Notice of May 2024 Security Incident
Need help with record requests?
Datavant Connect Login

Privacy Policy

Last Updated: February 6, 2025

Overview

Datavant is a health data platform company making the world’s health data secure, accessible, and actionable.

This Privacy Policy describes how Datavant (“Datavant,” “we,” and “us”) collects, uses, discloses, and protects Personal Information we collect about you or that you may provide when you interact with us or visit the websites listed below (the “Services”):

  • datavant.com
  • cioxhealth.com

Personal Information” is information that identifies, relates to, describes, is capable of being associated with, or could reasonably be linked, directly or indirectly, with you or members of your household. 

By accessing our websites or using the Services, you agree to this Privacy Policy. We may update this policy at any time, and future updates are effective as soon as they are published.  If you are interested, you should check back from time to time and make sure you have reviewed the most current version of the policy. 

This policy does not apply to any third-party content or websites that may be accessible through links on our websites. Datavant is not responsible for the content or privacy practices of other sites. We encourage you to be aware when you leave our websites or engage with media hosted by third parties and to read the privacy statements of any other website that collects your information. 

Table of Contents

Personal Information We Collect and How We Collect It

Cookies and Similar Tracking Technologies

Our Careers Page

SMS / Text Messaging

How We Use Your Personal Information

How We May Disclose Your Personal Information

How We Maintain and Protect Your Personal Information

Data Retention

Data Security

International Transfers

Your Choices About How We Use and Disclose Your Personal Information

EU/UK Data Subjects

U.S. State Privacy Rights

Disclosures for California Residents

Datavant is a Service Provider

Children’s Data

How to Contact Us

Personal Information We Collect and How We Collect It

We may collect the following categories of Personal Information about you:

  • Identifiers, such as your name, mailing address, email address, phone number, and account numbers. Typically, we collect this information from you directly to contact you regarding administrative notices, the Services, or your interactions with us, such as through an employment application.
  • Internet and other electronic activity information, such as your Internet Protocol (IP) address (which may tell us generally where you are located), language preference, browsing history, browser preferences, and type of device or system you use. Your browser may also tell us the time and date of your interactions with us or the Services, the page that led you to our websites, or what you typed into a search engine that led you to our websites. Typically, we collect this information through cookies and other data collection technologies to understand how you use our website.
  • Commercial information, such as financial and payment information, including credit card information. Typically, we collect this information from you to process payments for the Services or related to a business arrangement with you.

If you contact us about career opportunities, we may also collect additional Personal Information about you (in addition to the Personal Information listed above), as further described in the section titled “Our Careers Page.”

We collect Personal Information: 

  • Directly from you, when you send us email messages, apply for a career opportunity, submit forms or feedback through our websites, complete transactions through our websites, or otherwise provide your information to us.
  • Automatically as you navigate our websites, through cookies and similar data collection technologies, as further described in the “Cookies and Similar Tracking Technologies” section.
  • From third parties, including our marketing partners, recruiting partners, and background check providers, or if applicable, United Kingdom Disclosure and Barring Service providers.

Cookies and Similar Tracking Technologies

Our websites and some of our online Services use cookies. Cookies may improve and/or simplify the use of Datavant’s websites and online Services. Of note:

  • Strictly necessary cookies. We use strictly necessary cookies on our websites and online Services to support critical site functions.
  • Third party analytics. We use third parties, such as Google Analytics, to evaluate usage of our website. These entities may use cookies and other tracking technologies to perform their services. You can learn more about how Google Analytics uses this information on the Google website. We may also use other analytic means to evaluate and improve our website and your experience.
  • How we respond to “Do Not Track” signals. Some web browsers incorporate a “Do Not Track” (“DNT”) or similar feature that signals to websites that a user does not want to have his or her online activity and behavior tracked. If a website that responds to a particular DNT signal receives the DNT signal, the browser can block that website from collecting certain information about the browser’s user. Not all browsers offer a DNT option and DNT signals are not yet uniform. For this reason, many digital service operators, including Datavant, do not recognize or respond to DNT signals.  For more information about “do not track,” visit allaboutdnt.org.

Most web browsers can be set to inform you when a cookie has been sent to you and provide you with the opportunity to refuse that cookie. Refusing a cookie will generally not interfere with your use of our website or Services. However, refusal of a cookie may, in some cases, preclude you from using, or negatively impact the display, feature, or function of, our website and Services.

Our Careers Page

We use our Careers Page to help facilitate our recruitment process. When you contact us through our Careers Page about career opportunities at Datavant, we may ask you for certain information so we can evaluate you as a candidate and meet certain legal obligations. The information you provide directly to our Careers Page as part of the application process is collected with your consent and is collected in addition to the information you provide through our websites and Services (listed above). It may include:

  • Contact information (including telephone numbers and email addresses)
  • Details of your qualifications, skills, experience, and education
  • Information about your employment history and salary, including references
  • Whether you have a disability for which we can make reasonable accommodations during the recruitment process
  • Information about your legal status to perform the position for which you apply in the region where the position is based
  • Protected class and demographic information, such as your age, race, military or veteran status, gender, and background check information relating to your criminal history, if any
  • Other records about you, such as your signature and identity verification information

During the recruitment process, you may provide Personal Information to us in the following ways:

  • The application form on the Careers Site
  • Your resume or CV (if you submit one with your application)
  • Assessments administered during the recruitment process
  • Copies of transcripts or other documentation you submit while applying
  • Information collected from third parties, including previous employers and educational institutions

The information you provide to us during the recruitment process is retained and processed as we evaluate you for a career opportunity. We may use this information for purposes such as:

  • Evaluating your candidacy for a position at Datavant
  • Contacting you during our recruitment process
  • Hiring you if you accept a job offer from Datavant
  • Processing and storing your information for internal tracking metrics
  • Processing your information consistent with legal or regulatory requirements

When you provide your information to Datavant as part of the recruitment process, your information may be shared with Datavant personnel and certain third-party software and service providers working with Datavant, such as Greenhouse. Datavant personnel include members of the people and talent acquisition teams, interviewers involved in the recruitment process, personnel in the business area to which you are applying, and information technology staff. Other third-party service providers or contractors may also have access to your information including, for example, if we reach out to references or conduct background checks.

In addition to processing your information with your consent, Datavant has a legitimate interest in processing your data to manage our recruitment process and assess whether you are a viable candidate for a career at Datavant. All applicants, regardless of location, may opt out of any future contacts from Datavant at any time.

SMS / Text Messaging

If you are applying for a job, you may opt-in to communicate with us via SMS or text messaging. Your information obtained as part of the consent process will not be shared with third parties. SMS/text messaging may be used for scheduling purposes and for sharing information about your application status, onboarding materials, or other employment-related updates. Messaging frequency may vary, and message and data rates may apply.  If you have given us consent to send you SMS or text messages, you can opt out at any time by texting "STOP."  You can seek assistance by texting "HELP" or contacting us.

How We Use Your Personal Information

In addition to the collection purposes described above, we may also collect Personal Information for the following reasons:

  • For the specified purpose(s) for which you provide it
  • To maintain and service your account
  • To administer and improve our website
  • To evaluate your job application and support the application process
  • To aggregate with other individuals’ Personal Information to better understand or improve our websites and Services 
  • To communicate with you and respond to your inquiries 
  • To promote our websites, products, and Services
  • To comply with legal, regulatory, and risk management obligations

Some information we collect may be considered Sensitive Personal Information, such as your financial account information. We use and disclose your Sensitive Personal Information only for the following limited business purposes: (i) performing services an average person would expect; (ii) detecting security incidents; (iii) addressing malicious, deceptive, or illegal actions; (iv) ensuring the physical safety of individuals; (v) for short-term, transient use; (vi) performing or providing internal business services, including employee services if you are an employee; and (vii) verifying or maintaining the quality or safety of a service or product.

How We May Disclose Your Personal Information

We may disclose your Personal Information in one or more of the following ways:

  • To our affiliates. We may share your Personal Information with our affiliates, which are required to honor this Privacy Policy. Affiliates include our parent company and any other subsidiaries, joint venture partners, or other companies that we control or that are under common control with us.
  • To our service providers. We may share your Personal Information with third parties that provide services to us. We may use third-party service providers to host the Services, process job application, perform website analytics, and gather and use on our behalf your Personal Information as contemplated by this Privacy Policy and applicable law. It is our policy to require such third parties to process your Personal Information only on our behalf to protect your information as much as is commercially reasonable.
  • In connection with a legal right or obligation. We may investigate and disclose information from or about you if we have a good faith belief that such investigation or disclosure is (a) reasonably necessary to comply with legal process and law enforcement instructions and orders, such as a search warrant, subpoena, statute, judicial proceeding, or other legal process served on us; (b) helpful to prevent, investigate, or identify possible wrongdoing in connection with the Services; or (c) protect our rights, reputation, property, or that of our users, affiliates, or the public.
  • In a transaction. If we, or any of our businesses, are sold or disposed of as a going concern, whether by merger, reorganization, sale of assets or otherwise, or in the event of an insolvency, bankruptcy or receivership, any and all Personal Information, including your account information, may be one of the assets sold or merged in connection with that transaction. Information about you may also need to be disclosed in connection with a commercial transaction where we or any one of our businesses are seeking financing, investment, support or funding. In such transactions, Personal Information will be subject to the promises made in any pre-existing Privacy Policy in effect when the information was obtained.
  • With individuals to whom you direct us, such as your employer, colleagues, or references (such as in the case of a job application).
  • With your consent

Datavant may create, use, or disclose de-identified information so long as the entities to whom Datavant discloses such de-identified data are prohibited from re-identifying or attempting to re-identify the information.

We do not sell your Personal Information to third parties in exchange for monetary or other valuable consideration, nor do we share your Personal Information with third parties for cross-contextual behavioral advertising.

How We Maintain and Protect Your Personal Information

Data Retention

We retain your Personal Information for only as long as we need it to provide our products and services, operate our business, and comply with our legal obligations. When we decide how long to keep your Personal Information, we keep in mind the nature and sensitivity of the information, the potential harm from unauthorized use, the reasons we collected the Personal Information, and our legal obligations.

For Personal Information collected through our Careers Page, we will retain it for as long as it makes use of such information as a part of the recruitment process and for other permitted purposes. If your application for employment is successful, information gathered during the recruitment process will be added to your human resources file and may be retained throughout your employment with Datavant.

Data Security

The security of your Personal Information is important to us. We have adopted safeguards to protect Personal Information from misuse, interference and loss, as well as from unauthorized access, modification or disclosure. These safeguards include:

  • Using encryption when collecting or transferring sensitive information
  • Limiting physical access to our premises
  • Limiting access to the information we collect about you
  • Ensuring that we and our business partners have appropriate security safeguards to keep Personal Information secure
  • Where required by law, destroying or de-identifying Personal Information

Communications between your browser and portions of the online Services containing Personal Information are protected with Secure Socket Layer (“SSL”) encryption. This encryption is to help protect your information while it is being transmitted. Once we receive your Personal Information, we use commercially reasonable efforts to maintain the physical and electronic security of such information.

NO DATA TRANSMISSION OVER THE INTERNET OR ANY WIRELESS NETWORK CAN BE GUARANTEED TO BE PERFECTLY SECURED. AS A RESULT, WHILE WE STRIVE TO PROTECT YOUR PERSONAL INFORMATION USING COMMERCIALLY AVAILABLE AND INDUSTRY STANDARD TECHNOLOGY, WE CANNOT ENSURE OR GUARANTEE THE SECURITY OF ANY INFORMATION YOU TRANSMIT TO US, AND YOU DO SO AT YOUR OWN RISK.

If we determine that your Personal Information has or may reasonably have been disclosed due to a security breach of our systems, we will notify you in accordance with and to the extent required by applicable law using the information that we have on file.

International Transfers

We may transfer your Personal Information among our affiliates and to our business partners, in connection with the purposes described in this Privacy Policy. This may involve the transfer of your Personal Information to countries outside your home country or region, including outside the European Economic Area if that is your region, which may have a different level of data protection from your home country. 

Such countries may include, without limitation, the United States, the United Kingdom, Ireland, and other countries in which we, our affiliates, or our business partners maintain facilities. To adequately protect the transfer of your Personal Information, we enter into written contractual arrangements (as appropriate) with our affiliates and business partners for such transfers or rely on other legally approved transfer mechanisms. We take reasonable technical and organizational measures to safeguard Personal Information we transfer.

Your Choices About How We Use and Disclose Your Personal Information

EU/UK Data Subjects

Where the processing of your Personal Information is subject to EU or UK data protection laws, you have the following data subject rights:

  • Access: You may request access to your personal data, as that term is defined in the EU or UK General Data Protection Regulation, as applicable.
  • Rectification: You may request correction of your personal data.
  • Erasure: You may request erasure of your personal data.
  • Objection: You may object to some processing of your personal data.
  • Restriction: You may request restriction of processing of your personal data.
  • Portability: You may request transfer of your personal data to you or a third party.
  • Withdrawal of consent: You may withdraw your consent to processing your personal data.
  • Automated decision-making: You may request not to be subject to a decision made about you that is based solely on automated processing, if that decision produces legal or similarly significant effects concerning you.

Please note that these rights are not absolute and in certain cases are subject to conditions specified in law. In addition to the above, you have the right to lodge a complaint with a supervisory authority if you consider that our processing of your Personal Information infringes applicable data protection law.

If you have questions related to Personal Information held by an organization that is a Datavant customer or business partner, you should reach out to that organization directly. If you have any questions about the type of Personal Information we hold about you (for example, if you have applied for a job via our Careers Page or submitted your contact information to Datavant via the forms on this website), please contact us.  If you wish to request deletion or correction of Personal Information we hold about you, or to submit a request to exercise any other data subject right, please complete our Data Request Form. While we will make reasonable efforts to accommodate your request, we reserve the right to reject such requests or to impose restrictions or requirements upon such requests if required or permitted by law.

U.S. State Privacy Rights

Certain U.S. States provide their residents with consumer privacy rights, such as:

  • Right to access/know. You have the right to request to know the categories and specific pieces of Personal Information we have collected about you; the categories of sources from which that Personal Information was collected; and how we have sold, shared, or otherwise disclosed your Personal Information.
  • Right to correct. You may have the right to request that we correct inaccurate personal information that we maintain about you.
  • Right to deletion. You have the right to request that we delete the Personal Information that we have collected or maintain about you. We may deny your request under certain circumstances, such as if we need to comply with our legal obligations or complete a transaction for which your Personal Information was collected. If we deny your request for deletion, we will let you know the reason why.
  • Right to opt out of the sale or sharing of your Personal Information. You have the right to opt out of the sale or sharing of your Personal Information. Datavant does not sell or share (for targeted advertising purposes) your Personal Information. If we change our business practices, we will update this policy, notify you, and honor your right to opt out. 
  • Right to limit or opt out of additional processing activities, for example, certain uses or disclosures of sensitive personal information and profiling in furtherance of decisions that produce legal or similarly significant effects.

The exact scope of these rights varies by State. To exercise any of the above rights, please complete our Data Request Form or contact us. While we will make reasonable efforts to accommodate your request, we reserve the right to reject such requests or to impose restrictions or requirements upon such requests if required or permitted by applicable law.

If you choose to exercise any of these rights, we will not discriminate against you in any way. Exercise of certain rights may cause you to be unable to use or access certain features of our Services.

Datavant will take steps to verify your identity before processing your request to know or request to delete. We will not fulfill your request unless you have provided sufficient information for us to reasonably verify you are the individual about whom we have collected Personal Information.

You may use an authorized agent to submit a request. When we verify your agent’s request, we may verify both your and your agent’s identity and request a signed document from you that authorizes your agent to make the request on your behalf. To protect your Personal Information, we reserve the right to deny a request from an agent that does not submit proof that they have been authorized by you to act on their behalf.

Certain laws may give you a right to appeal any denials of your request to exercise your rights. If we deny your request and you would like to submit an appeal, please contact us.

Disclosures for California Residents

California residents have the rights to knowledge, access, correction, and deletion of their personal information, as well as opt-outs rights, as described in the “U.S. State Privacy Rights” section above. 

We do not do any of the following:

  • Sell or share the personal information of California consumers (as those terms are defined under California law)
  • Discriminate in response to privacy rights requests
  • Use or disclose sensitive personal information for any purposes that would require a user to exercise a right to limit according to California law
  • Use the personal information of California consumers for automated decision making (profiling)

Personal Information We Collect. In the preceding 12 months, Datavant has collected the categories of Personal Information detailed in the “Personal Information We Collect and How We Collect It” section above, summarized as follows:

 

Category

Examples

Collected

A. Identifiers

Name, alias, postal address, unique personal identifier, online identifier, Internet Protocol address, email address, account name, Social Security number, driver’s license number, passport number, or other similar identifiers

Yes

B. Personal information categories listed in the California Customer Records statute (Cal. Civ. Code § 1798.80(e))

Name, signature, Social Security number, physical characteristics or description, address, telephone number, passport number, driver’s license or state identification card number, insurance policy number, education, employment, employment history, bank account number, credit card number, debit card number, or any other financial information, medical information, or health insurance information

Yes

C. Protected classification characteristics under California or federal law

Age (40 years or older), race, color, ancestry, national origin, citizenship, religion or creed, marital status, medical condition, physical or mental disability, sex (including gender, gender identity, gender expression, pregnancy or childbirth and related medical conditions), sexual orientation, veteran or military status, genetic information (including familial genetic information)

Careers Page only

D. Commercial information

Records of personal property, products or services purchased, obtained, or considered, or other purchasing or consuming histories or tendencies

Yes

E. Biometric information

Genetic, physiological, behavioral, and biological characteristics, or activity patterns used to extract a template or other identifier or identifying information, such as, fingerprints, faceprints, and voiceprints, iris or retina scans, keystroke, gait, or other physical patterns, and sleep, health, or exercise data

No

F. Internet or other similar network activity

Browsing history, search history, information on a consumer’s interaction with a website, application, or advertisement

Yes

G. Geolocation data

Physical location or movements

No

H. Sensory data

Audio, electronic, visual, thermal, olfactory, or similar information

No

I. Professional or employment-related information

Current or past job history or performance evaluations

Careers Page only

J. Non-public educational information

Education records directly related to a student maintained by an educational institution or party acting on its behalf, such as grades, transcripts, class lists, student schedules, student identification codes, student financial information, or student disciplinary records

No

K. Inferences drawn from other personal information

Profile reflecting a person’s preferences, characteristics, psychological trends, predispositions, behavior, attitudes, intelligence, abilities, and aptitudes

Yes

L. Sensitive personal information

Social Security, driver’s license, state identification card, or passport number; account login, financial account, debit card, or credit card number in combination with any required security or access code, password, or credentials allowing access to an account; racial or ethnic origin

Yes


The purposes for which Datavant collects, uses, and discloses Personal Information are described above in this Privacy Policy. 

Disclosures of Personal Information for a Business Purpose. During the past 12 months, we have disclosed the following categories of personal information to our third-party service providers for a business purpose:

  • Category A: Identifiers
  • Category B: Records about you
  • Category C: Protected class and demographic information
  • Category D: Commercial information
  • Category F: Internet or other electronic network activity information
  • Category I: Professional or employment-related information
  • Category L: Sensitive personal information

Third Party Marketing. This Privacy Policy describes how we may share your Personal Information, including for marketing purposes. California residents are entitled to request and obtain from Datavant once per calendar year information about any of your Personal Information shared with third parties for their own direct marketing purposes, including the categories of information and the names and addresses of those businesses with which we have shared such information. To request this information and for any other questions about our privacy practices and compliance with California law, please contact us

Datavant is a Service Provider

We are primarily a service provider for other businesses across the healthcare ecosystem. While providing services for other businesses, we may collect your Personal Information from other organizations and our business customers. Generally, the businesses we serve are responsible for determining how we may use and share your Personal Information.

Some Personal Information is considered “protected health information” that is subject to the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). We may receive this information from HIPAA “covered entities” to provide services for them or on their behalf. Protected health information that we collect, maintain, create, transmit, or access while providing services for or on behalf of a covered entity is protected consistent with HIPAA. 

Children’s Data

Our Services are not directed at or intended for children, which we consider to be an individual under the age of 13 or the equivalent age as specified by law in your jurisdiction. We do not knowingly collect personal information from children through our website. If you are a child as understood by laws of your state or country, please do not submit any Personal Information through our website. If we learn we have collected or received personal information from a child without verification of parental consent, we will delete that information. If you believe we might have any information from or about a child, please contact us.

How to Contact Us

If you have questions about this Privacy Policy, contact us at dataprivacy@datavant.com or by mail at:

Datavant
Attention: Compliance
2222 W. Dunlap Avenue, Suite 250
Phoenix, AZ 85021

You can also report concerns to Datavant’s Corporate Compliance Connection (C3) compliance hotline online or by calling us toll-free at 844-882-3809.

If you have questions about your medical information maintained by a healthcare organization or other entity that partners with Datavant, please reach out to that organization using the contact information in their privacy policy.

Datavant is a health data platform company. We make the world’s health data secure, accessible, and actionable.

Datavant drives data connectivity into action by offering a proprietary platform and network that deliver critical solutions across the healthcare ecosystem. Datavant enables more than 60 million healthcare records to move between thousands of organizations, more than 70,000 hospitals and clinics, 70% of the 100 largest health systems, and an ecosystem of 300+ real-world data partners.

© 2024 Datavant. All Rights Reserved.
Privacy PolicyEEO