Skip to main content
MyBlue®:

Mobile App Privacy Policy

The following terms and conditions govern your use of the fepblue.org website and the MyBlue Portal.

The MyBlue Mobile App (“Mobile Application”) is hosted and operated by Blue Cross Blue Shield Association (“BCBSA”) as part of its contract with the Office of Personnel Management (“OPM”) to administer the Federal Employee Program (“FEP”). As such, some information collected through the mobile application may be considered “protected health information” (“PHI”), as that term is defined in the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) and its implementing regulations. For more information about HIPAA and BCBSA compliance, click here. The purpose of this Mobile Application Privacy Policy (“Policy”) is to let you know how we handle the information collected through the use of this Mobile Application.

Your privacy is important to us. BCBSA maintains high standards for the protection of your privacy on this Mobile Application. Here is what you can expect when you use this Mobile Application:

  • Other than to fulfill a request from you, or to provide you information or services as part of your contract for health benefits, we won’t sell, rent, or share any PHI you provide without your consent.
  • We won’t send you unsolicited email (“spam”) without your consent.
  • No PHI collected on this Mobile Application will ever be used to affect your health insurance coverage by or premiums paid to a Blue Cross and Blue Shield company.

 

This Policy is in addition to the Privacy Policy for the MyBlue PortalHIPPA Notice of Privacy Practices for the Service Benefit Plan and the HIPPA Notice of Privacy Practices for OPM. Please remember that this Policy only covers the data collection and use practices for this Mobile Application. BCBSA’s privacy policies may differ at its other websites or in its offline data collection and reporting practices. Questions regarding the privacy policy of an independent, local Blue Cross and Blue Shield company should be directed to that company. Each of our business partners have separate privacy policies.

To use all of the features of this Mobile Application, you must have an active MyBlue account and sign in using that account information.

 

Information Collection

This Mobile Application may access or collect personal and non-personal information. This information is accessed and collected in a variety of ways, including through the operating system of your mobile device and through information you voluntarily provide through this Mobile Application.

This Mobile Application may collect the following information:

Information that Identifies You

  • Information you voluntarily provide, which may include account information, name, email address, user credentials, age, address, and/or phone number
  • Health, medical, or therapy information, including PHI
  • Information provided by BCBSA, an affiliate, or a business partner
  • Location Data such as GPS, WiFi, or wireless carrier network information and/or location.

What You Do On Your Device When You Are Using This Mobile Application

  • Camera use
  • Local storage
  • Phone dialer
  • Use of screen, such as what points are touched, frequency, etc.
  • Patterns of app usage

Device or System Data

  • Mobile Device Identifier, e.g., UDID, Android ID
  • Technical information about your device and system and application software, e.g., type of phone, operating system (OS), and IP address

We obtain location data from your device to provide location-related services, e.g., finding a provider near you, via this Mobile Application. We do not store information about your location after the service is performed. Your location information may be shared with third-parties that we have hired to perform the location-based services of the Mobile Application, such as Provider Finder. You can withdraw consent to use precise, real-time or network location data at any time by turning off the location-based feature on your mobile device or by opting out of using any location-based features, such as Provider Finder. If you withdraw consent, functionality associated with precise, real-time or network location, such as Provider Finder, may be limited. For more information, please see the Your Choices section below.

We may obtain from your wireless network carrier your mobile number, name, address, email, network status, customer type, customer role, billing type, mobile device identifiers (IMSI and IMEI) and other subscriber details, if available, solely for identity verification purposes.

 

Information Uses

We may use your information that we collect unless restricted by this Policy or by law. We may use this information for a number of purposes, such as processing your requests or personalizing health products and services for you and/or for site optimization and analytics. To the extent information is used consistent with this Policy or law, we may use the information directly or through third parties, including but not limited to business partners and third-party vendors.

Your personal information will be retained in accordance with our record retention policies, subject to legal requirements, and for the purposes described in this Policy. Your personal information will be stored in a secure environment and used to provide the product, service, or information you have requested or for which you registered, or to provide you information or services as part of your contract for health benefits. Your personal information and any non-personal information that we collect in aggregate form will not affect your insurance coverage, eligibility, premiums, or claims payment by any Blue Cross and Blue Shield company. Any non-personal information collected and stored in the aggregate form is used to maintain or improve this Mobile Application.

The list below outlines some examples of how we may use the information that we collect:

  • To verify your identity.
  • To provide the services and functionality offered by this Mobile Application.
  • To respond to requests from you.
  • To provide you information or services as part of your contract for health benefits.
  • To customize your experience on this Mobile Application, including managing and recording your preferences.
  • To process an application as requested by you.
  • To administer BCBSA surveys and promotions.
  • To perform analytics and to improve our products and Mobile Application.
  • To develop reports regarding usage, activity, and statistics.
  • To comply with applicable laws, regulations, and legal process.
  • To protect someone’s health, safety, or welfare.
  • To protect our rights, the rights of affiliates or related third-parties, or take appropriate legal action, such as to enforce the Terms and Conditions.
  • To keep a record of our transactions and communications.
  • To facilitate the provision of software updates and product support.
  • To improve products and other services related to this Mobile Application or to provide services or technologies to you.
  • To connect non-personal information we collect through this Mobile Application with personal information you provide to us.
  • To contact you through information you provide through this Mobile Application, including any email address, telephone number, cell phone number, text message number, or fax number. For more information, please see the Online Communications Practices section below.

Information Sharing

We will only share your personal information with third parties as outlined in this Policy and as permitted by law. We may share the non-personal information that we gather and store in the aggregate form with other areas in BCBSA, local Blue Cross and Blue Shield companies, our business partners, or with companies we hire to help us administer, maintain, or improve this Mobile Application. Unless you specifically consent to let us do so or as otherwise outlined in this Policy, your personal information, including your email address, will not be sold, rented, licensed, or otherwise shared with third parties, other than Blue Cross Blue Shield companies or business partners as required to fulfill a request from you or to provide you information or services as part of your contract for health benefits.

The list below outlines some examples of how this Mobile Application may share information with the following entities:

  • To third parties at your direction and as described in this Policy and the MyBlue Terms and Conditions.
  • If all or part of BCBSA is sold, merged, dissolved, acquired, or in a similar transaction.
  • As required by law or to comply with a judicial proceeding, subpoena, court order, or other legal process.
  • As permitted under the law to cooperate with law enforcement authorities in investigating and prosecuting activities that are illegal, violate our rules, or may be harmful.
  • With other companies that perform services on our behalf or that we collaborate with. For example, we may hire a company to help us send and manage email, and we might provide the company with your email address and certain other information in order for them to send you an email message on our behalf. Similarly, we may hire companies to help us operate our Mobile Application and related computer and software applications, including performing analytics. Or, we may share your email address and name with your mobile operating system in order for you to access the Mobile Application. Additionally, we may share information with our business partners, who work with BCBSA to provide you benefits and services. Each subcontractor that will receive any PHI to perform a service on our behalf has signed an agreement that binds them to the same restrictions on use and disclosure of your PHI with which we comply.
  • Within BCBSA, we may also combine personal information that you provide us through this Mobile Application with other information we have received from you, whether online or offline, or from other sources such as from our vendors.

Analytics and Online Tracking

We may use various technologies to gather information from our users, such as which Mobile Application features are used and the frequency of use. We may also allow third party service providers to collect such information to provide us with analytics information. This information is automatically generated and may be combined with personal information about you.

 

Reviewing Your Information

This Mobile Application may permit you to view your user profile and related information and to request changes to such information. If this function is available, we will include a page or heading such as “My Profile” or similar words. Navigating to that portion of the Mobile Application will take you a page through which you may review such information.

 

Information Security

We maintain administrative, technical, and physical safeguards designed to help us protect the personal information that you provide. Notwithstanding these efforts, we cannot guarantee the confidentiality and security of this Mobile Application. Please be advised that the confidentiality of any communication or material being transmitted using the public Internet or non-secure Internet electronic mail cannot be guaranteed, and notwithstanding our security safeguards, we cannot guarantee the confidentiality and security of electronic communications. If you wish to keep your communications to us private, you should not communicate to us using this Mobile Application.

In addition to the administrative, technical, and physical safeguards that we employ, the confidentiality and security of your information depend on you, as well. If you choose to use a persistent log-in, for example, having your user name or password be remembered, others may be able to access information through your mobile device. If you are concerned about the unauthorized use or disclosure of information via your mobile device, you should lock your mobile device when not in use or elect to not use the persistent log-in feature. Some information you provide to this Mobile Application will be stored locally on your mobile device. To prevent unauthorized use or disclosure of information via your mobile device, you should lock your mobile device when not in use or elect to not use the persistent log-in feature. Additionally, you are responsible for keeping all passwords used to access this Mobile Application confidential. Under no circumstances should you share your password with or provide access to this Mobile Application for an unauthorized person or entity.

 

Our Online Communication Practices

We send communications in accordance with this Policy and applicable laws. We may use cookies or other technologies to monitor whether you open and/or click on URLs in email communications such as newsletters. We offer you appropriate consent mechanisms for communications, such as an opt-in or an opt-out. Please be aware that consent mechanisms may not apply to certain types of communications, such as account status, site updates, and other communications.

 

Your Choices

You may choose how we collect and use certain information about you:

Location Information: As described above, you can withdraw consent to use precise, real-time or network location data at any time by turning off the location-based feature on your mobile device or by opting out of using any location-based features, such as Provider Finder. If you withdraw consent, functionality associated with precise, real-time or network location, such as Provider Finder, may be limited. It is your choice whether or not to allow us to collect such information.

Other Sensitive Information: This Mobile Application may deal with other sensitive information, such as health information. For example, through certain functionalities, such as storing your digital ID card on your device or another application or sharing a PDF of your digital ID card with a person or entity of your choosing, you may direct the Mobile Application to share such information with third parties. When you share such information outside of this Mobile Application, we cannot guarantee the security of the information. It is your choice whether or not to provide to us or to share such sensitive information.

Other Websites and Platforms: If you choose to use any of the links we provide to our member companies, sponsors, and other third-party resources, you will be leaving this Mobile Application and going to a new site or platform. Protection of your privacy at those other sites or platforms will be governed by the privacy policy at that site or platform. Please take the time to read the privacy policies at these third-party sites or platforms. When you go to a third-party site or platform, this Policy does not apply; instead, the policy of the third-party site applies. It is your choice whether or not to leave this Mobile Application and go to third-party sites or platforms. We have business relationships with our member companies, sponsors and other third party resources. These linking relationships are not a form of advertising or promotion, but part of the unique set of benefits available under the Blue Cross and Blue Shield Benefit Plan and the BCBSA. The links to other website within this Mobile Application are not of an advertising or promotional nature.

 

Information for Children Under 13

This Mobile Application is not for individuals under the age of 13 unless the individual’s parent or guardian has provided consent. We do not knowingly collect or use personal information from children under the age of 13 without the consent of a parent or guardian. If we learn we have collected or received personal information from a child under 13 without consent from a parent or guardian, we will delete that information. If you think that we have collected personal information from a child under the age of 13 through this Mobile Application, please contact us.

 

Effective Date

Effective Date of this policy is March 19th, 2022.

 

Your Acceptance of This Policy

By using this Mobile Application, you signify your acceptance of this Policy. If you do not agree to this Policy, please do not use this Mobile Application. Your continued use of this Mobile Application following the posting of changes to this Policy will be deemed your acceptance of those changes.

 

Changes to this Policy

We may update this policy from time to time. When we do, we will post the current version and we will revise the version date shown on in this policy. We encourage you to periodically review this policy so you will be aware of our privacy practices. 

 

European Union General Data Protection Regulation 

Effective Date: March 19th, 2022

The European Union (EU) General Data Protection Regulation (GDPR) is a privacy regulation intended to strengthen and unify data protection throughout the EU. The effective date of the regulation is May 25, 2018. You can find BCBSA’s EU GDPR Privacy Policy here.

 

© 2000-2022 Blue Cross Blue Shield Association. All Rights Reserved. Revised 2022.