Privacy Statement

Effective: 01/1/2019 


(If you are a CA resident, this statement includes your California Privacy Rights)


The Healthyroads® program is designed to provide individuals with an evidence-based educational resource for fitness planning and health related lifestyle improvement. The Healthyroads Program (“ Healthyroads ” or “ Program ”) is provided by American Specialty Health Management, Inc., a subsidiary of American Specialty Health Incorporated.  The Healthyroads Program and the Healthyroads website (the “ Healthyroads Website ”, “ Website ”, or “Healthyroads.com”) are owned and operated by American Specialty Health Incorporated, a Delaware corporation with a mailing address of 10221 Wateridge Circle, San Diego, CA 92121, on behalf of itself and its subsidiaries (collectively “ ASH ” or “ We ”). 


ASH values its users (“ you ”) and respects your privacy. We are committed to using your information responsibly. The information you provide to us through the Healthyroads Program or on the Healthyroads Website is governed by this Privacy Statement. This Privacy Statement informs users about Healthyroads’ information practices, including: what personal information we collect through the Healthyroads Program and on the Healthyroads Website; how personal information is collected; how personal information will be used; and the choices you have about the collection and use of personal information. 


This Privacy Statement, together with the Healthyroads  Terms and Conditions , govern your participation in the Healthyroads Program and your use of the Healthyroads Website. By using the Healthyroads Website, or otherwise participating in the Healthyroads Program, you accept and agree to be bound by this Privacy Statement and the  Terms and Conditions


From time to time, we may update and modify this Privacy Statement to accommodate new technology, industry practices, regulatory requirements, or for other purposes. We will provide you with notice if the changes are material and, when required by applicable law, we will obtain your consent. 




CALIFORNIA DO NOT TRACK DISCLOSURE  


ASH does not track Healthyroads.com users across third party websites, nor does it allow third parties to collect personally identifiable information on Healthyroads.com.  


CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS  


Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.


ASH does not knowingly share your personal information with third parties for their direct marketing use without your permission.  California residents may send requests for information-sharing disclosure under this law by emailing  HIPAA@ashn.com   with the subject line “California Privacy Rights” or by mail at the address located in the contact section below.  Please note that, under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address or below mailing address. 




NOTE TO INTERNATIONAL USERS


The Healthyroads Program and Website are intended for U.S. residents only. If you are outside of the United States and access the Healthyroads Website or submit your Personal Information to us, please be advised that U.S. law may not offer the same privacy protections as the law of your jurisdiction. By using the Healthyroads Website or submitting your Personal Information to us, you consent to the transfer to and processing of your Personal Information in the United States.




What kind of personal information does ASH collect?


    • When you register on Healthyroads.com, we collect your name, date of birth, address, e-mail address, and home phone number. 
    • If you use the  Personal Health Assessment  feature of Healthyroads.com, we collect your responses to the health assessment questionnaire.   
    • If you participate in  Biometric Screening , we receive your biometric screening results from the participating screening vendor to populate your personal health scorecard on Healthyroads.com. 
    • If you use the  Challenges  feature of Healthyroads.com, we collect the date you join the challenge; your current weight and goal weight (within weight challenges); device activity (if you decide to join an     activity tracking challenge that utilizes your activity or fitness tracking device); healthy eating and healthy habit entries, and entries related to well-being challenges.. If you participate in a group Challenge, we     will also collect your name; date accepted, invited, or declined; and rank within the challenge. If you use the Challenge Chatter feature within Challenges, we may collect social comments between participants,     first name, last name and initials. 
    • If you use the  Accountabilities  feature of Healthyroads.com, we collect the date you send an accountability invitation; the subject and recipient of the invitation; and your message content.
    • If you use the  Healthyroads Connected! ® feature of Healthyroads.com, you allow us to receive your activity information, such as steps taken in a day, height, weight, and calories, from your activity or fitness     tracking device (e.g., Fitbit®, Garmin®, etc.). When you use the  Healthyroads Connected!  feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a     third-party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on Healthyroads.com.  By using the  Healthyroads     Connected!  feature, you also allow us to receive profile information from your device, if applicable, or from your own input, including gender, birth year, height, weight, and time zone.  
    • If you use the  Healthyroads CheckIn! ® mobile app feature of Healthyroads.com (which allows members to electronically log their fitness center visits), we will receive the location information of the fitness     center you visit and your check-in and check-out times at such facility.   NOTE:  In order to use the  Healthyroads CheckIn!  mobile app, you must enable and allow GPS location tracking on your activity or fitness     tracking device, and if you do not wish for your device location to be tracked, please do not use the  Healthyroads CheckIn!  mobile app because, without the location information, the app will not be able to log     your fitness center visits. To learn more about what data we collect through or within the  Healthyroads CheckIn!   mobile app and how we use the data, please view the  Healthyroads CheckIn!  mobile app     Privacy Statement within the app, or you may request a hard copy through one of the contact methods listed in the “How to Contact Healthyroads.com for Questions” section below.
    • If you enroll in a fitness center through Healthyroads.com, we may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in our network and, by     enrolling in such a fitness center for the purpose of participating in the Healthyroads program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf.     Alternatively, depending on availability within your program, you can submit to us your fitness center visit information directly, either through the  Healthyroads CheckIn!  mobile app or by sending to us via     email, fax or postal mail your visit logbook signed by the fitness center or in a printout form provided by the fitness center.  
    • If you use the Contact Us page of Healthyroads.com to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, inquiry type, and your comment or inquiry     message.
    • Additionally, we may collect demographic information from Healthyroads.com members, such as age, gender, and areas of interest, as well as users’ IP addresses (which are numerical numbers that are     automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of Healthyroads.com (page requests, pages     visited, content viewed, clicks, search queries made, etc.).


If  you choose not to provide your Personal Information, certain features of the Healthyroads Program and Healthyroads Website will not be available to you. 


We may also collect information about your use of the Healthyroads Website, which cannot be used to identify you. For more information about how we collect this “ Usage Information ,” please see the section on Cookies and Other Similar Technologies below.


How does ASH use my information? 


We use information collected on Healthyroads.com to enable users to access and use the Healthyroads program tools and features provided on Healthyroads.com. For example:


    • If you register on Healthyroads.com, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on Healthyroads.com is required for        users to gain access to special tools and features of the Healthyroads program, such as  Personal Health Assessment, Scorecard, Challenges, Accountabilities, and Connected!   
    • If you use the  Personal Health Assessment  feature of Healthyroads.com, we will use your responses to calculate your health stratification and populate your personal health scorecard with actions and     recommendations driven by your responses to the health assessment, and recommend program features, such as coaching if available under your plan. We will use such recorded information to verify and     determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program applicable to you).
    • If you participate in  Biometric Screening , your biometric screening results will be used to populate your personal health scorecard and recommend program features, such as coaching if available under your     plan. We will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program     applicable to you).
    • If you use the  Challenges  feature of Healthyroads.com, we will use your information to track your participation and progress in a challenge and determine if you have met the challenge or won the challenge.     We will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program     applicable to you). We may also provide challenge goal completion information to your benefit plan sponsor for incentive or reward fulfillment purposes only.  If you participate in a group Challenge, we will also     incorporate your name and rank within the challenge on the challenge leaderboard.
    • If you use the  Accountabilities  feature of Healthyroads.com, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools     of the  Accountabilities  feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
    • If you use the  Healthyroads Connected!  feature of Healthyroads.com, we will record your fitness center visit and exercise, and your other independent activity information over time, and will use such     recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program applicable to you).     ASH may also disclose your  Healthyroads Connected!  activity information, such as steps taken over time, to your health plan or plan sponsor to assist in the administration of your benefit and/or for incentives,     rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your  Healthyroads Connected!  profile, we may use this information to calculate and display     your calorie metrics based on activity reported through your  Healthyroads Connected!  -enabled device.  
    • If you use the  Healthyroads CheckIn!   mobile app feature of Healthyroads.com, we will record the location information of each fitness center you visit and your check-in and check-out times at each such     fitness center over time and will use such recorded information to verify and determine whether you are eligible for applicable incentives and/or rewards under your program (and/or under another member     rewards program applicable to you).
    • If you enroll in a fitness center through Healthyroads.com, we will use your information to process your enrollment and will use your fitness center location and date of visit information (whether submitted to us     directly by you or provided to us on your behalf by the fitness center) to verify and determine whether you are eligible for applicable rewards under your program (and/or under another member rewards program     applicable to you).  
    • If you use the Contact Us page of Healthyroads.com, we will use your information to process and respond to your comment, inquiry, or request (as the case may be).
    • We use user demographic information, IP addresses and clickstream data collected on Healthyroads.com for internal purposes, such as improving Healthyroads.com and associated tools and features; measuring     and analyzing Healthyroads.com user interests, traffic, and usage patterns; etc.


Under what circumstances does ASH share user information collected on the Healthyroads Website or through the Healthyroads program with third parties?


We may provide your information to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness center, in order to confirm your eligibility, conduct billing, fulfill your incentive or reward according to your program, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.


We may also share your information with third parties in the following circumstances:


    • as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of Healthyroads.com and associated tools and features;  
    • as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
    • as reasonably necessary to prevent or address harm or threats of harm to self or others;
    • as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
    • as reasonably necessary to enforce this Privacy Statement and/or the Terms & Conditions for Healthyroads.com;
    • as reasonably necessary to protect the rights, property or safety of ASH and ASH Management, our members and users, and/or the public.


Furthermore, if we are involved in a merger, acquisition, financing, or sale of business or assets, information collected from and about users (including personal health information and other personally identifiable information) may be transferred to one or more third parties involved in such transaction and, upon such transfer, the relevant third-party privacy policy or policies may govern further use of the information. In the event of such a change, we will endeavor to notify our users of the change as well as any choices our users may have regarding the change.
In addition, we may share with select third parties (including, without limitation, our members’ employers and health plans) aggregate statistics regarding Healthyroads.com members, such as member demographics, interests, traffic, and usage patterns. The information so shared will not include personal health information or other personally identifiable information of Healthyroads.com members.


If I participate in an employer-sponsored wellness program, does ASH share my information with my employer?    


As noted above, ASH will only share your information with your employer or plan sponsor for billing purposes and/or to help process your wellness incentives. We will not share with your employer individually identifiable Protected Health Information, unless you provide your explicit consent to do so, or as otherwise noted in this Privacy Statement. We may also share your information with other third-party health or wellness vendors that contract directly with your employer or plan sponsor to manage your benefits, as noted above. If we share your information with such a contracted third party vendor, we will only share the minimum necessary information in order to manage your benefits and the vendor to whom we disclose your information will be bound by similar privacy obligations as ASH. If you have any questions on how your information may be used or disclosed in the coordination and management of your benefits, you should consult your group health plan’s Notice of Privacy Practices, if applicable to your plan sponsor, or your plan sponsor’s benefit administrator. 


ASH will not share the following information with your employer, though your employer may direct us to send this information to other administrators of your employee benefits with whom your employer has contracted for fulfillment, analysis, or other operational purposes, but only as permitted by law:


    • Your actual responses to the Personal Health Assessment. 
    • The details of your coaching sessions or interactions with a Healthyroads Coach®. 
    • Your specific biometric scores or reported results from wellness/biometric screenings.


ASH may share the following information with your employer:


    • The number of coaching sessions you have completed may be reported as need to qualify you for a related incentive.
    • The incentive point value associated with participating in the wellness/biometric screening.
    • Other participation-based (not outcomes or results based) information related to your wellness program.
    • Aggregate (group level, not individually identifiable) statistical information on how your group’s overall health and wellness metrics perform in relation to other Healthyroads enrollees. This is known as aggregate     “benchmarking” data and is used only to help your employer understand the overall value of the program.


Can users opt out of collection of personal information on Healthyroads.com? 


No. The functionality of Healthyroads.com and associated tools and features requires that we collect and receive certain personal information from and about participants in the Healthyroads program. If you do not wish to have your personal information collected or received by us, you should not use the Healthyroads Website or participate in the Healthyroads program. 


Can users disable their accounts and delete their information collected on the Healthyroads Website or through enrollment in the Healthyroads program?


Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, personal information collected on the Healthyroads Website, or through the Healthyroads Program generally, cannot be deleted or removed from ASH’s database and will be retained in accordance with ASH’s record retention policy. User accounts, however, may be disabled upon written request, using the contact information at the end of this Privacy Statement.


How can users opt out of receiving communications from ASH?


If you have provided your email address, postal address, and/or telephone number to ASH, you may opt out of receiving marketing/promotional communications from ASH by contacting ASH as described at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from ASH. Please note that email unsubscribe requests may not take effect immediately. 


NOTE: Your opt-out regarding our marketing/promotional communications will not stop communications from ASH of a transactional nature or as required by law.  For example, we will still send you communications regarding your account, request or inquiry you have made with ASH, notices regarding material changes to the Healthyroads Website or its information practices, and other administrative notices. 


How does ASH protect the privacy of minors regarding the Healthyroads Website?  


ASH is concerned about the safety of children when they use the internet. Healthyroads.com is not intended for use by persons under the age of majority (e.g., under the age of 18 in California). If ASH becomes aware that a user is under the age of 18 and has provided personal information to us without prior parental consent, ASH will remove all information provided by such underage user from its database. 


How does ASH use cookies and other similar technologies on Healthyroads Website?
 
We use cookies and other similar technologies on the Healthyroads Website to help us remember who you are, to enhance and personalize your experience, to understand and save your preferences for future visits, to compile group information about our users, and to carry out other tasks relating to the operation or improvement of the Healthyroads Website.


    • “ Cookies " are small text files that are placed on your hard disk by a webpage server. Cookies cannot be used to run programs or deliver viruses to your computer. Cookies are uniquely assigned to you, and can only be read by a web server in the domain that issued the cookie to you. Most web browsers are initially set to accept cookies, but you can change your browser settings to notify you when you are sent a cookie, giving you the ability to accept or reject it, or you can choose to routinely and manually delete cookies stored on your computer or mobile device. Each time you revisit the Healthyroads Website, your ability to restrict our use of cookies on that service is subject to your browser settings and limitations at the time. Please note that if you choose to disable or reject cookies from the Healthyroads Website, some portions and features of the Healthyroads Website may become inaccessible or may not function properly.


For more information on how to manage cookies, visit  http://www.aboutcookies.org/.


    • We may also use " web beacons " – which can be included in web pages or in emails for reporting and analytic purposes, such as counting users who have visited a web page and/or tracking usage patterns. We do not gather personal information of any kind via this activity. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, refuse HTML (select Text only) emails via your email.


    •  Google Analytics:  Google Analytics to collect information to improve the Website, such as how often users visit the Website, what pages they visit when they do so, and what other websites they used prior to visiting the Healthyroads Website. Google Analytics places a cookie on your web browser so that it can identify you the next time you visit the Website, and the cookie cannot be used by anyone but Google. Google’s ability to use and share information collected by Google Analytics about your visits to the Website is restricted by the Google Analytics Terms of Use and the Google Privacy Policy. If you don’t want Google Analytics to be used in your browser, you can install the Google Analytics opt-out browser add-on which is available at  https://tools.google.com/dlpage/gaoptout .


    •  Do Not Track:  Some web browsers incorporate a "do-not-track" (“ DNT ”) or similar feature that signals to websites that a visitor does not want to have his/her online activity tracked. If a website receives a DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, we (along with many other website operators) do not currently respond to DNT signals. For more information about DNT signals, visit  https://allaboutdnt.com/ .




How does ASH safeguard user information?  


In order to maintain confidentiality and safeguard the security of Personal Information, ASH has implemented company-wide policies regarding privacy, security, and confidentiality. ASH has, and will maintain for as long as it accesses, processes, stores, or transmits member personal information, a comprehensive information security program that complies with applicable state and federal law.  This program applies to all locations, systems, devices, and equipment used by ASH to access, process, store, or transmit member personal information (“ASH Systems”), and it includes physical, administrative, and technical security controls that are designed to prevent unauthorized access to, disclosure of, loss of, or use of the ASH Systems and the member personal information that those ASH Systems process, store, or transmit (“Safeguards”).  ASH regularly tests and monitors the effectiveness of its Safeguards.


Despite these measures, the confidentiality of your Personal Information cannot be guaranteed. You have a responsibility to protect your Personal Information. We encourage you to take appropriate steps to protect your Personal Information, such as using a complex password when you register for the Program. We recommend at a minimum using a combination of uppercase letters, lowercase letters, numbers, and special characters when selecting the password that you will use to access the Healthyroads website. Increasing the length and complexity can create a stronger password that will make your Healthyroads account more secure. Never share your user account password with anyone. Additionally, ensuring that the device from which you are accessing Healthyroads is secure and has sufficient privacy and security controls will also help to secure your account information. 


What is Healthyroads.com’s advertising policy?  


We do not allow third-party advertising on Healthyroads.com. 


What is ASH’s policy regarding links to other websites and services?  


For your convenience, the Healthyroads Website may provide links to third-party websites and online services not owned or controlled by or affiliated with ASH (each, a “Linked Third-Party Website/Service”). Linking does not mean, and should not be deemed or construed to mean, that ASH endorses or approves or is affiliated with a Linked Third-Party Website/Service. ASH is not responsible for the information privacy and security policies or practices of a Linked Third-Party Website/Service. When you leave the Healthyroads Website to visit a Linked Third-Party Website/Service, this Privacy Statement no longer applies, and any information collected from or about you by a Linked Third-Party Website/Service will be governed by that site/service’s privacy policies and practices, which may be substantially different from those of ASH. A Linked Third-Party Website/Service may set or use its own cookies, web beacons, etc. to your computer or mobile device, and may collect information from and about you and use the information in ways that ASH would not. You access a Linked Third-Party Website/Service entirely at your own risk. You should always read the privacy policy associated with a Linked Third-Party Website/Service before disclosing any personal information. 


For more on Links, please see the Healthyroads Website  Terms and Conditions .


How can I contact Healthyroads.com or ASH for questions? 


Questions and requests may be submitted through the Contact Us feature of the Healthyroads Website, or using the following contact information:


U.S. Mail: Healthyroads Customer Service   
P.O. Box 509040   
San Diego, CA 92150-9040 
Phone:   1-877-330-2746  
E-mail:   service@healthyroads.com   


Privacy and Security Contact Information     

ASH has a designated Privacy Officer and an Information Security Officer to oversee our privacy and security programs. You may direct questions about these programs to these individuals by either calling (877) 427-4766 or emailing  HIPAA@ashn.com

Changes to Privacy Statement   


We reserve the right to make changes to this Privacy Statement at any time by posting the new policy on Healthyroads.com. Except where otherwise stated by applicable law, changes to this Privacy Statement will become effective when the new policy is posted on Healthyroads.com, and such posting will constitute our notice to you regarding the changes, and by continuing to use Healthyroads.com following such posting, you accept and agree to be bound by the new policy.


We encourage you to check the website regularly to see if we have made any modifications to this Privacy Statement.


The Healthyroads Program and use of the Healthyroads Website are governed by the Healthyroads Website  Terms and Conditions