Last Updated: September 30, 2024
PLEASE READ THIS NOTICE CAREFULLY BEFORE USING OUR SERVICES. BY USING THE ICARIO PROGRAMS AND SERVICES YOU ARE AGREEING TO THE TERMS OF THIS PRIVACY NOTICE AND THE ASSOCIATED TERMS AND CONDITIONS. ICARIO MAY UPDATE THE TERMS OF THIS NOTICE FROM TIME TO TIME. IF YOU DO NOT ACCEPT THIS NOTICE THEN YOU MAY NOT PARTICIPATE IN ICARIO PROGRAMS.
Icario provides health engagement programs to members enrolled in client health plans (the “Program”). If you are enrolled in the Program, the Program will be paid for by your health plan (the “Program Sponsor”) and operated by Icario, Inc. (“Icario”, “us”, “we” or “our”).
We are committed to protecting your rights and your privacy. This Privacy Notice (the “Notice”) explains what data we collect about you and how we store, analyze and share the data we collect about you through the platform. This Notice applies to all Personally Identifiable Information (“PII”) whether collected online through this website or offline through call centers, phone calls, or mail. The Notice also explains your rights with regards to your data, and how to contact us to request access, corrections, transfer, restriction, or deletion of the data we have collected about you.
Information We Collect
We collect anonymous information and PII about you to provide you with the Program and our services.
Anonymous information includes information about how you use the Program without capturing any identifiable information about you personally. Anonymous information includes things like how frequently web pages are loaded, dates and times that someone loaded a web page, what browser versions people are using to access the website, etc.
“PII” means any information that allows a person to become identifiable. PII may include Protected Health Information (“PHI”) as defined by the Health Information Portability and Protection Act (“HIPAA”). We may collect this PII directly from you, from your health plan, or from third parties. The PII we collect includes, but is not limited to:
- Your contact information, including your first name and last name, home address, personal email addresses and your phone number;
- Any username you may use to sign-in to our platform;
- Demographic information about you, such as your gender, date of birth and age;
- Information about your health and health services you have received;
- Information about your participation and performance in the Program and related incentive activities;
- Information you voluntarily share about yourself; and
- Additional information you may provide as you submit queries and requests to us.
Please keep in mind that the extent of the PII you may be able to share with us will depend on the Program design and the features made available to you, as well as your level of participation in the Program. For example, not all programs will include phone calls so we may not collect any information from you over the phone. You are under no obligation to provide any PII to us at any time; however, you may be unable to participate in the Program if you do so.
How We Use PII
We will use the PII collected to provide you with access to our services, including:
- To administer and manage the Program;
- To communicate with you via text, live calls, recorded calls, or paper mail to provide updates on health engagement activities and potential health incentives;
- To identify you when you enroll or sign-in;
- To track and issue your Program incentives and rewards;
- To provide you with information about the Program and Program features;
- To respond to your questions and requests; and
- To provide appropriate security and confidentiality controls to protect your PII.
Additionally, we may create “De-Identified Data” records by removing any PII that would allow the record to be linked back to you. We may use the De-Identified Data for internal purposes, such as analyzing patterns and Program usage to improve our services. We may use De-Identified Data to analyze and understand demographic trends, behavior patterns and preferences, and information that can help us improve the quality of the Program.
How We Communicate with You
Sometimes, we may send you e-mails or text messages, or we may call you using recorded messages containing healthcare-related messages subject to HIPAA. You may opt-out of our communications, free of charge, at any time, by following the directions in the communication, such as by responding STOP to a text message, using the Opt Out features in an email message, by telling the live agent on a phone call, or selecting the opt out option through our interactive voice response (IVR) system.
How We Collect PII From You
We collect PII you voluntarily provide as you submit it through the web-based platform, returning paper-based surveys, responding to our Integrated Voice Response system, or by interacting with one of our live agents.
We also collect additional information when you visit our web-based platform or mobile application, including the type of browser used, date and time stamps of activity on the platform, the accessing IP address (the unique address that identifies your device on the internet) and the operating system your device uses. We use this additional information to derive a broad, non-specific understanding of the locations from which users access our services, to enhance our security controls, and analyze trends.
Information Contained in Health Assessments
Depending on your Program design, you may have access to a health assessment questionnaire. Health assessments can be customized by Program Sponsors and may be used to assess your overall health or identify specific risk areas. Your Program Sponsor may use this information to develop an individual care plan custom designed for you. You do not have to complete the health assessment if you do not want to share this type of information, but you may miss out on benefits and incentives available to you based on the assessment.
Collecting Data on Children
We do not knowingly collect PII directly from children under 13. Some Programs, however, are available for children under 13, and we may collect data about them from their parents or guardians. We use this information to determine if there are additional benefits available to children based on the Program design. If you have reason to believe that we have inappropriately collected PII from anyone under the age of 13, you can contact us to remove the PII.
Getting Data from Third Party Sources
We may receive information about you from various sources to support the Program and services included in it. The sources may include:
Your Program Sponsor
Your Program Sponsor will provide us with your PII to identify that you may participate in the Program. Please contact your Program Sponsor directly if you want your Program Sponsor to stop sending us information about you. Keep in mind that if you do so, you will no longer have access to the Program and may not receive all your benefits.
Public Databases
We may receive information about you from other sources including publicly available databases or third parties from whom we have purchased data. We combine this data with information we already have about you. We may also combine publicly available aggregated census and demographic data with your PII. This can help us analyze our records to better evaluate the effectiveness of our services.
Examples of the types of PII that we may obtain from public databases include:
- Address information about you from third-party sources, such as the U.S. Postal Service, to verify your address before we send you mail;
- The U.S. Federal Do Not Call registry, to verify do not call preferences recorded there;
- Census and other aggregate data sources containing statistical information about people who share some of your traits and demographic markers.
- Databases we have licensed from authorized data aggregators to improve the accuracy of our records and enhance our ability to deliver relevant information to you on our clients’ behalf.
Tools and Cookies to Collect PII
Icario and its vendors use Cookies, tags, scripts and other similar technologies to enhance and support your experience on the platform. These technologies help us administer the web-based platform and mobile application, measure traffic patterns and to personalize and customize the platform’s content, so that your settings are “remembered” when you login.
“Cookies” are small pieces of text sent to your browser by a website you visit. Cookies help our web-based platform to remember information about your visit, like your preferred settings. Cookies play an important role, they can make your next visit easier and the web-based platform more useful to you.
You may disable or block Cookies but doing so may prevent you from using some of our website features.
Third Party Data Sharing
We may sometimes share your PII with third-party service providers to allow us to provide you with our services. We will require those third parties to protect your information to the same degree that we protect it. If we need to share your PII with third parties, we will limit the information disclosed to the minimum amount necessary to ensure the provision and quality of the services we offer you. We never use, disclose, or share your PII collected through the Program for third-party marketing purposes, and we never sell, rent or lease your PII to third parties.
We may also need to share PII with government agencies if:
- Legally required to do so by governments, tribunals, law enforcement and regulatory agencies (for example as part of an ongoing investigation, subpoena, similar legal process or proceeding);
- As otherwise required under any applicable law, regulation, or rule; and
- If we believe, in good faith, that such disclosure is necessary to protect or defend our rights or the rights of others, to assist in an investigation or to prevent illegal activity.
Mergers or Reorganizations
In the event that we (a) undergo reorganization or liquidation under bankruptcy, or (b) are sold to a third party, any PII we hold about you may be transferred to the reorganized entity or third party, in accordance with applicable laws. In any such event, the new entity will continue to use your PII in accordance with and within the limits of this Notice to ensure continuation of service.
Data Storage
We store and process PII in Amazon Web Services data centers located in the United States of America (USA). We will not process your PII outside of the United States.
Data Security
We are committed to protecting your data and your privacy. To ensure data security, we follow reasonable physical, electronic and managerial procedures designed to safeguard and secure your data and PII. However, no company can fully eliminate security risks associated with the provision of online services.
Among the security features we use to protect your PII and other data, we may require that you create and use a username and unique password to access the web-based platform and mobile application. We use multiple layers of security to protect your PII and data, including firewalls, intrusion detection tools and antivirus software. We also follow role-based security model to restrict access to our own staff, so they only have access to data that they need to do their jobs.
Data Rights
Various federal and state laws establish varying levels of data subject rights. At Icario we strive to provide a similar level of data rights to all our members, regardless of where they live. In some cases, Icario will not be able to respond to your request directly without coordinating the request with your Program Sponsor, and we may ask you to contact the Program Sponsor directly. You may submit requests to exercise your rights to privacy@icariohealth.com. We will validate who you are before allowing anyone to exercise your rights.
In addition to the basic rights of confidentiality, your rights include:
- Access Records. You have the right to access information that we have about you.
- Update Records. You have the right to amend or change your data if what we have is wrong. But note, in some cases we may not be able to update information unless you change this information with your Program Sponsor.
- Delete Records. You have the right to request that we delete your data. But we have the right to keep some data for reporting purposes. We also may not be able to delete your data without cooperation from your Program Sponsor.
- Object to Data Use. You have the right to object to how we are using your data. We will tell you if we can change how we use your data to address your objection. In some cases we will be limited what we can change based on applicable laws.
- Share Complaints. You have the right to complain to us, and to relevant government agencies, about our data practices. If possible, we will address the complaint.
- Opt Out of Selling Data. You have the right to request we do not sell your data, but Icario does not sell your data. If you ask, we will confirm that we have not sold your data.
- Opt of Out of Communications. You have the right to ask us to stop calling you, texting you, or emailing you.
Privacy Notice Updates
We may update this Notice occasionally to reflect changes in our information practice and services offered. The date indicating the last update can be found at the top of the Notice.
Record Retention
Generally, Icario keeps PII for 10 years for audit purposes.
Official Version
Please note that any translation of this Notice is intended solely to facilitate your access to this information. The English version is the only official version of this Notice, and any translation inaccuracies or discrepancies are not binding and have no legal effect.
Contact Information
If you have any questions, comments or concerns about this Notice, you may contact us via email at privacy@icariohealth.com.
Or you can write to us at:
Icario, Inc
Attn: Privacy Officer
5401 Gamble Drive; Suite 201
Minneapolis, MN 55416