Skip to main content

Highmark Health's Online Privacy Policy

At Highmark Health1, we take the issue of privacy very seriously. We want to assure Users of our enterprise websites, mobile applications, social media tools, member and patient portals, and other online or digital resources (collectively "Consumer Platforms") that the information collected and/or provided to us is secure and maintained in confidence, consistent with applicable state and federal laws, regulations, and corporate standards. "Users" means any individual visiting, using, and/or providing Personal Information via one of our Consumer Platforms. References to "you" or "your" in this online privacy policy mean individual Users. "Personal Information" means any individually identifiable information about a User, including, but not limited to name, date of birth, address, phone number, e-mail address, account number, and IP (internet protocol) address. Please read through the following pages, which describe the type of information we collect, how we use information, and our commitment to maintaining the privacy and security of information.

Please be advised that Highmark Health does not own or control all Consumer Platforms used by our customers. This means that Highmark Health does not manage data collection, use, or disclosure activities which may occur on platforms owned by a Non-affiliated Third Party2; however, we may receive information from the platform owner about Users who visit our resources located on their platform. For example, Highmark Health maintains a Facebook page, but we have no control over how Facebook collects, uses, or discloses information obtained from Users when they visit the Highmark Health page.

We cannot guarantee the security or confidentiality of Personal Information transmitted across Non-affiliated Third Party platforms that we do not own or control. For example, if a User initiates a message to Highmark Health through our Facebook page, Facebook may be able to view that content as the platform owner.

I. Information Collected

A. General
How you use a particular Highmark Health Consumer Platform will determine whether or not we collect Personal Information from you, and how much we collect. For many features, we do not require any Personal Information, nor will we ask questions about you. However, for others, we need to either verify your identity through a login process, or collect sufficient Personal Information to provide the service associated with that feature.

B. Secure messaging and feedback/inquiry forms
Highmark Health invites Users to contact us using secure messaging or feedback/inquiry forms available on our corporate-owned platforms regarding account questions or concerns, or Highmark Health's products or services. We may disclose Personal Information to contracted Service Providers3 to allow them to perform a service or function for which they have been engaged. The information provided through secure messages and feedback/inquiry forms will be used by Highmark Health or its contracted Service Providers to review and respond to Users' communications.

Highmark Health has established online communications tools for members and patients to contact their health plan or physician regarding certain inquiries, such as account questions, referrals, prescription renewals, or medical issues. Messages sent by or to members or patients who choose to use these online services may be recorded in transaction logs, which may be reviewed to monitor compliance with applicable laws and regulations, as well as the overall effectiveness of the services.

Users can also inquire about products and services offered by a Non-affiliated Third Party or Service Provider by clicking hyperlinks which may be located on our Consumer Platforms. These hyperlinks will then redirect to the Non-affiliated Third Party or Service Provider website. Highmark Health makes no representations or warranties regarding these websites, their content, or security. Users should review the online privacy policy of the Non-affiliated Third Party or Service Provider for information regarding their data collection, use, and disclosure practices.

C. Use of cookies
A cookie is a piece of information about an internet session that may be created when an individual accesses a website. Cookies can capture information such as your IP address, your internet browser and operating system type, the date and time you visit a website, session information such as page response times, your search history, your saved preferences and password information (if you elect to have a website remember this information), information about the referring URL (uniform resource locator) and the URL clickstream to, through, and from our Consumer Platforms, and other similar details.

Highmark Health's Consumer Platforms may use cookies to monitor the performance of our resources, to enhance the User experience, and to assess aggregate information about our User base. We may also employ cookies on Non-affiliated Third Party and Service Provider websites to facilitate the delivery of our services and help follow Users' online activities over time and across online resources to inform more relevant communication with Users. Highmark Health may gather and use information obtained from cookies to provide customers and prospects with tailored products and services.

Most internet browser settings can be modified by individuals to block or disable cookies ("do not track"). If a User decides to block or disable cookies in their internet browser settings, Highmark Health's Consumer Platforms do not respond to these settings, and our use of cookies may not be affected.   Users should be aware that blocking or disabling cookies could prevent a particular Consumer Platform or certain features from fully functioning, so Users are encouraged to keep cookies enabled.

D. Non-affiliated Third Party and Service Provider use of cookies
A Non-affiliated Third Party or Service Provider may employ cookies on our Consumer Platforms to facilitate the delivery of their services and help follow Users' online activities over time and across online resources. Any cookie data shared by Highmark Health with a Non-Affiliated Third Party or Service Provider is subject to the provisions of this online privacy policy. Users should also review the online privacy policy of the Non-Affiliated Third Party or Service Provider to understand their data collection, use, and disclosure practices.

E. Note about Children's Online Privacy Protection Act and other laws
Please be advised that Highmark Health's Consumer Platforms are intended for general audience Users. Our Consumer Platforms are not directed at children under the age of 13, nor do we make attempts to collect, use, or disclose information from children under the age of 13. Highmark Health complies with all applicable state laws governing advertising and marketing to children, including the Delaware Online Privacy Protection Act, which prohibits marketing to children under the age of 18.

II. Use of Information Collected

Highmark Health does not sell Personal Information of Users collected through our Consumer Platforms to anyone.

All information submitted to us may be retained to provide a record of communications and to comply with any applicable legal and/or regulatory requirements, and may also be verified for accuracy.

In addition: Highmark Health uses Personal Information of Users collected through Highmark Health's Consumer Platforms to i) provide relevant health care related information, ii) provide information regarding general health topics, iii) provide updates, news, event notices and announcements, iv) update information we have about Users, and v) monitor the effectiveness of our Consumer Platforms and features. We may also use Personal Information to provide Users with access to information about products, programs, and services offered by Highmark Health or our diversified businesses.

If you receive email updates, news, announcements and/or event notices from Highmark Health, we will use the name, demographic, phone number, e-mail address, and other contact information you provide us in order to deliver that information. You may remove yourself from these communications at any time by following the removal instructions included in our communications. Your name, demographic, phone number, e-mail address and other contact information will be used only for Highmark Health-related communications and will not be given, sold, or rented to any external party without your prior approval.

Personal Information may also be anonymized by Highmark Health (i.e. stripped of individual identifiers), aggregated with other data, and used for general research, classification, marketing, or other purposes without permission.

III. Access to Information Collected

A. Employees
Certain Highmark Health employees may be provided with Personal Information of Users in order to respond to their needs, assist with customer service and related account issues, and provide requested information regarding specific products or services. Certain employees will also be provided with Personal Information of Users in order to monitor the effectiveness of our Consumer Platforms and features. Highmark Health employees are required, by written confidentiality statements, corporate policies, and state or federal laws or regulations, to maintain the confidentiality of Personal Information, and to use strict standards of care in handling information. Employees who do not conform to these confidentiality requirements are subject to disciplinary sanctions, up to and including dismissal.

B. Highmark Health's diversified businesses
Highmark Health may disclose Personal Information of Users collected through its Consumer Platforms to its diversified businesses as necessary to carry out its business operations. It may also disclose Personal Information to contracted Service Providers that are contracted by Highmark Health to provide certain services or perform certain functions on its behalf.

Personal Information collected through Consumer Platforms by diversified businesses may also be disclosed to Highmark Health as necessary to carry out their business operations. All Personal Information will be disclosed in order to respond to a User's needs, and/or to provide information about products or services offered by or through Highmark Health, its diversified businesses, or contracted Service Providers. Personal Information is treated with the same strict standards of confidentiality that Highmark Health applies to other types of confidential information. Highmark Health's diversified businesses are subject to Highmark Health's corporate policies regarding privacy and confidentiality, and Highmark Health's contracted Service Providers and business associates are legally bound by contract to follow the same, or no less restrictive, standards of confidentiality as followed by Highmark Health.

C. Third parties
Other than as set forth herein, Highmark Health does not transmit any Personal Information collected through its Consumer Platforms to any third party without the permission of the User. However, Personal Information may be transmitted if there is a specific need to complete a transaction requested by the User or if necessary for providing a service or benefit to the User. For example, group health plan administrators have access to online enrollment applications and certain other Personal Information which is required for their plan administration purposes.

D. Consumer Platform communication services
Highmark Health has access to communications sent by or to Users who choose to utilize any Consumer Platform communication features. Highmark Health will not release the content of specific communications to any third party without the User's consent, other than as set forth above, or unless permitted or required under applicable state or federal law or regulation. Please be reminded that the platform owner may be able to view the content of communications, and Highmark Health cannot guarantee the security or confidentiality of Personal Information transmitted across platforms which we do not own or control.

IV. Compliance Assurance

A. Security
Highmark Health uses commercially reasonable information security practices and technology to protect the information we maintain, and to help ensure compliance with the security and privacy standards described in this online privacy policy. For Users who choose to communicate with Highmark Health using their personal e-mail account, please be aware that there is always some risk in sending information over the internet. Although we make reasonable efforts to protect your information from unauthorized access, use, disclosure, or alteration, you should be aware there is always some risk in transmitting information over the internet, such as the potential for interception or misuse of your information before we receive it.

B. Account access
Consistent with the requirements set forth under certain state and federal laws, Highmark Health grants access to Personal Information only to those employees, diversified businesses, and contracted Service Providers as necessary to provide appropriate products and services, or as Users authorize. All such employees, diversified businesses, and contracted Service Providers are subject to confidentiality statements, privacy policies, and/or other contractual obligations at least, or no less restrictive, as the standards followed by Highmark Health.

C. Internal compliance with privacy and security programs
Highmark Health maintains internal privacy and security programs to help ensure compliance with this online privacy policy, and to maintain the privacy and security of Personal Information. These programs include oversight by a Chief Privacy Officer and a Chief Information Security Officer who oversee the maintenance of the privacy and security programs, as well as the enforcement of privacy and security practices. Additionally, our privacy and security programs include on-going employee training, on-going maintenance and updating of security systems and internal processes, and monitoring customer feedback and complaint resolution processes.

D. Questions and concerns
If you have questions about this online privacy policy, or concerns regarding your Personal Information, please send us your question by emailing us or calling 1-866-228-9424.

V. Changes to Online Privacy Policy

Highmark Health reserves the right to change, modify, or update this online privacy policy at any time and for any reason. Highmark Health will promptly post changes, modifications, and updates to its Consumer Platforms accordingly. Continued use of our Consumer Platforms constitutes your acceptance of the terms of our online privacy policy

(© 2014 Highmark Health – last revised December 2017)


1Highmark Health includes all wholly and majority-owned subsidiaries and affiliates making up the Highmark Health enterprise, including, among others, Highmark Inc., Allegheny Health Network, HM Health Solutions, HM Home and Community Services, and other diversified businesses, but excluding Premier Medical Associates. References to "us", "we", and "our" in this online privacy policy mean Highmark Health.

2Non-affiliated Third Party refers to an entity that offers a tool, service, product, or forum that Highmark Health may utilize, but there is no contractual relationship between Highmark Health and the entity (e.g., Facebook, LinkedIn, Google Analytics).

3Service Providers means any vendor that has been contracted by Highmark Health to provide a service or perform a function on behalf, or for the benefit, of Highmark Health, including but not limited to technical support, system or account administration, or data analytics (e.g., WebMD, Coremetrics).