Kaiser Permanente provides a website, a mobile-enabled website, and a mobile app:
- “kaiserpermanente.org,” or “healthy.kaiserpermanente.org,” or “kp.org” and “m.kp.org” (the Websites)
- “KP Mobile Application” (the App), for both iPhone and Android
The Websites and the App allow our members and other users to view health-related information, communicate with our practitioners and staff, arrange for clinical and health plan services, and access additional services.
This Privacy Statement applies to the Websites and the App, which are owned and operated by Kaiser Foundation Health Plan, Inc. (“Kaiser Permanente”, “KP”). This Privacy Statement describes how Kaiser Permanente collects and uses the personal information you provide on, and other information that is collected from your use of the Websites and the App. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
Kaiser Permanente has received TRUSTe’s Privacy Seal signifying that this Privacy Statement and our practices have been reviewed for compliance with the TRUSTe program, viewable on the validation page available by clicking the TRUSTe seal.
The TRUSTe program covers only information that is collected through the Websites and the App, and does not cover information that may be collected through any other Kaiser Permanente mobile application or website.
All of your protected health information maintained by Kaiser Permanente, including information you provide on the Websites and the App, is also subject to the Notices of Privacy Practices issued by KP under the Health Insurance Portability and Accountability Act (“HIPAA”). The Notices of Privacy Practices may contain additional provisions relating to the use and disclosure of your information that go beyond the terms of this Privacy Statement.
Kaiser Permanente is committed to protecting the privacy of the users of the Websites and the App. We will use and disclose your personal information as stated in this Privacy Statement.
Website and mobile application Privacy Statement
Use and disclosure of health information includes using the information to provide treatment to the individual, to make payments for such treatment, and to conduct ongoing quality improvement activities. Our use and disclosure of an individual’s personal information (including health information) is limited as required by state and federal law. We do not sell or rent personal information about visitors to the Websites or the App.
The Websites and the App have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control. These measures include encryption of data using the Secure Socket Layer (SSL) system, and using a secured messaging service when we send your personal information electronically to the Websites or the App. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Websites or the App by Internet, text message or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed in the “Questions, complaints, and contacts” section at the end of this Privacy Statement.
Revisions to the Privacy Statement
We may revise this Privacy Statement from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we make material changes to our Privacy Statement, we will post notice of this on our Websites and the APP prior to the changes becoming effective. Any revised Privacy Statement will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We include a version number on this Privacy Statement consisting of the date (year, month, and day) it was last revised. We encourage you to periodically reread this Privacy Statement, to see if there have been any changes to our policies that may affect you.
Website and mobile application visitor data
Kaiser Permanente routinely gathers data on website and mobile application activity, such as how many people visit the site or mobile applications, the web pages or mobile screens they visit, where they come from, how long they stay, etc. The data is collected on an aggregate, anonymous basis, which means that no personally identifiable information is associated with the data. This data helps us improve our content and overall usage. The information is not shared with other organizations for their independent use.
The Websites and the App do not honor a browser’s signal or header request not to track the user’s activity.
Data caching by mobile applications
In order to ensure a good user experience, certain data may be temporarily or permanently cached by the Mobile Applications on users’ mobile devices. Any data that is personally identifiable will be encrypted and will not be viewable by anyone without access to the user’s User ID and Password.
Collecting and using personal information
Except as disclosed in this Privacy Statement, we do not collect any personally identifiable information about visitors to the Websites or the App. The policies, sources, and uses of information are outlined in Sections 1 through 19 that follow:
1. Information collection and use
We collect the following personal information from you:
- contact information such as name, email address, mailing address, and phone number
- age or date of birth
- unique identifiers such as user name, account number, and password
- preferences information such as preferred first name and the types of emails you’d like to receive from us
- health or medical information
- credit card information
- medical record number or health record number
- if you apply for Kaiser Permanente coverage online, personal health and demographic information about you and those dependents for whom you wish to receive coverage
- your location, if you ask for directions to a facility from your mobile device
We use this information to:
- communicate your health information, or the health information of someone you are caring for, to health care providers treating you or the other person
- communicate to you the health information of others you are authorized to act on behalf of on the Websites or the App
- pay for prescription refills or medical bills
- apply for Kaiser Permanente coverage
- send you requested product or service information
- respond to customer service requests
- administer your account
- send you newsletters, text messages or email communications
- respond to your questions and concerns
- improve our website, app, and marketing efforts
- conduct internal quality improvement or business analysis
- display driving directions on your mobile device
2. Web logs
We maintain standard Web logs that record data about all visitors and customers who use the Websites or the App and we store this information. These logs may contain the Internet domain from which you access the site (such as aol.com, abc.org, etc.); the IP address which is automatically assigned to your computer when you get on the Internet (a static IP address may be identifiable as being connected to you, while a dynamic address is usually not identifiable); the type of browser and operating system you use; the date and time you visited; the pages or mobile screens you viewed; and the address of the website you linked from, if any. If you sign on to the Websites or the App to use secured features, our Web logs will also contain an individual identifier and show the services you have accessed.
All Web logs are stored securely, and may only be accessed by Kaiser Permanente employees or designees on a need-to-know basis for a specific purpose. Kaiser Permanente uses Web log information to help us design our Websites and the App, to identify popular features, to resolve user, hardware, and software problems, and to make the Websites and the App more useful to visitors.
3. Internet cookies
We may place Internet “cookies” on the computer hard drives of visitors to the Websites or the App. Information we obtain from cookies helps us to tailor our site and the App to be more helpful and efficient for our visitors. The cookie consists of a unique identifier that does not contain information about you or your health history. We use two types of cookies, “session” cookies and “persistent” cookies.
A session cookie is temporary, and expires after you end a session and close your web or app browser. We use session cookies to help customize your experience on our site, maintain your signed-on status as you navigate through our features, and to track your “click path” through our Web pages or mobile screens.
Persistent cookies remain on your hard drive after you’ve exited from our website, and we use them for several reasons. For instance, if you’ve given us permission to email you with information about your Kaiser Permanente benefits, or for other reasons, we may place a persistent cookie on your hard drive that will let us know when you come back to visit our site. We sometimes use this type of persistent cookie with a “Web beacon” (see below). Persistent cookies will not contain any personal information about you such as a Kaiser Permanente Health/Medical Record number.
You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Websites or the App may not work properly for you. For instructions on how to remove cookies from your hard drive, go to your browser’s website for detailed instructions. In addition, further information regarding cookies may be available on other websites or from your Internet service provider. Safari, Chrome, Firefox, Internet Explorer and iOS browsers are commonly used browsers.
4. Web beacons
We may also occasionally use “Web beacons” (also known as “clear gifs,” “Web bugs,” “1-pixel gifs,” etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or email, that can tell us if you’ve gone to a particular area on our website. For example, if you’ve given us permission to send you emails, we may send you an email urging you to use a certain feature on our website. If you do respond to that email and use that feature, the Web beacon will tell us that our email communication with you has been successful. We do not collect any personal health information with a Web beacon, and do not link Web beacons with any other personal health information you’ve given us.
Since Web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, Web beacons cannot function.
If you wish to not have this information used for the purpose of serving you targeted ads, you may opt out. Please note this does not opt you out of being served advertising. You may continue to receive generic non-targeted ads.
6. Emails and SMS text messaging
Kaiser Permanente uses a third-party vendor to help us manage some of our email and text messaging communications with you. While we do supply these vendors with email addresses or mobile telephone numbers of those we wish them to contact, your email address or mobile telephone number is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor’s servers (although this process will be invisible to you) which will register that you’ve clicked on that link, and have visited our Websites or KP Mobile Application. Kaiser Permanente never shares any information, other than your email address or telephone number, with our third-party vendors, which may only share this information with its authorized subcontractors.
Even if you have given us permission to send emails or text messages to you, you may revoke that permission at any time by following the “unsubscribe” information at the bottom of the email or by replying “Stop” to any text message you receive from us.
7. Evaluation and quality improvement
We will periodically ask users to complete surveys asking about their experiences with features of the Websites or the App. Our surveys ask visitors for demographic information such as age, gender, and education, but will not request that users provide specific information about any medical condition. We use survey information for evaluation and quality improvement purposes, including helping Kaiser Permanente to improve information and services offered through the Websites and the App. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.
8. Application for Kaiser Permanente membership
If you apply for Kaiser Permanente membership through the Websites or the App, you will be asked during the application process to disclose certain personal information so that we can evaluate your eligibility, and you will be asked to verify the truthfulness of your answers.
9. Messages and transactions
Comments or questions sent to us using email or secure messaging forms will be shared with Kaiser Permanente staff and health care professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response.
Some of our services such as our automated appointment selection and prescription refill services interact directly with other Kaiser Permanente data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems.
When you use a service on the secure section of the Websites or the App to interact directly with Kaiser Permanente health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
10. Credit card transactions
If you provide us with your credit card number for pharmacy prescriptions or other payments, we will treat your credit card number in a secure manner.
11. Data integrity and correction
Requests to view and correct personal information from the Websites or the App that is documented in your medical record may be submitted using the contact information in the “Questions, complaints, and contacts” section below.
If your personal information changes, or to update or request deletion of information collected on our Websites or the App, please use the contact information in the “Questions, complaints, and contacts” section below. We will respond to all access requests within 30 days.
We do not knowingly collect personally identifiable information from children under the age of 13. If Kaiser Permanente is made aware of collecting information from a child under 13 we will delete this information.
We may disclose personal information to any person performing audit, legal, operational, or other services for us. We will use information which does not identify the individual for these activities whenever reasonably possible. Information disclosed to vendors or contractors for operational purposes may not be re-disclosed to others by such a vendor or contractor, except as permitted by KP and applicable law.
We may also disclose your personal information:
- as required by law, such as to comply with a subpoena, or similar legal process
- as described in our Notices of Privacy Practices for protected health information
- when we believe in good faith that disclosure is necessary to protect our rights, protect you or others from threats of imminent harm, investigate fraud or other activity in violation of the law, or respond to a government request
- to protect the security and reliability of the Websites and the App
- if Kaiser Permanente is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on our Websites and the App of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information
- to any other third party with your prior consent to do so
14. Opt out
If a user makes a request to receive information (for example, requesting a subscription to one of our online publications) in an ongoing manner through the Websites or the App by providing an email address or mobile phone number the user may request to discontinue future mailings or messages. Similarly, if you receive information about a Kaiser Permanente service through email or text message, you may make a request to discontinue receiving similar messages in the future. All such materials sent to you by email or text message will contain information about how to opt out. Please note, however, that you cannot opt out of certain messages, such as an email letting you know that a doctor has sent you a secure message, or our Partners in Health newsletter.
Also, if as a member you register to use protected features on our Websites or the App, you may be given an opportunity to receive emails about different types of Kaiser Permanente products, services, announcements, and updates. On our website, you may change your preferences by clicking “my profile” at the top right of each page, then choosing “communication preferences” on the left.
15. Other requests to limit use and disclosure of your personal information
State and federal laws may allow you to request that we limit our uses and disclosures of your personal information for treatment, payment, and health care operations purposes. We will consider all requests and, if we deny your request, we will notify you in writing. Federal law requires us to agree to your request to restrict disclosures to a health plan or insurer relating to specific health care services, if you have paid for those services in full. The law does not, however, require us to restrict any disclosures we think are important for treatment purposes.
16. Data retention
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements
17. Social media
Our Websites and the App include Social Media Features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing them.
18. Links to third party websites
Our Websites and the App include links to other websites whose privacy practices may differ from those of Kaiser Permanente. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
If you are using the App to find our facilities and other locations, with your permission, we will use the geolocation feature of your mobile device to give you directions to that facility. When you download and use the App, we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID). We do not share your location information with any third party and do not use it for any reason other than to give you directions. You may opt out of location based services on an iOS device by editing the setting at the device level; Android does not have an opt out function.
Questions, complaints, and contacts
If you have any questions about this Privacy Statement, our policies and practices concerning the Websites or the App, your rights under this statement, and your dealings with the Kaiser Permanente Websites or the App, you can contact Kaiser Permanente by telephone at 1-800-556-7677 (toll free), 1-800-777-1370 TTY (toll free), by sending a message to the Kaiser Permanente Web manager, or by U.S. mail at the address below:
Kaiser Permanente Digital Services Group
5820 Owens Drive, Building E-2, Second Floor
Pleasanton, CA 94588
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact TRUSTe.