Privacy, Compliance, Terms of Use, and Regulatory Policies

Click below to review:

Evolent Health LLC (which is referred to in this Privacy Policy as the “Evolent”, “us,” “we” or “our”) recognizes that the privacy of your personal information is important. This Privacy Policy is intended to inform you, a visitor to the Evolent website, of our policies and practices regarding the collection, use, and disclosure of any Personal Information (defined below) the Evolent website collects or receives. This policy does not apply to information collected through other means (e.g., telephone, postal mail). Evolent will not use Personal Information provided through your use of our website except as set forth in this Privacy Policy.

COLLECTION OF INFORMATION

Personal Information. “Personal Information” is information that identifies you and may include your name, address, email address, telephone or fax number, company name, IP address, any content you post in your resume or CV, and any other information you may provide to us that identifies you.

Sources of Personal Information. We collect and may use Personal Information that you provide on the Evolent website and may combine such Personal Information to information we have already collected from you from other offline sources (e.g., telephone, fax, postal mail) in order to provide you with Evolent products and services and to improve the products and services we provide.

Information Collected Automatically. When you visit the Evolent website, we automatically collect and analyze certain information about your computer. This information includes, but may not be limited to, the IP address used to connect your computer to the Internet, information about your browser type and language, the date and time you are accessing the website, the content of any undeleted cookies that your browser previously accepted from us, and the referring website address.

Cookies and other Technologies. We use various technologies to collect information about your and your organization’s activities on the Evolent website.

Cookies. When you visit the Evolent website, we may assign your computer one or more “cookies.” A cookie is a small text file that contains information that can later be read by us to facilitate your access to the site and personalize your online experience Through the use of a cookie, we may automatically collect information about your online activity on the Evolent website, such as the web pages you visit, the links you click, and the searches you conduct. Most browsers automatically accept cookies, but you can usually modify your browser setting to decline cookies by visiting the Help portion of your browser’s toolbar. If you choose to decline cookies, please note that you may not be able to sign in or use some of the interactive features offered on the Evolent website.
Other technologies. We may use standard Internet technology, such as web beacons (also called clear GIFs or pixel tags) and other similar technologies, to deliver or communicate with cookies and track your use of the Evolent website. We also may include web beacons in e-mail messages or newsletters to determine whether messages have been opened and acted upon. The information we obtain in this manner enables us to customize the services we offer and measure the overall effectiveness of our online content, advertising campaigns, and the products and services offered through the site.

Information Collected by Third Parties.Third parties, such as vendors, advertising entities, and business partners, may use cookies and other technologies (such as web beacons) to collect information about your online activities. The purposes for collecting this information includes: to measure usage of Evolent websites; to analyze, modify, and personalize advertising content on Evolent websites; and to provide ads about goods and services we hope will be of interest to you. We do not have access to or control over cookies or other features these third parties may use, and the information practices of these third parties are not covered by this Privacy Policy. Some of these third parties may be third-party network advertisers that offer you the option of not having this information collected. For more information about these some of these third parties, you may wish to visit http://www.networkadvertising.org.

USE AND DISCLOSURE OF PERSONAL INFORMATION

Uses by Evolent. We use the Personal Information collected through the Evolent website for statistical and analytical purposes, for improving the website, and for marketing purposes. Specifically, we use this information to provide you Evolent services and products, send you further information regarding Evolent, and to better collect information that allows us to analyze and improve the features and performance of our website and our other products and services. Unless you affirmatively elect not to receive (“opt out”) communications from us, Personal Information we collect from you may be used to respond to inquiries you submit to us; facilitate your access to Evolent resources and materials; send you general informative announcements, electronic newsletters, and marketing-related emails about us or our products; and aid us in serving you better. At the bottom of every newsletter or general informative email we send you, you will be given the opportunity to opt out or unsubscribe from future email communications.

Disclosure. We may share your Personal Information with third parties who perform functions or services on our behalf as outlined in this Privacy Policy and as otherwise permitted by law. In the event we share Personal Information with third parties, we take reasonable measures to ensure such parties observe the relevant portions of the Privacy Policy, restrict the use and retention of the information to the purposes and timeframe of such outsourcing, and take other measures to require the observance of the relevant portions of the Privacy Policy.

We may also share aggregate or anonymous information with third parties, including advertisers, investors and partners. This information does not contain any Personal Information and is used to develop content and services.

We may disclose any information we deem necessary, in our sole discretion, to comply with any applicable law, regulation, court order, subpoena, legal process, or government regulation. We may work with law enforcement officials in investigating activities that are illegal or that violate Evolent’s rules.

INFORMATION SECURITY

Evolent has implemented technical and organizational security measures to help protect against unauthorized access to or unauthorized alteration, disclosure or destruction of Personal Information. We review our systems regularly to help ensure that the security and integrity of Personal Information in our possession is not compromised. Unfortunately, no data transmission over the Internet can be guaranteed to be entirely secure, and we do not assume any liability for any damage suffered by you caused by the interception, alteration, or misuse of information during transmission that is outside of our reasonable control.

Within Evolent, we restrict access to Personal Information to employees, contractors, and agents who need to know that information in order to operate, develop, or improve our programs and services. As described above, we subject our third party contractors and agents to controls to help ensure that they apply suitable protections to any Personal Information they access or receive from us.

CHILDREN

The Evolent website contains business-related content and is specifically aimed at and designed for use by adults. We do not knowingly solicit or collect Personal Information from or about individuals under the age of 13 years. Please contact us if you believe we have collected Personal Information from a child under the age of 13 through this website. If we discover that we have received Personal Information from an individual whom we believe to be under the age of 13 in some other manner, we will delete such information from our systems.

OUR PRIVACY COMMITMENT TO EMPLOYMENT APPLICANTS

We collect information, including personal contact information, education and work history in order to process and consider your application.
We will not sell your application information to unaffiliated third parties for marketing purposes.
The information on your application may be shared with background check services and our affiliates and used for certain regulatory, compliance and legal purposes.

SOCIAL MEDIA

Evolent maintains profiles and/or pages on various social media services, including Facebook and Twitter.
If you choose to “Like” Evolent on Facebook, “Follow” Evolent on Twitter, or take any other similar action on another social media site, you are providing your consent to receive information updates, including solicitations, from us.
To stop receiving this information from Evolent on a social media site, you must follow the procedure established by the site. For example, on Facebook, you must click “Unlike” Evolent’s page, and on Twitter, you must click “Unfollow” on Evolent's profile.

COMMENTS AND COMPLAINTS

Evolent’s Privacy Officer is responsible for implementing and overseeing the administration of the Privacy Policy. To contact Evolent's Privacy Officer or report concerns associated with this Privacy Policy, please call 1-855-387-4427 or visit http://www.mycompliancereport.com. You may also send a letter to:

Privacy Officer, Legal
Evolent
1812 N Moore St
Suite 1705
Arlington, Virginia 22209

We will make reasonable efforts to address the concerns of any individual who objects to the use of his or her Personal Information.

CHANGES TO THIS POLICY

If Evolent changes the Privacy Policy, we will post the revised Privacy Policy here, with an updated revision date. If Evolent makes significant changes to the Privacy Policy, we may also notify you by other means, such as sending an email or posting a notice on our external website.

Revised December 14, 2023

I. INTRODUCTION

This Corporate Social Responsibility Policy (“the CSR Policy”) has been framed by Evolent Health International Private Limited (EHI) in accordance with the Section 135, Schedule VII of the Companies Act, 2013 and CSR Rules issued by the Ministry of Corporate Affairs as amended from time to time.

Unless the context otherwise requires, the definitions mentioned in the CSR rules and Companies Act 2013, shall apply to this CSR Policy.

II. CSR POLICY & PHILOSOPHY

Evolent is committed to operate and grow its business in a socially responsible way with a vision to be a responsible corporate citizen. Evolent has taken up various Corporate Social Responsibility (CSR) initiatives earlier and will continue to do so in future as per the provision provided under this CSR Policy.

Constitution of a Corporate Social Responsibility Committee of the Board and formulation of a Corporate Social Responsibility Policy has become mandatory and applicable to Evolent under the Companies Act, 2013. Accordingly, our Company has formulated this CSR Policy which encompasses its philosophy and guides its sustained efforts for undertaking and supporting socially useful programs.

III. CSR VISION

Evolent Health in the USA aims at changing the health of the nation by changing the way health care is delivered. In an extension of that corporate mission, EHI’s Corporate social responsibility aims at bringing a positive change in the society in which it operates and improving the environment through initiatives taken under this policy.

IV. DEFINITIONS

In this Policy, unless the context otherwise requires:

“Act” shall mean the Companies Act, 2013 including any modifications, amendments or re-enactment thereof.
“Administrative Overheads” shall mean overheads including expenses for ‘general management and administration’ for CSR and exclude expenses directly incurred for the designing, implementation, monitoring, and evaluation of a particular Corporate Social Responsibility project or programme undertaken by the Company.
“Rules” shall mean the Companies (Corporate Social Responsibility) Rules, 2014, including any modifications, amendments or re-enactment thereof.
“Financial Year” shall mean the period beginning from 1st April of every year to 31st March of the succeeding year.
“Net Profits” shall mean the net profits of the Company as defined under the Act and the Rules based on which a specific percentage for CSR expenditure has to be calculated.
“Company/Evolent/EHI” shall mean Evolent Health International Private Limited
“Group Companies” shall mean holding, subsidiaries and associates of the Company.
“Agency” or “Agencies” shall mean any entity established under an Act of Parliament or a State legislature or any section 8 company, registered public trust or a registered society, and
1. registered under section 12A and 80 G of the Income Tax Act, 1961 established by the company, either singly or along with any other company or
2. registered under section 12A and 80G of the Income Tax Act, 1961, and having an established track record of at least three years in undertaking similar activities or
3. established by the Central Government or State Government;
“Board” shall mean the Board of Directors of the Company.
“Approved Budget” shall mean the total budget as approved by the Board of the Company, which is to be spent or utilized for CSR activities.
“Annual Plan” shall mean the annual planned CSR expenditure for the year.
“CSR Committee” shall mean the Corporate Social Responsibility Committee as constituted by the Board of Directors of the Company in accordance with the Act and the Rules made thereunder, comprising of two or more Directors.
“CSR Officer” shall mean a person engaged by the Company to assist the CSR Committee to implement the CSR activities envisaged under the Policy.
“CSR Policy” shall mean this Corporate Social Responsibility Policy of the Company, which covers the yearly activities undertaken by the Company under the policy and the CSR Expenditure thereon.
“CSR Activities” shall mean and include Projects or programs relating to activities areas or subjects specified in Schedule VII to the Act; or Projects or programs relating to activities undertaken by the board of directors of the Company (Board) in pursuance of recommendations of the Committee of the Board as per the CSR Policy of the Company under subjects specified in Schedule VII of the Act.
“CSR Expenditure” shall mean all CSR expenditure as recommended by the CSR Committee and approved by Board of Directors including the following;
1. Contributions to CSR activities which shall be implemented and / or executed by the Company.
2. Contributions to CSR activities which shall be implemented through any Trust / Society / Section 8 Companies / Agencies established / registered to carry on the CSR activities as defined under the Rules.
3. Contribution to the Corpus of a Trust / Society / Section 8 Companies etc., as long as they are created exclusively for undertaking CSR activities or where the corpus is created exclusively for the purpose directly relatable to a subject covered in Schedule VII of the Act.
4. Any other contributions covered under Schedule VII to the Act.
5. any Administrative Overhead expenditure, not exceeding 5% of total CSR expenditure of the company in any given financial year.
6. any expenditure towards creation or acquisition of Capital assets
“Employee” shall mean a person who employs, whether directly or through any person, or on his behalf or on behalf of any person, one or more employees in his establishment and where the establishment is carried on by any department of the Central Government or the State Government, the authority specified, by the head of such department, in this behalf or where no authority, is so specified the head of the department and in relation to an establishment carried on by a local authority, the chief executive of that authority, and includes,— (i) in relation to an establishment which is a factory, the occupier of the factory as defined in clause (n) of section 2 of the Factories Act, 1948 and, where a person has been named as a manager of the factory under clause (f) of sub-section (1) of section 7 of the said Act, the person so named; (ii) in relation to any other establishment, the person who, or the authority which, has ultimate control over the affairs of the establishment and where the said affairs is entrusted to a manager or managing director, such manager or managing director; (iii) contractor; and (iv) legal representative of a deceased employer;

Words and expressions used and not defined in the Policy shall have the same meanings respectively assigned to them in the Act and / or Rules.

V. CONSTITUTION OF CSR COMMITTEE

In terms of section 135 of the Companies Act, 2013 and the Rules made thereunder, Board of Directors of the Company at its meeting held on March 18, 2021 has constituted a CSR Committee and the following are its members;

Sr. no.	Name	Status	Designation
1	Mr. Nitin Deshpande	Chairman	Director
2	Mr. Nikhil Damle	Member	Director

The CSR Committee to, inter alia, carry out the following functions;

To formulate and recommend to the Board, a Corporate Social Responsibility Policy which shall indicate the activities to be undertaken by the Company as specified in Schedule VII of the Companies Act, 2013 and the rules made thereunder.
To recommend the amount of expenditure to be incurred on the CSR activities.
To monitor the implementation by instituting a transparent monitoring mechanism for implementation of the CSR projects or programs or activities undertaken by the company under this CSR Policy.
To carry out any other function as mandated by the Board from time to time and / or enforced by any statutory notification, amendment or modification, as may be applicable, necessary or appropriate for performance of its duties.

VI. CSR ACTIVITIES AND CSR PROGRAMS

Pursuant to Schedule VII of the Companies Act, 2013, the CSR Committee has approved the following activities as “CSR Activities” to be undertaken under the CSR policy of the Company. The Board of Directors has reviewed the said activities and express its consent to the Committee to pursue the said activities under CSR policy of the Company under section 135 of the Companies Act, 2014, Schedule VII and other applicable rules, regulations, notifications etc., issued/to be issued from time to time.

Approved CSR Activities:

(a) Eradicating hunger, poverty and malnutrition, providing emergency medical care, preventive health care, sanitization and safe drinking water.

(b) Promoting education to underprivileged children, supporting socially backward people and helping the differently abled people.

(c) Ensuring environmental sustainability, ecological balance, protection of flora and fauna, animal welfare, agroforestry and conservation of natural resources.

(d) Training to promote nationally recognized sports.

(e) Promoting gender equality, empowering women, setting up homes and hostels for women and orphans; setting up old age homes, day care centres and such other facilities for senior citizens and measures for reducing inequalities faced by socially and economically backward groups.

(f) Contribution to the Prime Minister's National Relief Fund or Prime Minister’s Citizen Assistance and Relief in Emergency Situations Fund (PM CARES Fund) or any other fund set up by the Central or State Government for socio economic development and relief and welfare of the schedule caste, tribes, other backward classes, minorities and women.

(g) Contributions or funds provided to technology incubators located within academic institutions which are approved by the Central Government

(h) Rural development projects

(i) Slum area development

(j) Disaster management, including relief, rehabilitation, and reconstruction activities

(k) Other programmes/ projects relating to the above-mentioned activities and/or activities permitted as part of CSR under the Act.

VII. IMPLEMENTATION

This CSR Policy shall be implemented from the Financial year 2020-2021. The CSR Committee shall, based on the net profits every year, identify the CSR activities including the focus areas, annual budget, planned expenditure and implementation schedule etc. for ensuring appropriate implementation as per the Act. The CSR activities will be carried out / implemented, directly or indirectly through NGO / Agencies identified, established / registered to carry on the CSR activities as defined under the Rules.

VIII. EXPENDITURE NOT COVERED OR RECOGNISED

In terms of the Rules, the following contributions shall not be considered as CSR Expenditure;

(a) Contributions of any amount towards activities undertaken in pursuance of the normal course of business of the Company.

(b) Contributions of any amount, whether directly or indirectly, to any political party or any person associated with a political party.

(c) Amount spent, significantly for the benefit of Employees of the Company or, its Subsidiaries and Associates and their families.

(d) Expenses incurred by the Company for the fulfilment of any other statutory obligations under any law in force in India (such as labour laws, land acquisition act etc.)

(e) Expenses incurred by the Company for one off events such as marathons / awards / charitable contribution / advertisement / sponsorships of TV programs etc. for deriving marketing benefits for its products or services

(f) Any CSR activity undertaken by the Company outside India (except for the training of the Indian sports personnel representing any State or Union territory at the national level or India at International level);

(g) Other contributions / expenses not recognized under the Act / Rules as amended or modified, from time to time.

IX. FUNDING AND ALLOCATION

The Company is required to statutorily spend certain amount towards CSR activities, the details of the funding and allocation of the said expenditure for the CSR activities shall be as follows-

(a) The Company shall, in every financial year, contribute a statutory minimum limit of at least 2% of the average net profits made during the immediate three preceding financial years for the CSR Expenditure.

(b) In the absence of Net Profits in any financial year, the Company endeavours to spend such feasible amount as it may decide.

(c) The CSR Committee shall prepare its annual planned expenditure, for a financial year, for the CSR activities including the CSR approved activities and manner of implementation etc., and submit the same for approval of the Board

(d) The Company shall endeavour to spend the entire amount of statutory minimum contribution limit in a financial year. In the event, the Company is unable to spend such amount in any given financial year, the Board shall specify the reasons for the same in its report to the shareholders in terms of Section 134(3)(o) of the Act.

(e) In case of any surplus remaining out of the CSR activities, it shall not form part of the business profit of a company and shall be ploughed back into the same CSR project or shall be transferred to the Unspent CSR Account and spent in pursuance of CSR policy and annual action plan of the company or transfer such surplus amount to a Fund specified by the Authorities under Schedule VII, within a period of six months of the expiry of the financial year.

(f) In the event the Company spends an amount in excess of requirement provided, such excess amount may be set off against the requirement to spend up to immediate succeeding three financial years subject to the excess amount available for set off shall not include the surplus arising out of the CSR activities, if any, and the Board of the company shall pass a resolution to that effect.

X. MONITORING MECHANISM

The CSR Committee of the Company will coordinate / review the implementation of CSR activities at various areas and report to the Board. The CSR Committee shall meet at least once in a year to monitor the implementation of CSR Plan and its activities. The Committee shall ensure that the CSR Policy, as amended from time to time, is displayed on the company’s website.

The CSR Committee shall place before the Board, a draft annual report on CSR activities as per the specified format, in a board meeting to be held in first quarter of the following year for Board’s review and finalization. The Board shall include in its report to the shareholders, the annual report on CSR activities as per the format specified under the Rules.

XI. REPORTING FORMAT

Periodic reporting on the CSR activities, execution modalities, implementation schedules etc., to the CSR Committee shall be in the following format which may be amended by the CSR Committee from time to time.

XII. DETAILS OF CSR CONTRIBUTIONS MADE BY EHI DURING THE FINANCIAL YEARS

Financial Year	CSR Project or Activity Identified	Sector in which the Project is covered.	Projects or Programs (1) Local area or other (2) Specify the State and district where projects or programs was undertaken.	Amount outlay (budget) project or programs wise.	Amount spent on the projects or programs Sub-heads: (1) Direct expenditure on projects or programs. (2) Overheads.	Cumulative expenditure up to the reporting period.	Amount spent: Direct or through implementing agency
FY 2021 - 22	Pune Platform for COVID-19 Response (PPCR)	(I) Promoting health care including preventive health care	Pune, Maharashtra, India	602,744	602,744	602,744	Direct & through implementing agency
FY 2021 - 22	Project Green Periods	(IV) Ensuring environmental sustainability, ecological balance, protection of flora and fauna and conservation of natural resources	Pune, Maharashtra, India	200,000	200,000	802,744	Direct & through implementing agency
FY 2021 - 22	Tara Sofosh – Institute for specially abled children	(II) Promoting education to the under privileged children, supporting socially backward people, and helping the differently abled people.	Pune, Maharashtra, India	38,472	38,472	841,216	Direct
FY 2021 - 22	Green Earth Project – Plantation of 100 Trees	(IV) Ensuring environmental sustainability, ecological balance, protection of flora and fauna and conservation of natural resources	Pune, Maharashtra, India	500,000	500,000	1,341,216	Direct & through implementing agency
FY 2021 - 22	Distribution of Books for School children	(II) Promoting education to the under privileged children, supporting socially backward people, and helping the differently abled people.	Pune, Maharashtra, India	399,252	399,252	1,740,468	Direct
FY 2021 - 22	Contribution to Sunderji’s Institute of Special School	(II) Promoting education to the under privileged children, supporting socially backward people, and helping the differently abled people.	Pune, Maharashtra, India	81,000	81,000	1,821,468	Direct

FY 2022 - 23	MH 14 Animal Hospital - Earth Charitable foundation	(IV) Ensuring environmental sustainability, ecological balance, protection of flora and fauna, animal welfare, agroforestry and conservation of natural resources	Pune, Maharashtra, India	400,000	400,000	400,000	Direct
FY 2022 - 23	Door Step School Foundation	(II) Promoting education to underprivileged children, supporting socially backward people and helping the differently abled people.	Pune, Maharashtra, India	612,480	612,480	1,012,480	Direct
FY 2022 - 23	Matoshri Orphanage Dighi	(II) Promoting education to underprivileged children, supporting socially backward people and helping the differently abled people.	Pune, Maharashtra, India	8,000	8,000	1,020,480	Direct
FY 2022 - 23	Divyang- Vikas Foot Project - Rotary club of Pune Metro Charitable Trust	(I) Eradicating hunger, poverty, and malnutrition, providing emergency medical care, preventive health care, sanitization, and safe drinking water.	Pune, Maharashtra, India	250,000	250,000	1,270,480	Direct
FY 2022 - 23	Mahatma Gandhi English School - Jeevan Mitra Educational Society	(II) Promoting education to underprivileged children, supporting socially backward people and helping the differently abled people.	Pune, Maharashtra, India	158,125	158,125	1,428,605	Direct
FY 2022 - 23	FPAI - Family Planning Association	(III) Promoting gender equality, empowering women, setting up homes and hostels for women and orphans; setting up old age homes, day care centres and such other facilities for senior citizens and measures for reducing inequalities faced by socially and economically backward groups.	Pune, Maharashtra, India	1,900,000	1,900,000	3,328,605	Direct

FY 2023 - 24	Tree Plantation in August 2023	Schedule VII, item (3) Ensuring environmental sustainability, ecological balance, protection of flora and fauna	Pune, Maharashtra, India	95,000	95,000	95,000	Direct & through implementing agency
FY 2023 - 24	Donation to Manavya for Gokul Project (Health Benefit for Orphans and HIV Positive kids)	Schedule VII, item (2) Promoting education to underprivileged children, supporting socially backward people and helping the differently abled people	Pune, Maharashtra, India	203,242	203,242	298,242	Direct
FY 2023 - 24	MadhurBhav Old Age Home Visit (In collaboration with Team Pune BRG)	Schedule VII, item (5) Setting up old age homes, day care centres and such other facilities for senior citizens	Pune, Maharashtra, India	260,000	260,000	558,242	Direct
FY 2023 - 24	Blood Donation Drive in Pune Office	Schedule VII, item (1) Providing emergency medical care, preventive health care	Pune, Maharashtra, India	0	0	558,242	Direct & through implementing agency
FY 2023 - 24	Mahatma Gandhi School students visit to Evolent Health International office (Awareness about IT environment and company structure to students)	Schedule VII, item (2) Promoting education to underprivileged children	Pune, Maharashtra, India	0	0	558,242	Direct
FY 2023 - 24	Grain Kit Donation for 150 Families in the Village	Schedule VII, item (1) Eradicating hunger, poverty and malnutrition	Rural Maharashtra, India	547,092	547,092	1,105,334	Through implementing agency
FY 2023 - 24	Donation to Shikshanganga	Schedule VII, item (2) Promoting education to underprivileged children	Pune, Maharashtra, India	550,000	550,000	1,655,334	Direct
FY 2023 - 24	Donation to Real Life and Real People	Schedule VII, item (2) Supporting socially backward people	Pune, Maharashtra, India	932,000	932,000	2,587,334	Direct
FY 2023 - 24	Maher – Old Age Home/Orphanage	Schedule VII, item (5) Setting up homes for orphans; Setting up old age homes, day care centres and such other facilities for senior citizens	Pune, Maharashtra, India	374,850	374,850	2,962,184	Direct
FY 2023 - 24	Smile Foundation	Schedule VII, item (2) Promoting education to underprivileged children	Rural Maharashtra, India	500,000	500,000	3,462,184	Direct
FY 2023 - 24	Krantijyoti Savitribai Phule School	Schedule VII, item (2) Promoting education to underprivileged children	Pune, Maharashtra, India	1,107,645	1,107,645	4,569,829	Direct
FY 2023 - 24	Red Cross Society	Schedule VII, item (2) Helping the differently abled people.	Pune, Maharashtra, India	500,000	500,000	5,069,829	Direct

INTRODUCTION

Evolent is committed to ensuring the security of the public, patients, physicians, and other clinical and administrative staff by protecting their information. The Evolent security team acknowledges the valuable role that independent security researchers play in Internet security. This policy is intended to give security researchers clear guidelines for conducting vulnerability discovery activities and to convey our preferences in how to submit discovered vulnerabilities to us. This policy describes what systems and types of research are covered under this policy, how to send us vulnerability reports, and how long we ask security researchers to wait before publicly disclosing vulnerabilities.

We encourage you to contact us to report potential vulnerabilities in our systems. Please review these terms before you test and/or report a vulnerability.

AUTHORIZATION

If you make a good faith effort to comply with this policy during your security research, we will consider your research to be authorized. We will work with you to understand and resolve the issue quickly, and Evolent Health will not recommend or pursue legal action related to your research. As a policy, Evolent does not offer compensation for reported issues.

GUIDELINES

Under this policy, “research” means activities in which you:

Notify us as soon as possible after you discover a real or potential security issue
Make every effort to avoid privacy violations, degradation of user experience, disruption to production systems, and destruction or manipulation of data.
Only use exploits to the extent necessary to confirm a vulnerability’s presence. Do not use an exploit to compromise or exfiltrate data, establish persistent command line access, or use the exploit to pivot to other systems.
Provide us a reasonable amount of time to resolve the issue before you disclose it publicly.
Do not submit a high volume of low-quality reports.

Once you’ve established that a vulnerability exists or encounter any sensitive data (including personally identifiable information, financial information, or proprietary information or trade secrets of any party), you must stop your test, notify us immediately, and not disclose this data to anyone else.

TEST METHODS

The following test methods are not authorized:

Network denial of service (DoS or DDoS) tests or other tests that impair access to or damage a system or data (e.g., Spam, Brute Force)
Physical testing (e.g., office access, open doors, tailgating), social engineering (e.g., phishing, vishing), or any other non-technical vulnerability testing
Destroying or corrupting, or attempting to destroy or corrupt, data or information
Violating any laws or breaching any agreements to discover vulnerabilities

SCOPE

Websites owned or managed by Evolent including, evolent.com and other partnerships/acquisitions.

The following types of findings are authorized for submission:

Authentication bypass
Cross-site request forgery
Cross-site scripting (XSS)
Potential for information disclosure
Remote code execution

The following types of findings are not authorized for submission:

Bugs that only affect legacy or unsupported browsers, plugins, or operating systems
Insecure cookie settings for non-sensitive cookies
Previously submitted bugs
Self-cross-site scripting
Vulnerabilities that apply only to you or your own account
Web server banner disclosure issues

REPORTING A VULNERABILITY

Information submitted under this policy will be used for defensive purposes only – to mitigate or remediate vulnerabilities. If your findings include newly discovered vulnerabilities that affect all users of a product or service and not solely Evolent Health, we may share your report with the Cybersecurity and Infrastructure Security Agency, where it will be handled under their coordinated vulnerability disclosure process. We will not share your name or contact information without express permission.

We accept vulnerability reports via security@evolent.com Reports may be submitted anonymously. If you share contact information, we will acknowledge receipt of your report within 3 business days.

WHAT WE WOULD LIKE TO SEE FROM YOU

In order to help us triage and prioritize submissions, we recommend that your reports:

Describe the location the vulnerability was discovered and the potential impact of exploitation.

Offer a detailed description of the steps needed to reproduce the vulnerability (proof of concept scripts or screenshots are helpful)
Please list any pertinent applications, programs or tools used to in the discovery
Please state date and time testing took place

WHAT YOU CAN EXPECT FROM US

When you choose to share your contact information with us, we commit to coordinating with you as openly and as quickly as possible.

Within 3 business days, we will acknowledge that your report has been received.
To the best of our ability, we will confirm the existence of the vulnerability to you and be as transparent as possible about what steps we are taking during the remediation process, including on issues or challenges that may delay resolution.
We will maintain an open dialogue to discuss issues.
We do not offer bug bounties or compensation for reported issues.

QUESTIONS

Questions regarding this policy may be sent to security@evolent.com. We also invite you to contact us with suggestions for improving this policy.

Privacy Notice

For a copy of our Privacy Notice, email our Compliance Department.

Patient Rights & Responsibilities

For a copy of our Patient Rights and Responsibilities document, email our Quality Management Department or call them at 888-999-7713. You can also download the Patient Rights and Responsibilities.

Connecticut Criteria

To access clinical review criteria utilized for ConnectiCare Commercial Member requests in Connecticut, access ConnectiCare Medical Management Pharmacy Policies and ConnectiCare Medical Management Medical Policy.

To access clinical review criteria utilized for Emblem Commercial Member requests in Connecticut, access Emblem Health Medical Policies.

Kentucky Commercial Members

To access the utilization management procedures and commercial preauthorization list for Humana health plan, access https://www.humana.com/provider/medical-resources/authorizations-referrals/preauthorization-lists

Clinical Criteria for Health Utilization Management Decisions

Evolent applies nationally recognized clinical criteria and standards of care to medical necessity reviews. As available, CMS National and Local Coverage Determination Criteria and Medicare Guidance and CMS recognized Compendia are utilized for Medicare Advantage service requests. Health Plan specific clinical policies and nationally recognized oncology and cardiology consensus guidelines and compendia may also be applied for Medicare, Medicaid and Commercial member reviews.

Clinical criteria utilized to issue an authorization are available upon request by contacting the Evolent Health Utilization Department at:

Evolent
1812 N Moore St
Suite 1705
Arlington, Virginia 22209

Medical Policies

Please note that the following policies are posted for reference only. Based on the member’s benefit coverage, Evolent policies may be utilized for determinations. Health Plan policy or State mandated policy may be used before Evolent policy based on the Health Plan. Medicare determinations will follow the clinical criteria set forth by CMS using National Coverage Determinations (NCD), Local Coverage Determinations (LCD), CMS Guidance documents or the five Compendia approved by CMS for cancer drugs. The policy versions posted may not apply to all health plans. At any time, you may request the specific clinical criteria used in a determination decision.

Oncology | Radiation Oncology | Imaging | Cardiology

Please direct any questions to MedicalPolicyTeam@evolent.com

Affirmative Statement

Evolent’s policy states that utilization review decisions are based only on medical necessity, appropriateness of care and service and the existence of coverage. There are no rewards, bonuses or incentives for practitioners or other individuals for issuing denials or approvals of coverage, service or care. There are no financial incentives for utilization management decision makers to encourage decisions that would result in underutilization or over-utilization. All medical necessity determinations are based upon nationally recognized standards of care and clinical guidelines and are not influenced by financial or in-kind incentives.

ARKANSAS AUTHORIZATION REQUIREMENTS AND CLINICAL CRITERIA

A. Prior Authorization of Non-Urgent Healthcare Service (A.C.A. 23-99-1105)

Evolent (formerly National Imaging Associates, Inc.) acting on behalf of the Health Plan must make an authorization or non-authorization determination and notify the subscriber (member) and provider of the determination/decision within 2 business days of obtaining all information needed to make the determination.

B. Prior Authorization of Urgent Healthcare Service (A.C.A. 23-99-1106)

Evolent acting on behalf of the Health Plan must make an expedited authorization or adverse determination on an urgent request and notify the subscriber(member) and provider of the determination no later than 1 business day after receipt of all information needed to complete the review.

C. Retrospective Denial (A.C.A. 23-99-1108)

Evolent may not revoke (cancel), limit, condition, or restrict an authorization for a period of 45 business days from the date the provider received the authorization.
Any correspondence, contact, or other action by Evolent that disclaims, denies, or attempts to disclaim, or attempts to deny payment for services that have been authorized within the 45-day period is void.

D. Written Clinical Criteria

Any written clinical criteria can be found on RadMD and on the Arkansas Clinical Guidelines page. Per AR SB 318 (ACA 23-99-1104) statistics are made readily available regarding prior authorization approvals and denials.

DELAWARE AUTHORIZATION REQUIREMENTS AND CLINICAL CRITERIA

A. Prior Authorization of Non-Urgent Healthcare Service (HB 381)

Evolent (formerly National Imaging Associates, Inc.) acting on behalf of the Health Plan must make an authorization or non-authorization determination and notify the subscriber (member) and provider of the non-electronic determination/decision within 8 business days of receipt of preauthorization request that contains all necessary information not to exceed 15 calendar days.
Evolent acting on behalf of the Health Plan must make an authorization or non-authorization determination and notify the subscriber (member) and provider of the electronic determination/decision within 5 business days of receipt of the complete electronic request not to exceed 15 calendar days.
Preauthorization for a health care service shall be valid for a reasonable and customary period of time for the service but no less than 60 days from the date that the provider receives the preauthorization, subject to confirmation of continued coverage and eligibility.
Any written clinical criteria can be found on RadMD.

Services requiring preauthorization for Delaware Health Plans:

CT scan of: head/brain/sinus/soft tissue of the neck/ chest (non coronary)/ pelvis/cervical spine/lumbar spine/ thoracic spine/lower extremity/abdomen/heart/heart congenital studies, noncoronary arteries

CT angiography of: chest/pelvis/upper extremity/lower extremity/ abdomen/pelvis/abdominal arteries

MRI of: the face/neck/brain/cervical spine/lumbar spine/thoracic spine/upper joint extremity/lower extremity/hip/abdomen/heart/breast¹

MRA of: head/neck/chest (excluding myocardium)/spinal canal/pelvis/upper extremity/lower extremity/abdomen

PET scan of: heart/brain PET PET Scan with concurrently acquired CT for attenuation correction and anatomic, localization. PET imaging whole body, melanoma for non-covered indications/ PET imaging, any site, not otherwise specified/ PET imaging, initial diagnosis of breast cancer and/or surgical planning for breast cancer

Diagnostic CT colonoscopy (virtual colonoscopy, CT colonography)

Coronary Artery Ca Score, Heart Scan, Ultrafast CT Heart, Electron Beam CT

CTA coronary arteries (CCTA)

MR Spectroscopy

Myocardial Perfusion Imaging – Nuclear Cardiology Study

Low Dose CT For Lung Cancer Screening

Mandatory notification required for stress Echocardiography

¹Breast MRI does not require preauthorization for Exchange members

ILLINOIS PRIOR AUTHORIZATION OF HEALTHCARE SERVICES AND CLINICAL CRITERIA

(compliance with Illinois 215 ILCS 200/25 & 200/30)

Evolent (formerly National Imaging Associates, Inc.) acting on behalf of the Health Plan must complete an authorization determination and notify the subscriber (member) and provider of the determination/decision for non-urgent requests within 5 calendar days after receipt of a preauthorization request that contains all necessary information, but not to exceed 15 calendar days after receipt of the request.
Evolent acting on behalf of the Health Plan must complete an authorization determination and notify the subscriber (member) and provider of the determination/decision for urgent requests within 48 hours after receipt of a preauthorization request that contains all necessary information, but not to exceed 72 hours after receipt of the request.
Any written clinical criteria can be found on RadMD. Illinois prior authorization state reports are also available.

Services requiring preauthorization for Illinois Health Plans:

Radiology / Cardiac:

CT scan of: head/brain/sinus/soft tissue of the neck/chest (non coronary)/ pelvis/cervical spine/lumbar spine/thoracic spine/lower extremity/abdomen/heart/heart congenital studies, noncoronary arteries
CT angiography of: chest/pelvis/upper extremity/lower extremity/ abdomen/pelvis/abdominal arteries
MRI of: the face/neck/brain/cervical spine/lumbar spine/ thoracic spine/upper joint extremity/lower extremity/hip/abdomen/heart/breast¹
MRA of: head/neck/ chest (excluding myocardium)/ spinal canal/pelvis/upper extremity/lower extremity/abdomen
PET scan of: heart/brain; PET Scan with concurrently acquired CT for attenuation correction and anatomic, localization. PET imaging whole body, melanoma for non-covered indications/ PET imaging, any site, not otherwise specified/ PET imaging, initial diagnosis of breast cancer and/or surgical planning for breast cancer
Diagnostic CT colonoscopy (virtual colonoscopy, CT colonography)
Coronary Artery Ca Score, Heart Scan, Ultrafast CT Heart, Electron Beam CT
CTA coronary arteries (CCTA)
MR Spectroscopy
Myocardial Perfusion Imaging – Nuclear Cardiology Study
Stress Echocardiography
Echocardiography (TTE/TEE)
Low Dose CT For Lung Cancer Screening
MUGA Scan

Physical Medicine:

Physical Therapy
Occupational Therapy
Speech Therapy

Interventional Pain Medicine:

Sacroiliac Joint Injection
Cervical/Thoracic Interlaminar Epidural
Cervical/Thoracic Transforaminal Epidural
Lumbar/Sacral Interlaminar Epidural
Lumbar/Sacral Transforaminal Epidural
Cervical/Thoracic Facet Joint Block
Lumbar/Sacral Facet Joint Block
Cervical/Thoracic Facet Joint Radiofrequency Neurolysis
Lumbar/Sacral Facet Joint Radiofrequency Neurolysis

¹Breast MRI does not require preauthorization for Exchange members

MASSACHUSETTS STANDARD IMAGING PRIOR AUTHORIZATION FORMS

Chapter 176O Section 25 of the Massachusetts General Laws requires that health insurance carriers use standard prior authorization forms when reviewing requests for certain imaging services.

Based on the work of the Mass Collaborative, an organization of health plans, provider organizations and professional associations, standard prior authorization request forms have been developed and approved by the Massachusetts Division of Insurance (DOI). These forms will be accepted by all health plans.

Effective November 1^st Evolent, (formerly National Imaging Associates, Inc.) will begin accepting the following imaging prior authorization forms approved by the DOI. Completed forms can be faxed to Evolent at 1-888-656-6648. Providers can also continue to submit prior authorization requests through the Evolent Call Center and RadMD.

This change applies to members in Fully Insured Massachusetts plans including PPO, POS and HMO.

Cardiac Imaging

CT/CTA/MRI/MRA

PET-PET CT

MASSACHUSETTS AUTHORIZATION REQUIREMENTS AND CLINICAL CRITERIA

A. Prior Authorization of Non-Urgent Healthcare Service

Evolent (formerly National Imaging Associates, Inc.) acting on behalf of the Health Plan must make an authorization or non-authorization determination and notify the subscriber (member) and provider of the determination/decision within two (2) business days of obtaining all information needed to make the determination. The rendering provider must be notified of the decision by telephone within twenty-four (24) hours thereafter.

B. Prior Authorization of Urgent Healthcare Service

Evolent acting on behalf of the Health Plan must make an expedited authorization or adverse determination on an urgent request and notify the subscriber (member) and provider of the determination no later than seventy-two (72) hours of receipt of request.

NEW MEXICO AUTHORIZATION REQUIREMENTS AND CLINICAL CRITERIA

A. Prior Authorization of Non-Urgent Healthcare Service (NMAC 13.10.31.8)

Evolent (formerly National Imaging Associates, Inc.) acting on behalf of the Health Plan must make an authorization or non-authorization determination within the below timeframes:

NM ST § 59A-22B-5

7 business days upon receipt of necessary information otherwise it is deemed approved.
24 calendar hours from request for expedited cases otherwise deemed approved.
Any written clinical criteria can be found on RadMD.

For Presbyterian Health Plan, Inc and Presbyterian Insurance Company, Inc. only:

Presbyterian utilizes the Uniform Prior Authorization Form pursuant to the New Mexico Administrative Code (NMAC) 13.10.31.10. The form may be found here.

RBM/Cardiac Services requiring preauthorization for all New Mexico Health Plans:

CT angiography of: chest/pelvis/upper extremity/lower extremity/abdomen/pelvis/abdominal arteries

MRI of: the face/neck/brain/cervical spine/lumbar spine/thoracic spine/upper joint extremity/lower extremity/hip/abdomen/heart/breast¹

MRA of: head/neck/chest (excluding myocardium)/spinal canal/pelvis/upper extremity/lower extremity/abdomen

PET scan of: heart/brain PET PET Scan with concurrently acquired CT for attenuation correction and anatomic, localization. PET imaging whole body, melanoma for non-covered indications/PET imaging, any site, not otherwise specified/PET imaging, initial diagnosis of breast cancer and/or surgical planning for breast cancer

Diagnostic CT colonoscopy (virtual colonoscopy, CT colonography)

Coronary Artery Ca Score, Heart Scan, Ultrafast CT Heart, Electron Beam CT

CTA coronary arteries (CCTA)

MR Spectroscopy

Myocardial Perfusion Imaging – Nuclear Cardiology Study

Low Dose CT For Lung Cancer Screening

Stress Echocardiography

MSK Services requiring preauthorization for Presbyterian Health Plan:

Spine Surgery (Lumbar and Cervical)

Therapy Services requiring preauthorization for Western Sky Health Plan:

Physical Therapy, Speech Therapy, and Occupational Therapy

¹Breast MRI does not require preauthorization for Exchange members