Industries

  • Healthcare
  • Health Information Technology

Participation

EU-U.S. Privacy Shield Framework: Active

Original Certification Date: 11/17/2016
Next Certification Due Date: 12/10/2020
Data Collected: HR, NON-HR

Swiss-U.S. Privacy Shield Framework: Active

Original Certification Date: 11/21/2017
Next Certification Due Date: 12/10/2020
Data Collected: HR, NON-HR

Purpose of Data Collection

Change Healthcare’s Privacy Shield certification covers processing occurring within Change Healthcare’s Enterprise Imaging (EI) business unit. EI may view, hold and process personal information about EEA customers, EEA business partners and their workers for the provision, implementation and support of health care information technology and related services to health care institutions and companies in the EEA. This may include the processing of information provided by EEA customers about providers and patients to Change Healthcare for the purposes of fulfilling Change Healthcare’s contractual obligations to its EEA customers. Change Healthcare may also process HR Personal Information, including, without limitation, names, contact information, titles, pictures, IP addresses, user IDs, compensation, benefits information, etc. about Change Healthcare EEA based Workers. Change Healthcare collects, uses or discloses HR Personal Information for the following purposes: (a) payroll, compensation, and benefits administration including stock administration; (b) business travel and employee relocation administration; (c) Change Healthcare Worker management and discipline; (d) Change Healthcare Worker appraisal, training, and development; (e) Change Healthcare facility, security and health, and safety management; (f) staff recruitment and hiring; (g) tracking the engagement of Change Healthcare outside service workers (including consultants and other non-employees); (h) Change Healthcare Worker identification; (i) reimbursement of Change Healthcare Worker expenses; (j) compliance and risk management; (k) business communication with Change Healthcare Workers; (l) internal technical and operational support; and (m) compliance with applicable legal requirements. HR Personal Information is disclosed to third parties that assist Change Healthcare in executing the above business purposes, including those assisting in talent management, benefits management, compensation, and facility/information security.

Privacy Policy

HR and Non-HR Data

Description:

Change Healthcare’s Privacy Shield certification covers processing of Customer Personal Data, of Human Resources Personal Data, and of Marketing Personal Data. Change Healthcare processes Customer Personal Data within Change Healthcare’s Enterprise Imaging (EI) business unit. EI may view, hold and process Customer Personal Data about EEA, Swiss and United Kingdom customers, Vendors and their workers for the provision, implementation and support of health care information technology and related services to health care institutions and companies. This may include the processing of information provided by EEA, Swiss and United Kingdom Customers about providers and patients to Change Healthcare for the purposes of fulfilling Change Healthcare’s contractual obligations to its customers. Change Healthcare also collects, uses or discloses HR Personal Data of Workers located in the EEA and the United Kingdom for the following purposes: (a) workplace management, training, employee development, performance appraisal and discipline; (b) recruitment, compensation, mobility and benefits administration; (c) payroll, tax and reimbursement; (d) facility, security and health, and safety management; (e) workforce productivity and employee engagement; (f) business operations including archiving, disaster recovery, business continuity, business and data analytics, directory services and communications; (g) tracking and monitoring employee usage of systems, tools and applications (such monitoring will take place only in justified cases and in compliance with applicable law); (h) technical and operational troubleshooting and support; (i) compliance testing, compliance monitoring, security testing, security monitoring, e-discovery and risk management; (j) government reporting. HR Personal Data is disclosed to third parties that assist Change Healthcare in executing these business purposes, including those assisting in talent management, benefits management, benchmarking, compensation, and facility/information security. Finally, Change Healthcare's goal is to provide its EEA, Swiss and United Kingdom Customers with a personalized Internet experience and an Internet-based online information and communication service that delivers the information, resources and services that are most relevant and helpful. In order to achieve these goals, Change Healthcare collects and processes Marketing Personal Data from users during visits to its websites and, in particular, during a user's visits to ChangeHealthcare.com. Change Healthcare's collection and use of Marketing Personal Data varies based on the website services requested by the users and the users' choice of privacy options within the relevant website services available to users in the EEA, Switzerland and the United Kingdom. Users are directed to the applicable Privacy Notice for further details.

Effective Date: 1/1/2020

Verification Method

Self-Assessment

Dispute Resolution

Questions or Complaints?

If you have a question or complaint regarding the covered data, please contact Change Healthcare Technologies, LLC at:

Stefanie Head
Privacy Manager
Change Healthcare Technologies, LLC
5995 Windward Parkway
Alpharetta, Georgia 30005

Privacy Shield organizations must respond within 45 days of receiving a complaint.

If you have not received a timely or satisfactory response from Change Healthcare Technologies, LLC to your question or complaint, please contact the independent recourse mechanism listed below


NON-HR RECOURSE MECHANISM



Appropriate statutory body with jurisdiction to investigate any claims against Change Healthcare Technologies, LLC regarding possible unfair or deceptive practices and violations of laws or regulations covering privacy Federal Trade Commission