Website Privacy Statement

Introduction

Kaiser Permanente provides a website (“Website” or “Site”):

  • "kaiserpermanente.org," or “healthy.kaiserpermanente.org,” or "kp.org" (the Website)

The Site allows our users to access policies, forms, and additional information to support KP member care.

This Privacy Statement applies to the Site, which is owned and operated by Kaiser Foundation Health Plan, Inc. (“Kaiser Permanente”, “KP”). This Privacy Statement describes how Kaiser Permanente collects and uses the personal information you provide on, and other information that is collected from your use of the Site. It also describes the choices available to you regarding our use of your personal information and how you can access and update this information.

Personal information means information that is individually identifiable. Information that has been de-identified by Kaiser Permanente or others is no longer personal information and is not covered by the terms of this Privacy Statement.

All of your protected health information maintained by Kaiser Permanente, including information you provide on the Site, is also subject to the Notices of Privacy Practices issued by KP under the Health Insurance Portability and Accountability Act (“HIPAA”).

The Notices of Privacy Practices may contain additional provisions relating to the use and disclosure of your information that go beyond the terms of this Privacy Statement.

Kaiser Permanente is committed to protecting the privacy of the users of the Site. We will use and disclose your personal information as stated in this Privacy Statement.
 

Site Privacy Statement

Use and disclosure of health information includes using the information to provide treatment to the individual, to make payments for such treatment, and to conduct ongoing quality improvement activities. Our use and disclosure of an individual's personal information (including health information) is limited as required by state and federal law. We do not sell or rent personal information about visitors to the Site.

Security

The Site has security measures in place that are intended to help protect against the loss, misuse, unauthorized access, or alteration of information under our control both during transmission and once the information is received. These measures include encryption of data using the Secure Socket Layer (SSL) system, and using a secured messaging service when we send your personal information electronically to the Site. Despite these measures, the confidentiality of any communication or material transmitted to or from us via the Site by Internet, text message or email cannot be guaranteed. At your discretion, you may contact us at the mailing address or telephone number listed in the "Questions, complaints, and contacts" section at the end of this Privacy Statement.

Revisions to the Privacy Statement

We may revise this Privacy Statement from time to time as we add new features or modify the way in which we manage information, or as laws change that may affect our services. If we make material changes to our Privacy Statement, we will post notice of this on our Site prior to the changes becoming effective. Any revised Privacy Statement will apply both to information we already have about you at the time of the change, and any personal information created or received after the change takes effect. We include a version number on this Privacy Statement consisting of the date (year, month, and day) it was last revised. We encourage you to periodically reread this Privacy Statement, to see if there have been any changes to our policies that may affect you.

Site visitor data

In addition to web logs, described below, Kaiser Permanente routinely gathers data on Site activity, such as how many people visit the Site, the web pages or mobile screens they visit, where they come from, how long they stay, etc. The data is collected on an aggregate basis, which means that no personally identifiable information is associated with the data. This data helps us improve our content and overall usage. The information is not shared with other organizations for their independent use.

The Site does not honor a browser’s signal or header request not to track the user's activity.

Collecting and using and disclosing personal information

Except as disclosed in this Privacy Statement, we do not collect any personally identifiable information about visitors to the Site. The policies, sources, uses and disclosures of information are outlined in Sections 1 through 20 that follow:

1. Information Collection Use

We may collect the following personal information from you:

  • contact information such as name, email address, mailing address, and phone number
  • age or date of birth
  • unique identifiers such as username, account number, and password
  • preferences information such as preferred first name and the types of emails you’d like to receive from us
  • health or medical information (such a health symptoms, health conditions and medications)
  • debit and credit card information
  • medical record number or health record number if you apply for Kaiser Permanente coverage online, personal health and demographic information about you and those dependents for whom you wish to receive coverage
  • your device location

We may use and disclose this information to:

  • communicate your health information, or the health information of someone you are caring for, to health care providers treating you or the other person
  • communicate to you the health information of others you are authorized to act on behalf of on the Site
  • help you pay for prescription refills or medical bills
  • help you apply for Kaiser Permanente coverage
  • send you requested product or service information
  • respond to customer service requests
  • administer your account
  • send you newsletters, voice messages, text messages or email communications
  • respond to your questions and concerns
  • improve our Site and marketing efforts
  • conduct internal quality improvement or business analysis
  • customize your experience on the Site, including the display of location-based information that’s relevant to your care and how to find care
  • de-identify the information in accordance with HIPAA and/or other applicable law

2. Web logs

As is true of most websites, we gather certain information automatically. We maintain standard Web logs that record data about all visitors and customers who use the Site, and we store this information for no longer than reasonably useful to carry out its legitimate business purpose, or as legally required. These logs may contain the Internet domain from which you access the Site (such as xfinity.com, att.com, etc.); the IP address which is automatically assigned to your computer when you get on the Internet (a static IP address may be identifiable as being connected to you, while a dynamic address is usually not identifiable); the type of browser and operating system you use; the date and time you visited; the pages or mobile screens you viewed; and the address of the website you linked from, if any. If you sign on to the Site to use secured features, our web logs will also contain an individual identifier and show the services you have accessed.
 
All Web logs are stored securely and may only be accessed by Kaiser Permanente employees or designees on a need-to-know basis for a specific purpose. Kaiser Permanente uses Web log information to help us design our Site, to identify popular features, to resolve user, hardware, and software problems, to make the Site more useful to visitors and for security purposes.

3. Internet cookies

We and our service providers may place Internet "cookies" or similar technologies (JavaScript, HTML5, ETag) on the computer hard drives of visitors to the Site. Information we obtain helps us to tailor our Site to be more helpful and efficient for our visitors. For example, we are able to see the navigation path taken by users, and that information allows us to understand user success or challenges with the web experience. The cookie consists of a unique identifier that does not contain information about your health history. We use two types of cookies, "session" cookies and "persistent" cookies, along with other similar technologies.

A session cookie is temporary and expires after you end a session and close your web browser. We use session cookies to help customize your experience on our Site, maintain your signed-on status as you navigate through our features, and to track your "click path" through our web pages or mobile screens.

Persistent cookies remain on your hard drive after you've exited from our Site, and we use them for several reasons. For instance, if you've given us permission to email you with information about your Kaiser Permanente benefits, or for other reasons, we may place a persistent cookie on your hard drive that will let us know when you come back to visit our Site. We sometimes use this type of persistent cookie with a "Web beacon" (see below). Persistent cookies will not contain any personal health information about you such as a Kaiser Permanente Health/Medical Record number.

You may have software on your computer that will allow you to decline or deactivate Internet cookies, but if you do so, some features of the Site may not work properly for you. For instructions on how to remove cookies from your hard drive, go to your browser's website for detailed instructions. In addition, further information regarding cookies may be available on other websites or from your Internet service provider. Safari, Chrome, Firefox, Internet Explorer, and iOS browsers are commonly used browsers.

4. Web beacons

We may also occasionally use "Web beacons" (also known as "clear gifs," "Web bugs," "1-pixel gifs," etc.) that allow us to collect non-personal information about your response to our email communications, and for other purposes. Web beacons are tiny images, placed on a Web page or email, that can tell us if you've gone to a particular area on our Site. For example, if you've given us permission to send you emails, we may send you an email urging you to use a certain feature on our Site. If you do respond to that email and use that feature, the Web beacon will tell us that our email communication with you has been successful. We do not collect any personal health information with a Web beacon, and do not link Web beacons with any other personal health information you've given us.

Since Web beacons are used in conjunction with persistent cookies (described above), if you set your browser to decline or deactivate cookies, Web beacons cannot function.

5. Re-targeting

We have contracted a third party ad network to manage our advertising on other sites. Our ad network service provider uses cookies, Web beacons, and other tracking technologies to collect information about your activities on this and other websites and to then provide you with KP advertising on other websites. We may also place a persistent third-party cookie (provided by Google) on your hard drive if you sign on to kp.org. This cookie will prevent kp.org members from seeing advertising that is targeted towards people who are not members of Kaiser Permanente’s health plan, when searching on Google.

If you wish to not have this information used for the purpose of serving you targeted ads, you may opt out. Please note this does not opt you out of being served advertising. You may continue to receive generic non-targeted ads.

6. Emails, voice messages, and SMS text messaging

Kaiser Permanente may use a third-party vendor to help us manage some of our email and voice/text messaging communications with you. While we do supply these vendors with email addresses or mobile telephone numbers of those we wish for them to contact, your email address or mobile telephone number is never used for any purpose other than to communicate with you on our behalf. When you click on a link in an email, you may temporarily be redirected through one of the vendor's servers (although this process will be invisible to you) which will register that you've clicked on that link, and have visited our Site. Kaiser Permanente never shares any information, other than your email address or telephone number, with our third-party email and voice/text messaging vendors, which may only share this information with its authorized subcontractors.

7. Evaluation and quality improvement

We will periodically ask users to complete surveys asking about their experiences with features of the Site. Our surveys ask visitors for demographic information such as age, gender, and education, but will not request that users provide specific information about any medical condition. We use survey information for evaluation and quality improvement purposes, including helping Kaiser Permanente to improve information and services offered through the Site. In addition, users giving feedback may be individually contacted for follow-up due to concerns raised during the course of such evaluation. Demographic information and Web log data may be stored for future evaluation and quality improvement activities.

8. Messages and transactions

Comments or questions sent to us using email or secure messaging forms will be shared with Kaiser Permanente staff and health care professionals who are most able to address your concerns. We will archive your messages once we have made our best effort to provide you with a complete and satisfactory response.

9. Data integrity and correction

You have the right to request to view and correct personal information from the Site. Such requests may be submitted using the contact information in the "Questions, complaints, and contacts" section below.

10. Children

We do not knowingly collect personally identifiable information from children under the age of 13. If Kaiser Permanente is made aware of collecting information from a child under 13, we will delete this information.

11. Disclosures

We may disclose personal information to any person performing audit, legal, operational, or other services for us. We will use information which does not identify the individual for these activities whenever reasonably possible. Information disclosed to vendors or contractors for operational purposes may not be re-disclosed to others by such a vendor or contractor, except as permitted by KP and applicable law.
 
We may also disclose your personal information to third parties who provide services on our behalf to help with our business activities. These companies are authorized to use your personal information only as necessary to provide these services to us pursuant to written instructions. In such cases, these companies must abide by our data privacy and security requirements, and are not allowed to use your personal information they receive from us for any other purpose.
 
These services may include:
  • payment processing
  • providing customer service
  • sending marketing communications
  • fulfilling subscription services
  • conducting research and analysis
  • providing cloud computing infrastructure

We may also disclose your personal information:

  • as required by law, such as to comply with a subpoena, or similar legal process
  • as described in our Notices of Privacy Practices for protected health information
  • when we believe in good faith that disclosure is necessary to protect our rights, protect you or others safety from threats of imminent harm, investigate fraud or other activity in violation of the law, or respond to lawful request by public authorities (including to meet national security or law enforcement requirements)
  • to protect the security and reliability of the Site
  • if Kaiser Permanente is involved in a merger, acquisition, or sale of all or a portion of its assets. You will be notified via email and/or a prominent notice on our Site of any change in ownership or uses of your personal information, as well as any choices you may have regarding your personal information
  • to any other third party with your prior consent to do so
  • to Kaiser Permanente entities to carry out business planning and development and business management and general administrative activities, such as to provide, maintain and personalize our sites and services, and to communicate with you

12. Other requests to limit use and disclosure of your personal information

State and federal laws may allow you to request that we limit our uses and disclosures of your personal information for treatment, payment, and health care operations purposes. We will consider all requests and, if we deny your request, we will notify you in writing. Federal law requires us to agree to your request to restrict disclosures to a health plan or insurer relating to specific health care services, if you have paid for those services in full. The law does not, however, require us to restrict any disclosures we think are important for treatment purposes.

13. Data retention

We will retain your personal information for the period necessary to fulfill the purposes outlined in this Privacy statement, including to meet our legal obligations, resolve disputes, and enforce our agreements, unless a longer retention period is required or permitted by law.

14. Links to third party websites

Our Site includes links to other websites whose privacy practices may differ from those of Kaiser Permanente. If you submit personal information to any of those sites, your information is governed by their privacy statements. We encourage you to carefully read the privacy statement of any website you visit.

15. Location

An IP address (also called Internet address) is assigned to your device by your Internet Service Provider, and is a requirement to use the internet. IP addresses are used to make the connection between your device and the websites and services you use. You can’t prevent a website or app from getting the IP address of your device. Your IP address includes some general information about your device location and we use that to display your proximate location in the website and mobile app user experience. We derive your internet device’s proximate location from your IP address, which is provided to us when you come to the Site. We do this to provide you with a customized experience on our Site, including the display of location-based information that’s relevant to you and your care.
 
 
With your permission, we may collect your precise device location using technologies like GPS, Wi-Fi, and Bluetooth, to help you find a facility, doctor, or directions within a facility or to provide you with timely notices when you visit a facility.

16. Third party applications

At your request, we may send your personal information to apps that are created and owned by a third party. Kaiser Permanente does not control the app or app provider and is not responsible for the integrity, privacy, security or breach of data transferred to, or stored in the app, or the use or disclosure of data by the app or the app provider once the data are released by Kaiser Permanente. We encourage you to carefully review the terms of use and privacy policy and settings that apply to the app and the app provider and approve release of data only to those apps and app providers that you trust.

Questions, complaints, and contacts

If you have any questions about this Privacy Statement, our policies and practices concerning the Site, your rights under this statement, and your dealings with the Kaiser Permanente Site, you can contact Kaiser Permanente by telephone at 1-800-556-7677 (toll free), or 711 (toll-free TTY for the hearing/speech impaired), by sending a message to the Kaiser Permanente Web manager, or by U.S. mail at the address below:

Kaiser Permanente, kp.org Privacy
4460 Hacienda Drive, Building A, Third Floor
Pleasanton, CA 94588

Last revised: February 2022

Version 1.0