Aperion Health Logo

Privacy Policy

Effective Date: December 2, 2025
Last Updated: December 2, 2025

1. Introduction & Scope

Welcome to Aperion Health. We are a healthcare spend optimization company providing value-based navigation and personalized support to help members make informed healthcare decisions while reducing costs.

This Privacy Policy describes how Aperion Health ("Aperion," "we," "us," or "our") collects, uses, maintains, and discloses information collected from users of our website, mobile applications, and services (collectively, the "Services"). This policy applies to all website visitors, portal members, and employer clients who use our Services.

HIPAA Compliance Commitment: Aperion Health is committed to complying with the Health Insurance Portability and Accountability Act (HIPAA) and protecting your Protected Health Information (PHI). For members using our healthcare navigation services, we also provide a separate HIPAA Notice of Privacy Practices that describes how we use and disclose your medical information.

Scope: This Privacy Policy covers:

  • Website visitors browsing aperion.health
  • Portal members accessing services at portal.aperion.health
  • Healthcare employers and plan sponsors partnering with Aperion Health
  • Individuals who contact us or participate in our wellness programs

2. Information We Collect

2.1 Protected Health Information (PHI)

When you use our healthcare navigation and wellness services, we may collect and maintain Protected Health Information, which includes:

  • Health Assessments: Information from health questionnaires, risk assessments, and health evaluations you complete
  • Medical History: Information about your health conditions, diagnoses, treatments, and medications
  • Healthcare Provider Information: Names and contact information of your doctors, specialists, and other healthcare providers
  • Insurance and Claims Data: Health insurance information, claims history, and benefit details
  • Wellness Program Data: Participation in wellness programs, health goals, and progress tracking
  • Portal Usage: Your interactions with our healthcare navigation platform

2.2 Personal Information

We collect personal information that you provide directly to us, including:

  • Contact Information: Name, email address, phone number, mailing address
  • Demographics: Age, date of birth, gender, location
  • Employment Information: Employer name, group affiliation, employee ID
  • Account Credentials: Username, password (encrypted), and account preferences
  • Communication Preferences: Your choices regarding how we communicate with you

2.3 Automatically Collected Information

When you access our Services, we automatically collect certain technical information:

  • Device Data: IP address, browser type, device type, operating system
  • Usage Analytics: Pages visited, time spent on pages, session duration, clickstream data
  • Cookies and Tracking Technologies: Information collected through cookies, web beacons, and similar technologies (see Section 7)
  • Google Analytics Data: Website traffic patterns and user behavior (does not include PHI)
  • Technical Logs: Error logs, system diagnostics, and performance data

2.4 Information from Third-Party Sources

With your authorization, we may receive information about you from:

  • Healthcare Providers and Health Plans: Medical records, claims data, eligibility information
  • Employers and Plan Administrators: Eligibility information, enrollment data
  • Insurance Companies: Coverage details, benefits information
  • Service Providers: Verification and validation services

3. How We Use Your Information

3.1 Primary Service Purposes

We use your information to provide and improve our healthcare spend optimization services:

  • Healthcare Navigation Services: Helping you find quality, cost-effective healthcare options
  • Personalized Health Assessments: Evaluating your health needs and providing tailored recommendations
  • Care Coordination: Connecting you with appropriate healthcare providers and resources
  • Wellness Programs: Supporting your participation in health improvement programs
  • Member Support: Responding to your inquiries and providing customer service
  • Communication: Sending you service updates, health tips, and program information

3.2 HIPAA-Permitted Uses of Protected Health Information

We use and disclose your Protected Health Information for the following HIPAA-permitted purposes:

  • Treatment: Coordinating your care with healthcare providers, facilitating referrals, and supporting care management
  • Payment: Processing claims, determining coverage, coordinating benefits, and billing activities
  • Healthcare Operations: Quality assessment and improvement, care coordination programs, training, business planning, and program evaluation

3.3 Analytics and Service Improvement

  • Analyzing usage patterns to improve our Services
  • Understanding user behavior to develop new features
  • Conducting research using de-identified or aggregate data
  • Measuring program effectiveness and outcomes

3.4 Legal Compliance and Protection

  • Complying with legal obligations and regulatory requirements
  • Responding to lawful requests from government authorities
  • Protecting our rights, property, and safety, and that of our users
  • Preventing fraud, abuse, and security threats

4. How We Share Your Information

Important: We will never sell your Protected Health Information. We only share your information as described in this policy and as permitted or required by law.

4.1 Sharing With Your Authorization

We will obtain your explicit written authorization before using or disclosing your Protected Health Information for purposes not described in this policy, including:

  • Marketing communications (except for face-to-face communications)
  • Sale of Protected Health Information (which we never do)
  • Disclosure to third parties you designate

4.2 HIPAA-Permitted Sharing

We may share your Protected Health Information without your authorization for:

  • Treatment, Payment, and Healthcare Operations: As described in Section 3.2
  • Required by Law: When required by federal, state, or local law
  • Public Health Activities: Reporting diseases, vital statistics, and product safety issues
  • Health Oversight: Audits, investigations, and regulatory oversight
  • Legal Proceedings: In response to court orders or lawful subpoenas
  • Law Enforcement: Limited disclosures as required by law

4.3 Service Providers (Business Associates)

We share information with trusted service providers who assist us in operating our Services. These providers are contractually required to protect your information and may only use it to provide services to us:

  • Database and Hosting Providers: Supabase and cloud hosting services (Business Associate Agreements in place)
  • Email Service Providers: For sending communications (Business Associate Agreements in place)
  • Analytics Providers: Google Analytics for website analytics (does NOT receive PHI)
  • Technology Partners: IT support and infrastructure services

4.4 Employers and Plan Sponsors

Important Protection: Your employer or health plan sponsor will receive only aggregate, de-identified data about program participation and outcomes. We do NOT share individual member Protected Health Information with employers unless you provide specific written authorization or as permitted under HIPAA for summary health information.

4.5 Business Transfers

If Aperion Health is involved in a merger, acquisition, or sale of assets, your information may be transferred. We will notify you via email and/or prominent notice on our website before your information becomes subject to a different privacy policy.

5. Data Security

5.1 Security Measures

We implement comprehensive security measures to protect your information:

  • Encryption: All data is encrypted in transit using TLS/SSL and at rest using industry-standard encryption
  • Access Controls: Strict access controls ensure only authorized personnel can access your information
  • Authentication: Multi-factor authentication and strong password requirements
  • Regular Assessments: Periodic security assessments and vulnerability testing
  • Employee Training: All employees receive HIPAA and data security training
  • Business Associate Agreements: Contractual protections with all vendors who handle PHI
  • Physical Security: Secure data centers with restricted access

5.2 Data Retention

  • Protected Health Information: Retained for a minimum of six (6) years as required by HIPAA
  • Personal Information: Retained as long as necessary to provide Services and comply with legal obligations
  • Secure Deletion: Information is securely deleted when no longer needed

5.3 Breach Notification

In the unlikely event of a data breach involving your Protected Health Information, we will notify you and appropriate authorities as required by HIPAA, typically within 60 days of discovery of the breach.

While we implement strong security measures, no electronic transmission or storage system is 100% secure. We cannot guarantee absolute security but are committed to protecting your information using industry best practices.

6. Your Privacy Rights

6.1 HIPAA Rights for Members

If you are a member using our healthcare services, you have the following rights under HIPAA regarding your Protected Health Information:

  • Right to Access: Request to inspect and obtain a copy of your PHI (we will respond within 30 days)
  • Right to Amend: Request corrections to inaccurate or incomplete PHI
  • Right to Request Restrictions: Ask us to limit how we use or disclose your PHI
  • Right to Accounting of Disclosures: Receive a list of certain disclosures we have made of your PHI (6-year history)
  • Right to Confidential Communications: Request communications through alternative means or at alternative locations
  • Right to a Copy of HIPAA Notice: Obtain a paper or electronic copy of our HIPAA Notice of Privacy Practices

For detailed information about your HIPAA rights and how to exercise them, please review our HIPAA Notice of Privacy Practices.

6.2 General Privacy Rights

  • Marketing Opt-Out: Unsubscribe from marketing emails using the link in any email or contact us
  • Account Access: Access and update your account information through the member portal
  • Data Deletion: Request deletion of your personal information (subject to legal retention requirements for PHI)
  • Data Portability: Request a copy of your information in a structured, commonly used format

6.3 State-Specific Privacy Rights

If you are a resident of California, Virginia, Colorado, Connecticut, or Utah, you may have additional privacy rights under state law, including:

  • Right to know what personal information we collect and how we use it
  • Right to delete personal information (with certain exceptions)
  • Right to opt-out of the sale of personal information (note: we do not sell personal information)
  • Right to non-discrimination for exercising your privacy rights

Note: HIPAA generally preempts state privacy laws with respect to Protected Health Information, but we honor both HIPAA and applicable state law rights.

6.4 How to Exercise Your Rights

To exercise any of these rights, please contact our Privacy Officer:

Aperion Health Privacy Officer

Minneapolis, Minnesota

Phone: (612) 208-7537

Email: info@aperion.health

7. Cookies & Tracking Technologies

7.1 What Are Cookies?

Cookies are small text files stored on your device that help us provide and improve our Services. We use cookies and similar tracking technologies to understand how you use our website and to enhance your experience.

7.2 Types of Cookies We Use

  • Essential Cookies: Required for the website to function properly, including authentication and security features
  • Analytics Cookies: Help us understand how visitors interact with our website (Google Analytics)
  • Preference Cookies: Remember your settings and preferences for a better experience

7.3 Third-Party Analytics

We use Google Analytics to collect information about website usage. Google Analytics uses cookies to collect information such as:

  • Pages visited and time spent on each page
  • How you arrived at our website
  • What device and browser you are using
  • General location information (city/state level)

Important: We do NOT share Protected Health Information with Google Analytics or any other analytics providers. Analytics data is collected only for our public website and does not include information from our secure member portal.

Learn more about how Google uses data: Google Privacy Policy

7.4 Your Cookie Choices

You have several options to control cookies:

  • Browser Settings: Most browsers allow you to refuse or delete cookies through their settings
  • Google Analytics Opt-Out: Install the Google Analytics Opt-out Browser Add-on
  • Do Not Track: We honor Do Not Track browser settings

Note: Disabling certain cookies may limit your ability to use some features of our website.

8. Children's Privacy

Our Services are not directed to individuals under the age of 18. We do not knowingly collect personal information from children under 18. If you are a parent or guardian and believe your child has provided us with personal information, please contact us at info@aperion.health, and we will delete such information from our systems.

10. Policy Changes

We may update this Privacy Policy from time to time to reflect changes in our practices, technology, legal requirements, or other factors. We will notify you of any material changes by:

  • Posting the updated policy on our website with a new "Last Updated" date
  • Sending an email notification to members (for significant changes)
  • Displaying a prominent notice on our website or member portal

Your continued use of our Services after any changes to this Privacy Policy constitutes your acceptance of the updated policy. We encourage you to review this Privacy Policy periodically to stay informed about how we protect your information.

Previous versions of this Privacy Policy are available upon request by contacting our Privacy Officer.

11. Contact Information

If you have any questions, concerns, or requests regarding this Privacy Policy or our privacy practices, please contact us:

Aperion Health Privacy Officer

Minneapolis, Minnesota

Phone: (612) 208-7537

Email: info@aperion.health

Member Portal: portal.aperion.health/login

We will respond to all requests within a reasonable timeframe, typically within 30 days.

For information specific to how we use and protect your Protected Health Information under HIPAA, please review our HIPAA Notice of Privacy Practices..