Privacy statement

Main Content

Pennsylvania Community HealthChoices privacy statement

Last updated: September 12, 2022

Maximus commitment to privacy

Thank you for visiting the Community HealthChoices website (“Site”). Maximus operates this Site for the Pennsylvania Department of Human Services (“DHS”). This Site is found at www.enrollchc.com. It is designed to make it easier for you to find information and interact with Community HealthChoices online. This privacy statement governs your use of the Site. Please read it before you access and use the Site.

Privacy is a top priority at Maximus. We are committed to keeping your information secure and confidential. Maximus respects your privacy. This privacy statement shows our commitment to you.

This privacy statement applies to:

  • Information we collect about you
  • How we use the information we collect
  • Choices you have about how we collect and use your information

This privacy statement does not apply to:

  • Privacy practices for activities done outside your use of this Site
  • Websites other than this Site
  • Applications other than this application
  • Products and services not available or enabled through the Site

Click these links or scroll down to read other sections of this privacy statement:

Information we collect <top of page>

You can use most of the Site without registering or giving personal information. To use some Site features such as checking the status of your case, identifying helpful long-term services and supports, or asking for application information, you may be asked to give or verify personal information. Maximus does not collect any personal information about you through this Site unless you agree to give it.

When you enroll in a health plan or check the status of your case using this Site, you are agreeing to give your personal information. We identify the data we need to give you the services or information you ask for. These are some things Maximus may ask you to give or verify (this is not a complete list):

  • First and last name
  • Mailing address, including ZIP or Postal Code
  • County of residence
  • Home phone number
  • Cell phone number
  • Email address
  • Date of birth
  • Case number

Maximus uses the data you voluntarily give, including personal information, to operate the Community HealthChoices program. We also use it to provide goods, services, and information.

Maximus has policies to protect the confidentiality of personal information that we get as we do business. Our privacy policies have standards to guard confidentiality, prohibit unlawful disclosure, and limit access to personal information such as Social Security numbers and Medicaid ID numbers. We use physical, technical, and administrative safeguards to protect personal information.

How we use and share the information we collect <top of page>

The Health Insurance Portability and Accountability Act (HIPAA) (Public Law 104-191) governs how we collect and disclose information we collect through the Site. Learn more about Health Information Privacy at HHS.gov.

When you give Maximus personal information, whether we ask for it or not, you consent to let Maximus collect and share the information with DHS for the reasons you gave the information.

Except as stated below or as otherwise authorized by law, Maximus will only collect or disclose personal information through this Site if you agree to let us collect or disclose that personal information. Maximus may collect or disclose personal information without your agreement when we need to:

  • Perform our statutory duties as authorized by law or by state or federal statute or regulation
  • Comply with valid legal processes such as a search warrant, subpoena, or court order

Maximus may also disclose personal information to federal or state law enforcement authorities to enforce our rights against unauthorized access or attempted unauthorized access to Maximus information technology assets.

Maximus may disclose personal information to our agents, affiliates, and subcontractors so they can perform certain functions relating to your transaction.

Maximus does not share your personal information with unaffiliated third parties. We may use your information to improve the Site’s content, navigation, and efficiency.

To make our Site better for you, we may use and share with others aggregated or anonymous (not personally identifiable) information that we collect from usage data, surveys, or statistical information we gather about our users.

Website time out <top of page>

For security, your URL online session is set up to end after 30 minutes of user inactivity. You will get a session timeout warning after 28.5 minutes of inactivity. This lets you continue your session or log out. If you do not select either, your session will end after 30 minutes of inactivity.

Information we keep <top of page>

Maximus keeps the information we collect through this Site, including personal information you send, as required by our contract with DHS. To learn more about the rules for keeping your information, mail your questions to the contact address below.  

Pennsylvania law <top of page>

Generally, we do not disclose any personally identifiable information collected online except where you gave us permission or it is public information under the Pennsylvania Right to Know Law (65 P.S. § 67.101, et seq.) or other laws that apply. Information Maximus collects on the Site may be publicly disclosed if it is a public record. It may be examined and inspected if it is not otherwise protected.

Website privacy statement <top of page>

When you visit the Site, our web server automatically collects and logs web usage data on behalf of DHS to tell us how visitors use and navigate the Site. The data includes:

  • Your Internet Protocol (IP) address
  • Referring sites
  • Pages viewed
  • Browser type
  • Operating system
  • CPU speed
  • Referring or exit web pages
  • Length of visit  

Cookies, “Do Not Track” signals, and Adobe Analytics <top of page>

Like most websites, we use "cookies," "web beacons," and similar devices. They help you use the Site more efficiently. They also track your activities.

  • A cookie is a small bit of data a web server sends to your browser.  Only the server that gave it to you can read it. It is your ID card for the Site. It lets Maximus record your activities and preferences. It cannot be used as code or send viruses.
  • A web beacon is a small transparent gif image. It is embedded in an HTML page or email. It tracks when the page or email was viewed.

Maximus uses cookies and similar devices to track your use of the Site, products and services you view, and information you download. We count the number of visitors per day. Our web servers log your computer’s IP/Internet address. Maximus does not allow the use of persistent (saved) cookies.

The Site uses Adobe Analytics. Adobe Analytics does not identify individual users. It does not link your IP address with any other data Adobe Analytics holds. Adobe Analytics reports help us understand Site traffic and webpage usage. To learn more, read the Adobe Privacy Policy.

Opt-out of cookies and Adobe Analytics <top of page>

If you do not want your browser to accept cookies, you can change the cookie option in your browser settings. Some Site features or services may not work or be accessible without cookies. To learn more about Adobe Analytics tracking cookies, read the Adobe Cookies Policy. To learn about opting out, read Adobe Privacy Choices.

Do Not Track” <top of page>

"Do Not Track" is a preference you can set in your web browser. It tells websites you visit that you do not want them to collect information about you. The Site does not respond to "Do Not Track" or such signals.

Security <top of page>

Maximus is strongly committed to protecting personal information collected through this Site. We protect against unauthorized access, use, or disclosure. Maximus limits employee access to personal information collected through this Site. Only those employees who need to access the Site to perform their official duties can access it. All employees follow rules for disclosing personal information.

Maximus uses technical security measures and procedures to protect the personal information we collect through the Site. We protect it from getting lost, misused, changed, or destroyed. We have Information Security and Privacy policies to protect data. We give our employees regular training on information security and privacy. Because the Internet is open and unsecured, Maximus cannot be responsible for the security of personal information sent over the Internet. We have a formal incident response plan in case of a data breach.

To protect your communications through the Site, we authenticate, monitor, audit, and encrypt activity. You can tell if a site is secure by looking at the location (URL) field. The content comes from a secure server if the URL starts with https:// instead of http://. This means unauthorized persons cannot read or decipher your personally identifiable information. This is part of our commitment to protect your information. Despite our efforts, no security measures are completely secure.

Children <top of page>

Maximus is committed to complying fully with the Children's Online Privacy Protection Act. We do not direct this site to children. We do not knowingly collect personal information from children. We work with parents and guardians to delete from our records any personal information a child may have disclosed improperly on the Site. Maximus appreciates your cooperation with this federally mandated requirement.

Reviewing and correcting your information <top of page>

We try to keep your information correct and up to date. To change or update any personal information in our program, write to Maximus at the address below. Give us as much detail as you can. To correct personal information you gave for the federal, state, or local governments we work with, contact that program’s customer service department. Read the section below on “How to contact us.”

Information disclaimer <top of page>

Information on this Site is meant to give the public immediate access to public information. While we try to give accurate, current, and reliable information, Maximus understands that human and mechanical errors happen. Maximus and our employees, officers, and agents do not represent that information on this Site is accurate, complete, up to date, or suitable.

Changes to this privacy statement <top of page>

We update this privacy statement. When we do, we change the "Last updated" date at the top of the privacy statement. Check the Site for our latest privacy statement. When you use the Site after we change the “Last updated” date, it means you accept the changes.

How to contact us <top of page>

If you have questions or concerns about your information, contact us by:


Maximus: PA IEB
P.O. Box 61077
Harrisburg, PA 17106

Do not include personal information in your email. The connection may not be secure.

If you have questions or concerns about this privacy statement, contact us by:


Maximus Privacy Official Office
1600 Tysons Boulevard, Suite 1400
McLean, VA 22102