Privacy

A padlock

Anthem Privacy Policies

Your privacy is a major priority to Anthem, and we take great care to protect your information. Our Privacy Policy describes the ways in which we gather and protect information, and what choices you have to control your information. To update how you receive your information, you can call Member Services or log in to your account, go to "Profile," and "Communication Preferences."

Questions
If you have questions regarding this policy or if you would like to review or change any of your information we have on file, please call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.

Key hanging from a key ring

Personally Identifiable Information Privacy Protection Policy

Various privacy laws and regulations can differ slightly on how they refer to your information. Throughout the notices on this page, information about you may be referred to as “Personally Identifiable Information” (“PII”), “Protected Health Information” (“PHI”), or as “Personal Information” (“PI”). Anthem is committed to protecting all of your sensitive information in accordance with applicable laws and regulations.

Personally Identifiable Information (PII) is information about an individual which can be used to distinguish or trace an individual’s identity (such as their name, social security number, biometric records, etc.) by itself or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, mother’s name, etc. PII includes Protected Health Information (PHI), but it can also include other types of information about you, that are not related directly to healthcare.

PHI is information specifically about an individual’s healthcare that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Examples of PHI can include any of the following:

  • name 
  • medical record information 
  • address 
  • social security number or equivalent identifiers (such as those assigned in other countries) 
  • Social Drivers of Health (also known as Social Determinants of Health), or other individually-identifiable information when associated with a member or patient
  • birth date
  • sex and age
  • sexual orientation
  • alternative gender identity
  • race, ethnicity

Personal Information (PI) is a term used by many state privacy protection laws, and (depending on the state) may or may not include PII and/or PHI. Therefore, these three terms may be used interchangeably in parts of this Privacy Protection Policy.

We are committed to safeguarding the PII, PHI, and/or PI we receive from our customers and members through the use of physical, technical, and administrative safeguards.

Our policies prohibit the unlawful disclosure of PII, PHI and/or PI. We share it externally only where federal and state law allows or requires it. Internally, it’s our policy to limit the access, use and disclosure of this information to be in line with the job duties of our associates, as well as applicable law.

Our Notice of Privacy Practices further explains how your PII, PHI and/or PI is collected, how it may be used, and when it may be shared.

If you have questions about this, call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.

Shield with checkmark

HIPAA Notice Of Privacy Practices

Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices

Our Notice of Privacy Practices explains how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our obligations under federal and individual state regulations. By law, we’re required to send our fully-insured health plan members a notice with those details.

These notices generally don’t apply if you’re part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.

Anthem Blue Cross and Blue Shield Privacy Practices
Anthem Blue Cross and Blue Shield Privacy Practices - Spanish
Anthem Blue Cross and Blue Shield and its affiliated HealthKeepers, Inc. Privacy
Anthem Blue Cross and Blue Shield and its affiliated HealthKeepers, Inc. Privacy Practices - Spanish

Prescription drug capsules

Pharmacy Privacy Notices

Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices

The following Notices of Privacy Practices explain how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notices reflect the pharmacy obligations under federal and individual state regulations. By law, we’re required to send our members a notice with those details.

CarelonRX Services Notice of Privacy Practices 

Life And Disability Privacy Notice

This notice explains your rights and outlines our legal duties for protecting your privacy.

Life And Disability Privacy Notice 

Image of a sphere with latitude and longitude lines

Web Privacy Statement

Your privacy is very important to us, and we will make every reasonable effort to safeguard any information we collect.

This privacy statement is effective January 1, 2020, and was most recently reviewed in December 2023. This privacy statement is subject to change. We encourage you to review it from time to time.

Information may be collected in the following ways on this website and application:

  • If we provide user account access, you may elect to establish an account so that you can gain additional access to online service applications, health tools, health information, subscriptions, or other services where it is important for us to know who you are in order to best meet your needs. Providing personal information is always voluntary.
  • We may use “cookies” and/or other web trackers to help us improve this website and application by tracking your navigation habits and to store some of your preferences. A cookie is a small file created by a website or application to store information on your computer. Cookies do not allow websites or applications to gain access to other information on your computer. Once a cookie is saved on your computer, generally only the website or application that created the cookie can read it.
  • An Internet Protocol (IP) address is a number that automatically identifies the computer or mobile device that you are using to access the Internet. The IP address enables our server to send you the site pages that you want to visit or the data you want to view. The IP address may disclose the server owned by your Internet Service Provider. We use your IP address to help diagnose problems with our server and to support our administration of this website and application.

Any personal information that you provide is used for the purpose for which you provide it and to better improve or customize services being provided. For example, if you use location services to find a provider near your current location, your location is used only to facilitate that function. Or if you provide us with an email address, we will only use it in a manner consistent with your consent for us to do so.

 

Requesting or Signing Up to Receive Information:

By submitting your email address or other contact information, you are authorizing us to send you information and educational materials about health plan options and services available to you. This authorization is voluntary and your treatment, payment, enrollment or eligibility for benefits are not conditioned on providing this authorization. You have the right to withdraw this authorization and opt-out at any time by calling toll-free at 1-844-203-3796 to be put on internal Do Not Mail and/or Do Not Email lists. It may take up to 2 weeks to process your opt-out request once it is received. Opting-out will not affect any action taken before your opt-out request is processed. You are entitled to a copy of this authorization.

 

We may also gather quantitative user information, such as the number of users and the pages or data accessed, in order to perform administrative, technical, hosting or other functions that help us manage our website and Application and deliver new functionality to you. We do not sell, license, transmit or disclose personal information that you provide to us to third parties except with the following exceptions:

  • Upon your authorization;
  • When such disclosure is necessary to allow us and our contractors or agents to carry out treatment, payment or healthcare operations; or
  • When required or permitted by law.

We may work with third party service providers who may place third party persistent cookies, web beacons, or similar technologies to collect anonymous information about the use of our websites and Applications. They are not permitted to collect any personal information, and this information will be solely used for web usage analysis for a better understanding of how you use our website Application, and/or to customize our content and advertising.

Providing personal information through this website or application is optional. Personally identifiable information will not be collected from you without your knowledge and approval. You will be told when your failure to provide information might affect your ability to enroll in or use a product or service.

 

If you do not wish to have your activity on our website or application tracked, at any time you can opt-out to discontinue first party cookie tracking of your web activity.

 

You also have the choice to opt-out of third-party cookies, web beacons or similar technologies. If you do not want third party service providers to collect your anonymous information for marketing purposes, visit the Network Advertising Initiative (NAI) website to opt-out.

 

Additionally, you can direct your Internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your computer, tablet or smartphone through your Internet browser settings or other programs. You can also set your browser to refuse all cookies. Please note that some parts of this website or application may not function properly or be available to you, if you refuse to accept a cookie or choose to disable the acceptance of cookies.

We do not respond to web browser “do not track” signals. As such, your navigation of our website and Application may be tracked as part of the gathering of quantitative user information described above. If you arrive at our website or Application by way of a link from a third-party application that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our website or application.

We may provide email and fax links to further facilitate communication for our members and their designees and caregivers. Information collected through email may be shared with our Member Services department, other associates, or third parties that perform services on our behalf. Unless otherwise noted, email through our website or Application is not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us.

 

Also, if you request that we email or fax information about you to someone using the email and fax capabilities in this website or application, that email or fax may not be completely secure. Please verify email addresses and fax numbers carefully before submitting such a request.

These Texting Terms and Conditions apply when you provide prior express consent to receive text messages from Anthem or their affiliates, subsidiaries, agents, contractors, or vendors ("us" or "we" or "our'). Text messaging from us may include one-time or recurring texts related to your benefits, programs, products, services, and tools, and/or general health information. At enrollment for recurring texting programs, we specify the frequency of texts and information on how to unsubscribe and seek assistance. In all programs, you may text “STOP” to stop messaging for that program and "HELP" for help. Text messages will be sent to your mobile number using an automatic dialing system. Message and Data rates may apply.

 

Participation is optional. You are electing to receive PHI via text which makes the data transmitted available to your phone carrier and potentially others. Anthem provides alternative means for communicating including phone. You understand you have these choices and have elected to opt-in for texting. Anthem does not require that you agree to receive texts for this purpose to receive treatment, payment, or for benefits enrollment and eligibility.

 

If you no longer want to receive text messages from us, you will need to do this by ending enrollment in the specific texting program.

 

Under no circumstances will we be liable for any direct or indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or in connection with use of text messaging whether or not we have been advised of the possibility of such damages.

 

We do not guarantee the successful delivery of text messages by your wireless provider. Messages sent by text may not be delivered if the mobile device is not in range of a transmission site, or if sufficient network capacity is not available at a particular time. Even within a coverage area, factors beyond the control of wireless carriers may interfere with message delivery, including the terrain, proximity to buildings, foliage, weather, and the recipient's equipment. We will not be liable for losses or damages arising from (a) non-delivery, delayed delivery, or misdirected delivery of a text message; (b) inaccurate or incomplete content in a text message; or (c) use or reliance on the content of any text message for any purpose.

 

Please notify us immediately if your mobile number changes. We are not liable for any communication or transmission of information by text which happens because you did not report that your mobile number changed. Password-protecting mobile device(s) and enabling encryption, if available, is recommended.

 

Text messages may include protected health information (PHI). Since text messaging is unencrypted, there is a risk that this PHI could be intercepted or viewed by third parties, including others who access your device. When you choose to receive text messages from us, you do so at your own risk. Once texted, your information may no longer be regulated under HIPAA’s Privacy Rule.

From time to time we will provide links to websites or applications not owned or controlled by us. We do this because we think the information might be of interest or use to you. A link to a third-party website or application does not constitute or imply endorsement by us. We cannot guarantee the quality or accuracy of information presented on third party websites or applications. While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of third-party websites or applications. We encourage you to review the privacy practices of any website or application you visit.

Privacy Guidance When Selecting Third-Party Apps To Receive Your Information (Interoperability Support).

A checkmark indicating okay

Privacy Authorization Forms

We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable healthcare and demographic information called Protected Health Information (PHI) for Treatment, Payment and Healthcare Operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to grant permission for others to see your PHI.

You may choose to allow your PHI to be disclosed to someone outside our company. To do this, fill out the appropriate form below and send to the address on the back of your member ID card. If you do not have an ID card, call us at 317-488-6000.

To view the forms if you don’t already have it, download Adobe Acrobat Reader for free.

Anthem Blue Cross New York (Up State) 
Anthem Blue Cross & Blue Shield New York (Down State) 
Anthem Blue Cross New York (Group Retiree Solutions) 
Anthem Blue Cross & Blue Shield New York (Group Retiree Solutions) 

Privacy Grievances & Appeals Authorization Forms

This form is to be used for a grievance or an appeal and to allow a party to act as the Authorized Representative in carrying out a grievance or an appeal.

Anthem Blue Cross New York (Up State) Designation of Representative 
Anthem Blue Cross & Blue Shield New York (Down State) Designation of Representative 

(To designate an Authorized Representative not related to a grievance or appeal, please use the regular Member Authorization form.)

Chat symbol

Contacting You

We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls may be to let you know about treatment options or other health-related benefits and services.

If you do not want to be contacted by phone, just let the caller know and we won’t reach out this way in the future. You may also call toll-free at 844-203-3796 to place your phone number on Anthem’s internal Do Not Call list.

Chat symbol

Contacting The Privacy Office

There are several ways to contact the Privacy Office.

To update how you receive your information, call Member Services on the back of your member ID card or log in to your account, go to "Profile," and then "Communication Preferences."

To contact us if you need to report a privacy issue, you can:

  • Call Member Services at the toll-free number on your member ID card or log in to start a Live Chat for all other questions.
  • Write to the Privacy Office at:
    Privacy Office
    220 Virginia Ave
    Indianapolis, IN 46204

California Consumer Privacy Act (CCPA) Privacy Notice

This privacy notice is not applicable to Anthem’s health plans. Anthem health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.

Privacy Notice for California Residents 

Confidential Communications Of Medical Information (CCMI)

Your Right to Request Confidential Communications of Medical Information (CCMI) and our Obligation to Protect the Confidentiality of Sensitive Services Information For a Protected Individual

California law says subscribers and enrollees (“members”) of a healthcare service plan1 (“plan”) can choose how they would like the plan to communicate with them. They can provide the address, email, or telephone number they’d like the plan to use. That’s how the plan will contact them about medical details, healthcare providers, and other plan information.

A subscriber is the person who is responsible for plan payments or is eligible for the plan based on their job or other qualifications. An enrollee is a person covered by the plan or who receives services from it.

California also has special communication rules for protected individuals. They are covered adults or minors who can consent to care without permission from a parent or legal guardian. Protected individuals must be able to give informed consent for healthcare services.

Under California law, plans can’t tell the primary policyholder that a protected individual received sensitive services, unless they have the recipient’s permission. Sensitive services are all healthcare services related to mental or behavioral health; sexual and reproductive health; sexually transmitted infections; substance use disorder; gender-affirming care; intimate partner violence; or other care outlined by law.

Protected individuals can ask a plan to contact them about sensitive services at a different address, email, or phone number. If they don’t provide one, the plan will contact them by name using the method on file.

Members will be given details about the confidential communication request process when they enroll in or renew a plan. They can also submit a CCMI request by calling the Member Services toll free number on their Member ID card. The plan will honor their request until the member asks for it to be changed. The plan will send a confirmation letter to the member to let them know their confidential communications request was received. The member can ask for the status of their request by contacting the plan.

SPECIAL INFORMATION FOR MINORS:  An amendment to California law (Assembly Bill (AB) 1184) prohibits healthcare service plans and health insurers from disclosing information about sensitive services that a minor age 12-17 has received, without the minor’s written consent. Because minors in California have the right to consent to these services on their own, without the consent of a parent or guardian, only the minor’s written authorization is valid for the release of this information to a parent, policy holder, primary subscriber, or any plan enrollee. Furthermore, the healthcare service plan or health insurer must direct all communications about the minor’s receipt of sensitive services directly to the minor, and they are prohibited from disclosing the information to the policy holder, primary subscriber, or any plan enrollee, without the minor’s written authorization.

We understand that limiting parents’ access to certain information about their children’s health care may be inconvenient, but it is necessary to comply with California law that prioritizes protection of children’s privacy in certain circumstances.

If a minor dependent would like to allow permission to their sensitive information, they must complete the form below.

Click here for the California Minor’s Authorization Form

Frequently Asked Questions

In September 2021, the California State Assembly passed an amendment to a current state law, Assembly Bill (AB) 1184. The amendment changes how healthcare plans and healthcare providers protect the privacy of patients who receive certain sensitive services. Here’s what you need to know.

AB 1184 is a law that changes the Confidentiality of Medical Information Act (CMIA), which requires healthcare plans and providers to protect a member’s privacy.

 

The law bans healthcare plans and providers from sharing medical information related to certain sensitive services with anyone other than the member themselves without the member’s written permission. Notably, the law specifically protects the medical information of a minor member between the ages of 12 and 17 years old from being shared with the parent or legal guardian who holds the policy.

 

We know that limiting parents’ access to certain information about their children’s health care may be   inconvenient in some cases. However, we must follow the California law, which prioritizes the protection of children’s privacy in certain circumstances.

According to state law, a “protected individual” is:

  • Any adult subscriber or member covered under a health plan or health insurance policy.
  • A minor member (12 to 17 years old) who can agree to a healthcare service without the consent of a parent or legal guardian.

It’s important to note that “protected individual” does not include a person who lacks the capacity to give informed consent for care.

No, this regulation only includes minor members ages 12 to 17 years old who receive sensitive services.

California law classifies sensitive services as all healthcare services related to:

  • Mental or behavioral health
  • Sexual and reproductive health
  • Sexually transmitted infections
  • Substance use disorder
  • Gender affirming care
  • Intimate partner violence

Confidential communication includes:

  • Bills and attempts to collect payment.
  • A notice that we are not providing benefits because we believe they are not medically necessary, the member isn’t eligible for the benefits, or the care isn’t covered under their health plan.
  • An explanation of benefits (EOB) notice.
  • A request for more information about a claim.
  • A notice of a contested claim.
  • The name and address of a provider, description of services, and other information about a visit.
  • Any written, oral, or electronic communication that contains protected health information. All communications about sensitive services should be directed to that member’s chosen mailing address, email address, or phone number.
    • If the protected individual has given an alternate mailing address, email address, or phone number, we are required to send or make all communications related to the sensitive services to that alternative mailing address, email address, or phone number.
    • If the protected individual has not given an alternate mailing address, email address, or phone number, we are required to name the protected individual on all communications related to the sensitive services and send to or call that individual at the address or phone number on file.

Subscribers, even those who are the parent or legal guardian of a minor member, can expect the following changes as we comply with this law:

  • All items listed under “confidential communications” for a minor member’s sensitive service claims will now be addressed to the minor member.
  • When viewing a claim through our digital channels, the minor member’s sensitive service claim will show as “Patient View Only".
  • Member Services will not be able to answer questions about a minor member’s sensitive service claims without written authorization from the impacted member giving you permission to speak on their behalf.

For services to be in scope under AB 1184, the minor member between the ages of 12 and 17 must be able to give their own consent to care. California law does not allow minor consent on the following services:

  • Inpatient behavioral health services and residential treatment
  • Sterilization services
  • Abortion when it is not related to an emergency situation
  • Psychotropic medication(s)
  • Convulsive therapy

To speak to a parent or legal guardian about a minor dependent’s sensitive service claim, we must have written permission from the minor member on file.

 

A minor member can fill out this form to allow the parent or legal guardian to speak to Member Services about their protected health information.

A minor member can fill out this form to permit the parent or legal guardian to speak to Member Services about their protected health information. The completed form will allow permission to the minor members sensitive service information.

In unique situations when written permission is not obtainable, we may be able to supply the requested information after getting more details from the parent or legal guardian. If you have questions or need support, contact Member Services by live chat or the phone number on your ID card.

The standard expiration of the form is three years or when the minor member turns 18 years old, whichever comes first. A minor member can also choose a set date that is less than three years or when they turn 18 years old.

The minor member must complete and sign the form.

The completed form can be submitted by:

  • The subscriber/parent can log in to anthem.com/ca and send the form using the Message Center.
  • Mailing the form to: Anthem Blue Cross P.O. Box 60007 Los Angeles, CA 90060–0007
A clipboard with documents

Health Information Exchanges

We may share your information with health information exchanges (HIE) or through direct connections, which allow doctors, hospitals and payers to view/share your health information quickly and easily for treatment, payment or healthcare operations. These data exchanges can improve the speed, quality, safety and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.

Anthem may send and/or receive information through data exchanges. If you want to opt-out of having health information passed through the exchanges, you may contact the following:

California: Manifest MedEx
Indiana: Indiana Health Information Exchange
Maryland: Chesapeake Regional Information Systems for Patients
Michigan and Indiana: Michiana Health Information Network
Ohio: CliniSync Health Information Exchange
New York City and Long Island: Healthix
Nevada: HealtHIE Nevada
Tennessee: Tennessee eHealth Information Exchange

Consumer Privacy Protection

There are many sources for information on privacy. These government websites feature frequently updated information on privacy policies and statutes.

Federal Trade Commission (FTC) 
Identity Theft | USA.gov 
Identity Theft | consumer.gov 

Effective January 1, 2020. Last reviewed December 07, 2023. Unless otherwise noted, the effective and review dates noted are for the Privacy Page in its entirety.

1“Health care service plan” or “specialized health care service plan” means either of the following: (1) Any person who undertakes to arrange for the provision of health care services to subscribers or enrollees, or to pay for or to reimburse any part of the cost for those services, in return for a prepaid or periodic charge paid by or on behalf of the subscribers or enrollees. (2) Any person, whether located within or outside of this state, who solicits or contracts with a subscriber or enrollee in this state to pay for or reimburse any part of the cost of, or who undertakes to arrange or arranges for, the provision of health care services that are to be provided wholly or in part in a foreign country in return for a prepaid or periodic charge paid by or on behalf of the subscriber or enrollee.