Privacy Policy
The following terms and conditions govern your use of the fepblue.org website, the MyBlue mobile application and the MyBlue Portal.
Welcome! You have arrived at an online service location that is owned and operated by the Blue Cross and Blue Shield Association (“BCBSA” or “we,” “our” or “us”). This “Privacy Policy” governs your use the fepblue.org website and the MyBlue Portal (“Portal”) (collectively, the “Website”).
The MyBlue Portal (“Portal”) is hosted and operated by Blue Cross Blue Shield Association (“BCBSA”) as part of its contract with the Office of Personnel Management (“OPM”) to administer the Federal Employee Program (“FEP”). Some information collected through the Portal may be considered “protected health information” (“PHI”), as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations. Additionally, some information collected through the public and non-public sections of the Website is not PHI, but is personally identifiable information (“PII”) that is outside the scope of HIPAA. To use all of the features of the Portal, including those features that include PHI, you must have an active MyBlue account and sign in using that account information through the non-public section of the Website.
Your privacy is important to us. BCBSA maintains high standards for the protection of your privacy on the Website. Here is what you can expect when you visit the Website:
- Other than to fulfill a request from you or to provide you information or services as part of your contract for health benefits, we won’t sell any individually identifiable personal information you provide without your consent or as allowed by applicable law.
- We won’t send you any unsolicited email (“spam”) without your consent.
- No personal information collected at this Website will ever be used to affect your health insurance coverage by or premiums paid to a Blue Cross and Blue Shield company.
Please remember that this Privacy Policy only covers the data collection and use practices for the Website. BCBSA’s privacy policies may differ at its other websites or in its offline data collection and reporting practices. Questions regarding the privacy policy of your independent, local Blue Cross and Blue Shield company should be directed to that company.
HIPAA Notice of Privacy Practices
This Policy is in addition to the HIPAA Notice of Privacy Practices issued to all Service Benefit Plan contract holders when they enroll and whenever there is a material change to the privacy practices provided in the notice. In situations where there are material changes, the revised HIPAA Notice of Privacy Practices will be distributed to all contract holders within 60 days of the change. To review our current privacy practices please download the following:
Notice of Privacy Practices for the Service Benefit Plan
Notice of Privacy Practices for the US Office of Personnel Management (OPM)
The information we collect
When accessing or using features of this Website, our web servers automatically capture your domain name; the referring URL, IP address, clicks, session duration, browser/device information, pages you visit on our site; the amount of time you spend here, browser name, full version (major and minor), and plugins; the resolution (width/height) and color depth; and the operating system. You also may have the option of importing information to and from certain web sites (including, without limitation, the Site and your on-line profile accounts, e.g. Google Account) from third-party software programs. This information may include the types of information described above, as well as other types of information that you have entered into these third-party software programs. This information may be used to fulfill your requests for services, to communicate with you about your account, to support your online activities, to respond to your questions, and to customize your experience and the content or features of the Site and the products and services available thereon.
We may also use your PII to personalize your interactive experience on the Site, through social media (e.g., Facebook, Twitter, Instagram, Amazon and Pinterest) or other platforms (e.g. Meta pixel and Google).
When you access the non-public section of the Website, we may access or collect personal and non-personal information about You, including but not limited to: (i) information you voluntarily provide, which may include account info, name, email address, user credentials, age, address, and/or phone number; (ii) health, medical, or therapy information, including PHI; and (iii) Information provided by BCBSA, an affiliate, or a business partner.
To the extent permitted, we may obtain your location information to provide location-related services, e.g., finding a provider near you. We do not store information about your location after the service is performed. Your location information may be shared with third-parties that we have hired to perform the location-based services, such as Provider Finder. You can withdraw consent to use precise, real-time or network location data at any time by turning off the location-based feature on your web browser or by opting out of using any location-based features, such as Provider Finder. If you withdraw consent, functionality associated with precise, real-time or network location, such as Provider Finder, may be limited.
You authorize us or our identity verification service provider to receive and use information obtained from your wireless carrier about your wireless carrier account and your wireless device, if available, for the duration of your business relationship with us, to help us identify you or your wireless device for the purpose of preventing fraud.
We may use your information that we collect unless restricted by this Policy or by law. We may use this information for a number of purposes, including but not limited to processing your requests, personalizing health products and services that may be of interest to you, and/or for site optimization and analytics. To the extent information is used consistent with this Policy or law, we may collect, use, or share the information directly or through third parties, including but not limited to business partners and third-party vendors. Personal information voluntarily provided by you will be retained in accordance with our record retention policies, subject to legal requirements, and for the purposes described in this Privacy Policy.
To the fullest extent permitted by applicable law, we may also disclose your information if we believe in good faith that doing so is necessary or appropriate to: (i) protect or defend the rights, safety or property of BCBSA or third parties (including through the enforcement of this Privacy Policy, and other applicable agreements and policies); or (ii) comply with legal and regulatory obligations (e.g., pursuant to law enforcement inquiries, subpoenas or court orders). To the fullest extent permitted by applicable law, we have complete discretion in electing to make or not make such disclosures, and to contest or not contest requests for such disclosures, all without notice to you.
If you use the features on this Website or on the websites of our business partners, you are “opting in” and agree to our collection of information as described above. You can “opt out” or prevent us from collecting PHI or personal information by not accessing this Website or using the interactive features of this Website or the websites of our business partners. You may “opt in” or “opt out” each time you access the Website. If you “opt out,” you cannot use the interactive features, such as the Provider Directory and Pharmacy Programs.
Information About Children Under 13
We do not intend that the Site will be accessed or used by minors under the age of eighteen (18), and such use and access is prohibited. Any section of www.fepblue.org that is directed to children or teens is protected by a screening mechanism to help confirm parental consent is obtained before we collect or use personal information from children under 13. We do not knowingly collect or use personal information from children under 13 without the consent of a parent or guardian.
In the event that we become aware that we have collected Personal Information from any child, we will dispose of that information in accordance with the Children’s Online Privacy Protection Act and other applicable laws and regulations. If you are a parent or guardian and you believe that your child under the age of 13 has provided us with information without your consent, please contact us at bcbswebmaster@bcbsa.com, and we will take reasonable steps to confirm that such information is deleted from our files.
Information Security
We maintain administrative, technical, and physical safeguards designed to help us protect the personal information that you provide. Notwithstanding these efforts, we cannot guarantee the confidentiality and security of this Website. Please be advised that the confidentiality of any communication or material being transmitted using the public Internet or non-secure Internet electronic communications cannot be guaranteed. Notwithstanding our security safeguards, we cannot guarantee the confidentiality and security of electronic communications. If you wish to keep your communications to us private, you should not communicate to us using the Website.
In addition to the administrative, technical, and physical safeguards that we employ, the confidentiality and security of your information depend on you, as well. If you choose to use a persistent log-in, for example, by allowing the Website to remember your user name or password, others may be able to access information through your web browser. Additionally, when you are no longer accessing features of the secured portion of the Website, you should log off of your Website session, rather than merely closing your web browser. If you are concerned about the unauthorized use or disclosure of information via your web browser, you should elect to not use the persistent log-in feature. Additionally, we recommend using a unique password for this Website and not one that is used for other websites. You are responsible for keeping all passwords used to access the secure section of the Website confidential. Under no circumstances should you share your password with or provide access to the Website for an unauthorized person or entity.
Use of the information this Website gathers/tracks
We gather and store information in the aggregate to maintain or improve our Website, and we may share that information with other areas in BCBSA, local Blue Cross and Blue Shield companies, our business partners, or with companies we hire to help us maintain or improve the Website.
Unless you specifically consent to let us do so, your personal information, including your email address, will not be sold, rented, licensed or otherwise shared with third parties, other than Blue Cross and Blue Shield companies or business partners as required to fulfill a request from you to provide you information or services as part of your contract for health benefits or to personalize products and services for you. Personal information you voluntarily provide and the information we collect will not affect your insurance coverage, eligibility, premiums or claims payment by any Blue Cross and Blue Shield company.
This Website also uses the tool “Google Analytics” to collect data on the use of this Website and help us better understand our visitors’ usage. To access Google Analytics’ privacy policy and/or opt out of being tracked by Google Analytics, please visit http://tools.google.com/dlpage/gaoptout. Website Users can also enable a privacy browser to restrict tracking by Google.
Cookies and Similar Technology Policy
What are cookies?
A cookie is a small amount of data sent from a web server to your browser and stored on your computer’s hard drive. We may use cookies to collect information and enhance your user experience on Website. The use of cookies is designed to augment your online experience via the information you provide. We use and store this information to provide you with more personalized and customized online services and to make our site more convenient, useful, valuable and appealing to you.
We may use cookies to collect information and enhance your user experience. We may use both session cookies (which expire once you close your web browser) and persistent cookies (which stay on your computer until you delete them) to provide you with a more personal and interactive experience on our Website. This type of information is collected to make the Website more useful to you and to tailor your experience with us to meet your special interests and needs. We store cookie information in aggregate form and use the aggregate information to make improvements to the Service or in internal reports on Service activity. You may modify your browser preferences to opt out of allowing cookies to be placed on your computer, however opting out cookies may affect the performance and usability of the Site. Refusing cookies disables our ability to include information about your visit in our regular monitoring of Service traffic.
We use two broad categories of cookies: (1) first party cookies, served directly by us to your computer or mobile device, which we use to recognize your computer or mobile device when it revisits our Website; and (2) third party cookies, which are served by service providers on our Website, and can be used by such service providers to recognize your computer or mobile device when it visits other websites.
Cookies we use
The Website uses the following types of cookies for the purposes set out below:
Type of cookie |
Purpose |
Essential Cookies |
These cookies are essential to provide you with services available through our Website and to enable you to use some of its features. Without these cookies, the services that you have asked for cannot be provided, and we only use these cookies to provide you with those services. |
Functionality Cookies |
These cookies allow our Website to remember choices you make when you use fepblue.org, such as remembering your language preferences, remembering your login details and remembering the changes you make on other parts of our Website which you can customize. The purpose of these cookies is to provide you with a more personal experience and to avoid you having to re-enter your preferences every time you visit fepblue.org. |
Analytics and Performance Cookies |
These cookies are used to collect information about traffic to our Website and how users use fepblue.org. The information gathered does not identify any individual visitor. The information is aggregated and anonymous. The information gathered may include the number of visitors to fepblue.org, the websites that referred them to our Website, the pages they visited on our Website, what time of day they visited our Website, whether they have visited our Website before, and other similar information. We use Google Analytics for this purpose. Google Analytics uses its own cookies. You can find out more information about Google Analytics cookies here and about how Google protects your data here. You can prevent the use of Google Analytics relating to your use of our site by downloading and installing the browser plugin available here. In addition, you can restrict tracking by enabling privacy settings on your web browser. |
Targeted and Advertising Cookies |
These cookies track your browsing habits to enable us to show advertising that is more likely to be of interest to you. These cookies use information about your browsing history to group you with other users who have similar interests. Based on that information, third party advertisers can place cookies to enable them to show advertisements that we think will be relevant to your interests while you are on third party websites. |
Social Media Cookies |
These cookies are used when you visit any public fepblue.org page. A social networking website such as Facebook, Instagram, or LinkedIn can record that you have visited this page and could use this information to serve you relevant ads that are in compliance with platform advertising policies. |
Disabling cookies
If you decide at any time that you no longer wish to accept cookies from our services for any of the purposes described above, then you can typically instruct your browser, by changing its settings, to remove or stop accepting cookies or to prompt you before accepting a cookie from the websites you visit. In order to do this, consult your browser’s technical information (instructions are usually located within the “settings,” “help” “tools” or “edit” facility). Many browsers are set to accept cookies until you change your settings.
Further information about cookies, including how to see what cookies have been set on your computer or mobile device and how to manage and delete them, visit https://allaboutcookies.org/.
If you do not accept our cookies, you may experience some inconvenience or not be able to use all portions of the services or all functionality of the services. For example, we may not be able to recognize your computer or mobile device and you may need to log in every time you visit Website.
Pixel tags
In addition, we may use pixel tags (also referred to as clear GIFs, web beacons, or web bugs) on fepblue.org to track the actions of users on the Website. Pixel tags are tiny graphic images with a unique identifier, similar in function to cookies, which are used to track online movements of web users. In contrast to cookies, which are stored on a user’s computer hard drive, pixel tags are embedded invisibly in web pages. Pixel tags also allow us to send email messages in a format that users can read, and they tell us whether emails have been opened, for example, to help confirm that we are sending messages that are of interest to our users. We may use this information to reduce or eliminate messages sent to a user.
Do not track signals
Some internet browsers may be configured to send “Do Not Track” signals to the online services that you visit. We currently do not respond to do not track signals. To find out more about “Do Not Track,” please visit http://www.allaboutdnt.com.
Third party analytics providers and ad servers
We may use third-party vendors to perform certain services on behalf of us, such as designing and/or operating the Website’s features, tracking the Website’s activities, and utilization of sharing technology that allows users to share content on this Site through social media, and analytics. We may provide these vendors with access to user information or they may directly collect your information to carry out the services they are performing for you or for us. Examples of such information may include demographic information that such third-party analytics vendors have already collected or information about how you use the Website. Third-party analytics and other service providers may set and access their own tracking technologies on your device and they may otherwise collect or have access to information about you, potentially including personal information, about you. We are not responsible for those third-party technologies or activities arising out of them.
We may work with certain third parties to provide us with information regarding traffic on Website, to serve advertisements elsewhere online, and to provide us with information regarding the use of our Website or services and the effectiveness of our advertisements. These third parties may automatically collect information about you using their own cookies or other technologies, or may otherwise collect or have access to, information about your visits to this and other websites, your IP address, your ISP, the browser you use to visit our Website and other usage information. Information collected may be used, among other things, to deliver advertising targeted to your health insurance coverage and services and to better understand the usage and visitation of our Website and the other sites tracked by these third parties. If you would like more information about this practice and to know your choices about not having this information used by these companies, you may visit: http://www.aboutads.info/choices (for website users), http://www.networkadvertising.org/managing/opt_out.asp (for website users), http://youronlinechoices.eu/ (for users in the EU), or http://youradchoices.com/appchoices (for mobile app users).
Sites we link to
If you choose to use any of the links we provide to our member companies, vendors, and other third party resources, you will be directed to a new website. Protection of your privacy at all third party websites will be governed by the privacy policy at that third party’s website. Please take the time to read the privacy policies at their websites.
We have business relationships with Blue Cross and Blue Shield member companies and other third party vendors and resources. These linking relationships are not a form of advertising or promotion, but part of the unique set of benefits available under the Blue Cross and Blue Shield Service Benefit Plan and the Blue Cross Blue Shield Association.
Our Online Communication Practices
We send communications in accordance with this Policy and applicable laws. We may use cookies or other technologies to monitor whether you open and/or click on URLs in email communications and/or electronically transmitted newsletters. We offer you appropriate consent mechanisms for communications, such as an opt-in or an opt-out. Please be aware that consent mechanisms may not apply to certain types of communications, such as account status, site updates, and other communications.
Changes to this policy
Your use of the Website constitutes your acceptance of the terms of this Privacy Policy, as may be amended or revised by us. We may update this policy from time to time. When we do, we will post the current version on this Website and we will revise the version date shown on this page. We encourage you to periodically review this policy so you will be aware of our privacy practices.
- Policy updated Feb. 1, 2024.
Make a privacy complaint
You may submit a complaint to us if you believe that we have violated your privacy rights. To make a complaint, please write or call the customer service number for your local Blue Cross and Blue Shield company and ask for the privacy contact.