Privacy Policy

A Healthier Upstate is owned and operated by Excellus BlueCross BlueShield. At Excellus BlueCross BlueShield, we know how important your privacy is to you. Therefore, we are committed to protecting any personal information that you provide us on this website according to applicable laws, regulations and accreditation standards and practices, and we continue to evaluate new administrative, technical and physical safeguards for protecting your information. We urge you to read our Privacy Policy so that you will understand both our commitment to you and your privacy, and how you can participate in that commitment.

The purpose of this Privacy Policy is to inform you of our information gathering and dissemination practices for this website.

  1. Collection of Personally Identifiable Information – In order to access certain services and restricted areas within the website or to respond to specific inquiries, Excellus BlueCross BlueShield requires that you provide Personally Identifiable Information. This information may include, without limitation, your legal name, address, telephone number, email address, subscriber name or “screen name,” and password used to access the services. We may also collect the email addresses of visitors that communicate with us via email; information provided by the visitor in online forums, registration forms, surveys, email messages, and other online features (including demographic and personal profile data); and visitor-specific information about the pages on this site that our visitors access. We reserve the right to request any additional information necessary to establish and maintain your account for use of the services and access to the restricted areas.
  2. Collection of Non-Personally Identifiable Information – Excellus BlueCross BlueShield also collects information about you and your use of the website through the use of Cookies and/or Session Variables. “Cookies” are small computer files that we transfer to your computer’s hard drive that allow us to know how often someone visits our site and the activities they conduct while on our site. “Session Variables” are similar to Cookies except that they remain on our servers and are not transferred to your computer. Usage of a Cookie or Session Variable is in no way linked to your Personally Identifiable Information. Once you close your Web browser, the Cookie or Session Variable simply terminates. If you reject the Cookie or Session Variable, you may still use the website. We may also collect the home server domain names, search engine used, Web browser, date and time of the visit, and aggregate information about the pages on this site that our visitors access.
  3. How We Use the Information – Personally Identifiable Information collected when you visit this website will not be shared with or otherwise disclosed to anyone outside the Excellus BlueCross BlueShield family of companies without the consent of the person(s) authorized to permit us to do so, unless we are required to disclose the information by law, regulation or court order. Personally Identifiable Information you provide to Excellus BlueCross BlueShield via this website will only be used for the express purpose of your disclosure to us, unless as otherwise described herein.Non-Personally Identifiable Information collected when you use this website may be used for internal review purposes in the aggregate, including measuring and monitoring the use of our website, diagnosing problems with our server, and administering our website.
  4. No Absolute Security of Information Transmitted Via the Internet Excellus BlueCross BlueShield has implemented security features to help prevent the unauthorized release of or access to personal information that has been received via this website. Please be advised, however, that the confidentiality of any communication, information or other material transmitted to or from Excellus BlueCross BlueShield via this site or e-mail cannot be guaranteed. Accordingly, Excellus BlueCross BlueShield is not responsible for the security or confidentiality of information being transmitted via the Internet, the World Wide Web or other global computer networks. Excellus BlueCross BlueShield will have no liability for disclosures of Personally Identifiable Information due to errors in transmission or unauthorized acts of third parties.
  5. Excellus BlueCross BlueShield’ Right to Contact User – Excellus BlueCross BlueShield may contact site visitors who provide Excellus BlueCross BlueShield personally identifiable information regarding account status and changes to the subscriber agreement, privacy statement, or any other policies or agreements relevant to site visitors.
  6. Excellus BlueCross BlueShield’ Right to Change Privacy Policy – If we alter our privacy policy, we will post those changes here in a timely manner so you can be aware of changes that may affect you. Any change to this Privacy Policy shall be effective as to any visitor that has accepted the Excellus BlueCross BlueShield website Terms and Conditions before the change was made.
  7. Protecting Children Online – We are committed to protecting the privacy and security of all of our customers, including minors who are enrolled in our insurance plans. Children under the age of 13 can access our websites as guests. If they wish to use features on our websites, we require that they do so with the permission of their legal guardian. We will not knowingly collect or use any personal information regarding a user under the age of 13 without the consent of a parent or legal guardian.
  8. Use of Aggregated Information – We reserve the right to disclose to third parties information about usage of the website and any related services, including information gathered during your use of the website. Any information disclosed for this purpose will be in the form of aggregated data (such as overall patterns or demographic reports) that does not describe or identify any individual user.
  9. Protection of Member Health Information – If you are a member of Excellus BlueCross BlueShield (and not someone visiting the website only for informational purposes), then it is possible that you may also provide us with Personally Identifiable Information that constitutes health information protected by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). Excellus BlueCross BlueShield is a Covered Entity under HIPAA. Accordingly, Excellus BlueCross BlueShield is covered by (and complies with) HPIPAA regulations regarding the use and disclosure of members’ health information for each health plan. Our Privacy Policy (PDF) explains how we may use and disclose health information to carry out payment and health care operations and for other purposes that are permitted or required by law. “Health information” that is protected under HIPAA by health plans (“Protected Health Information”) generally means claims information and any other information that relates to an individual’s past, present or future physical or mental health.
  10. Questions and Additional Information – Questions about our privacy policy and the use and disclosure of members’ protected health information on the Excellus BlueCross BlueShield website may be addressed to our Privacy Officer by using our Secure Privacy Officer Email Form.

Frequently Asked Questions about Our Privacy Policy
Here are some questions and answers to help you understand our privacy policy:

  1. What is ‘Personally Identifiable Information’?
    It is any information that could be used to identify you. For example, your name, address or identification number.We collect two types of Personally Identifiable Information about our customers:

    A. Nonpublic Personal Information – This is information you give us on your enrollment form, claim forms, premium payments and other ways. It includes for example: names, account numbers, e-mail address, type of health care benefits and payment amounts.

    B. Protected Health Information – This is information that you or your health care provider sends to us to process your claim. This includes diagnoses and type of services you receive from your health care provider.

  2. How Does Excellus BlueCross BlueShield Inc. use your Personally Identifiable Information?
    We use this information to administer health care benefits and for our health care operations. For example:

    • decide claim payment by asking you and/or your health care provider(s) for necessary information about services, or treatment;
    • work with other insurers to decide coverage;
    • bill for premiums which may include looking at your claim history;
    • answer customer and provider questions about benefits, enrollment and claims;
    • monitor quality of care and service to our customers which may include case management, and
    • perform utilization and cost containment review activities.
  3. Who Has Access To My Personally Identifiable Information?
    Authorized employees at Excellus BlueCross BlueShield may access your information to administer benefits. Each year, all of our employees must sign an agreement to follow our Code of Business Conduct that includes our confidentiality policy.We may work with other companies to help us conduct our business. We are required by law to sign an agreement with these other companies that prohibits them from using or giving out information for any reason other than the purpose of the contract. For example we may contract with:

    • benefits management companies for paying claims;
    • health care provider groups to assess quality and cost containment;
    • print or mail services for customer communications and surveys;
    • audit or consulting firms for validating the integrity of our processes;
    • state and federal agencies as required by law;
    • other BlueCross BlueShield plans.
  4. How is my Personally Identifiable Information protected?
    It is our policy to keep all information about you confidential. It is so important to us that we take the following steps:

    • our employees sign an agreement to follow our Code of Business Conduct;
    • we have a privacy oversight committee that reviews our privacy practices;
    • we have a security coordinator to detect and prevent security breaches;
    • all computer systems that contain personal information have security protections; and
    • we check provider offices to ensure that medical records are kept in secure locations.

Questions regarding Excellus BlueCross BlueShield’ privacy policy may be directed to the Excellus BlueCross BlueShield Privacy Officer via postal mail:

Excellus BlueCross BlueShield Privacy Officer
Re: Website Privacy Policy
333 Butternut Drive
Syracuse, NY 13214-1803