Online Privacy Practices
Select a topic below to learn more:
Protection of your PHI
Privacy practices for internet-based communications
Personal information Blue Cross collects and how it is used
Protecting online interactions
Voluntary online customer surveys
About banner ads
Links from our site
Where to direct questions about our online privacy practices
Revisions to online privacy practices
Blue Cross Blue Shield of Michigan understands the importance of keeping your health information private. We follow strict privacy policies in accordance with state and federal law. If you have questions or would like additional information regarding our privacy practices, please call 313-225-9000.
The BCBSM/BCN Notice of Privacy Practices (PDF) complies with updated regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Notice of Privacy Practices applies to all Blue Cross Blue Shield of Michigan, Blue Care Network and Blue Cross Complete of Michigan members, except for members who get a separate Notice of Privacy Practices from their employer.
Our Notice of Privacy Practices tells you that:
- We won’t use your protected health information for marketing communications except where the law permits.
- You have the right to be notified if there’s a security breach that involves your protected health information.
- We won’t use or disclose genetic information for underwriting purposes.
- In certain circumstances, you have the right to make a written request for an electronic copy of information that we keep in a designated record set.
- We won’t use or disclose your protected health information in any way other than those described in our Notice of Privacy Practices unless we have a signed authorization.
To get more information about your rights under HIPAA, visit our HIPAA compliance page. To get copies of individual rights forms, please visit our Protected Health Information and Privacy Forms page.
We keep your protected health information, or PHI, safe according to state and federal regulations. We have the following measures in place to protect all verbal, written and electronic PHI:
- Security and privacy training for all employees
- Access is limited to business needs
- Background checks for all employees and contracted staff
- Verification of callers
- Required use of headsets during phone calls
- Voicemail messages that include members’ PHI are erased daily
- Strong passwords required within the electronic system
- Passwords are changed frequently
- Hard drives are encrypted
- PHI is stored in a locked environment
- Secured printers that require badge access
- Employees are trained to be mindful of public conversations so they don't accidentally disclose any PHI
When you use the internet to communicate with us, we make the following pledge:
- We consider any and all internet communications as private and confidential unless otherwise clearly stated.
- We will monitor and audit security controls to ensure that internet privacy protection is maximized at all times.
- We will publish our internet security and privacy practices as new technologies evolve.
Blue Cross collects information from users of our site. We use personal information to customize your internet transaction. Generally, we do not share with third parties the personal information you supply when conducting transactions on our website. And generally, unless you specifically key in personal information on our website, you browse our website anonymously, which means personal information is not collected. We may collect your personal information, such as name, address, etc., using a secure session when you initially register with us at this website or if you engage in a transaction that requires an electronic signature, for example.
In addition to personal information, we also gather information on the use of our website, including domain name, number of hits, pages visited, length of user session and so forth to evaluate the usefulness of our site.
When you use our online services, you may be asked to provide personal information that is necessary for us to process your request. To ensure your transaction remains confidential, the information is sent to us using an encrypted form in a "secure session" established with Secure Socket Layer (SSL). We also require the use of authentication, such as user ID and password, which allows us to verify your identity when you access our online services. We also use firewall technology to safeguard your information from outside access.
- Choose unique passwords. Don't use your Social Security number, birth date, middle name, names of spouse or children, or anything else that someone could easily guess as a password.
- Do not share your user ID and password with anyone else.
- After you have submitted information online, we recommend that you close your browser before leaving your computer. This practice ensures you are not leaving personally identifiable information on the computer for those who may use it after you. This is especially important if you are using a computer in a public place.
- Do not leave your computer unattended during an online session.
- Contact us immediately at 1-888-417-3479 if you suspect that someone has accessed your information online without your authorization.
We do not offer encrypted email. As a result, when our website users send email inquiries to us, the return email address may be used to respond to the email inquiry. We do not use the return email address for any other purpose, nor will we share it with any third parties.
For private inquiries including those containing Protected Health Information, contact Customer Service.
We periodically conduct two types of surveys on our corporate website. General surveys on our site are randomly generated for all users. Specific surveys are offered to Blue Cross Blue Shield of Michigan members only within the secure member area.
We encourage you to participate in these surveys because they provide us with important information to improve the services we offer. Your personal information and responses remain strictly confidential. Participation in our surveys is voluntary.
All responses to our surveys are aggregated to create summarized results (such as gender, age or other demographic information). We then use the summarized results to improve the quality of our services to you.
A "cookie" is a piece of information that is sent to your browser along with a web page when you sign-on to a website. It is a unique identifier that a web server places on your computer. There are two types of cookies: (1) session cookies and (2) persistent cookies.
A session cookie is a text string (line of text) that is stored in computer memory temporarily. Session cookies are used to enable a website to track the pages you visit during a session so that information can be customized for you. Once you exit the website, the session cookie is destroyed.
Any site banner ads link you to areas of interest only within our website. We do not show banner ads for external websites.
We have links from our website to a number of different health care-related sites. We provide these links as a courtesy to help you find information. We are not responsible for the performance or content of sites linked from BCBSM.com since they are beyond our control. We recommend you read the privacy statements on the sites you visit to understand their individual privacy practices.
In compliance with the Children's Online Privacy Protection Act of 1998 (COPPA), we do not knowingly solicit data from children under 18 years of age and we do not knowingly market to children under 18 years of age.
We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.
If you have any questions about our online privacy practices, call 313-225-9000.