Washington Consumer Health Data Privacy Notice

This Washington Consumer Health Data Privacy Notice applies to “consumer health data” collected from Washington state residents and those whose consumer health data is collected through BeneSys, Inc. (“Company”, “BeneSys”, “we,” “our,” or “us”) as related to the services we offer when you visit to our Website (as defined below) or when you otherwise utilize our products and services (the “Services”), which collectively include:

  • the use of com; beaconspyglass.com; benefitdriven.com; www.bpalja.com; memberbenefitsonline.com; yourtrustoffice.net; ourbenefitoffice.com; or any other BeneSys owned URL (individually and collectively, the “Website” or “Site”).
  • the use of mobile applications made available by us.
  • the use of our products and services.

This notice applies to Washington residents and those whose consumer health data is collected in Washington. “Consumer health data” means personal information that is linked or reasonably linkable to a consumer and that identifies the consumer’s past, present, or future physical or mental health status, under the Washington State My Health My Data Act (MHMDA). BeneSys also maintains other privacy notices that provide disclosures about personal information that is not consumer health data subject to MHMDA. We may update this notice if there are any material changes to the information contained herein. We encourage you to periodically review our Site and this notice for any changes.

This notice does not apply where an exception or exemption applies such as with respect to protected health information under the Health Insurance Portability and Accountability Act (“HIPAA”) and data that is subject to the Gramm-Leach-Bliley Act (“GLBA”). Most consumer health data we process is regulated under HIPAA or GLBA or is processed for a necessary function.

This Privacy Notice sets out the essential details relating to your consumer health data relationships with BeneSys as:

  • A website visitor
  • An end user of one of our applications (“end user”)
  • A prospective client
  • Partners
  • Trustee
  • Providers
  • Health Plans

Consumer Health Data Collected

If you visit our website, we may collect personal information through tracking technologies essential to running our website, from third parties that you permit to share your information, or from third parties that share public information about you.

Our collection, use, retention, and sharing of personal information shall be necessary and proportionate to achieve the purposes for which such information is collected or processed, or for another disclosed purpose that is compatible with the context in which the information was collected, and not further processed in a manner that is incompatible with those purposes.

We may collect the following categories of consumer health data:

  • Individual health conditions, treatment, diseases, or diagnosis;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed medication;
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Gender-affirming care information;
  • Reproductive or sexual health information;
  • Location information that could reasonably indicate a consumer’s attempt to acquire or receive health services or supplies. BeneSys does not collect data related to your precise geolocation. We collect your IP address automatically when you use our Site. We can determine your general location based on the IP address, but not your precise geolocation;
  • Audio/Video data – If you contact us via phone, we may record the call. We will notify you if a call is being recorded at the beginning of the call. The content of a call could incidentally include consumer health data; and
  • Other information that may be processed to derive or infer data related to the above or other consumer health data.

The categories of consumer health data above may include the following personal information, when collected in connection with your past, present, or future physical or mental health status:

  • Identifierssuch as name, phone number, username, password, company name, job title, business email address, and department when you create an account with us or provided to us. This may also include your Social Security Number. We use this information to provide our Services and to respond to your requests.
  • Protected Classification Information such as age and date of birth when you create an account with us or when your information is provided to us.
  • Commercial Informationsuch as records of your interactions with us and the services provided.
  • Internet or Other Similar Network Activity Informationregarding your interaction with our Website. This includes device(s) used to access the services and information regarding your interaction with our Website or Services and other usage data.

Why We Collect and Use Consumer Health Data

To the extent we collect your Consumer Health Data as described above, we may use it for the following purposes:

  • Performing services on behalf of the business or service provider, including maintaining or servicing accounts, providing customer service, processing or fulfilling orders and transactions, verifying customer information, processing payments, providing financing, providing advertising or marketing services, providing analytic services, or providing similar services on behalf of the business or service provider.
  • Undertaking internal research for technological development and demonstration.
  • Undertaking activities to verify or maintain the quality or safety of a service or device that is owned, manufactured, manufactured for, or controlled by the business, and to improve, upgrade, or enhance the service or device that is owned, manufactured, manufactured for, or controlled by the business.
  • To comply with the law and our legal obligations, to respond to legal process and related to legal proceedings.
  • Detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity.
  • Debugging to identify and repair errors that impair existing intended functionality.
  • Short-term, transient use, provided that the personal information is not disclosed to another third party and is not used to build a profile about a consumer or otherwise alter an individual consumer’s experience outside the current interaction, including, but not limited to, the contextual customization of ads shown as part of the same interaction.

Categories of Sources

We generally collect personal information, including consumer health data, from the following categories of sources:

  • Directly from you and automatically via our websites;
  • Our affiliates; and
  • Our vendors

Our Sharing of Consumer Health Data

We do not sell your personal information. We may share it with a third party or disclose it to a service provider or contractor in furtherance of a business purpose. The categories of third parties and other recipients with whom we may share consumer health data as necessary to provide our products and services requested by consumers are:

  • Our affiliates;
  • Or business customers (as directed by that business partner);
  • Government or public authorities as required to comply with any applicable law, regulation, legal process, or governmental request.

How to Exercise Your Rights

MHMDA grants consumers certain rights regarding their consumer health data including a right of access, a right to withdraw consent for collection and sharing, and a right of deletion, subject to certain exceptions.

If you would like to exercise your rights under the MHMDA, you may make a request by contacting us at the following email address: corporate.compliance@benesys.com, or call us at the following toll-free number: (888) 659-8789. Please indicate that you are making a request pursuant to your “Washington Privacy Rights.”

Notice Effective Date: March 31, 2024