Did you receive an inquiry about buying MultiPlan insurance?  We are not an insurance company.

Privacy Policy

MultiPlan, Inc. (MultiPlan, we, us, or our) is committed to maintaining confidentiality for all of the information received from our customers, including information received from this website. When we receive personal data, we respect the privacy and the confidentiality of that information. We collect and maintain information to administer our business and to provide products and services to our health care customers and their members. We provide security safeguards in handling and maintaining personal data to protect against risks such as loss, destruction, or misuse. We do not engage in the sale or trading of mailing lists or personal data. We require our business affiliates to follow the same or substantially similar privacy principles.

A. Scope

This Privacy Policy applies to information we collect from you or that you may provide when you visit our website. This Privacy Policy does not apply to information collected by MultiPlan offline or through any other means. In certain situations, we function as a service provider for our business customers (e.g., health plans) pursuant to the Health Insurance Portability and Accountability Act (HIPAA). In the course of providing services for our business customers, we may collect your personal data on their behalf pursuant to our contracts with them, including HIPAA business associate agreements. Notwithstanding anything to the contrary, this Privacy Policy does not apply to our collection and processing of this data. We recommend referring to the Notice of Privacy Practices of the entity with which you have a relationship for information (e.g., health plans) on how they engage service providers, like us, to collect and process such data on their behalf.

If you do not agree with our policies and practices, your choice is not to use our website.

B. Definitions

In this Privacy Policy, the following terms will be used:

Personal data: means any data collected during your visit to our website that can be used to identify an individual, directly or indirectly; personal data includes attributes such as a name, location data, an online identifier, or other factors specific to the physical, cultural, or social identity of the person.

Processing: means any operation which is performed on personal data, including the collection, recording, organization, structuring, storage, adaptation or alteration, retrieval, restriction, destruction, or any kind of disclosure of personal data.

C. Data Collection and Processing

MultiPlan will only use the personal data that we gather from operating this website as set forth in this Privacy Policy. Please review the way we collect and use personal data; for what purposes we collect and use personal data; with whom we may share personal data; and what control and information rights you may have with respect to your personal data.

Personal Data Collected From You

When you use the website, we may collect the following information from you:

Identifiers

Identifiers, such as name, contact information, online identifiers, government-issued ID numbers, and other information protected by California law, including the following sensitive personal information:

•      Tax identification number, social security number, identification card number

•      Your precise geolocation

Protected Classifications

Characteristics of protected classifications under California or federal law, such as sex, age, national origin, disability, medical conditions and information, citizenship, immigration status and marital status, including the following sensitive personal information:

•      Race, ethnic origin, religion, and union associations

Financial Transactions

Commercial information, such as transaction information, reimbursable purchase history and financial details required to administer provider network participation agreements or negotiate individual claims, , including the following sensitive personal information:

•      Account credentials, financial/credit card information

Digital Records

Internet, network, or data system activity information, such as browsing history, cookies, and interactions with our applications, systems, or self-service portals, including but not limited to, security related log data, including the following sensitive personal information:

•      Account credentials,

•      Contents of mail, email, text messages

Facility and Communication Records

Audio, electronic, visual, and similar information, such as images and audio, video, or call logging or recordings created in connection with our business activities

Employment-Related Data

Provider group participation, facility associations and/or admitting privileges, if applicable

Education-Related Data

Education information subject to the federal Family Educational Rights and Privacy Act, such as student records

Profiles, Summaries, or Inferences

Inferences drawn from any of the Personal Information listed above to create a profile or summary, for example, a summary of an individual’s preferences, abilities, aptitudes and characteristics

Processing of Personal Data

The personal data we collect from you is processed:

  • To comply with state and federal law and regulations;
  • To administer the network participation or other contractual agreements between you and MultiPlan, if applicable;
  • To complete our credentialing obligations with respect to our participating providers;
  • To evaluate network participant applicants, including background checks;
  • To anonymize and/or aggregate data to perform analytics, data analytics, and benchmarking;
  • To perform services monitoring, recording of service calls, and customer service functions;
  • To track usage and support MultiPlan’s information security program and processes, including implementing, monitoring, and managing electronic security measures on devices that are used to access networks and systems;
  • To create business records, including tracking updates, documenting work, and maintaining notes supplied in MultiPlan-maintained systems and databases;
  • To ensure compliance with MultiPlan’s regulatory and industry certification or accreditation obligations;
  • To provide services to our Covered Entity clients, including administering network or other contract agreements, and service reporting;
  • To facilitate contracting, including electronic signatures;
  • To validate the identify of individuals interacting with our access-restricted portals; and
  • To provide third party vendors and partners with information necessary to administer services for the benefit of clients/users, providers, patients, and/or employees.


Personal Data Automatically Collected

As is true of most digital properties, we and our third-party service providers may automatically collect certain information from or in connection with your device when visiting or interacting with our website, including our searchable provider directory. For example:

  • Log data, including the date and time of your visit; your device type, screen resolution, and browser version; your internet service provider; information on your operating system, including language settings; and information on how you arrived at our website.
  • Analytics data, including the electronic path you take to our website, through our website and when exiting our website, UTM source, as well as your usage and activity on our services, such as the time zone, activity information (first and last active date and time), usage history (flows created, campaigns scheduled, emails opened, total log-ins) as well as the pages, links, objects, products and benefits you view, click or otherwise interact with.
  • Location data, such as general geographic location that we may derive from your IP address.

Such information is necessary for us to administer the website, and we use this data only to assist us in providing an effective service (e.g., to ensure our content is accessible on your device), maintain security, and to collect broad demographic information for anonymized, aggregated use.

For all visitors to our website, we deposit and track cookies. Cookies are files with small amount of data, which may include an anonymous unique identifier for each visitor. We may use this information to enable our website to recognize repeat users and track usage patterns to better serve visitors when they return to the website. Most browsers provide a simple procedure that enables users to control whether or not they want to receive cookies or notifies them when a website is about to deposit a cookie file. You can instruct your browser to refuse all cookies or to indicate when a cookie is being sent. However, if you do not accept cookies, you may not be able to use some portions of our website.

D. Information Sharing

We may also share, transmit, disclose, grant access to, make available, and provide personal information with and to third parties, as follows:

  • Personal Data. The personal data described above may be shared with MultiPlan partners and service vendors to:
    • Comply with state and federal requirements related to directory information, and transparency obligations placed on our clients;
    • Verify information as part of provider credentialing, recredentialing, investigation, sanctions monitoring, and other activities related to administering a provider network;
    • Verify and update provider directory and provider contact information;
    • Administer client agreements made with MultiPlan and our Covered Entity clients that require certain information about providers;
    • Audit and review information submitted as part of MultiPlan services, including provider data collected as part of healthcare claims;
    • Demonstrate compliance with NCQA accreditation standards;
    • Administer security requirements such as multifactor authentication and single-sign on services;
    • Evaluate and monitor the security of MultiPlan systems; and
    • Evaluate and retain records on employee access to and work performed within MultiPlan systems.
  • Anonymous or Aggregate Data or Statistics. We may disclose anonymized, aggregated data and statistics about our website and its users to third parties, including, for example, prospective clients or partners. This statistical information will not include personal data. Please note where we maintain deidentified information, we will maintain and use the information in deidentified form and not attempt to reidentify the information except as required or permitted by law.
  • Company Reorganization or Acquisition. We may disclose personal data in the context of a company reorganization or acquisition by a third party, or if we are legally entitled or required to do so.

As part of this permitted information sharing, your personal data may be transferred across borders to other countries, whose data protection requirements may differ from ours. Personal data processed in other countries may be subject to the laws of that country, including foreign governments, law enforcement, or legal systems.

E. Data Security and Retention

We have implemented appropriate safeguards to secure your personal data, and only authorized personnel have access to personal data. Our security program and its related policies are regularly reviewed. We cannot guarantee the security of information submitted while it is in transit, however, and the submission of personal data is at your own risk.

We will retain data about you only as long as necessary to fulfill the purposes for which we collected it. If applicable regulatory or contractual retention timelines apply, we will retain your personal data as required.

F. Data Analytics

To improve and optimize our website, we use Google Analytics and our own proprietary analytics tools to collect information about the use of our site. Generally, we collect information such as device and browser information, IP addresses, geographic locations, time and length of visit, pages accessed, and referring site. For information on how Google Analytics collects and processes data, as well as how you can control information sent to Google, review Google’s website, “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners/. You can learn about Google Analytics’ currently available opt-outs, including the Google Analytics Browser Ad-On here: https://tools.google.com/dlpage/gaoptout/.

G. Region-Specific Disclosures

Under the laws applicable to you and your personal data, you may be entitled to exercise certain rights with respect to the way MultiPlan collects or processes your personal data.

1. California

If you are a California Resident, please see our California Privacy Notice for additional California-specific privacy information.

2. Colorado, Connecticut, Virginia, and Utah

If you are a Colorado, Connecticut, Virginia, or Utah Resident, please see our State Privacy Notice for additional state-specific privacy information.

H. Children’s Personal Data

Our website is not intended for children under 13 years of age, and we do not knowingly collect personal data from children under 13. If you are under 13, do not use or provide any information on this website. If we learn we have collected or received personal data from a child under 13 without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child under 13, please contact us at 16 Crosby Drive, Bedford, MA 01730, or by email at [email protected].

I. Third-Party Websites

Our website may include links to third-party websites, plug-ins and applications. Except where we post, link to or expressly adopt or refer to this Privacy Policy, this Privacy Policy does not apply to, and we are not responsible for, any personal data practices of third-party websites and online services or the practices of other third parties. To learn about the personal data practices of third parties, please visit their respective privacy policies.

J. Contacting MultiPlan

If you have any questions or concerns about this Privacy Policy, you may email us at [email protected]. Any information you provide when contacting us will be used only to handle your request, and will be deleted upon resolution of your question or concern, unless a statutory retention period applies. To raise a Privacy related inquiry or concern please contact [email protected]. To raise a Security related inquiry or concern please contact [email protected].

K. Amendments to This Privacy Policy

We reserve the right to change this Privacy Policy from time to time by publishing the updated policy to our website.

This Privacy Policy was last updated on January 6, 2023.

California Privacy Notice

This California Privacy Notice (the CA Notice) supplements the information contained in our Privacy Policy above and applies solely to individual residents of the State of California (consumers or you). This CA Notice describes how we collect, use, disclose, and otherwise process personal information of individual residents of the State of California through our website within the scope of the California Consumer Privacy Act of 2018 (CCPA).

Unless otherwise expressly stated, all terms in this CA Notice have the same meaning as defined in our Privacy Policy or as otherwise defined in the CCPA.

COLLECTION AND USE OF PERSONAL INFORMATION

In the last 12 months, we have collected the following categories of personal information:

  • Identifiers, such as your first and last name, email address, and phone number;
  • California Customer Records (Cal. Civ. Code § 1798.80(e)), such as phone number
  • Protected Classifications, such as sex, age, national origin.
  • Financial Transactions, such as reimbursement history.
  • Digital Records, such as device information, logs and analytics data, account credentials, contents of messages, and browsing history on our website.
  • Geolocation Data, such as your approximate location based upon your IP address.
  • Facility and Communications Records, such as call logging or recordings created in connection with our business activities.
  • Employment or Education Related Data, such as provider group participation, facility association, or education information.
  • Profiles, Summaries, or Inferences, such as inferences drawn from the information listed above.

 

We collect personal information from and about consumers for a variety of purposes. To learn more about the types of personal information we collect, the sources from which we collect or receive personal information, and the purposes for which we use this information, please refer to the “Data Collection and Processing” section of our Privacy Policy.

DISCLOSURE OF PERSONAL INFORMATION

As described in the “Information Sharing” section of our Privacy Policy, we share personal information with third parties for business purposes. The categories of third parties to whom we disclose your personal information for a business purpose may include: (i) other brands and affiliates in our family of companies; (ii) our service providers and advisors; or (iii) analytics providers.

In the last 12 months, we have not knowingly “sold” personal information or “shared” personal information for “cross-context behavioral advertising.” We do not have actual knowledge of “selling” or “sharing” personal information of individuals under 16 years of age.

YOUR CALIFORNIA PRIVACY RIGHTS

As a California resident, you may be able to exercise the following rights in relation to the personal information that we have collected about you (subject to certain limitations at law):

The Right to Access/Know

You have the right to request any or all of the following information relating to your personal information we have collected and disclosed in the last 12 months, upon verification of your identity:

  • The specific pieces of personal information we have collected about you;
  • The categories of personal information we have collected about you;
  • The categories of sources of the personal information;
  • The categories of personal information that we have disclosed to third parties for a business purpose, and the categories of recipients to whom this information was disclosed;
  • The categories of personal information we have sold or shared about you (if any), and the categories of third parties to whom the information was sold or shared; and
  • The business or commercial purposes for collecting or, if applicable, selling or sharing the personal information.

The Right to Request Deletion

You have the right to request the deletion of personal information we have collected from you, subject to certain exceptions.

The Right to Correction

You have the right to request that any inaccuracies in your personal information be corrected, taking into account the nature of the personal data and the purposes of the processing of the consumer’s personal information.

The Right to Non-Discrimination

You have the right not to receive discriminatory treatment for exercising these rights. However, please note that if the exercise of these rights limits our ability to process personal information (such as in the case of a deletion request), we may no longer be able to provide you our products and services or engage with you in the same manner.

The Right to Opt Out of the Sale or Sharing of Personal Data

You have the right to direct us not to sell or share personal information we have collected about you to third parties now or in the future.

The Right to Limit the Use of Sensitive Personal Data

You have the right to direct us to limit the use of your sensitive data.

HOW TO EXERCISE YOUR CALIFORNIA CONSUMER RIGHTS

To Exercise Your Right to Access, Right to Know, Right to Deletion, or Right to Correction

Please submit a request by emailing us at [email protected] with the subject line, “California Rights Request.”

Before processing your request, we will need to verify your identity and confirm you are a resident of the State of California. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your name, email address, or phone number.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Authorized Agents

In certain circumstances, you are permitted to use an authorized agent (as that term is defined by the CCPA) to submit requests on your behalf through the designated methods set forth in this CA Notice where we can verify the authorized agent’s authority to act on your behalf.

For requests to know, delete, or correct personal information, we require the following for verification purposes:

(a) a power of attorney valid under the laws of California from you or your authorized agent; or

(b) sufficient evidence to show that you have:

1. provided the authorized agent signed permission to act on your behalf; and

2. verified your own identity directly with us pursuant to the instructions set forth in this CA Notice; or directly confirmed with us that you provided the authorized agent permission to submit the request on your behalf.

State Privacy Notice

This State Privacy Notice (the State Notice) supplements the information contained in our Privacy Policy above and applies solely to individual residents of the States of Colorado, Connecticut, Utah, and Virginia (consumers or you). This State Notice describes how we collect, use, disclose, and otherwise process personal information of individual residents of the States of Colorado, Connecticut, Utah, and Virginia through our website within the scope of applicable state privacy laws. If you are a California Resident, please see our California Privacy Notice for additional California-specific privacy information.

Unless otherwise expressly stated, all terms in this State Notice have the same meaning as defined in our Privacy Policy or as otherwise defined under applicable state law.

COLLECTION, USE AND DISCLOSURE OF PERSONAL DATA

We collect personal data from and about consumers for a variety of purposes. To learn more about the types of personal data we collect, the sources from which we collect or receive personal information, the purposes for which we use this information, and how this information is shared please refer to the “Data Collection and Processing” and “Information Sharing” sections of our Privacy Policy.

YOUR STATE PRIVACY RIGHTS

As a Colorado, Connecticut, Utah, or Virginia resident, you may be able to exercise the following rights in relation to the personal data that we have collected about you (subject to certain limitations at law):

In accordance with applicable privacy law, and depending upon the jurisdiction in which you reside, you may have some or all of the following rights in respect of your personal data:

  • Right of access. Obtain information about whether your personal data is being retained, and for what purpose, and obtain access to the personal data retained;

  • Right to deletion. Request deletion or restriction of use of your personal data;

  • Right to correction. Request correction of any inaccurate or incomplete personal data we hold about you;

  • Right to withdraw consent. Withdraw your consent to the processing of your personal data, or object on particular grounds that your personal data is subject to processing;

  • Right of portability. Require your personal data in a particular machine-readable format be transferred to you, or to another personal data controller;

  • Right to control over automated decision-making/profiling. Refuse to be subjected to automated decision making that would produce legal or similarly significant effects; or

  • Right to appeal. In the event that we decline to take action on a request exercising one of your rights set forth above, appeal our decision.

    • Colorado Residents: If your appeal is denied, you may contact the Colorado Attorney General to address your concerns here.

    • Connecticut Residents: If your appeal is denied, you may contact the Connecticut Attorney General to submit a complaint here.

    • Virginia Residents: If your appeal is denied, you may contact the Virginia Attorney General to submit a complaint here.


Depending on your state of residency, you may also have the right to not receive retaliatory or discriminatory treatment in connection with a request to exercise the above rights. However, the exercise of the rights described above may result in a different price, rate or quality level of product or service where that difference is reasonably related to the impact the right has on our relationship or is otherwise permitted by law.

How To Exercise Your Right to Access, Right of Portability, Right to Correction, Right to Deletion, or Right to Appeal

Please submit a request by emailing us at [email protected].

Before processing your request, we will need to verify your identity and confirm you are a resident of the State of Colorado, Connecticut, Utah, or Virginia. In order to verify your identity, we will generally either require the successful authentication of your account, or the matching of sufficient information you provide us to the information we maintain about you in our systems. This process may require us to request additional personal information from you, including, but not limited to, your name, email address, and/or phone number.

In certain circumstances, we may decline a request to exercise the rights described above, particularly where we are unable to verify your identity or locate your information in our systems. If we are unable to comply with all or a portion of your request, we will explain the reasons for declining to comply with the request.

Submitting Authorized Agent Requests

In certain circumstances, you are permitted to use an authorized agent to submit requests on your behalf through the designated methods set forth above where we can verify the authorized agent’s authority to act on your behalf. In order to verify the authorized agent’s authority, we generally require evidence of either (i) a valid power of attorney or (ii) a signed letter containing your name and contact information, the name and contact information of the authorized agent, and a statement of authorization for the request. Depending on the evidence provided and your state of residency, we may still need to separately reach out to you to confirm the authorized agent has permission to act on your behalf and to verify your identity in connection with the request.