Please be advised that Highmark Health does not own or control all Consumer Platforms used by our customers. This means that Highmark Health does not manage data collection, use, or disclosure activities which may occur on platforms owned by a Non-affiliated Third Party2; however, we may receive information from the platform owner about Users who visit our resources located on their platform. For example, Highmark Health maintains a Facebook page, but we have no control over how Facebook collects, uses, or discloses information obtained from Users when they visit the Highmark Health page.
We cannot guarantee the security or confidentiality of Personal Information transmitted across Non-affiliated Third Party platforms that we do not own or control. For example, if a User initiates a message to Highmark Health through our Facebook page, Facebook may be able to view that content as the platform owner.
I. Information Collected
How you use a particular Highmark Health Consumer Platform will determine whether or not we collect Personal Information from you, and how much we collect. For many features, we do not require any Personal Information, nor will we ask questions about you. However, for others, we need to either verify your identity through a login process, or collect sufficient Personal Information to provide the service associated with that feature.
B. Secure messaging and feedback/inquiry forms
Highmark Health invites Users to contact us using secure messaging or feedback/inquiry forms available on our corporate-owned platforms regarding account questions or concerns, or Highmark Health’s products or services. We may disclose Personal Information to contracted Service Providers3 to allow them to perform a service or function for which they have been engaged. The information provided through secure messages and feedback/inquiry forms will be used by Highmark Health or its contracted Service Providers to review and respond to Users’ communications.
Highmark Health has established online communications tools for members and patients to contact their health plan or physician regarding certain inquiries, such as account questions, referrals, prescription renewals, or medical issues. Messages sent by or to members or patients who choose to use these online services may be recorded in transaction logs, which may be reviewed to monitor compliance with applicable laws and regulations, as well as the overall effectiveness of the services.
A cookie is a piece of information about an internet session that may be created when an individual accesses a website. Cookies can capture information such as your IP address, your internet browser and operating system type, the date and time you visit a website, session information such as page response times, your search history, your saved preferences and password information (if you elect to have a website remember this information), information about the referring URL (uniform resource locator) and the URL clickstream to, through, and from our Consumer Platforms, and other similar details.
E. Note about Children’s Online Privacy Protection Act and other laws
Please be advised that Highmark Health’s Consumer Platforms are intended for general audience Users. Our Consumer Platforms are not directed at children under the age of 13, nor do we make attempts to collect, use, or disclose information from children under the age of 13. Highmark Health complies with all applicable state laws governing advertising and marketing to children, including the Delaware Online Privacy Protection Act, which prohibits marketing to children under the age of 18.
II. Use of Information Collected
Highmark Health does not sell Personal Information of Users collected through our Consumer Platforms to anyone.
All information submitted to us may be retained to provide a record of communications and to comply with any applicable legal and/or regulatory requirements, and may also be verified for accuracy.
In addition: Highmark Health uses Personal Information of Users collected through Highmark Health’s Consumer Platforms to i) provide relevant health care related information, ii) provide information regarding general health topics, iii) provide updates, news, event notices and announcements, iv) update information we have about Users, and v) monitor the effectiveness of our Consumer Platforms and features. We may also use Personal Information to provide Users with access to information about products, programs, and services offered by Highmark Health or our diversified businesses.
If you receive e-mail updates, news, announcements and/or event notices from Highmark Health, we will use the name, demographic, phone number, e-mail address, and other contact information you provide us in order to deliver that information. You may remove yourself from these communications at any time by following the removal instructions included in our communications. Your name, demographic, phone number, e-mail address and other contact information will be used only for Highmark Health-related communications and will not be given, sold, or rented to any external party without your prior approval.
Personal Information may also be anonymized by Highmark Health (i.e. stripped of individual identifiers), aggregated with other data, and used for general research, classification, marketing, or other purposes without permission.
III. Access to Information Collected
Certain Highmark Health employees may be provided with Personal Information of Users in order to respond to their needs, assist with customer service and related account issues, and provide requested information regarding specific products or services. Certain employees will also be provided with Personal Information of Users in order to monitor the effectiveness of our Consumer Platforms and features. Highmark Health employees are required, by written confidentiality statements, corporate policies, and state or federal laws or regulations, to maintain the confidentiality of Personal Information, and to use strict standards of care in handling information. Employees who do not conform to these confidentiality requirements are subject to disciplinary sanctions, up to and including dismissal.
B. Highmark Health’s diversified businesses
Highmark Health may disclose Personal Information of Users collected through its Consumer Platforms to its diversified businesses as necessary to carry out its business operations. It may also disclose Personal Information to contracted Service Providers that are contracted by Highmark Health to provide certain services or perform certain functions on its behalf.
Personal Information collected through Consumer Platforms by diversified businesses may also be disclosed to Highmark Health as necessary to carry out their business operations. All Personal Information will be disclosed in order to respond to a User’s needs, and/or to provide information about products or services offered by or through Highmark Health, its diversified businesses, or contracted Service Providers. Personal Information is treated with the same strict standards of confidentiality that Highmark Health applies to other types of confidential information. Highmark Health’s diversified businesses are subject to Highmark Health’s corporate policies regarding privacy and confidentiality, and Highmark Health’s contracted Service Providers and business associates are legally bound by contract to follow the same, or no less restrictive, standards of confidentiality as followed by Highmark Health.
C. Third parties
Other than as set forth herein, Highmark Health does not transmit any Personal Information collected through its Consumer Platforms to any third party without the permission of the User. However, Personal Information may be transmitted if there is a specific need to complete a transaction requested by the User or if necessary for providing a service or benefit to the User. For example, group health plan administrators have access to online enrollment applications and certain other Personal Information which is required for their plan administration purposes.
D. Consumer Platform communication services
Highmark Health has access to communications sent by or to Users who choose to utilize any Consumer Platform communication features. Highmark Health will not release the content of specific communications to any third party without the User’s consent, other than as set forth above, or unless permitted or required under applicable state or federal law or regulation. Please be reminded that the platform owner may be able to view the content of communications, and Highmark Health cannot guarantee the security or confidentiality of Personal Information transmitted across platforms which we do not own or control.
IV. Compliance Assurance
B. Account access
Consistent with the requirements set forth under certain state and federal laws, Highmark Health grants access to Personal Information only to those employees, diversified businesses, and contracted Service Providers as necessary to provide appropriate products and services, or as Users authorize. All such employees, diversified businesses, and contracted Service Providers are subject to confidentiality statements, privacy policies, and/or other contractual obligations at least, or no less restrictive, as the standards followed by Highmark Health.
C. Internal compliance with privacy and security programs
D. Questions and concerns
(© 2014 Highmark Health – last revised December 2017)
2 Non-affiliated Third Party refers to an entity that offers a tool, service, product, or forum that Highmark Health may utilize, but there is no contractual relationship between Highmark Health and the entity (e.g., Facebook, LinkedIn, Google Analytics).
3 Service Providers means any vendor that has been contracted by Highmark Health to provide a service or perform a function on behalf, or for the benefit, of Highmark Health, including but not limited to technical support, system or account administration, or data analytics (e.g., WebMD, Coremetrics).