image

PRIVACY POLICY

Effective as of January 1, 2020

Last updated: June 22, 2023

Introduction

Apria Healthcare LLC and its affiliates (“Apria,” “we,” “our,” or “us”) respects the privacy of your information. This Privacy Policy is designed to assist you in understanding how we collect, use and safeguard the information you provide to us in using Apria.com, My.Apria.com, and the websites that link to this Privacy Policy (collectively, the “Site”) and the services provided through our Site (collectively, the “Services”).

We will use and share any personal health information governed by HIPAA and HITECH (each defined herein) that we collect from or about you in accordance with our HIPAA Notice of Privacy Practices, which offers you certain choices with respect to the use and sharing of that personal information.

From time to time, we may change this Privacy Policy. If we do, we will post an amended version on this webpage. Please review this Privacy Policy periodically.

This Privacy Policy covers the following topics:
1.    Personal Data We Collect
2.    How We Use Your Personal Data
3.    How We Share Your Personal Data
4.    Cookies and Other Tracking Technologies
5.    Third Party Processors
6.    Opt-Out Preference Signals
7.    Security
8.    Third Party Links
9.    Children’s Privacy
10.    HIPAA
11.    Notice to California Residents
12.    How to Contact Us

1. Personal Data We Collect

We collect personal data from you through your use of the Site and Services. Personal data is information that is linked or reasonably linkable to an identified or identifiable individual. We collect the following types of personal data:

Personal Data You Provide

We may collect the following personal data that you voluntarily provide to us in using our Site and Services:

  • Customer Account. If you create an account for any of our Services, you will provide us with your phone number, email address, and password. When you log-in to your account, you will provide us with your email address and password.
  • Check a Delivery Time. When you use our Site to obtain your estimated time of delivery, you will provide us with the patient’s name, date of birth, customer ID, and delivery address.
  • Continuous Sleep Resupply Program. When you enroll in this program on our Site, you will provide us with your name, email address, physical address, and any other information that you may voluntarily provide.
  • Preventative Maintenance Check for Your Oxygen Concentrator. When you schedule a Preventative Maintenance Check for Your Oxygen Concentrator on our Site, you will provide us with your name, email address, physical address, and phone number along with the patient’s name, ID, and any other information that you may voluntarily provide.
  • Schedule an Oxygen Tank Delivery. When you schedule an Oxygen Tank Delivery on our Site, you will provide us with your name, email address, physical address, and phone number along with the patient’s name, ID, and any other information that you may voluntarily provide.
  • Schedule an Equipment Return. When you schedule an Equipment Return on our Site, you will provide us with your name, email address, physical address, and phone number along with the patient’s name, ID, and any other information that you may voluntarily provide.
  • ApriaLink Registration. If you are a healthcare provider or an employee of a healthcare provider and you submit a Physician/Prescriber Registration Form, you will provide us with your name, email address, company name, physical address, and National Provider Identifier (NPI) number. When you submit a Non-Physician/Prescriber Registration Form, you will provide us with your name, email address, company name, and physical address.
  • Careers. When you apply for a job, you will create a profile and provide us with your name, email address, telephone number, physical address, and other identifiers such as licenses and certifications and any other information that you may voluntarily provide.
  • Billing Inquiry. When you submit a question about billing on our Site, you will provide us with your name, email address, phone number, patient account number, and any other information that you may voluntarily provide.
  • Dispute Resolution. When you submit an Opt-out Arbitration Form on our Site, you will provide us with your name and email address along with the patient’s name, ID, physical address, and any other information that you may voluntarily provide.
  • Patient Satisfaction. When you submit a Patient Satisfaction form on our Site, you may provide us with name, email address, physical address, phone number, patient name, and any other information that you may voluntarily provide.
  • Apria Pharmacy. When you submit an inquiry to Apria Pharmacy on our Site, you will provide us with your relationship to the patient, email address, physical address, phone number, the patient’s name and ID, and any other information that you may voluntarily provide.
  • Chat with Us. When you interact with our Live Chat on Apria.com, you may provide us with information, such as your name, email address, and phone number, as well as any information you choose to provide in your message. Our chat feature is provided by Zendesk. Zendesk may collect, record, and store the information you provide in the chat. Please review Zendesk’s privacy notice here.
  • Additional Information. When you submit information on the Site, send an email from the Site, place an order, enter a contest or sweepstakes, respond to a survey or communication, submit an inquiry such as email, or participate in another Site function or feature, you may provide us with other information.

You may use your account to access, correct, or view certain personal data we have collected and which is associated with your account. To review or request changes to any of your personal data, please contact us at SG-privacy@apria.com.

Personal Data as You Navigate Our Site

We automatically collect certain personal data through your use of the Site and our use of cookies and other tracking technologies, such as the following:
  • Usage Information. For example, the pages on the Site you access, the frequency of access, and what you click on while on the Site.
  • Device Information. For example, hardware model, operating system, application version number, and browser.
  •  Mobile Device Information. Aggregated information about whether the Site is accessed via a mobile device or tablet, the device type, and the carrier.
  • Location Information. Location information from Site visitors on a city-regional basis.

For more information on our cookie usage see our “Cookies and Other Tracking Technologies” section below.

Personal Data We Collect About You from Other Sources

In some cases, we may receive personal data about you from other sources. This may include government entities, advertising networks, operating systems and platforms, and marketing partners. 

2. How We Use Your Personal Data

We use the personal data we collect to provide the Services to you, to maintain and improve our Site and Services, and to protect our legal rights and the rights of others. In addition, we may use the personal data we collect to:

  • Personalize your Site experience and to allow us to deliver the type of content and product offerings in which you may be most interested;
  • Process your transactions and communicate with you regarding your order;
  • Confirm your order;
  • Deliver the products and Services that you purchase or rent on our Site;
  • Prevent fraud and bill you for your purchases;
  • Contact you regarding our products and services that we feel may be of interest to you;
  • Administer a contest, promotion, survey, or other Site feature;
  • Communicate with you about our Site or Services or to inform you of any changes to our Site or Services;
  • Provide support; and
  • Comply with applicable law.

3. How We May Share Your Personal Data

We may share the personal data that we collect about you in the following ways:

  • With vendors who perform data or Site-related services on our behalf (e.g., email, hosting, maintenance, backup, analysis, etc.);
    To the extent that we are required to do so by law;
  • In connection with any legal proceedings or prospective legal proceedings;
  • To establish, exercise, or defend our or a third party’s legal rights, including providing information to others for the purposes of fraud prevention;
  • With any person who we reasonably believe may apply to a court or other competent authority for disclosure of that personal data where, in our reasonable opinion, such court or authority would be reasonably likely to order disclosure of that personal data;
  • With any other person or entity as part of any business or asset sale, equity transaction, merger, acquisition, bankruptcy, liquidation, or similar proceeding, or in preparation for any of these events;
  • With any other person or entity where you consent to the disclosure; and
  • For any other purpose disclosed by us when you provide the personal data or for any other purpose we deem necessary, including to protect the health or safety of others.

Where appropriate, we will limit sharing of your information in accordance with the choices you have provided us in response to our HIPAA Notice of Privacy Practices

4. Cookies and Other Tracking Technologies

To learn more about how we use cookies and other tracking technologies on Apria.com, and to manage your cookie settings on Apria.com, please see our Apria.com Cookie Policy.

How We Use Cookies on Apria.com

Like many other companies, we use cookies and other tracking technologies (collectively, “Cookies”). Cookies are small files of information that are stored by your web browser software on your computer hard drive, mobile or other devices (e.g., smartphones or tablets).

We use Cookies to:

  • Understand and save your preferences for future visits, allowing us to customize the Site and Services to your individual needs;
  • Compile aggregate data about Site traffic and Site interactions to resolve issues and offer better Site experiences and tools in the future; and
  • Recognize when you return to the Site.

We set some Cookies ourselves and others are set by other entities. Most of the Cookies we set ourselves are required for the Site and Services to function properly. We use Cookies set by other entities to provide us with useful information to help us improve our Site and Services, to conduct advertising, and to analyze the effectiveness of advertising.

How You Can Opt Out of Cookies on Apria.com 

Browser Settings

Cookies can be blocked by changing your Internet browser settings to refuse all or some Cookies. If you choose to block all Cookies (including essential Cookies) you may not be able to access all or parts of the Site.

You can find out more about Cookies and how to manage them by visiting AboutCookies.org or AllAboutCookies.org.

You can understand which entities have currently enabled Cookies for your browser or mobile device and how to opt out of some of those Cookies by accessing the Network Advertising Initiative’s website or the Digital Advertising Alliance’s website. For more information on mobile specific opt-out choices, visit the Network Advertising Initiative’s Mobile Choices website.

Please note that these opt-out mechanisms are specific to the device or browser on which they are exercised. Therefore, you will need to opt out on every browser and device that you use.

Google Analytics

We use Google Analytics, a web analytics service provided by Google, Inc. Google Analytics uses Cookies or other tracking technologies to help us analyze how users interact with the Site and Services, compile reports on their activity, and provide other services related to their activity and usage. The technologies used by Google may collect information such as your IP address, time of visit, whether you are a returning visitor, and any referring website. The information generated by Google Analytics will be transmitted to and stored by Google and will be subject to Google’s privacy policies. To learn more about Google’s partner services and to learn how to opt out of tracking of analytics by Google, click here

5. Third Party Processors

To ensure that your Personally Identifiable Information receives an adequate level of protection, we have put in place appropriate procedures with the service providers we share it with to ensure that it is treated consistent with applicable data security and privacy laws. For example, we use payment providers to process your credit card transactions. Specifically, if you create an e-pay account for any of our Services, such as paying a bill, you will be directed to a third-party payment processor where you will provide your username and password in addition to your account number and date of birth. We do not collect or receive the information provided to payment processors.

Additionally, if you are a referring physician and register for our electronic certificate of medical necessity form service, you will be directed to a third-party service provider where you will provide your name and credit card information when you register for an electronic certificate of medical necessity form.

6. Opt-Out Preference Signals

Our Apria.com Site recognizes the Global Privacy Control (“GPC”) signal . If you are using a browser setting or plug-in that sends an opt-out preference signal to each website you visit, Apria.com will treat that as a valid request to opt out. On our My.Apria.com Site, we do not engage in “sales” or “shares” as those terms are defined under applicable laws and therefore, My.Apria.com does not recognize the Global Privacy Control (“GPC”) signal . For more information and to download and use a browser supporting the GPC browser signal, click here: https://globalprivacycontrol.org/orgs. If you choose to use the GPC signal, you will need to turn it on for each supported browser or browser extension you use.

Some internet browsers incorporate a “Do Not Track” feature that signals to websites you visit that you do not want to have your online activity tracked. Given that there is not a uniform way that browsers communicate the “Do Not Track” signal, the Site does not currently interpret, respond to or alter its practices when it receives “Do Not Track” signals.

7. Security

We maintain commercially reasonable security measures to protect the personal data we collect and store from loss, misuse, destruction, or unauthorized access. However, no security measure or modality of data transmission over the Internet is 100% secure. Although we strive to use commercially acceptable means to protect your personal data, we cannot guarantee absolute security. 

8. Third Party Links

The Site may contain links that will let you leave the Site and access another website, including websites operated by our affiliates and websites operated by unrelated third parties. Linked websites are not under our control. We accept no responsibility or liability for these other websites. 

9. Children’s Privacy

The Site is not intended, directed at, nor targeted to children under 13 years of age. We do not use this Site to knowingly collect, use, disclose, or solicit personal data from or market to anyone under 13. If you believe that we have received information from a child or other person protected under such laws, please notify us immediately at SG-privacy@apria.com and we will take reasonable steps to remove such information from our databases.

10. HIPAA

Apria maintains a separate HIPAA Notice of Privacy Practices. 

11. Notice to California Residents

The California Consumer Privacy Act, as amended by the California Privacy Rights Act of 2020 (CCPA), requires that certain businesses provide California residents with a privacy policy that contains a comprehensive description of their online and offline practices regarding the collection, use, disclosure, sale, sharing, and retention of personal information and of the rights of California residents regarding their personal information. However, the CCPA contains important limitations that are relevant to Apria.

First, the CCPA does not apply to protected health information that is collected by a covered entity governed by the privacy, security, and breach notification rules issued by the United States Department of Health and Human Services established pursuant to the Health Insurance Portability and Accountability Act of 1996 (HIPAA) and the Health Information Technology for Economic and Clinical Health Act (HITECH).

Second, the CCPA also does not apply to a covered entity governed by HIPAA, to the extent the provider or covered entity maintains patient information in the same manner as medical information or protected health information.

Because we are subject to HIPAA and HITECH, and maintain information, protected health information, and patient information according to their requirements, much of the personal information we collect is exempt from the CCPA rights described below. Your rights with respect to our use and sharing of that information are governed by our HIPAA Notice of Privacy Practices.

CCPA Rights

If you are a California resident, you have the following rights with respect to your personal information:

(1)    The right to know what personal information we have collected about you, including the categories of personal information, the categories of sources from which we collected personal information, the business or commercial purpose for collecting, selling or sharing personal information (if applicable), the categories of third parties to whom we disclose personal information (if applicable), and the specific pieces of personal information we collected about you;

(2)    The right to delete personal information that we collected from you, subject to certain exceptions;

(3)    The right to correct inaccurate personal information that we maintain about you;

(4)    If we sell or share personal information, the right to opt out of the sale or sharing;

(5)    If we use or disclose sensitive personal information for purposes other than those allowed by the CCPA and its regulations, the right to limit our use or disclosure; and

(6)    The right not to receive discriminatory treatment by us for the exercise of privacy rights the CCPA confers. 

How to Submit a Request to Know, Delete, and/or Correct

You may submit a request to know, delete, and/or correct through our interactive webform available here or by calling us toll free at 1-888-492-7742.

As mentioned above, much of the personal information that we collect is exempt from the CCPA and, therefore, is not subject to the rights discussed in this “Notice to California Residents” section. Your choices and rights with respect to our use and sharing of that information are governed by our HIPAA Notice of Privacy Practices.

If you are submitting a request on behalf of a California resident, please submit the request through one of the designated methods discussed above. After submitting the request, and if the request is not subject to an exemption or exception, we will require additional information to verify your authority to act on behalf of the California resident.

Our Process for Verifying a Request to Know, Delete, and/or Correct

If we determine that your request is subject to an exemption or exception, we will notify you of our determination. If we determine that your request is not subject to an exemption or exception, we will comply with your request upon verification of your identity and, to the extent applicable, the identity of the California resident on whose behalf you are making such request. We will verify your identity either to a “reasonable degree of certainty” or a “reasonably high degree of certainty” depending on the sensitivity of the personal information and the risk of harm to you by unauthorized disclosure, deletion, or correction as applicable. To do so, we will ask you to verify data points based on information we have in our records concerning you.

Right to Opt Out of Sales or Sharing of Personal Information

If you are a California resident, you have the right to direct us to stop selling or sharing your personal information. 

  • Apria.com: Although we do not “sell” personal information in the conventional sense, i.e., for money, our use of interest-based advertising cookies and tracking technologies on Apria.com could be considered a “sale” or “sharing” as those terms are defined under the CCPA. To opt out of that activity, please click "Your Privacy Choices" at the bottom of this page. For more information about our use of cookies and tracking technologies on Apria.com, see our Apria.com Cookie Policy . If you have enabled privacy controls on your browser (such as a plugin), Apria.com will also treat that as a valid request to opt out. Please see the “Opt-Out Preference Signals” section above for more information.
  • My.Apria.com: In the 12 months prior to the Last Updated Date of this Privacy Policy, we have not “sold” or “shared” any personal information (as those terms are defined under the CCPA) on My.Apria.com. 

Shine the Light Law

We do not disclose personal information obtained through our Site or Services to third parties for their direct marketing purposes. Accordingly, we have no obligations under California Civil Code § 1798.83. 

12. How to Contact Us

To contact us for questions or concerns about our privacy policies or practices please contact us via any of the following methods:

By phone: 1-888-492-7742

By email: SG-privacy@apria.com