Aetna Privacy Statement
Welcome to the Aetna web and mobile experience. This Aetna Web & Mobile Privacy Statement (the “Privacy Statement”) describes our practices in connection with information we collect through software applications (including mobile applications) and websites that we operate and that contain a link to this Privacy Statement (an “Application” or, together, the “Applications”). This Privacy Statement is designed to transparently describe our privacy practices, in a format that is easy to navigate, read, and understand. We are committed to treating your information with care and respect and managing our Applications in a manner which is compliant with law.
As you navigate our Applications and communicate with Aetna (sometimes referred to as “we” “us” or “our”) via the Applications, we may ask you to disclose certain information so that we can provide you with the highest quality information and services. In order for you to make an informed decision about whether to disclose your information to us via the Applications, we are providing you with the following information about how we collect and use your information.
This Privacy Statement describes our practices in connection with information we collect through Applications that contain a link to this Privacy Statement.
We are not responsible for the privacy practices of any third party service providers (such as Internet Service Providers (“ISPs”) or cloud service providers) or other third parties operating websites or applications to which the Applications link. The inclusion of a link on an Aetna Application does not imply that Aetna endorses, or otherwise monitors the privacy practices of that linked third party website or application.
We may collect two basic types of information: Personal Information and Non-Personally Identifiable Information.
By “Personal Information,” we mean data that is unique to an individual, such as a name, address, social security number, email address, telephone number, and certain personal device information, as described below.
By “Non-Personally-Identifiable Information,” we mean information that does not identify you personally, but can provide us with usage data, either individually or in the aggregate. Non-Personally Identifiable Information may include demographic information, aggregated information, certain information collected automatically through your device such as web browser information, server log files, cookie technology, pixel tags or beacons, and other technologies, and other non-personally identifiable information collected by us or provided by you.
We acquire Personal Information when you voluntarily register or create a personal profile with us, or request products, services, or information from us.
We may also automatically collect certain personal device information – such as physical location, IP address, battery information, application activity, data usage, accelerometer data, and malware information – to authenticate you and/or your personal device for purposes of Application security and to help prevent fraud and data loss.
In some cases, and in all cases where required by law or regulation, you will be able to update the information that you provide to us either by sending us an email or, where you have established personal profiles with us, by updating your profile online. Please refer to the specific place in the Application where data is collected for more information.
We may use Personal Information for the following purposes:
Verifying your identity so that we can be sure that all of our communications with you are secure and confidential, for Application security, and to help prevent fraud and data loss
Responding to inquiries or requests from you
Delivering web-based products and services to you, such as our health risk assessment
Sending you marketing and promotional communications that we believe may be of interest to you, if permitted by law
If you are using this Application to enroll in a health plan, or to access information and services related to your health plan, please refer to your “Notices of Privacy Practices” which is available to you via a link on this Application. These notices describe how Aetna may use and disclose your personal health and financial information when administering your benefits, and explains your legal rights. If you receive benefits through a group health insurance plan, your employer will be able to tell you if your plan is insured or self-funded. If your plan is self-funded, you may want to ask for a copy of your employer’s privacy notice. You should read this notice before enrolling in a particular plan.
Except in connection with the sale, transfer, merger, consolidation or other transaction involving all or part of our company, we will not sell, license or otherwise transfer any rights to your personal information to any third party unless expressly authorized by you.
We may transmit or disclose your Personal Information to third parties for the following purposes. In all cases we will require the recipient to protect the information and use it only for the purpose it was provided:
If required by law, such as pursuant to a subpoena, regulatory oversight, or other legal process
To enable Aetna contractors or vendors to perform certain services for us, including, but not limited to, Application maintenance and performance improvement tasks
This Application will not knowingly collect personally-identifiable information from minors under the age of thirteen (13) without their parents’ consent.
When you visit or use our Applications, we collect certain Non-Personally-Identifiable Information and aggregate information about you. This data helps us to analyze and improve the usefulness of the information and services we provide through our Applications. Because Non-Personally Identifiable Information does not personally identify you, we may use and disclose such information for any purpose permitted by law, including:
We may automatically collect certain web browser information. Web browsers collect and store information about the type of device and operating system you are using to access our Applications, as well as your device’s media access control (“MAC”) address for facilitating network communications. Accessing this information helps us to establish a secure and consistent connection to you and to customize experience and content when you use our Applications.
"Cookie" technology. A "cookie" is an element of data that we can send to your browser when you link to our Applications. It is not a computer program and has no ability to read data residing on your computer or instruct it to perform any step or function. By assigning a unique data element to each visitor, our Applications are able to recognize repeat users, track usage patterns and better serve you when you return at a later time. The cookie does not extract Personal Information.
Client-side page tagging. This technology uses code on each web page to write certain information about the page and the visitor to a log when a page is rendered to you by our Applications. "Tagging" does result in a JavaScript program running in your browser, but it is limited to providing information about the page that you are requesting and the configuration of your browser. It will not read any of your data files, nor execute any additional programs. It does not extract any Personal Information about you. You can prevent tagging by disabling JavaScript in your browser, but that may prevent you from using all of our Applications’ functions.
Tracking pixels or beacons. These techniques use electronic files to track your navigation of our Applications, your completion of transactions and other browsing behavior.
IP Address: When you subscribe to an Internet Service Provider (ISP), your computing device is assigned an IP Address. We may track and store this address to help us manage security, monitor usage volume and patterns, and to customize experience and content when you use our Applications.
The security, integrity, and confidentiality of your information are extremely important to us. We have implemented technical, administrative and physical security measures that are designed to protect your information from unauthorized access, disclosure, use and modification. We regularly review our security practices to consider appropriate new technology and methods. We also periodically subject our Applications to simulated intrusion tests and have developed comprehensive disaster recovery plans. However, please be aware that despite our best efforts, no security measures are perfect or impenetrable.
Aetna does not serve third-party advertising on its Applications. However, we do engage online advertising service providers to serve ads on other sites, based on web pages you may have visited or your search engine activity. For more information or to opt out of interest-based ads, please review our interest-based ads policy. Currently, our Applications do not respond to “Do Not Track” signals from browsers.
Aetna’s third-party service provider, Neustar, uses a variety of technologies to assess how our sites or mobile applications are used, to help us personalize your experience and to help us deliver advertising, including online content, tailored to your interests.
Our service provider may also create and store linkages between and among household or individual level identifiers such as Cookies, mobile advertising IDs, hashed email addresses and/or other persistent IDs that have been assigned to a unique but de-identified user. This process is sometimes called “cross device linking,” which is a technique used to predict or determine a likely association or relationship between two or more devices such as smartphones, tablets, desktop computers, etc. These de-identified linkages are not stored or merged with personal information about you.
Our service provider will honor your preferences regarding cross device linking. You can opt out of cross device linking on our service provider’s website.
We welcome your comments or questions about our Applications and have provided email boxes for that purpose. We will share your comments and questions with our customer service representatives and those employees most capable of addressing your questions and concerns.
Please note that your email, like most, if not all, non-encrypted Internet email communications, may be accessed and viewed by other Internet users, without your knowledge and permission, while in transit to us. For that reason, to protect your privacy, please do not use email to communicate information to us that you consider confidential. If you wish, you may contact us instead via telephone at the numbers provided at various locations on our Applications or, in the case of our health plan members, at the Member Services toll-free number that appears on your ID card.
There are some locations on our Applications where we have made special provisions for a more secure environment in which we can exchange information with you. At each of these locations, we will provide you with appropriate instructions.
From time to time, our Applications may provide links to other websites or applications, not owned or controlled by Aetna, that we think might be useful or of interest to you. We cannot, however, be responsible for the privacy practices used by other website owners or the content or accuracy of those other websites. Links to various non-Aetna websites or applications do not constitute or imply endorsement by Aetna of these websites or applications, any products or services described on these sites, or of any other material contained in them.
We may also provide links to other websites or mobile applications that are controlled by an Aetna-owned company, but that operate independently of the Applications. Privacy policies applicable to those sites and applications will appear on those sites and applications and may differ from this Aetna Privacy Statement.
Aetna may change this Privacy Statement from time to time; when updates are made, the version date (located at the bottom of this Privacy Statement) will also be updated to reflect that a revision occurred. We encourage you to periodically reread this Privacy Statement to see if there have been any changes that may affect you. This Privacy Statement is not intended to and does not create any contractual or other legal rights in or on behalf of any party.
Aetna takes information security seriously and we diligently safeguard your personal information. Here are some ways Aetna protects your information and steps you can take to help.
CMS to eliminate use of SSNs on Medicare cards
Between April 2018 and April 2019, CMS is removing Social Security Numbers and will re-issue new Red, White, and Blue Medicare cards.
17 steps for securing health information (PDF)
A list of steps we take to secure your health information.
Our effort to reduce the use of SSNs
Our commitment to protecting the privacy of our members by moving away from the use of Social Security numbers whenever possible.
How we protect the privacy and security of sensitive health and financial information. We encrypt all emails that contain member-specific health and financial information.
Steps that you can take to prevent medical identity theft.
Privacy statement update: 9/19/17