Introduction
This Consumer Health Data Privacy Policy supplements our general Privacy Policy and describes how CoveredUSA collects, uses, and shares consumer health data in connection with our health insurance eligibility screening service.
Some US states — including Washington (My Health MY Data Act), Nevada, Connecticut, and others — have enacted laws that specifically protect consumer health data. This policy applies to residents of those states and to all users of our service.
What Is Consumer Health Data?
Consumer health data includes personal information that identifies or could be used to infer information about your health status or healthcare needs, including:
- Health conditions, diagnoses, or disabilities you disclose during screening
- Prescription or medication information
- Insurance status and coverage history
- Information about healthcare services you have sought or received
- Demographic data combined with health indicators (age, household composition used in Medicaid/Medicare eligibility)
Health Data We Collect
In the course of providing eligibility screening for Medicaid, Medicare, ACA Marketplace plans, Medicare Savings Programs, and CHIP, we collect the following health-related data:
- Age and disability status — used for Medicare and SSDI eligibility screening
- Pregnancy status — relevant to Medicaid eligibility in many states
- Insurance coverage status — current and recent coverage history
- Income and household information — used to determine eligibility thresholds for all programs
We do not collect clinical health data, diagnoses, medical records, or prescription information for general screening purposes.
How We Use Health Data
We use consumer health data solely to:
- Determine which health insurance programs you may be eligible for
- Display eligibility results to you
- Share with licensed insurance agents when you explicitly request an agent connection
- Improve the accuracy of our eligibility screener
- Comply with applicable laws
We do not use consumer health data for advertising, marketing profiling, or sale to data brokers.
Sharing of Health Data
With insurance agents: If you choose to connect with a licensed insurance agent, your health-related screener data will be shared with that agent to facilitate enrollment assistance. You can opt out of this sharing at any time.
With service providers: We share data with vendors who help us operate our platform (hosting, analytics, security). These parties are contractually prohibited from using your data for any purpose other than providing services to us.
We do not share consumer health data with: data brokers, advertising networks, employers, or law enforcement except as required by valid legal process.
Your Rights Regarding Health Data
You have the following rights with respect to your consumer health data:
- Right to access: You can request a copy of the health data we hold about you.
- Right to deletion: You can request that we delete your health data. We will comply within 30 days except where retention is required by law.
- Right to withdraw consent: If you previously consented to sharing your data with agents, you can revoke that consent at any time.
- Right to opt out of sale: See our Do Not Sell page.
- Right to non-discrimination: We will never treat you differently for exercising any of these rights.
Washington My Health MY Data Act
Washington state residents have additional rights under the My Health MY Data Act (MHMDA). This law provides expanded protections for consumer health data. Under the MHMDA, you have the right to:
- Confirm whether we collect, share, or sell your consumer health data
- Access a list of all third parties with whom we shared your health data
- Delete consumer health data collected through our website
- Withdraw consent for collection and sharing of your health data
To exercise these rights, email privacy@coveredusa.org.
Data Security
We apply technical and organizational measures appropriate to the sensitivity of health data, including encryption in transit and at rest, access controls, and regular security assessments.
Contact
For questions about how we handle your health data, or to exercise your rights:
We respond to all health data requests within 30 days.