HIPAA Compliant

HeyMedicaid Privacy Policy

Effective Date: January 1, 2025

Last Updated: December 15, 2024

HIPAA Notice: HeyMedicaid is a covered entity under the Health Insurance Portability and Accountability Act (HIPAA). This Privacy Policy describes how we collect, use, and protect your Protected Health Information (PHI) and other personal information in compliance with HIPAA, state laws, and other applicable regulations.

1. Our Commitment to Your Privacy

At HeyMedicaid, we understand that your health information is deeply personal and sensitive. We are committed to protecting your privacy and ensuring that your Protected Health Information (PHI) and personal data are handled with the utmost care and security.

This Privacy Policy explains what information we collect, how we use it, who we share it with, and your rights regarding your information. We encourage you to read this policy carefully and contact us if you have any questions.

2. Information We Collect

Protected Health Information (PHI)

Medical history and diagnoses
Prescription medications and treatment plans
Insurance and Medicaid ID numbers
Healthcare provider information
Medical appointment records
Lab results and medical imaging
Mental health and substance abuse treatment records

Personal Information

Full name, date of birth, and Social Security Number
Contact information (address, phone, email)
Emergency contact information
Demographic information
Device identifiers and IP addresses
Location data (with your permission)
App usage and interaction data

Sensitive Categories

We may collect particularly sensitive information including HIV/AIDS status, genetic information, mental health records, and substance abuse treatment records. This information receives the highest level of protection under federal and state laws.

3. How We Use Your Information

Healthcare Operations

Verifying your Medicaid eligibility and benefits
Facilitating healthcare services and care coordination
Processing prior authorizations and claims
Connecting you with in-network providers
Managing prescription benefits
Providing appointment reminders and health notifications

Platform Services

Creating and managing your HeyMedicaid account
Providing customer support and responding to inquiries
Improving our services through analytics (de-identified data)
Sending important updates about your benefits
Preventing fraud and ensuring security
Complying with legal and regulatory requirements

4. When We Share Your Information

We NEVER sell your personal information or PHI. We only share information as permitted or required by HIPAA and other applicable laws.

With Your Consent

We share your information when you explicitly authorize us to do so, such as when you request us to send your records to a specific provider or family member.

For Treatment, Payment, and Healthcare Operations

As permitted by HIPAA, we may share your PHI with healthcare providers for treatment purposes, with insurance companies for payment processing, and for essential healthcare operations.

Business Associates

We work with carefully selected third-party service providers who help us operate our platform. All business associates sign agreements requiring them to protect your information in accordance with HIPAA.

Legal Requirements

We may disclose information when required by law, such as in response to a court order, subpoena, or to report suspected abuse, neglect, or domestic violence.

5. Your Privacy Rights

Under HIPAA and state privacy laws, you have important rights regarding your health information:

Right to Access

Request copies of your health records and information we maintain about you

Right to Amend

Request corrections to inaccurate or incomplete health information

Right to Accounting

Receive a list of certain disclosures of your health information

Right to Restrict

Request limitations on how we use or share your health information

Right to Confidential Communications

Request that we contact you in a specific way or at a specific location

Right to Delete (where applicable)

Request deletion of certain personal information, subject to legal retention requirements

To exercise any of these rights, please contact our Privacy Officer at privacy@heymedicaid.com or call 1-800-MEDICAID.

6. How We Protect Your Information

We implement comprehensive security measures to protect your information:

Technical Safeguards

256-bit AES encryption at rest
TLS 1.3 encryption in transit
Multi-factor authentication
Regular security audits
Intrusion detection systems

Administrative Safeguards

HIPAA-trained staff
Role-based access controls
Regular privacy training
Incident response procedures
Business associate agreements

7. Data Retention and Deletion

We retain your health information for as long as required by federal and state laws, typically a minimum of six years from the date of last service. After this retention period, we securely destroy your information using industry-standard methods.

You may request deletion of certain personal information that is not subject to legal retention requirements. However, we must maintain health records as required by HIPAA and state regulations.

8. Children's Privacy

HeyMedicaid may be used by minors aged 13-17 with parental consent. For children under 13, a parent or guardian must create and manage the account. We comply with the Children's Online Privacy Protection Act (COPPA) and obtain verifiable parental consent before collecting information from children under 13.

9. State-Specific Privacy Rights

Residents of certain states have additional privacy rights. Please see our State Privacy Rights page for detailed information about California (CCPA/CPRA), Virginia (VCDPA), Colorado (CPA), and other state-specific protections.

State	Additional Rights
California	Right to opt-out of sale, right to non-discrimination, right to know categories
Virginia	Right to opt-out of targeted advertising and profiling
Colorado	Right to opt-out of profiling, right to data portability
Connecticut	Right to correct inaccuracies, right to opt-out of profiling

10. Updates to This Policy

We may update this Privacy Policy from time to time to reflect changes in our practices or legal requirements. We will notify you of any material changes through the app, email, or by posting a notice on our website. Your continued use of HeyMedicaid after changes indicates your acceptance of the updated policy.

Contact Our Privacy Team

Privacy Officer

HeyMedicaid, Inc.
Attn: Privacy Officer
PO Box 1234
San Francisco, CA 94102

Contact Methods

Email: privacy@heymedicaid.com
Phone: 1-800-MEDICAID
HIPAA Hotline: 1-800-HHS-TIPS
Online Form: heymedicaid.com/privacy