HF Logo

Online Privacy Policy for Healthfirst, Inc.

Effective Date: July 12, 2024

Last Updated: October 16, 2024

Healthfirst, Inc. is a not-for-profit health insurer that offers high-quality, affordable plans to fit every life stage for its New York member base. We value your relationship with us and are proud to respect your privacy and protect your personal information.

This website is owned, operated, licensed, and controlled by Healthfirst, Inc. (“Healthfirst,” and together with Healthfirst, Inc., “Healthfirst”, “we,” “us,” or “our”). This Privacy Policy (“Privacy Policy” or “Policy”) describes the types of personal information we collect from our plan members (“Members”), website visitors, and other individuals (collectively, “you”) when they visit our website at https://healthfirst.org and all related websites and applications (collectively, our “Sites”), as well as over the course of providing our member benefits and other products and services, whether that personal information is collected online, via other electronic communications or telephone, in paper correspondence, or in person (collectively, the “Services”). This Policy also describes how we use your personal information, under what circumstances we may share it and with whom, and your rights and choices.

For the purposes of this Privacy Policy, “personal information” means information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular individual. It does not include publicly available information or information that has been de-identified or aggregated.

Please note that your health and medical information and other personal information collected for purposes of providing healthcare or managing your health insurance are regulated by the federal Health Insurance Portability and Accountability Act (HIPAA) and similar federal and state laws (collectively “protected health information”), including the privacy and security protections of those laws. Accordingly, this Policy does not pertain to protected health information. Any coverage of protected health information in this Policy is incidental and provided merely to enhance your understanding of our data collection and use practices and does not waive or override our obligations under other laws. Please visit https://healthfirst.org/privacy-notices for more information regarding our collection and use of protected health information. To the extent your use of the Sites are subject to a separate agreement, in the event of a conflict between that agreement and this Policy, the agreement will govern.

This Policy also does not apply to third-party sites, products, or services, even if they link to our Sites or Services, and we encourage you to read the privacy policies of any third-party site with which you choose to interact. Where links to third-party sites are integrated in our Sites or Services, we will make every effort to clearly mark them as such.

Table of Contents

This Privacy Policy explains the following. Please click on each section for more detail.

  1. Collection of Personal Information. We collect personal information when you communicate with us or register for our Site, including data you provide, automatically collected data, and data from third party sources.
  2. How We Use Your Personal Information. We use your personal information in many ways, including to provide our Site and Services, communicate with you, maintain a safe and secure environment, and comply with legal obligations.
  3. How We Share Your Personal Information. We share your personal information for several reasons, including for our own internal purposes and to promote various products and services.
  4. Cookie Policy. We may collect personal information from you automatically using cookies and other tracking technologies.
  5. Your Rights and Choices. You can change certain privacy and communications preferences at any time.
  6. Data Security and Retention. We maintain technical, administrative, and physical safeguards to help protect the security of your personal information.
  7. Confidentiality and Use of Email. You are solely responsible for the content of your email messages and can take precautions to prevent compromise.
  8. International Data Transfers. Our Sites and Services are operated from within the United States and intended only for individuals located in the United States.
  9. Use by Children. We do not knowingly collect personal data from individuals under the age of 13 years without parental consent.
  10. Links to Other Sites. This Privacy Policy does not apply to third-party websites and applications.
  11. Changes to This Privacy Policy. We may update this Privacy Policy from time to time.
  12. Contact Information. You may contact us in several ways.

1. Collection of Personal Information

The types of personal information we collect will be apparent by the context of the page or your interactions with us, and generally includes personal information you choose to provide us and personal information we collect as you interact with our Sites and Services.

a. Personal Information You Provide To Us

We may collect the following categories of personal information about you that you choose to provide to us when you use the Sites and Services, including when you contact us or respond to our communications, create a new account on our Site, interact with us on social media, or participate in our events.

  • Contact information. When you seek to contact us, you may provide certain of your contact information including your first and last name, home address, phone number, email address, and home zip code.
  • Account information. When you register for an online account on our Site, you may be asked to provide your name, date of birth, email address, phone number and Healthfirst member identification number.
  • Communications information. When you communicate with us by responding to our emails, contacting member services, or otherwise contact or respond to us, we may collect information about the communication and any other information you choose to provide in the content of those communications. If you contact us by telephone, we will collect the phone number you use to call us and additional information to verify your identity and process your inquiry. You may also provide your preferences as to communication channels to us.

b. Personal Information We Automatically Collect

In addition to the personal information you choose to provide us, our Sites and Services use cookies, and similar tracking technologies that automatically collect personal information about you, including:

  • Browser and device data, such as your device identifier, Internet Protocol (“IP”) address, device type, operating system and browser type, screen resolution, operating system name and version, device manufacturer and model, language, plug-ins, add-ons, and the language version of the sites you are visiting.
  • Usage data, such as geolocation data, browsing history, time, frequency and patterns of service use, pages visited, links clicked, language preferences, and the pages that led or referred you to our Site.

This collection may involve the use of third-party cookies on our Sites to help us analyze your use of our Sites and diagnose technical issues. In addition, we may share this tracking information with third parties for the limited purposes indicated herein. To learn more about our use of cookies and how you can opt-out of analytics tracking by third parties, please see our Cookie Policy.

c. Personal Information From Third-Party Sources

We may collect personal information about you from third-party sources, including our affiliate companies, business associates and other vendors, as well as our clients and business partners. This may include personal information collected:

  • From governmental agencies;
  • From our affiliated healthcare providers; and
  • From our third-party business partners whose products and services we have promoted to you and for which you have subsequently signed up, purchased, or requested more information about.

This collection may include the following types of personal information:

  • Contact information, such as address and phone number; and
  • Demographics, interests, and preferences.

These third parties collect this personal information and provide it to us pursuant to their privacy policies and other contractual and legal obligations, as may be applicable. To control the information that we receive from a third-party, please update your privacy settings or preferences with that third party or in your browser.
We may combine the personal information that you provide with information that we obtain from these sources, including both online and offline data providers.

2. How We Use Your Personal Information

We will not sell or rent any personal information you provide to us. We may use the personal information that we collect about you for the following purposes:

a. Offering and Operating our Sites and Services

Generally speaking, we may use your personal information to:

  • Provide you with the Services, products, or information that you request
  • Provide you with customer service and other communications, including information specific to your plan eligibility, benefits, and coverages
  • Provide you with information about our Services and other opportunities that we believe may be of interest to you, and to personalize, measure, and improve such offers
  • Conduct analytics for memberships, website visitors, and new products and services
  • Maintain and improve the quality of our Site and Services
  • Protect ourselves, you, and others, prevent fraud, and create and maintain a trusted and secure online environment; or
  • Comply with our legal obligations, respond to subpoenas, court orders, or legal process, or to establish or exercise our legal rights or defend against legal claims.

b. Offering and Operating our Sites and Services

We may combine personal information collected from you via the Sites and Services with other information we obtain from our business records or third-party sources in order to provide you with a better experience and to provide and improve and maintain our Sites and Services. Additionally, personal information collected about you from a particular browser or device may be linked to personal information collected from another computer or device that we believe relates to you.

3. How We Share Your Personal Information

We may share certain of your personal information with our business associates, partners and other entities, consistent with the circumstances in which we have collected the information and for the following reasons:

  • Our business associates and other vendors, as necessary to provide services on our behalf such as website hosting, analytics, site optimization, communications, marketing, technical support, and customer support.
  • Our third-party promotional partners, as necessary to facilitate promotional offers to you and provide those products and services as requested.
  • Our corporate affiliates, consistent with the provision of requested Services to you.
  • For business transactions, subject to applicable law, in the event of a merger, acquisition, bankruptcy, or other sale or transfer of all or a portion of our assets. We cannot promise that an acquiring party or the merged entity will have the same privacy practices or treat your information the same as described in this Policy. If any such transaction occurs and the terms of this Privacy Policy are materially changed as a result, we will provide you with notice before personal information is transferred and becomes subject to a different privacy policy.
  • For legal compliance and harm prevention, including to respond to legal process (such as subpoenas, court orders, or search warrants, etc.) or to establish or exercise our legal rights or defend against legal claims. We also may provide information in order to investigate, prevent, or take action regarding illegal activities or wrongdoing; to protect the rights, property, or safety of Healthfirst, its Members, and others; to enforce our agreements and policies; or as otherwise required by law.

The Sites may use cookies and similar technologies to improve user experience, for performance and analytics, provide tailored digital advertisements, and to customize and enhance our content, products, and services. A “cookie” is a small text file that a web server stores in browser software. A browser sends cookies to a server when the browser makes a connection to that server (for example, when requesting a web page from the same domain that created the cookie).

The general purpose of cookies is to remember a browser over time and distinguish one browser instance (or user) from all others. Some cookies and other technologies may track the personal information users provide when they interact with a site and may store such personal information. We may use first-party and third-party cookies to ensure that our Sites and Services function properly, to understand how individuals use and engage with our Sites and Services and to analyze and improve our Site and Services.

We may use third-party vendors, including Google, who use first-party cookies and third-party cookies together to inform, optimize, and serve advertisements based on your past activity on the Sites. The information collected may be used to, among other things, analyze and track data, determine the popularity of certain content, and better understand online activity. We encourage you to review Google’s relevant privacy policies. If you do not want any information to be collected and used by Google Analytics, you may be able to install an opt-out in your web browser.

Most browsers are initially set up to accept cookies, but you can reset your browser to block or delete all cookies in your browser’s settings using the links provided below. Please note that if you block essential cookies, certain parts of the Site may not function properly.

5. Your Rights and Choices

a. Electronic Marketing Communications

To the extent applicable, if you would like to stop receiving our emailed newsletter or other electronic marketing or promotional messages and notifications, you may do so by following the unsubscribe instructions that appear in our email or text communications. You may also be able to manage your electronic communications preferences by contacting us using the information in the Contact Us section. We will endeavor to comply with these requests as soon as reasonably practicable. Please be advised that you may not be able to opt-out of receiving certain service or transactional email messages from us that are required to provide you with our Services.

b. Accessing, Changing, or Deleting Your Personal Information

If you have an account with us, we provide you with the ability to review, correct, or update certain personal information that we have collected about you. You may do so by signing into your Healthfirst account or if you do not have an account, by contacting us. If you wish to delete your account with us, you may do so by contacting us.

You have the right to access your personal information, as well to request to change or delete such information. For your own protection, we may require additional information or contact you to verify your identity before processing your request. We will not fulfill your request unless you have provided sufficient information that enables us to reasonably verify that you are the consumer about whom we collected the personal information on. We will endeavor to comply with your request as soon as reasonably practicable.

  • Right to Know. You have the right to, up to twice in a 12-month period, request what personal information we collect, use, and/or disclose, as applicable.
  • Right to Delete. You have the right to request under certain circumstances the deletion of your personal information that is collected by us. Please note there are many potential reasons certain information cannot be deleted and are not, therefore, subject to this right to be deleted, such as where certain information including, but not limited to, protected health information is required by law to be maintained for up to ten (10) years.
  • Right to Non-Discrimination. You have the right not to receive discriminatory treatment for the exercise of the privacy rights described above.

6. Data Security and Retention

The privacy and security of your personal information is deeply important to us. To that end, Healthfirst maintains technical, administrative, and physical safeguards to help protect the security of your personal information against unauthorized access, destruction, loss, alteration, misuse or disclosure. Within Healthfirst, your personal information is accessible to only a limited number of personnel who need access to the information to perform their duties. Please note, however, that no method of transmission over the Internet or method of electronic storage is 100% secure.

7. Confidentiality and Use of Email

You are solely responsible for the content of your email messages and other web-based communications. It is important to use your best judgment when sending information to Healthfirst via email and similar methods. These communications may pass through private and public networks with varying levels of security. Some, but not all, of these networks may have taken appropriate steps to secure the email transmissions. It is thus possible for the privacy and integrity of an email message to be compromised.

If you wish to share personal or other sensitive information with Healthfirst, please call the Member Services telephone number located on your ID card. This is the safest way to ensure that your information is not intercepted and possibly misused by others.

8. International Data Transfers

Healthfirst offers health plans for New Yorkers. As such, our Site and Services are operated from the United States and intended only for Members, potential Members, and web visitors located in the United States. Any collection of personal information from individuals located outside the United States is unintentional and/or incidental.

That said, it is possible that your personal information is transferred outside of your state, country, or other governmental jurisdiction in order for the Healthfirst to render the collection, use, and sharing practices disclosed elsewhere in this Privacy Policy.

Those jurisdictions may have data protection rules that are different from those of your jurisdiction. If so, we will take measures to ensure that any such transfers comply with applicable data protection laws and that your personal information remains protected to the standards described in this Privacy Policy. Personal information transferred to another country may be subject to lawful access requests by courts, law enforcement agencies, or other government authorities in those other countries.

9. Use by Children

Our Sites and Services are not directed toward individuals under the age of 13 (“Children”). We do not knowingly collect personal information from Children, and no personal information should be submitted to our Sites by Children. If we learn we have collected or received personal information from a Child, without appropriate consents, we will delete that personal information as permitted by law. You must be old enough to consent to the processing of your personal information in your country, and you must be at least 18 years of age to use our Services. If you believe we may have any collected personal information from a child under the age of 13 without parental consent, please submit a written request via the email to HIPAAprivacy@healthfirst.org.

Our Sites and Services may contain links or otherwise provide access to third-party sites, which may include websites or mobile applications. These links are maintained for your informational purposes only and to point you toward the products and services of third parties that we believe may be of interest to you. Please note that we have no control over and are not responsible for third-party sites, their content, or any products or services available through the third-party sites. Our Privacy Policy does not apply to third-party sites. We encourage you to read the privacy policies of any third-party sites with which you choose to interact.

11. Changes to This Privacy Policy

Advancements in technology will continue to provide us with new and improved ways to collect and use information so that we may better serve your health care needs. We may update this Privacy Policy from time to time to reflect those advances, and we encourage you to regularly return to this page for any updates.

The date this Privacy Policy was last updated is identified at the top of this page. Any changes are effective when we post the revised Privacy Policy on the Sites. If we make material changes to this Privacy Policy that expand our rights to collect new personal information or to use differently any personal information that we have previously collected about you, we will use our available contact information about you – if you are an existing member – to reasonably notify you of such updates and provide you with the new disclosures by posting it on our Sites and/or via email.

12. Contact Information

If you have any questions or concerns about this Privacy Policy or our privacy practices, please do not hesitate to contact us. You can email us, write to us, or call us using the information below:

Healthfirst Privacy Office
P.O. Box 5183
New York, NY 10274-5183

Email: HIPAAprivacy@healthfirst.org

<END>

You are now navigating away from the Healthfirst website.

Links to non-Healthfirst websites are provided for your convenience only. Healthfirst is not responsible or liable for the content, accuracy, or privacy practices of linked sites, or for products or services described on these sites.