Privacy Policy


Effective Date: May 13, 2015


We are strongly committed to protecting the privacy of your personal information. This privacy policy (“Privacy Policy”) is applicable to the San Francisco City Option Employer Portal website at https://employerportal.healthysanfrancisco.org (“Website”) produced and maintained by San Francisco Health Plan, the administrator of the San Francisco City Option Program, and constitutes our notice to you of our privacy practices. For purposes of the Privacy Policy, the terms “SFHP,” “we,” “us,” and “our” refer to San Francisco Health Plan and its affiliates.

We have established the Privacy Policy to let you know the kinds of personal information we may gather during your visit to the Website, why we gather your information, what we use your personal information for, and when we might disclose your personal information.

By agreeing to the Website Terms and Conditions, you are accepting the practices described in our Privacy Policy. If you do not agree to the terms of this Privacy Policy, please do not use the Website and exit immediately.

1. Personal Information.

When you log on to our Website and communicate with us via our site, we do not collect personal information about you unless you provide it to us voluntarily. Personal information (“Personal Information”) is any information or data that is unique to an individual such as a name, social security number, address, e-mail address, birth date, etc. Portions of our Website may allow you to provide us with Personal Information in order to deliver requested materials, products or services to you, submit a grievance, respond to your questions, or enable to you to update information. Additionally, registration may be required and Personal Information may be collected in certain portions of the Website in which you specifically and knowingly provide such information (e.g., subscription registration, suggestions, or customer service requests).

2. Use of Personal Information.

Personal Information is used only as described herein. We do not sell, license, transmit or disclose Personal Information that you or your Employees provide to us outside of the San Francisco City Option Program except for purposes of treatment, payment, health care operations, contacting you or your Employees, with contracted agents providing services supporting San Francisco City Option operations or when required by law, and any such disclosure of any Personal Information is performed within the parameters of applicable laws and regulations. Please refer to Section 14 “Notice of Privacy Practice for Health Information” for a more detailed explanation of the limited use of Personal Information. Any other uses of Personal Information not described in the Privacy Policy require your or your Employees’ authorization.

3. Anonymous Information.

Through your use of the Website, we may also gather certain information that does not identify you individually (“Anonymous Information”). Generally, this information is collected through “traffic data” and may involve the use of “Cookies,” “IP Addresses” or other numeric codes used to identify a computer.

4. Use of Anonymous Information.

We use Anonymous Information to help us determine how people use parts of the Website and who our readers are so we can improve our Website and ensure that it is as appealing as we can make it for as many people as possible. We also use Anonymous Information to provide statistical “ratings” information in aggregated form to our partners and other third parties about how our users collectively use the our Website. We may also use or share Anonymous Information (or other information, other than Personal Information) in any other manner that we deem appropriate or necessary.

5. Policies for Children Under 13.

We do not knowingly collect any information from persons under the age of 13, without permission of the child’s parent or legal guardian. If we learn that your child has submitted Personal Information, and you would like to request that such information be removed from our system, please contact us by telephone at (877) 772-0415. Our Website is designed for adults. Our Website is not intentionally targeted to children under the age of 13. Children under the age of 13 should not use our Website without obtaining prior parental consent.

6. Cookies.

We may use Cookies to provide some of the services on our Website. “Cookies” are pieces of information that a website transfers to your computer's hard disk for record-keeping purposes. Cookies make web-surfing easier for you by saving your passwords, purchases, and preferences while you're at our Website. The use of Cookies is standard in the internet industry, and many major websites use them to provide useful features for their users. Cookies in and of themselves do not personally identify users, although they do identify a user’s computer. Our Website never uses Cookies to retrieve information from your computer that was not originally sent in a Cookie. Except as described in this Privacy Policy, we do not use information transferred through Cookies for any promotional or marketing purposes, nor is that information shared with any third parties whatsoever.

7. Internet Protocol Addresses.

An Internet Protocol Address (“IP Address”) is a number that automatically identifies the computer or machine that you are using to access the Internet. The address enables our server to send you the web pages that you want to visit. It may disclose the server owned by your Internet Service Provider. We utilize your IP Address to help diagnose problems with our server and to support our site administration.

8. Spyware.

We never use or install spyware on your computer, nor do we use spyware to retrieve information from your computer.

9. Third-party Agents.

We occasionally have third-party agents, subsidiaries, affiliates and joint ventures that perform functions on our behalf. These entities may have access to the Personal Information needed to perform their functions and are contractually obligated to maintain the confidentiality and security of that Personal Information. They are restricted from using or altering this data in any way other than to provide the requested services to the Website.

10. Links to Other Websites.

This Privacy Policy applies only to the Website, not to other companies’ or organizations’ Websites to which we may link. These links include links from sponsors, partners and others and are beyond our control. These other sites may send their own cookies to you, collect your data, or solicit your personal information. Always be aware of where you end up. We are not responsible for the actions and privacy policies of third parties and other Websites. We encourage you to read the posted privacy statement and user terms and conditions whenever interacting with any other Website.

11. Security Policy.

The importance of security for all Personal Information associated with you is of utmost concern to us. We exercise great care in providing secure transmission of your information from your PC to our servers. Personal Information collected by our Website is stored in secure operating environments that are not available to the public. We employ the use of built-in firewalls (a combination of computer hardware and software) to keep unauthorized users from accessing information through our computer network. We have appropriate security measures in place in our physical facilities to protect against the loss, misuse, or alteration of information that we have collected from you at our site.

For transactions on this Website and the third-party electronic payment processing company’s website, information provided to us is transmitted using SSL (Secure Socket Layer) encryption. SSL is a proven coding system that lets your browser automatically encrypt, or scramble, data before you send it to us. Absolutely no use whatsoever is made of payment information aside from the transactions made on this site and there is no disclosure to third parties except as required for the on-line payment processing or as otherwise required under law. We also protect information by placing it on a secure portion of our web sites that is only accessible by certain qualified employees of San Francisco Health Plan. Unfortunately, however, no data transmission over the Internet is 100% secure. While we strive to protect your information, we cannot ensure or warrant the security of such information. The personally identifiable information we collect about you is stored in limited access servers. We will maintain safeguards to protect the security of these servers and your personally identifiable information.

Only those employees who need access to your Personal Information in order to do their jobs are allowed access, each having signed confidentiality agreements. Any employee who violates our privacy and/or security policies is subject to disciplinary action, including possible termination and civil and/or criminal prosecution.

We aim to protect and keep confidential all information which is voluntarily provided to us through this Website, and to treat such information with the same consideration and confidentiality as any information sent to us by the US mail or communicated to us by telephone. The nature of the Internet, however, prevents us from guaranteeing the confidentiality of information we receive through the Website or via e-mail. If you wish, you may contact us instead by telephone at (877) 772-0415.

12. Communications With Our Website.

If you have any questions about this Privacy Policy, the practices of this Website, or your dealings with this Website, please contact: 
      San Francisco City Option
      PO Box 194367
      San Francisco, CA 94119-4367
      employerservices@sfcityoption.org
13. Changes to Privacy Policy.

We may amend this Privacy Policy from time to time. Such changes will be publicly posted in this area of the Website. It is your responsibility to review the Website Privacy Policy each time you use this website. By continuing to use this website, you consent to any changes to our Website Privacy Policy.

14. Notice of Privacy Practice for Health Information.

San Francisco Health Plan, as a business associate of the Department of Public Health, is required by law to make your Employees’ health information private. We are also required to let you know of our privacy practices regarding protected health information (PHI). PHI means “protected health information” and will be used in the rest of this notice. We agree to follow the terms of this Notice of Privacy Policy.

How does SFHP use and share PHI?

SFHP stores health-related records, which may include:
  • Healthy San Francisco enrollment information;
  • Information to establish and maintain Medical Reimbursement Accounts; and
  • Any personal information that you or your Employees have voluntarily provided to us.
We use this information and share it with others for the following reasons:
  • Treatment. SFHP uses PHI to plan your Employees’ health care. For example, if your employee is a Healthy San Francisco participant, we share the Employee’s PHI with hospitals, clinics, physicians and other health care providers to help them provide care to the Employee.


  • Payment. SFHP uses and shares PHI to pay for health care services your Employees receive from Healthy San Francisco providers or arrange for reimbursement of your Employees’ eligible health care expenses from Medical Reimbursement Accounts.


  • Health Care Operations. SFHP uses and shares PHI, when needed, to help us as the third party administrator. For example, we use PHI to provide quality studies to the Department of Public Health.


  • Contractors and Agents. We share PHI with our contractors and agents who help us in the tasks listed above. Confidentiality agreements are obtained before we share information for payment or business purposes. For example, companies that provide or maintain our computer services may have access to computerized PHI when providing services to us.


  • Contacting Your Employees. We may contact your Employees to provide health reminders or re-enrollment information. We may also contact your Employees about other health services.
Can others involved in an Employee’s care get information about the Employee?

Yes, if we feel it is needed, we may release information to a friend or family member who is authorized to be involved in your Employee’s care, or is paying for your Employee’s care. This includes answering phone calls about program eligibility.

Can PHI ever be given without your Employees’ consent?

Yes, we may share PHI without your Employees’ consent. PHI can be shared with government agencies and others at times where we are required or authorized by law. The following is a list of when we can share PHI without your Employees’ consent:
  • Disclosures that are required by state or federal law.
  • Disclosures to agencies responsible for governing the health care system, for audits, inspections or investigations; or
  • Upon a receipt of a court order.
Are there any times when PHI is not released?

PHI may be covered under laws that may limit or stop some uses or disclosures. For example, there are limits on the sharing of PHI related to:
  • HIV/AIDS status,
  • mental health treatment,
  • developmental disabilities, and
  • drug and alcohol abuse treatment.
We comply with these limits in our use of PHI. We will not allow other sharing or uses of PHI without your Employees’ written consent. Please note, however, that SFHP does not hold any medical records.

Your Employees’ Individual Rights

What rights do your Employees’ have as participants in the San Francisco City Option Program?

Each of your Employees has the following rights:
  • The right to ask us to limit certain sharing and uses of PHI. SFHP is not required to agree to any restrictions requested by San Francisco City Option participants.
  • The right to ask us to be contacted only in writing or at a different address, post office box, or by telephone. We will accept requests when necessary to protect your Employee’s privacy.
  • If your Employee believes the information in our records is wrong, your Employee has the right to ask us to change it. We may deny the request. If the request is denied, your Employee has the right to submit a statement to be placed in the record.
  • The right to get a report of non-routine sharing of your Employee’s PHI that we have made. Your Employee’s request may be up to six years prior from the date of the request. There are some limitations. For example, we do not have records of :
    • information shared with your Employee’s consent;
    • information shared for the purposes of health care treatment, checking payment for health services, or conducting the health plan operations of SFHP;
    • information shared with your Employee; and
    • certain other disclosures.
What can your Employees do?

Your Employees can exercise any of their rights by sending a written letter to our Privacy Officer at the address listed below. To assist with the request, they may call us at the phone number listed below as well.

How does your Employee file a complaint if your Employee’s privacy rights are broken?

Your Employee has the right to file a complaint with our Privacy Officer. Your Employee must provide us with specific, written facts to support the complaint. Your Employee may also file a complaint with the Secretary of Health and Human Services. SFHP will not hold anything against your Employee in any way for filing a complaint. Filing a complaint will not affect the quality of health care services your Employee receives as a participant in the San Francisco City Option Program.

Contact SFHP at:
      San Francisco City Option
      PO Box 194367
      San Francisco, CA 94119-4367
Contact the Secretary of Health and Human Services at:
    Secretary of Health and Human Services
    Office for Civil Rights
    Mailing address:  200 Independence Avenue SW, Room 509F, HHH Building, Washington, DC  20201


© 2015 Department of Public Health Accessibility Statement Privacy Policy Terms and Conditions