Privacy Policy for Health Plan Enrollees Using Informed + Choice
Introduction
Informed + Choice securely connects your healthcare providers and insurance agents with Medicare Data that you authorize through Medicare’s secure connection. Our priority is protecting your privacy and clearly explaining how your data is accessed, displayed, stored, and protected.
This policy covers the Medicare Blue Button 2.0 / Medicare Data flow for consumers and health plan enrollees. It does not cover professional user accounts or other Agent Vault records, which are covered by separate policies and agreements.
This policy applies to:
- Insurance Agent Interactions
- Clinician/Physician Interactions
- Healthcare Provider Interactions
How the Process Works
Your healthcare provider or insurance agent may ask your permission to access your health plan claims data. Upon your consent, you will receive a text or email notification from Informed + Choice, clearly stating:
- Who is requesting access (name, address, and phone number of the doctor or agent)
- Exactly what data they will be able to access
- How long they will have access to this information
By approving this request, you will be securely redirected to your health plan’s official website, where you will log in to authorize access.
Medicare.gov Login Credentials
Informed + Choice does not ask for or store your Medicare.gov username or password. CMS Blue Button Terms expressly prohibit requesting, accessing, using, or sharing Medicare.gov login credentials.
Your Control Over Data Access
- Explicit Consent: Your data will only be accessed after you explicitly agree.
- Transparency: You will always know who is requesting access and exactly what information they are viewing.
- Revocation and removal: You can revoke access at any time directly on Medicare.gov or your health plan’s website. You may also ask Informed + Choice to remove information we obtained from Medicare through Blue Button for an annual review or provider/physician workflow.
Data Privacy and Protection
We protect information while it’s moving and while it’s stored, limit who can access our systems, use vendors that are bound by appropriate privacy and security commitments, and regularly review our safeguards.
What We Store (and for How Long)
- Temporary Medicare Data during a connection: When you connect Medicare Data, Informed + Choice temporarily receives information from Medicare to display the authorized page or help prefill your annual review. This may include prescription drug information, pharmacies, doctors, providers, coverage information, current plan information, and related Medicare source data. If you do not submit an annual review and no provider refresh authorization applies, temporary Medicare Data used for the connection is removed after the connection window ends.
- Annual review information submitted to your agent: If you submit the review to your agent, we may store the annual review information used for that review for up to one year after submission. This may include information you confirmed, information you marked as incorrect, information you added, source dates, and related review records.
- Why annual review information may be kept for one year: We store this information for up to one year because Medicare plan reviews are tied to the plan year. If questions, coverage concerns, or follow-up issues arise during that plan year, your agent can refer back to the information used for the review. After one year, a new annual review may require new information, a new manual submission, or a new Medicare Data authorization.
- Contact details (phone/email): Used only to send your approval link. We do not keep your phone number or email address after the request is completed or expires.
- Secure key for providers (not agents): Allows your provider to request the latest information from your plan until the approval period ends. Typically kept for up to 13 months, or until you revoke access, then removed from our systems.
- Audit records: For safety, security, and compliance, we keep a record that an approval happened (for example, “you approved on this date”). These records do not include your medical details and are retained only as legally required.
Minimum Necessary Principle
We only store the information required to deliver the service you approved, support a submitted annual review, protect the service, and satisfy legal, security, operational, or recordkeeping requirements.
Requesting Removal of Blue Button Information
You may ask us to remove information we obtained from Medicare through Blue Button for an annual review or provider/physician workflow by contacting your agent, provider, or Informed + Choice at [email protected]. When we receive that request, we remove that information from our active systems and do not continue storing it, except for minimal audit, security, legal, or operational records we are required to keep.
What Information Your Provider or Agent Receives
- Providers: Your historical health plan claims data, including treatments, medications, and visits, along with a secure key to refresh data during the approval period.
- Agents: Prescription drug information, pharmacy information, doctor and provider information, coverage information, current plan information, and annual review information you submit. Agents do not receive ongoing keys and cannot refresh or request updates after the connection window ends.
Your Account Status
Medicare beneficiaries and health plan enrollees using this Medicare Data workflow do not create consumer accounts with Informed + Choice. Dormant or closed-account rules generally do not apply to you. Medicare Data, submitted annual review information, provider refresh keys, contact details, and audit records are handled under the retention rules described in this policy.
Protecting Your Family’s Privacy
We only retrieve and use the information necessary to help you with your insurance or care. We do not collect, store, or share any genetic or family health history information.
Handling De-identified Data
We do not collect, store, or analyze de-identified, anonymized, or pseudonymized data from your health records.
Changes and Notification
- If our privacy practices change, we will notify you clearly and promptly.
- In the unlikely event of a data breach, we will notify affected parties without unreasonable delay and as required by law, and we will take corrective action.
Business Transfers
If Informed + Choice is involved in a merger, acquisition, financing, reorganization, bankruptcy, receivership, or sale of assets, information covered by this policy may be transferred as part of that transaction. Any transferred information remains subject to this policy unless we notify you of a material change and obtain any required approval.
Contacting Us
If you have questions about this policy or your health plan data handling, please contact our Privacy Officer:
- Email: [email protected]
- Address: Ardor Service LLC, d/b/a Informed + Choice, 1034 North Madison Avenue, Pasadena, California 91104
Legal Contact — Lyndsy Rodgers
- Email: [email protected]
- Address: 1034 N. Madison Ave, Pasadena, CA 91104
Acknowledgment
By authorizing your healthcare provider or insurance agent to access your data through Informed + Choice, you confirm that you understand and agree to these privacy practices.