The MyBlue Mobile App (“Mobile Application”) is hosted and operated by Blue Cross Blue Shield Association (“BCBSA”) as part of its contract with the Office of Personnel Management (“OPM”) to administer the Federal Employee Program (“FEP”). As such, some information collected through the mobile application may be considered “protected health information” (“PHI”), as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations.
Your privacy is important to us. BCBSA maintains high standards for the protection of your privacy on this Mobile Application. Here is what you can expect when you use this Mobile Application:
- Other than to fulfill a request from you, or to provide you information or services as part of your contract for health benefits, we won’t sell, rent, or share any personally-identifiable information (“PII”) you provide without your consent.
- We won’t send you unsolicited email (“spam”).
- No PII collected on this Mobile Application will ever be used to affect your health insurance coverage by or premiums paid to a Blue Cross and Blue Shield company.
Each of our business partners have separate privacy policies.
To use all of the features of this Mobile Application, you must have an active MyBlue account and sign in using that account information.
This Mobile Application may access or collect personal and non-personal information. This information is accessed and collected in a variety of ways, including through the operating system of your mobile device and through information you voluntarily provide through this Mobile Application.
This Mobile Application may collect the following information:
Information that Identifies You
- Information you voluntarily provide, which may include account info, name, email address, user credentials, age, address, and/or phone number
- Health, medical, or therapy information, including PHI
- Information provided by BCBSA, an affiliate, or a business partner
- Location Data such as GPS, WiFi, or carrier network location.
- User files stored on your device, such as calendar, pictures, and video files
What You Do On Your Device When You Are Using This Mobile Application
- Camera use
- Local storage
- Phone dialer
- Use of screen, such as what points are touched, frequency, etc.
- Patterns of app usage
Device or System Data
- Mobile Device Identifier, e.g., UDID, Android ID
- Technical information about your device and system and application software, e.g., type of phone, operating system (OS), and IP address
We obtain location data from your device to provide location-related services, e.g., finding a provider near you, via this Mobile Application. We do not store information about your location after the service is performed. Your location information may be shared with third-parties that we have hired to perform the location-based services of the Mobile Application, such as Provider Finder. You can withdraw consent to use precise, real-time or network location data at any time by turning off the location-based feature on your mobile device or by opting out of using any location-based features, such as Provider Finder. If you withdraw consent, functionality associated with precise, real-time or network location, such as Provider Finder, may be limited. For more information, please see the Your Choices section below.
We may use your information that we collect unless restricted by this Policy or by law. We may use this information for a number of purposes, such as processing your requests or personalizing products and services for you. The information that we collect about you may be retained indefinitely for the purposes described in this Policy.
The non-personal information collected and stored in the aggregate form is used to maintain or improve this Mobile Application. Any personal information that you voluntarily give us will be stored in a secure environment and used to provide the product, service, or information you have requested or for which you registered, or to provide you information or services as part of your contract for health benefits. Personal information that you voluntarily provide and the non-personal information that we collect in the aggregate form will not affect your insurance coverage, eligibility, premiums, or claims payment by any Blue Cross and Blue Shield company.
The list below outlines some examples of how we may use the information that we collect:
- To provide the services and functionality offered by this Mobile Application.
- To respond to requests from you.
- To provide you information or services as part of your contract for health benefits.
- To customize your experience on this Mobile Application, including managing and recording your preferences.
- To process an application as requested by you.
- To administer BCBSA surveys and promotions.
- To perform analytics and to improve our products and Mobile Application.
- To develop reports regarding usage, activity, and statistics.
- To comply with applicable laws, regulations, and legal process.
- To protect someone’s health, safety, or welfare.
- To protect our rights, the rights of affiliates or related third-parties, or take appropriate legal action, such as to enforce the MyBlue Terms and Conditions.
- To keep a record of our transactions and communications.
- To facilitate the provision of software updates and product support.
- To improve products and other services related to this Mobile Application or to provide services or technologies to you.
- To connect non-personal information we collect through this Mobile Application with personal information you provide to us.
- To contact you through information you provide through this Mobile Application, including any email address, telephone number, cell phone number, text message number, or fax number. For more information, please see the Online Communications Practices section below.
We will only share your personal information with third parties as outlined in this Policy and as permitted by law. We may share the non-personal information that we gather and store in the aggregate form with other areas in BCBSA, local Blue Cross and Blue Shield companies, our business partners, or with companies we hire to help us administer, maintain, or improve this Mobile Application. Unless you specifically consent to let us do so or as otherwise outlined in this Policy, your personal information, including your email address, will not be sold, rented, licensed, or otherwise shared with third parties, other than Blue Cross Blue Shield companies or business partners as required to fulfill a request from you or to provide you information or services as part of your contract for health benefits.
This Mobile Application may share information in the following ways with the following entities:
- To third parties at your direction and as described in this Policy and the MyBlue Terms and Conditions.
- If all or part of BCBSA is sold, merged, dissolved, acquired, or in a similar transaction.
- As required by law or to comply with a judicial proceeding, court order, or other legal process.
- To cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful.
- With other companies that perform services on our behalf or that we collaborate with. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf. Similarly, we may hire companies to help us operate our Mobile Application and related computer and software applications, including performing analytics. Or, we may share your email address and name with your mobile operating system in order for you to access the Mobile Application. Additionally, we may share information with our business partners, who work with BCBSA to provide you benefits and services. Each subcontractor that will receive any PHI to perform a service on our behalf has signed an agreement that binds them to the same restrictions on use and disclosure of your PHI with which we comply.
- Within BCBSA, we may also combine personal information that you provide us through this Mobile Application with other information we have received from you, whether online or offline, or from other sources such as from our vendors.
- With your consent, we may make information you voluntarily share within a group or chatroom available to other users. We will only make your information public to other users within certain functionalities within this Mobile Application, and only if you voluntarily choose for us to do so.
Analytics and Online Tracking
We may use various technologies to gather information from our users, such as which Mobile Application features are used and the frequency of use. We may also allow third party service providers to collect such information to provide us with analytics information. This information is automatically generated and may be combined with personal information about you.
Reviewing Your Information
This Mobile Application may permit you to view your user profile and related information and to request changes to such information. If this function is available, we will include a page or heading such as “My Profile” or similar words. Navigating to that portion of the Mobile Application will take you a page through which you may review such information.
We maintain administrative, technical, and physical safeguards designed to help us protect the personal information that you provide. Notwithstanding these efforts, we cannot guarantee the confidentiality and security of this Mobile Application. Please be advised that the confidentiality of any communication or material being transmitted using the public Internet or non-secure Internet electronic mail cannot be guaranteed, and notwithstanding our security safeguards, we cannot guarantee the confidentiality and security of electronic communications. If you wish to keep your communications to us private, you should not communicate to us using this Mobile Application.
In addition to the administrative, technical, and physical safeguards that we employ, the confidentiality and security of your information depend on you, as well. If you choose to use a persistent log-in, for example, having your user name or password be remembered, others may be able to access information through your mobile device. If you are concerned about the unauthorized use or disclosure of information via your mobile device, you should lock your mobile device when not in use or elect to not use the persistent log-in feature. Some information you provide to this Mobile Application will be stored locally on your mobile device. To prevent unauthorized use or disclosure of information via your mobile device, you should lock your mobile device when not in use or elect to not use the persistent log-in feature. Additionally, you are responsible for keeping all passwords used to access this Mobile Application confidential. Under no circumstances should you share your password with or provide access to this Mobile Application for an unauthorized person or entity.
Our Online Communication Practices
You may choose how we collect and use certain information about you:
Location Information: As described above, you can withdraw consent to use precise, real-time or network location data at any time by turning off the location-based feature on your mobile device or by opting out of using any location-based features, such as Provider Finder. If you withdraw consent, functionality associated with precise, real-time or network location, such as Provider Finder, may be limited. It is your choice whether or not to allow us to collect such information.
Other Sensitive Information: This Mobile Application may deal with other sensitive information, such as health information. For example, through certain functionalities, such as storing your digital ID card on your device or another application or sharing a PDF of your digital ID card with a person or entity of your choosing, you may direct the Mobile Application to share such information with third parties. When you share such information outside of this Mobile Application, we cannot guarantee the security of the information. It is your choice whether or not to provide to us or to share such sensitive information.
Information for Children Under 13
This Mobile Application is not for individuals under the age of 13 unless the individual’s parent or guardian has provided consent. We do not knowingly collect or use personal information from children under the age of 13 without the consent of a parent or guardian. If we learn we have collected or received personal information from a child under 13 without consent from a parent or guardian, we will delete that information. If you think that we have collected personal information from a child under the age of 13 through this Mobile Application, please contact us.
The Effective Date of this Policy is July 13, 2019.
Your Acceptance of This Policy
By using this Mobile Application, you signify your acceptance of this Policy. If you do not agree to this Policy, please do not use this Mobile Application. Your continued use of this Mobile Application following the posting of changes to this Policy will be deemed your acceptance of those changes.
Changes to this Policy
We may update this policy from time to time. When we do, we will post the current version and we will revise the version date shown on in this policy. We encourage you to periodically review this policy so you will be aware of our privacy practices.
© 2000-2019 Blue Cross Blue Shield Association. All Rights Reserved. Revised 2019.