Privacy Policies
Medicare and Medicaid
Your privacy is a major priority to us, and we take great care to protect your information. Our Privacy Policy describes the ways in which we gather and protect information, and what choices you have to control your information. To update how you receive your information, you can call Member Services or log in to your account, go to "Profile", and "Communication Preferences".
Questions
If you have questions regarding this policy or if you would like to review or change any of your information we have on file, please call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
Safeguards Policy
Various privacy laws and regulations can differ slightly on how they refer to your information. Throughout the notices on this page, information about you may be referred to as "Personally Identifiable Information" ("PII"), "Protected Health Information" ("PHI"), or as "Personal Information" ("PI"). We are committed to protecting all of your sensitive information in accordance with applicable laws and regulations.
Personally Identifiable Information (PII) is information about an individual which can be used to distinguish or trace an individual's identity (such as their name, social security number, biometric records, etc.) by itself or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, mother's name, etc. PII includes Protected Health Information (PHI), but it can also include other types of information about you, that are not related directly to healthcare.
PHI is information specifically about an individual's healthcare that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Examples of PHI can include any of the following:
- name
- medical record information
- address
- Social Security Number or equivalent identifiers (such as those assigned in other countries)
- Social Drivers of Health (also known as Social Determinants of Health), or other individually-identifiable information when associated with a member or patient
- birth date
- sex and age
- sexual orientation
- alternative gender identity
- race, ethnicity
Personal Information (PI) is a term used by many state privacy protection laws, and (depending on the state) may or may not include PII and/or PHI. Therefore, these three terms may be used interchangeably in parts of this Privacy Protection Policy.
We are committed to safeguarding the PII, PHI, and/or PI we receive from our customers and members through the use of physical, technical, and administrative safeguards.
Our policies prohibit the unlawful disclosure of PII, PHI and/or PI. We share it externally only where federal and state law allows or requires it. Internally, it’s our policy to limit the access, use and disclosure of this information to be in line with the job duties of our associates, as well as applicable law.
Our Notice of Privacy Practices further explains how your PII, PHI and/or PI is collected, how it may be used, and when it may be shared.
If you have questions about this, call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
HIPAA Notice of Privacy Practices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
Our Notice of Privacy Practices explains how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our obligations under federal and individual state regulations. By law, we're required to send our fully-insured health plan members a notice with those details.
These notices generally don't apply if you're part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.
Iowa
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Maryland
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
New Jersey
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Tennessee
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Texas
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Washington
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
West Virginia
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Arizona, Iowa, Tennessee, Texas, Washington Medicare
Wellpoint Medicare notice of privacy practices (English)
New Jersey Medicare
Wellpoint New Jersey Medicare notice of privacy practices (English)
Tennessee Medicare
Group Retiree Solutions (GRS)
Wellpoint notice of privacy practices (English)
Texas Medicare-Medicaid Plan
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Pharmacy privacy notices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
The following Notices of Privacy Practices explain how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notices reflect the pharmacy obligations under federal and individual state regulations. By law, we're required to send our members a notice with those details.
CarelonRX Services Notice of Privacy Practices
Web privacy statement
Your privacy is very important to us, and we will make every reasonable effort to safeguard any information we collect.
This privacy statement is effective January 1, 2020, and was most recently reviewed in December 2023. This privacy statement is subject to change. We encourage you to review it from time to time.
What information will we collect?
Information may be collected in the following ways on this website and application:
- If we provide user account access, you may elect to establish an account so that you can gain additional access to online service applications, health tools, health information, subscriptions, or other services where it is important for us to know who you are in order to best meet your needs. Providing personal information is always voluntary.
- We may use "cookies" and/or other web trackers to help us improve this website and application by tracking your navigation habits and to store some of your preferences. A cookie is a small file created by a website or application to store information on your computer. Cookies do not allow websites or applications to gain access to other information on your computer. Once a cookie is saved on your computer, generally only the website or application that created the cookie can read it.
- An Internet Protocol (IP) address is a number that automatically identifies the computer or mobile device that you are using to access the Internet. The IP address enables our server to send you the site pages that you want to visit or the data you want to view. The IP address may disclose the server owned by your Internet Service Provider. We use your IP address to help diagnose problems with our server and to support our administration of this website and application.
How will information be used?
Any personal information that you provide is used for the purpose for which you provide it and to better improve or customize services being provided. For example, if you use location services to find a provider near your current location, your location is used only to facilitate that function. Or if you provide us with an email address, we will only use it in a manner consistent with your consent for us to do so.
Requesting or signing up to receive information:
By submitting your email address or other contact information, you are authorizing us to send you information and educational materials about health plan options and services available to you. This authorization is voluntary and your treatment, payment, enrollment or eligibility for benefits are not conditioned on providing this authorization. You have the right to withdraw this authorization and opt-out at any time by calling toll-free at 1-844-203-3796 to be put on internal Do Not Mail and/or Do Not Email lists. It may take up to 2 weeks to process your opt-out request once it is received. Opting-out will not affect any action taken before your opt-out request is processed. You are entitled to a copy of this authorization.
We may also gather quantitative user information, such as the number of users and the pages or data accessed, in order to perform administrative, technical, hosting or other functions that help us manage our website and Application and deliver new functionality to you. We do not sell, license, transmit or disclose personal information that you provide to us to third parties except with the following exceptions:
- Upon your authorization;
- When such disclosure is necessary to allow us and our contractors or agents to carry out treatment, payment or healthcare operations; or
- When required or permitted by law.
Third parties
We may work with third-party service providers who may place third-party persistent cookies, web beacons, or similar technologies to collect anonymous information about the use of our websites and Applications. They are not permitted to collect any personal information, and this information will be solely used for web usage analysis for a better understanding of how you use our website Application, and/or to customize our content and advertising.
What if I don't want information about me collected?
Providing personal information through this website or application is optional. Personally identifiable information will not be collected from you without your knowledge and approval. You will be told when your failure to provide information might affect your ability to enroll in or use a product or service.
If you do not wish to have your activity on our website or application tracked, at any time you can opt-out to discontinue first party cookie tracking of your web activity.
You also have the choice to opt-out of third-party cookies, web beacons or similar technologies. If you do not want third-party service providers to collect your anonymous information for marketing purposes, visit the Network Advertising Initiative (NAI) website to opt-out.
Additionally, you can direct your Internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your computer, tablet or smartphone through your Internet browser settings or other programs. You can also set your browser to refuse all cookies. Please note that some parts of this website or application may not function properly or be available to you, if you refuse to accept a cookie or choose to disable the acceptance of cookies.
"Do not track" signals
We do not respond to web browser "do not track" signals. As such, your navigation of our website and Application may be tracked as part of the gathering of quantitative user information described above. If you arrive at our website or Application by way of a link from a third-party application that does respond to "do not track" requests, the recognition of any "do not track" request you have initiated will end as soon as you reach our website or application.
Use of email and fax
We may provide email and fax links to further facilitate communication for our members and their designees and caregivers. Information collected through email may be shared with our Member Services department, other associates, or third parties that perform services on our behalf. Unless otherwise noted, email through our website or Application is not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us.
Also, if you request that we email or fax information about you to someone using the email and fax capabilities in this website or application, that email or fax may not be completely secure. Please verify email addresses and fax numbers carefully before submitting such a request.
Use of text (SMS)
These Texting Terms and Conditions apply when you provide prior express consent to receive text messages from us and/or our affiliates, subsidiaries, agents, contractors, or vendors ("us" or "we" or "our"). Text messaging from us may include one-time or recurring texts related to your benefits, programs, products, services, and tools, and/or general health information. At enrollment for recurring texting programs, we specify the frequency of texts and information on how to unsubscribe and seek assistance. In all programs, you may text "STOP" to stop messaging for that program and "HELP" for help. Text messages will be sent to your mobile number using an automatic dialing system. Message and Data rates may apply.
Participation is optional. You are electing to receive PHI via text which makes the data transmitted available to your phone carrier and potentially others. We provide alternative means for communicating including phone. You understand you have these choices and have elected to opt-in for texting. We do not require that you agree to receive texts for this purpose to receive treatment, payment, or for benefits enrollment and eligibility.
If you no longer want to receive text messages from us, you will need to do this by ending enrollment in the specific texting program.
Under no circumstances will we be liable for any direct or indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or in connection with use of text messaging whether or not we have been advised of the possibility of such damages.
We do not guarantee the successful delivery of text messages by your wireless provider. Messages sent by text may not be delivered if the mobile device is not in range of a transmission site, or if sufficient network capacity is not available at a particular time. Even within a coverage area, factors beyond the control of wireless carriers may interfere with message delivery, including the terrain, proximity to buildings, foliage, weather, and the recipient's equipment. We will not be liable for losses or damages arising from (a) non-delivery, delayed delivery, or misdirected delivery of a text message; (b) inaccurate or incomplete content in a text message; or (c) use or reliance on the content of any text message for any purpose.
Please notify us immediately if your mobile number changes. We are not liable for any communication or transmission of information by text which happens because you did not report that your mobile number changed. Password-protecting mobile device(s) and enabling encryption, if available, is recommended.
Text messages may include protected health information (PHI). Since text messaging is unencrypted, there is a risk that this PHI could be intercepted or viewed by third parties, including others who access your device. When you choose to receive text messages from us, you do so at your own risk. Once texted, your information may no longer be regulated under HIPAA's Privacy Rule.
Linking to other sites
From time to time we will provide links to websites or applications not owned or controlled by us. We do this because we think the information might be of interest or use to you. A link to a third-party website or application does not constitute or imply endorsement by us. We cannot guarantee the quality or accuracy of information presented on third-party websites or applications. While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of third-party websites or applications. We encourage you to review the privacy practices of any website or application you visit.
Privacy guidance when selecting third-party apps to receive your information (interoperability support)
Third-party apps privacy guidance
Privacy authorization forms
We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable healthcare and demographic information called Protected Health Information (PHI) for Treatment, Payment and Healthcare Operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to grant permission for others to see your PHI.
You may choose to allow your PHI to be disclosed to someone outside our company. To do this, fill out the appropriate form below and send to the address on the back of your member ID card. If you do not have an ID card, call us at 317-488-6000 .
The following is a list of our state-specific Privacy Authorization Forms:
To view the forms if you don't already have it, download Adobe Acrobat Reader for free.
WellPoint Member Authorization Form
WellPoint Designation of Representative Form
Contacting you
We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls/texts may be to let you know about treatment options or other health-related benefits and services.
If you do not want to be contacted by phone, just let the caller know and we won't reach out this way in the future. You may opt out of text messages as well by replying Stop. You may also call toll-free at 844-203-3796 to place your phone number on our internal Do Not Call list.
Contacting the privacy office
There are several ways to contact the Privacy Office.
To update how you receive your information, call Member Services on the back of your member ID card or log in to your account, go to "Profile", and then "Communication Preferences".
To contact us if you need to report a privacy issue, you can:
- Call Member Services at the toll-free number on your member ID card or log in to start a Live Chat for all other questions.
- Write to the Privacy Office at:
Privacy Office
220 Virgina Ave
Indianapolis, IN 46204 - Or email the Privacy Office at Privacy.Office@wellpoint.com
California Consumer Privacy Act (CCPA) privacy notice
This privacy notice is not applicable to Wellpoint's health plans. Wellpoint health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.
Confidential communications of medical information (CCMI)
Your Right to Request Confidential Communications of Medical Information (CCMI) and our Obligation to Protect the Confidentiality of Sensitive Services Information For a Protected Individual.
California law says subscribers and enrollees ("members") of a healthcare service plan ("plan") can choose how they would like the plan to communicate with them. They can provide the address, email, or telephone number they'd like the plan to use. That's how the plan will contact them about medical details, healthcare providers, and other plan information.
A subscriber is the person who is responsible for plan payments or is eligible for the plan based on their job or other qualifications. An enrollee is a person covered by the plan or who receives services from it.
California also has special communication rules for protected individuals. They are covered adults or minors who can consent to care without permission from a parent or legal guardian. Protected individuals must be able to give informed consent for healthcare services.
Under California law, plans can't tell the primary policyholder that a protected individual received sensitive services, unless they have the recipient's permission. Sensitive services are all healthcare services related to mental or behavioral health; sexual and reproductive health; sexually transmitted infections; substance use disorder; gender-affirming care; intimate partner violence; or other care outlined by law.
Protected individuals can ask a plan to contact them about sensitive services at a different address, email, or phone number. If they don't provide one, the plan will contact them by name using the method on file.
Members will be given details about the confidential communication request process when they enroll in or renew a plan. They can also submit a CCMI request by calling the Member Services toll free number on their Member ID card. The plan will honor their request until the member asks for it to be changed. The plan will send a confirmation letter to the member to let them know their confidential communications request was received. The member can ask for the status of their request by contacting the plan.
Health information exchanges
We may share and/or receive your information through health information exchanges (HIE) or through direct connections, which allow doctors, hospitals, and payers to view/share your health information quickly and easily for treatment, payment, or healthcare operations. These data exchanges can improve the speed, quality, safety, and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.
If you want more information about having health information passed through the exchanges and how you can exercise your rights as it relates to those exchanges you may contact the HIE directly at the following links:
- California: Manifest MedEx
- Indiana: Indiana Health Information Exchange
- Maryland: Chesapeake Regional Information Systems for Patients
- Michigan and Indiana: Michiana Health Information Network
- Nevada: HealtHIE Nevada
- New York City and Long Island: Healthix
- Ohio: CliniSync Health Information Exchange
- Tennessee: Tennessee eHealth Information Exchange
Consumer privacy protection
There are many sources for information on privacy. These government websites feature frequently updated information on privacy policies and statutes.
Federal Trade Commission (FTC)
Massachusetts Group Insurance Commission (GIC)
Privacy Protection Policy
We appreciate your interest in us and hope to make your online experience enjoyable and secure. Your privacy is very important to us and we will make every reasonable effort to safeguard any information we collect.
Personal Information (Including Social Security Number) Privacy Protection Policy
We are committed to safeguarding the Personal Information we receive from our customers and associates. We impose standards to maintain the confidentiality of Personal Information. And we use physical, technical, and administrative safeguards to protect it.
Personal Information is information that can be connected to you through certain identifiers that can include name, Social Security number (SSN), driver’s license, state identification card, account, credit/debit card, passport or alien registration numbers — among other items. Personal Information does NOT include publicly available information that is lawfully made available to the general public from federal, state or local government records or widely distributed media.
Our policies prohibit the unlawful disclosure of Personal Information. We share it externally only where federal and state law allows or requires it. Internally, it’s our policy to limit the access, use and disclosure of Personal Information to be in line with the job duties our associates, as well as applicable law.
If you have questions about this, call Member Services at the toll-free number on the back of your ID card.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) Notice of Privacy Practices
The GIC’s Notice of Privacy Practices explains how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our obligations under Federal and individual State regulations. By law, we’re required to send our fully-insured health plan members a notice with those details.
These notices generally don’t apply if you’re part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.
Group Insurance Commission (GIC) Notice of Privacy Practices
Contacting the Privacy Office
Contact us if you have a privacy question or need to report a privacy issue.
Call Member Services at the toll-free number on the back of your ID card.
Write to the Privacy Office at:
CO0109-0903
700 Broadway
Denver, CO 80273
Email the Privacy Office at Privacy.Office@wellpoint.com
California Consumer Privacy Act (CCPA) Privacy Notice
(Note: This privacy notice is not applicable to Wellpoint’s health plans. Wellpoint health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.)
California Consumer Privacy Act (CCPA) Privacy Notice
Privacy Authorization Forms
We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable health care and demographic information called Protected Health Information (PHI) for Treatment, Payment and Health care operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to define who can see your PHI.
If you would like your PHI disclosed with someone outside our company, fill out the Designation of Representative/Authorization Form and send the form to the address on the back of your ID card. Or, if you do not have an ID card, call us at 833-663-4176 (non-Medicare members) or 800-442-9300 (Medicare members). If you don’t already have it, download Adobe Acrobat Reader for free (you need it to view the forms).
Contacting You
We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls may be to let you know about treatment options or other health-related benefits and services. If you do not want to be contacted by phone, just let the caller know and we won’t reach out this way in the future.
Web Privacy Statement
Your privacy is very important to us and we will make every reasonable effort to safeguard any information we collect.
What Information Will We Collect?
Information may be collected in the following ways on this Application:
- If we provide user account access, you may elect to establish an account so that you can gain additional access to online service applications, health tools, health information, subscriptions or other services where it is important for us to know who you are in order to best meet your needs. Providing personal information is always voluntary.
- We may use “cookies” to help us improve this Application by tracking your navigation habits and to store some of your preferences. A cookie is a small file created by a website or application to store information on your computer. Cookies do not allow websites or applications to gain access to other information on your computer. Once a cookie is saved on your computer, generally only the website or application that created the cookie can read it.
- An Internet Protocol (IP) address is a number that automatically identifies the computer or mobile device that you are using to access the Internet. The IP address enables our server to send you the site pages that you want to visit or the data you want to view. The IP address may disclose the server owned by your Internet Service Provider. We use your IP address to help diagnose problems with our server and to support our administration of this Application.
How Will Information Be Used?
Any personal information that you provide is used for the purpose for which you provide it. For example, if you use location services to find a provider near your current location, your location is used only to facilitate that function. Or if you provide us with an email address we will use it only for the types of communications we identify on that location of the Application where you give us your email address.
We may also gather quantitative user information, such as the number of users and the pages or data accessed, in order to perform administrative, technical, hosting or other functions that help us manage our Application and deliver new functionality to you. We do not sell, license, transmit or disclose personal information that you provide to us to third parties except with the following exceptions:
Upon your authorization
When such disclosure is necessary to allow us and our contractors or agents to carry out treatment, payment or health care operations.
When required or permitted by law
Third Parties
We may work with third party service providers who may place third party persistent cookies, web beacons, or similar technologies to collect anonymous information about the use of our Applications. They are not permitted to collect any personal information, and this information will be solely used for web usage analysis for a better understanding of how you use our Application, and/or to customize our content and advertising.
What If I Don’t Want Information About Me to Be Collected?
We may work with third party service providers who may place third party. Providing personal information through this Application is optional. Personally identifiable information will not be collected from you without your knowledge and approval.
If you do not wish to have your activity on our Application tracked, you can opt-out at any time here to discontinue first party cookie tracking of your web activity.
You also have the choice to opt-out of third-party cookies, web beacons or similar technologies, if you do not want third party service providers to collect your anonymous information for marketing purposes, visit the Network Advertising Initiative (NAI) website to perform the opt-out.
Additionally, you can direct your Internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your computer, tablet or smartphone through your Internet browser settings or other programs. You can also set your browser to refuse all cookies. Please note that some parts of this Application may not function properly or be available to you, if you refuse to accept a cookie or choose to disable the acceptance of cookies.
"Do Not Track" Signals
We do not respond to web browser “do not track” signals. As such, your navigation of our Application may be tracked as part of the gathering of quantitative user information described above. If you arrive at our Application by way of a link from a third-party application that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our Application.
Use of Email and Fax
We may provide email and fax links to further facilitate communication for our members and their designees and caregivers. Information collected through email may be shared with our Member Services department, other associates, or third parties that perform services on our behalf. Unless otherwise noted, email through our Application is not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us.
Also, if you request that we email or fax information about you to someone using the email and fax capabilities in this Application, that email or fax may not be completely secure. Please verify email addresses and fax numbers carefully before submitting such a request.
Linking to Other Applications
From time to time we will provide links to websites or applications not owned or controlled by us. We do this because we think the information might be of interest or use to you. A link to a third-party website or application does not constitute or imply endorsement by us. We cannot guarantee the quality or accuracy of information presented on third party websites or applications. While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of third-party websites or applications. We encourage you to review the privacy practices of any website or application you visit.
Health Information Exchanges
We may share your information with health information exchanges, which allow doctors, hospitals and payers to view/share your health information quickly and easily — for treatment, payment or health care operations. These exchanges can improve the speed, quality, safety and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.
If you have questions regarding this policy or if you would like to review or change any of your personal information we have on file, please call us at the number on the back of your ID card.
This privacy statement is effective January 1, 2014 and was most recently revised February 21, 2024. This privacy statement is subject to change. We encourage you to review it from time to time.
Consumer Privacy Protection
Individual & Family
Your privacy is a major priority to us, and we take great care to protect your information. Our Privacy Policy describes the ways in which we gather and protect information, and what choices you have to control your information. To update how you receive your information, you can call Member Services or log in to your account, go to "Profile", and "Communication Preferences".
Questions
If you have questions regarding this policy or if you would like to review or change any of your information we have on file, please call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
Safeguards Policy
Various privacy laws and regulations can differ slightly on how they refer to your information. Throughout the notices on this page, information about you may be referred to as "Personally Identifiable Information" ("PII"), "Protected Health Information" ("PHI"), or as "Personal Information" ("PI"). We are committed to protecting all of your sensitive information in accordance with applicable laws and regulations.
Personally Identifiable Information (PII) is information about an individual which can be used to distinguish or trace an individual's identity (such as their name, social security number, biometric records, etc.) by itself or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, mother's name, etc. PII includes Protected Health Information (PHI), but it can also include other types of information about you, that are not related directly to healthcare.
PHI is information specifically about an individual's healthcare that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Examples of PHI can include any of the following:
- name
- medical record information
- address
- Social Security Number or equivalent identifiers (such as those assigned in other countries)
- Social Drivers of Health (also known as Social Determinants of Health), or other individually-identifiable information when associated with a member or patient
- birth date
- sex and age
- sexual orientation
- alternative gender identity
- race, ethnicity
Personal Information (PI) is a term used by many state privacy protection laws, and (depending on the state) may or may not include PII and/or PHI. Therefore, these three terms may be used interchangeably in parts of this Privacy Protection Policy.
We are committed to safeguarding the PII, PHI, and/or PI we receive from our customers and members through the use of physical, technical, and administrative safeguards.
Our policies prohibit the unlawful disclosure of PII, PHI and/or PI. We share it externally only where federal and state law allows or requires it. Internally, it’s our policy to limit the access, use and disclosure of this information to be in line with the job duties of our associates, as well as applicable law.
Our Notice of Privacy Practices further explains how your PII, PHI and/or PI is collected, how it may be used, and when it may be shared.
If you have questions about this, call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
HIPAA Notice of Privacy Practices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
Our Notice of Privacy Practices explains how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our obligations under federal and individual state regulations. By law, we're required to send our fully-insured health plan members a notice with those details.
These notices generally don't apply if you're part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.
Wellpoint notice of privacy practices (English)
Wellpoint notice of privacy practices (Spanish)
Pharmacy privacy notices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
The following Notices of Privacy Practices explain how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notices reflect the pharmacy obligations under federal and individual state regulations. By law, we're required to send our members a notice with those details.
CarelonRX Services Notice of Privacy Practices
Web privacy statement
Your privacy is very important to us, and we will make every reasonable effort to safeguard any information we collect.
This privacy statement is effective January 1, 2020, and was most recently reviewed in December 2023. This privacy statement is subject to change. We encourage you to review it from time to time.
What information will we collect?
Information may be collected in the following ways on this website and application:
- If we provide user account access, you may elect to establish an account so that you can gain additional access to online service applications, health tools, health information, subscriptions, or other services where it is important for us to know who you are in order to best meet your needs. Providing personal information is always voluntary.
- We may use "cookies" and/or other web trackers to help us improve this website and application by tracking your navigation habits and to store some of your preferences. A cookie is a small file created by a website or application to store information on your computer. Cookies do not allow websites or applications to gain access to other information on your computer. Once a cookie is saved on your computer, generally only the website or application that created the cookie can read it.
- An Internet Protocol (IP) address is a number that automatically identifies the computer or mobile device that you are using to access the Internet. The IP address enables our server to send you the site pages that you want to visit or the data you want to view. The IP address may disclose the server owned by your Internet Service Provider. We use your IP address to help diagnose problems with our server and to support our administration of this website and application.
How will information be used?
Any personal information that you provide is used for the purpose for which you provide it and to better improve or customize services being provided. For example, if you use location services to find a provider near your current location, your location is used only to facilitate that function. Or if you provide us with an email address, we will only use it in a manner consistent with your consent for us to do so.
Requesting or signing up to receive information:
By submitting your email address or other contact information, you are authorizing us to send you information and educational materials about health plan options and services available to you. This authorization is voluntary and your treatment, payment, enrollment or eligibility for benefits are not conditioned on providing this authorization. You have the right to withdraw this authorization and opt-out at any time by calling toll-free at 1-844-203-3796 to be put on internal Do Not Mail and/or Do Not Email lists. It may take up to 2 weeks to process your opt-out request once it is received. Opting-out will not affect any action taken before your opt-out request is processed. You are entitled to a copy of this authorization.
We may also gather quantitative user information, such as the number of users and the pages or data accessed, in order to perform administrative, technical, hosting or other functions that help us manage our website and Application and deliver new functionality to you. We do not sell, license, transmit or disclose personal information that you provide to us to third parties except with the following exceptions:
- Upon your authorization;
- When such disclosure is necessary to allow us and our contractors or agents to carry out treatment, payment or healthcare operations; or
- When required or permitted by law.
Third parties
We may work with third-party service providers who may place third-party persistent cookies, web beacons, or similar technologies to collect anonymous information about the use of our websites and Applications. They are not permitted to collect any personal information, and this information will be solely used for web usage analysis for a better understanding of how you use our website Application, and/or to customize our content and advertising.
What if I don't want information about me collected?
Providing personal information through this website or application is optional. Personally identifiable information will not be collected from you without your knowledge and approval. You will be told when your failure to provide information might affect your ability to enroll in or use a product or service.
If you do not wish to have your activity on our website or application tracked, at any time you can opt-out to discontinue first party cookie tracking of your web activity.
You also have the choice to opt-out of third-party cookies, web beacons or similar technologies. If you do not want third-party service providers to collect your anonymous information for marketing purposes, visit the Network Advertising Initiative (NAI) website to opt-out.
Additionally, you can direct your Internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your computer, tablet or smartphone through your Internet browser settings or other programs. You can also set your browser to refuse all cookies. Please note that some parts of this website or application may not function properly or be available to you, if you refuse to accept a cookie or choose to disable the acceptance of cookies.
"Do not track" signals
We do not respond to web browser "do not track" signals. As such, your navigation of our website and Application may be tracked as part of the gathering of quantitative user information described above. If you arrive at our website or Application by way of a link from a third-party application that does respond to "do not track" requests, the recognition of any "do not track" request you have initiated will end as soon as you reach our website or application.
Use of email and fax
We may provide email and fax links to further facilitate communication for our members and their designees and caregivers. Information collected through email may be shared with our Member Services department, other associates, or third parties that perform services on our behalf. Unless otherwise noted, email through our website or Application is not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us.
Also, if you request that we email or fax information about you to someone using the email and fax capabilities in this website or application, that email or fax may not be completely secure. Please verify email addresses and fax numbers carefully before submitting such a request.
Use of text (SMS)
These Texting Terms and Conditions apply when you provide prior express consent to receive text messages from us and/or our affiliates, subsidiaries, agents, contractors, or vendors ("us" or "we" or "our"). Text messaging from us may include one-time or recurring texts related to your benefits, programs, products, services, and tools, and/or general health information. At enrollment for recurring texting programs, we specify the frequency of texts and information on how to unsubscribe and seek assistance. In all programs, you may text "STOP" to stop messaging for that program and "HELP" for help. Text messages will be sent to your mobile number using an automatic dialing system. Message and Data rates may apply.
Participation is optional. You are electing to receive PHI via text which makes the data transmitted available to your phone carrier and potentially others. We provide alternative means for communicating including phone. You understand you have these choices and have elected to opt-in for texting. We do not require that you agree to receive texts for this purpose to receive treatment, payment, or for benefits enrollment and eligibility.
If you no longer want to receive text messages from us, you will need to do this by ending enrollment in the specific texting program.
Under no circumstances will we be liable for any direct or indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or in connection with use of text messaging whether or not we have been advised of the possibility of such damages.
We do not guarantee the successful delivery of text messages by your wireless provider. Messages sent by text may not be delivered if the mobile device is not in range of a transmission site, or if sufficient network capacity is not available at a particular time. Even within a coverage area, factors beyond the control of wireless carriers may interfere with message delivery, including the terrain, proximity to buildings, foliage, weather, and the recipient's equipment. We will not be liable for losses or damages arising from (a) non-delivery, delayed delivery, or misdirected delivery of a text message; (b) inaccurate or incomplete content in a text message; or (c) use or reliance on the content of any text message for any purpose.
Please notify us immediately if your mobile number changes. We are not liable for any communication or transmission of information by text which happens because you did not report that your mobile number changed. Password-protecting mobile device(s) and enabling encryption, if available, is recommended.
Text messages may include protected health information (PHI). Since text messaging is unencrypted, there is a risk that this PHI could be intercepted or viewed by third parties, including others who access your device. When you choose to receive text messages from us, you do so at your own risk. Once texted, your information may no longer be regulated under HIPAA's Privacy Rule.
Linking to other sites
From time to time we will provide links to websites or applications not owned or controlled by us. We do this because we think the information might be of interest or use to you. A link to a third-party website or application does not constitute or imply endorsement by us. We cannot guarantee the quality or accuracy of information presented on third-party websites or applications. While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of third-party websites or applications. We encourage you to review the privacy practices of any website or application you visit.
Privacy guidance when selecting third-party apps to receive your information (interoperability support)
Third-party apps privacy guidance
Privacy authorization forms
We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable healthcare and demographic information called Protected Health Information (PHI) for Treatment, Payment and Healthcare Operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to grant permission for others to see your PHI.
You may choose to allow your PHI to be disclosed to someone outside our company. To do this, fill out the appropriate form below and send to the address on the back of your member ID card. If you do not have an ID card, call us at 317-488-6000.
The following is a list of our state-specific Privacy Authorization Forms:
To view the forms if you don't already have it, download Adobe Acrobat Reader for free.
WellPoint Member Authorization Form
WellPoint Designation of Representative Form
Contacting you
We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls/texts may be to let you know about treatment options or other health-related benefits and services.
If you do not want to be contacted by phone, just let the caller know and we won't reach out this way in the future. You may opt out of text messages as well by replying Stop. You may also call toll-free at 844-203-3796 to place your phone number on our internal Do Not Call list.
Contacting the privacy office
There are several ways to contact the Privacy Office.
To update how you receive your information, call Member Services on the back of your member ID card or log in to your account, go to "Profile", and then "Communication Preferences".
To contact us if you need to report a privacy issue, you can:
- Call Member Services at the toll-free number on your member ID card or log in to start a Live Chat for all other questions.
- Write to the Privacy Office at:
Privacy Office
220 Virgina Ave
Indianapolis, IN 46204 - Or email the Privacy Office at Privacy.Office@wellpoint.com
California Consumer Privacy Act (CCPA) privacy notice
This privacy notice is not applicable to Wellpoint's health plans. Wellpoint health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.
Confidential communications of medical information (CCMI)
Your Right to Request Confidential Communications of Medical Information (CCMI) and our Obligation to Protect the Confidentiality of Sensitive Services Information For a Protected Individual.
California law says subscribers and enrollees ("members") of a healthcare service plan ("plan") can choose how they would like the plan to communicate with them. They can provide the address, email, or telephone number they'd like the plan to use. That's how the plan will contact them about medical details, healthcare providers, and other plan information.
A subscriber is the person who is responsible for plan payments or is eligible for the plan based on their job or other qualifications. An enrollee is a person covered by the plan or who receives services from it.
California also has special communication rules for protected individuals. They are covered adults or minors who can consent to care without permission from a parent or legal guardian. Protected individuals must be able to give informed consent for healthcare services.
Under California law, plans can't tell the primary policyholder that a protected individual received sensitive services, unless they have the recipient's permission. Sensitive services are all healthcare services related to mental or behavioral health; sexual and reproductive health; sexually transmitted infections; substance use disorder; gender-affirming care; intimate partner violence; or other care outlined by law.
Protected individuals can ask a plan to contact them about sensitive services at a different address, email, or phone number. If they don't provide one, the plan will contact them by name using the method on file.
Members will be given details about the confidential communication request process when they enroll in or renew a plan. They can also submit a CCMI request by calling the Member Services toll free number on their Member ID card. The plan will honor their request until the member asks for it to be changed. The plan will send a confirmation letter to the member to let them know their confidential communications request was received. The member can ask for the status of their request by contacting the plan.
Health information exchanges
We may share and/or receive your information through health information exchanges (HIE) or through direct connections, which allow doctors, hospitals, and payers to view/share your health information quickly and easily for treatment, payment, or healthcare operations. These data exchanges can improve the speed, quality, safety, and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.
If you want more information about having health information passed through the exchanges and how you can exercise your rights as it relates to those exchanges you may contact the HIE directly at the following links:
- California: Manifest MedEx
- Indiana: Indiana Health Information Exchange
- Florida: Encounter Notification Service (ENS)
- Maryland: Chesapeake Regional Information Systems for Patients
- Michigan and Indiana: Michiana Health Information Network
- Nevada: HealtHIE Nevada
- New York City and Long Island: Healthix
- Ohio: CliniSync Health Information Exchange
- Tennessee: Tennessee eHealth Information Exchange
- Texas: Greater Houston HealthConnect
CA Data Exchange Framework
As required by California law, Anthem Blue Cross participates in the California Data Exchange Framework (“California DxF”). This exchange facilitates secure sharing of patient's health information among healthcare entities, enabling comprehensive care. Please visit the state website https://dxf.chhs.ca.gov/ for more information. To opt-out of California DxF, log into your digital health account and modify your profile preferences. If you don't have an account or have any additional questions, please call our Member Services phone number included on your ID Card . Medicaid members can't opt-out from California DxF.
Consumer privacy protection
There are many sources for information on privacy. These government websites feature frequently updated information on privacy policies and statutes.
Federal Trade Commission (FTC)
1"Health care service plan" or "specialized health care service plan" means either of the following: (1) Any person who undertakes to arrange for the provision of health care services to subscribers or enrollees, or to pay for or to reimburse any part of the cost for those services, in return for a prepaid or periodic charge paid by or on behalf of the subscribers or enrollees. (2) Any person, whether located within or outside of this state, who solicits or contracts with a subscriber or enrollee in this state to pay for or reimburse any part of the cost of, or who undertakes to arrange or arranges for, the provision of health care services that are to be provided wholly or in part in a foreign country in return for a prepaid or periodic charge paid by or on behalf of the subscriber or enrollee.