The JPA Health Privacy Policy was last updated on February 7, 2023.

JPA Health (“JPA”, “we”, “us” or “our”) is committed to maintaining your privacy and recognize the importance of providing protection for any personally identifiable information that you choose to share with us or that we maintain about you (“Personal Information”). JPA is headquartered in the United States.  This Privacy Policy sets out how we treat Personal Information we collect through this website, (“Website”) and describes how you may contact us regarding our privacy practices.  Please read this Privacy Policy thoroughly. If you disagree with the way personal information will be used, please do not use this Website.


We welcome your comments regarding this Privacy Policy and our privacy practices. If you have questions about this Policy or believe that we have not adhered to it, please contact us. You can contact us by email, or regular mail and we will respond to your query within 30 days.


1101 Connecticut Ave, NW,
Suite 600
Washington, DC 20036


We collect information you voluntarily give us and automatically from your device.

Information you voluntarily give us

You have the option to voluntarily provide personal information, such as your full name, company, job title, industry, phone number, and email address through our website to receive the latest news and content from JPA, like our newsletter, articles, white papers, and in-depth reports.

In addition, JPA collects information from you when you apply for a job or internship, submit a request for a proposal (“RFP”) for your project from us, or request information from us, including such items as your name, email address, phone number, and resume. If you intend to provide us with information of a prior supervisor, reference, or other third party, it is your responsibility to obtain such third party’s consent to provide this information to us. You are responsible for the information that you provide or make available, and you must ensure that it is legal, truthful, accurate, and in no way misleading. You must ensure that the information you provide does not contain any material that is infringing on any rights of any third party, or otherwise legally actionable by such third party.

Information We Collect From Your Device

We may collect your Personal Information automatically from your device by using technologies, such as cookies, pixels, third party tags, scripts, log files and other means to automatically collect information about the use of our Website in an aggregated, pseudonymous or de-identified manner.  Further information about our use of cookies and tracking can be found in our Cookie Policy.


We do not share your contact, proposal or employment information with third parties, unless you request us to do so.  However, we may share some of your Personal Information with business partners who provide us with technical services, such as website security or computing infrastructure. They will be granted access to only that information which is necessary for them to do their jobs. Any agents to whom we grant access to Personal Information are contractually barred from using or releasing that information outside of the specific task we have asked them to perform. We have various agreements, policies, safeguards and certifications to ensure that these agents do not sell, distribute or use Personal Information. We may also share your Personal Information if required by law, to enforce or pursue legal rights, or in the event of an acquisition or merger by our company.


We collect contact Personal Information for the purpose of identifying and communicating with prospects and employee candidates. We work with agencies, advertisers, ad networks, and other technology services to place ads about our products and services on other websites and services.

We use analytics services from our third-party partners, such as Google Analytics, in an aggregated, pseudonymous or de-identified manner to help us understand how users access and use the Website. We also use features within these analytics services, such as Google Signals in Google Analytics 4, to further understand the visitor journey on the website. Google Signals specifically collects cross-device data from Google website visitors that have enabled personalized advertising within their Google account. Users can opt-out of Google Analytics features through ad settings on mobile apps, ad settings in a google account, and through the NAI’s consumer opt-out facility.


We will retain your Personal Information for as long as the information is needed to respond to your query, provide our services to you, process your application for employment, inform you of additional or future employment or service opportunities and for any additional period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.


You have the right to obtain a copy of, correct, or request deletion of Personal Information.  To do so, contact us at  California residents, please note, that at this time our business does not fall within the scope of the California Consumer Privacy Act (“CCPA”).  However, if there is a concern you have about our use or collection of your Personal Information, please contact us at so that we can work towards a resolution with you. Once subscribed to our mailing list, you may update your communication preferences at any time by accessing the unsubscribe link from the footer of any JPA email.


Your browser settings may allow you to automatically transmit a “Do Not Track” signal to online services you visit. Note, however, there is no industry consensus as to what site and app operators should do with regard to these signals. Accordingly, unless and until the law is interpreted to require us to do so, we do not monitor or take action with respect to “Do Not Track” signals.


JPA understands the need to protect the privacy of children.  The Site is not intended for use by individuals under 13 years of age. JPA does not knowingly collect or maintain Personal Information from children under the age of 13 at our Site.

The Website is intended for general audiences and is not directed at children. We do not knowingly collect Personal Data (as defined by the Children’s Privacy Protection Act, or “COPPA”) from children. If you are a parent or guardian and believe we have collected Personal Data in violation of COPPA, contacts us at We will remove the Personal Data in accordance with COPPA.


We use a variety of methods, such as firewalls, intrusion detection software and manual security procedures, designed to secure your data against loss or damage and to help protect the accuracy and security of Personal Information and to prevent unauthorized access or improper use. Nevertheless, transmission via the internet is not completely secure and we cannot guarantee the security of information about you. If you think that the Website or any Personal Information is not secure or that there has been unauthorized access to the Website or your Personal Information, please contact immediately.


Any changes to this Privacy Policy will be promptly communicated on this page and you should check back to see whether there are any changes. Continued use of the Website after a change in the Privacy Policy indicates your acknowledgement and acceptance of the use of Personal Data in accordance with the amended Privacy Policy.


JPA is located in the United States. Your data may be transferred to and processed in the United States. Subject to certain exceptions and the jurisdiction in which you live, if you are located in the EU or UK, the General Data Protection Regulation (“GDPR”) and Data Protection Act of 2018 provide you with specific rights regarding your Personal Data.

Basis for Transferring Your Data

The United States has not sought or received a finding of “adequacy” from the under Article 45 of the GDPR.  We rely on derogations for specific situations as set forth in Article 49 of the GDPR. Your Personal Data (as defined by the GDPR) is transferred to us for the following reasons:

  • You consented to the transfer;
  • The transfer is necessary to perform a contract to which you are or will become a party;
  • The transfer is necessary for compliance with a legal obligation to which the Data Controller is subject;
  • The transfer is necessary in order to protect your vital interests or the vital interests of another natural person.
  • The transfer is necessary for the performance of a task carried out in the public interest or in the exercise of official authority vested in the Data Controller; or
  • The transfer is necessary for the purposes of the legitimate interests pursued by the Data Controller or by a third party.

Your Rights

You have the the following rights:

  • The right of access:

You can access Personal Data we hold about you, know the origin of this Personal Data and obtain a copy in an understandable format. You do not have to justify your request to exercise your right to access.

  • The right to rectification:

If your Personal Data is inaccurate, you have the right to have such data rectified.

  • The right to erasure:

You may request the erasure or deletion of the Personal Data we hold on you. This is not an absolute right since we may have to keep your Personal Data for legal or legitimate reasons.

  • The right to object to the processing of your Personal Data:

When we process your Personal Data based on our legitimate interest, you may at any time object to the processing of your Personal Data for reasons relating to your personal situation. We may nevertheless, on a case-by-case basis, reject such a request by pointing out the legitimate or legal reasons reasons justifying the processing of this data which may prevail over your request.

  • The right to restrict processing:

In certain situations you can limit how your Personal Data is processed, so that we cannot use it or process it in any other manner.

  • Right to object to data processing for direct marketing purpose:

You may unsubscribe or object, at any time and without any justification, to the reception of direct marketing communications. Either click on the link in the footer of the communications you receive from us or send us an email at with the word unsubscribe in the subject field of the email.

  • The right to data portability:

You may request the Personal Data you provided to us in a structured, commonly used and machine-readable format, for personal use or to share with a third party of your choice. This right only applies to Personal Data you provided us with which was processed through automated means, if this processing is based on your consent or the performance of a contract and does not affect the rights or freedoms of others.

  • The right to withdraw your consent to the processing of your Personal Data at any time:

If you are unsatisfied with the way we process your Personal Data, subject to certain restrictions, you can withdraw your consent by emailing us at

You may also lodge a formal complaint with your local Data Protection Authority. Click here to find your Data Protection Authority in the UK or here to find you Data Protection Authority in the EU..

Data Retention

We will retain your Personal Data for as long as the information is needed to respond to your query, provide our services to you, process your application for employment, inform you of additional or future employment or service opportunities and for any additional period necessary to comply with our legal obligations, resolve disputes, and enforce our agreements.

Exercising Your Rights

You can exercise your rights by emailing us at In most cases we will respond within thirty (30) days to your request. This timeframe may be extended by two months depending on the complexity of the request or the number of requests received, in which case we will inform you within one month of receiving your request, specifying the reasons for extending the response timeframe. We may not always be able to fully address your request, for example if it would impact the duty of confidentiality we owe to others, or if we are legally entitled to deal with the request in a different way. If we cannot fully address your request, we will let you know and explain the reason why your request was denied.

If Personal Data about you has been processed by us as a “processor” on behalf of another party and you wish to exercise your rights under this Policy, please inquire with party acting as “controller”. If you wish to make your request directly to us, please provide the name of our client on whose behalf we processed your Personal Data. We will refer your request to that client, and will support them to the extent required by applicable law in responding to your request.


This Privacy Policy has been designed to be accessible to people with disabilities. If you experience any difficulties accessing the information here, please contact us at

If you consider that we are not complying with this Privacy Policy, if you have any questions in relation to this Privacy Policy, or have questions about your rights and choices, please contact