HIPAA Compliance Statement

This information lets you know that Blue Cross Blue Shield of Michigan meets the federal requirements for the security and privacy of your protected health information.

In 1996, Congress passed the Health Insurance Portability and Accountability Act, or HIPAA, and provided important security measures for protected health information, or PHI.

In 2009, Congress passed the Health Information Technology for Economic and Clinical Health Act, also known as HITECH, and The U.S. Department of Health and Human Services, or HHS, published the Interim Final Rules. The Interim Final Rules strengthen the privacy, security and enforcement provisions around protected health information compliance.

In 2013, The U.S. Department of Health and Human Services published the HIPAA Final Rule. Some highlights of the HIPAA Final Rule include:

  • Genetic information is now protected health information. The Genetic Information Nondiscrimination Act, or GINA, governs the use of genetic information. 
  • The rule provides guidance for the sale of protected health information and the use of protected health information for marketing.
  • The rule requires us to explain certain rights through our Notice of Privacy Practices. We will let members know when a new Notice of Privacy Practices is available.
  • Business associates need to follow the security rule and most provisions of the privacy rule. 
  • "Breach" has a new definition.

Blue Cross Blue Shield of Michigan and Blue Care Network implemented the requirements of the HIPAA rules.

For more information on our privacy practices, visit online privacy practices.

Authorized and Personal Representatives

Members may allow BCBSM to give protected health information to: Authorized Representatives, Personal Representatives and Next of Kin.

Authorized Representatives may:

This Member Consent only allows the Authorized Representative to receive PHI from BCBSM and doesn't allow the Authorized Representative to make decisions on behalf of the member or make decisions related to the member’s health care and treatment.

Personal Representatives may:

  • Complete the Request for Release of Member's Protected Health Information (PDF) and attach one of the documents listed below as support.
  • Submit one of the legal documents listed below to receive a member’s protected health information.
  • Get information and make changes to the contract as described in the form or legal document.

Next of Kin may:

Authorized and Personal Representative Documents accepted by Blue Cross

  • Durable Power of Attorney - A written document in which one person, the member, appoints another person to act as an agent on his or her behalf.
  • Patient Advocate - A written document that appoints a person or entity to help a patient work with others who have an effect on the patient’s health, including doctors, insurance companies, employers, case managers and lawyers.
  • Executor of a Deceased Individual's Will - A court order indicating that per an individual’s will he or she chose an executor, or executrix, to administer that will after his or her death. The executor should be named in the will itself.
  • Trustee of Deceased Individual - A document that designated a trustee to administer the trust and manage the trust property for the benefit of any beneficiaries.
  • Guardian - A person who has been appointed by a judge to take care of a minor child and or manage that person’s affairs.
  • Conservator - A conservator is a person or entity appointed by a court to manage the property, daily affairs and financial affairs of another person. 


Privacy issues: To report a concern or if you think your protected health information has been compromised, please call us at 1-800-552-8278 or email us. Don't include any protected health information in your email. 

Other issues: For customer service, call the number on the back of your member ID card.