We Earn Trust
We Respect Restricted, Confidential, and Internal Use Only Information
We appreciate the trust our team members, customers, and other third parties place in Change Healthcare when they provide us with their restricted, confidential, and internal use only information. We exercise care and discretion when handling such information.
We all have an obligation to safeguard information not only about our team members and Company, but also about the companies with which we do business. Once we know what information needs to be protected, we can be sure to handle it appropriately.
We Respect the Restricted, Confidential, and Internal Use Only Information of Others
Our customers, business partners and team members trust us to respect and protect personally identifiable (PI) and other sensitive information. PI is any piece of information that can be used to uniquely identify a specific person, such as name, address, photo, birth date, phone number, social security number, or health, credit or financial information. PI is protected under various federal, state, and international privacy, security, healthcare, credit, and financial laws. We collect, store, access, use, share, transfer, and dispose of PI responsibly.
Given our role in the healthcare industry, we also receive, collect, maintain, use or create a particular type of PI, known as protected health information (PHI). We also respect and protect the sensitive nature of PHI and carefully maintain its confidentiality. See the Change Healthcare HIPAA Privacy Policy and the HIPAA Work Rules for detailed guidance on the handling of PHI.
You must follow the Company’s privacy protection policies, which among other things require you to collect, access, use, share, transfer, and dispose of PI and PHI only as necessary to do your job.
We Respect Team Members' Private, Sensitive, and Confidential Information
We respect our team members and carefully protect their personally identifiable and sensitive information. We collect, store, access, use, transfer, and dispose of this information in compliance with applicable laws. We only allow access to this information to team members who have a business need to know the information. All third parties who are allowed access to team members’ personally identifiable and sensitive information must abide by our privacy requirements.
We Protect Confidential Business Information
We have an obligation to protect not only personally identifiable information, such as PI and PHI, but also information that drives our business – information with which we work or may know about as Change Healthcare team members. We use our Restricted, Confidential, and Internal Use Only information for business purposes, not for personal use or gain. Before disclosing any of our non-Public business information, we make sure there are legitimate business reasons to do so. We don’t share any of our non-Public business information with anyone outside of Change Healthcare unless a non-disclosure or other appropriate confidentiality agreement is in place.
If we are new to Change Healthcare, we protect our former employer‘s non-Public information. If we leave Change Healthcare, we return all non-Public information and do not share it with our new employer.
Restricted, Confidential, and Internal Use Only Information
Help Respect Restricted, Confidential, and Internal Use Only Information
- Comply with applicable legal requirements in the location where information is collected;
- Collect and use the minimum amount of information necessary to achieve legitimate business purposes;
- Share information only with individuals who have a legitimate need for it and will protect it properly;
- Follow Change Healthcare policies and guidelines for storing, handling, and destroying such information; and
- Immediately report any inappropriate disclosure of such information to ChangeHealthcareEthicsLine.com.
How We Protect Information
We earn the trust of our team members and the companies with which we do business by following our privacy, security, and data and information protection policies. Our secure handling procedures for processing, storing, transmitting, and destroying information are based on security classification levels. Access to secure information is limited and depends upon a team member’s job function. We also regularly monitor our systems to be sure that information is accessed and used for appropriate, authorized activities, to discover any new threats, and to look for ways to improve.
We monitor and control all electronic and computing devices used to conduct Company business or to interact with our internal networks and systems. As allowed by applicable legal requirements, the Company may inspect or monitor all messages, files, data, software, or other information stored on these devices, or transmitted over our internal networks and systems to ensure we comply with Company policies.
We Report Incidents
An incident is any situation where non-Public information may be lost, stolen, accessed, hacked, compromised or improperly handled. An incident may involve PI, PHI, or other non-Public business information, or an attempt to gain unauthorized access to our systems or data. You must report through ChangeHealthcareEthicsLine.com any known or suspected incident involving Change Healthcare’s or any of its team member’s non-Public information, or non-Public information belonging to a customer, business partner, contractor, consultant, supplier or vendor information.
The Integrity of Change - Our Code of Conduct
1-866-206-1106 or