Privacy Policy
Effective Date: January 5, 2023
Date Last Updated: January 5, 2023
1. Introduction
If you are a California resident, please click here for more information about your specific privacy rights.
Thank you for your interest in eHealthInsurance Services, Inc. (“eHealthInsurance,” “we,” “us,” or “our”). We are committed to protecting the privacy of those with whom we interact. This Privacy Statement (“Statement”) contains details about how we collect, use, and share personal information about you (defined below) that we obtain from you when you interact with us via our websites (including those listed below), email, mobile application, social media accounts, insurance agent and representative services, communication channels (including online chat and telephone call centers), in other online and offline interactions and services, and from other sources (collectively, the “Service”).
Please read this Statement carefully. It applies to the following websites owned and operated by eHealthInsurance, and our other websites where we post this document as the applicable Privacy Policy:
- https://www.medicare.com/
- https://www.ehealthmedicare.com/
- https://www.ehealthmedicareplans.com/
- https://www.ehealthinsurance.com/
- https://www.gomedigap.com/
Applicability: We collect personal information in several contexts as described below. However, this Statement does not apply to the following information:
- Information about our employees, contractors, agents, and job applicants. Such information is subject to a separate privacy notice that we will make available to individuals.
- Information we collect from individuals with whom we engage in solely business-to-business communications and transactions, such as information about the employees of our business partners and customers.
- Protected health information subject to the Health Insurance Portability and Accountability Act (“HIPAA”) that we handle on behalf of our health insurance carrier partners. In such cases, we are bound by more stringent legal and contractual obligations to those partners. If you have questions about how such information is used or disclosed, please contact your insurance provider. We do not control and are not responsible for their privacy and data processing practices.
Changes: We may update this Statement from time to time. The current Statement will be effective when posted. Please check this Statement periodically for updates. If any of the changes are unacceptable to you, you should cease interacting with us. When required under applicable law, we will notify you of any changes to this Statement by posting an update on this website. When required under applicable law, we will seek affirmative consent from you before making material changes to the way we handle personal information previously collected from you. If you do not provide such consent, personal information will continue to be used in a manner that is consistent with the version of this Statement that was in effect when the information was collected.
2. Sources of Personal Information
We collect information about you and how you interact with us in several ways, including:
- Information you provide to us directly. We collect information that you provide to us directly, such as when you register with us through our Services, or you apply for a health insurance or other product through our Services.
- Information automatically collected or inferred from your online interaction with us. We automatically collect technical information about your online interactions with us (such as IP address and browsing preferences).
- Information from public sources, such as information from public records maintained by government entities, and information you submit in public forums.
- Information from third parties. We receive information about you and your interactions with us from third parties, such as pharmacies, healthcare providers, insurance companies, credit reporting agencies, marketing and advertising providers, social network services, referral partners, data brokers, and companies that provide or sell lists of potential purchasers. We also may receive information about you from friends and family members (such as other people insured under the same policy as you).
We may combine information that we receive from the various sources described in this Statement, including third-party sources and public sources, and use or disclose it for the purposes identified below.
3. Types of Personal Information We Collect
The types of personal information that we may collect about you include:
- Identifiers, such as your name, alias, postal address, , telephone number, unique personal identifier, online identifier, internet protocol address, email address, username, phone number, social media identifiers (e.g., Twitter handle, Instagram name, etc.), Social Security number, driver’s license number, or other similar identifiers, including identifiers for family members who may be insured under an insurance policy.
- Customer records, such as your name, signature, address, telephone number, bank account number, credit card number, or other payment information.
- Application and eligibility information for you and family members who may be insured under an insurance policy, such as age, date of birth, gender, health status, race and ethnicity information, disability, medical history, military or veteran status, date of birth, and financial and tax information (for government subsidies).
- Commercial information and preferences, including product preferences, advertising preferences, products or services purchased, obtained, or considered, or other preferences or interests.
- Internet or other electronic network activity information, such as your browsing history, search history, IP address, and information regarding your interactions with us (including interacting with us online, by the mobile application, and through advertisements).
- Geolocation information, such as approximate location based on your IP address.
- Audio, electronic, visual, or similar information, such as call center recordings, photos at events or customer support chat logs.
- Professional or employment information, such as job title, employer, business address and contact information.
- Inferences drawn from any of the information we collect to create a profile about you reflecting your preferences and characteristics.
4. How We Use Your Personal Information
We may use each category of your personal information described above in the following ways:
- To enable interactions between you and us, such as to facilitate online quoting, applications for, and purchases of our products; to register and administer your account, to support your interactions with us; to provide information about insurance plans; to communicate with you about your policy or our data practices; to install and configure changes and updates to programs and technologies related to interactions with us; to authenticate those who interact with us; and to respond to your requests, complaints, and inquiries.
- For our own internal business purposes, such as to evaluate or audit the usage and performance of programs and technologies related to interactions with us; to evaluate and improve the quality of your interactions with us and the quality of programs and technologies related to interactions with us; to design new services and products; to process and catalog your responses to surveys or questionnaires (e.g., customer satisfaction reviews); to perform internal research for technological development and demonstration; to conduct data analysis and testing; and to maintain proper business records.
- For legal, safety, or security reasons, such as to comply with laws and other legal requirements; to protect our safety, our property or the rights of those who interact with us, or others; and to detect, prevent, and respond to security incidents or other malicious, deceptive, fraudulent, or illegal activity.
- In a de-identified, anonymized, or aggregated format. We may convert personal information into a de-identified, anonymized, or aggregated format, and use such information for any legal purpose.
- For marketing. We may use your personal information to market our products or services or those of third parties, such as our business partners. We may use your personal information to invite you to participate in marketing surveys, questionnaires, promotions, events or contests. We may audit aspects of our ad impressions. We may use your personal information for short-term transient use, including for contextual ad customization. We may use your personal information to enhance our content, to better design and target marketing campaigns, and to deliver advertisements to you, including in commercial emails. For more information about online marketing activity, see Section 6 below.
- To fulfill other purposes disclosed at the time you provide personal information or otherwise where we are legally permitted or are required to do so.
- For any other purposes for which you provide consent.
5. With Whom We Share Your Personal Information
We may share your personal information with the categories of recipients described below:
- Affiliates and subsidiaries: We may share your personal information within the eHealth Insurance group of companies, which includes parents, corporate affiliates, subsidiaries, business units and other companies that share common ownership for the purposes described above.
- Insurance providers, government health care exchanges, and related entities: In order to provide you with insurance you request, we may share your information with insurance companies, Federally-facilitated Exchanges or State-based Exchanges, HSA Trustees or Administrators, and similar entities.
- Service providers and other third parties that help fulfill requests: We may share your personal information with third-parties and service providers that facilitate and support us in processing a request or transaction on your behalf; to provide you with quotes, products, and services; and to process payments. We may share your personal information with an insurance agent when you request to be contacted by an agent, or when you request information about or an application for insurance that is offered through an insurance agent with whom we associate. If you are contacted by a third party, any additional information that you subsequently choose to provide to any third-party entity will be governed by that entity’s privacy policy.
- Third parties that provide business and professional services to us, such as web hosting service providers, IT providers, operating systems and platforms, internet service providers, analytics companies, and marketing providers (e.g., we may share your email address with our outbound email marketing providers), our attorneys, accountants, and auditors. We take reasonable efforts to provide these companies with only the information they need to perform services on our behalf and to limit their use and disclosure of personal information.
- Business partners: We may also provide your personal information or provide access to your personal information to our business partners, such as marketing and advertising providers; social media companies; partners who work with us on joint marketing efforts and/or joint promotional or sponsorship opportunities, including co-branded products and services; referral, lead generators, and other commercial data partners; and other similar third parties.
- For legal, security and safety purposes: We may share your personal information with third parties such as law enforcement, regulators, or others to comply with federal, state, or local laws, a subpoena or other legal process, and other applicable legal requirements; to protect the confidentiality and security of our records; to protect against or prevent fraud; for claims administration; to enforce or apply our Terms of Use and other agreements; and to protect our rights and our property or safety of our users or third parties.
- In connection with a corporate transaction: We may transfer any information we have about you in connection with a change in corporate control, including but not limited to a merger or sale (including transfers made as part of insolvency or bankruptcy proceedings) involving all or part of eHealthInsurance Services, Inc. and its business, or as part of a corporate reorganization or stock sale.
- Organizations with which you have a relationship: We may disclose personal information to an affinity group, employer, provider group, benefits administrator or consultant, healthcare system, pharmacy, financial services provider, or other entity with which you may have a relationship when such entity referred you to us or when you use our website or call center in connection with your relationship to such entity.
- To others with your consent.
We may also de-identity, anonymize, or aggregate personal information to share with third parties for any purpose.
6. How We Use Cookies and Automatic Data Collection Tools
We (and authorized third parties) use cookies and other tracking technologies on our websites, mobile application, online advertisements, and other online properties (“Digital Properties”) to collect information about you, your device, and how you interact with our Digital Properties. This section contains additional information about:
- The types of tracking technologies we use and the purposes for which we use them
- The types of information we collect using these technologies
- How we disclose or make information available to others
- Choices you may have regarding these technologies
- Types of Cookies and Tracking Technologies We Use
Our Digital Properties and the third parties that we authorize may use the following tracking technologies:
- Cookies, which are a type of technology that install a small amount of information on a user’s computer or other device when they visit a website. Some cookies exist only during a single session and some are persistent over multiple sessions over time.
- Pixels, web beacons, and tags, which are types of code or transparent graphics. In addition to the uses described below, these technologies provide analytical information about the user experience and help us customize our marketing activities. In contrast to cookies, which are stored on a user’s computer hard drive, pixels, web beacons, and tags are embedded invisibly on web pages.
- Session replay tools, which record your interactions with our Digital Properties, such as how you move throughout our Digital Properties and engage with our webforms. In addition to the uses described below, this information helps us improve our Digital Properties and identify and fix technical issues visitors may be having with our Digital Properties.
- Embedded scripts and SDKs, which allow us to build and integrate custom apps and experiences, some of which may be developed by a third party.
- Purposes for Using These Technologies
We and authorized third parties use these technologies for purposes including:
- Personalization, such as remembering user preferences, login details and browsing behavior; tracking your activity across online properties and platforms over time to better understand your preferences and interests; and personalizing online content;
- Improving performance, such as maintaining and improving the performance of our Digital Properties;
- Analytics, such as analyzing how our websites are used. For example, we use Google Analytics to help us improve our Digital Properties’ performance and user experiences. Google Analytics may use cookies and other tracking technologies to perform their services. To learn how Google Analytics collects and processes data, please visit: “How Google uses data when you use our partners’ sites or apps” located at www.google.com/policies/privacy/partners;
- Advertising, such as providing you with offers that may be of interest to you; conducting targeted advertising to you on our Digital Properties and those of third parties, including jointly marketing the products and services of our and other businesses; and measuring the effectiveness of our communications with you and advertising campaigns, including identifying how and when you engage with our communications.
- Information Collected
These tracking technologies collect data about you and your device, such as your IP address, location (both approximate and precise), cookie ID, device ID, AdID, operating system, browser used, browser history, search history, and information about how you interact with our Digital Properties (such as pages on our Digital Properties that you have viewed).
- Disclosures of Your Information
We may disclose information to third parties or allow third parties to directly collect information using these technologies on our Digital Properties, such as social media companies, advertising networks, companies that provide analytics including ad tracking and reporting, security providers, and others that help us operate our business and Digital Properties. These companies may use these technologies to gather information about both your visits to our Digital Properties and your visits elsewhere on the Internet, including to provide you with more relevant advertising in what is known as interest-based advertising.
- Your Choices
Some of the companies that perform advertising-related services for us may participate in the Digital Advertising Alliance (“DAA”) and/or Network Advertising Initiative (“NAI”). The DAA and NAI provide mechanisms for you to opt out of interest-based advertising performed by members at http://www.aboutads.info/choices and https://optout.networkadvertising.org/. You may also click on the AboutAds icon on advertisements and follow the instructions on how to opt out. Opting out of interest-based advertising will not opt you out of all advertising, but rather only interest-based advertising from us or our agents or representatives. Also, if your browsers are configured to reject cookies when you visit these opt-out webpages, or you subsequently erase your cookies, use a different device or web browser or use a non-browser-based method of access (e.g., mobile app), your NAI / DAA browser-based opt-out may not, or may no longer, be effective.
You can also refuse or delete cookies using your browser settings. If you refuse or delete cookies, some of our website functionality may be impaired. If you change computers, devices, or browsers, or use multiple computers, devices, or browsers, and delete your cookies, you may need to repeat this process for each computer, device, or browser. Please refer to your browser’s Help instructions to learn more about how to manage cookies and the use of other tracking technologies.
Some browsers have incorporated Do Not Track (“DNT”) preferences. Most of these features, when turned on, send signals to the website you are visiting that you do not wish to have information about your online searching and browsing activities collected and used. As there is not yet a common agreement about how to interpret DNT signals, we do not honor DNT signals from website browsers at this time.
7. Security
We maintain reasonable security procedures and technical and organizational measures to protect your personal information against accidental or unlawful destruction, loss, disclosure, access, alteration, or use. Nevertheless, transmission via the Internet and online digital storage are not completely secure and we do not guarantee the security of your information collected through the Service.
8. Children’s Privacy
Interactions with us are intended for individuals 16 years of age and older. Our interactions are not directed at, marketed to, nor intended for, children under 16 years of age. We do not knowingly collect any information, including personal information, from children under 16 years of age. If you believe that we have inadvertently collected personal information from a child under the age of 16, please contact us at the address below and we will use reasonable efforts to delete the child’s information from our databases.
9. External Links
When interacting with us you may encounter links to external sites or other online services, including those embedded in third-party advertisements or sponsored content which we do not control. We are not responsible for the privacy practices and data collection policies for such third-party services. You should consult the privacy statements of those third-party services for details.
10. Your Rights
Upon request, eHealthInsurance will provide you with information about whether we hold any of your personal information. If your personal information changes, or if you otherwise want to correct, update, delete, or make other requests regarding your data (such as limiting sharing with non-affiliates), you may call us toll free at 800-977-8860 or by mail at:
Customer Service, eHealthInsurance.com
13620 Ranch Road 620 N, Suite A-250
Austin, TX 78717
Additionally, you may update your name, email address and password by clicking on the “Sign in” or “My Account” link on this website and signing in using your email address and password. We will respond to your request to access within a reasonable timeframe.
We will make reasonable efforts to respond to your request but cannot guarantee that we will be able to honor your request. For example, we generally will retain your information for as long as your account is active, as needed to provide you services, or for other business purposes. We will retain and use your information as necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.
Please note that once your application has been submitted to your chosen health insurance company or any other relevant party (such as the federal government in the case of an application involving advanced premium tax credits) you may have to contact the insurance company or such other party directly to update your application and/or exercise your individual rights under HIPAA.
To opt-out of receiving promotional email messages from us, please click on the “Unsubscribe” link contained at the bottom of each email or by contacting us using the information above. To opt-out of receiving satisfaction surveys and/or information on additional products and services from us, you may contact us at the information above. Please note that you will still receive communications from us regarding your insurance quote, application, policy or advanced premium tax credit even if you opt-out of receiving our surveys and/or notices of additional products or services.
11. Terms of Use
The Terms of Use for interactions with us is incorporated by reference into this Statement and can be found here.
12. Contact
If you have questions regarding this Statement or our privacy practices, please contact us at:
eHealthInsurance Services, Inc.
ATTN: Privacy
13620 Ranch Road 620 N, Suite A-250
Austin, TX 78717
privacy@ehealthinsurance.com
TELEPHONE: 800-977-8860
13. California Consumer Privacy Act
As an insurance broker, eHealthInsurance rarely handles personal information that is subject to the California Consumer Privacy Act (“CCPA”). In the very limited cases where we may collect information about certain California residents subject to the CCPA, this section applies. This CCPA notice does not apply to the following information:
- Any information provided in connection with seeking a financial product or service (including any data subject to the Gramm-Leach Bliley Act (“GLBA”) or the California Financial Information Privacy Act (“CalFIPA”)) and information subject to the Fair Credit Reporting Act (“FCRA”).
- Protected health information subject to HIPAA that we handle on behalf of our health insurance carrier partners. In such cases, we are bound by more stringent legal and contractual obligations to those partners. If you have questions about how such information is used or shared, please contact your insurance provider. We do not control and are not responsible for their privacy and data processing practices.
- Information about individuals who are not California residents.
- Information about our own employees, contractors, agents, and job applicants. Such information is subject to a separate privacy notice that we will make available to the applicable individuals.
- Information we collect from individuals with whom we engage in solely business-to-business communications and transactions, including due diligence transactions, such as information about the employees of our business clients.
We collect limited personal information subject to the CCPA from data brokers. We use and disclose such information for our marketing and related operational purposes. We do not “sell” personal information as defined under the CCPA and we do not knowingly sell the personal information of minors under 16 years of age.
We use and disclose sensitive personal information only for (i) performing services or providing goods reasonably expected by an average consumer; (ii) detecting security incidents; (iii) resisting malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) short-term, transient use, including nonpersonalized advertising; (vi) performing or providing internal business services; (vii) verifying or maintaining the quality or safety of a service or device; or (viii) purposes that do not infer characteristics about you.
We retain your Personal Information as long as necessary to fulfill the purposes outlined in this Notice unless we are required to do otherwise by applicable law. This includes retaining your Personal Information to provide you with the products or services you have requested and interact with you; maintain our business relationship with you; improve our business over time; ensure the ongoing legality, safety and security of our services and relationships; or otherwise in accordance with our internal retention procedures. Once you have terminated your relationship with us, we may retain your Personal Information in our systems and records in order to ensure adequate fulfillment of surviving provisions in terminated contracts or for other legitimate business purposes, such as to enable easier future user onboarding, demonstrate our business practices and contractual obligations, or provide you with information about our products and services in case of interest.
The following chart contains more detail about the categories of personal information we collect and disclose.
Categories of Personal Information We Collect | Categories of Third Parties With Whom We Disclose Personal Information for a Business Purpose |
Identifiers, such your name, alias, postal address, telephone number, unique personal identifier, email address, phone number, or other similar identifiers. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Records about you, such as estimated income, financial information, and other demographic information we receive from data brokers. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Characteristics of protected classifications under California or Federal Law, such as age and gender. |
· Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Commercial information, including records of personal property, product or services purchased, obtained or considered, or other purchasing or consuming histories or tendencies. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Geolocation data, limited to your address. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Professional, employment, or education information, such as job title, employer, business address and contact information, employment history, other professional information, or education history. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Inferences drawn from any of the information identified above to create a profile about a consumer reflecting the consumer’s preferences and characteristics. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Sensitive personal information, such as health information and racial or ethnic origin. | · Affiliates and subsidiaries · Third party service providers · For legal, security, and safety purposes · In connection with a corporate transaction · Entities to which you have consented to the disclosure |
Your Rights
Subject to legal limitations and exceptions, California residents may exercise the following rights by calling us toll free at 800-977-8860 or by using our webform:
- Right to Know. You have the right to request information about the categories of personal information we have collected about you, the categories of sources from which we collected the personal information, the purposes for collecting the personal information, and the categories of third parties with whom we have shared your personal information (“Categories Report”). You may also request information about the specific pieces of personal information we have collected about you (“Specific Pieces Report”).
- Right to Delete. You have the right to request that we delete personal information that we have collected from you.
- Right to Correct. You have the right to request that we correct inaccurate personal information that we maintain about you.
Non-Discrimination: In accordance with applicable law, we will not discriminate against you for exercising these rights.
Verification: In order to exercise your rights, we may need to obtain information to locate you in our records, verify that you are a California resident, and/or verify your identity depending on the nature of the request.
Please be aware there might be circumstances where we will not honor you request, as permitted under the CCPA. For example, if we are not able to verify your identity and that you are a California resident, we may not honor your access, correction, or deletion request. Additionally, we may not delete your personal information if an exception under the CCPA applies to your deletion request. When making a request, you will be asked to provide your zip code, first and last name, date of birth, phone number (optional) and indicate how you would like to be contacted, which may require you provide contact information. You will also be required to attest that you are entitled to make the request.
We may request alternative information under certain circumstances and will inform you if such information is needed in the verification process.
Authorized Agents: Authorized agents may exercise rights on behalf of consumers, but we reserve the right to also verify the consumer directly as described above. Authorized agents must contact us by mail at the address provided above and include a signed declaration from the consumer demonstrating the agent has authority to exercise rights on the consumer’s behalf. We may also require the consumer to directly verify their own identity with us or directly confirm they provided the agent permission to submit the request.
Timing: We will respond to Requests to Know, Requests to Delete and Requests to Correct within 45 calendar days, unless we need more time (in which case we will notify you) and may take up to 90 calendar days in total to respond to your request.
California Shine the Light: We do not share personal information subject to California Civil Code § 1798.83 (the “Shine the Light law”) with third parties for their direct marketing purpose.