California Privacy Notice
This California Privacy Notice (the CA Notice) applies solely to individual residents of the State of California (consumers or you). This CA Notice describes how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California as part of our business relationship with you and within the scope of the California Consumer Privacy Act of 2018 (CCPA).
This CA Notice does not apply to information collected by MultiPlan when we are functioning as a service provider for our business customers (e.g., health plans) pursuant to the Health Insurance Portability and Accountability Act (HIPAA). In the course of providing services for our business customers, we may collect your personal data on their behalf pursuant to our contracts with them, including HIPAA business associate agreements. Notwithstanding anything to the contrary, this CA Notice does not apply to our collection and processing of this data. We recommend referring to the Notice of Privacy Practices of the entity with which you have a relationship for information (e.g., health plans) on how they engage service providers, like us, to collect and process such data on their behalf.
Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in the CCPA.
COLLECTION AND USE OF PERSONAL INFORMATION
In the last 12 months, we have collected the following categories of personal information:
Identifiers | Identifiers, such as name, contact information, online identifiers, government-issued ID numbers, and other information protected by California law, including the following sensitive personal information: • Tax identification number, social security number, identification card number • Your precise geolocation |
Protected Classifications | Characteristics of protected classifications under California or federal law, such as sex, age, national origin, disability, medical conditions and information, citizenship, immigration status and marital status, including the following sensitive personal information: • Race, ethnic origin, religion, and union associations |
Financial Transactions | Commercial information, such as transaction information, reimbursable purchase history and financial details required to administer provider network participation agreements or negotiate individual claims, , including the following sensitive personal information: • Account credentials, financial/credit card information |
Digital Records | Internet, network, or data system activity information, such as browsing history, cookies, and interactions with our applications, systems, or self-service portals, including but not limited to, security related log data, including the following sensitive personal information: • Account credentials, • Contents of mail, email, text messages |
Facility and Communication Records | Audio, electronic, visual, and similar information, such as images and audio, video, or call logging or recordings created in connection with our business activities |
Employment-Related Data | Provider group participation, facility associations and/or admitting privileges, if applicable |
Education-Related Data | Education information subject to the federal Family Educational Rights and Privacy Act, such as student records |
Profiles, Summaries, or Inferences | Inferences drawn from any of the Personal Information listed above to create a profile or summary, for example, a summary of an individual’s preferences, abilities, aptitudes and characteristics |
DATA PROCESSING
We collect personal information from and about consumers for a variety of purposes. The personal data we collect from you is processed:
- To comply with state and federal law and regulations;
- To administer the network participation or other contractual agreements between you and MultiPlan, if applicable;
- To complete our credentialing obligations with respect to our participating providers;
- To evaluate network participant applicants, including background checks;
- To anonymize and/or aggregate data to perform analytics, data analytics, and benchmarking;
- To perform services monitoring, recording of service calls, and customer service functions;
- To track usage and support MultiPlan’s information security program and processes, including implementing, monitoring, and managing electronic security measures on devices that are used to access networks and systems;
- To create business records, including tracking updates, documenting work, and maintaining notes supplied in MultiPlan-maintained systems and databases;
- To ensure compliance with MultiPlan’s regulatory and industry certification or accreditation obligations;
- To provide services to our Covered Entity clients, including administering network or other contract agreements, and service reporting;
- To facilitate contracting, including electronic signatures;
- To validate the identify of individuals interacting with our access-restricted portals; and
- To provide third party vendors and partners with information necessary to administer services for the benefit of clients/users, providers, patients, and/or employees.
DISCLOSURE OF PERSONAL INFORMATION
We share personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information for a business purpose may include: (i) other brands and affiliates in our family of companies; (ii) our service providers and advisors; or (iii) analytics providers. We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:
- Personal Data. The personal data described above may be shared with MultiPlan partners and service vendors to:
- Comply with state and federal requirements related to directory information, and transparency obligations placed on our clients;
- Verify information as part of provider credentialing, recredentialing, investigation, sanctions monitoring, and other activities related to administering a provider network;
- Verify and update provider directory and provider contact information;
- Administer client agreements made with MultiPlan and our Covered Entity clients that require certain information about providers;
- Audit and review information submitted as part of MultiPlan services, including provider data collected as part of healthcare claims;
- Demonstrate compliance with NCQA accreditation standards;
- Administer security requirements such as multifactor authentication and single-sign on services;
- Evaluate and monitor the security of MultiPlan systems; and
- Evaluate and retain records on employee access to and work performed within MultiPlan systems.
- Company Reorganization or Acquisition. We may disclose personal data in the context of a company reorganization or acquisition by a third party, or if we are legally entitled or required to do so.
As part of this permitted information sharing, your personal data may be transferred across borders to other countries, whose data protection requirements may differ from ours. Personal data processed in other countries may be subject to the laws of that country, including foreign governments, law enforcement, or legal systems.
In the last 12 months, we have not knowingly “sold” personal information or “shared” personal information for “cross-context behavioral advertising.” We do not have actual knowledge of “selling” or “sharing” personal information of individuals under 16 years of age.
YOUR CALIFORNIA PRIVACY RIGHTS
As a California resident, you may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations at law):
The Right to Access/Know | You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:
|
The Right to Request Deletion | You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions. |
The Right to Correction | You have the right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal information. |
The Right to Non-Discrimination | You have the right not to receive discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner. |
The Right to Opt Out of the Sale or Sharing of Personal Data | You have the right to direct us not to sell or share personal information we have collected about you to third parties now or in the future. |
The Right to Limit the Use of Sensitive Personal Data | You have the right to direct us to limit the use of your sensitive data. |
HOW TO EXERCISE YOUR CALIFORNIA CONSUMER RIGHTS
To Exercise Your Right to Access, Right to Know, Right to Deletion, or Right to Correction
Please submit a request by emailing us at [email protected] with the subject line, “California Rights Request.”
Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your name, email address, or phone number.
In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.
Authorized Agents
In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the CCPA) to submit requests on your behalf through the designated methods set forth in this CA Notice where we can verify the authorized agent’s authority to act on your behalf.
For requests to know, delete, or correct personal information, we require the following for verification purposes:
(a) a power of attorney valid under the laws of California from you or your authorized agent; or
(b) sufficient evidence to show that you have:
1. provided the authorized agent signed permission to act on your behalf; and
2. verified your own identity directly with us pursuant to the instructions set forth in this CA Notice; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.
AMENDMENTS TO THIS CA NOTICE
We reserve the right to change this CA Notice from time to time by publishing the updated notice to our website.
This CA Notice was last updated on January 6 , 2023.