Privacy

PRIVACY POLICY STATEMENT 


Effective Date: April 15, 2026

Last Reviewed: April 15, 2026 


Table of Contents

1. Introduction 
2. Data Protection & Privacy Contact 
3. How We Collect and Use Your Information 
4. Cookies and Tracking Technologies 
5. Sharing Personal Information 
6. Data Storage, Security, and Retention 
7. Notice of Data Breach 
8. Your Rights and Choices 
9. Children’s Privacy 
10. Changes to This Notice 
11. Contact Us 

1. Introduction 
At the North Dakota Pharmacy Service Corporation (NDPSC) and affiliates, we value your privacy and are committed to protecting your information in compliance with all applicable privacy and data protection laws. This policy describes the personal information we collect or process when you use our products (including Starfield), services, or websites, and how we protect it. 

2. Data Protection & Privacy Contact 
NDPSC has appointed a primary contact to oversee privacy inquiries and the exercise of data rights. 
• Name: Michael Schwab 
• Title: Executive VP, NDPSC 
• Address: 1641 Capitol Way, Bismarck, ND 58501 
• Email: mschwab@nodakpharmacy.net  


3. How We Collect and Use Your Information 
We collect and process information to establish and maintain a relationship with you, provide technical support, and operate our business . 
• Account & Profile Information: Includes name, contact details, employment information, and health information associated with your account. 
• Use & Health Data: Information generated from your use of Starfield, including clinical data and health information you designate to be shared. 
• Site & Communication Information: Metadata and content from your interactions with our website or support teams . 
• Third-Party Information: Data provided by authorized third-party integrations or services you have approved. 


4. Cookies and Tracking Technologies 
To improve our services and recognize you across devices, we use cookies, web beacons, and pixels. 
• Strictly Necessary Cookies: Required for core functionality, such as remembering your progress through a task or securing your login. 
• Performance & Functional Cookies: Used to remember user preferences and enhance the user experience. 
• Analytics: We may use third-party services like Google Analytics to report on trends and usage. 
• Control: You can decline cookies through your browser settings, though some product 
functionality may be limited as a result. 


5. Sharing Personal Information 
We do not sell personal information. We only share data with third parties to facilitate our services or as required by law . 
• Sub-processors: We use service providers (e.g., AWS) to perform functions on our behalf. These parties are restricted from using your data for any independent purpose . A list of our third-party sub-processors is available at https://starfield.health. 
• Designated Recipients: Entities or healthcare providers you explicitly instruct us to share your data with. 
• Legal Requirements: We may disclose information to comply with a court order, law enforcement request, or to protect our legal rights. 


6. Data Storage, Security, and Retention 
• Storage Location: All personal and health information is stored on secure cloud-based servers located in the United States. 
• Security Measures: We use administrative, organizational, and technical safeguards, including encryption for data in transit, to prevent unauthorized access . 
• Retention: We retain data for the duration of our contractual relationship or as required by law for legal claims and business administration. 


7. Notice of Data Breach 
In the event of a security breach that affects your protected health or personal information, we will notify you in accordance with our legal requirements and organizational duties. Notification will typically be sent via the email address associated with your account or through a formal notice on our website. 


8. Your Rights and Choices 
As a user, you have certain rights regarding your health and personal information. 
• Access & Correction: You may request a copy of your health records or ask us to correct 
incomplete or inaccurate information. 
• U.S. State-Specific Rights: Depending on your state of residence, you may have additional rights regarding your personal information, such as the right to opt-out of the "sharing" of your data or request deletion. NDPSC does not sell your personal information. 
• Confidential Communications: You can request that we communicate with you via specific methods. 
• Limits on Use: You may ask us to limit the health information we share, though we may not be required to honor requests that affect your care. 


9. Children’s Privacy 
Our services are not directed at children under the age of 13. We do not knowingly collect personal information from individuals under 13 without verified parental or guardian consent. 


10. Changes to This Notice 
We reserve the right to change this policy at any time. Significant updates will be posted to https://starfield.health and will be available upon request. We will notify registered account holders of material changes via email or through the Starfield application at least 30 days prior to the changes taking effect. 

11. Contact Us 
For questions, complaints, or to exercise your privacy rights, please contact our primary contact or use the details below: 


North Dakota Pharmacy Service Corporation 1641 Capitol Way, Bismarck, ND 58501 701-258-4922 
mschwab@nodakpharmacy.net