Skip To Content

Washington Consumer Health Data Privacy Notice

Washington Consumer Health Data

Scope and Relationship to HIPAA

This Consumer Health Data Privacy Notice (“Notice”) applies to “consumer health data” subject to the Washington My Health My Data Act (“MHMD”) and describes how Centivo Corporation (“Centivo”) collects, uses, and shares such data in our role as a health plan administrator.

  • This Notice applies only to the consumer health data of Washington residents that is not governed by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”).
  • Where we act as a business associate or covered entity under HIPAA, our processing of protected health information (“PHI”) is governed by a separate Notice of Privacy Practices.
  • For details about how we collect and process Personal Information in general, please review our Privacy Notice.

Categories of Consumer Health Data We Collect

In our role administering health plans and related services (e.g., digital tools, wellness platforms, member portals), we may collect the following categories of consumer health data that falls outside of HIPAA:

  • Health conditions, diagnoses, treatment, or care management indicators
  • Wellness, behavioral health, or utilization-related data
  • Reproductive, sexual, or gender affirming care indicators
  • Prescription or pharmacy-related information (outside HIPAA scope)
  • Precise location data indicating interaction with healthcare providers or services
  • Inferences derived from non-health data (e.g., utilization patterns, engagement signals)

Sources of Consumer Health Data

We collect consumer health data from:

  • Plan members/consumers (e.g., portals, customer service interactions)
  • Plan sponsors (e.g., employer group data, eligibility files)
  • Providers, vendors, and partners (e.g., wellness vendors, digital health tools)
  • Automated technologies (e.g., mobile apps, analytics, engagement tracking)

Purposes for Collection and Use

We collect and use consumer health data to:

  • Administer health plan services and member support
  • Provide digital tools (e.g., care navigation, wellness programs, benefits platforms)
  • Improve member engagement, outcomes, and service delivery
  • Conduct analytics, reporting, and plan operations
  • Comply with legal and regulatory requirements

We process consumer health data only for purposes disclosed in this Notice unless additional affirmative consent is obtained.

Categories of Consumer Health Data We Share

We may share the following categories of consumer health data:

  • Demographic and identifier-linked health indicators
  • Wellness program participation and engagement data
  • Device or app-generated health-related data
  • Inferred health insights used for plan operations

Categories of Third Parties and Affiliates

We may share consumer health data with the entities below. No affiliates receive consumer health data.

Service Providers and Vendors

  • Claims and eligibility platforms
  • Care management vendors
  • Wellness and digital health platforms
  • Data hosting, analytics, and IT service providers

Plan Sponsors (Employers or Plan Fiduciaries)

  • Limited sharing, typically in aggregated or de-identified form
  • Individual-level data only where permitted and disclosed

Legal/Compliance Recipients

  • Regulators, courts, or enforcement authorities, as required by law

Consumer Rights Under the MHMD Act

If you are a Washington consumer, you have the right to:

  • Confirm whether we collect, use, or share your consumer health data
  • Access your consumer health data
  • Delete your consumer health data
  • Withdraw consent for collection or sharing
  • Request a list of third parties and affiliates with whom your data has been shared

To exercise these rights, please Contact Us:

Email:                   privacy@centivo.com

Address:              Centivo Privacy Officer, 199 Scott Street, Suite 800, Buffalo, New York 14204

Phone:                  (716) 417-8099

As required under applicable law, please note that we will take steps to verify your identity before granting you access to information or acting on your request to exercise your rights. We may require you to provide your email address to verify your identity in response to exercising requests of the above type. You will, therefore, need access to your email account to receive our communications necessary to process your request. Please make sure to check your spam inbox to ensure these important communications are not missed. We may limit our response to your exercise of the above rights as permitted under applicable law.

Designated Agent. You may designate an agent to make a request on your behalf. That agent must have access to your account in order for us to verify the request. You may make such a designation by providing the agent with written permission to act on your behalf. We will require the agent to provide proof of that written permission. As permitted by law, we may require you to verify your own identity in response to a request, even if you choose to use an agent.

Consent Practices

We obtain affirmative, opt-in consent before collecting or sharing consumer health data except where necessary to provide a requested service.

  • Consent for collection and consent for sharing may be obtained separately
  • You may withdraw consent at any time

Sale of Consumer Health Data

We do not sell consumer health data.

Data Security

We maintain administrative, technical, and physical safeguards designed to help protect consumer health data consistent with applicable legal requirements.

Changes to This Notice

We may update this Notice periodically. If we materially change how we collect, use, or share consumer health data, we will provide updated disclosures and obtain consent where required.

Contact Us

For questions or to exercise your rights, please Contact Us:

Email:                   privacy@centivo.com

Address:             Centivo Privacy Officer, 199 Scott Street, Suite 800, Buffalo, New York 14203

Phone:                 (716) 417-8099