HIPAA Notice of Privacy Practices


Website and Mobile Application Privacy Statement

Introduction

Kaiser Permanente provides this website (the “Website”) or mobile app (the “App”).

The Website and the App are referred to collectively in this Privacy Statement as the "Site."

This Privacy Statement applies to the Site, which is provided by Kaiser Foundation Health Plan, Inc., Kaiser Foundation Hospitals, Risant Health, Inc., or the Permanente Medical Groups ("Kaiser Permanente" or "KP"). This Privacy Statement describes how Kaiser Permanente collects and uses the personal information you provide on, and other information that is collected from your use of the Site. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information. Note that this Privacy Statement reflects the collective policies and practices applicable to all Kaiser Permanente Sites and some of the policies and practices described may not apply to this Site if the relevant services are not available on this Site.

Personal information means information that is individually identifiable. Information that has been de-identified by Kaiser Permanente or others is no longer personal information and is not covered by the terms of this Privacy Statement.

All of your protected health information maintained by Kaiser Permanente, including information you provide on the Site, is also subject to the Notices of Privacy Practices issued by KP under the Health Insurance Portability and Accountability Act ("HIPAA"). The Notices of Privacy Practices may contain additional provisions relating to the use and disclosure of your information that go beyond the terms of this Privacy Statement.

Kaiser Permanente is committed to protecting the privacy of the users of the Site. We will use and disclose your personal information as stated in this Privacy Statement.

Site Privacy Statement

Use and disclosure of health information includes using the information to provide treatment to the individual, to make payments for such treatment, and to conduct ongoing quality improvement activities and other healthcare operations activities. Our use and disclosure of an individual's personal information (including health information) is limited as required by state and federal law.

We do not sell or rent personal information about visitors to the Site.

Security

The Site has security measures in place that are intended to help protect against the loss, misuse, unauthorized access or alteration of information under our control. These measures include encryption of data using the Secure Socket Layer (SSL) system, and using a secured messaging service when we send your personal information electronically to the Site. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Site by Internet, text message or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed in the "Questions, complaints, and contacts" section at the end of this Privacy Statement.

Revisions to the Privacy Statement

We may revise this Privacy Statement from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we make material changes to our Privacy Statement, we will post a notice on our Site prior to the changes becoming effective. Any revised Privacy Statement will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We include a version number on this Privacy Statement consisting of the date (month and year) it was last revised. We encourage you to periodically reread this Privacy Statement, to see if there have been any changes to our policies that may affect you.

Site visitor data

In addition to web logs, described below, Kaiser Permanente routinely gathers data on Site activity, such as how many people visit the Site, the web pages or mobile screens they visit, where they come from, how long they stay, etc. This data helps us improve our content and overall usage. The information is not shared with other organizations for their independent use.

The Site does not honor a browser's signal or header request not to track the user's activity.

Data Caching

To ensure a good user experience, certain data may be temporarily or permanently cached by the Site on users' devices.

Collecting, Using and Disclosing Personal Information

1. Information Collection and Use

We collect the following personal information from you:

  • contact information such as name, email address, mailing address, and phone number
  • age or date of birth
  • unique identifiers such as username, account number, IP address and password
  • preferences information such as preferred first name and the types of emails you'd like to receive from us
  • health or medical information (such a health symptoms, health conditions and medications)
  • debit and credit card information
  • medical record number or health record number if you apply for Kaiser Permanente coverage online, personal health and demographic information about you and those dependents for whom you wish to receive coverage
  • your device location

We use and disclose this information to:

  • communicate your health information, or the health information of someone you are caring for, to health care providers treating you or the other person
  • communicate to you the health information of others you are authorized to act on behalf of on the Site
  • help you pay for prescription refills or medical bills
  • help you apply for Kaiser Permanente coverage
  • send you requested product or service information
  • respond to customer service requests
  • administer your account
  • send you newsletters, voice messages, text messages or email communications
  • respond to your questions and concerns
  • improve our Site and marketing efforts
  • conduct internal quality improvement or business analysis
  • customize your experience on the Site, including the display of location-based information that is relevant to your care and how to find care
  • de-identify the information in accordance with HIPAA and/or other applicable law

When you provide us with personal information about dependents and family members, we will only use this information for the specific reason for which it is provided. Any personal information you provide us when seeking health insurance or coverage is a voluntary submission of that information under applicable law.

2. Cookies, Log Data and Other Online Technologies

When you access the Site, we, and the third-party companies we partner with may collect and store certain information by using technologies such as server logs, cookies, web beacons, clear gifs, tags, e-tags, flash cookies, pixels, code, Javascript packages, software development kits, and similar technologies. The information collected by these technologies includes information about your computer or mobile device and the network you use to access the Services, as well as information about your use of the Site. Depending on your activities on the Site and your settings on your browser, the information collected by us and the third-party companies may include software and hardware attributes of the device, device ID information, regional and language settings, performance data about the Site, network provider, IP address, browser or operating system type and version, demographic or inferred-interest information, search terms, the activities and actions taken on the site, as well as information you have submitted to us through the Site. Third parties may also receive additional information such as advertising IDs associated with you or your device.

In addition, we, and third-party companies we partner with, may collect and store some information in the form of log files that record website activity. For example, log file entries are generated every time a user visits a particular page or clicks an image on our Website, and collects information on how many “hits” a particular web page is getting (a.k.a. “click-through data”), the dates and times that you use the Site, the pages you visit, the amount of time spent on specific pages, and other similar usage information, and general data (including the name of the web page from which you entered our Site). 

We may also use web beacons and other technologies to collect information about your interaction with our email communications. When you open or view the content of our emails, we and the third-party companies we partner with will receive information including confirmation that the email was viewed, the time that the email was opened, the IP address of the device that was used to open the email, the type of software used to read the email, and the existence of any cookies previously sent. 

We, and the third-party companies we partner with, may use the information collected through all of these technologies to operate the Site, understand general usage and volume statistics, how users navigate to and around our Sites, what content is viewed or accessed, what searches were performed, the performance of our Site, to help us design our Site, to identify popular features, to resolve hardware and software problems, to make the Site more useful to visitors, to evaluate the effectiveness of our email communications, for marketing and advertising, and for security purposes. We may also use these technologies and the information collected to keep track of your preferences.

We may also use this information to allow third parties to provide analytics and advertising services to us and to serve advertisements to you on our behalf across the internet and in mobile applications. For example, third-party advertising companies may use the fact that you visited our Site to target advertising to you on other websites and mobile apps on your current device or on other devices you use. They may match your browsers or devices if you log into the same sites or online services on multiple devices. These third-party advertising partners may use the information they receive for both our purposes and their own purposes, including advertising, analytics, attribution, and reporting purposes.

You are responsible for monitoring and configuring available privacy settings on the Site. Be aware that when using a shared device to access the Site your privacy settings may be reset by other users of the shared device.

OPT OUT: You can disable the sharing of your personal information for cross-contextual behavioral advertising or targeted advertising through these technologies by clicking on the Your Privacy Choices link on our Website footer and changing the Targeting Technologies toggle to Inactive. This will turn those technologies “off.”

Google Analytics. We use Google Analytics on the Site. If you would like more information on how Google uses data when you visit or use our Site, please visit www.google.com/policies/privacy/partners. If you would like to opt-out, Google provides an opt-out tool which is available at https://tools.google.com/dlpage/gaoptout.

Chatbot Technology. We use chatbots to help provide customer service and support, including through the use of a virtual assistant. A chatbot is a software application that mimics human conversations in text or voice interactions on our website or through our customer service hotline. It enables the communication between a human and a machine, which can take the form of messages or voice commands. The chatbot is designed to work without the assistance of a human operator. It responds to questions posed to it in natural language as if it were a real person using a combination of pre-programmed scripts and machine learning algorithms. When asked a question, the chatbot will answer using the knowledge database that is currently available to it. If you use our chatbot service, we will collect any personal information you provide to use. We will also create, record, and store a transcript of your chat interaction with us which will be shared with and stored by our third-party service providers.

Session Replay Technology. We may use session replay technology on our Site. Session replay technology, also referred to as session playback or user experience (UX) replay, collects information regarding records and tracks your interactions with a website or application. It then transforms those logged user events (such as mouse movements, clicks, page visits, scrolling, tapping, etc.) into a reproduction of what you actually did on the website or application. We use session replays for quality control, customer service, fraud prevention and security, and marketing purposes. Our session replay technology is owned and operated by a third-party who acts as our service provider. The information collected by this technology may be collected by, transferred to, and stored by our third-party service providers.

3. Emails, Voice Messages and SMS Text Messaging

Kaiser Permanente may use a third-party vendor to help us manage some of our email and voice/text messaging communications with you. While we do supply these vendors with email addresses or telephone numbers of those we wish for them to contact, your email address or telephone number is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email or SMS text, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you've clicked on that link, and have visited our Site. Kaiser Permanente never shares any information, other than your email address or telephone number, with our third-party email and voice/text messaging vendors, which may only share this information with its authorized subcontractors or as required by law.

At any time, and even if you have expressly given us permission to send voice/text messages to you, you may communicate your desire not to receive additional voice/text messages by following the stop or opt-out instructions in the voice or text message, by adjusting your preferences on kp.org (for only certain categories of communications), or by contacting Member Services. You may re-subscribe to any or all voice/text campaign categories by contacting Member Services or by adjusting your preferences on kp.org (for only certain categories of communications).

4. Evaluation and Quality Improvement

We will periodically ask users to complete surveys asking about their experiences with features of the Site. Our surveys ask visitors for demographic information such as age, gender, and education, but will not request that users provide specific information about any medical condition. We use survey information for evaluation and quality improvement purposes, including helping Kaiser Permanente to improve information and services offered through the Site. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.

5. Application for Kaiser Permanente Membership

If you apply for Kaiser Permanente membership through the Site, you will be asked during the application process to disclose certain personal information so that we can evaluate your eligibility, and you will be asked to verify the truthfulness of your answers.

6. Messages and Transactions

Comments or questions sent to us using email or secure messaging forms will be shared with Kaiser Permanente staff and health care professionals who are most able to address your concerns. We may archive your messages once we have made our best effort to provide you with a complete and satisfactory response.

Some of our services such as our automated appointment selection and prescription refill services interact directly with other Kaiser Permanente data systems. Data about your transaction may be stored in these systems, and available to people who test and support these systems.

When you use a service on the secure section of the Site to interact directly with Kaiser Permanente health care professionals, some information you provide may be documented in your medical record, and available for use to guide your treatment as a patient.

7. Credit Card Transactions

If you provide us with your payment card number for pharmacy prescriptions or other payments, we will treat your payment card number in a secure manner.

8. Data Integrity and Correction

You have the right to request to view and correct personal information from the Site. Such requests may be submitted using the contact information in the "Questions, Complaints, and Contacts" section below.

If your personal information changes, you have the right to update or request deletion of information collected on our Site, or if you believe a third party has provided us with your personal information and you would like to request that it be edited or removed from our database, please use the contact information in the "Questions, Complaints, and Contacts" section below. We will respond to all access requests within 30 days.

9. Disclosures

We may disclose personal information to any person performing audit, legal, operational, or other services for us. We will use information which does not identify the individual for these activities whenever reasonably possible. Information disclosed to vendors or contractors for operational purposes may not be re-disclosed to others by such a vendor or contractor, except as permitted by KP and applicable law.

We may also disclose your personal information to third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us pursuant to written instructions. In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use your personal information they receive from us for any other purpose.

These services may include:

  • payment processing
  • providing customer service
  • sending marketing communications
  • fulfilling subscription services
  • conducting research and analysis
  • providing cloud computing infrastructure

We may also disclose your personal information:

  • as permitted or required by law, such as to comply with a subpoena, or similar legal process
  • as described in our Notices of Privacy Practices for protected health information
  • when we believe in good faith that disclosure is necessary to protect our rights, protect you or others safety from threats of imminent harm, investigate fraud or other activity in violation of the law, or respond to lawful request by public authorities (including to meet national security or law enforcement requirements)
  • to protect the security and reliability of the Site
  • if Kaiser Permanente is involved in a merger, acquisition, or sale of all or a portion of its assets, you will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information
  • to any other third party with your prior consent to do so
  • to Kaiser Permanente entities to carry out business planning and development and business management and general administrative activities, such as to provide, maintain and personalize our sites and services, and to communicate with you

10. Opt-out

If a user makes a request to receive information (for example, requesting a subscription to one of our online publications) in an ongoing manner through the Site by providing an email address or mobile phone number the user may request to discontinue future mailings or messages. Similarly, if you receive information about a Kaiser Permanente service through email or voice/text message, you may make a request to discontinue receiving similar messages in the future. Materials sent to you by email or voice/text message may contain information about how to opt out. Please note, however, that you cannot opt out of certain messages, such as an email letting you know that a doctor has sent you a secure message or appointment reminders. For more information regarding what email communications are considered essential for registered Website members, and for which you cannot opt-out of, please review the Site Terms and Conditions.

Also, if as a member you register to use protected features on our Site, you may be given an opportunity to receive emails, voice or text messages about different types of Kaiser Permanente products, services, announcements, and updates. On our Site, you may change your preferences by clicking "my profile" at the top right of each page, then choosing "communication preferences" on the left.

11. Other Requests to Limit the Use and Disclosure of Your Personal information

State and federal laws may allow you to request that we limit our uses and disclosures of your personal information for treatment, payment, and health care operations purposes. We will consider all requests and, if we deny your request, we will notify you in writing. Federal law requires us to agree to your request to restrict disclosures to a health plan or insurer relating to specific health care services, if you have paid for those services in full. The law does not, however, require us to restrict any disclosures we think are important for treatment purposes.

12. Data Retention

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy statement, including to meet our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law.

13. Social Media

Our Site includes Social Media Features, such as the Facebook button. These Features may collect your IP address, which page you are visiting on our Site, and may set a cookie to enable the Feature to function properly. Social Media Features are either hosted by a third-party or hosted directly on our Site. Your interactions with these Features are governed by the privacy statement of the company providing them.

14. Links to Third-Party Websites

Our Site includes links to other websites whose privacy practices may differ from those of Kaiser Permanente. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

15. Location

An IP address (also called Internet address) is assigned to your device by your Internet Service Provider, and is a requirement to use the internet. IP addresses are used to make the connection between your device and the websites and services you use. You can't prevent a website or app from getting the IP address of your device. Your IP address includes some general information about your device location and we use that to display your proximate location in the website and mobile app user experience. We derive your internet device's proximate location from your IP address, which is provided to us when you come to the Site. We do this to provide you with a customized experience on our Site, including the display of location-based information that's relevant to you and your care.

We may use your precise device location using technologies like GPS, Wi-Fi, and Bluetooth, to help you find a facility, doctor, or directions within a facility or to provide you with timely notices when you visit a facility.

Please note that in the App, you may opt in or out of location-based services by editing the App location setting at the device level. For additional information regarding how to do this on your device, please contact us by sending a message to the Kaiser Permanente Web manager.

16. Third-Party Applications

At your request, we may send your personal information to applications and websites that are created and owned by a third party. Kaiser Permanente does not control those applications or websites, or application or website providers and is not responsible for the integrity, privacy, security or breach of data transferred to, or stored in the application or website, or the use or disclosure of data by the application or website, or the application or website provider once the data are released by Kaiser Permanente. We encourage you to carefully review the terms of use and privacy policy and settings that apply to these third-party applications and websites and approve release of any data only to those applications and websites that you trust.

Questions, Complaints and Contacts

If you have any questions about this Privacy Statement, our policies and practices concerning the Site, your rights under this statement, and your dealings with the Kaiser Permanente Site, you can contact Kaiser Permanente by telephone at 1-800-556-7677 (toll free), or 711 (toll-free TTY for the hearing/speech impaired), by sending a message to the Kaiser Permanente Web manager, or by U.S. mail at the address below:

Kaiser Permanente, kp.org Privacy
4460 Hacienda Drive, Building A, Third Floor
Pleasanton, CA 94588

Last revised: June 2025

Version 2.0