Virginia Enrollment Broker privacy notice
Last Updated: October 30, 2023
Maximus commitment to privacy
Thank you for visiting the Virginia Enrollment Broker (“VA EB”) Medicaid Managed Care Program Website (“Site”) and/or Application for mobile devices. Maximus operates this Site for the Virginia Department of Medical Assistance Services (“VA DMAS”). The Site is found at www.virginiamanagedcare.com. The Site and Application are designed to make it easier for you to interact with VA EB. It lets you compare health plans, find a doctor, and enroll in a health plan. This privacy notice governs your use of the Site/Application. Please read it before you access and use the Site/Application.
Privacy is a top priority at Maximus. We are committed to keeping your information secure and confidential. Maximus respects your privacy. This privacy notice shows our commitment to you.
This privacy notice applies to:
- Information we collect about you
- How we use the information we collect
- Choices you have about how we collect and use your information
This privacy notice does not apply to:
- Privacy practices for activities done outside your use of this Site/Application
- Websites other than this Site
- Applications other than this Application
- Products and services not available or enabled through the Site/Application
Contents
- Information we collect
- How we use and share the information we collect
- Virginia law
- Website time out
- Information we keep
- Website privacy notice
- Device and carrier information
- Cookies, “Do Not Track” signals, and Adobe Analytics
- Opt-out of cookies and Adobe Analytics
- Do Not Track
- Security
- Children
- Reviewing and correcting your information
- Information disclaimer
- Changes to this privacy notice
- How to contact us
Information we collect
To use some Site/Application features, you may be asked to give or verify your personal information. Maximus does not collect any personal information about you through this Site/Application unless you agree to give it.
When you enroll using this Site/Application, you are agreeing to give your personal information. We identify the data we need to give you the services or information you ask for. These are some things Maximus may ask you to give or verify (this is not a complete list):
- First and last name
- Mailing address, including ZIP or Postal Code
- County of residence
- Medicaid ID number
- Social Security number
- Date of birth
You may complete a transaction such as an enrollment application when you visit the Site/Application. Maximus uses the data you voluntarily give, including personal information, to complete the transaction and operate the VA EB program. We also use it to provide goods, services, and information.
Maximus has policies to protect the confidentiality of personal information that we get as we do business. Our privacy policies have standards to guard confidentiality, prohibit unlawful disclosure, and limit access to personal information such as Social Security numbers and Medicaid ID numbers. We use physical, technical, and administrative safeguards to protect personal information.
How we use and share the information we collect
The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104-191) governs how we collect and disclose information we collect through the Site/Application. Learn more about Health Information Privacy at HHS.gov.
When you give Maximus personal information, whether we ask for it or not, you consent to let Maximus collect and share the information with VA DMAS for the reasons you gave the information. You can read the VA DMAS Privacy Policy.
Except as stated below or as otherwise authorized by law, Maximus will only collect or disclose personal information through this Site/Application if you agree to let us collect or disclose that personal information. Maximus may collect or disclose personal information without your agreement when we need to:
- Perform our statutory duties as authorized by law or by state or federal statute or regulation
- Comply with valid legal processes such as a search warrant, subpoena, or court order
Maximus may also disclose personal information to federal or state law enforcement authorities to enforce our rights against unauthorized access or attempted unauthorized access to Maximus information technology assets.
Maximus may disclose personal information to our agents, affiliates, and subcontractors so they can perform certain functions relating to your enrollment.
Maximus does not share your personal information with unaffiliated third parties. We may use your information to improve the content, navigation, and efficiency of the Site/Application.
To make our Site/Application better for you, we may use and share with others aggregated or anonymous (not personally identifiable) information that we collect from usage data, surveys, or statistical information we gather about our users.
Virginia law
Maximus protects records according to our obligations defined by applicable Virginia Statutes. These include, but are not limited to, the Government Data Collection and Dissemination Practices Act (Code of Virginia § 2.2-3800), and the Administration of systems including personal information; Internet privacy policy; exceptions (Code of Virginia § 2.2-3803). We also comply with applicable U.S. Federal laws.
Website Time Out
For security, your URL online session is set up to end after 30 minutes of user inactivity. You will get a session timeout warning that lets you continue your session or log out. If you do not select either within one minute of the warning, your session will end.
Information we keep
Maximus keeps the information we collect through this Site/Application, including personal information you send, as required by our contract with VA DMAS. To learn more about the rules for keeping your information, mail your questions to the contact address below.
Website privacy notice
When you visit the Site/Application, our web server automatically collects and logs web usage data on behalf of VA DMAS to tell us how visitors use and navigate the Site. The data includes:
- Your Internet Protocol (IP) address
- Referring sites
- Pages viewed
- Browser type
- Operating system
- CPU speed
- Referring or exit web pages
- Length of visit
Device and carrier information
When you use the mobile Application, we may collect information about your device such as the device model, brand, operating system, or TCP-IP address. We may also collect your phone number and cell phone carrier name. Maximus will only keep this information as long as needed and use it as described in this notice.
Cookies, “Do Not Track” Signals, and Adobe Analytics
Like most websites, we use "cookies," "web beacons," and similar devices. They help you use the Site more efficiently. They also track your activities.
- A cookie is a small bit of data a web server sends to your browser. Only the server that gave it to you can read it. It is your ID card for the Site. It lets Maximus record your activities and preferences. It cannot be used as code or send viruses.
- A web beacon is a small transparent gif image. It is embedded in an HTML page or email. It tracks when the page or email was viewed.
Maximus uses cookies and similar devices to track your use of the Site, products and services you view, and information you download. We count the number of visitors per day. Our web servers log your computer’s IP/Internet address. Maximus does not allow the use of persistent (saved) cookies.
The Site uses Adobe Analytics. Adobe Analytics does not identify individual users. It does not link your IP address with any other data Adobe Analytics holds. Adobe Analytics reports help us understand Site traffic and webpage usage. To learn more, read the Adobe Privacy Policy.
Opt-out of cookies and Adobe Analytics
If you do not want your browser to accept cookies, you can change the cookie option in your browser settings. Some Site features or services may not work or be accessible without cookies. To learn more about Adobe Analytics tracking cookies, read the Adobe Cookies Policy. To learn about opting out, read Adobe Privacy Choices.
“Do Not Track”
"Do Not Track" is a preference you can set in your web browser. It tells websites you visit that you do not want them to collect information about you. The Site does not respond to "Do Not Track" or such signals.
Security
Maximus is strongly committed to protecting personal information collected through this Site/Application. We protect against unauthorized access, use, or disclosure. Maximus limits employee access to personal information collected through this Site/Application. Only those employees who need to access the Site/Application to perform their official duties can access it. All employees follow rules for disclosing personal information.
Maximus uses technical security measures and procedures to protect the personal information we collect through the Site/Application. We protect it from getting lost, misused, changed, or destroyed. We have Information Security and Privacy policies to protect data. We give our employees regular training on information security and privacy. Because the Internet is open and unsecured, Maximus cannot be responsible for the security of personal information sent over the Internet. We have a formal incident response plan in case of a data breach.
To protect your communications through the Site/Application, we authenticate, monitor, audit, and encrypt activity. You can tell if a website is secure by looking at the location (URL) field. The content comes from a secure server if the URL begins with https:// instead of http://. This means unauthorized persons cannot read or decipher your personally identifiable information. This is part of our commitment to protect your information. Despite our efforts, no security measures are completely secure. By using this system, you consent to monitoring and auditing.
Children
Maximus is committed to complying fully with the Children's Online Privacy Protection Act. We do not direct this Site/Application to or knowingly collect personal information from children younger than 13 years old. Maximus appreciates your cooperation with this federally mandated requirement.
Reviewing and correcting your information
We try to keep your information correct and up to date. To change or update any personal information in our program, write to Maximus at the address below. Give us as much detail as you can. To correct personal information you gave for the federal, state, or local governments we work with, contact that program’s customer service department. Read the section below on How to contact us.
Information Disclaimer
Information on this Site/Application is meant to give the public immediate access to public information. While we try to give accurate, current, and reliable information, Maximus understands that human and mechanical errors happen. Maximus and our employees, officers, and agents do not represent that information on this Site/Application is accurate, complete, up to date, or suitable.
Changes to this privacy notice
We update this privacy notice. When we do, we change the "Last updated" date at the top of the privacy notice. Check the Site/Application for our latest privacy notice. When you use the Site/Application after we change the “Last updated” date, it means you accept the changes.
How to contact us
If you have questions or concerns about your information, or to review and correct it, contact us by:
Toll-free phone number
1-800-643-2273 (TTY: 1-800-817-6608)
Maximus/VA Enrollment Broker
Attn: Mail Clerk
PO Box 2029
Richmond, VA 23219
If you have questions or concerns about this privacy notice, contact us by:
Maximus Privacy Official Office
1600 Tysons Boulevard, Suite 1400
McLean, VA 22102