Consumer Health Data Privacy Notice

Last Updated: March 2024

This notice supplements our Privacy Notice and applies to the category of personal data defined as “consumer health data” subject to the Washington State My Health My Data Act (MHMDA). If you are a Washington resident or if your consumer health data has been collected in Washington, please review this notice.

1. Consumer Health Data We Collect

Our collection, use, disclosure, and processing of consumer health data about individuals will vary depending upon the circumstances. This notice is intended to describe our overall privacy and data protection practices concerning consumer health data. Because consumer health data is defined very broadly, to include personal information that is linked or reasonably linkable to a consumer and that identifies the consumer's past, present, or future physical or mental health status, many of the categories of personal data we collect could also be considered consumer health data. Examples of consumer health data we collect may include:

  • Health conditions, diseases, treatments, or diagnoses
  • Use or purchase of prescribed medication, and/or
  • Data that identifies a consumer seeking health care services

2. Sources of Consumer Health Data

As described further in the Personal Information Collected section of our Privacy Notice, we collect personal data (which may include consumer health data) directly from you, the consumer.

3. Our Collection and Use of Consumer Health Data

We collect and may use consumer health data for the following purposes:

  • Providing support and services: including to provide our Services, operate our Websites, applications and online services; to communicate with you about your access to and use of our Services; to respond to your inquiries; to provide troubleshooting, fulfill your orders and requests, process your payments and provide technical support; and for other customer service and support purposes.
  • Securing and protecting our business: including to protect and secure our business operations, assets, Services, network and information and technology resources; to investigate, prevent, detect and take action regarding fraud, unauthorized access, situations involving potential threats to the rights or safety of any person or third party, or other unauthorized activities or misconduct.
  • Defending our legal rights: including to manage and respond to actual and potential legal disputes and claims, and to otherwise establish, defend or protect our rights or interests, including in the context of anticipated or actual litigation with third parties.
  • Auditing, reporting, corporate governance, and internal operations: including relating to financial, tax and accounting audits; audits and assessments of our operations, privacy, security and financial controls, risk, and compliance with legal obligations; our general business, accounting, record keeping and legal functions; and related to any actual or contemplated merger, acquisition, asset sale or transfer, financing, bankruptcy or restructuring of all or part of our business.
  • Complying with legal obligations: including to comply with the law, our legal obligations and legal process, such warrants, subpoenas, court orders, and regulatory or law enforcement requests.

4. Our Sharing of Consumer Health Data

We may share the following categories of consumer health data:

  • Health conditions, diseases, treatments, or diagnoses
  • Use or purchase of prescribed medication
  • Data that identifies a consumer seeking health care services

As necessary for the purposes described above, we share consumer health data with the following categories of third parties:

  • With the consumer
  • With our clients, i.e., insurance carriers so that they can provide coverage options based on the information you provide
  • With data analytics providers
  • With service providers that help us provide our services and operate our business
    Law enforcement, regulators, and others when disclosure of such information is required or to protect our legal interests

In addition, as necessary for the purposes described above, we share consumer health data with our affiliates TZ Insurance Solutions LLC, TruBridge, Inc., Anhelo Insurance Solutions LLC, and VTH Solutions LLC d/b/a/ Cignium Technologies.

5. How to Exercise Your Rights

MHMDA provides certain rights with respect to consumer health data, including rights to access, delete, or withdraw consent relating to such data, subject to certain exceptions. You can request to exercise these rights by submitting a request through this link or emailing us at privacy@tranzact.net.

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by clicking link or emailing our privacy support team at privacy@tranzact.net with the subject line “MHMDA Appeal.” If your appeal is unsuccessful, you can raise a concern or lodge a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.