Privacy Policies

Know That Your Privacy is Protected.

Digital Services Privacy Policy

This Digital Services Privacy Policy (“Privacy Policy” or “Policy”) describes our policies and procedures on the collection, use and disclosure of your information when you use our website (the “Service”) and tells you about your privacy rights and how the law protects you.

We use your personal data to provide and improve the Service. By using the Service, you agree to the collection and use of information in accordance with this Policy.

We value your relationship with us and take the responsibility to protect your privacy and personal information seriously. This Policy describes how we use your personal information, under what circumstances we may share it and with whom, and your corresponding rights and choices.

MetroPlusHealth recognizes that it is critical for members, website visitors, and other individuals to be confident that their privacy is protected when they engage MetroPlusHealth through its website.

This Policy describes MetroPlusHealth’s privacy practices regarding information collected from users of the Service, including what information is collected and how that information is used. Because this Policy only applies to MetroPlusHealth, you should examine the privacy policy of any other third-party website that you access while using this website. For general information about how MetroPlusHealth handles our members’ information please click Insurance Law Annual Privacy Notice and HIPAA Notice of Health Information Privacy Practices to view the annual MetroPlusHealth privacy notices.

Please note that your health and medical information and other personal information (collectively “protected health information”), collected for purposes of providing healthcare or managing your health insurance are regulated separately by the federal Health Insurance Portability and Accountability Act (HIPAA) and similar federal and state laws including the privacy and security protections of those laws. Accordingly, this Policy does not pertain to protected health information. Any discussion of protected health information in this Policy is incidental and provided merely to enhance your understanding of our data collection and use practices and does not waive or override our obligations under other laws.

1. Interpretation and Definitions


Interpretation

The words of which the initial letter is capitalized have meanings defined under the following conditions. The following definitions shall have the same meaning regardless of whether they appear in singular or in plural.

Definitions

For the purposes of this Policy:
Cookies are small files that are placed on your computer, mobile device or any other device by a website, containing the details of your browsing history on that website among its many uses.

Device means any device that can access the Service such as a computer, a cellphone or a digital tablet.

Personal Data is any information that relates to an identified or identifiable individual. Personal Data may also include for the purposes of MetroPlusHealth services, Protected Information (PI) and Protected Health Information (PHI) which are described below and implicate additional privacy and data security safeguards where required.

Protected Information: Individually identifiable information:

  • About a prospective, current or former member, regardless of the source, content or form of the information; or
  • That includes PI about any person such as:
    • Credit card number,
    • Account number, and
    • Social security number.

Protected Health Information: Individually identifiable information, including demographic information collected from an individual and excluding information contained in employment records maintained by MetroPlusHealth as employer, that:

  • Is created or received by MetroPlusHealth, and
  • Relates to the individual’s past, present, or future physical or mental health or condition; the provision of health care to the individual; or the past, present, or future payment for the provision of health care to the individual.

Service refers to the Website.

Service Provider means any natural or legal person who processes data on behalf of MetroPlusHealth. It refers to third-party companies or individuals employed by MetroPlusHealth to facilitate the Service, to provide the Service on behalf of MetroPlusHealth, to perform services related to the Service or to assist MetroPlusHealth in analyzing how the Service is used.

Non-Personal Information: This includes aggregated, de-identified, or anonymized data that does not identify you personally.

Usage Data refers to data collected automatically, either generated by the use of the Service or from the Service infrastructure itself (for example, the duration of a page visit).

Website refers to MetroPlus Health, accessible from https://www.metroplus.org/

2. Collecting and Using Your Personal Data


Types of Data Collected

Personal Data
While using the Service, we may ask you to provide us with certain personally identifiable information that can be used to contact or identify you. Personally identifiable information may include, but is not limited to:

Email address
First name and last name
Phone number
Address, City, State, Province, ZIP/Postal code,
Usage Data

Usage Data
Usage Data is collected automatically when using the Service. Usage Data may include, but is not limited to, information such as your Device’s Internet Protocol address (e.g., IP address), type of device used, your operating system, browser type, browser version, the pages of our Service that you visit, the time and date of your visit, the time spent on those pages, unique device identifiers and other diagnostic data.

We may also collect information that your browser sends whenever you visit our Service or when you access the Service by or through any device.

Tracking Technologies and Cookies
We use Cookies and similar tracking technologies to track the activity on our Service and store certain information. Tracking technologies used are beacons, tags, and scripts to collect and track information and to improve and analyze the Service. The technologies we use may include, but not be limited to:

Cookies or Browser Cookies. You can instruct your browser to refuse all Cookies or to indicate when a Cookie is being sent. However, if you do not accept Cookies, you may not be able to use some parts of our Service. Unless you have adjusted your browser setting so that it will refuse Cookies, our Service may use Cookies. Cookies can be “Persistent” or “Session” Cookies. Persistent Cookies remain on your personal device when you go offline, while Session Cookies are deleted as soon as you close your web browser.

We use Cookies for the purposes set out below:

Necessary / Essential Cookies
Purpose: These Cookies are essential to provide you with services available through the website and to enable you to use some of its features. They help to authenticate users and prevent fraudulent use of user accounts. We only use these Cookies to provide you with the Service.

Cookies Policy / Notice Acceptance Cookies
Purpose: These Cookies identify if users have accepted the use of cookies on the Website.

Functionality Cookies
Purpose: These Cookies allow us to remember choices you make when using the Service, such as remembering your login details or language preference. The purpose of these Cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you use the website.

Tracking and Performance Cookies
Administered by: Third-Parties
Purpose: These Cookies are used to track information about traffic to the website and how users use the website. The information gathered via these Cookies may directly or indirectly identify you as an individual visitor. This is because the information collected is typically linked to a pseudonymous identifier associated with the device you use to access the website. We may also use these Cookies to test new pages, features or new functionality of the website to see how our users react to them.

Other Tracking Technologies
Web Beacons. Certain sections of the Service and our emails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit MetroPlusHealth, for example, to count users who have visited those pages or opened an email and for other related website statistics (for example, recording the popularity of a certain section and verifying system and server integrity).

Tags. A tag is an attribute that is associated with a group of content. It is used to describe the content it represents as in the case of a hashtag or search engine optimization tags that provide an overview of what an image or text is about. Tags make it easier for web users to locate curated content and view the topics on a page at a glance. By breaking down your content into categories and using different tags, people are able to focus on a specific group of content that is most relevant to their search.

Scripts. A tracking script is a piece of code that is used to monitor the flow of visitors that arrive at a website. The script is made of a string of numbers and letters that make up the code, which is then embedded on the website that an individual or company wants to analyze.

Personal Information from Third-Party Sources

Collection of your personal information may involve using third-party cookies on our Service to help us analyze your use of our Service and diagnose technical issues. In addition, we may share this tracking information with third parties for the limited purpose of providing you with tailored digital advertisements. To learn more about our use of cookies and how you can opt-out of analytics tracking by third parties, please review this policy in its entirety.

We may also collect personal information about you from third-party sources, including our business associates and other vendors, as well as our clients and business partners.

This collection may include the following types of personal information:

  • Contact information, such as address and phone number; and
  • Demographics, interests, and preferences.

Third parties may collect this personal information and provide it to us pursuant to their privacy policies and other contractual and legal obligations as applicable. We may combine the personal information you provide with information we obtain from these sources, including online and offline data providers.

You may control the information that we receive from a third-party by updating your privacy settings or preferences with that third-party directly or by adjusting your browser settings to prevent cookies from being sent.

Combination of Data
We may combine personal information collected from you via the Service with other information we obtain from our business records or third-party sources in order to provide you with a customized experience and improve and maintain our Sites and Services for our membership. Additionally, to more seamlessly sync your experience across our Service, personal information collected about you from a particular browser or device may be linked to personal information collected from another computer or device that we believe relates to you.

Use of Your Personal Data
MetroPlusHealth will not sell any data obtained through the use of our Service. We may use Personal Data for the following purposes:

    • To provide and maintain our Service, including to monitor the usage of our Service.
    • To contact you: With your consent, we may To contact you by email, telephone calls, or SMS, or other equivalent forms of electronic communication, such as a mobile application’s push notifications regarding updates or informative communications related to the functionalities, products or contracted services, including the security updates, when necessary or reasonable for their implementation.
    • To provide you with news, special offers and general information about other goods, services, and events which we offer that are similar to those that you have already purchased or enquired about unless you have opted not to receive such information.
    • To manage your requests: To attend and manage your requests to MetroPlusHealth.
    • To deliver targeted advertising to You: We may use your information to develop and display content and advertising related to MetroPlusHealth Plan products (and work with third-party vendors who do so) tailored to your interests and/or location and to measure its effectiveness.
    • For other purposes: We may use your information for other purposes, such as data analysis, identifying usage trends, determining the effectiveness of our promotional campaigns and to evaluate and improve our Service, products, services, marketing and your experience.
    • With Affiliates: We may share your information with our affiliates, who are required to honor this Policy. Affiliates include our parent company, New York City Health + Hospitals Corporation and any other subsidiaries, joint venture partners or other companies that We control or that are under common control with us.
    • With business partners: We may share your information with our business partners to offer You certain products, services or promotions.
    • With your consent:

We may disclose your personal information for any other purpose with your consent.

Please note, sharing excludes text messaging originator opt-in data and
consent;
this information will not be shared with any third parties.

Retention of Your Personal Data
MetroPlusHealth will retain your Personal Data only for as long as is necessary for the purposes set out in this Policy. We will retain and use your Personal Data to the extent necessary to comply with our legal obligations (for example, if we are required to retain your data to comply with applicable laws), resolve disputes, and enforce our legal agreements and policies.

MetroPlusHealth will also retain Usage Data for internal analysis purposes.

Transfer of Your Personal Data
Your information, including Personal Data, is processed at MetroPlusHealth’s operating offices and in any other places where the parties involved in the processing are located. It means that this information may be transferred to — and maintained on — computers located outside of your state, province, country or other governmental jurisdiction where the data protection laws may differ than those from Your jurisdiction.

Your consent to this Policy followed by your submission of such information represents your agreement to that transfer.

MetroPlusHealth will take all steps reasonably necessary to ensure that your data is treated securely and in accordance with this Policy and that no transfer of your Personal Data will take place to an organization or a country unless there are adequate controls in place including the security of your data and other personal information.

3. Disclosure of Your Personal Data


Business Transactions
If MetroPlusHealth is involved in a merger, acquisition or asset sale, Your Personal Data may be transferred. We will provide notice before your Personal Data is transferred and becomes subject to a different privacy policy.

Law enforcement
Under certain circumstances, MetroPlusHealth may be required to disclose your Personal Data if required to do so by law or in response to valid requests by public authorities (e.g., a court or a government agency).

Other legal requirements
MetroPlus Health may disclose your Personal Data in the good faith belief that such action is necessary to:

  • Comply with a legal obligation
  • Protect and defend the rights or property of MetroPlusHealth
  • Prevent or investigate possible wrongdoing in connection with the Service
  • Protect the personal safety of Users of the Service or the public
  • Protect against legal liability

Detailed Information on the Processing of Your Personal Data
The Service Providers we use may have access to your Personal Data. These third-party vendors collect, store, use, process and transfer information about your activity on our Service in accordance with their privacy policies.

Analytics
We may use third-party service providers to monitor and analyze the use of our Service. Activities that we monitor may include but are not limited to:

  • Mouse movements,
  • Scrolling,
  • Link clicks,
  • Downloads,
  • Typing,
  • Form submissions, and
  • Video plays.

Behavioral Remarketing
MetroPlusHealth uses remarketing services to advertise to you after you accessed or visited our Service. We and our third-party vendors use cookies and non-cookie technologies to help us recognize your Device and understand how you use our service so that we can improve our Service to reflect your interests and serve you advertisements about our products that are likely to be of more interest to you.

These third-party vendors collect, store, use, process and transfer information about Your activity on Our Service in accordance with their privacy policies and to enable Us to:

  • Measure and analyze traffic and browsing activity on our Service
  • Show advertisements for our products and/or services to You on third-party websites or apps
  • Measure and analyze the performance of Our advertising campaigns

Some of these third-party vendors may use non-cookie technologies that may not be impacted by browser settings that block cookies. Your browser may not permit You to block such technologies. You can use the following third-party tools to decline the collection and use of information for the purpose of serving you interest-based advertising:

  • The NAI’s opt-out platform: http://www.networkadvertising.org/choices/
  • The EDAA’s opt-out platform http://www.youronlinechoices.com/
  • The DAA’s opt-out platform: http://optout.aboutads.info/?c=2&lang=EN

You may opt-out of all personalized advertising by enabling privacy features on Your mobile device such as Limit Ad Tracking (iOS) and Opt Out of Ads Personalization (Android). See Your mobile device Help system for more information.

We may share information, such as hashed email addresses (if available) or other online identifiers collected on our Service with these third-party vendors. This allows third-party vendors to recognize and deliver you ads across devices and browsers.

For your convenience, we may provide links to other websites or applications, including but not limited to Twitter and Facebook. We do not control third-party websites or applications, and thus, are not responsible for their privacy practices. Your use of third-party services will be subject to the terms of use and privacy policies and practices of the third party.

4. Electronic Marketing Communications


We may use Marketing Service Providers to email or text you newsletters, marketing or promotional materials. You may opt-out of receiving any, or all, of these communications from us by following the unsubscribe instructions that appear in our email or text communications. You may also email your opt-out request to [email protected]. We will endeavor to comply with these requests as soon as reasonably practicable. Please be advised that you may not be able to opt-out of receiving certain service or transactional email messages from us that are required to provide you with our Service.

5. Children’s Privacy


Our Service does not target and is not intended to attract children under the age of 13. We do not knowingly solicit and/or collect personally identifiable information from anyone under the age of 13. If You are a parent or guardian and You are aware that Your child has provided Us with Personal Data, please contact us. If We become aware that We have collected Personal Data from anyone under the age of 13 without verification of parental consent, We will take steps to remove that information from Our servers.

If We need to rely on consent as a legal basis for processing Your information and Your country requires consent from a parent, We may require Your parent’s consent before We collect and use that information.

6. Third Party Application – Interoperability


MetroPlusHealth is providing a secure electronic method via a patient access application programming interface (API) to members under the Interoperability Rule. The API establishes an online connection between MetroPlusHealth, and any application authorized by you, our member. MetroPlusHealth ensures that your information containing PHI is not only accessible but protected and secure under HIPAA when it is transmitted to the application of your choice. However, once this information is transmitted, it may not receive the same level of protection covered entities, like MetroPlusHealth, are required to maintain.

It is important for members to take an active role in protecting their health information. To help assist in the selection of an application of your choice, we have created this guide to provide you with some helpful tips and address potential questions.

7. Disclosure of Information Collected through This Website


The collection of information through the Services and the disclosure of that information are subject to the provisions of the Internet Security and Privacy Act. MetroPlusHealth will only collect personal information through this website or disclose personal information collected through the Services if the user has consented to the collection or disclosure of such personal information. Participation in an online transaction resulting in the disclosure of personal information to MetroPlus Health by the user, whether solicited or unsolicited, constitutes consent to the collection and disclosure of the information by MetroPlus Health for the purposes reasonably ascertainable from the nature and terms of the transaction.

However, MetroPlus Health may collect or disclose personal information without user consent if the collection or disclosure is: (1) necessary to perform the statutory duties of MetroPlus Health, or necessary for MetroPlus Health to operate a program authorized by law, or authorized by state or federal statute or regulation; (2) made pursuant to a court order or by law; (3) for the purpose of validating the identity of the user; or (4) of information to be used solely for statistical purposes that is in a form that cannot be used to identify any particular person.

MetroPlusHealth also may disclose personal information to federal or state law enforcement authorities to enforce MetroPlus Health’s rights against unauthorized access or attempted unauthorized access to MetroPlus Health’s information technology assets or against other inappropriate use of this website.

8. Security of Your Personal Data


MetroPlusHealth is committed to protecting personal information collected through the Services against unauthorized access, use or disclosure.

For website security purposes and to maintain the availability of the website for all users, MetroPlusHealth applies controls to monitor and identify unauthorized attempts to upload or change information or otherwise damage this website. We know that security is a concern for our customers and we are committed to employing reasonable technical, physical and administrative safeguards to protect the security of our site. However, even with the best technology, no website is 100% secure. We conduct platform reviews and take measures that we believe are reasonable and appropriate to protect your information from unauthorized access or disclosure and accidental loss, alteration or destruction.

9. Disclaimer


The information provided in this privacy policy should not be construed as giving medical, business, legal, or other advice, or warranting as fail proof, the security of information provided through this website.

10. Links to Other Websites

Our Service may contain links to other websites that are not operated by us. If you click on a third-party link, you will be directed to that third party’s site. We strongly advise you to review the privacy policy of every site you visit.

We have no control over and assume no responsibility for the content, privacy policies or practices of any third-party sites or services.

11. Breach Notification


In the event of a breach of your unsecured PHI, we will notify you as required by law. Notifications will include a description of the breach, the types of information involved, steps you can take to protect yourself, and what we are doing to mitigate the breach.

12. Changes to this Privacy Policy


MetroPlusHealth will amend this Privacy Policy from time to time. We encourage you to review this Privacy Policy periodically. We will post any Privacy Policy changes on this page and update the “Last updated” date at the top of this Privacy Policy.

13. Contact Us

If you have any questions about this Privacy Policy, You can contact us:

By email: [email protected]
By visiting this page on our website: https://www.metroplus.org/forms/Contact-Us
By phone number: 1.212.908.8600
By mail: MetroPlus Health Plan Privacy Officer 50 Water Street, 7th Floor New York, NY 10004

14. Complaints


If you believe your privacy rights have been violated, you may have the right to file a complaint with us or with the U.S. Department of Health and Human Services (HHS). Complaints must be submitted in writing. We will not retaliate against you for filing a complaint.

15. Acknowledgement


By using MetroPlus.org, you acknowledge that you have read and understand this Privacy Policy and agree to its terms.

Note: This Privacy Policy is intended to comply with the Health Insurance Portability and Accountability Act (HIPAA) and other applicable laws. However, it should be reviewed by legal counsel to ensure full compliance with all relevant regulations and to tailor the policy to the specific practices and procedures of MetroPlus.org.

last updated: November 20, 2024

Ready to Join Us?

Talk to us about questions or concerns

Monday–Saturday | 8 a.m.–8 p.m. (ET)
Sunday | 9 a.m.–5 p.m. (ET)

Already A Member?

Talk to us about any questions or concerns

Monday–Saturday | 8 a.m.–6 p.m. (ET)
Sunday | 9 a.m.–5 p.m. (ET)