Overview
HealthPass by Legacy Health Network ("HealthPass," "we," "our," or "us") is committed to protecting your privacy and safeguarding your personal and health-related information. This Privacy Policy describes how we collect, use, disclose, and protect information when you visit our website, use our services, submit inquiries, or enroll in our health benefit programs.
By accessing or using our website or services, you acknowledge that you have read, understood, and agree to the practices described in this Privacy Policy. If you do not agree with these practices, please do not use our services.
Information We Collect
We collect information in a variety of ways depending on how you interact with us. This includes information you provide directly, information collected automatically, and information received from third parties.
We may receive information about you from employers, insurance brokers, or benefit administrators acting on your behalf, as well as from healthcare providers within the Legacy Health Network when coordinating your care.
How We Use Your Information
We use the information we collect for the following purposes:
We do not sell your personal information to third parties for their own marketing purposes.
Sharing & Disclosure
We do not sell, rent, or trade your personal information. We may share your information only in the following limited circumstances:
We engage trusted third-party vendors to help operate our business — including payment processors, IT infrastructure providers, email platforms, and analytics tools. These vendors are contractually required to protect your information and may only use it to perform services on our behalf.
To coordinate your care and administer your benefits, we may share necessary information with providers within the Legacy Health Network, ChiroFirst Alliance, and affiliated partners — consistent with applicable HIPAA authorizations and Business Associate Agreements.
If your HealthPass enrollment is sponsored or administered through your employer, we may share enrollment status and plan utilization data — in aggregate or de-identified form — with authorized HR administrators for plan management purposes.
For the ACA-compliant HDHP component of the HealthPass bundle, enrollment and eligibility information is shared with the applicable insurance carrier to establish and maintain your coverage.
We may disclose your information when required by law, court order, regulatory authority, or to protect the rights, property, or safety of HealthPass, its members, or the public.
In the event of a merger, acquisition, or sale of assets, your information may be transferred as part of that transaction. You will be notified via a prominent notice on our website if such a change affects how your data is handled.
Cookies & Tracking Technologies
Our website uses cookies and similar technologies to improve your browsing experience, analyze site traffic, and support certain functionality.
You can control or disable non-essential cookies through your browser settings or via any cookie consent tool present on our site. Note that disabling certain cookies may affect site functionality. Most browsers also support a "Do Not Track" (DNT) signal — we honor DNT requests where technically feasible.
Data Security
We implement industry-standard technical, administrative, and physical safeguards to protect your information from unauthorized access, disclosure, alteration, or destruction. These measures include:
While we take reasonable precautions to protect your information, no method of transmission or storage is 100% secure. In the event of a data breach affecting your rights or freedoms, we will notify affected individuals and relevant authorities as required by applicable law.
Data Retention
We retain your personal information for as long as necessary to fulfill the purposes described in this Privacy Policy, unless a longer retention period is required or permitted by law.
When your data is no longer needed, we securely delete or anonymize it in accordance with our data disposal procedures.
Your Privacy Rights
Depending on your state of residence, you may have the following rights with respect to your personal information:
California residents may have additional rights under the California Consumer Privacy Act (CCPA) / California Privacy Rights Act (CPRA). Oregon residents may have rights under the Oregon Consumer Privacy Act (OCPA). To submit a rights request, contact us using the information in Section 12. We will respond within 45 days, with an option to extend by an additional 45 days when necessary.
Children's Privacy
Our website and services are not directed to children under the age of 13, and we do not knowingly collect personal information from children under 13. If you are a parent or guardian and believe your child has provided us with personal information, please contact us immediately so we can take appropriate action to delete that information.
Dependent enrollment information for minor children is collected solely as part of an adult member's benefit enrollment and is handled in accordance with HIPAA and this Privacy Policy.
Third-Party Links & Services
Our website may contain links to third-party websites, portals, or services — including insurance carrier portals, HSA administrators, and partner provider sites. These third parties operate under their own privacy policies, which we encourage you to review.
HealthPass by Legacy Health Network is not responsible for the privacy practices, content, or security of any third-party site. The inclusion of a link does not constitute an endorsement.
Changes to This Policy
We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or for other operational reasons. When we make material changes, we will update the "Last Updated" date at the top of this page and, where appropriate, notify you by email or through a prominent notice on our website.
Your continued use of our website or services after any update constitutes your acceptance of the revised Privacy Policy. We encourage you to review this page periodically.
Contact Us
If you have questions, concerns, or requests related to this Privacy Policy or our data practices, please contact us:
Legacy Health Network
Email: privacy@healthpassbylegacy.com
Website: healthpassbylegacy.com
For HIPAA-related requests, please indicate "HIPAA Request" in your subject line. We will acknowledge your inquiry within 5 business days and provide a full response within the timeframe required by applicable law.