Online Privacy Practices

What is this about?

This information includes what we do to protect your privacy, what you can do to help us and what to do if you have any questions about our privacy practices. 

Privacy practices

Blue Cross Blue Shield of Michigan understands the importance of keeping your health information private. We follow strict privacy policies in accordance with state and federal law. If you have questions or would like additional information regarding our privacy practices, please call 313-225-9000.

Top of page


The BCBSM/BCN Notice of Privacy Practices (PDF) complies with updated regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Notice of Privacy Practices applies to all Blue Cross Blue Shield of Michigan, Blue Care Network and Blue Cross Complete of Michigan members, except for members who get a separate Notice of Privacy Practices from their employer. 

Our Notice of Privacy Practices tells you that:

  • We won’t use your protected health information for marketing communications except where the law permits.
  • You have the right to be notified if there’s a security breach that involves your protected health information.
  • We won’t use or disclose genetic information for underwriting purposes.
  • In certain circumstances, you have the right to make a written request for an electronic copy of information that we keep in a designated record set.
  • We won’t use or disclose your protected health information in any way other than those described in our Notice of Privacy Practices unless we have a signed authorization.

To get more information about your rights under HIPAA, visit our HIPAA compliance page. To get copies of individual rights forms, please visit our Protected Health Information and Privacy Forms page.

Top of page


Blue Cross Blue Shield of Michigan is HITRUST CSF® Certified. The certification covers Electronic Data Interchange system and infrastructure.

HITRUST is an organization that’s responsible for creating and maintaining a comprehensive and flexible framework of prescriptive and scalable security controls in the health care sector, among others. HITRUST CSF Certification is frequently required by organizations that handle sensitive data, including protected health information or PHI.

How we keep your PHI safe

We keep your protected health information, or PHI, safe according to state and federal regulations. We have the following measures in place to protect all verbal, written and electronic PHI: 

  • Security and privacy training for all employees
  • Access is limited to business needs
  • Background checks for all employees and contracted staff
  • Verification of callers 
  • Required use of headsets during phone calls
  • Voicemail messages that include members’ PHI are erased daily
  • Strong passwords required within the electronic system
  • Passwords are changed frequently
  • Hard drives are encrypted
  • PHI is stored in a locked environment
  • Secured printers that require badge access
  • Employees are trained to be mindful of public conversations so they don't accidentally disclose any PHI

Top of page

Privacy practices for internet-based communications

When you use the internet to communicate with us, we make the following pledge:

  • We consider any and all internet communications as private and confidential unless otherwise clearly stated.
  • We will monitor and audit security controls to ensure that internet privacy protection is maximized at all times.
  • We will publish our internet security and privacy practices as new technologies evolve.

Top of page

Personal information Blue Cross collects and how it is used

Blue Cross collects information from users of our site. We use personal information to customize your internet transaction. Generally, we do not share with third parties the personal information you supply when conducting transactions on our website. And generally, unless you specifically key in personal information on our website, you browse our website anonymously, which means personal information is not collected. We may collect your personal information, such as name, address, etc., using a secure session when you initially register with us at this website or if you engage in a transaction that requires an electronic signature, for example.

In addition to personal information, we also gather information on the use of our website, including domain name, number of hits, pages visited, length of user session and so forth to evaluate the usefulness of our site.

Top of page

Protecting online interactions

When you use our online services, you may be asked to provide personal information that is necessary for us to process your request. To ensure your transaction remains confidential, the information is sent to us using an encrypted form in a "secure session" established with Secure Socket Layer (SSL). We also require the use of authentication, such as user ID and password, which allows us to verify your identity when you access our online services. We also use firewall technology to safeguard your information from outside access.

Security tips

  • Choose unique passwords. Don't use your Social Security number, birth date, middle name, names of spouse or children, or anything else that someone could easily guess as a password.
  • Do not share your user ID and password with anyone else.
  • After you have submitted information online, we recommend that you close your browser before leaving your computer. This practice ensures you are not leaving personally identifiable information on the computer for those who may use it after you. This is especially important if you are using a computer in a public place.
  • Do not leave your computer unattended during an online session.
  • Contact us immediately at 1-888-417-3479 if you suspect that someone has accessed your information online without your authorization.


We do not offer encrypted email. As a result, when our website users send email inquiries to us, the return email address may be used to respond to the email inquiry. We do not use the return email address for any other purpose, nor will we share it with any third parties.

For private inquiries including those containing Protected Health Information, contact Customer Service.

Top of page

Voluntary online customer surveys

We periodically conduct two types of surveys on our corporate website. General surveys on our site are randomly generated for all users. Specific surveys are offered to Blue Cross Blue Shield of Michigan members only within the secure member area.

We encourage you to participate in these surveys because they provide us with important information to improve the services we offer. Your personal information and responses remain strictly confidential. Participation in our surveys is voluntary.
All responses to our surveys are aggregated to create summarized results (such as gender, age or other demographic information). We then use the summarized results to improve the quality of our services to you.

Top of page

About cookies

A "cookie" is a piece of information that is sent to your browser along with a web page when you sign-on to a website. It is a unique identifier that a web server places on your computer. There are two types of cookies: (1) session cookies and (2) persistent cookies.

A session cookie is a text string (line of text) that is stored in computer memory temporarily. Session cookies are used to enable a website to track the pages you visit during a session so that information can be customized for you. Once you exit the website, the session cookie is destroyed.

Persistent cookies are small files used by a web server to deliver data to a web client (user); request that the client store the information; and in certain circumstances, return the information to the website. Websites can thus "remember" user information, such as their preferences for a particular website, and allow the use of user passwords. The website may deliver one or more cookies to the client. The client stores cookie data in one or more files on its local hard drive. In most cases the user can control a client browser to allow the use of cookies or disallow their use. Disallowing cookies may negatively impact intended functionality of web pages on this website.

Top of page

About banner ads

Any site banner ads link you to areas of interest only within our website. We do not show banner ads for external websites.

Top of page

Links from our site

We have links from our website to a number of different health care-related sites. We provide these links as a courtesy to help you find information. We are not responsible for the performance or content of sites linked from since they are beyond our control. We recommend you read the privacy statements on the sites you visit to understand their individual privacy practices.

Top of page

Protecting children

In compliance with the Children's Online Privacy Protection Act of 1998 (COPPA), we do not knowingly solicit data from children under 18 years of age and we do not knowingly market to children under 18 years of age.

We recognize that protecting children's identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.

Top of page

Where to direct questions about our online privacy practices

If you have any questions about our online privacy practices, call 313-225-9000. 

If you are not a member and have never been a member, but have submitted personal information to us for individual and family coverage and would like it removed from our system, call 313-225-9000.

Top of page

Revisions to online privacy practices

We reserve the right to revise, amend or modify our online privacy practices at any time and in any manner. 

Top of page