Biometric Data Policy
Purpose and Scope
HealthEquity (“HealthEquity”) may use Biometric Data (as defined below). To the extent that HealthEquity collects Biometric Data, this Biometric Data Policy (the “Policy”) sets forth HealthEquity’s policy for the collection, use, safeguarding, storage, retention and destruction of Biometric Data.
Definitions
Biometric Identifier means a retina or iris scan, fingerprint, voiceprint, or scan of hand or face geometry. Biometric identifiers do not include writing samples, written signatures, photographs, human biological samples used for valid scientific testing or screening, demographic data, tattoo descriptions, or physical descriptions such as height, weight, hair color, or eye color. Biometric identifiers do not include information captured from a patient in a health care setting or information collected, used, or stored for health care treatment, payment, or operations under the federal Health Insurance Portability and Accountability Act of 1996. Biometric identifiers do not include an X-ray, roentgen process, computed tomography, MRI, PET scan, mammography, or other image or film of the human anatomy used to diagnose, prognose, or treat an illness or other medical condition or to further validate scientific testing or screening.
Biometric Information means any information, regardless of how it is captured, converted, stored, or shared, based on an individual’s Biometric Identifier used to identify any individual. Biometric Information does not include information derived from items or procedures excluded under the definition of Biometric Identifiers.
Biometric Data means both or either of Biometric Identifier or Biometric Information.
Purpose for Collection of Biometric Data
HealthEquity or one of its service providers may collect, possess, store, and/or use individual’s Biometric Data solely for fraud prevention and identity verification.
Authorization
HealthEquity will:
- Inform each individual in writing that HealthEquity and/or its service providers may be collecting, processing, storing or using the individual’s Biometric Data;
- Inform each individual in writing of the specific the purpose, circumstances and manner of such collection, processing, storage or usage, including the length of time of storage, if applicable;
- Inform each individual in writing of the manner in which the individual may opt out of the collection, processing, storage or usage of their Biometric Data; and
- If the individual consents to the collection, processing, storage or usage of their Biometric Data, receive a written release signed by the individual authorizing HealthEquity and its service providers to collect, store and use Biometric Data for the specific reasons set forth in the written release.
Disclosure
HealthEquity will not disclose, re-disclose or otherwise disseminate any Biometric Data unless:
- The individual consents to the disclosure or dissemination;
- Disclosure or re-disclosure completes a financial transaction requested or authorized by the individual or contractor;
- Disclosure or re-disclosure is required by state or federal law or municipal ordinance; or
- Disclosure is required pursuant to a valid warrant or subpoena issued by a court of competent jurisdiction.
HealthEquity will not knowingly sell, lease, trade, or otherwise profit from an individual’s Biometric Data.
Retention Schedule
HealthEquity will retain Biometric Data, if it is retained at all, until the first of the following options occurs:
- The initial purpose for collecting or obtaining the Biometric Data has been satisfied, such as the termination of the individual’s employment with HealthEquity or HealthEquity is no longer using Biometric Data for the purposes described above; or
- Within one year of the individuals’ last interaction with HealthEquity.
Data Storage
To the extent HealthEquity collects, stores and retains Biometric Data, it shall maintain reasonable physical, administrative and technical safeguards to store, transmit, and protect from disclosure of any such Biometric Data collected, stored or retained. Such storage, transmission, and protection from disclosure shall be performed in a manner that is the same or more protective than the manner HealthEquity transmits, stores, and protect from disclosure other confidential and sensitive information, including personal information that can be used to uniquely identify an individual or an individual’s account or property.
Contact Information Below
If you have any questions or comments about this Notice or our other privacy notices, the ways in which we collect and use information, or choices and rights regarding personal information, please contact us at:
Toll-Free Phone: 1-866-629-6347
Phone: 1-801-727-1000
Email: Privacy@healthequity.com
Mail: HealthEquity, Inc.
Attn: Privacy Officer
PO Box 14374
Lexington, KY 40512
Effective Date
Last updated July 2025.
Let's HSA!
First, tell us who you are:
COBRA/Direct Bill Employer login
Please refer to your Client Welcome email for the URL of your specific COBRA/Direct Bill Employer login page.
Individual Help
About
Follow us
Connecting Health and Wealth
Legal Notices | Privacy | Fraud | Do Not Sell | Accessibility | Community Guidelines
Language Assistance/Non-Discrimination Notice
Asistencia de Idiomas/Aviso de no Discriminación
語言協助 / 不歧視通知
Follow us