HealthWell Foundation Privacy Policy
Last updated: October 18, 2023
Introduction
HealthWell Foundation, Inc., a 501(c)(3) foundation (“Foundation” or “we”), respects your privacy and are committed to protecting it through our compliance with this policy (“Privacy Policy”). This Privacy Policy describes the types of information we may collect from you or that you may provide when you visit our website at www.healthwellfoundation.org (“Website”), our Patient Portal (https://healthwellfoundation.my.salesforce-sites.com/patients), our Provider Portal, (https://healthwellfoundation.my.salesforce-sites.com/providers), or our Pharmacy Portal (https://healthwellfoundation.my.salesforce-sites.com/pharmacies) (collectively, “Web Portals”), and our practices for collecting, using, maintaining, protecting, and disclosing that information.
Please read this policy carefully to understand our policies and practices regarding your information and how we will treat it. If you do not agree with our policies and practices, your choice is not to use this Website, our social media accounts, our offline sources, or our Web Portals. By accessing our Website, you agree to this privacy policy. This policy may change from time to time (see Changes to our Privacy Policy). Your continued use of this Website after we make changes is deemed to be acceptance of those changes, so please check the policy periodically for updates.
THE FOUNDATION IS NOT A MEDICAL PROVIDER NOR IS IT A “COVERED ENTITY” SUBJECT TO STATE OR FEDERAL LAWS GOVERNING THE PRIVACY OF MEDICAL RECORDS OR INFORMATION, INCLUDING THE HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996, COMMONLY REFERRED TO AS “HIPAA”.
DONOR PRIVACY: We will not sell, share, or trade our donors’ names or personal information with any other entity, nor send mailings to our donors on behalf of other organizations. This policy applies to all information received by the Foundation, both online and offline, as well as any electronic, written, or oral communications.
-
INFORMATION WE COLLECT
This policy applies to information we collect:
- On this Website and through our Web Portals.
- In email, text, and other electronic messages between you and this Website.
- When you interact with our email, social media, and marketing applications.
- Sensitive information from patient eligibility forms.
- Sensitive information from our sponsors and donors.
- From employees and board members.
- From outbound marketing communications.
It does not apply to information collected by:
- Us, offline or through any other means, including on any other website operated by the Foundation or any third party (including our affiliates and subsidiaries);
- Our affiliates or subsidiaries; or
- Any third party (including our business partners and service providers), including through any application or content that may link to or be accessible from or on the Website.
Children Under the Age of 18
If you are under 18, do not use or provide any information about yourself to us, including your name, address, telephone number, email address, or any screen name or user name you may use. If we learn we have collected or received personal information from a child under 18 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 18, please contact us at [email protected].
-
INFORMATION WE COLLECT ABOUT YOU AND HOW WE COLLECT IT
We collect several types of information from and about users of our Website and our Web Portals, including information:
- By which you may be personally identified, such as first and last name, account password, postal address, email address, social media addresses, telephone number, social security number, insurance information, or any other identifier by which you may be contacted online or offline (“personal information”);
- That is about you but individually does not identify you, such as an alias, a 9-digit ZIP code, or a unique personal identifier; and/or
- About your internet connection, the equipment you use to access our Website, and usage details.
We collect this information:
- Directly from you when you enter it in forms or surveys on our Website or through our Web Portals, apply for assistance, subscribe to a newsletter, make a donation, contribute a personal story, tweet to us, post web videos on our Facebook page, post a comment on our YouTube videos, our Facebook page, our Linkedin profile, our Instagram account and our X (formerly Twitter) account; provide information by postal mail, telephone, email, fax or use other features and resources on the Website and in our other social media presences.
We collect Sensitive Information as follows:
- Sensitive information is collected from users who are applying for funding for medical treatments; and during the application process, we may request information such as social security numbers, insurance policy numbers, medical conditions, medications you use to determine which patient assistance programs can properly assist you. Your medical conditions may be considered Protected Health Information (“PHI”) and therefore sensitive personal information. You may elect not to provide your medical condition or other sensitive personal information, but you may not be able to participate in patient assistance programs through the Website. We do not use Cookies to enable ad targeting based on sensitive personal information.
- Sensitive information is collected from donors and sponsors who make donations to the Foundation or sharing content on our social media accounts, please do not disclose sensitive personal information (information that can be used on its own or with other information to identify, contact, or locate a single person, or to identify an individual in context, such as protected health information, social security numbers, or healthcare account numbers) unless we specifically request your consent.
- Automatically as you navigate through the Website and our Web Portals. Information collected automatically may include usage details, IP addresses, and information collected through cookies, web beacons, and other tracking technologies.
- From third parties, for example, our business partners.
-
INFORMATION WE COLLECT THROUGH AUTOMATIC DATA COLLECTION TECHNOLOGIES
As you navigate through and interact with our Website and our Web Portals, we may use automatic data collection technologies to collect certain information about your equipment, browsing actions, and patterns, including:
- Visit Data. Details of your visits to our Website and our Web Portals, including traffic data, location data, logs, and other communication data and the resources that you access and use on the Website.
- Device Data. Information about your computer and internet connection, including your IP address, operating system, and browser type.
We may also use a variety of tools to collect data about your visit to our Website and our Web Portals or social media presences, often referred to as “Cookies.”
- Cookies (or browser cookies). A cookie is a small file placed on the hard drive of your computer. You may refuse to accept browser cookies by activating the appropriate setting on your browser. However, if you select this setting you may be unable to access certain parts of our Website. Unless you have adjusted your browser setting so that it will refuse cookies, our system will issue cookies when you direct your browser to our Website and our Web Portals.
- Local Data Storage. Certain features of our Website and our Web Portals may use locally stored objects to collect and store information about your preferences and navigation to, from, and on our Website. For information about managing your privacy and security settings for Local Data Storage, see Choices About How We Use and Disclose Your Information.
- Web Beacons. Pages of our Website and our e-mails may contain small electronic files known as web beacons (also referred to as clear gifs, pixel tags, and single-pixel gifs) that permit the Company, for example, to count users who have visited those pages or [opened an email] and for other related website statistics (for example, recording the popularity of certain website content and verifying system and server integrity).
Third-Party Use of Cookies and Other Tracking Technologies
Some content or applications on the Website are served by third-parties, including advertisers, ad networks and servers, content providers, and application providers. These third parties may use cookies alone or including personal information, about your online activities over time and across different websites and other online services. They may use this information to provide you with interest-based (behavioral) advertising or other targeted content. We do not control these third parties’ tracking technologies or how they may be used. If you have any questions about an advertisement or other targeted content, you should contact the responsible provider directly. For information about how you can opt out of receiving targeted advertising from many providers, see Choices About How We Use and Disclose Your Information.
-
HOW WE USE YOUR INFORMATION
We use information that we collect about you or that you provide to us, including any personal information that:
- Presents our Website and our Web Portals and their respective contents to you.
- Notifies you about changes to our Website and our Web Portals or any products or services we offer or provide through them.
- Provides you with information, products, or services that you request from us, namely determining eligibility for assistance for certain out-of-pocket health care costs (“assistance programs”).
- Provides you with assistance applying for assistance programs.
- Provides communications with patients about assistance programs.
- Allows you to transfer to healthcare providers and their staffs, pharmacy, employer, insurance company, and other persons or entities working on your behalf to obtain eligible treatment or therapy.
- Allows you to transfer to our pharmacy card vendor to process payments, and
- Allows you to share stories and comments on social media
- To fulfill any other purpose for which you provide it.
- Provides you with notices about your account, including expiration and renewal notices.
- Carries out our obligations and enforces our rights arising from any contracts entered into between you and us, including for billing and collection.
- Accept and process donations.
- Communicates with donors and supporters about contributions.
- Sends Foundation newsletters to donors.
- Transfers to outside contractors, auditors, consultants or others hired by the Foundation to assist in providing a monthly newsletter for donors.
- Shares stories and comments on social media.
If you do not want us to use your information in this way, please adjust your user preferences in your browser and account profile. For more information, see Choices About How We Use and Disclose Your Information.
-
DISCLOSURE OF YOUR INFORMATION
We may disclose aggregated information about our users, and information that does not identify any individual, without restriction. We may disclose personal information that we collect or you provide as described in this privacy policy:
- To our subsidiaries and affiliates.
- To contractors, service providers, and other third parties we use to support our business and who are bound by contractual obligations to keep personal information confidential and use it only for the purposes for which we disclose it to them.
- To a buyer or other successor in the event of a merger, divestiture, restructuring, reorganization, dissolution, or other sale or transfer of some or all of Foundation’s assets, whether as a going concern or as part of bankruptcy, liquidation, or similar proceeding, in which personal information held by the Foundation about our Website users is among the assets transferred.
We may also disclose your personal information:
- To comply with any court order, law, or legal process, including to respond to any government or regulatory request.
- To enforce or apply our Terms of Use and other agreements, including for billing and collection purposes.
- If we believe disclosure is necessary or appropriate to protect the rights, property, or safety of the Foundation, our customers, or others. This includes exchanging information with other companies and organizations for the purposes of fraud protection and credit risk reduction.
Choices About How We Use and Disclose Your Information
We strive to provide you with choices regarding the personal information you provide to us. We have created mechanisms to provide you with the following control over your information:
- Tracking Technologies and Advertising. You can set your browser to refuse all or some browser cookies, or to alert you when cookies are being sent. You can manage your local data storage settings in your in Options in your browser. If you disable or refuse cookies, please note that you may not be able to access portions of our Website and our Web Portals.
Third parties may provide you with ways to choose not to have your information collected or used in this way:
- You can opt out of receiving targeted ads from members of the Network Advertising Initiative (“NAI”) on the NAI’s website.
- California residents may have additional personal information rights and choices. Please see Your State Privacy Rights, for more information.
- Nevada residents who wish to exercise their sale opt-out rights under Nevada Revised Statutes Chapter 603A may submit a request to this designated address: [email protected]. However, please know we do not currently sell data triggering that statute’s opt-out requirements.
Accessing and Correcting Your Information.
You can review and change your personal information by logging into the Web Portals and visiting your account profile page. You may also send us an email at [email protected] to request access to, correct or delete any personal information that you have provided to us. We cannot delete your personal information except by also deleting your user account. We may not accommodate a request to change information if we believe the change would violate any law or legal requirement or cause the information to be incorrect. If you delete your User Contributions from the Website, copies of your User Contributions may remain viewable in cached and archived pages, or might have been copied or stored by other Website users. Proper access and use of information provided on the Website, including User Contributions, is governed by our Terms of Use. California residents may have additional personal information rights and choices. Please see below, for more information.
Your State Privacy Rights
State consumer privacy laws may provide their residents with additional rights regarding our use of their personal information. If you are a California resident, California law may provide you with additional rights regarding our use of your personal information. California’s “Shine the Light” law (Civil Code Section § 1798.83) permits users of our Website that are California residents to request certain information regarding our disclosure of personal information to third parties for their direct marketing purposes. To make such a request, please send an email to [email protected] or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.
Colorado, Connecticut, Virginia, and Utah each provide their state residents with rights to:
- Confirm whether we process their personal information.
- Access and delete certain personal information.
- Data portability.
- Opt-out of personal data processing for targeted advertising and sales.
Colorado, Connecticut, and Virginia also provide their state residents with rights to:
- Correct inaccuracies in their personal information, taking into account the information’s nature processing purpose.
- Opt-out of profiling in furtherance of decisions that produce legal or similarly significant effects.
To exercise any of these rights please send an email to [email protected] or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874. To appeal a decision regarding a consumer rights request please send an email to [email protected] or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.
-
DATA SECURITY
We have implemented measures designed to secure your personal information from accidental loss and from unauthorized access, use, alteration, and disclosure. See our data security measures, below.
- Your Responsibility. All information you provide to us is stored on our secure servers behind firewalls. The safety and security of your information also depends on you. Where we have given you (or where you have chosen) a password for access to certain parts of our Website, you are responsible for keeping this password confidential. We ask you not to share your password with anyone. We urge you to be careful about giving out information in public areas of the Website like message boards. The information you share in public areas may be viewed by any user of the Website. Unfortunately, the transmission of information via the internet is not completely secure. Although we do our best to protect your personal information, we cannot guarantee the security of your personal information transmitted to our Website. Any transmission of personal information is at your own risk. We are not responsible for circumvention of any privacy settings or security measures contained on the Website.
- Security Measures. We and our Service Providers protect your information using physical, technical, and administrative security measures to reduce the risks of loss, misuse, unauthorized access, disclosure and alteration. Some of the safeguards we use are firewalls, data encryption, intrusion detection, anti-virus controls, using physical access controls to our data centers, and information access authorization controls. Sensitive Personal Information is not stored on the Foundation Website, see the Patient and Donor Personally Identifiable Information, Because the internet and mobile web are inherently insecure and no information system is 100% secure and even the most secure system can be compromised, we cannot guarantee security. As such, the Foundation cannot ensure or warrant the security of any information you transmit to the Foundation.
- Patient and Donor Personally Identifiable Information. We store your information in patient and donor databases hosted by our Service Provider Salesforce. Salesforce’s privacy Policy is located at https://www.salesforce.com/company/privacy/#. Salesforce is a certified licensee of EU-U.S. Privacy Shield Framework and Swiss-U.S. Privacy Shield Framework.
- Credit Card Transaction Information. Donor credit card transactions for donations to the Foundation are processed by our Service Provider CyberSource, a Visa solution. The Foundation does not collect or retain any credit card information on our Website or systems. CyberSource’s privacy Policy is located at https://usa.visa.com/legal/privacy-policy.html. CyberSource is PCI-DSS compliant.
- Donor Documentation. Information about patients and donors may be included in donor documents, proposals, and agreements retained on the Foundation’s systems. The Foundation restricts access to patient and donor information to authorized Foundation employees and our Service Providers, contractors, and agents who need that information in order to operate, develop, or improve the Foundation, our Website, Web Portals and services. These individuals are bound by confidentiality obligations and may be subject to discipline, including termination, if they fail to meet these obligations. We delete and destroy individual records of patient and donor information according to Foundation’s Record Retention Schedule.
-
CHANGES TO OUR PRIVACY POLICY
It is our policy to post any changes we make to our privacy policy on this page with a notice that the privacy policy has been updated on the Website home page. If we make material changes to how we treat our users’ personal information, we will notify you through a notice on the Website home page. The date the privacy policy was last revised is identified at the top of the page.
Contact Information
To ask questions or comment about this privacy policy and our privacy practices, contact us at:
- [email protected]
- or write us at: HealthWell Foundation, 20440 Century Blvd, Suite 250, Germantown, MD 20874.