendencies;
(E) Biometric information;
(F) Internet or other electronic network activity information, including but not limited to, browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement;
(G) Geolocation data;
(H) Audio, electronic, visual, thermal, olfactory, or similar information;
(I) Professional or employment-related information; and
(K) Inferences drawn from any of the information identified in this subdivision to create a profile about a consumer reflecting the consumer’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes.

Business purposes may include auditing (ex. auditing and legal/regulatory compliance), security (ex. detecting security breaches), debugging (ex. identifying and fixing technical errors), short-term uses (ex. ad customization), performing services (ex. processing transactions), internal research (ex. product development), and testing/improvement (ex. improvement of technology). Categories of sources from which personal information was directly and indirectly collected in the past 12 months include from you and/or authorized agents (ex. documents provided to us related to the services for which you/they engage us, and information we collect in the course of providing services to you/them); interaction with our platforms and services (ex. website portal); and third parties (ex. those that provide services such as purchased information, advertising networks, internet service providers, operating systems and platforms, social networks, and data brokers). This could include information obtained on websites and services from third parties that interact with us in connection with the services we perform or are linked to.

Categories of third parties with whom the business shared personal information in the past 12 months include authorized agents, affiliates, service providers (such as those described previously), contractors, and authorized third parties.

Contact Us. To make a request please contact us at compliance@cambiahealth.com with “MHMDA Personal Information Request” in the subject line, and provide us with full details in relation to your request, including your contact information, the specific name of this business, and any other detail you feel is relevant. You can also use the other contact methods mentioned previously. If you are from another area (ex. state) and believe you are entitled to exercise applicable right(s), please use the email address and/or phone number given and include relevant details. If you have questions or concerns about our privacy policies and practices, you can use the contact methods mentioned above (ex. telephone, email) in this Notice to contact us.

Evolving technology will continue to provide Asuris with new and better ways to safeguard your information. We may update this statement in the future to reflect these technological advances, and we encourage you to return to this page from time to time for any updates. Last Updated: 03/29/2024

THIS NOTICE DESCRIBES HOW MEDICAL INFORMATION ABOUT YOU MAY BE USED AND DISCLOSED AND HOW YOU CAN GET ACCESS TO THIS INFORMATION.

PLEASE REVIEW IT CAREFULLY.

We, at Asuris Northwest Health, know you value your privacy. That is why we are committed to the confidentiality and security of information that we collect about you (“protected health information”). We maintain physical, administrative and technical safeguards to protect against unauthorized access, use, or disclosure of your personal information, including information we share internally either orally, electronically, or in writing.

We are required by law to maintain the privacy of protected health information and to explain our legal duties and privacy practices. We are also required by law to notify affected individuals following a breach of unsecured protected health information. This notice applies to all protected health information that we maintain, including information of former members who are no longer covered by us. We hope this notice will clarify our responsibilities to you and give you an understanding of your rights. We are required to abide by the notice that is currently in effect. This notice is in effect as of January 1, 2023.

You may exercise the following rights by calling our Customer Service department or writing our Privacy Official. See “Contacting Us” at the end of this notice.

You have the right to request, to inspect, or receive a copy of protected health information that we maintain about you in a “designated record set.” A “designated record set” generally includes the information we use to administer your health benefits, such as enrollment information and claims. We are permitted to charge a fee for copies you request.

If you believe that protected health information we maintain about you in a designated record set is inaccurate or incomplete, you have the right to request an amendment to correct or complete the information. You must submit your request in writing and explain the reason for the amendment. If we agree to make the change, we will make reasonable efforts to inform others, including people you identify, that the information has been amended and we will use our best efforts to include the amendment with any future disclosure. If we decline to amend information (for example, if we did not create the original record), you have the right to submit a statement of disagreement which we will include in future discloses of the relevant information. We may attach a rebuttal statement to your statement of disagreement.

You have the right to receive a paper copy of this notice upon request.

You have the right to request a list of certain disclosures of your protected health information. The list will not include disclosures we made for treatment, payment, or health care operations, that took place more than six years ago, or that were made for certain other reasons (as permitted by law). We will supply this list free of charge once a year at your request. If you request an accounting more than once in a 12-month period, we may charge a reasonable fee.

You have the right to request restrictions on our use or disclosure of protected health information in addition to the restrictions imposed by law. We are not required to agree to your request and we may be unable to do so. If we do agree, we will comply with your request except in the case of emergency. You also have the right to request that we communicate with you in confidence with respect to communications you believe may endanger you. We will make every effort to accommodate your request if it is reasonable and you provide an alternate means to communicate. You should know that redirecting communication may not prevent others on your policy from discovering that you sought medical care. Accumulated deductibles and co- payment information may reveal that you obtained services. In addition, historic claims reports may include services that were obtained during the time communications were redirected.

You have the right to submit a complaint if you believe we have violated your privacy rights. To submit a complaint, write to: Asuris Northwest, ATTN: Privacy, 200 SW Market St. 11th Floor, Portland, OR 97201 or call our Customer Service department at the phone number provided at the end of this notice. You also have the right to submit a complaint to the Secretary of the U.S. Department of Health & Human Services. Be assured that we will not retaliate against you for submitting a complaint.

To administer health benefits, we collect, use and disclose protected health information for a variety of purposes:

We may disclose protected health information to a health care provider in order for the provider to treat you, including providing case management to you. For example, we may provide information about your prescriptions to your provider to ensure the provider has information that may affect your treatment.

We may use or disclose protected health information for payment purposes, including to adjudicate claims, issue Explanation of Benefits, or coordinate benefits with other entities responsible for paying your claims.

We may use or disclose protected health information to facilitate operations, including underwriting, customer service, and detection or prevention of fraud or abuse. We may not, however, use or disclose genetic information for underwriting purposes.

We contract with business associates to perform health plan-related functions on our behalf. We disclose protected health information to these business associates and we permit them to collect, use, or disclose protected health information on our behalf to perform these functions. We contractually obligate our business associates (and they are required by law) to provide the same privacy protections that we provide.

If you are enrolled in an employer-sponsored group health plan (or a group health plan sponsored by another entity), we may disclose protected health information to the group health plan or plan sponsor to facilitate administration of the plan. When we provide your personal information to your employer or other plan sponsors we comply with the required safeguards to protect your information.

We use or disclose protected health information as permitted or required by law. For example, some laws permit or require us to disclose protected health information for workers’ compensation programs or to certain government agencies, such as the Food and Drug Administration.

We may disclose protected health information for public health activities, such as to: (a) public health agencies for the prevention and control of disease; (b) coroners or medical examiners for their duties; (c) agencies that engage in the procurement, banking, or transportation of organs or tissue for donation and transplantation services; (d) researchers for research intended to improve the health care system; and (e) third parties as necessary to avert a serious threat to the health or safety of a person.

We may disclose protected health information to health oversight agencies, which regulate health plans, health care providers, and the health system and investigate healthcare fraud. These agencies include: State Commissioner of Insurance, State Board of Medicine, the U.S. Department of Health and Human Services, and the FBI.

We may disclose protected health information in the course of a judicial or administrative proceeding, and in response to a court order, subpoena, discovery request, or other lawful process.

We may disclose protected health information to law enforcement officials in response to an administrative subpoena, a warrant, or an administrative request intended to identify or locate a suspect, victim, or witness. We also may disclose protected health information for the purpose of reporting a crime on our premises.

We may disclose protected health information to armed forces personnel for military activities and to authorized federal officials for national security and intelligence activities.

We may disclose protected health information of an inmate to a correctional institution for treatment purposes or to ensure the safety of the inmate and others.

We may disclose your protected health information to you at your request, to inform you about the status of your claims, or for other purposes.

We may disclose protected health information to personal representatives such as court-appointed guardians, executors, conservators, and in many cases parents of minor children, as well as to attorneys in fact when a valid power of attorney exists. In addition, if you give us verbal permission or if your permission can be implied (for example, if you call Customer Service with a family member or friend on the line), we may disclose protected health information to them on your behalf. This permission is valid only for a limited time. If you want to authorize on-going disclosures to family members or friends, you must submit written authorization.

You may give us written authorization to use protected health information or disclose protected health information about yourself to anyone for any purpose. An authorization remains valid for two years unless the authorization states otherwise or you revoke it. You may revoke an authorization at any time by submitting a written revocation (see “Contacting Us,” below), but a revocation will not affect any use or disclosure that we made relying on the authorization while it was in effect. An authorization is required for us to use or disclose your protected health information for purposes other than those described in this notice. In particular, we need your written authorization to use or disclose psychotherapy notes, except in limited circumstances such as when the disclosure is required by law. We would also need to obtain your written authorization if we wanted to sell information about you to a third party or send you communications about products and services that are not related to your health.

We reserve the right to change our privacy practices and this notice at any time without advance notice. Before we make any material change in our privacy practices, we will change this notice and post the new notice on our website. We will provide a copy of the new notice (or information about the changes to our privacy practices and how to obtain the new notice) in our next annual mailing to members who are then covered by one of our health plans. The new notice will apply to all protected health information in our possession, including any information created or received before the new notice became effective.

You may reach us during regular business hours by calling our Customer Service department at a number below:

For more information about this notice or to file a written privacy-related complaint, you may write to: Asuris Northwest, ATTN: Privacy, 200 SW Market St. 11th Floor, Portland, OR 97201 E-mail: privacy_office@Asuris.com; Fax: 1-888-875-6893.