You have javascript disabled. We recommend that you turn it on for the best experience on our site.

Gateway HealthSM Notice of Privacy Practices

Gateway HealthSM On-Line Privacy Statement

This On-Line Privacy Statement discloses the practices of Gateway HealthSM (“Gateway”) regarding information gathering and disclosure from Gateway’s website.

1. Collection of Information from Website Visitors - Gateway may collect information regarding its website visitors and the computers they use, such as e-mail addresses, files downloaded, home server domain names, type of computer, search engine, operating system and web browser.  Gateway may also collect information the visitor submits on-line when the visitor completes forms or surveys, sends e-mail messages or enters other data into website fields.  In the event an e-mail is addressed to specific Gateway staff or is sent using the “Contact Us” option of this website, Gateway may retain the message for up to one year.  Gateway uses information and discloses it to third parties as permitted by law and to the least extent necessary.

Gateway’s website and certain link sites use cookies to facilitate navigation.  A cookie is a small piece of information about an Internet session that may be created when a person accesses a website.  Cookies may contain a variety of information including the name of the website that issued them, what parts of the website the user accessed, passwords and user’s name. Most web browsers can be modified by users to prevent cookies from being attached.

2. Use of Personal Data Collected - Personal data collected by Gateway may be used by Gateway for many reasons, including analysis of how and when the website gets visited, for development of Gateway services or for changes in the content and appearance of this website.  Aggregate data on visitors' home servers may be used for internal purposes or provided to third parties.  Individually identifying information, such as names, postal and e-mail addresses, phone numbers and other personal information that visitors voluntarily provide to Gateway may be added to Gateway's databases and/or used for future calls and mailings regarding website updates, new products and services, upcoming events, and for other purposes that comply with federal and state law.

Gateway may contact website visitors regarding membership issues, including specific issues affecting a member and general issues affecting groups of members, for example, changes to the Member Handbook, privacy statement, business practices or Gateway policies.

3. Disclosure of Personal Data to Third Parties - Gateway does not sell its member lists.  Unless otherwise authorized by a visitor or validly requested by governmental authorities or legal process, Gateway does not distribute its members’ specific information to outside persons or firms unless a disclosure is needed for the member’s care, payment of members’ claims or the necessary operations of the health plan .

Gateway may disclose to its affiliates and service providers that assist in meeting the needs of Gateway members personal information of users that has been collected through its website, as permitted by law.  Information collected by Gateway affiliates and service providers may also be shared with Gateway as permitted by law.  Information disclosed by users on-line may be re-disclosed if needed to respond to the user’s requests and inquiries.  Gateway affiliates and service providers are required to follow no less than the privacy and confidentiality standards of law.

4. Links to Other Websites - While Gateway may provide links to other websites, a link on Gateway’s website is not and should not be construed as an endorsement of the content, viewpoint, policies, products or services provided or advertised on the linked site.  Website visitors linking to other sites receive messages about leaving Gateway's website.  Once a visitor leaves the Gateway website by linking to a site not maintained by Gateway, the visitor should become familiar with the on-line privacy statement of the linked website before accessing or supplying information.

5. Security Measures - Although Gateway makes reasonable efforts to protect user information from unauthorized use or alteration, users should be aware that there is always some risk in sending information over the Internet.  Gateway uses commercially reasonable security features; however, the confidentiality of any communication or material transmitted to/from Gateway’s website or e-mail cannot be guaranteed.  Gateway only grants access to personal information to those employees, affiliates, service providers and other third parties as required by law, as required to provide healthcare products and services or as the user permits.

For private health matters, members of Gateway or their authorized representatives are encouraged to contact Gateway by telephone at the number listed on the member identification cards.

6. Correction of Personal Data Collected On-Line - Gateway will provide website visitors with a summary of their personally identifiable information retained by Gateway from on-line sessions, upon request by mail, e-mail or phone.  Website visitors may modify, correct, change or update personally identifiable information that Gateway has collected on-line by contacting Gateway via regular mail, e-mail or telephone.

7. Collection of Personal Data from Minors - To the extent that Gateway is able to determine the age of website visitors by their submissions to or communications with Gateway, Gateway will not knowingly collect or post information from individuals under the age of eighteen without consent of a parent or guardian.

If registration is required on the Gateway website for offered services and a visitor submits information through the website that indicates the visitor is a minor, the minor's parent or guardian will be contacted regarding the registration.  If the parent or guardian agrees, the registration processing will continue.  If the parent or guardian indicates a desire to withdraw the registration, Gateway will provide instructions to the parent or guardian for deletion of the registration.  No information collected through Gateway’s website from users self-identified as minors will be used knowingly for any direct marketing or promotional purposes.

8. Compliance Program - Gateway’s Compliance Program regarding privacy and security of user information includes oversight of privacy practices, training of employees and maintenance and updates to security systems.  Gateway will investigate privacy and security complaints through its Compliance Officer or Security Officer.

9. Changes to this Privacy Statement - This On-Line Privacy Statement is subject to change at any time and should be reviewed by interested website visitors periodically.  Questions or concerns regarding use of on-line information may be directed to Gateway by clicking “Contact Us” from the top of any of Gateway’s web pages.

Posted May 24, 2005

Gateway HealthSM Personal and Health Privacy


Gateway HealthSM (“Gateway”) is required to protect the privacy of your personal medical and non-public personal information.  Also, Gateway is required to give you this notice about how Gateway uses or gives out (“discloses”) medical and personal (“non-public”) information held by Gateway. This protection extends to all forms of communication (oral, written, and electronic) of this information.  We are also required to notify you if you are affected by a breach of unsecured information.

Gateway will use and give your medical information:

  • To you or someone who acts for you (your personal representative),
  • To the Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected, and
  • When required by law.
  • To meet your medical needs, to pay for your healthcare and to operate the Gateway benefit program, for example:
    • To give information to help the doctors or other healthcare providers who care for you;
    • To make sure you and other Gateway members get quality health care, to provide member services to you, or to resolve any complaints you have.
    • To pay or deny your claims or to share payments and payment information with your other insurer(s).
    • To our contracted vendors who perform various functions on our behalf or to provide certain types of services (such as member service support and pharmacy benefit management).

Gateway may also use or give your medical information:

  • To state and federal agencies that have the legal right to receive such data,
  • For public health activities (such as reporting disease outbreaks),
  • For government healthcare oversight activities (such as fraud investigations),
  • For judicial and administrative proceedings (such as in response to a court order),
  • For law enforcement purposes (such as providing limited information to locate a missing person),
  • For research studies that meet all privacy law requirements (such as research related to the prevention of disease or disability),
  • To avoid a serious and likely threat to health or safety,
  • To contact you about new or changed benefits,
  • To contact you for appointment reminders or for disease management programs and alternative treatments that may interest you,
  • To create a collection of information that can no longer be traced back to you,
  • To Plan Sponsors of group health plans when applicable to permit the plan to perform administrative functions,
  • To coroners, medical examiners, funeral directors and organ donations,
  • To your school when proof of immunization is required by law,
  • To others involved in your health care (if you are not present or able to agree to these disclosures of your PHI, we may use our professional judgment to determine whether the disclosure is in your best interest),
  • For underwriting purposes if needed, however, we are prohibited from using or disclosing your genetic information for these purposes.

Gateway must have your written permission (an “authorization”) to use or give out your medical information for any purpose that is not listed in this notice.  You may take back (“revoke”) your written permission at any time, except if Gateway already took action based on your permission.  Some examples of when we need your permission to use or give out your information are:

  • For marketing purposes,
  • If we intend to sell your protected health information (PHI),
  • For use of psychotherapy notes, except if:

        -Your doctor is using them to help in your treatment,
        -Your doctor is using them for his own training purposes, or
        -If your psychotherapy notes are required by law.

You have the right to:

  • Ask for your medical information by writing to Gateway or by calling Gateway to request a form for this purpose.
  • Ask Gateway to change your medical information if you can show that it is wrong or that information is missing by writing to Gateway or by calling Gateway to request a form for this purpose.  If Gateway disagrees, you may have a statement of your disagreement added to your personal medical information.
  • Get a list of who received your medical information within a six-year period by writing to Gateway or by calling Gateway to request a form for this purpose.  You must tell Gateway the dates for which you are requesting the list.  The list will not cover information given out before April 14, 2003, information that was given to you or your personal representative, or information given for healthcare payments, for Gateway operations or for law enforcement needs.
  • Ask Gateway to communicate with you in a different manner or at a different place (for example, by sending materials to a P.O. box instead of your home address), by writing to Gateway or by calling Gateway to request a form for this purpose.  Gateway must have written reason(s) for your requests and may not be able to honor your request.
  • Ask Gateway to limit the way your personal medical information is used or given to others, by writing to Gateway or by calling Gateway to request a form for this purpose.  Please note that Gateway may not be able to do what you request.
  • Call or write to Gateway to ask for a separate paper copy or e-mail copy of this Notice.

What is the non-public information that Gateway HealthSM collects about you?

  • It is personal information but is non-medical, for example, the information you completed on your enrollment application that identifies who you are and how you can be contacted.
  • Also, it is information collected for a request for services by you or your doctor.
  • Also, it is information collected to answer a question or concern from you.

Can anyone receive your non-public information?

  • Gateway does not give out your non-public information, except if required or permitted by law. 
  • Gateway does not give out your non-public information to anyone unrelated to providing your care under the health plan unless you or your representative gives permission.

How does Gateway protect your non-public information?

  • Gateway does not make your non-public information available to anyone other than those necessary to provide medical or health plan services to you.
  • You have the right to give or withhold permission for other uses or disclosures of this information, except as required by law.

If you believe Gateway has violated your privacy rights as stated in this notice, you may file a complaint at the following address:

Privacy Officer
Gateway HealthSM
Regulatory, Compliance and Legal Affairs
Four Gateway Center
444 Liberty Avenue, Suite 2100
Pittsburgh, PA 15222-1222

Filing a complaint will not affect your benefits. 

You may also file a complaint with the Secretary of the Department of Health and Human Services.  For more information on filing a complaint or your rights stated in this notice, you may call Gateway’s Member Services Department at 1-800-685-5209 for Medicare or 1-800-392-1147 for Medicaid (TTY/TDD users: 711).

Gateway is required to follow the terms in this privacy notice. Gateway has the right to change the way your medical information is used and given out.  If Gateway makes any changes they will be posted on our website, and you will be notified within sixty (60) days of the change.  

These privacy practices went into effect April 14, 2003.
These privacy practices have been revised as of September 23, 2013.


HIPAA---What Gateway HealthSM does to protect PHI!

Our motto is: Confidentiality is everyone’s job—protect all information, all the time!

Protecting your confidential information and PHI (protected health information) is a priority to us!  We want you to know that we are committed to protecting all information, all the time.  That includes protecting information provided in verbal, paper or in an electronic format.

First and foremost, we believe in the value of providing ongoing compliance and privacy education to our employees.  Gateway employees are reminded of the importance of protecting confidential information through a variety of ways.  These include: department refresher training sessions, sharing current news articles on privacy concerns and risks, access to an on-line compliance reference library, and easy access to policies and staff who are available to provide help with compliance or privacy questions.

Next, we expect all employees to understand and embrace their roles in protecting PHI.  We post tips on our on-line Compliance Corner so everyone can learn good practices.

Last, but certainly just as important, Gateway takes a proactive approach to privacy and we are happy to share an example of how we do that.  For the past several years we have audited desks after normal business hours to check to be sure information was protected from view or access and disposed of properly. 

Gateway is proud of our employees’ dedication and commitment to protecting all information, all the time and we will continue to provide relevant training to keep them aware of potential risks.

We are happy to be your health insurance plan and we want you to know we care about you AND protecting your PHI and confidential information!