Washington Consumer Health Data Privacy Policy

Last Updated: March 2024

Roche Diabetes Care, Inc. (“Roche,” “we,” “our,” or “us”) values your privacy and the protection of your Personal Data. This policy supplements Roche’s Privacy Notice and applies to the collection of “consumer health data” subject to the Washington State My Health My Data Act (the “MHMDA”).

In this policy, we use the term “consumer” as it is defined in the MHMDA. Consistent with the MHMDA, we use the term “consumer health data” in this policy to mean personal information that is linked to, or reasonably linkable to, a consumer and that identifies the consumer’s past, present, or future physical or mental health status. 

This policy does not apply to any other Personal Data we collect.

 

Collection, Sources, Uses, and Sharing of Consumer Health Data:

We may collect, use, and share the following categories of consumer health data (as further described below):

  • Individual health conditions, treatment, diseases, or diagnosis;
  • Social, psychological, behavioral, and medical interventions;
  • Health-related surgeries or procedures;
  • Use or purchase of prescribed medication;
  • Bodily functions, vital signs, symptoms, or measurements of the information described in this subsection; 
  • Diagnoses or diagnostic testing, treatment, or medication;
  • Genetic data;
  • Data that identifies a consumer seeking health care services; and
  • Any information that we, or one of our processors, processes to associate or identify a consumer with the data described above that is derived or extrapolated from non-health information (such as proxy, derivative, inferred, or emergent data by any means, including algorithms or machine learning).

The types of consumer health data we collect and disclose depends on your relationship with Roche. Not all of the consumer health data listed in the following charts may apply to you. If the nature of your relationship with Roche changes, additional categories of consumer health data may also apply.

Users of Online Services, Visitors to Our Websites and Physical Locations, and Senders of Inquiries

We may process your consumer health data when you: (1) visit our websites and our physical locations; (2) submit inquiries to us both online (e.g., via email) or offline (e.g., by written letters); (3) sign up for our newsletters or other informational or marketing materials; and/or (4) register for, visit, or use our online Products and Services.
Examples of consumer health data collected, used, and shared
  • areas of interest in medical research
  • user activity
Sources of consumer health data
  • you directly
  • automatically, such as by call center recordings
  • those authorized to provide on your behalf such as your caregiver or authorized representative
  • your devices
  • third parties that provide access to information you make publicly available, such as social media
  • companies conducting non-clinical research such as market research companies
We may use consumer health data for the following purposes
  • to enroll you in our programs and provide you with our Products and Services
  • to administer our relationship with your organization
  • to send you updates
  • to customize content for you
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for marketing, internal research, and development
  • for quality assurance and to assist in training and development of our representatives
  • to improve our Online Services
  • advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
  • to comply with legal and regulatory obligations
We may share consumer health data with the following entities
  • Roche, our affiliates, and related companies
  • third parties who assist with fraud prevention, detection and mitigation
  • third parties who assist with our information technology and security programs and our loss prevention programs
  • partners that assist us in providing the Products and Services or help us improve our marketing or administration
  • Roche’s lawyers, auditors and consultants

Patients Applying to or Enrolled In Patient Support Programs

We may process your consumer health data when you are applying to or enrolled in patient support programs.
Examples of consumer health data collected, used, and shared
  • genetic information
  • identification of pathologies/diseases
  • areas of interest in medical research
  • treatment dates
  • medical history and treatment information
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)
  • X-rays, magnetic resonance imaging, and medical scans
  • user activity
  • therapy completion and use details
  • drug allergies
  • prescriptions and dosing
  • health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
  • health insurance company
  • insurance account number
  • information on payment for health care services
Sources of consumer health data
  • you directly
  • your Healthcare Provider
  • your devices
  • our business partners and other third parties
  • those authorized to provide on your behalf such as your caregiver or authorized representative
We may use consumer health data for the following purposes
  • to enroll you in our programs and provide you with our Services
  • to administer our relationship with you
  • to send you updates
  • to improve our Services
  • for short-term, transient use
  • for administrative purposes
  • for quality assurance
  • for marketing, internal research, and development
  • to determine and verify program, product, and service eligibility and coverage
  • to procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations
  • advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
  • to comply with legal and regulatory obligations
We may share consumer health data with the following entities
  • Roche, our affiliates, and related companies
  • Healthcare Providers
  • partners that assist us in providing the Services or help us improve our marketing or administration
  • third parties who assist with fraud prevention, detection and mitigation
  • third parties who assist with our information technology and security programs
  • Roche’s lawyers, auditors, and consultants
  • authorized legal representatives, family members, and caregivers

Patients and Users of Medical Products

We may process your consumer health data when you are the existing or prospective patient of a Healthcare Provider who is a Roche customer and/or when you receive or use Roche medical products (including, where applicable, mobile apps).
Examples of consumer health data collected, used, and shared
  • genetic information
  • blood and tissue samples
  • identification of pathologies/diseases
  • areas of interest in medical research
  • treatment dates
  • medical history and treatment information
  • patient-reported outcome measures (e.g., responses to questionnaires and surveys)
  • X-rays, magnetic resonance imaging, and medical scans
  • user activity
  • therapy completion and use details
  • communications with your Healthcare Provider, including audio and/or video from telehealth sessions
  • drug allergies
  • prescriptions and dosing
  • health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
  • health insurance company
  • insurance account number
  • information on payment for health care services
Sources of consumer health data
  • you directly
  • your Healthcare Provider
  • your devices
  • our business partners and other third parties
  • those authorized to provide on your behalf such as your caregiver or authorized representative
We may use consumer health data for the following purposes
  • to enroll you in our programs and provide you with our Products and Services
  • to administer our relationship with you
  • to send you updates
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for quality assurance
  • for marketing, internal research, and development
  • to determine and verify program, product, and service eligibility and coverage
  • to procure vendor/supplier products and services, including to manage and satisfy related vendor/supplier contractual obligations
  • advertising and product promotion, including to contact you regarding programs, products, services, and topics that may be of interest or useful
  • to comply with legal and regulatory obligations
We may share consumer health data with the following entities
  • Roche, our affiliates, and related companies
  • Healthcare Providers
  • partners that assist us in providing the Products and Services or help us improve our marketing or administration
  • third parties who assist with fraud prevention, detection and mitigation
  • third parties who assist with our information technology and security programs
  • Roche’s lawyers, auditors, and consultants
  • authorized legal representatives, family members, and caregivers

Clinical Study Candidates

Clinical Study Candidates: We may process your consumer health data when you express interest in or have been identified as a potential candidate for clinical studies sponsored by us or conducted by us on behalf of a third party.

If you are a participant in a clinical study, clinical trial, or other health-related research, you should receive a separate privacy notice regarding the Personal Data we process for those purposes. That privacy notice—and not this Notice— governs our processing of such Personal Data.

Examples of consumer health data collected, used, and shared
  • identification of pathologies/diseases
  • areas of interest in medical research
  • treatment dates
  • medical history and treatment information
  • user activity
  • therapy completion and use details
  • drug allergies
  • prescriptions and dosing
  • health values and sensor readings data, such as steps taken, blood glucose levels, heart rate, and blood pressure
Sources of consumer health data
  • you directly
  • your Healthcare Provider
  • your devices
  • our business partners and other third parties
  • your friends or family
  • those authorized to provide on your behalf such as your caregiver or authorized representative
We may use consumer health data for the following purposes
  • to administer our relationship with you
  • to send you updates
  • to determine your eligibility in one or more clinical studies
  • to improve our Products and Services
  • for short-term, transient use
  • for administrative purposes
  • for quality assurance
  • to comply with legal and regulatory obligations
We may share consumer health data with the following entities
  • Roche, our affiliates, and related companies
  • our customers
  • Healthcare Providers
  • clinical investigators and/or members of investigator teams
  • Roche’s lawyers, auditors, and consultants
  • third parties who assist with fraud prevention, detection and mitigation
  • third parties who assist with our information technology and security programs
  • authorized legal representatives, family members, and caregivers
  • partners that assist us in providing the Products and Services or help us improve our marketing or administration

Exercising your rights

Subject to certain legal limitations and exceptions, you have the following rights with respect to any consumer health data we may collect about you:

  • The right to confirm whether we are collecting, sharing, or selling your consumer health data and to access such data, including a list of all third parties and affiliates with whom we have shared or sold the consumer health data and an active email address or other online mechanism that you may use to contact these third parties;
  • The right to withdraw consent from our collection and sharing of your consumer health data; and
  • The right to have your consumer health data deleted.

To exercise these rights, please utilize this form, also accessible in the footer of our website through the “Your Privacy Choices” button or by calling us at 800-975-7105 (toll free).

We cannot respond to your request or provide you with consumer health data if we cannot verify your identity or authority to make the request and confirm that the consumer health data relates to you. We will only use consumer health data collected in connection with a verifiable consumer request to verify the requestor's identity or authority to make the request.

We endeavor to respond to a consumer request within forty-five (45) days of its receipt. If we require more time (up to 45 additional days), we will inform you of the reason and extension period in writing.

If your request to exercise a right under the MHMDA is denied, you may appeal that decision by contacting the Roche Privacy Office at [email protected]. If your appeal is unsuccessful, you can file a complaint with the Washington State Attorney General at www.atg.wa.gov/file-complaint.