Important information about the Change Healthcare privacy incident

Learn more about the Change Healthcare privacy incident here.

View in the
MyBlue App

View
View

PRIVACY

Effective Date:

Our goal is to maintain your trust and confidence when handling personal information about you. This Privacy Policy describes the types of information we collect on the Sites, how we use such information and to whom and under what circumstances we may disclose it. This Privacy Policy applies only to this website (www.bluecrossma.org), our mobile sites, and our use of social media sites (collectively, the “Sites”), and any other personal information obtained when you call, email, or otherwise communicate with Blue Cross Blue Shield of Massachusetts. By accessing the Sites on any computer, mobile phone, tablet, or other device, or otherwise interacting with Blue Cross Blue Shield of Massachusetts, you agree to the terms of this Privacy Policy. If you do not agree to the policy, please do not use the Sites.

We may modify this Privacy Policy at any time, and will post the current version on the Sites. We encourage you to periodically review our Privacy Policy to stay informed about how we are using the information we collect.

Collection of information

When you visit the Sites, we may collect information such as IP address, geographic location, Internet service provider, MAC address, browser type, operating system, device-identifying information, the specific web pages visited during your connection, and the domain name from which you accessed the Sites. In addition, we may collect information about your browsing behavior, such as the date and time you visit the Sites, the areas or pages of the Sites that you visit, the amount of time you spend viewing the Sites, the number of times you return to the Sites and other clickstream data.

Please note that personal information that has been properly deidentified and/or aggregated is not personal information, and not subject to this Privacy Policy. We may use such information statistical analysis, research, and other purposes.

We use "cookie" technology to collect site statistical information and improve your customer experience. Cookies set by Blue Cross Blue Shield of Massachusetts don't capture any personally identifiable information, such as your individual email address. See below for further explanation about cookies.

We automatically collect some statistical data as you browse our websites. For example, we automatically collect your Internet protocol (IP) address used to connect your computer to the Internet, browser type and version, operating system and platform, average time spent on our site, pages viewed, information searched for, access times, clickstream data, and other relevant information about your online experience. The information we collect is used to help us improve the design of and access to the website and other uses not prohibited by law.

Use of information

If you choose to provide us with personal information over the Internet, such as by registering for a personalized account or online program or signing up for emails from Blue Cross Blue Shield of Massachusetts, we collect the information that you provide to us. We use this information when you register with us over the Internet to maintain, improve, and administer our website, operate our business, provide products and services you request, administer your account, inform you about products and services that might be of interest to you, and personalize your online experience. With the information we collect, we can:

  • Recognize you when you return to our site so we can personalize your experience
  • Process applications and transactions
  • Respond to your requests
  • Provide you relevant product and service offers on our site
  • Review Site usage and operations
  • Address problems with the Sites, our business or our services
  • Protect the security or integrity of the Sites and our business
  • Monitor the Sites for compliance with our Terms of Use and the law
  • Contact you with Site updates, newsletters and other informational and promotional materials

To carry out certain business functions, we sometimes hire other companies to perform services on our behalf. We may disclose personal information, such as the email address you have supplied when registering, to these companies to enable them to perform these services, but they're required to safeguard this data and are generally not authorized to use it for any other purpose than completing their contractual requirements to Blue Cross Blue Shield of Massachusetts.

We don't share, sell, or otherwise distribute your information with entities outside of Blue Cross Blue Shield of Massachusetts who may want to market to you their own products and services. Blue Cross Blue Shield of Massachusetts uses your information to process applications, complete transactions, respond to your requests, deliver the products and services in which you enroll or for which you apply, and also to notify you of information, updates, or special offers, that we think may interest you. We also use your information to provide you with a more effective experience while on our website. To do this, we may process your information or combine it with other publicly available information. This enables us to customize your Blue Cross Blue Shield of Massachusetts experience.

A copy of Our Commitment to Confidentiality is available for your review. This Commitment to Confidentiality details the privacy policies of Blue Cross Blue Shield of Massachusetts with respect to its members. We recognize that some users of our websites may not be Blue Cross Blue Shield of Massachusetts members. Personal health information that we receive about our members is always treated in the manner described in this document.

Una copia de Nuestro Compromiso a la Confidencialidad está disponible para su revisión.

Disclosure of information

We may disclose information collected from and about you as follows: (1) to our related companies and service providers, including marketing and advertising partners, to perform a business, marketing, professional or technical support function for us; (2) as necessary if we believe that there has been a violation of the Site Terms of Use or of our rights or the rights of any third party; (3) to respond to legal process (such as a search warrant, subpoena or court order) and provide information to law enforcement agencies or in connection with an investigation on matters related to public safety, as permitted by law, or otherwise as required by law; and (4) in the event that our company or substantially all of its assets are acquired, your personal information may be one of the transferred assets. We may also disclose your personal information with your express consent. We may share aggregated, non-personally identifiable information about Site users with third parties.

Please note that if you voluntarily submit any personal information for posting on the Sites, the information becomes publicly available and can be collected and used by others, so you should use care before posting information about yourself online.

Targeted Advertising

When you use our online services, we (and our vendors) may collect information about your activities so that we can provide you with advertising tailored to your interests. Because we utilize advertising (“ad”) networks, such as Google and Microsoft, you may see certain ads on other websites. Ad networks allow us to target the information we send you based on your interests and other information related to you. These ad networks track your online activities over time by collecting personal information through use of cookies, web beacons, pixels, and other technologies. See below for further information about our cookie usage.

The ad networks use this information to show you advertisements that may be of particular interest to you, based on past visits to our Sites. The ad networks we utilize may collect information about your visits to websites that also take part in the relevant ad network, such as the pages or advertisements you view and how you use the websites. We use this information, both on our online services and on third-party websites that take part in the ad networks, to provide you with advertising tailored to you, and to help us assess how effective our marketing is.

Sharing/selling of information

Blue Cross Blue Shield of Massachusetts doesn't sell or share personal information outside of Blue Cross Blue Shield of Massachusetts except as permitted by law and described in this policy or as specifically authorized by you.

Cookies and Clear GIFs

"Cookies" are small files that are stored by your web browser to help a particular system recognize you and the pages you visited in a website. "Clear GIFs" (also sometimes called pixels or web beacons) are tiny graphics with a unique identifier, similar in function to cookies, that are used to track the online movements of website users. The main difference between the two is that clear gifs are invisible on the page and are much smaller than cookies. This website may use cookies and clear GIFs to make your online experience more convenient. Additionally, this website may use data from cookies and clear GIFs for a variety of internal purposes, such as studying how users navigate this website. We may use cookies and clear GIFs to: (1) allow you to use the Sites without having to re-enter your user name and password; (2) enhance or personalize your Site usage and experience; (3) monitor Site usage; (4) manage the Sites; and (5) improve the Sites and our products and services, including providing you with interest-based ads.

Third-party vendors, including Google and Microsoft, may use cookies and/or device identifiers to serve ads based on your past visits to our Sites. Alternatively, you can opt out of a third-party vendor's use of cookies by visiting the Network Advertising Initiative opt-out page or control the use of device identifiers by using your device’s settings. For more information on the privacy practices of certain vendors with whom we may work, including opportunities to opt-out and control ads, please review the following:

If you choose, you may be able to set your browser to reject cookies or you can manually delete individual cookies or all of the cookies on your computer by following your browser’s help file directions. However, if your browser is set to reject cookies or you manually delete cookies, you may have some trouble accessing and using some of the pages and features that are currently on our Sites, or that we may put on our Sites in the future. Note that browser-management tools for cookies are outside of our control and we cannot guarantee their effectiveness. We may combine the information we collect through cookies, web beacons, pixels, or other technology tools with other information we have collected from you or information from other sources. Even without a cookie, you can still use most of the features on this website. To sign in and securely use the portal, you'll need to enable cookies on your browser.

The Sites may use third-party web analytics services to track and analyze anonymous usage and volume statistical information from visitors to help the administration of the Sites, improve the Sites’ performance, and to report website traffic. These web analytics services use cookies, clear gifs, and other web monitoring technologies to help track visitor behavior on behalf of the Sites. These services don't use these technologies to collect any personally identifiable information from the Sites’ visitors.

Your rights regarding your personal information

You may update or change your personal information by contacting us as described below under “Contact Us.” Depending on the state or jurisdiction in which you reside, you may also have additional rights which may include the following:

  • The right to request access to your personal information and obtain a copy of your personal information.
  • The right to request correction of your personal information if it is incomplete or inaccurate.
  • The right to request transfer of your personal information to another party.

If you wish to exercise any of the rights set out above, please contact us as described below under “Contact Us.”

Confidentiality and registration

We have combined state-of-the-art technology with industry best practices in order to provide security for transactions on bluecrossma.com. You can use your User Name and Password to access several online features. To further protect your privacy, some features require a one-time activation of a personal identification number (PIN) that we assign and mail to you when you register for our website. This makes it more difficult for anyone to access your account without authorization. You'll receive the PIN in the mail three to five business days after you register.

When you register with us, your information is stored in a secure server environment and is protected behind a firewall. The information that is transmitted back and forth is scrambled with the aid of encryption technology. Because of this, we require that your browser be capable of supporting 128-bit encryption. When you're accessing pages on bluecrossma.com, you can tell if you're in a secure area by looking for the padlock symbol at the bottom of your browser window.

As Blue Cross Blue Shield of Massachusetts continues to introduce new functionality to this website, including email capabilities, additional features and other safeguards will be introduced to further enhance privacy and security.

Visitors from Outside the United States – Cross-Border Transfer

The Sites are hosted and operated in the United States. If you are visiting the Sites from outside the United States, your information may be transferred to, stored and processed in the United States in accordance with this Privacy Policy. The data protection and other applicable laws of the United States may not be as comprehensive as those laws or regulations in your country or may otherwise differ from the data protection or consumer protection laws in your country. Your information may be available to government authorities under lawful orders and law applicable in such jurisdictions. By using the Sites and/or providing personal information to us, you consent to transfer of your information to our facilities as described in this Privacy Policy.

Security

We maintain reasonable and appropriate measures designed to maintain information we collect in a secure manner. We have taken certain physical, electronic, and administrative steps to safeguard and secure the information we collect from visitors to the Sites. Even though we follow reasonable procedures to try to protect the information in our possession, no security system is perfect and we cannot promise, and you should not expect, that your information will be secure in all circumstances.

Children’s Privacy

Blue Cross Blue Shield of Massachusetts does not knowingly collect information from children under the age of 13 and does not have actual knowledge about selling or sharing personal information of consumers under the age of 16. If you become aware that your child or any child under your care has provided us with information without your consent, please contact us as described below.

Links to other internet sites

This site also includes links to other Internet sites. These links are provided as a convenience only. Blue Cross Blue Shield of Massachusetts doesn't endorse the products or any of the views expressed in these other sites. Nor does Blue Cross Blue Shield of Massachusetts warrant the accuracy of any of the information in these other sites. The sites are owned and controlled by other parties, and each will have its own privacy and security policies, which may differ from those of Blue Cross Blue Shield of Massachusetts. We are not responsible for the activities and practices that take place on these websites. Accordingly, we recommend that you review the privacy policy posted on any external site before disclosing any personal information. Please contact those websites directly if you have any questions about their privacy policies. Your access to and use of any other Internet sites, including the information, services, products, and materials on them, is solely at your own risk.

Changes to this Privacy Policy

We may change this privacy policy from time to time, including as required to keep current with rules and regulations, new technologies and security standards. When we do, we will post the change(s) on our Sites. If we change the policy in a material and retroactive manner, we will provide appropriate notice to you.

Contact Us

If you have questions or concerns about this Privacy Policy or how we collect and use personal information, you may contact us by calling us at 1-800-262-2583calling us at, emailing us at [email protected], and/or by writing to us at 101 Huntington Avenue, Suite 1300, Boston, MA 02199. Suspected privacy violation:

Security measures

Protect your passwords

Make your passwords as obscure or abstract as possible. Avoid obvious numbers and words, such as a maiden name, birth date, or an anniversary, which would be easy to guess. Never give your passwords to anyone, including family or friends.

Don't email personal or health data

Most email isn't secure or encrypted and shouldn't be trusted to send personal or financial information. Email you send from within MyBlue (after you have signed in) on bluecrossma.com, however, is encrypted. This is the most secure way to contact us online. Otherwise, you can call to speak to a representative.

Steps Blue Cross Blue Shield is taking to protect you

  • Customer access to account information
    No matter how you contact Blue Cross Blue Shield of Massachusetts—online, or by phone—we verify your identity before granting you access to your information.
  • Timed sign-off
    bluecrossma.com automatically signs you off after an extended period of inactivity. This reduces the risk that others could access your information from your unattended computer.
  • Firewalls
    To block unauthorized access, all our computer systems are protected by firewalls, electronic barriers that prevent unauthorized access to our networks.

Encryption

Blue Cross Blue Shield of Massachusetts employs some of the strongest methods of encryption commercially available today. All online activity involving personal or sensitive information is encrypted from the point it leaves your computer until it enters our systems. For your     general online security, be sure you see the letter "s" at the end of "https" at the beginning of the URL address before entering any sensitive information, indicating the site is secure (e.g., "https://www.bluecrossma.com"). Similarly, another indication that a website is secure is a padlock icon in the lower right corner of your browser.

 

Phishing

Protect yourself from phishing scams

Phishing is the mass emailing of messages that falsely claim to come from a legitimate business. These messages often provide links to phony websites, where you're asked to supply personal information such as passwords, credit card numbers, Social Security numbers, or bank account numbers.

Finally, know that Blue Cross Blue Shield of Massachusetts will never email you requesting that you confirm your personal information or password.

Never enter personal information unless you're sure the website is legitimate. You should also be certain the site is encrypted. Look for the letter "s" at the end of "https" at the beginning of the URL address. An example of such a URL address is "https://www.bluecrossma.com." This ensures that the site is running in secure mode.

How to recognize phishing email

Phishing messages have evolved drastically over the last year, and they're often difficult to recognize. The creators now incorporate realistic company logos and graphics, provide links to the real company's privacy policies, and even include "legal disclaimer language" at the bottom. To help determine if email is part of a phishing scam, ask yourself the following:

  • Do I have a relationship with this company?
  • Would I expect this company to contact me this way?
  • Would I expect this company to use this tone or make this request?

If you're at all unsure, contact the company by phone.

How to protect yourself from malware and viruses

Common types of malware are:

Spyware

Software that may be installed on a computer without the user's consent to monitor use, send pop-up ads, redirect a computer to certain websites, or record keystrokes, which could lead to identity theft.

Trojans

Software disguised to perform one legitimate action, but actually performs another often malicious one such as enabling unauthorized people to access the affected computer through a backdoor and sometimes to send spam from it.

Viruses

A program that is attached to a file or program so it can spread from one computer to another often without the user's knowledge — often through an email attachment. Some viruses are programmed to be extremely damaging, while others are programmed to have annoying effects.

Steps you can take to protect yourself from these types of dangers are:

  • Create a hard-to-guess password and make it unique
  • Change your password periodically
  • Keep your browser and Operating System up to date
  • Update your anti-virus software regularly
  • Use a personal firewall

Update on the Shellshock Bash software vulnerability

We're aware of the recent vulnerability from the Shellshock Bash software bug. Our analysis shows that no data has been compromised due to this vulnerability. We'll continue to monitor all of our systems and take this threat seriously. The security and privacy of your data is of the utmost importance to us.

Unsupported applications

For security reasons to guard the safety of your data, access to this website is limited to SSL-capable browsers such as:

Under no circumstance should you use any software, program, application or any other device to access or sign-in to this website, or to automate the process of obtaining, downloading, transferring or transmitting any content to or from our computer systems, website or proprietary software.

Browsers and security

Any time you enter or provide personal information on this website, it's encrypted using Secure Socket Layer ("SSL") technology. SSL protects information as it crosses the Internet. To support this technology, you need an SSL- capable browser. It's recommended that you use a strong encryption, 128-bit browser such as Microsoft's Internet Explorer 9 or higher, or Firefox 4 or higher. These browsers will activate SSL automatically whenever you begin shopping for a plan on this website and when you return to this website to complete an application.

You can tell if you're visiting a secure area within a website by looking at the symbol on the bottom of your browser screen. If you're using Internet Explorer, Firefox, or Chrome, you'll see either a lock or a key. When the padlock is in the locked position, your session connection is taking place via a secure server.

If you need a strong encryption browser please download one of the following browsers:

The use of beta browser versions isn't recommended.

Links to other internet sites

This site also includes links to other Internet sites. These links are provided as a convenience only. Blue Cross Blue Shield of Massachusetts doesn't endorse the products or any of the views expressed in these other sites. Nor does  Blue Cross Blue Shield of Massachusetts warrant the accuracy of any of the information in these other sites. The sites are owned and controlled by other parties and each will have its own privacy and security policies, which may differ from those of Blue Cross Blue Shield of Massachusetts. Your access to and use of any other Internet sites, including the information, services, products, and materials on them, is solely at your own risk.