Kaiser Permanente provides a website, a mobile-enabled website, and a mobile app:
The Websites and the App allow our members and other users to view health-related information, communicate with our practitioners and staff, arrange for clinical and health plan services, and access additional services.
This Privacy Statement applies to the Websites and the App, which are owned and operated by Kaiser Foundation Health Plan, Inc. (“Kaiser Permanente”, “KP”). This Privacy Statement describes how Kaiser Permanente collects and uses the personal information you provide on, and other information that is collected from your use of the Websites and the App. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.
All of your protected health information maintained by Kaiser Permanente, including information you provide on the Websites and the App, is also subject to the Notices of Privacy Practices issued by KP under the Health Insurance Portability and Accountability Act (“HIPAA”). The Notices of Privacy Practices may contain additional provisions relating to the use and disclosure of your information that go beyond the terms of this Privacy Statement.
Kaiser Permanente is committed to protecting the privacy of the users of the Websites and the App. We will use and disclose your personal information as stated in this Privacy Statement.
Use and disclosure of health information includes using the information to provide treatment to the individual, to make payments for such treatment, and to conduct ongoing quality improvement activities. Our use and disclosure of an individual's personal information (including health information) is limited as required by state and federal law. We do not sell or rent personal information about visitors to the Websites or the App.
The Websites and the App have security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control both during transmission and once the information is received. These measures include encryption of data using the Secure Socket Layer (SSL) system, and using a secured messaging service when we send your personal information electronically to the Websites or the App. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Websites or the App by Internet, text message or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed in the "Questions, complaints, and contacts" section at the end of this Privacy Statement.
We may revise this Privacy Statement from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we make material changes to our Privacy Statement, we will post notice of this on our Websites and the APP prior to the changes becoming effective. Any revised Privacy Statement will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We include a version number on this Privacy Statement consisting of the date (year, month, and day) it was last revised. We encourage you to periodically reread this Privacy Statement, to see if there have been any changes to our policies that may affect you.
In addition to web logs, described below, Kaiser Permanente routinely gathers data on website and mobile application activity, such as how many people visit the site or mobile applications, the web pages or mobile screens they visit, where they come from, how long they stay, etc. The data is collected on an aggregate basis, which means that no personally identifiable information is associated with the data. This data helps us improve our content and overall usage. The information is not shared with other organizations for their independent use.
The Websites and the App do not honor a browser’s signal or header request not to track the user's activity.
In order to ensure a good user experience, certain data may be temporarily or permanently cached by the Mobile Applications on users’ mobile devices. Any data that is personally identifiable will be encrypted and will not be viewable by anyone without access to the user’s User ID and Password.
Except as disclosed in this Privacy Statement, we do not collect any personally identifiable information about visitors to the Websites or the App. The policies, sources, uses and disclosures of information are outlined in Sections 1 through 19 that follow:
We collect the following personal information from you:
We use and disclose this information to:
As is true of most websites, we gather certain information automatically. We maintain standard Web logs that record data about all visitors and customers who use the Websites or the App and we store this information for no longer than reasonably useful to carry out its legitimate business purpose, or as legally required. These logs may contain the Internet domain from which you access the site (such as aol.com, abc.org, etc.); the IP address which is automatically assigned to your computer when you get on the Internet (a static IP address may be identifiable as being connected to you, while a dynamic address is usually not identifiable); the type of browser and operating system you use; the date and time you visited; the pages or mobile screens you viewed; and the address of the website you linked from, if any. If you sign on to the Websites or the App to use secured features, our Web logs will also contain an individual identifier and show the services you have accessed.
All Web logs are stored securely, and may only be accessed by Kaiser Permanente employees or designees on a need-to-know basis for a specific purpose. Kaiser Permanente uses Web log information to help us design our Websites and the App, to identify popular features, to resolve user, hardware, and software problems, to make the Websites and the App more useful to visitors and for security purposes.
We and our partners may place Internet "cookies" or similar technologies on the computer hard drives of visitors to the Websites or the App. Information we obtain helps us to tailor our site and the App to be more helpful and efficient for our visitors. The cookie consists of a unique identifier that does not contain information about your health history. We use two types of cookies, "session" cookies and "persistent" cookies, along with other similar technologies.
A session cookie is temporary, and expires after you end a session and close your web or app browser. We use session cookies to help customize your experience on our site, maintain your signed-on status as you navigate through our features, and to track your "click path" through our Web pages or mobile screens.
Persistent cookies remain on your hard drive after you've exited from our website, and we use them for several reasons. For instance, if you've given us permission to email you with information about your Kaiser Permanente benefits, or for other reasons, we may place a persistent cookie on your hard drive that will let us know when you come back to visit our site. We sometimes use this type of persistent cookie with a "Web beacon" (see below). Persistent cookies will not contain any personal health information about you such as a Kaiser Permanente Health/Medical Record number.
You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Websites or the App may not work properly for you. For instructions on how to remove cookies from your hard drive, go to your browser's website for detailed instructions. In addition, further information regarding cookies may be available on other websites or from your Internet service provider. Safari, Chrome, Firefox, Internet Explorer and iOS browsers are commonly used browsers.
We may also occasionally use "Web beacons" (also known as "clear gifs," "Web bugs," "1-pixel gifs," etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or email, that can tell us if you've gone to a particular area on our website. For example, if you've given us permission to send you emails, we may send you an email urging you to use a certain feature on our website. If you do respond to that email and use that feature, the Web beacon will tell us that our email communication with you has been successful. We do not collect any personal health information with a Web beacon, and do not link Web beacons with any other personal health information you've given us.
Since Web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, Web beacons cannot function.
If you wish to not have this information used for the purpose of serving you targeted ads, you may opt out. Please note this does not opt you out of being served advertising. You may continue to receive generic non-targeted ads.
Kaiser Permanente uses a third-party vendor to help us manage some of our email and text messaging communications with you. While we do supply these vendors with email addresses or mobile telephone numbers of those we wish them to contact, your email address or mobile telephone number is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you've clicked on that link, and have visited our Websites or KP Mobile Application. Kaiser Permanente never shares any information, other than your email address or telephone number, with our third-party email and text messaging vendors, which may only share this information with its authorized subcontractors.
Even if you have given us permission to send emails or text messages to you, you may revoke that permission at any time by following the "unsubscribe" information at the bottom of the email or by replying “Stop” to any text message you receive from us.
We will periodically ask users to complete surveys asking about their experiences with features of the Websites or the App. Our surveys ask visitors for demographic information such as age, gender, and education, but will not request that users provide specific information about any medical condition. We use survey information for evaluation and quality improvement purposes, including helping Kaiser Permanente to improve information and services offered through the Websites and the App. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.
If you apply for Kaiser Permanente membership through the Websites or the App, you will be asked during the application process to disclose certain personal information so that we can evaluate your eligibility, and you will be asked to verify the truthfulness of your answers.
Comments or questions sent to us using email or secure messaging forms will be shared with Kaiser Permanente staff and health care professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response.
Some of our services such as our automated appointment selection and prescription refill services interact directly with other Kaiser Permanente data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems.
When you use a service on the secure section of the Websites or the App to interact directly with Kaiser Permanente health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.
If you provide us with your credit card number for pharmacy prescriptions or other payments, we will treat your credit card number in a secure manner.
Requests to view and correct personal information from the Websites or the App may be submitted using the contact information in the "Questions, complaints, and contacts" section below.
If your personal information changes, or to update or request deletion of information collected on our Websites or the App, or if you believe a third party has provided us with your personal information and you would like to request that it be edited or removed from our database, please use the contact information in the “Questions, complaints, and contacts” section below. We will respond to all access requests within 30 days.
We do not knowingly collect personally identifiable information from children under the age of 13. If Kaiser Permanente is made aware of collecting information from a child under 13 we will delete this information.
We may disclose personal information to any person performing audit, legal, operational, or other services for us. We will use information which does not identify the individual for these activities whenever reasonably possible. Information disclosed to vendors or contractors for operational purposes may not be re-disclosed to others by such a vendor or contractor, except as permitted by KP and applicable law.
We may also disclose your personal information to third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us.
These services may include:
We may also disclose your personal information:
If a user makes a request to receive information (for example, requesting a subscription to one of our online publications) in an ongoing manner through the Websites or the App by providing an email address or mobile phone number the user may request to discontinue future mailings or messages. Similarly, if you receive information about a Kaiser Permanente service through email or text message, you may make a request to discontinue receiving similar messages in the future. All such materials sent to you by email or text message will contain information about how to opt out. Please note, however, that you cannot opt out of certain messages, such as an email letting you know that a doctor has sent you a secure message, or our Partners in Health newsletter.
Also, if as a member you register to use protected features on our Websites or the App, you may be given an opportunity to receive emails about different types of Kaiser Permanente products, services, announcements, and updates. On our website, you may change your preferences by clicking "my profile" at the top right of each page, then choosing "communication preferences" on the left.
State and federal laws may allow you to request that we limit our uses and disclosures of your personal information for treatment, payment, and health care operations purposes. We will consider all requests and, if we deny your request, we will notify you in writing. Federal law requires us to agree to your request to restrict disclosures to a health plan or insurer relating to specific health care services, if you have paid for those services in full. The law does not, however, require us to restrict any disclosures we think are important for treatment purposes.
We will retain your information for as long as your account is active or as needed to provide you services. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Our Websites and the App include Social Media Features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our site, and may set a cookie to enable the Feature to function properly. Social Media Features are either hosted by a third party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing them.
Our Websites and the App include links to other websites whose privacy practices may differ from those of Kaiser Permanente. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.
If you are using the App to find our facilities and other locations, with your permission, we will use the geolocation feature of your mobile device to give you directions to that facility. When you download and use the App, we automatically collect information on the type of device you use, operating system version, and the device identifier (or “UDID). We do not share your location information with any third party and do not use it for any reason other than to give you directions. You may opt out of location based services by editing the setting at the device level. For additional information regarding how to do this, please contact us by sending a message to the Kaiser Permanente Web manager.
If you have any questions about this Privacy Statement, our policies and practices concerning the Websites or the App, your rights under this statement, and your dealings with the Kaiser Permanente Websites or the App, you can contact Kaiser Permanente by telephone at 1-800-556-7677 (toll free), or 711 (toll-free TTY for the hearing/speech impaired), by sending a message to the Kaiser Permanente Web manager, or by U.S. mail at the address below:
Kaiser Permanente Digital Experience Center
4460 Hacienda Drive, Building A, Third Floor
Pleasanton, CA 94588
If you have an unresolved privacy or data use concern that we have not addressed satisfactorily, please contact our U.S.-based third party dispute resolution provider (free of charge) at https://feedback-form.truste.com/watchdog/request.
Last revised September 13, 2017.