Employee Health Benefits and Data Privacy

As outlined in the Board of Regents Employee Health Benefits policy, the University is committed to offering high-quality, comprehensive, and cost-effective health care to employees and encourages the use of these programs. The University is also committed to consulting with covered employee groups regarding the design, implementation, and evaluation of health benefits.

The Board of Regents specifies that employee health benefits shall be administered in a manner that complies with all applicable federal and state regulations, including the maintenance of privacy and data confidentiality of protected health information.

University Policies

Employee Privacy and Data Sharing During Health Benefit Vendor Selection

When selecting employee health benefit vendors, each potential vendor goes through an extensive request for proposal (RFP) process. Each potential vendor’s data privacy and compliance-related responses to the RFP are reviewed and scored by the University’s Health Information Privacy & Compliance Office. Vendors with unsatisfactory responses related to data privacy are eliminated from further consideration. Once selected, the vendor must sign the HIPAA Business Associate Agreement prior to implementation.

Health Benefit Vendor Privacy Information

Generally, the University receives data from vendors that is anonymized and aggregated to report across an entire population. When the University reviews reporting, this data is a summary of hundreds or thousands of data points and cannot be used to identify any individual person.

The University’s health benefit vendor privacy policies and information regarding your data privacy are listed below. You may also receive notices from your health care providers, health care insurance companies, claims administrators, and others explaining their own policies.

Expand all

Benefit Resource

This page informs you of policies regarding the collection, use and disclosure of personal information received from users of services:

Delta Dental

Please read this notice carefully to understand how Delta Dental uses your information:

Fairview Specialty Pharmacy

Fairview Specialty Pharmacy understands that medical information about you is personal and private. They keep a record of the care and services you receive in order to provide you with quality care and to meet legal requirements.

HSA Bank

Any personal information collected in the course of daily business, and required by federal law to obtain, verify and record, is treated responsibly and kept secure.


Medica respects your privacy and has policies and procedures in place to protect the privacy of your personal health information. Only staff members who have a need to handle your personal health information do so. Medica’s privacy policy limits oral discussion of personal health information to staff with a need to know to process claims or provide other services that you need. Staff members do not discuss your personal health information in public places, such as on an elevator, in the cafeteria, or other open spaces.

If you would like more information about Medica’s policies and procedures for disclosure of personal health information and how it is used in making coverage decisions, please contact Customer Service at the number on the back of your Medica ID card.


Lyra is a confidential benefit. When an employee or dependent uses Lyra, it is not shared with the University without the individual’s permission, except as required by law and within HIPAA guidelines.


Some of Optum’s products and services are regulated by certain laws, including the Health Insurance Portability and Accountability Act (“HIPAA”) and the Gramm-Leach-Bliley Act.

Prime Therapeutics

Prime Therapeutics LLC and all of its operating units and subsidiaries understands that the privacy of your personal information is important to you. This policy describes how Prime collects, uses, and discloses your personal information:

Virgin Pulse

The Virgin Pulse Program is a voluntary wellness program which may include health screenings, health assessments, coaching and other clinical services. The program is administered according to federal rules permitting employer-sponsored wellness programs that seek to improve employee health or prevent disease, including the Americans with Disabilities Act of 1990 (the “ADA”), the Genetic Information Nondiscrimination Act of 2008 (“GINA”), and the Health Insurance Portability and Accountability Act (“HIPAA”) as applicable, among others.

Virgin Pulse has also maintained a HITRUST Common Security Framework (CSF) Certification, the most comprehensive security framework currently available.


WEX and its affiliates take its data protection responsibilities seriously. This privacy notice explains how they collect, use and share personal information about you, and how you can exercise your privacy rights.