Note on HIPAA and Protected Health Information
Links to the NPPs of our affiliated entities are included below for review:
1. Information That We Collect
We collect personal information from and about you in a number of ways. Personal information means individually identifiable information such as your name, email address, and demographic information if you choose to complete an online form. We leverage various tools, components, and features (as described below), in accordance with applicable law, to collect personal information to conduct our business operations, including understanding our users, maintaining and optimizing our online services, and customizing your user experience. Most of the information we collect, use, and disclose through use of our online services is PHI.
How you interact with a particular Highmark Health online service will generally determine the type and amount of personal information we collect. For general website browsing, we capture basic information such as your browser type, IP address, device hardware model, referring URL, as well as server log information such as session time, click streams, and crash reports. For other features, such as use of a secure portal, we may need to verify your identity through a login process and collect sufficient personal information to provide a response or administer the service requested.
What follows below are further details regarding the personal information we collect, use, and disclose for our business purposes.
Highmark Health offers online inquiry forms on our corporate-owned websites for account questions or to learn more about our products and services. The personal information we collect on inquiry forms generally includes your name, address, phone number, email address, and the details of your inquiry. By submitting personal information, you grant Highmark Health the right to transmit, monitor, retrieve, store and use your information in connection with the operation of the website. We may use such information to review and respond to your request or communication, or use contracted service providers to do that for us. We may also use information collected through online forms as stated in Section 2 below.
Highmark Health has established secure portals for use by our customers and business partners. When secure portals are accessed, we collect certain personal information, such as user ID and password, IP address, click streams, and related session data. Communications sent by users through these secure portals may also be recorded in transaction logs to monitor content, compliance with applicable law and regulations, or functionality of the services. We may also use information collected through secure portals as stated in Section 2 below.
You may be invited by your mobile device to use fingerprint, facial recognition, or similar biometric technology to login to our online service. When a biometric login is enabled, our online services recognize that you have selected this as a preference and have been authenticated through your mobile device, and you are permitted to access our online services accordingly. When you use biometric login functionality on our online services, we do not collect any of the actual biometrics (e.g., fingerprints or facial images); that is managed and maintained on your mobile device and by the mobile device manufacturer (e.g., Apple, Samsung).
Our online services may use the location services functionality on your mobile device and thereby collect your geolocation data. We use geolocation data to assist you in finding geographically-based products and services, and to provide you with relevant content based on your location. We may also use information collected through location services as stated in Section 2 below.
Our online services collect certain personal information when being run on a mobile device; for example, if one of our mobile applications is downloaded, we collect information about the device type, its software/operating system, and device identifier. We use this information to assess our general user base and to improve our technical support capabilities. We may also use information collected from your mobile device as stated in Section 2 below.
A cookie is a small text file that is stored on a computer or other internet-connected device when it accesses a digital resource. Cookies can capture user information such as IP address, internet browser and operating system type, the date and time of a digital interaction, session information such as page response times, your search history, saved preferences and password information (if a user elects to have a website remember this information), information about the referring URL, click stream to and through and from our online services.
Highmark Health’s online services use first-party cookies (ones we create and configure) to support our digital resources, monitor their performance, enhance the user experience, and assess information about our user base. We may gather and use information obtained from first-party cookies to provide customers and prospects with tailored content and optimize our offerings.
We also use third-party cookies (ones we do not create or configure), in accordance with the requirements of applicable law, to help assess our user base, understand a user’s digital journey from external sources to our online services, and optimize our offerings in the market. In the event that third-party cookies are used to deliver relevant ads of interest, you can review and manage applicable third-party ad cookies by navigating to the following links provided by the Network Advertising Initiativeand the Digital Advertising Alliance.
Cookies employed on our online services include the following types:
Strictly necessary: cookies which enable various underlying resource features and functionalities such as authenticating users.
Functional: cookies which support enhanced browsing experience and personalization.
Performance/Analytics: cookies which help us evaluate the effectiveness of digital resources, understand user patterns, and measure errors.
Most internet browser settings can be modified by users to attempt to block cookies (e.g., choosing a “do not track” or "global privacy control" setting). Also, you should be aware that blocking cookies could prevent a particular online service or certain features from fully functioning. We are not responsible for and make no representations or claims regarding the effectiveness of third party opt-out mechanisms or programs. Please note that if you delete your cookies or upgrade your browser after having opted-out, you will need to opt-out again to reaffirm your selections.
When you click a third-party widget and leave our site, Highmark Health makes no representations or warranties regarding third-party platforms or components, their content, data management, or security. To be an informed consumer, you should review the privacy standards of the applicable third parties.
Redirecting Hyperlinks and Embedded Third-Party Media
Our online services may contain redirecting hyperlinks or embedded third-party media content, as applicable; an example includes YouTube videos which may exist as tile images that redirect to YouTube when clicked, or as embedded files which begin playing on our web pages when clicked. This third-party content is not managed or configured by Highmark Health, which means we do not control any code which may be linked to this content by the media host, and we do not control any data collection which might occur as a result of such code. By viewing any embedded third-party media content on our online services, as applicable, users acknowledge, accept, and expressly consent to any associated data collection, use, and disclosure which might occur between Highmark Health and the media host.
2. Use, Access, and Disclosure Of This Information
Highmark Health uses the information collected through our online services for the specified purposes stated in Section 1 above. Additional uses include:
Provide product, program, and service updates, event notices, details about new offerings, and announcements of interest.
Update and maintain information about users.
Monitor the effectiveness of our online services and features.
Ensure our digital resources function as intended and meet our users’ expectations.
Help us authenticate you as an authorized user and unique individual.
Evaluate your individual experience across our digital properties and help us assess and optimize our products, programs, services, and digital offerings.
Carry out our marketing, advertising, and general commercial business purposes.
We may also use your personal information to provide you with access to information about additional products, programs, and services offered by our family of companies or our business partners. You may remove yourself from certain communication channels or programs at any time — just follow the opt-out instructions included in those specific communications.
Disclosure To Service Providers
Highmark Health may disclose your personal information collected through its online services to service providers that are contracted by Highmark Health to support our functions. For example, a service provider may have access to your information to perform a specific task such as sending you a survey or a newsletter. Highmark Health’s service providers are bound by contract to follow robust data privacy and security standards, and to handle your personal information with due care.
Links to External Websites
Disclosure To Comply With Law, Respond To Legal Requests, Prevent Harm, and Protect Our Rights
Highmark Health may disclose your personal information to courts, law enforcement, governmental oversight agencies, and other appropriate regulatory bodies as permitted or required by applicable law, or if such disclosure is reasonably necessary to:
Comply with legal obligations.
Comply with legal process and to respond to claims asserted against Highmark Health.
Respond to verified requests in relation to a criminal investigation or alleged or suspected illegal activity, or any other activity that may expose us or any of our users to legal liability.
Protect the rights of Highmark Health, its employees, customers, business partners, or the public.
3. Other Relevant Data And Consumer Protection Laws
Children's Online Privacy Protection Act (COPPA)
Our online services are not generally intended for, nor made available to, children under the age of 13, and we typically do not make attempts to collect, use, or disclose information from children under the age of 13, unless otherwise permitted or required by applicable law.
European Union General Data Protection Regulation (GDPR)
Some of our entities or product lines may be subject to certain obligations set by the GDPR. With respect to our entities or product lines that may be subject to GDPR, a separate notice aligned to GDPR’s requirements will be made available on the public websites of the applicable entities.
State Consumer Privacy Laws
Some of our entities may be subject to certain obligations set by state consumer privacy laws, such as those enacted in California and Colorado, among other jurisdictions. These laws require the posting of a consumer notice regarding data collection, use, and disclosure activities. With respect to our entities that may be subject to this type of requirement, one or more separate notices aligned to those specific state laws will be made available on the public websites of the applicable entities.
All references to “Highmark” in this document are references to the Highmark company that is providing the member’s health benefits or health benefit administration and/or to one or more of its affiliated Blue companies. This website is operated by Highmark, Inc. and is not the Health Insurance Marketplace website. It also does not display all Qualified Health Plans available through the Health Insurance Marketplace website. To see all available Qualified Health Plan options, go to the Health Insurance Marketplace website at HealthCare.gov.
Highmark Blue Cross Blue Shield or Highmark Blue Shield are Medicare Advantage HMO, PPO, and/or Part D plans with a Medicare contract. Enrollment in these plans depends on contract renewal. ®Blue Cross, Blue Shield and the Cross and Shield symbols are registered service marks of the Blue Cross Blue Shield Association, an association of independent Blue Cross and Blue Shield plans. Benefits and/or benefit administration may be provided by or through the following entities, which are independent licensees of the Blue Cross Blue Shield Association: Western and Northeastern PA: Highmark Inc. d/b/a Highmark Blue Cross Blue Shield, Highmark Choice Company, Highmark Health Insurance Company, Highmark Coverage Advantage Inc., Highmark Benefits Group Inc., First Priority Health, First Priority Life or Highmark Senior Health Company. Central and Southeastern PA: Highmark Inc. d/b/a Highmark Blue Shield, Highmark Benefits Group Inc., Highmark Health Insurance Company, Highmark Choice Company or Highmark Senior Health Company. PA: Your plan may not cover all your health care expenses. Read your plan materials carefully to determine which health care services are covered. For more information, call the number on the back of your member ID card or, if not a member, call 866-459-4418. Delaware: Highmark BCBSD Inc. d/b/a Highmark Blue Cross Blue Shield. West Virginia: Highmark West Virginia Inc. d/b/a Highmark Blue Cross Blue Shield, Highmark Health Insurance Company or Highmark Senior Solutions Company. Visit our website to view the Access Plan required by the Health Benefit Plan Network Access and Adequacy Act. You may also request a copy by contacting us at the number on the back of your ID card. Western NY: Highmark Western and Northeastern New York Inc. d/b/a Highmark Blue Cross Blue Shield. Northeastern NY: Highmark Western and Northeastern New York Inc. d/b/a Highmark Blue Shield.
Enter your ZIP code so we can show you personalized information.