Effective December 15, 2022
If you have questions regarding this policy or if you would like to review or change any of your information we have on file, please call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
This privacy statement is effective December 15, 2022. This privacy statement is subject to change. We encourage you to review it from time to time.
Personally identifiable information (PII) privacy protection policy
Various privacy laws and regulations can differ slightly on how they refer to your information. Throughout the notices on this page, information about you may be referred to as “Personally Identifiable Information” (“PII”), “Protected Health Information” (“PHI”), or as “Personal Information” (“PI”). We are committed to protecting all of your sensitive information in accordance with applicable laws and regulations.
Personally Identifiable Information (PII) is information about an individual which can be used to distinguish or trace an individual’s identity (such as their name, social security number, biometric records, etc.) by itself or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, mother’s name, etc. PII includes Protected Health Information or PHI, but it can also include other types of information about you, that are not related directly to healthcare.
Protected Health Information (PHI) is information specifically about an individual’s healthcare that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
Examples of PHI can include any of the following:
- medical record information
- Social Security Number or equivalent identifiers (such as those assigned in other countries)
- Social Drivers of Health (also known sometimes as Social Determinants of Health), or other individually-identifiable information when associated with a member or patient
- birth date
- sex and age
- sexual orientation
- alternative gender identity
- race, ethnicity
Personal Information (PI) is a term used by many state privacy protection laws, and (depending on the state) may or may not include PII and/or PHI. Therefore, these three terms may be used interchangeably in parts of this Privacy Protection Policy.
We are committed to safeguarding the PII, PHI, and/or PI we receive from our customers and members through the use of physical, technical, and administrative safeguards.
Our policies prohibit the unlawful disclosure of PII, PHI and/or PI. We share it externally only where federal and state law allows or requires it. Internally, it’s our policy to limit the access, use and disclosure of this information to be in line with the job duties of our associates, as well as applicable law.
Our Notice of Privacy Practices further explains how your PII, PHI and/or PI is collected, how it may be used, and when it may be shared.
If you have questions about this, call Member Services at the toll-free number on your member ID card or log in to start a Live Chat.
HIPAA notice of privacy practices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
Our Notice of Privacy Practices explains how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our obligations under federal and individual state regulations. By law, we’re required to send our fully-insured health plan members a notice with those details.
These notices generally don’t apply if you’re part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.
Wellpoint notice of privacy practices (English)
Pharmacy privacy notices
Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices
The following Notices of Privacy Practices explain how your health information may be used and/or disclosed and how to access this information in accordance with HIPAA, an important federal privacy law. The notices reflect the pharmacy obligations under federal and individual state regulations. By law, we’re required to send our members a notice with those details.
CarelonRx home delivery pharmacy notice of privacy practices
Web privacy statement
Your privacy is very important to us, and we will make every reasonable effort to safeguard any information we collect.
What information will we collect?
Information may be collected in the following ways on this website and application:
- If we provide user account access, you may elect to establish an account so that you can gain additional access to online service applications, health tools, health information, subscriptions, or other services where it is important for us to know who you are in order to best meet your needs. Providing personal information is always voluntary.
- We may use “cookies” to help us improve this website and application by tracking your navigation habits and to store some of your preferences. A cookie is a small file created by a website or application to store information on your computer. Cookies do not allow websites or applications to gain access to other information on your computer. Once a cookie is saved on your computer, generally only the website or application that created the cookie can read it.
- An Internet Protocol (IP) address is a number that automatically identifies the computer or mobile device that you are using to access the Internet. The IP address enables our server to send you the site pages that you want to visit or the data you want to view. The IP address may disclose the server owned by your Internet Service Provider. We use your IP address to help diagnose problems with our server and to support our administration of this website and application.
How will information be used?
Any personal information that you provide is used for the purpose for which you provide it. For example, if you use location services to find a provider near your current location, your location is used only to facilitate that function. Or if you provide us with an email address, we will only use it in a manner consistent with your consent for us to do so.
We may also gather quantitative user information, such as the number of users and the pages or data accessed, in order to perform administrative, technical, hosting or other functions that help us manage our website and Application and deliver new functionality to you. We do not sell, license, transmit or disclose personal information that you provide to us to third parties except with the following exceptions:
- Upon your authorization;
- When such disclosure is necessary to allow us and our contractors or agents to carry out treatment, payment or healthcare operations; or
- When required or permitted by law.
We may work with third-party service providers who may place third-party persistent cookies, web beacons, or similar technologies to collect anonymous information about the use of our websites and Applications. They are not permitted to collect any personal information, and this information will be solely used for web usage analysis for a better understanding of how you use our website Application, and/or to customize our content and advertising.
What if I don't want information about me collected?
Providing personal information through this website or application is optional. Personally identifiable information will not be collected from you without your knowledge and approval. You will be told when your failure to provide information might affect your ability to enroll in or use a product or service.
If you do not wish to have your activity on our website or application tracked, at any time you can opt-out to discontinue first party cookie tracking of your web activity.
You also have the choice to opt-out of third-party cookies, web beacons or similar technologies. If you do not want third-party service providers to collect your anonymous information for marketing purposes, visit the Network Advertising Initiative (NAI) website to opt-out.
Additionally, you can direct your Internet browser to notify you and seek approval whenever a cookie is being sent to your hard drive. You may also delete a cookie manually from your computer, tablet or smartphone through your Internet browser settings or other programs. You can also set your browser to refuse all cookies. Please note that some parts of this website or application may not function properly or be available to you, if you refuse to accept a cookie or choose to disable the acceptance of cookies.
"Do not track" signals
We do not respond to web browser “do not track” signals. As such, your navigation of our website and Application may be tracked as part of the gathering of quantitative user information described above. If you arrive at our website or Application by way of a link from a third-party application that does respond to “do not track” requests, the recognition of any “do not track” request you have initiated will end as soon as you reach our website or application.
Use of email and fax
We may provide email and fax links to further facilitate communication for our members and their designees and caregivers. Information collected through email may be shared with our Member Services department, other associates, or third parties that perform services on our behalf. Unless otherwise noted, email through our website or Application is not a completely secure and confidential means of communication. Non-encrypted email may be accessed and viewed by other Internet users without your knowledge and permission while in transit to us.
Also, if you request that we email or fax information about you to someone using the email and fax capabilities in this website or application, that email or fax may not be completely secure. Please verify email addresses and fax numbers carefully before submitting such a request.
Use of text (SMS)
These Texting Terms and Conditions apply when you provide prior express consent to receive text messages from us and/or our affiliates, subsidiaries, agents, contractors, or vendors ("us" or "we" or "our'). Text messaging from us may include one-time or recurring texts related to your benefits, programs, products, services, and tools, and/or general health information. At enrollment for recurring texting programs, we specify the frequency of texts and information on how to unsubscribe and seek assistance. In all programs, you may text “STOP” to stop messaging for that program and "HELP" for help. Text messages will be sent to your mobile number using an automatic dialing system. Message and Data rates may apply.
Participation is optional. You are electing to receive PHI via text which makes the data transmitted available to your phone carrier and potentially others. We provide alternative means for communicating including phone. You understand you have these choices and have elected to opt-in for texting. We do not require that you agree to receive texts for this purpose to receive treatment, payment, or for benefits enrollment and eligibility.
If you no longer want to receive text messages from us, you will need to do this by ending enrollment in the specific texting program.
Under no circumstances will we be liable for any direct or indirect, incidental, consequential, special, exemplary, or punitive damages arising out of or in connection with use of text messaging whether or not we have been advised of the possibility of such damages.
We do not guarantee the successful delivery of text messages by your wireless provider. Messages sent by text may not be delivered if the mobile device is not in range of a transmission site, or if sufficient network capacity is not available at a particular time. Even within a coverage area, factors beyond the control of wireless carriers may interfere with message delivery, including the terrain, proximity to buildings, foliage, weather, and the recipient's equipment. We will not be liable for losses or damages arising from (a) non-delivery, delayed delivery, or misdirected delivery of a text message; (b) inaccurate or incomplete content in a text message; or (c) use or reliance on the content of any text message for any purpose.
Please notify us immediately if your mobile number changes. We are not liable for any communication or transmission of information by text which happens because you did not report that your mobile number changed. Password-protecting mobile device(s) and enabling encryption, if available, is recommended.
Text messages may include protected health information (PHI). Since text messaging is unencrypted, there is a risk that this PHI could be intercepted or viewed by third parties, including others who access your device. When you choose to receive text messages from us, you do so at your own risk. Once texted, your information may no longer be regulated under HIPAA’s Privacy Rule.
Linking to other sites
From time to time we will provide links to websites or applications not owned or controlled by us. We do this because we think the information might be of interest or use to you. A link to a third-party website or application does not constitute or imply endorsement by us. We cannot guarantee the quality or accuracy of information presented on third-party websites or applications. While we do our best to ensure your privacy, we cannot be responsible for the privacy practices of third-party websites or applications. We encourage you to review the privacy practices of any website or application you visit.
Privacy guidance when selecting third-party apps to receive your information (interoperability support).
Privacy authorization forms
We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable healthcare and demographic information called Protected Health Information (PHI) for Treatment, Payment and Healthcare Operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to grant permission for others to see your PHI.
You may choose to allow your PHI to be disclosed to someone outside our company. To do this, fill out the appropriate form below and send to the address on the back of your member ID card. If you do not have an ID card, call us at 317-488-6000.
To view the forms if you don’t already have it, download Adobe Acrobat Reader for free.
Privacy authorization form (English)
We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls may be to let you know about treatment options or other health-related benefits and services.
If you do not want to be contacted by phone, just let the caller know and we won’t reach out this way in the future. You may also call toll-free at 844-203-3796 to place your phone number on our internal Do Not Call list
Contacting the privacy office
There are several ways to contact the Privacy Office.
To update how you receive your information, call Member Services on the back of your member ID card or log in to your account, go to "Profile," and then "Communication Preferences."
To contact us if you need to report a privacy issue, you can:
- Call Member Services at the toll-free number on your member ID card or log in to start a Live Chat for all other questions.
- Write to the Privacy Office at:
Denver, CO 80273
- Or email the Privacy Office at Privacy.Office@wellpoint.com
California Consumer Privacy Act (CCPA) privacy notice
This privacy notice is not applicable to Wellpoint’s health plans. Wellpoint health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.
Confidential communications of medical information (CCMI)
Your Right to Request Confidential Communications of Medical Information (CCMI) and our Obligation to Protect the Confidentiality of Sensitive Services Information For a Protected Individual
California law says subscribers and enrollees (“members”) of a healthcare service plan1 (“plan”) can choose how they would like the plan to communicate with them. They can provide the address, email, or telephone number they’d like the plan to use. That’s how the plan will contact them about medical details, healthcare providers, and other plan information.
A subscriber is the person who is responsible for plan payments or is eligible for the plan based on their job or other qualifications. An enrollee is a person covered by the plan or who receives services from it.
California also has special communication rules for protected individuals. They are covered adults or minors who can consent to care without permission from a parent or legal guardian. Protected individuals must be able to give informed consent for healthcare services.
Under California law, plans can’t tell the primary policyholder that a protected individual received sensitive services, unless they have the recipient’s permission. Sensitive services are all healthcare services related to mental or behavioral health; sexual and reproductive health; sexually transmitted infections; substance use disorder; gender-affirming care; intimate partner violence; or other care outlined by law.
Protected individuals can ask a plan to contact them about sensitive services at a different address, email, or phone number. If they don’t provide one, the plan will contact them by name using the method on file.
Members will be given details about the confidential communication request process when they enroll in or renew a plan. They can also submit a CCMI request by calling the Member Services toll free number on their Member ID card. The plan will honor their request until the member asks for it to be changed. The plan will send a confirmation letter to the member to let them know their confidential communications request was received. The member can ask for the status of their request by contacting the plan.
Health information exchanges
We may share your information with health information exchanges (HIE), which allow doctors, hospitals and payers to view/share your health information quickly and easily for treatment, payment or healthcare operations. These exchanges can improve the speed, quality, safety and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.
We receive information from several HIEs. If you want to opt-out of having health information in these HIEs, you may contact the following:
California: Manifest MedEx
Indiana: Indiana Health Information Exchange
Maryland: Chesapeake Regional Information Systems for Patients
Michigan and Indiana: Michiana Health Information Network
Ohio: CliniSync Health Information Exchange
New York City and Long Island: Healthix
Nevada: HealtHIE Nevada
Tennessee: Tennessee eHealth Information Exchange
Consumer privacy protection
There are many sources for information on privacy. These government websites feature frequently updated information on privacy policies and statutes.
Federal Trade Commission (FTC)
Identity Theft | USA.gov
Identity Theft | consumer.gov
1“Health care service plan” or “specialized health care service plan” means either of the following: (1) Any person who undertakes to arrange for the provision of health care services to subscribers or enrollees, or to pay for or to reimburse any part of the cost for those services, in return for a prepaid or periodic charge paid by or on behalf of the subscribers or enrollees. (2) Any person, whether located within or outside of this state, who solicits or contracts with a subscriber or enrollee in this state to pay for or reimburse any part of the cost of, or who undertakes to arrange or arranges for, the provision of health care services that are to be provided wholly or in part in a foreign country in return for a prepaid or periodic charge paid by or on behalf of the subscriber or enrollee.