ePASS® Privacy Policy

Inovalon is committed to protecting your privacy and protecting your Personal Information. This Privacy Policy sets forth the online data collection and usage policies and practices that apply to information about you, the user, that Inovalon collects via the ePASS® portal. It does not necessarily apply to information collected by Inovalon in any other fashion.

This Privacy Policy also does not apply to any protected health information (“PHI”) disclosed to or by you. Inovalon’s privacy and security obligations related to PHI disclosed on the ePASS® portal are governed by the Health Insurance Portability and Accountability Act of 1996, amending statutes, and enabling regulations (collectively, the “HIPAA Rules”), as well as the HIPAA business associate agreements we sign with the health plans on whose behalf PHI is uploaded into the ePASS® portal.

Nonetheless, whether in regard to PHI or users’ Personal Information, Inovalon employs industry-leading privacy and security standards related to the protection of information maintained and transmitted through the ePASS® portal, and has established rigorous safeguards and controls in accordance with legal and regulatory requirements.

By using the ePASS® portal or submitting information via the portal, you acknowledge and agree to the terms of this Privacy Policy.

Information Security

Inovalon maintains appropriate physical, electronic and administrative security standards and procedures to safeguard its data and systems. Moreover, all employees are trained in Inovalon’s privacy and security policies and are required to comply with them as a condition of employment. Employees are permitted to access and use only that personal and proprietary information necessary to perform their duties. We have made information security and data privacy foundational principles of our business operations.

Any highly confidential information (such as a username and/or password) transmitted over the Internet will be encrypted. Further, Inovalon’s security professionals periodically monitor and test Inovalon’s web interface and implement technology updates in an effort to block unauthorized intrusion.

Notice of Collection of Personal Information

We may collect the following categories of personal information about our users:

    • Identifiers: identifiers such as first name, last name, NPI, registration code (sent to the user with their Provider Welcome Packet), email address, password, security question, and security answer
    • Online Activity: Internet and other electronic network activity information related to use of the ePASS® portal
    • Cookies: Inovalon’s website may deposit a small file called a “cookie” on a user’s computer hard drive to personalize their experience or track aggregate site visitation statistics

Uses of Personal Information

Inovalon uses the information gathered on Inovalon’s website, whether personal, demographic, collective or technical, for the purpose of operating and improving the site, fostering a positive user experience, and delivering Inovalon’s products and services. In addition, Personal Information may be used for detecting security incidents, protecting against malicious, deceptive, fraudulent, or illegal activity, and prosecuting those responsible for that activity, debugging to identify and repair errors that impair existing intended functionality, and undertaking internal research for technological development and demonstration.

No Information From Children

Our Services are designed for adults, not children. As such, we do not intend to collect Personal Information from children under the age of 16, and our Services are not designed for such information. If you are under the age of 16, you are not permitted to use this website.

Disclosures for California Residents

The California Consumer Privacy Act of 2018 (“CCPA”) provides California residents (consumers) with specific rights regarding their Personal Information. This disclosure sets forth our privacy practices as required by the CCPA in those limited circumstances where we collect personal information that is not governed by the Health Insurance Portability and Accountability Act (“HIPAA”). This section describes your CCPA rights and explains how to exercise those rights as follows.

    • The right to request that we disclose what personal information (as that term is defined in the CCPA) we collect, use, disclose, and sell.
    • The right to request the deletion of personal information that we hold about you. Your request to delete your personal information may be denied if it is necessary for us to retain your information under one or more of the exceptions listed in the CCPA.
    • The right to request access to the personal information that we have collected and maintained about you (along with information regarding its use and disclosure) over the past twelve (12) months upon appropriate verification. You may only make such requests twice (2) per every twelve (12) months.
    • The right to opt-out of the sale of your personal information.
    • The right not to be discriminated against for exercising any of your California privacy rights.

Only you, or a person that you authorize to act on your behalf, may make a request related to your personal information. In the case of access and deletion, your request must be verifiable before we can fulfill such request. We cannot respond to your request or provide you with personal information if we cannot verify your identity or authority.

We do not and will not discriminate against you in the event you decide to exercise your rights under the CCPA. For example, we will not withhold products or services from you, prohibit you from using the website, charge you a higher price or provide you a lower level of service if you make a request related to your personal information.

We do not charge a fee to process or respond to your verifiable consumer request unless it is excessive, repetitive, or manifestly unfounded. If we determine that the request warrants a fee, we will tell you why we made that decision and provide you with a cost estimate before completing your request.

If you are a California resident and would like to exercise your rights under CCPA, please contact us via email at privacy@inovalon.com with the subject line, “CCPA Policy”.


Inovalon may amend this policy from time to time, and therefore encourages you to review it periodically. Your continued use of the ePASS® portal after modifications are posted constitutes your consent to such modifications.

Contact Information

If you have any questions about this policy, the practices of Inovalon, or your dealings with this site, please contact Inovalon at the below address:

4321 Collington Road
Bowie, MD 20716

This privacy policy was last updated on June 13, 2022.