Privacy practices
Michigan Health Insurance understands the importance of keeping your health information private. We follow strict privacy policies in accordance with state and federal law. If you have questions or would like additional information regarding our privacy practices, please call 1-800-731-1320.
HIPAA
The BCBSM/BCN Notice of Privacy Practices (PDF) complies with updated regulations under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Notice of Privacy Practices applies to all Michigan Health Insurance, Michigan Health Insurance Network and Michigan Health Insurance of Michigan members, except for members who get a separate Notice of Privacy Practices from their employer.
Our Notice of Privacy Practices tells you that:
1) We won’t use your protected health information for marketing communications except where the law permits.
2 You have the right to be notified if there’s a security breach that involves your protected health information.
3) We won’t use or disclose genetic information for underwriting purposes.
4) In certain circumstances, you have the right to make a written request for an electronic copy of information that we keep in a designated record set.
5) We won’t use or disclose your protected health information in any way other than those described in our Notice of Privacy Practices unless we have a signed authorization.
HITRUST
Michigan Health Insurance is HITRUST CSF® Certified. The certification covers Electronic Data Interchange system and infrastructure.
HITRUST is an organization that’s responsible for creating and maintaining a comprehensive and flexible framework of prescriptive and scalable security controls in the health care sector, among others. HITRUST CSF Certification is frequently required by organizations that handle sensitive data, including protected health information or PHI.
How we keep your PHI safe
We keep your protected health information, or PHI, safe according to state and federal regulations. We have the following measures in place to protect all verbal, written and electronic PHI:
1) Security and privacy training for all employees
2) Access is limited to business needs
3) Background checks for all employees and contracted staff
4) Verification of callers
5) Required use of headsets during phone calls
6) Voicemail messages that include members’ PHI are erased daily
7) Strong passwords required within the electronic system
8) Passwords are changed frequently
9) Hard drives are encrypted
10) PHI is stored in a locked environment
11) Secured printers that require badge access
12) Employees are trained to be mindful of public conversations so they don’t accidentally disclose any PHI
Privacy Practices For Internet-Based Communications
When you use the internet to communicate with us, we make the following pledge:
1) We consider any and all internet communications as private and confidential unless otherwise clearly stated.
2) We will monitor and audit security controls to ensure that internet privacy protection is maximized at all times.
3) We will publish our internet security and privacy practices as new technologies evolve.
Personal Information Michigan Health Insurance Collects & How It Is Used
Michigan Health Insurance collects information from users of our site. We use personal information to customize your internet transaction. Generally, we do not share with third parties the personal information you supply when conducting transactions on our website. And generally, unless you specifically key in personal information on our website, you browse our website anonymously, which means personal information is not collected. We may collect your personal information, such as name, address, etc., using a secure session when you initially register with us at this website or if you engage in a transaction that requires an electronic signature, for example.
In addition to personal information, we also gather information on the use of our website, including domain name, number of hits, pages visited, length of user session and so forth to evaluate the usefulness of our site.
Protecting Online Interactions
When you use our online services, you may be asked to provide personal information that is necessary for us to process your request. To ensure your transaction remains confidential, the information is sent to us using an encrypted form in a “secure session” established with Secure Socket Layer (SSL). We also require the use of authentication, such as user ID and password, which allows us to verify your identity when you access our online services. We also use firewall technology to safeguard your information from outside access.
Security Tips
1) Choose unique passwords. Don’t use your Social Security number, birth date, middle name, names of spouse or children, or anything else that someone could easily guess as a password.
2) Do not share your user ID and password with anyone else.
3) After you have submitted information online, we recommend that you close your browser before leaving your computer. This practice ensures you are not leaving personally identifiable information on the computer for those who may use it after you. This is especially important if you are using a computer in a public place.
4) Do not leave your computer unattended during an online session.
5) Contact us immediately at 1-800-731-1320 if you suspect that someone has accessed your information online without your authorization.
We do not offer encrypted email. As a result, when our website users send email inquiries to us, the return email address may be used to respond to the email inquiry. We do not use the return email address for any other purpose, nor will we share it with any third parties.
For private inquiries including those containing Protected Health Information, contact Customer Service.
Voluntary Online Customer Surveys
We periodically conduct two types of surveys on our corporate website. General surveys on our site are randomly generated for all users. Specific surveys are offered to Michigan Health Insurance members only within the secure member area.
We encourage you to participate in these surveys because they provide us with important information to improve the services we offer. Your personal information and responses remain strictly confidential. Participation in our surveys is voluntary.
All responses to our surveys are aggregated to create summarized results (such as gender, age or other demographic information). We then use the summarized results to improve the quality of our services to you.
About Cookies
A “cookie” is a piece of information that is sent to your browser along with a web page when you sign-on to a website. It is a unique identifier that a web server places on your computer. There are two types of cookies: (1) session cookies and (2) persistent cookies.
A session cookie is a text string (line of text) that is stored in computer memory temporarily. Session cookies are used to enable a website to track the pages you visit during a session so that information can be customized for you. Once you exit the website, the session cookie is destroyed.
Persistent cookies are small files used by a web server to deliver data to a web client (user); request that the client store the information; and in certain circumstances, return the information to the website. Websites can thus “remember” user information, such as their preferences for a particular website, and allow the use of user passwords. The website may deliver one or more cookies to the client. The client stores cookie data in one or more files on its local hard drive. In most cases the user can control a client browser to allow the use of cookies or disallow their use. Disallowing cookies may negatively impact intended functionality of web pages on this website.
About banner ads
Any site banner ads link you to areas of interest only within our website. We do not show banner ads for external websites.
Links from our site
We have links from our website to a number of different health care-related sites. We provide these links as a courtesy to help you find information. We are not responsible for the performance or content of sites linked from BCBSM.com since they are beyond our control. We recommend you read the privacy statements on the sites you visit to understand their individual privacy practices.
Protecting Children
In compliance with the Children’s Online Privacy Protection Act of 1998 (COPPA), we do not knowingly solicit data from children under 18 years of age and we do not knowingly market to children under 18 years of age.
We recognize that protecting children’s identities and privacy online is important and that the responsibility to do so rests with both the online industry and with parents.
Where to direct questions about our online privacy practices
If you have any questions about our online privacy practices, call 1-800-731-1320.
If you are not a member and have never been a member, but have submitted personal information to us for individual and family coverage and would like it removed from our system, call 1-800-731-1320.