Terms & Privacy-Blue Cross and Blue Shield's Federal Employee Program

Terms & Privacy

The following terms and conditions govern your use of the fepblue.org website. 

Terms and Conditions

The following terms and conditions (“terms and conditions”) govern your use of the fepblue.org Site (the “website”). By clicking to access, view, or use the material on the website, you indicate that you understand and intend these terms and conditions to be the legal equivalent of a signed, binding written contract, and that you accept such terms and conditions and agree to be legally bound by them. If you “opt-in,” you authorize use of your information as outlined in this section and the privacy policy for this website.

If you do not agree with the terms and conditions, you are not granted permission to use the website and should exit immediately. This opt-out option is not stated prior to each feature of this website. If you decide to opt-out or not accept our terms and conditions and the terms of our Privacy Policy, you will not be able to use our interactive features such as MyBlue, Health Tools, Pharmacy website and the Provider Directory.

Please Note: This website offers a summary of some of the features of the Blue Cross and Blue Shield Service Benefit Plan. Before making a final decision, please read the Blue Cross and Blue Shield Service Benefit Plan Brochure. All benefits are subject to the definitions, limitations and exclusions included in the brochure. Benefits under the non-FEHBP programs are neither offered as part of nor guaranteed under the Blue Cross and Blue Shield contract with the U.S. Office of Personnel Management (OPM) to provide healthcare to Federal employees and annuitants. These benefits are only available to contract holders and covered family members enrolled in the Blue Cross and Blue Shield Service Benefit Plan. The cost of these benefits is not included in your premium.

General Information:

The Blue Cross Blue Shield Association (BCBSA) has offices in Chicago, Illinois, and Washington, DC USA. There are local Blue Cross and Blue Shield member companies in the United States that provide customer service and claims processing functions for Blue Cross and Blue Shield Service Benefit Plan members worldwide.

Questions and comments, including the reporting of any non-functioning links in the website, should be submitted to the local Blue Cross and Blue Shield company. You may call the the customer service number located on the back of your member ID card during regular business hours or you can submit an electronic inquiry using the Customer eService link provided on our homepage. If you are not a Service Benefit Plan member, the number for the local Blue Cross and Blue Shield company can be found in the Contact Us section of this website.

1. Protected access website:
The website and its contents are primarily intended for use by members covered under, and persons eligible to enroll in, the Blue Cross and Blue Shield Service Benefit Plan. All passwords used to access specific areas of the website must be kept confidential. Under no circumstances should you share your password with or provide access to the website for an unauthorized person or entity.

2. Proprietary rights:
All material contained in this website is protected by law, including without limitation United States copyright law. BCBSA also owns a copyright in this website as a collective work and/or compilation, and in the selection, coordination, arrangement, organization and enhancement of website content. Removing or altering the copyright notice on any material on the website is prohibited. Unless otherwise indicated, Blue Cross and Blue Shield companies and Controlled Affiliates may reproduce and distribute content solely for use in conjunction with the conduct of their own businesses, provided that all copyright notices are included and the content is not materially altered. Unless otherwise indicated, prior written consent is required in order to modify or create derivative works based upon Content. All trademarks, service marks or other logos featured on the website are protected by law. Use or misuse of these trademarks, service marks or logos is expressly prohibited and may violate federal and state law.

Please be advised that BCBSA actively and aggressively enforces its intellectual property rights to the fullest extent of the law.

3. Appropriate Use:
You may not use the website to send offensive or disruptive material, including without limitation offensive sexual, racial or gender related material, material that violates the Association’s non-discriminatory policies, viruses or other material that may disrupt or interfere with hardware or software functionality, or spam. Notwithstanding the foregoing, BCBSA is not responsible and shall not be liable for the contents of content posted to or sent from the website by visitors or persons, other than BCBSA employees, in email, forums, surveys, or by any other means. Opinions or comments contained in such content reflect the views of the author and not of BCBSA unless BCBSA expressly states to the contrary.

Nothing contained, expressed, or implied on this website is intended as nor shall be construed as medical advice. No doctor-patient relationship is established between BCBSA and you by reason of your use of this website or under any circumstances whatsoever. Individual inquiries about medical issues, or sensitive or confidential matters should be addressed to the appropriate healthcare professionals. You should not rely upon the website in any way in the event of an emergency health situation. In such an emergency situation, the user should instead call 911 or his/her healthcare provider.

4. Contributions to the Site:
BCBSA welcomes your input, feedback, and suggestions about how to improve our products and services, and this website. By transmitting any suggestions, material, information, or other content (collectively, “content”) to BCBSA, you automatically grant BCBSA the royalty-free, perpetual, irrevocable, non-exclusive right and license to use, reproduce, modify, adapt, publish, translate, create derivative works from, distribute, redistribute, transmit, perform and display such content (in whole or part) worldwide and/or to incorporate it in other works in any form, media, or technology now known or later developed for the full term of any rights that may exist in such content. Further, unless otherwise agreed to in advance, BCBSA is free to use any ideas, concepts, know-how, techniques, and suggestions contained in any communications you send to this Site for any purpose whatsoever, including but not limited to creating and marketing products and/or services using such information.

You can submit your feedback and suggestions to your local Blue Cross and Blue Shield company. The addresses for each local company are available in the Contact Us section of this website.

5. Corrections and changes:
While we endeavor to keep the materials on the website up to date, BCBSA cannot assume responsibility for any errors or omissions in these materials. BCBSA further does not warrant the accuracy or completeness of the information, text, graphics, links or other items contained within these materials. BCBSA may make changes to these materials, or to the products or services described herein, at any time without notice, and makes no commitment to update the information contained herein.

BCBSA reserves the right to terminate your access to this website in the event that you violate these terms and conditions, or for any reason whatever.

6. Links to other websites:
This website may contain links to other Internet sites, extranet sites, or sites on other networks for the convenience of users in locating information and services that may be of interest, as well as links to our business partners, including Blue Cross and Blue Shield companies, CVS Caremark (Pharmacy), WebMD Health Services (Health Tools), Davis Vision (FEP BlueVision®), DeCare Dental (FEP BlueDental®), AXA Assistance (Overseas benefit and provider information), and the FEP® Operations Center (Customer eService), who work with BCBSA to provide benefits and services to Service Benefit Plan members, FEP BlueDental and FEP BlueVision members. With the exception of the websites of our business partners, visitors to the website acknowledge that these are third-party sites maintained by persons or organizations over which BCBSA exercises no control, and for which BCBSA disclaims any responsibility for the content, the accuracy of the information and/or quality of products or services provided by or advertised on these third-party sites. BCBSA does not control, endorse, promote, or have any affiliation with any other website unless expressly stated on the website. This includes the websites of Blue Cross and Blue Shield companies and our Business Partners, CVS Caremark (Pharmacy), WebMD Health Services (Health Tools), Davis Vision (FEP BlueVision), DeCare Dental (FEP BlueDental), AXA Assistance (Overseas benefit and provider information), and the FEP Operations Center (Customer eService).

7. Use of the Internet:
Use of the Internet is solely at your own risk and is subject to all applicable state, national and international laws and regulations. Neither BCBSA nor its affiliates will be liable for any loss resulting from a cause over which they do not have direct control, including but not limited to failure of electronic or mechanical equipment or communication lines, telephone or other interconnect problems, computer viruses, unauthorized access, theft, operator errors, severe weather, earthquakes, natural disasters, strikes or other labor problems, wars, or governmental restrictions.

8. Confidentiality and security cannot be guaranteed:
Please be advised that the confidentiality of any communication or material transmitted using the public Internet or non-secure Internet electronic mail cannot be guaranteed.

While this website resides on the public Internet, we use customized, state-of-the-art software to help ensure the confidentiality and security of any communications transmitted to Blue Cross and Blue Shield companies from www.fepblue.org. Notwithstanding these efforts, BCBSA cannot guarantee the confidentiality and security of such electronic communications.

9. Privacy statement:
The website has a privacy statement disclosing what information we collect about visitors, how we use such information, the steps we take to secure such information, how you can view and correct such information, and how you can decline to have information about you collected or used. Please visit the Privacy Policy section to learn more.

Service Benefit Plan members may modify and access certain types of Personally Identifiable Information (PII) and Personal Health Information (PHI) under the Customer eService feature. To amend any of the PII or PHI that is available under the Customer eService feature, you must contact your local Blue Cross and Blue Shield company.

Each Blue Cross and Blue Shield company and our Business Partners have their own Privacy Policy and terms and conditions, which may differ from those on this website. You are notified when you exit this website that your activity on the new website is governed by separate policies.

10. No legal advice:
Nothing contained, expressed, or implied in this website is intended as, nor shall be construed or understood as, legal advice, guidance, or interpretation. No attorney-client relationship is established between BCBSA and you by reason of your use of this website or under any circumstances whatever. The information in this website is for general informational purposes only. If you have questions about any law, statute, regulation, or requirement expressly or implicitly referenced in this website, you should contact your own legal counsel.

11. Securities information:
This website and the information contained herein does not constitute an offer or a solicitation of an offer for the purchase or sale of any securities. The website may contain information and press releases about BCBSA, Blue Cross and Blue Shield companies and controlled affiliates and business partners, and although this information was believed to be accurate as of the date prepared, BCBSA disclaims any duty or obligation to update such information. To the extent that any information is deemed to be a “forward looking statement” as defined in the rules and regulations of the Securities Act of 1933, as amended, such information is intended to fit within the “safe harbor” for forward looking information and is subject to material risk factors, which may or may not be disclosed herein.

12. Disclosure for uses and response times for email, electronic messages, and other communications transmitted via the website:
BCBSA makes no guarantees about its response to emails, electronic messages, and other communications transmitted in response to services available through our Business Partners accessed through this website. However, it will attempt to answer all such communications brought to our attention within 30 days of receipt of such communication.

13. Editorial Policy:
Our mission is to give our members well written, up-to-date, trustworthy and accurate online benefit and health-related information about the Blue Cross and Blue Shield Service Benefit Plan to empower our members to make informed and appropriate decisions about their health insurance coverage and healthcare needs.

We take prudent steps to ensure we do not provide false and/or misleading information on this website. The information on this website is not intended to replace the advice of a physician or other healthcare professional. Always consult your physician to determine your personal healthcare needs.

Material on the website is updated weekly and reviewed at least annually to ensure the information is up-to-date and accurate.

The Blue Cross Blue Shield Association creates original content for web information and for our newsletters. We identify the subjects for the articles based upon what is happening in healthcare, in the federal healthcare environment and in the lives of all our members. Web features and topics include a more detailed explanation of benefits available under the Service Benefit Plan coverage, such as dental care, preventive care, incentive programs and Medicare. We also provide information about how new laws affect you and your coverage and the benefit changes for the upcoming year.

Health-related information and newsletter articles highlight emerging trends, such as healthy living. Articles on specific health related topics, such as diabetes, smoking cessation and fitness, are based on information available on our Health Tools website, and as needed other sources, such as www.cdc.gov. BCBSA website staff ensure that authors of any content posted on www.fepblue.org are qualified to make the statements they do in content. All health content reviewers must, at a minimum, be a registered nurse or have a degree in medical sciences or public health, or equivalent experience in the healthcare and/or health insurance industry.

Health and wellness articles are provided by WebMD Health Services. All content includes relevant source identification, and are dated on the website pages.

All material for the website is reviewed by the legal counsel of the Blue Cross Blue Shield Association, as well as experts with appropriate experience and training in health information, benefits, medical case and disease management, communications, finance, and privacy to provide educated and fact-based feedback and comments. All information is reviewed before it is added to the website. The scope of the review responsibility includes but is not limited to:

  • Overseeing development, implementation and maintenance of website principles and standards
  • Establishing editorial policy standards and overseeing implementation
  • Evaluating the quality of member communications on the features of this website
  • Identifying opportunities for improvement and establishing priorities among them
  • Evaluating the website to oversee compliance with regulatory and accreditation standards

All Blue Cross Blue Shield Association authors and content providers are required to avoid any situation where a conflict could or appear to exist between their personal interests and those of the Blue Cross Blue Shield Association. Compliance with this policy requires full disclosure of any potential or actual conflicts of interest so a determination can be made whether a conflict actually exists and to eliminate or avoid a conflict. BCBSA employees are required to sign annual Disclosure Agreements. BCBSA employees are also required to annually certify knowledge of the code of ethics.

This website does not accept advertising nor does it receive funds from advertising.

14. Disclaimer of Warranty and Liability:

15. Indemnification:
You agree to defend, indemnify, and hold harmless BCBSA, its affiliates and subsidiaries, and all of their respective directors, officers, employees, representatives, proprietors, partners, shareholders, servants, principals, agents, predecessors, successors, assigns, and attorneys from and against any and all claims, proceedings, damages, injuries, liabilities, losses, costs, and expenses (including attorney’s fees and litigation expenses) relating to or arising from your use of the website and any breach by you of these terms and conditions.

16. Governing law and jurisdiction:
These terms and conditions will be governed by and construed in accordance with the laws of the State of Illinois, without reference to its choice of law rules. By accessing, viewing, or using the material on the website, you consent to the jurisdiction of the federal and state courts presiding in Chicago, Illinois, and agree to accept service of process by mail and hereby waive any and all jurisdictional and venue defenses otherwise available. This website is controlled and operated by BCBSA from its offices within the United States. BCBSA makes no representation that materials in the website are appropriate or available for use in other locations, and access to them from territories where their contents are illegal is prohibited. Those who choose to access this website from other locations do so on their own volition and are responsible for compliance with applicable local laws.

These terms and conditions constitute the entire agreement between you and BCBSA with respect to your use of the website. If any part of these terms and conditions is held to be invalid or unenforceable for any reason, the remaining parts will remain in full force and effect. You acknowledge that, in providing you access to and use of the website, BCBSA has relied on your agreement to be legally bound by these terms and conditions. BCBSA reserves the right to terminate your access to the website in the event that you violate these terms and conditions, or for any reason whatever.

© 2000-2017 Blue Cross Blue Shield Association. All Rights Reserved. Revised 2017.

Privacy Policy

Your privacy is important to us. The Blue Cross Blue Shield Association maintains high standards for the protection of your privacy on our websites. Here is what you can expect when you visit www.fepblue.org.

  • Other than to fulfill a request from you, we won't sell, rent or share any personally-identifiable information (PII) you provide without your consent.
  • We won't send you any unsolicited email ("spam").
  • No PII collected at this website will ever be used to affect your health insurance coverage by or premiums paid to a Blue Cross and Blue Shield company.

Please remember that this policy only covers the data collection and use practices for www.fepblue.org, an official website of the Blue Cross Blue Shield Association (BCBSA). BCBSA's privacy policies may differ at its other websites or in its offline data collection and reporting practices. Questions regarding the privacy policy of your independent, local Blue Cross and Blue Shield company should be directed to that company.

Each of our business partners, including CVS Caremark (Pharmacy), WebMD Health Services (Health Tools), the U.S. Office of Personnel Management (OPM), our enrollment area (the FEP Operations Center for Customer eService), AXA Assistance for overseas benefits and provider information, and any other supplemental plan vendor, have separate privacy policies.

The information we collect:

Our web servers automatically capture your domain name; the IP address of the web page from which you enter our site; the browser name, full version (major and minor), and plugins; the resolution (width/height) and color depth; the operating system; the pages you visit on our site; and the amount of time you spend here. We do not collect any information that can reveal your personal identity unless you voluntarily provide it when you register to use interactive features of the site or to receive information from us or Blue Cross and Blue Shield companies. We do not collect and save any Protected Health Information (PHI). Any section of www.fepblue.org that is directed to children or teens will be protected by a screening mechanism to help ensure parental consent is obtained before we collect or use PII from children under 13. We do not knowingly collect or use PII from children under 13 without the consent of a parent or guardian.

PII voluntarily provided by you may be retained indefinitely for the purposes described in this Privacy Policy.

If you use the features on this website or on the websites of our business partners, you are "opting in" and agree to our collection of information as described above. You can "opt out" or prevent us from collecting PHI or PII by not using the interactive features of this website or the websites of our business partners. You may "opt in" or "opt out" each time you access the website. If you "opt out," you cannot use the interactive features, such as the Provider Directory, BlueNews, and Pharmacy Programs.

Use of the information this website gathers/tracks:

The non-PII we gather and store in aggregate form is only used to maintain or improve our website, and we may share that information with other areas in BCBSA, local Blue Cross and Blue Shield companies, our business partners, or with companies we hire to help us maintain or improve the website.

Any PII you voluntarily give us will be stored in a secure environment and used only to provide the product, service, or information you have requested or for which you registered. Unless you specifically consent to let us do so, your PII, including your email address, will not be sold, rented, licensed or otherwise shared with third parties, other than Blue Cross and Blue Shield companies or business partners as required to fulfill a request from you. Personal information you voluntarily provide and the non-PII we collect in aggregate form will not affect your insurance coverage, eligibility, premiums or claims payment by any Blue Cross and Blue Shield company.

Cookies and spyware:

When you visit our website, we may place a "session" or cookie on your computer that will allow us to customize and enhance your experience at www.fepblue.org, make improvements to our website, or to report site activity. Our session cookies will not permanently store on your computer and expire when you leave our website. Our cookies will never be used to track your activity on any third party sites that do not provide benefits or services to Service Benefit Plan members, or to send spam, nor will our cookies provide us with any PII about you.

We will store cookie information only in aggregate form and only use the information to make improvements to the website or internal reports on site activity. You can use your browser controls to refuse to allow any cookies to be placed on your computer.

Spyware is software that helps gather information about a person or organization without their knowledge, and which may send information to another entity without your consent, or asserts control over a computer without your knowledge. At this time, we do not use spyware on our site. Cookies are used to store www.fepblue.org browsing history in order to improve the experience on the website. The browsing history is stored anonymously and it is not transmitted to or readable by other websites but www.fepblue.org.

Sites we link to:

If you choose to use any of the links we provide to our member companies, sponsors, and other third party resources, you will be leaving our website and going to a new website. Protection of your privacy at those other websites will be governed by the privacy policy at that website. Please take the time to read the privacy policies at their websites. We have business relationships with the local Blue Cross and Blue Shield companies, CVS Caremark, WebMD Health Services, OPM, AXA Assistance, supplemental benefit companies, and the FEP Operations Center. These linking relationships are not a form of advertising or promotion, but part of the unique set of benefits available under the Blue Cross and Blue Shield Service Benefit Plan and the Blue Cross Blue Shield Association. The links to other websites within our website are not of an advertising or promotional nature.

Changes to this policy:

If we make any significant changes to this policy, we will let you know the effective date of the changes and provide a tool for you to understand what has changed.

  • Policy updated 8/2010 – cookies are now used on the site. See "Cookies and Spyware" section for details.

Includes changes and clarifications to our Mail Service Pharmacy Benefits manager.

  • Policy updated 8/2016 - update to the list of items our web servers automatically capture. See "The information we collect" section for details. 


The Health Insurance Portability and Accountability Act (HIPAA) was enacted by the U.S. Congress. This legislation concerns your rights as a consumer and the health care privacy practices that protect your rights. It affects not only how your personal medical information is handled, but also how you and your confidential information are treated when working with your doctor, health insurance provider or other medical practitioner. Learn more about its components and how it works to protect you and your confidential medical information.

Understanding HIPAA

HIPAA is comprised of four areas of regulation — privacy, security, information transactions and code sets, and national identifiers. Learn how the different components work and how they relate to you and your confidential medical information.

Privacy Regulation

The HIPAA privacy regulation is a “use and disclosure” set of requirements enacted in 2003 that defines how the Service Benefit Plan can use and share your confidential medical information. The regulation limits the use and disclosure of Protected Health Information (PHI). PHI includes any individually identifiable health information, such as your demographic and clinical information as well as related business and insurance data.

The regulation asserts that privacy is a “fundamental right.” This has transformed the way Americans view their right to control their medical information and medical services. You are now in the driver’s seat on how your confidential medical information is used and disclosed.

BCBSA compliance

Some of the basic steps we have implemented to comply with privacy regulations include:

  • Adopting policies and procedures to protect the privacy of protected health information
  • Adopting policies and procedures that give individuals specific rights to their health information, including the rights to
    • access and copy health information
    • be informed of certain disclosures
    • request corrections/amendments
    • request limits on disclosures your office makes
    • receive confidential communication
  • Creating a written notice describing how the BCBSA and the local BlueCross BlueShield Plans use and disclose your PHI information and provide you a copy of the notice document
  • Designating a privacy official to handle complaints and questions about the notice of privacy practices
  • Providing policies and procedures training for personnel
  • Implementing appropriate safeguards to protect member information from improper disclosure
  • Establishing a reporting and response system for privacy violations
  • Developing a sanctions policy for the discipline of privacy violations by employees

Security Regulation

While the privacy regulation pertains to all PHI - paper or electronic, the HIPAA security regulation, enacted in 2005, deals specifically with Electronic Protected Health Information (ePHI). It states that we must:

  • Protect confidentiality, integrity and availability of all electronic protected health information that we create, receive, maintain, or transmit
  • Protect against any reasonably anticipated threats or hazards to the security or integrity of such information
  • Protect against any reasonably anticipated uses or disclosures of such information that are not permitted or required under the privacy part of the HIPAA regulations
  • Ensure compliance of the HIPAA security regulations by our employees

Confidentiality means that your PHI is not made available or disclosed to unauthorized persons or processes. Integrity means that your PHI has not been altered or destroyed in an unauthorized manner. Availability means that your PHI is accessible or usable upon demand by an authorized person. The regulation also asserts that we maintain strong and up-to-date security controls on all electronic files that contain your PHI.

Physical security is a major component of the regulation. The law mandates the protection of equipment and information from damage and environmental threats, such as floods and fires, and physical threats such as unauthorized access to information.

BCBSA compliance

There are a number of steps that we have taken to implement these security regulations including:

  • Designating a security officer to handle security complaints and security breaches to the PHI
  • Developing a contingency plan and disaster recovery plan to continue operations after a storm or other event out of BCBSA’s control
  • Maintaining strong access control and securing the physical facility
  • Adopting and training our employees on HIPAA security policies and procedures

Physical security is a major component of HIPAA security. It protects equipment and information from damage and environmental and human threats and offers control of, and protection within, a facility.

  • Environmental threats include water, fire, humidity and power surges.
  • Physical threats include door access, escorting guests within the secure areas, equipment in a secure area, and ventilation duct access.
  • Human threats include personnel screening before hiring, access to secure areas restricted and personnel trained in security needs and actions.

The regulation asserts that and BCBSA has strong and up to date security controls must be in place on all electronic files that contain your PHI.

Information Transactions and Code Sets

In October of 2003, standardized transactions and code sets were implemented to improve the effectiveness and efficiency of Medicare, Medicaid, and other federal programs, as well as the healthcare industry in general. These new transactions and code sets were designed to simplify the administration within the healthcare system and enable efficient electronic transmission of certain health information through Electronic Data Interchange (EDI).

What is EDI?

EDI is the electronic transfer of information in a standard format between trading partners. EDI allows entities within the healthcare system to exchange medical, billing and other information and to process transactions in a manner which is fast and cost effective. EDI substantially reduces the handling and processing time of information as well as the risk of losing paper documents.

The HIPAA Claim Form

In the early 1990s the health care industry asked the Department of Health and Human Services (DHHS) to help the industry create one, and only one, claim form. The industry had previously tried to create one claim form and did not succeed. Designed to streamline the administration of healthcare, the HIPAA claim form has replaced approximately 400 various claim forms for medical services, 200 claims forms for dental services and the previously used pharmacy claim form.

Electronic Transactions and Code Sets

In addition to a standard claim form this rule also established standards and specific code sets to be used for the following eight electronic transactions:

  • Health care claims or equivalent encounter information
  • Eligibility for a health plan
  • Referral certification and authorization
  • Health care claim status
  • Enrollment and disenrollment in a health plan
  • Health care payment and remittance advice
  • Health plan premium payments
  • Coordination of benefits

The medical data codes sets include:

International Classification of Diseases, 9th Edition, Clinical Modification, (ICD—9—CM), Volumes 1 and 2

International Classification of Diseases, 9th Edition, Clinical Modification, Volume 3 Procedures

Code on Dental Procedures and Nomenclature, as maintained and distributed by the American Dental Association, for dental services

The Health Care Financing Administration Common Procedure Coding System (HCPCS)

Healthcare clearinghouses, health plans and other healthcare insurance companies plus providers who submit the administrative transactions in electronic format must use these standard electronic formats and code sets.

Unique Identifiers

The final component of HIPAA is national identifiers regulation. The uniform identifiers permit your doctors and hospital providers, dentists, plus pharmacists to spend much less time dealing with the bureaucracy of getting paid.

There are three HIPAA National Identifiers:

  1. Employer ID Number (EIN)
  2. National Provider Identifier (NPI)
  3. National Health Plan Identifier

Both the EIN and the NPI have been implemented. The HIPAA EIN is the IRS federal tax number of a healthcare business. The EIN is necessary on some of the healthcare transactions outlined above under the transactions and code set area. It has been used on these transactions since 2004.

The National Provider Identifier (NPI) was implemented in May 2008 and requires that all providers completing electronic transactions, health plans, and healthcare clearinghouses, use only to identify covered healthcare providers on the standard HIPAA transactions outlined above. This means that today, the claim form your doctor and hospital uses to process your medical, or dental, or pharmacy services uses the one NPI as opposed multiple identifiers. Again, this allows a more efficient, streamlined processing of transactions.

When the National Health Plan Identifier HIPAA regulation is released, it will add to this efficiency by again going from many identifiers to one identifier.

Your Privacy Rights

As a healthcare consumer, HIPAA asserts that privacy is your fundamental right. Learn more about your personal rights as it relates to your medical information. The HIPAA privacy regulation is a “use and disclosure” set of requirements enacted in 2003 that defines how we can use and share your confidential medical information. The regulation limits the use and disclosure of Protected Health Information (PHI). PHI is individually identifiable health information that includes your demographic and clinical information as well as related business and insurance data.

Under the HIPAA Privacy Rule, you have individual rights that allow you to request the following:

Notice of Privacy Practices

A Notice of Privacy Practices is issued to all Service Benefit Plan contract holders when they enroll and whenever there is a material change to the privacy practices provided in the notice. In situations where there are material changes, the revised Notice of Privacy Practices will be distributed to all contract holders within 60 days of the change. To review our current privacy practices please download the following:

Notice of Privacy Practices for the Service Benefit Plan

Notice of Privacy Practices for the US Office of Personnel Management (OPM)

Authorization for Release of Protected Health Information (PHI)

In order for BlueCross and BlueShield Health Plans to disclose information about you that is not for the purposes of treatment, payment or healthcare operations, you must first authorize a person and/or organization to receive your PHI. By completing and submitting an Authorization for Release of Protected Health Information form, you are allowing the designated individual(s) to have access to only the PHI specified by you on the form.

This form is ideal if you need assistance with handling specific claims or only wish for the designated individual to have limited access to your PHI that will expire in a timeframe not more than one year. It is important to note that this form does not allow the authorized individual(s)/organization(s) to make any healthcare decisions on your behalf. If you wish to authorize the designated individual to be able to make healthcare decisions on your behalf you will need to use a Personal Representative Authorization Form.

This form will generally require the following information (1) a description of the PHI to be Used or Disclosed, (2) a statement of who is authorized to receive the PHI, (3) A description of the purpose for which the disclosure is permitted, (4) an expiration date, and (5) member’s signature.

Appoint a personal representative

The Personal Representative Authorization form allows you to designate a personal representative who will act on your behalf in making decisions related to healthcare, which includes treatment and payment issues. This individual can be a family member, friend, lawyer or unrelated third party.

Your designated personal representative stands in your shoes and has the ability to act for you and exercise your rights. For instance, at your request BCBS must provide your personal representative access to your Protected Health Information (PHI) to the extent such information is relevant. In addition to exercising your rights under the Privacy Rule of the Health Insurance Portability and Accountability Act, a personal representative may also authorize disclosures of your Protected Health Information (PHI).

This form is ideal if you require ongoing, comprehensive assistance. It is important to understand that the individual you list as your personal representative has the authority to make healthcare-related decisions on your behalf. If you require permanent assistance with your healthcare needs, you may also submit a legal power of attorney to BCBS.

Access to your medical record and be permitted a copy of it

The Request for Access form is used to make a request to inspect and/or obtain copies of your Protected Health Information (PHI) maintained by BCBS and our Business Associates.

Please note that the BCBS reserves the right to deny access to psychotherapy notes, information compiled for legal proceedings, on-going research or obtained from a confidential source. We also reserve the right to deny access if we believe it may cause you any harm, but we must grant you a review procedure.

An accounting of your medical information and record disclosures

The Request for an Accounting of Disclosures form allows you to receive an accounting of the disclosures of your Protected Health Information (PHI) by BCBS or our business associates. The maximum disclosure accounting period is the six years immediately preceding the accounting request; however we are not obligated to account for any disclosure made prior to the Privacy Rule compliance date of April 14, 2003.

The Privacy Rule does not require accounting for disclosures:

  • for treatment, payment or healthcare operations
  • to you or your personal representative
  • for notification of or to persons involved in your healthcare or payment for healthcare, for disaster relief or for facility directories
  • pursuant to an authorization
  • of a limited data set
  • for national security or intelligence purposes
  • to correctional institutions or law enforcement officials for certain purposes regarding inmates or individuals in lawful custody
  • incident to otherwise permitted or required uses or disclosures

Accounting for disclosures to health oversight agencies and law enforcement officials must be temporarily suspended on their written representation that an accounting would likely impede their activities.

BCBS must respond to your written request within 60 days from the date it was received. However, if we are unable to give the requested accounting to you within the 60-day deadline, we will notify you in writing that we will be utilizing our right to a 30-day extension provided we explain the reason for the delay and when we will act on your request.

Amendment to your Protected Health Information

The Request for Amendment form allows you to ask BCBS to amend medical information we have about you that you feel is incorrect or incomplete. You have the right to request an amendment as long as the information is kept by or for BCBS. Requests for amendments must provide a reason that supports your request and can be denied.

BCBS may deny your request only if the information was not created by us and the originator is no longer available, access is deniable or the Protected Health Information (PHI) in question is accurate and complete. If the amendment is denied, BCBS must accept a written statement of disagreement that will be kept with your designated record set.

The BCBS must respond to your written request within 30 days from the date it was received.

Confidential communication

The Request for Confidential Communication form allows you to request an alternative means or location for receiving communications of Protected Health Information (PHI) by means other than those that we typically employ. For example, you may request that the Health Plan communicate with you through a designated address or phone number.

BCBS must accommodate reasonable requests if you indicate that the disclosure of all or part of the PHI could endanger you. The Health Plan may not question your statement of endangerment. However, we may condition compliance with a confidential communication request on you specifying an alternative address or method of contact and explaining how any payment will be handled.

Once a request for confidential communication goes into effect, all of your PHI will be processed in accordance with your instructions. This means that we cannot process a request to withhold only the PHI relating to a specific condition, diagnosis, or treatment. Therefore, all documents that might contain PHI about all of the service you receive will be addressed to you and not the contract holder.

Even if you request confidential communications, the check for services you receive from a non-participating provider could be sent to you but made payable to the contract holder, unless you have made other payment arrangements with us. Therefore, we urge you to discuss with us how we can arrange to pay your claims for services that you receive from a non-participating provider. Accumulated payment information such as deductible status and catastrophic protection benefits in which your PHI might appear, will continue to appear on all future Explanation of Benefits (EOB) sent to the contract holder for service rendered by all providers (participating and non-participating).

If you terminate your request for confidential communication, the restriction will be removed for all of your PHI that we hold, including PHI that was previously protected. Therefore, you should not terminate a request for confidential communications if you remain concerned that disclosure of your PHI will endanger you.

Restriction on the use and sharing of your medical information

The Request for Restriction form allows you to request a restriction or limitation on the medical information we use or disclose about you for treatment, payment or healthcare operations. You also have the right to request a limit on the medical information we disclose about you to someone who is involved in your care or the payment for your care, such as a family member or friend. We are not required to agree to your request. If we do agree, we will comply with your request unless the information is needed to provide you emergency treatment.

This form will generally require that you provide (1) the information you want to limit, and (2) how you want us to limit the use and/or disclosure of the information.

Make a privacy complaint

You may file a complaint to us if you believe that we have violated your privacy rights. This form will generally only require a description of the privacy right violation and your contact information for follow-up communication. To make a complaint, please call the customer service number for your local Blue Cross and Blue Shield company and ask for the privacy (HIPAA) contact.

File a request

All forms can be obtained from your local Blue Cross and Blue Shield company. To file a request, please call the customer service number for your local Blue Cross and Blue Shield company and ask for the privacy contact. Please submit the appropriate form for each item to the privacy contact. Please note, it is important that you direct your request to the privacy contact in order to ensure your request is addressed in a timely manner.

Healthcare Fraud

Healthcare fraud is more damaging than you probably imagine. Though committed by a very small number of people, healthcare fraud affects every patient, doctor and hospital in the country, wasting billions of dollars every year. A goal of the Blue Cross and Blue Shield Service Benefit Plan is to preserve healthcare quality and affordability. That's why we're working with hospitals, doctors, consumers and, where appropriate, law enforcement agencies to identify and stop healthcare fraud.

What is healthcare fraud?

Everyone makes the occasional mistake, especially in an industry as complex as healthcare. Rest assured, inadvertent errors are not considered fraudulent.

Healthcare fraud is the intentional, unlawful misrepresentation or deception for the purpose of gaining unauthorized benefits - financial or otherwise. Abuse is defined as reckless conduct that goes against and is inconsistent with acceptable business and/or medical practices resulting in greater reimbursement.

Fraud and abuse can compromise patient safety and future care. One example of patient harm is unnecessary, sometimes invasive, medical procedures. A provider who enters false codes on a patient for purposes of greater reimbursement leaves the patient with a false diagnosis being associated with their or their family's medical history.

Common examples of medical and pharmacy healthcare fraud

Fraudulent schemes are limited only by the imagination of the individual committing the fraud. Common examples are:

  • Billing for services not rendered
  • Billing for medically unnecessary services
  • Misrepresentation of services
  • Misrepresentation of identity
  • Ineligible dependents
  • Altered claims (medical/prescription)
  • Thin air scripts
  • Shorting
  • Doctor shopping
  • Falsification of application (SF 2809)

What the BCBS Service Benefit Plan is doing about fraud

The National Health Care Anti-Fraud Association estimates that the financial losses due to healthcare fraud are in the tens of billions of dollars each year. And with healthcare costs going up every year, so too are the costs of healthcare fraud.

The Blue Cross and Blue Shield Service Benefit Plan invests in numerous programs that raise the industry standard for healthcare fraud prevention.

  • Each Blue Cross and Blue Shield company has its own investigative unit that actively pursues fraudulent activities and the recovery of monies lost to fraudulent or abusive activities.
  • Computer and software technology analyzes millions of claims for patterns of suspicious billing activity.
  • The Blue Cross and Blue Shield Anti-Fraud Task Force works with medical professionals and government agencies to uncover fraud in multiple states.
  • Our Blue Cross and Blue Shield Anti-Fraud Hotlines receive more than 80,000 calls a year.

Fraud prevention and you

Blue Cross and Blue Shield is committed to protecting our members, healthcare providers, and federal benefits against healthcare fraud. But we can't stop healthcare fraud alone. We need the participation and support of institutions and individuals.

How you can help

  • Think of your healthcare card as being as valuable as your credit card. If you think your card was stolen, you should contact your local Plan and request a new contract ID when you request a new card to prevent unauthorized use.
  • Carefully review your Explanation of Benefit (EOB) notices and medical bills and verify dates, reasons and costs to ensure that you and/or the Service Benefit Plan is being billed for services that were actually received.
  • Be aware of "free" services. If patients are asked to provide their insurance card, the service may not be free and could be fraudulently charged to them or their insurance company.
  • Avoid using professionals who tell you they know how to bill for uncovered services.
  • Do not leave your ex-spouse on your contract after your divorce has been finalized. If you have been ordered by the court to cover your ex-spouse for an extended period of time you must first terminate your ex-spouse from your contract which must be proven via copy of divorce decree and provide new coverage for them under a separate policy or contract.
  • Do not include anyone on your contract that is not legally considered your spouse or dependent.
  • Maintain clear and accurate records relating to your medical history including dates of office visits and prescriptions.

These efforts are making a difference. With your help, we can do even more to preserve healthcare quality and affordability.

If you suspect fraud:


The FEP Fraud Hotline at 1-800-337-8440


The United States Office of Personnel Management
Office of the Inspector General Fraud Hotline
1900 E Street, NW
Room 6400
Washington, DC 20415-1100

Click here to contact the Blue Cross and Blue Shield Plan in your area. 

When reporting suspicions of fraud, please be sure to include the following information:

  • Your name
  • Your contract number, if applicable
  • The date and time of your call
  • A telephone number where you can be reached and the best time to call
  • Email address
  • Be sure to clearly identify the person or entity you are calling about
  • The service dates in question
  • State briefly the nature of your concern or complaint

Medical Identity Theft

The Federal Trade Commission (FTC), the nation's consumer protection agency, recently published the free consumer brochure, Medical Identity Theft. The publication explains how medical identity theft occurs, how it differs from traditional identity theft, offers tips to minimize your risk and how to recover should you experience a theft. To order copies in bulk, please visit bulkorder.ftc.gov.

Additional consumer information from the Federal Trade Commission