(If you are a CA resident, this statement includes your California Privacy Rights)
The Healthyroads ® program and website (collectively, "Healthyroads.com") is designed to provide individuals with an evidence-based educational resource for fitness planning and health-related lifestyle improvement. Healthyroads.com is provided by American Specialty Health Management, Inc. ("ASH Management"), a subsidiary of American Specialty Health Incorporated (“ASH”).
Healthyroads.com values its users, respects user privacy and is committed to using personal information responsibly.
For the purposes of this Privacy Statement the terms “we” and “our” refer to Healthyroads.com and ASH Management, and the terms “member” or “you” mean an authorized user of Healthyroads.com.
Healthyroads.com will not release, sell, rent, or trade your personal information to any third party without your permission, except when we believe in good faith that the law requires it, or to protect our own rights and properties, or as outlined in this Privacy Statement.
You should read and familiarize yourself with this Privacy Statement and with the Healthyroads.com Terms & Conditions . By using Healthyroads.com, you acknowledge and consent to our collection, processing and use of your information as described in this Privacy Statement. For any questions about this Privacy Statement, please contact us directly. Healthyroads.com will respond to any questions within 10 business days from the date of receipt. Contact Healthyroads.com directly through any means noted at the end of this Privacy Statement. If information practices change, Healthyroads.com will post the revised policy on Healthyroads.com and/or will notify users through direct communication.
CALIFORNIA DO NOT TRACK DISCLOSURE
ASH Management does not track Healthyroads.com users across third party websites, nor does it allow third parties to collect personally identifiable information on Healthyroads.com.
CALIFORNIA RESIDENTS: YOUR CALIFORNIA PRIVACY RIGHTS
Under California Civil Code Section 1798.83 (known as the “shine the light” law), California residents have a right to request an information-sharing disclosure from a business to which they have provided personal information and which has disclosed the information to any third party for third-party direct marketing uses in the prior calendar year.
We do not knowingly share your personal information with third parties for their direct marketing use without your permission. California residents may send requests for information-sharing disclosure under this law by emailing HIPAA@ashn.com . Please note that under this law, we are not required to respond to your request more than once in a calendar year, nor are we required to respond to any requests that are not sent to the above-designated email address.
What kind of personal information may Healthyroads.com collect, and how is it collected?
- When you register on Healthyroads.com, we collect your name, date of birth, address, e-mail address, and home phone number.
- If you use the Personal Health Assessment feature of Healthyroads.com, we collect your responses to the health assessment questionnaire.
- If you participate in Biometric Screening , we receive your biometric screening results from the participating screening vendor to populate your personal health scorecard on Healthyroads.com.
- If you use the Challenges feature of Healthyroads.com, we collect the date you join the challenge; your current weight and goal weight (within weight challenges); device activity (if you decide to join an activity tracking challenge that utilizes your activity or fitness tracking device); and healthy eating and healthy habit entries. If you participate in a group Challenge, we will also collect your name; date accepted, invited, or declined; and rank within the challenge. If you use the Challenge Chatter feature within Challenges, we may collect social comments between participants, first name, last name and initials.
- If you use the Accountabilities feature of Healthyroads.com, we collect the date you send an accountability invitation; the subject and recipient of the invitation; and your message content.
- If you use the Healthyroads Connected! ® feature of Healthyroads.com, you allow us to receive your activity information, such as steps taken in a day, height, weight, and calories, from your activity or fitness tracking device (e.g., Fitbit®, Jawbone®, Garmin®, etc.). When you use the Healthyroads Connected! feature, your activity information will be transmitted from your device by your device manufacturer, to Validic (a third-party data aggregator that we use). After receiving the information from Validic, we will upload the information into your member profile/account on Healthyroads.com. By using the Healthyroads Connected! feature, you also allow us to receive profile information from your device, if applicable, or from your own input, including gender, birth year, height, weight, and time zone.
- If you use the Heathyroads CheckIn! ® mobile app feature of Healthyroads.com (which allows members to electronically log their fitness center visits), we will receive the location information of the fitness center you visit and your check-in and check-out times at such facility. NOTE: In order to use the Healthyroads CheckIn! mobile app, you must enable and allow GPS location tracking on your activity or fitness tracking device, and if you do not wish for your device location to be tracked, please do not use the Healthyroads CheckIn! mobile app because, without the location information, the app will not be able to log your fitness center visits. To learn more about what data we collect through or within the Healthyroads CheckIn! mobile app and how we use the data, please view the Healthyroads CheckIn! mobile app Privacy Statement within the app, or you may request a hard copy through one of the contact methods listed in the “How to Contact Healthyroads.com for Questions” section below.
- If you enroll in a fitness center through Healthyroads.com, we may receive your fitness center location and date of visit information directly from the fitness center if the fitness center is in our network and, by enrolling in such a fitness center for the purpose of participating in the Healthyroads program, you acknowledge and agree that the fitness center may provide your visit information to us on your behalf. Alternatively, depending on availability within your program, you can submit to us your fitness center visit information directly, either through the Healthyroads CheckIn! mobile app or by sending to us via email, fax or postal mail your visit logbook signed by the fitness center or in a printout form provided by the fitness center.
- If you use the Contact Us page of Healthyroads.com to submit a comment, inquiry or request to us, we collect your name, phone number, e-mail address, user type, fitness center location, and your comment or inquiry message.
- Additionally, we may collect demographic information from Healthyroads.com members, such as age, gender, and areas of interest, as well as users’ IP addresses (which are numerical numbers that are automatically assigned to users’ computers and mobile devices when they are surfing the Internet) and information obtained by tracking the "clickstreams" from usage of Healthyroads.com (page requests, pages visited, content viewed, clicks, search queries made, etc.).
How does ASH Management use information collected on Healthyroads.com?
We use information collected on Healthyroads.com to enable users to access and use the Healthyroads program tools and features provided on Healthyroads.com. For example:
- If you register on Healthyroads.com, we will use your registration information to set up, administer, service, and communicate with you regarding your account. Registration on Healthyroads.com is required for users to gain access to special tools and features of the Healthyroads program, such as Personal Health Assessment , Scorecard, Challenges , Accountabilities, and Connected!
- If you use the Personal Health Assessment feature of Healthyroads.com, we will use your responses to calculate your health stratification and populate your personal health scorecard with actions and recommendations driven by your responses to the health assessment and, if part of your program, your biometric results.
- If you participate in Biometric Screening , your biometric screening results will be used to populate your personal health scorecard and recommend program features, such as coaching if available under your plan.
- If you use the Challenges feature of Healthyroads.com, we will use your information to track your participation and progress in a challenge and determine if you have met the challenge or won the challenge. If you participate in a group Challenge, we will also incorporate your name and rank within the challenge on the challenge leaderboard.
- If you use the Accountabilities feature of Healthyroads.com, we will use your information to communicate with your designated accountability partner and enable such partner to utilize the communication tools of the Accountabilities feature, such as providing daily cheers to encourage you to stay on track and posting encouraging messages via the Challenge Chatter feature.
- If you use the Healthyroads Connected! feature of Healthyroads.com, we will record your fitness center visit and exercise, and your other independent activity information over time, and will use such recorded information to verify and determine whether you are eligible for applicable incentives or rewards under the Healthyroads program (and/or under another member rewards program applicable to you). ASH Management may also disclose your Healthyroads Connected! activity information, such as steps taken over time, to your health plan or plan sponsor to assist in the administration of your benefit and/or for incentives, rewards and reimbursement fulfillment purposes only. If you enter your gender, birth year, weight, and height into your Healthyroads Connected! profile, we may use this information to calculate and display your calorie metrics based on activity reported through your Healthyroads Connected! -enabled device.
- If you use the Healthyroads CheckIn! mobile app feature of Healthyroads.com, we will record the location information of each fitness center you visit and your check-in and check-out times at each such fitness center over time and will use such recorded information to verify and determine whether you are eligible for applicable incentives and/or rewards under your program (and/or under another member rewards program applicable to you).
- If you enroll in a fitness center through Healthyroads.com, we will use your information to process your enrollment and will use your fitness center location and date of visit information (whether submitted to us directly by you or provided to us on your behalf by the fitness center) to verify and determine whether you are eligible for applicable rewards under your program (and/or under another member rewards program applicable to you).
- If you use the Contact Us page of Healthyroads.com, we will use your information to process and respond to your comment, inquiry, or request (as the case may be).
- We use user demographic information, IP addresses and clickstream data collected on Healthyroads.com for internal purposes, such as improving Healthyroads.com and associated tools and features; measuring and analyzing Healthyroads.com user interests, traffic, and usage patterns; etc.
Under what circumstances does Healthyroads.com share user information collected with third parties?
We may provide your information to your employer, health plan, or other entities that have contracted with your employer or health plan to provide you with health-related services on behalf of your employer and/or your health plan, or to help administer your benefits. In certain limited situations, we may be required to provide your personal information to your employer, health plan, or in some cases your designated fitness center, in order to confirm your eligibility, conduct billing, and perform other operational tasks required to administer your benefits. In these situations, we require that the recipient have internal controls in place to ensure that personal information is only disclosed to those who perform the benefit administration process described above.
We may also share your information with third parties in the following circumstances:
- as reasonably necessary to enable third-party service providers to provide services and support for the operation and maintenance of Healthyroads.com and associated tools and features;
- as reasonably necessary to comply with law or legal process (including a court or government order or subpoena);
- as reasonably necessary to detect, prevent, or otherwise address fraud, security or technical issues;
- as reasonably necessary to enforce this Privacy Statement and/or the Terms & Conditions for Healthyroads.com;
- as reasonably necessary to protect the rights, property or safety of ASH and ASH Management, our members and users, and/or the public.
In addition, we may share with select third parties (including, without limitation, our members’ employers and health plans) aggregate statistics regarding Healthyroads.com members, such as member demographics, interests, traffic, and usage patterns. The information so shared will not include personal health information or other personally identifiable information of Healthyroads.com members.
If I participate in an employer-sponsored wellness program, does ASH Management share my information with my employer?
As noted above, ASH Management will only share your information with your employer or plan sponsor for billing purposes and/or to help process your wellness incentives. We will not share with your employer individually identifiable Protected Health Information, unless you provide your explicit consent to do so, or as otherwise noted in this Privacy Statement. We may also share your information with other third-party health or wellness vendors that contract directly with your employer or plan sponsor to manage your benefits, as noted above. If we share your information with such a contracted third party vendor, we will only share the minimum necessary information in order to manage your benefits and the vendor to whom we disclose your information will be bound by similar privacy obligations as ASH Management. If you have any questions on how your information may be used or disclosed in the coordination and management of your benefits, you should consult your group health plan’s Notice of Privacy Practices, if applicable to your plan sponsor, or your plan sponsor’s benefit administrator.
ASH Management will not share the following information with your employer, though your employer may direct us to send this information to other administrators of your employee benefits with whom your employer has contracted for fulfillment, analysis, or other operational purposes, but only as permitted by law:
- Your actual responses to the Personal Health Assessment.
- The details of your coaching sessions or interactions with a Healthyroads Coach ®.
- Your specific biometric scores or reported results from wellness/biometric screenings.
ASH Management may share the following information with your employer:
- The number of coaching sessions you have completed may be reported as need to qualify you for a related incentive.
- The incentive point value associated with participating in the wellness/biometric screening.
- Other participation-based (not outcomes or results based) information related to your wellness program.
- Aggregate (group level, not individually identifiable) statistical information on how your group’s overall health and wellness metrics perform in relation to other Healthyroads enrollees. This is known as aggregate “benchmarking” data and is used only to help your employer understand the overall value of the program.
Can users opt out of collection of personal information on Healthyroads.com?
No. The functionality of Healthyroads.com and associated tools and features requires that we collect and receive certain personal information from and about participants in the Healthyroads program. Accordingly, if you do not wish to have your personal information collected or received by us, you should not use Healthyroads.com or participate in the Healthyroads program.
Can users access, update, and delete their information collected on Healthyroads.com?
If you have an active account on Healthyroads.com, you can log into your account to view your account/profile information. Members may update their account/profile information by submitting a written request to Healthyroads.com using the “Member Request to Amend Protected Health Information” form, which is available upon request through the contact information at the end of this Privacy Statement. Failure to fully complete all sections of the form may result in the form being returned to you. Response to the request for amendment will be issued within 30 days of receipt of the completed form. However, we may obtain one 30-day extension by sending the member a written notice stating the reason for the delay and the expected date of the response. We may deny the member’s amendment request under the following circumstances:
- We cannot verify and confirm the identity of the member making the request.
- The request for amendment was made verbally.
- The request does not state a reason for the amendment.
- We cannot change member information provided to us by or on behalf of a health plan or a plan sponsor.
NOTE: Except as expressly otherwise stated in this Privacy Statement, and except where applicable law provides otherwise, member information (including personal health information and other personally identifiable information) collected on Healthyroads.com can not be deleted or removed from our database and will be retained for a minimum of 10 years in accordance with our record retention policy. User accounts, however, may be disabled upon written request, using the contact information provided at the end of this Privacy Statement.
How can users opt out of receiving certain communications from Healthyroads.com?
If you have provided your email address, postal address, and/or telephone number to us, you may opt out of receiving marketing/promotional communications from us by using the contact information provided at the end of this Privacy Statement. To stop receiving marketing/promotional communications via email, you can also use the “unsubscribe” link contained in a marketing/promotional email you have previously received from us. Please note that email unsubscribe requests may take up to 30 days to process once received.
For users who have requested to be removed from our email, postal mail, and/or telephone contact lists, once their requests are processed, we will maintain an internal do-not-contact list to ensure that the request is honored.
Your opt-out regarding our marketing/promotional communications will
stop our communications of a transactional or member relation nature or as required by law (e.g., communications regarding your Healthyroads.com account or your participation in the Healthyroads program; communications in response to a request or inquiry you have made with us; notices regarding material changes to Healthyroads.com or our information practices; notices regarding an actual or suspected security breach that affects your information stored by or for us; etc.).
How does ASH Management protect the privacy of minors?
We are concerned about the safety of children when they use the internet. Healthyroads.com is not intended for use by persons under the age of majority (e.g., under the age of 18 in California).
If we become aware that a user is under the age of 18 and has provided personal information to us without prior parental consent, we will remove all information provided by such underage user from our database.
For more information on how to manage cookies, visit http://www.aboutcookies.org/ .
To manage Adobe Local Shared Objects (also known as LSOs or Flash cookies), visit
We may also use “web beacons” (also known as “clear GIFs,” “pixel tags,” etc.) – which are small bits of code embedded in web pages or in emails – to deliver or communicate with cookies, count users who have visited a web page, and understand usage patterns. We may include web beacons in emails to help us recognize activities such as when an email was opened, how many times an email was forwarded, which links in the email were clicked on, etc. Web beacons cannot be declined when delivered via a regular web page. However, web beacons can be refused when delivered via email. If you do not wish to receive web beacons via email, you will need to disable HTML images or refuse HTML (select Text only) emails via your email software.
How does ASH Management safeguard user information?
In order to maintain the confidentiality of and safeguard the security of personal information of Healthyroads.com members, we enforce strict company-wide policies regarding member information privacy, security, and confidentiality.
We have an organizational commitment to protecting member information privacy and security. All employees who work for Healthyroads.com are made aware of security policies and practices through employee orientation and annual refresher training. Personal information of Healthyroads.com members is stored in an isolated database with tightly restricted access. Employees authorized to view this information are authenticated prior to gaining such access. We review web security on an ongoing basis. In addition to daily security administration and response activities, Healthyroads.com undergoes an overall security review on an annual basis.
Healthyroads.com uses Transport Layer Security (TLS) technology to protect the security of members’ personal information. You will see an unbroken key or a closed lock (depending on the browser used) in the upper part of the browser window when TLS is active and the server is secure. The URL line of the browser will also contain "https" instead of "http". When you register on Healthyroads.com, your account/profile information will be transmitted to us in encrypted form and your registration will be assigned a unique User ID to which only our authorized employees will have access.
What is Healthyroads.com’s advertising policy?
We do not allow third-party advertising on Healthyroads.com.
What is Healthyroads.com’s policy regarding links to other websites and services?
How can I contact Healthyroads.com for questions?
Questions may be submitted online using Healthyroads.com’s Contact Us page. Healthyroads.com is available through American Specialty Health Management, Inc., which is a subsidiary of American Specialty Health Incorporated (ASH), a privately held corporation. All Healthyroads.com site operations are conducted and maintained by staff affiliated with ASH. ASH is a Delaware corporation domiciled in California, with the corporate office located at 10221 Wateridge Circle, San Diego, CA 92121.
U.S. Mail: Healthyroads Customer Service
P.O. Box 509040
San Diego, CA 92150-9040
Changes to Privacy Statement
We reserve the right to make changes to this Privacy Statement at any time by posting the new policy on Healthyroads.com. Except where otherwise stated by applicable law, changes to this Privacy Statement will become effective when the new policy is posted on Healthyroads.com, and such posting will constitute our notice to you regarding the changes, and by continuing to use Healthyroads.com following such posting, you accept and agree to be bound by the new policy.
If we make changes to this Privacy Statement that will materially change the way we collect or use personal information of Healthyroads.com members, we will obtain member consent to such changes where required by applicable law, and the changes will apply to members on a prospective basis only (unless otherwise agreed in writing by members).
We encourage you to check the website regularly to see if we have made any modifications to this Privacy Statement.