Privacy Policy
Effective Date: June 27, 2022
Thank you for registering at www.hioscar.com or on the Oscar mobile app (together, the “Site”). At Oscar, it is our policy to protect your information. We know that we have a lot of information about you and want to be sure that we use it the right way. Please read the following to learn more about our Privacy Policy.
By using or accessing the Services in any manner, regardless of whether you register or create an Account through the Services, you acknowledge that you accept the practices and policies outlined in this Privacy Policy, and you hereby consent that we will collect, use, and share your information in the following ways.
Remember that your use of Oscar’s Services is at all times subject to the Terms of Service, which incorporates this Privacy Policy. Any terms we use in this Privacy Policy without defining them have the definitions given to them in the Terms of Service.
What does this Privacy Policy cover?
This Privacy Policy covers our treatment of personally identifiable information (“Personal Information”) that we gather when you are accessing or using our Services, and to the treatment of personally identifiable information by our telemedicine partners, Oscar Medical Group, P.A., but not to the practices of other companies we don’t own or control, or people that we don’t manage. We gather various types of Personal Information from our users, as explained in more detail below, and we use this Personal Information in connection with our Services. In certain cases, we may also share some Personal Information with third parties, but only as described below.
How do we collect and use Personal Information?
We receive and store any information you knowingly provide to us. For example, when you enroll in one of our plans, you (or the applicable state or federal exchange, depending on how you enroll) provide us with some information about you, including your name, address, social security number, age, annual household income and if applicable, names and ages of your immediate family members. When you activate your Account or register on the Site, the information that we collect will be used to associate your Account with your plan enrollment information. Each member uses a unique username to access their Account information through www.hioscar.com or the Oscar mobile application; only you should use your username and the password you choose to log into your Account. Do not give this username and password to others. Oscar also maintains data that has been provided to us or uploaded to Oscar by you, our member, as well as our “Business Associates” (those vendors who perform work on our behalf for the purpose of payment, treatment, or healthcare operations - and who have written agreements with us that specifically indicate how they will protect your information). We maintain claims information, information about prior authorizations that you requested and any other information needed to provide you with the healthcare services that you need. In some cases, we may request additional consent from you if we think that there is other information that will help us better coordinate your care or better personalize it towards your needs.
If you have provided your contact information to us, we may store and use that information to contact you for marketing and promotional purposes by various means, including regular mail, email, telephone, including voicemail, or SMS/MMS (text message). You may receive messages about wellness programs or other programs sponsored by Oscar or its Business Associates. You can recognize when an affiliated business is associated with such a transaction or service, and we will share your Personal Information with that affiliated business only to the extent that it is related to such transaction or service. We have no control over the policies and practices of third party websites or businesses as to privacy or anything else, so if you choose to take part in any program or service relating to a Business Associate or affiliated business of ours, please review all such businesses’ or websites’ policies. We may receive a confirmation when you open an email from us. This confirmation helps us make our communications with you more interesting and improve our services. To the extent permitted by law, and if you have provided your contact information to us, we may store and use that information to contact you about your care and benefits by various means, including regular mail, email, telephone including voicemail, or SMS/MMS (text message). By voluntarily opting to have text messages sent directly to your mobile phone you agree to our Text Messaging Terms and Conditions. We may also use your information to notify you about payment information and/or to communicate with you about your Account. You will have the ability to opt out of any marketing or advertising communications, but we may still send you communications relating to your Account for purposes important to the Services, such as password recovery or a payment reminder.
If you choose to use a bank account to make payments through the Services, we collect and store your bank account information. If you use a payment card to make payments through the Services, that information is collected and stored by our third party payment processing companies (the “Payment Processors”) which is currently USAePay, a service of Vericheck, and use and storage of that information is governed by the Payment Processor’s applicable terms of service and privacy policy. However, we may from time to time request and receive some of your financial information from our Payment Processor for the purposes of completing transactions you have initiated through the Services, enrolling you in discount, rebate, and other programs in which you elect to participate, protecting against or identifying possible fraudulent transactions, and otherwise as needed to manage our business.
Other information; “cookies” and “tags”
You should also be aware that when you use our Services, we collect certain “usage data,” such as the number of visitors we receive or what pages are visited most often. This data helps us to analyze and improve the usefulness of the information of our Services.
We may also collect, or receive from third parties, information based on your IP address that provides us your geolocation data in order to identify relevant markets for users down to a ZIP code level of detail and to provide a better mobile experience. We do not store, sell, disclose or use this data to serve advertisements.
Like most commercial website owners, we may use what is known as “cookie” technology. A “cookie” is an element of data that a website can send to your browser when you link to that website. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, the website is able to recognize repeat users, track usage patterns and better serve you when you return to that site. Our cookies do not extract other personal information about you, such as your name or address. You may be able to change the preferences on your browser or device to prevent or limit your device’s acceptance of cookies, but this may prevent you from taking advantage of some of our features. We may also use what is known as “client-side page tagging,” which uses code on each page to write certain information about the page and the visitor to a log when a page is rendered by your web browser. This technique is also commonly used on commercial websites. “Tagging” does result in a JavaScript program running on your computer, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files, or execute any additional programs. It does not extract any personal information about you, such as your name or address. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our Site’s functions. Because there is not yet a common understanding of how to interpret the “Do Not Track” signal, we do not currently respond to browser “Do Not Track” signals.
How do we share Personal Information?
We do not rent or sell your Personal Information in personally identifiable form to anyone. We may share your Personal Information with third parties as described in this section.
Oscar will not sell, license, transmit or disclose outside of Oscar the information you provide to us unless (a) expressly authorized by you, (b) necessary to enable our Business Associates to perform certain functions for us, or (c) required or permitted by law. In all cases, we will disclose the information consistent with applicable laws and regulations and we will require the recipient to protect the information and use it only for the purpose it was provided and as necessary to assist us. Oscar takes the Health Insurance Portability and Accountability Act of 1996 (HIPAA) seriously and provides appropriate safeguards to your protected health information (PHI) – this may include your name, address, social security number, email address, telephone number and certain claims data.
We may de-identify your Personal Information in accordance with applicable state and federal law, and provide that information to our partners. We may also provide aggregate usage information to our partners (or allow partners to collect that information from you), who may use such information to understand how often and in what ways people use our Services, so that they, too, can provide you with an optimal online experience. We disclose usage data for our non-member portal site to partners who may provide you with additional information on Oscar products and services.
We may choose to buy or sell assets, and may share and/or transfer customer information in connection with the evaluation of and entry into such transactions. Also, if we (or our assets) are acquired, or if we go out of business, enter bankruptcy, or go through some other change of control, Personal Information could be one of the assets transferred to or acquired by a third party.
We may retain your information as needed for business purposes. Notwithstanding any provision to the contrary, we will retain, access, use and disclose your information as we believe is necessary to comply with our legal obligations, resolve disputes, enforce our Terms of Service and other agreements, or to protect the rights, property or safety of Oscar, our employees, our users or others. For more information about our privacy practices, including what information is provided to our Business Associates for payment, treatment and healthcare operations purposes, please see our Notice of Privacy Practices.
Children under 18
Our Site and Services are not intended to be used by children under 18 years old. You represent and warrant that you are at least 18 years of age. If you are under age 18, you may not use the Site or Services. We do not knowingly collect Personal Information from, or target our Site or Services to, children under the age 18. We understand that there may be exceptions to this rule including, but not limited to, children who are emancipated. If we discover that the Site is being used inappropriately, we may disable the user ID so that the individual may no longer access our Site.
Your email
We welcome your comments or questions about our Site and Services. You can email your comments to our customer service center at [email protected]. We will share your comments and questions with our customer service representatives and those employees most capable of addressing your questions and concerns. Please note that your email, like all non-encrypted Internet email communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us. For that reason, to protect your privacy, please do not use email to communicate information to us that you consider confidential. If you wish, you may contact us instead by telephone at 1-855-672-2755.
How can you stop receiving emails?
Each marketing email we send to you contains an unsubscribe link through which you may easily opt-out of receiving future commercial emails from us. If you do not wish to receive additional commercial emails from Oscar, simply click the unsubscribe link and follow the instructions to unsubscribe your email address. If you have unsubscribed but continue to receive email from us or from one of our customers, you may report this to us by calling 1-855-672-2755. Please note that unsubscribe requests may take up to 7 - 10 days to process. You will have the ability to opt out of any marketing or advertising communications, but we may still send you communications relating to your Account for purposes important to the Services, such as password recovery or a payment reminder.
Linking to other sites
From time to time, Oscar may provide links to other websites that we think might be useful or interesting – these are not owned or controlled by Oscar and may be subject to separate terms and conditions and privacy policies. While we try to be proactive and ensure that appropriate protections are in place, we cannot be responsible for the privacy practices used by other website owners or the content or accuracy of those other websites. Links to various non-Oscar websites do not constitute or imply endorsement by Oscar of these websites, any products or services described on these sites, or of any other material contained in them.
Security
Oscar has adopted and adheres to stringent security standards designed to protect non-public personal information at hioscar.com against accidental or unauthorized access or disclosure. Among the safeguards that Oscar has developed for this Site are administrative, physical and technical barriers that together form a protective firewall around the information stored at this Site. We are committed to being HIPAA compliant and ensuring that our Business Associates meet the same standards. We periodically subject our Site to simulated intrusion tests and have developed comprehensive disaster recovery plans. We also review Business Associates privacy and security policies on a regular basis.
For registered users, your Account is protected by a password for your privacy and security. You must prevent unauthorized access to your Account and Personal Information by selecting and protecting your password and/or other sign-on mechanism appropriately and limiting access to your computer or device and browser. We endeavor to protect the privacy of your Account and other Personal Information we hold in our records, but unfortunately, we cannot guarantee complete security. Unauthorized entry or use, hardware or software failure, and other factors, may compromise the security of user information at any time.
What Personal Information can I access?
In some cases, registered users will be able to change their password and update the information that they provide to us, such as address, contact information and health information, by going to the settings page of their Account at hioscar.com; in other cases, registered users may need to contact the appropriate state or federal health insurance exchange to update their information. Registered and unregistered users can access and delete cookies through their web browser settings.
The information you can view, update, and delete may change as the Services change. If you have any questions about viewing or updating information we have on file about you, please contact us at 1-855-672-2755.
What choices do I have?
You can use certain features of the Services without registering, thereby limiting the types of information that we collect. You can always opt not to disclose information to us, but keep in mind some information may be needed to register with us or to take advantage of some of our features.
If you have registered for the Services, you may be able to add, update, or delete information in your Account as explained above. When you update information, however, we may maintain a copy of the unrevised information in our records. You may request deletion of your Account by calling us at 1-855-672-2755. Some or all of your information may remain in our records after your deletion of such information from your Account. We may use any aggregated data derived from or incorporating your Personal Information after you update or delete your Account, but not in a manner that would identify you personally.
Confidential Communications Request
You may request an alternative means or location for receiving communications. You may submit a confidential communication request at any time. To make a request, please call 1-855-672-2755 or email [email protected]. You may also send a formal written request to P.O. Box 52146, Phoenix, AZ 85072–2146. All members please note, we will need to further verify your identity to complete this request.
California Residents
This portion of the Privacy Notice applies to individuals who are California residents, and is adopted to conform with the California Consumer Protection Act of 2018 (CCPA). Any terms defined in the CCPA have the same meaning when used herein.
The CCPA does not apply to “protected health information” under HIPAA; “medical information” under the California Confidentiality of Medical Information Act (CMIA); nonpublic “personal information” under the Fair Credit Reporting Act (FCRA), the Gramm-Leach-Bliley Act (GLBA) or California Financial Information Privacy Act (CalFIPA); de-identified or aggregated information; or publicly available information. This portion of the Privacy Notice applies only to information included in the CCPA’s scope.
Information We Collect
This section describes the categories of information we have collected from consumers in the past 12 months, and examples of such information.
Category of Information | Examples | Business Purpose for Collection |
---|---|---|
Identifiers | Real name, alias, postal address, unique personal identifier, online identifier, internet protocol address, email address, account name, social security number, driver’s license number, passport number, or other similar identifiers | To fulfill or meet the reason you provided the information; Account maintenance purposes; To improve or enhance our Services and Site |
Personal Information per categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)) | Name, signature, social security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information. | To fulfill or meet the reason you provided the information; Account maintenance purposes; To improve or enhance our Services and Site |
Protected classification characteristics under California or federal law | Race, religious creed, color, national origin, ancestry, physical disability, mental disability, medical condition, genetic information, marital status, sex, gender, gender identity, gender expression, age, sexual orientation, or military and veteran status. | To improve or enhance our Services and Site |
Internet or other similar network activity | Browsing history, search history, and information regarding a consumer’s interaction with an internet website, application, or advertisement. | To fulfill or meet the reason you provided the information; To improve or enhance our Services and Site |
Professional or employment-related information | Current or past job history or performance evaluations. | To fulfill or meet the reason you provided the information |
Disclosure of Information: In the past 12 months, we have disclosed the following categories of information to third parties for business purposes: Identifiers; Personal Information per categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e)); Protected classification characteristics under California or federal law; Internet or other similar network activity; and Professional or employment-related information.
Sale of Information: In the past 12 months, we have not sold any information to third parties.
Rights Under the CCPA
Right to Access Information: After receiving a verifiable consumer request, we will provide the requestor the personal information we have about the individual. If the request is not verifiable, we will provider categories of the information we have about the individual.
Right to Delete Information: After receiving a verifiable request, we will delete personal information we have about the individual, unless a CCPA exception applies.
Right to Opt Out of the Sale of Information: You have a right to opt out of the sale of information to third parties. We do not sell personal information to third parties.
Non-Discrimination: We will not discriminate against you for exerising your rights under the CCPA.
To exercise your rights under the CCPA, please call 1-855-672-2755 or visit CCPA request. We will use the information you provide in your request to verify your identity. You must provide certain information when requesting to access or to delete personal information, including: your name, date of birth, email, phone number, and address.
You may designate an authorized agent to make your request to exercise your rights. For more information on authorized agents under the CCPA, please visit the California Attorney General’s website at: https://oag.ca.gov/..
Fees may apply when permitted by law.
Other California Rights
Under California Civil Code Sections 1798.83-1798.84, California residents are entitled to ask us for a notice identifying the categories of Personal Information which we share with our affiliates and/or third parties for marketing purposes, and providing contact information for such affiliates and/or third parties. If you are a California resident and would like a copy of this notice, please submit a written request to [email protected]
Contact Us
Please call 1-855-672-2755 or email [email protected] with any questions or concerns.
Changes to this Privacy Policy
Oscar may change this Privacy Policy from time to time. When updates are made, the Privacy Policy version date will also be updated to reflect that a revision occurred. Your use of our Site and/or Services after such revisions are first posted will mean you acknowledge and agree to be bound by those revisions. We encourage you to periodically reread this Privacy Policy to see if there have been any changes that may affect you. This Privacy Policy is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
Contact Us
Call Member Services at 1-855-672-2755