Privacy

A padlock

Anthem Privacy Policies

Your privacy is a priority to us, and we take great care to protect your information. Our Privacy Policy describes the ways in which we collect and protect your information, and what choices you have to control your information. To change the way you receive your information, you can call our Member Services Centers or log in to your health plan account, go to "Profile," and select your preference in the "Communication Preferences" option.

If you have questions regarding this policy or if you would like to review or change any of your information we have on file, you can log in to start a Live Chat with one of our Member Services Representatives or you can call our Member Services Center at the toll-free number on your member identification card.

Key hanging from a key ring

Personally Identifiable Information Privacy Protection Policy

Various privacy laws and regulations can differ slightly on how they refer to your information. Throughout the notices on this page, information about you may be referred to as “Personally Identifiable Information” (“PII”), “Protected Health Information” (“PHI”), or as “Personal Information” (“PI”). Anthem is committed to protecting all your sensitive information in accordance with applicable laws and regulations.

Personally Identifiable Information (PII) is information about an individual which can be used to distinguish or trace an individual’s identity (such as their name, social security number, biometric records, etc.) by itself or when combined with other personal or identifying information which is linkable to a specific individual, such as date and place of birth, mother’s name, etc. PII includes Protected Health Information (PHI), but it can also include other types of information about you, that are not related directly to healthcare.

PHI is information specifically about an individual’s healthcare that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.

Examples of PHI can include any of the following:

  • name 
  • medical record information
  • claims and premium payment information
  • address 
  • social security number or equivalent identifiers (such as those assigned in other countries) 
  • Social Drivers of Health (also known as Social Determinants of Health), or other individually-identifiable information when associated with a member or patient
  • birth date
  • sex and age
  • sexual orientation
  • alternative gender identity
  • race, ethnicity

Personal Information (PI) is a term used by many state privacy protection laws, and (depending on the state) may or may not include PII and/or PHI. Therefore, these three terms may be used interchangeably in parts of this Privacy Protection Policy.

We are committed to safeguarding the PII, PHI, and/or PI we receive from our customers and members through the use of physical, technical, and administrative safeguards.

Our policies prohibit the unlawful disclosure of PII, PHI and/or PI. We share it externally only where federal and state law allows or requires it. It is our policy to limit the access, use and disclosure of this information to be in line with the job duties of our associates, as well as applicable law.

Our Notice of Privacy Practices further explains how your PHI is collected, how it may be used, and when it may be shared.

If you have any questions about this Personally Identifiable Information Privacy Protection Policy, you can log in to start a Live Chat or call our Member Services Center at the toll-free number on your member identification card.

Shield with checkmark

Health Insurance Portability and Accountability Act of 1996 (HIPAA) Notice Of Privacy Practices

Our Notice of Privacy Practices explains how your personal health information may be used and/or disclosed and describes how to access this information in accordance with HIPAA, an important federal privacy law. The notice reflects our legal obligations under federal and individual state regulations. We follow the duties and privacy practices found in this notice and will not use or share your personal health information in other ways than what is described, unless it is authorized by you in writing or permitted by applicable law. By law, we’re required to send our fully-insured health plan members a notice with those details.

These notices generally don’t apply if you’re part of an administrative services only (ASO) group health plan. To see which type of health plan you have, and whether this applies to you, check with the person or team that handles your health plan at your employer.

Anthem Blue Cross and Blue Shield Privacy Practices
Anthem Blue Cross and Blue Shield Privacy Practices - Spanish
Anthem Blue Cross and Blue Shield and its affiliated HealthKeepers, Inc. Privacy
Anthem Blue Cross and Blue Shield and its affiliated HealthKeepers, Inc. Privacy Practices - Spanish

Prescription drug capsules

Pharmacy HIPAA Privacy Notices

Health Insurance Portability And Accountability Act Of 1996 (HIPAA) Notice Of Privacy Practices

The following Notices of Privacy Practices explain how your health information may be used and/or disclosed and how to access this information in accordance with the HIPAA Act of 1996, an important federal privacy law. The notice reflects the pharmacy obligations under federal and individual state regulations. By law, we’re required to send our members a notice with those details.

CarelonRx Services Notice of Privacy Practices 

Supplemental Health Privacy Notice

This notice explains your rights and outlines our legal duties for protecting your privacy.

Privacy Notice 

Image of a sphere with latitude and longitude lines

Web Privacy Statement

Your privacy is very important to us, and we will make every reasonable effort to safeguard any information we collect.

This privacy statement is effective January 1, 2020, and was most recently reviewed in July 2024. This privacy statement is subject to change. We encourage you to review it from time to time.

Privacy Guidance When Selecting Third-Party Apps To Receive Your Information (Interoperability Support).

A checkmark indicating okay

Privacy Authorization Forms

We are committed to complying with HIPAA. HIPAA allows us to use and disclose identifiable healthcare and demographic information called Protected Health Information (PHI) for Treatment, Payment and Healthcare Operations (TPO) purposes. Beyond TPO, you have the right to permit the release of your PHI by completing a Member Authorization form to grant permission for others to see your PHI.

You may choose to allow your PHI to be disclosed to someone outside our company. To do this, fill out the appropriate form below and send to the address on the back of your member ID card. If you do not have an ID card, call us at 317-488-6000.

To view the forms if you don’t already have it, download Adobe Acrobat Reader for free.

Member Authorization Form 
Formulario de autorización miembros 
Anthem Blue Cross & Blue Shield New York (Down State) 
Anthem Blue Cross & Blue Shield New York (Group Retiree Solutions) 

 

Privacy Grievances and Appeals Authorization Forms

This form is to be used for a grievance or an appeal and to allow a party to act as the Authorized Representative in carrying out a grievance or an appeal.

Designation of Representative Authorization Form 

(To designate an Authorized Representative not related to a grievance or appeal, please use the regular Member Authorization form.)

Chat symbol

Contacting You

We, including our affiliates or vendors, might call or text you using an automated telephone dialing system and/or a prerecorded message. But we only do this in accordance with the Telephone Consumer Protection Act (TCPA). The calls may be to let you know about treatment options or other health-related benefits and services.

If you do not want to be contacted by phone, just let the caller know and we won’t reach out this way in the future. You may also call toll-free at 844-203-3796 to place your phone number on Anthem’s internal Do Not Call list.

Chat symbol

Contacting the Privacy Office

There are several ways to contact the Privacy Office.

To update how you receive your information, call Member Services on the back of your member ID card or log in to your account, go to "Profile," and then "Communication Preferences."

To contact us if you need to report a privacy issue, you can:

  • Call Member Services at the toll-free number on your member ID card or log in to start a Live Chat for all other questions.
  • Write to the Privacy Office at:
    Privacy Office
    220 Virginia Ave
    Indianapolis, IN 46204

California Consumer Privacy Act (CCPA) Privacy Notice

This privacy notice is not applicable to Anthem’s health plans. Anthem health plan members and applicants should refer to the HIPAA Notice of Privacy Practices.

Privacy Notice for California Residents 

Confidential Communications of Medical Information (CCMI)

Your Right to Request Confidential Communications of Medical Information (CCMI) and our Obligation to Protect the Confidentiality of Sensitive Services Information For a Protected Individual

California law says subscribers and enrollees (“members”) of a healthcare service plan1 (“plan”) can choose how they would like the plan to communicate with them. They can provide the address, email, or telephone number they’d like the plan to use. That’s how the plan will contact them about medical details, healthcare providers, and other plan information.

A subscriber is the person who is responsible for plan payments or is eligible for the plan based on their job or other qualifications. An enrollee is a person covered by the plan or who receives services from it.

California also has special communication rules for protected individuals. They are covered adults or minors who can consent to care without permission from a parent or legal guardian. Protected individuals must be able to give informed consent for healthcare services.

Under California law, plans can’t tell the primary policyholder that a protected individual received sensitive services, unless they have the recipient’s permission. Sensitive services are all healthcare services related to mental or behavioral health; sexual and reproductive health; sexually transmitted infections; substance use disorder; gender-affirming care; intimate partner violence; or other care outlined by law.

Protected individuals can ask a plan to contact them about sensitive services at a different address, email, or phone number. If they don’t provide one, the plan will contact them by name using the method on file.

Members will be given details about the confidential communication request process when they enroll in or renew a plan. They can also submit a CCMI request by calling the Member Services toll free number on their Member ID card. The plan will honor their request until the member asks for it to be changed. The plan will send a confirmation letter to the member to let them know their confidential communications request was received. The member can ask for the status of their request by contacting the plan.

SPECIAL INFORMATION FOR MINORS:  An amendment to California law (Assembly Bill (AB) 1184) prohibits healthcare service plans and health insurers from disclosing information about sensitive services that a minor age 12-17 has received, without the minor’s written consent. Because minors in California have the right to consent to these services on their own, without the consent of a parent or guardian, only the minor’s written authorization is valid for the release of this information to a parent, policy holder, primary subscriber, or any plan enrollee. Furthermore, the healthcare service plan or health insurer must direct all communications about the minor’s receipt of sensitive services directly to the minor, and they are prohibited from disclosing the information to the policy holder, primary subscriber, or any plan enrollee, without the minor’s written authorization.

We understand that limiting parents’ access to certain information about their children’s health care may be inconvenient, but it is necessary to comply with California law that prioritizes protection of children’s privacy in certain circumstances.

If a minor dependent would like to allow permission to their sensitive information, they must complete the form below.

Click here for the California Minor’s Authorization Form

Frequently Asked Questions

In September 2021, the California State Assembly passed an amendment to a current state law, Assembly Bill (AB) 1184. The amendment changes how healthcare plans and healthcare providers protect the privacy of patients who receive certain sensitive services. Here’s what you need to know.

A clipboard with documents

Health Information Exchanges

We may share and/or receive your information through health information exchanges (HIE) or through direct connections, which allow doctors, hospitals, and payers to view/share your health information quickly and easily for treatment, payment, or healthcare operations. These data exchanges can improve the speed, quality, safety, and cost of your care. Doctors, health insurers and others using an exchange like this are required to follow the privacy and security standards set by state and federal laws.

If you want more information about having health information passed through the exchanges and how you can exercise your rights as it relates to those exchanges you may contact the HIE directly at the following links:

California: Manifest MedEx
California: Sac Valley MedShare
Florida: Encounter Notification Service
Indiana: Indiana Health Information Exchange
Maryland: Chesapeake Regional Information Systems for Patients
Michigan and Indiana: Michiana Health Information Network
Ohio: CliniSync Health Information Exchange
New York City and Long Island: Healthix
Nevada: HealtHIE Nevada
Tennessee: Tennessee eHealth Information Exchange
Colorado: Colorado Regional Health Information Organization
Georgia: Georgia Health Information Network
Indiana: Indiana Health Information Exchange
Kentucky: Kentucky Health Information Exchange
Missouri: Midwest Health Connection
Texas: Greater Houston Health Connect (ghhconnect.org)
Wisconsin: Wisconsin Statewide Health Information Network

CA Data Exchange Framework

As required by California law, Anthem Blue Cross participates in the California Data Exchange Framework (“California DxF”). This exchange facilitates secure sharing of patient's health information among healthcare entities, enabling comprehensive care. Please visit the state website https://dxf.chhs.ca.gov/ for more information. To opt-out of California DxF, log into your digital health account and modify your profile preferences. If you don't have an account or have any additional questions, please call our Member Services phone number included on your ID Card . Medicaid members can't opt-out from California DxF.

Consumer Privacy Protection

There are many sources for information on privacy. These government websites feature frequently updated information on privacy policies and statutes.

Federal Trade Commission (FTC) 
Identity Theft | USA.gov 
Identity Theft | consumer.gov 

 

Effective January 1, 2020. Last reviewed in July 2024. Unless otherwise noted, the effective and review dates noted are for the Privacy Page in its entirety.

1“Health care service plan” or “specialized health care service plan” means either of the following: (1) Any person who undertakes to arrange for the provision of health care services to subscribers or enrollees, or to pay for or to reimburse any part of the cost for those services, in return for a prepaid or periodic charge paid by or on behalf of the subscribers or enrollees. (2) Any person, whether located within or outside of this state, who solicits or contracts with a subscriber or enrollee in this state to pay for or reimburse any part of the cost of, or who undertakes to arrange or arranges for, the provision of health care services that are to be provided wholly or in part in a foreign country in return for a prepaid or periodic charge paid by or on behalf of the subscriber or enrollee.