Your Information. Your Rights. Our Responsibilities.

Empower Health Services, LLC (“EHS”) is committed to protecting the privacy and security of your health information. This Privacy Policy describes how we collect, use, and safeguard your Protected Health Information (PHI) in compliance with applicable United States laws, including the Health Insurance Portability and Accountability Act (HIPAA) and the California Consumer Privacy Act (CCPA), where applicable.

How Is Your Health Information Collected?

We collect PHI and other personal information when you interact with us through various means, including:

  • Empower.Health Portal: When you complete a health questionnaire, register for services, or participate in challenges, rewards, and incentive programs.
  • Health Screenings & Immunization Services: When you visit a sponsored Empower Health screening event or Laboratory Patient Service Center.
  • Health Provider Forms: When you or your Primary Care Physician submit a completed Health Provider Form.
  • Activity Tracking Devices: By downloading and using our application (e.g., `Empower.Health – Sync`) and connecting it to your activity tracker, you consent to our collection of data, we may collect data through connected activity tracking applications.
  • Biometric Authentication: To improve login security, biometric data (e.g., facial recognition or fingerprint) may be used during authentication. This data is processed directly by the biometric tools on your device (e.g., iOS or Android fingerprint or screen lock features) and is not stored or retained by EHS.

You may revoke access to your activity tracker or biometric authentication features at any time by adjusting your app or device settings or contacting us.

How We Use Your Health Information

We may use your PHI for the following purposes:

  • Treatment: To provide you with health screening results and related health services.
  • Payment: To process payment or verify insurance eligibility.
  • Health Care Operations: To evaluate and improve service quality, perform internal audits, and manage administrative functions.

Unless otherwise stated, these uses do not require special permission under HIPAA. For any other purpose, we will request your signed authorization, which you may revoke at any time.

We do not:

  • Use or disclose your PHI for marketing purposes.
  • Sell your PHI.

Use of Technology, Data Analysis, and AI

To improve the quality and efficiency of our services, Empower Health Services may utilize artificial intelligence and data analytics tools for general system optimization, aggregate reporting, trend analysis, and education. All vendors or service providers who process PHI on our behalf operate under HIPAA-compliant Business Associate Agreements (BAAs) or Data Sharing Agreements which legally bind them to protect your information.

Data Retention and Deletion

  • Retention: Data older than five years is moved to a secure backup system and subsequently deleted in accordance with our data retention policy.
  • Deletion: You may request deletion of your data collected via our services at any time by contacting us.

You may also delete data collected via your activity tracker directly within the mobile application.

How We Secure Your Information

We maintain technical, physical, and administrative safeguards to protect your PHI, including:

  • Encryption of data, both while in transit and at rest.
  • Role-based access restrictions to ensure only authorized personnel can access your information.
  • Regular security audits and monitoring to identify and address vulnerabilities.

If a data breach occurs involving your unsecured PHI, we will notify you in writing within 60 days as required by HIPAA.

Third-Party Sharing

EHS shares your PHI with trusted third-party service providers only as necessary to deliver services such as laboratory testing, secure data storage (cloud hosting), analytics, health coaching, and health education. All such partners are legally bound by HIPAA-compliant Business Associate Agreements (BAAs) that require them to safeguard your PHI and use it only for authorized purposes.

We do not share activity tracker data (e.g., step count, sleep, or exercise data) with third parties without your express consent. However, we may disclose such data when legally required (e.g., in response to a subpoena or court order), or when necessary to protect your safety or the safety of others.

If you choose to participate in walking programs or organized challenges, your step counts may be visible to fellow participants and the sponsoring organization. This disclosure is limited in scope and purpose, and you may opt out of participation in such programs at any time.

Your Rights

You have the following rights regarding your PHI:

  • Request Restrictions: You may request limitations on how we use or disclose your PHI.
  • Request Amendments: You may ask us to amend your PHI if it is inaccurate or incomplete.
  • Access Your PHI: You may request an electronic or paper copy of your PHI.
  • Accounting of Disclosures: You may request a record of certain disclosures we have made over the past six years.
  • Request Confidential Communications: You may request we contact you at an alternate address or phone number.
  • Notification of Breach: You will receive notice if there is a breach of your PHI that affects you.
  • Right to a Paper Copy: You may request a paper copy of this notice at any time.

California Residents – CCPA Rights

If you are a California resident, you have additional rights under the California Consumer Privacy Act (CCPA):

  • The right to request access to specific pieces of personal data collected about you.
  • The right to request deletion of your personal data, subject to certain exceptions.
  • The right to know how your personal data is collected, used, and shared.

Contacting Us

For any questions, requests, or concerns related to your privacy rights or PHI, please contact:

Empower Health Services Privacy Officer

Phone: 1-866-367-6974
Message: empowerhealthservices.com/connect
Website: empowerhealthservices.com/privacypolicy

Should your complaint not be resolved directly by EHS, you retain the right to file a complaint with the Office for Civil Rights.

Office for Civil Rights

200 Independence Avenue, S.W.
Washington, D.C. 20201
www.hhs.gov/ocr/privacy/hipaa/complaints

Definitions

  • Business Associate Agreement (BAA): A contract required by HIPAA between a HIPAA covered entity (like EHS) and a HIPAA business associate. It legally binds the business associate to protect PHI and use it only as authorized by the covered entity.
  • California Consumer Privacy Act (CCPA): A state statute intended to enhance privacy rights and consumer protection for residents of California.
  • HIPAA (Health Insurance Portability and Accountability Act): A federal law that sets national standards to protect sensitive patient health information from being disclosed without the patient’s consent or knowledge.
  • Protected Health Information (PHI): Individually identifiable health information created or received by a healthcare provider, health plan, employer, or healthcare clearinghouse, relating to the past, present, or future physical or mental health or condition of an individual; the provision of healthcare to an individual; or the past, present, or future payment for the provision of healthcare to an individual. This includes demographic information, medical histories, test results, insurance information, and other data used to identify an individual.
  • Personal Information: Information that identifies, relates to, describes, is reasonably capable of being associated with, or could reasonably be linked, directly or indirectly, with a particular consumer or household. (You might want to align this more closely with how CCPA defines it if you’re specifically targeting CCPA compliance for this term).
  • Empower.Health Portal: Refers to the online platform or application provided by Empower Health Services where individuals can access services, complete questionnaires, and manage their health information.
  • Activity Tracking Devices: Electronic devices or applications (e.g., Empower.Health – Sync, Apple Health, Google Fit, Fitbit) that monitor and record data related to physical activity, sleep, and other health metrics.

Changes to This Privacy Policy

EHS reserves the right to revise this policy. Updated versions will be available at www.empowerhealthservices.com/privacypolicy. All changes will apply to previously collected PHI.

Last Updated: June 25, 2025

Connect with us!

Have questions about our programs or want to set up a meeting to learn more about our services? We’d love to hear from you.

Get in Touch

Call EHS Customer Support

(866) 367 6974

Reach us by email

support@empower.health

Corporate Office

495 N. Commons Drive, Suite 100
Aurora, IL 60504

Operating Hours

8:00am – 4:30pm CST, Monday – Friday