Notice on California’s Consumer Privacy Acts

 

Scope of California law

 

As a global service provider, TELUS Health (US) Ltd., along with its subsidiaries and affiliates (“TELUS Health”), is committed to protecting the personal information of its clients and the users of its services, in accordance with all applicable federal, state and local laws. On January 1, 2020, the State of California put into effect the California Consumer Privacy Act (“CCPA”), followed by the California Privacy Rights Act (“CPRA”) in November 2020. These laws provide California residents with rights of control over their personal information by putting restrictions on how a company may “use” that data.

Businesses

The CCPA establishes several rights for California residents, such as the “right to know”, the “right to delete” and the “right to opt-out”. These rights impose requirements on a “business” that collects personal information and determine the “purposes and means” of permitted processing of any personal information collected.

However, businesses may also engage “service providers” to collect and process personal information on their behalf. In order for an organization to be a service provider, they must have a written contract in place that describes the approved uses of personal information, and that limits them to those uses that are necessary for fulfilling the obligations of the contract with the business.

Service Providers

Since TELUS Health engages with consumers in providing services to employers, insurance companies, schools, and other organizations, and has contractual language with those organizations limiting what we can do with consumer personal information, TELUS Health fits within the “service provider” role, as defined under the CCPA.

As a “service provider”, TELUS Health is not a “business” responsible for meeting the consumer rights identified in the CCPA. These obligations rest with the TELUS Health client as the “business”.

TELUS Health can support our “business” clients in assisting with their CCPA obligations when it comes to providing notice by directing clients to our privacy policy on the Internet and helping them understand how we work with personal information. In this way, our clients can include consistent language in any privacy notice they draft that could apply to circumstances where TELUS Health collects and uses consumers’ personal information. Although there may be instances in which we are not able to comply with a request, our clients may direct us to delete or rectify any personal information on behalf of individuals exercising their rights with the client.

HIPAA

Some of TELUS Health’s business units operate as Covered Entities under the federal Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), including those offering Employee Assistance Programs and iCBT services. The CCPA excludes any Protected Health Information (“PHI”) held by Covered Entities and therefore, for these business units, HIPAA governs our conduct with respect to any PHI involved.

TELUS Health understands that an individual’s rights around the control of their personal information is also a trust issue, rather than just a legal one. To that end, we are continuing to review and evolve our data handling practices to be respectful of the interests of our clients’ employees and the employees of any prospective partners with whom we may be evaluating a business relationship.

Contact Information

If you have any questions or concerns about this policy or TELUS Health's handling of your personal information, or if you want to make a complaint, please communicate in writing with our Data and Trust Office at:

By regular mail:

Data and Trust Office
TELUS Health (US) Ltd.
250 Royall Street
Suite 210W
Canton, MA 02021
United States

By electronic mail: privacy-vieprivee@telushealth.com

Please note that we may need to confirm your identity, request additional details and work with other TELUS Health departments to respond to you or to look into your concerns or complaint.

Changes to our Privacy Policy

We may modify this notice from time to time and will post the most current version online.

Last updated: July 2023