Web & Mobile Privacy Policy

This Website and Mobile Privacy Policy (“Privacy Policy”) tells you how Excellus BlueCross BlueShield, and its affiliates and subsidiaries (“Excellus,” “us” or “we”) collects and uses your information when visiting our website(s), including www.excellusbcbs.com, and mobile applications (“Website”). By using our Website you consent to this Privacy Policy.

This Privacy Policy is governed also by our Terms of Use, which is also available on our Website. By using our Website you consent to the Terms of Use.

  1. Information We Collect About You
    For us to operate our Website and in order for you to access certain services and restricted areas within our Website, or to respond to specific inquiries, Excellus BlueCross BlueShield may collect the following types of information: (A) Information You Provide To Us, (B) Information We Automatically Collect, and (C) Information We Receive From Third Parties. All of the information listed in (A)-(C) above, are detailed below, and hereinafter referred to as “Information.”
     
    1. Information You Provide To Us
      In using our Website, you may provide us with Information, including, without limitation, your legal name, address, telephone number, email address, subscriber name or "screen name," and password used to access the services. We may also collect the email addresses of visitors that communicate with us via email; information provided by the visitor in online forums, registration forms, surveys, email messages, and other digital online features (including demographic and personal profile data). For certain products, we may allow certain members to pay their premiums online through a third-party website or mobile application. If you are eligible for, and choose to use, this feature, payment information, e.g. credit or debit card or bank account information, will be collected and transmitted by a third-party vendor for the sole purpose of processing your premium payments. The payment vendor is responsible for securely using and storing such credit or debit card or bank account information and for limiting access to this information to authorized users.
       
    2. Information We Automatically Collect
      Excellus BlueCross BlueShield also collects information about you from your visit to our Website including:
      • IP address;
      • Your geographic location;
      • Date and time of your visit;
      • Domain server;
      • Type of computer, web browsers, search engine used, operating system, or platform you use or web browser;
      • Data identifying the web pages you visited prior to and after visiting our Website; and/or
      • Your movement and activity within the Website, which is aggregated with other information.

      We use a few different technologies to collect this information:
       
      1. "Cookies" are small digital files that are transferred to your computer or smartphone's hard drive when you visit a website or click on a URL. Cookies allow us to operate and personalize the Website, assist with functionality of the website, to track your usage, and to deliver targeted advertisements to you. "Session Variables" are similar to Cookies except that they remain on our servers and are not transferred to your computer or smartphone. Usage of a Cookie or Session Variable is in no way linked to your name or address. Once you close your Web browser, the Cookie or Session Variable simply terminates. If you reject the Cookie or Session Variable, you may still use the Website.
        • Most web browsers automatically accept cookies, unless you have configured yours not to accept them. You can program your browser not to accept cookies, but if you do, you may not be able to use certain portions of the Website and the Website will not be able to customize certain functions according to your preferences.
        • Cookies are placed on the Website, but executed by third parties such as Google, Bing, Facebook, LinkedIn, and other ad networks. For more information about third party cookies and related advertising and how to opt-out of these practices with companies participating in industry self-regulation, please visit About Ads at http://optout.aboutads.info/ or the Network Advertising Initiative at http://optout.networkadvertising.org.
      2. “Web Beacons/Pixels” are graphic images or web programming code that may be included on the Website to help us count visitors to the Website, monitor how you navigate the Website or to count how many particular articles or links posted on the Website were actually viewed.
        • Our Website uses retargeting pixels from Google, Facebook and other ad networks. Please visit their websites for their privacy policies and consent and opt-out mechanisms, or visit sites that may help block ad tracking, such as About Ads at http://optout.aboutads.info/
      3. “Analytics” are tools we use, such as Ion Interactive and Google Analytics to help provide us with information about traffic to our Website. These services use the data collected to track and monitor the use of our Website, which it shares with other services and websites who use the collected data to contextualize and personalize the ads of its own advertising network.
      4. “Mobile Applications” and other mobile devices may provide certain device information if you access the Website through a mobile device, this may include information about your device, your phone number, and your physical location. You may opt-out of tracking and receiving tailored advertisements on your mobile device by some mobile advertising companies and other similar entities by downloading the App Choices app at www.aboutads.info/appchoices.
         
      We, or third party companies with whom we collaborate or hire to perform services on our behalf, may use your Information to provide you with information that we believe may be useful to you, such as information about health products or services provided by or through us through permissible targeted advertisements. You may opt-out of receiving permissible targeted advertisements by visiting the Network Advertising Initiative at http://optout.networkadvertising.org.

      Some users engage a Do Not Track (DNT) setting to indicate a preference regarding tracking by advertisers and other parties. We do not respond to DNT signals.
       
    3. Information We Receive From Third Parties
      We may collect additional Information about you from third party websites, or sources providing publicly available information, to help maintain and support your account. We reserve the right to request any additional information necessary to establish and maintain your account for use of the services and access to the restricted areas.
       
    4. Information We Receive from Your Health Care Providers and Other Sources:
      In connection with services that involve medical diagnosis and treatment, we may collect health care records from your past, current, and future health care providers. This may include information about your diagnosis, previous treatments, general health, laboratory and pathology test results and reports, social histories, any family history of illness, and records phone calls and emails related to your health status contained in your health care records.
       
  2. How We Use the Information
    We use and process your Information above for things that may include, but are not limited to, the following:
    • To administer health care benefits and for our health care operations. For example:
      • decide claim payment by asking you and/or your health care provider(s) for necessary information about services, or treatment;
      • work with other insurers to decide coverage;
      • bill for premiums which may include looking at your claim history;
      • answer customer and provider questions about benefits, enrollment and claims;
      • monitor quality of care and service to our customers which may include case management, and
      • perform utilization and cost containment review activities.
    • Foster product development and research;
    • Provide you information about enrollment and our services;
    • To respond to your questions and inquiries;
    • Communicate with you via email, text, Social Media Platforms, chat rooms, about information we believe you would be interested in and/or regarding our services, provided that you have not already opted-out of receiving such communications;
    • Improve our Website and address any technical issues;
    • Provide targeted advertisements to you;
    • Analyze the use of the Website to improve our service offerings and produce anonymous or aggregated data and statistics that might help third parties develop their own products and service offerings;
    • Customize the Website for your interests;
    • Create an account;
    • Provider customer services;
    • To the extent applicable, for processing your premium payments;
    • Comply with our Terms and Conditions of Use (which is available on our Website);
    • Comply with any applicable laws and regulations and respond to lawful requests; and
    • For any other purposes disclosed to you at the time we collect your Information or pursuant to your consent.

    We handle your Information to help further what we believe are our legitimate interests in commercial activities that are not overridden by the interest or fundamental rights and freedoms of the individuals at issue. We also may need to use and disclose your Information to comply with our legal obligations. For example, we may provide your Information to government officials and agencies as required by law, and our affiliates as part of business operations. When required by law, and in some other cases, we process the Information after obtaining consent from the individual.
     
  3. How Long We Keep Your Information
    We generally keep Information, consistent with any applicable legal requirements. To dispose of Information, we may anonymize it, delete it, or take other appropriate steps. Data may persist in copies made for backup and business continuity purposes for an additional period of time.
     
  4. Sharing Your Information
    We may share your Information in a few ways.

    1. Aggregated Information
      We reserve the right to disclose to third parties’ Information about usage of our Website and any related services, including Information gathered during your use of the Website. Any Information disclosed for this purpose will be in the form of aggregated data (such as overall patterns or demographic reports) that does not describe or identify any individual user.
       
    2. Third Party Vendors
      We may work with other companies to help us conduct our business and require that they only use your Information for the services contracted. For example, we may contract with:
      • benefits management companies for paying claims;
      • health care provider groups to assess quality and cost containment;
      • print, electronic or mail services for permissible marketing communications, advertising, customer communications and surveys;
      • audit or consulting firms for validating the integrity of our processes;
      • state and federal agencies as required by law;
      • other BlueCross BlueShield plans;
      • marketing service companies;
      • data processing parties; and
      • other business services.

      By using our Website you consent to our use of such companies for processing your Information. However, such companies will not be authorized by us to use your Information for any other purpose.
       
    3. Disclosure Information for Legal and Administrative Reasons
      We may disclose your Information without notice: (i) when required by law or to comply with a court order, subpoena, search warrant or other legal process; (ii) to cooperate in investigations of fraud, intellectual property infringement or any other activity that is illegal or may expose us or you to legal liability; (iii) to comply with legal, regulatory or administrative requirements of governmental authorities (including, without limitation, requests from the governmental agency authorities to view your Information); (iv) to protect and defend the rights, property or safety of us, our subsidiaries and affiliates and any of their officers, directors, employees, attorneys, agents, contractors and partners, and the Website’s users; (v) to enforce or apply the Website’s Terms and Conditions of Use; and (iv) to verify the identity of the Website’s users.
       
    4. Business Transfers
      Your Information may be transferred, sold or otherwise conveyed to a third party where we: (i) merge with or are acquired by another business entity; (ii) sell all or substantially all of our assets; (iii) are adjudicated bankrupt or (iv) are liquidated or otherwise reorganize. You consent to any and all such conveyances of your Information.
       
    5. Protected Health Information
      We may transfer your Protected Health Information (“PHI”) as described in the Notice of Privacy Practices and permitted under federal HIPAA regulations and applicable state law.
       
  5. Third Party Websites
    This Privacy Policy does not apply to any information that you may provide to unaffiliated third parties, for example, other websites linked to this Website with whom we do not have a relationship. If you access our Website from a third party website (“Third Party Website”), you may be required to also read and accept the terms and conditions and privacy policy of that Third Party Website. We are not responsible for the privacy and security practices of those websites and you should contact such third parties directly to determine their respective privacy policies. Links to any other Third-Party Websites or content do not constitute or imply an endorsement or recommendation by us of the linked website or content. This Privacy Policy does not apply to any Information that you may provide to other websites linked to our Website.
     
  6. Our Right to Contact You
    We may contact Website visitors regarding account status and changes to the subscriber agreement, privacy statement, or any other policies or agreements relevant to site visitors and for marketing and advertising purposes. You agree that we may contact you by way of text, email, or telephone.
     
  7. Right to Change This Privacy Policy
    If we alter our Privacy Policy, we will post those changes here in a timely manner so you can be aware of changes that may affect you. Any change to this Privacy Policy shall be effective as to any visitor that has accepted the Excellus BlueCross BlueShield Website Terms and Conditions before the change was made.
     
  8. Children
    The Website is not intended for children under the age of eighteen (18). Minors who are enrolled in our insurance plans are only permitted to access the Website with a legal guardian. We will not knowingly collect or use any Information regarding a user under the age of eighteen (18) without the consent of a parent or legal guardian. If you believe that we have unintentionally collected Information about those under the age of eighteen (18), please contact us at our Web Security Help Desk.
     
  9. Confidentiality and Security

    1. Policies
      It is our policy to take steps to keep Information about you confidential, including but not limited to:
      1. our employees sign an agreement to follow our Code of Business Conduct;
      2. we have a security coordinator to detect and prevent security breaches;
      3. all computer systems that contain personal information have security protections; and
      4. we check provider offices to ensure that medical records are kept in secure locations.

       
    2. No Absolute Security of Information Transmitted Via the Internet
      We have implemented security features to help prevent the unauthorized release of or access to personal information that has been received via the Website. Please be advised, however, that the confidentiality of any communication, information or other material transmitted to or from Excellus BlueCross BlueShield via web, mobile, or e-mail cannot be guaranteed. Accordingly, Excellus BlueCross BlueShield is not responsible for the security or confidentiality of information being transmitted via the Internet, the World Wide Web, mobile applications, or other global computer networks. Excellus BlueCross BlueShield will have no liability for disclosures of Personally Identifiable Information due to errors in transmission or unauthorized acts of third parties. We do not guarantee that your Information will not be misused or disclosed to third parties. We will not have any liability for misuse or disclosure of your Information. If you believe that your username or password to your account profile has been stolen, you are required to notify us so that necessary measures can be taken immediately by contacting us at our Web Security Help Desk.
       
    3. Protection of Member Health Information
      If you are a member of Excellus BlueCross BlueShield (and not someone visiting our Website only for informational purposes), then it is possible that you may also provide us with Information that constitutes health information protected by the Health Insurance Portability and Accountability Act of 1996 ("HIPAA"). Excellus BlueCross BlueShield is a Covered Entity under HIPAA. Accordingly, Excellus BlueCross BlueShield is covered by (and complies with) HIPAA regulations regarding the use and disclosure of members' health information for each health plan. Our Notice of Privacy Practices explains how we may use and disclose health information to carry out payment and health care operations and for other purposes that are permitted or required by law. "Health information" that is protected under HIPAA by health plans ("Protected Health Information") generally includes claims information and any other information that relates to an individual's past, present or future physical or mental health.This Privacy Policy applies to individually identifiable information that you provide to us for purposes of requesting medical care through the Website (“PHI”), and Information that is not PHI. The handling, use, and disclosure of PHI is described in our Notice of Privacy Practices but does not apply to information that is not PHI. This Privacy Policy supplements the Notice of Privacy Practices for PHI. If there is any conflict between this Privacy Policy and the Notice of Privacy Practices, the Notice of Privacy Practices will apply for PHI.
       
  10. Consent to Transfer
    The Website is operated in the United States. If you are located outside of the United States, please be aware that Information we collect will be transferred to and processed in the United States. By using the Website, or providing us with any Information, you consent to this transfer, processing and storage of your Information in the United States, a jurisdiction in which the privacy laws may not be as comprehensive as those in the country where you reside and/or are a citizen. Portions of our site may be supported by a network of computers or cloud based servers in other jurisdictions. We do not represent that our Website is appropriate or available in any particular jurisdiction.
     
  11. Accessing and Updating Your Information
    If you believe that any Information collected and maintained by us about you is not correct or has changed, please send an e-mail message to our Web Security Help Desk explaining the correction or change. We also may provide web pages or other mechanisms through which you can correct or update the Information we have collected and maintained.

    In accordance with our routine record keeping, we may delete certain records that contain Information you have submitted through the Website. We are under no obligation to store such Information indefinitely and disclaim any liability arising out of, or related to, the destruction of such Information.

    Even if you ask us to delete your Information, we may need to retain some Information about you in order to satisfy our legal and security obligations. In addition, you should be aware that it is not always possible to completely remove or delete all of your Information from our databases without some residual data because of backups and other reasons.

    We provide users with the ability to opt-out of receiving marketing and other communications from us, and to update, supplement, or delete Information we have about them.

    To the extent certain data protection laws apply and we hold your Information in our capacity as a data controller as defined under those laws, you may request that we:
    • Restrict the way that we process and disclose your Information;
    • Transfer your Information to a third party;
    • Revoke your consent for processing of your Information;
    • Provide you with access to your Information;
    • Remove your Information if no longer necessary for the purposes collected;
    • Prevent the processing of your Information for direct-marketing purposes;
    • Update your Information so it is correct and not out of date;
    • Object to our processing of your Information;
    • Withdraw the consent you have given us to use your Information.

    To make these requests please send an email to our Web Security Help Desk or call 1-800-278-1247.

    The requests above will be considered and responded to in the time-period stated by applicable law. Note, certain Information may be exempt from such requests. We may require additional information from you to confirm your identity in responding to such requests. You have the right to lodge a complaint with the authorities applicable to you and your situation, although we invite you to contact us with any concern as we would be happy to try and resolve it directly. Please contact us at: our Web Security Help Desk, write us at 333 Butternut Drive, Syracuse, NY 13214-1803, or call us at 1-800-278-1247.
     
  12. Questions and Additional Information
    Questions regarding Excellus BlueCross BlueShield's privacy policy may be directed to the Excellus BlueCross BlueShield Web Security Help Desk via postal mail:

    Excellus BlueCross BlueShield Web Security Help Desk
    Re: Website Privacy Policy
    333 Butternut Drive
    Syracuse, NY 13214-1803

    Call us at: 1-800-278-1247.

    Or follow this link to email our Web Security Help Desk

Last updated: May 13, 2019

 

GDPR Notification Content