Website and Mobile Privacy Policies

Website and Mobile Application Privacy Policies


Welcome to the Quartz Health Solutions, Inc. (“Quartz”) website. We appreciate your interest in us. Quartz’s Website and Mobile Application Privacy Policy lets you know how Quartz collects information through your use of the website. It also lets you know what we do with the information we collect. The Website and Mobile Application Privacy Policy only applies to Quartz’s website, and to the Quartz MyChart mobile application. It does not apply to other ways you might communicate with us, such as telephone or in-person communications. Terms such as “we”, “our”, or “us” refer to all companies in the Quartz family, including current and future affiliated entities. This website and our mobile applications are intended for an audience in the United States of America. The information you provide will be transferred and processed by a computer server located within the United States of America.

Tracking, Monitoring, and Cookies

This site is owned and operated by Quartz Health Solutions, Inc. Any activity on this site is subject to monitoring by Quartz at any time. Quartz uses technologies, including but not limited to single session “cookie” technology. Cookies are used to gather information from visitors to our website. You may disable the use of cookies at any time. If you do so, this may limit your ability to use all aspects of our website. Quartz does not respond to web browser “Do Not Track” signals at this time.

Quartz uses third-party vendors to use technologies, including but not limited to cookie technology, to gather information from visitors to our website. This includes information such as which web browser was used to read our website and which websites referred you to our site. Quartz does not control these third-party vendors’ technologies or their privacy practices. Quartz also uses third-party vendors to gather, aggregate, and analyze data such as the number of users to the site, the pages visited, and user demographics, to provide, maintain and improve our services. No personally identifiable information is collected when Quartz or its third-party vendors gather such information. Quartz reserves the right to use and share or disclose this information with others unless otherwise restricted by this Privacy Policy or applicable law.

We do not collect personally identifiable information about you unless you voluntarily provide it to us. Personally identifiable information is any information or data that is unique to an individual such as a name, Social Security Number, address, birth date, etc. Parts of the Quartz website may allow you to provide Quartz with personally identifiable information in order for Quartz to provide requested products, services, or materials to you, or to respond to your questions. The personally identifiable information you provide is used only for the stated purposes on that website page. Quartz does not sell, license, transmit or disclose personal information that you provide to us outside of Quartz, and its affiliated companies, except with the following exceptions:

  • If all or part of the company is sold, merged, dissolved, acquired, or other similar business transactions occur
  • If we receive a lawful court order, subpoena, or search warrant requesting such information
  • If a law or regulation requires us to share the information
  • If we choose to work with law enforcement when they investigate and/or prosecute illegal or harmful activities
  • If we choose to investigate activities that violate our rules

It is your choice to provide personal information to us through this website. You do not have to provide personal information if you do not want to. That may limit your ability to use certain parts of the website. Please contact Quartz Customer Service to learn how to obtain products, services, or materials, or have your questions answered, in a different manner.

Quartz will not intentionally collect any personal information from children under the age of 13 through our website without first obtaining parental consent. If you think we have collected personal information from a child under the age of 13 through this website please contact Quartz Customer Service.

Protecting Social Security Numbers

Quartz protects personally identifiable information, including any Social Security Number Quartz receives during the course of business. Quartz uses various physical, technological, and administrative safeguards designed to protect against unauthorized access of your Social Security Number.


Quartz takes the duty to protect your personally identifiable information seriously. We strive to keep your data safe by using industry-proven best practices. Quartz protects the confidentiality of the data you submit through this website by encrypting sensitive information. Encryption is a way of concealing and securing data. Quartz uses a 128-bit Secure Socket Layer (SSL). Quartz uses a system of firewalls to help protect our private network from unauthorized Internet users. Quartz continually checks the whole system and makes sure data is secure. We use an Intrusion Prevention System (IPS) and other monitoring tools. These tools alert our security team so that they can find and block attacks against our systems. Quartz analyzes data in real time to check for threats. We also check to make sure that everything is working properly. Data is collected from all security and network hardware, software and systems. Quartz has back-up systems and a disaster recovery plan in place. This means that all critical systems and data will continue be safe and available. This is a common way to prepare for a range of problems that can include power outages or natural disasters.

Despite these best efforts, Quartz cannot guarantee the security of our website. We cannot guarantee that the personal information sent or submitted through our website will not be intercepted while being transmitted to us. We are not liable for the acts of malicious third parties.

Effective Date

The effective date of this policy is September 1, 2018.

Updates to the Website Privacy Policy

We may update this Website Privacy Policy. If we update the Website Privacy Policy we will publish the updated version on our website. We will let you know that updates were made, what options you have (if applicable).

The Quartz family of companies is comprised of Quartz Health Benefit Plans Corporation, Quartz Health Plan Corporation, Quartz Health Plan MN Corporation, Quartz Health Insurance Corporation, and Quartz Health Solutions, Inc. These companies are separate legal entities. For more information, see our Companies and Licenses page.

Mobile Application Privacy Policy


Quartz takes very seriously its obligation to protect the confidentiality of your personal information. The Quartz MyChart mobile application for members is available for iOS and Android. These Applications connect to servers and systems operated and maintained by Quartz to provide secure, mobile access to those systems and your health information.

This Privacy Policy

This Privacy Policy describes how the Quartz MyChart mobile applications use, store, and transmit information and data. Quartz may modify this Privacy Policy at any time effective upon its posting. Your use of our Applications constitutes your acceptance of this Privacy Policy and any updates. Your use of our Applications is subject to the applicable Applications’ End User License Agreement.

Effective Date

The effective date of this policy is May 18, 2021.


This Privacy Policy lets you know what limited information you provide to us when you use our Applications and what we do with that information. 

Your Personal Information

Our Applications and the Limited Ways in Which Quartz Uses Your Information

Quartz does not sell or license any information that you may provide to us as you use our Applications.

Except for those things stated below, our Applications do not send your personal information directly to Quartz. They do not store any of your data on your device or in the cloud-based storage solution associated with your device (i.e., iCloud or the equivalent).

Quartz attempts to minimize the amount of your personal or health information stored or retained on your device. Nevertheless, our Applications may:

  • Store a copy of a picture on your device if you choose to add a photo to your profile.
  • Create encrypted identifiers to identify target healthcare providers for HealthKit or Google Fit data if you are using HealthKit or Google Fit.
  • Temporarily store your personal information in memory or on the device while you use our Applications.

In addition, to provide certain features, our Applications may request information from servers and systems owned or operated by Quartz. Those servers and systems may record technical information about that request, such as an IP address and data related to the type of device, platform, location data, and operating system you use with our Applications.

HealthKit and Google Fit

With your permission, specific versions of our Applications can connect to Apple HealthKit or Google Fit to receive health information and share that information with your healthcare providers.

Our Applications do not share your health information with HealthKit, Google Fit, or other software-enabled with HealthKit or Google Fit.

How We Protect Your Personal Information

The security of your information and data while using our Applications is critical to us. Our Applications employ various technical safeguards to protect the confidentiality, integrity, and availability of your personal information, including supporting Transport Layer Security (TLS)/Secure Sockets Layer (SSL) certificate technology and encryption.

In addition, healthcare providers with whom you connect may use various physical, administrative, and technical measures to protect your personal information.

Contact Quartz

If you have any questions about this Privacy Policy or Security measure we utilize, you may contact Quartz Customer Service.

To learn more about how Quartz uses and protects your personal information, please read our Notice of Privacy Practices/Aviso Sobre Las Normas de Privacidad.

You may print a copy for your records or request a copy by calling a Customer Service representative at (800) 897-1923.

Centers for Medicare & Medicaid Services


The Centers for Medicare and Medicaid Services (CMS) released the Interoperability and Patient Access final rule on March 9, 2020. This final rule requires most CMS-regulated-payers – specifically, Medicare Advantage (MA) organizations, Medicaid Fee-For-Service (FFS) programs, CHIP FFS programs, Medicaid managed care plans, CHIP managed care entities, and Qualified Health Plan (QHP) issuers on the Federally-facilitated Exchanges (FFEs), excluding issuers offering only Stand-alone dental plans (SADPs) and QHP issuers offering coverage in the Federally-facilitated Small Business Health Options Program (FF-SHOP) – to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) (using Health Level 7® (HL7) Fast Healthcare Interoperability Resources® (FHIR) Release 4.0.1) that allows patients to easily access their claims and encounter information including cost, specifically provider remittances and enrollee cost-sharing, as well as a defined sub-set of their
clinical information through third-party applications of their choice. This rule also requires these payers to make resources regarding privacy and security available to all patients.

In the CMS Interoperability and Patient Access proposed rule, we asked stakeholders what kinds of information we could make available to help payers meet these requirements. Commenters asked us to provide sample information they could consult when producing their patient resource materials.

This document provides an overview of what is required to be included in a payer’s patient resource document and some content payers may choose to use to help meet this requirement. Use of this document is not required; this is meant to support payers as they produce patient resources tailored to their patient population.

What the Rule Requires

The final rule requires impacted payers to provide in an easily accessible location on their public websites, or through other channels used for regular communication with patients, educational resources in non-technical, simple, and easy-to-understand language that explains, at a minimum:

The CMS Interoperability and Patient Access final rule also encourages impacted payers to ask third-party app developers to attest to having certain provisions in their privacy policy. Payers that ask for this attestation should share with the patient a clear explanation of what the attestation is asking and how the process will work as part of their educational resources. It is important to make sure patients understand that if an app developer is asked to attest and does not respond to this request or attests negatively, the patient will have an opportunity to change their mind about sharing their data. But, if the patient does not actively respond to the payer within the period of time clearly communicated to them by the payer, the patient’s data will be shared as they originally requested.

Helpful Information for Payers Creating Educational Resources for their Patients

What are important things patients should consider before authorizing a third-party app to retrieve their health care data?

It is important for patients to take an active role in protecting their health information. Helping patients know what to look for when choosing an app can help patients make more informed decisions. Patients should look for an easy-to-read privacy policy that clearly explains how the app will use their data. If an app does not have a privacy policy, patients should be advised not to use the app. Patients should consider:

If the app’s privacy policy does not clearly answer these questions, patients should reconsider using the app to access their health information. Health information is very sensitive information, and patients should be careful to choose apps with strong privacy and security standards to protect it.

What should a patient consider if they are part of an enrollment group?

Some patients, particularly patients who are covered by Qualified Health Plans (QHPs) on the Federally-facilitated Exchanges (FFEs), may be part of an enrollment group where they share the same health plan as multiple members of their tax household. Often, the primary policyholder and other members can access information for all members of an enrollment group unless a specific request is made to restrict access to member data. Patients should be informed about how their data will be accessed and used if they are part of an enrollment group based on the enrollment group policies of their specific health plan in their specific state. Patients who share a tax household but who do not want to share an enrollment group have the option of enrolling individual household members into separate enrollment groups, even while applying for Exchange coverage and financial assistance on the same application; however, this may result in higher premiums for the household and some members, (i.e. dependent minors, may not be able to enroll in all QHPs in a service area if enrolling in their own enrollment group) and in higher total out-of-pocket expenses if each member has to meet a separate annual limitation on cost-sharing (i.e., Maximum Out-of-Pocket (MOOP)).

What are a patient’s rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here:

You may also want to share with patients the HIPAA FAQs for Individuals:

Are third-party apps covered by HIPAA?

Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

The FTC provides information about mobile app privacy and security for consumers here:

What should a patient do if they think their data have been breached or an app has used their data inappropriately?

Payers should clearly explain to patients what their policy is for filing a complaint with their internal privacy office. In addition, payers should provide information about submitting a complaint to OCR or FTC, as appropriate.

To learn more about filing a complaint with OCR under HIPAA, visit:

Individuals can file a complaint with OCR using the OCR complaint portal:

Individuals can file a complaint with the FTC using the FTC complaint assistant:

Disclaimer: This educational product was prepared as a service to the public and is not intended to grant rights or impose obligations. This educational product may contain references or links to statutes, regulations, or other policy materials. The information provided is only intended to be a general summary. It is not intended to take the place of either the written law or regulations. We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents. Paid for by the Department of Health & Human Services.

Contact Us

Quartz is committed to providing superior customer service. That's one reason we offer so many ways to reach us.