Online Privacy Policy - Highmark Health1

We take the issue of online privacy very seriously. And you should, too. All the information we collect from you -- our users -- or that you provide to us is secured and maintained in accordance with a variety of state and federal laws and regulations, as well as our robust corporate standards. What follows are the details, sometimes a lot of them, concerning the information we collect, use, and disclose (and why), and our approach to maintaining your privacy. Transparency is our goal and achieving that and keeping you informed requires some length, so we urge you to read this document in its entirety. 

Some Important Definitions You’ll Need To Understand 

There are key definitions you’ll meet again and again in this document, and you’ll want to understand them up front -- consumer platforms, users, you/your, personal information, and third party/third parties.

  • When we talk about our “consumer platforms” we mean our enterprise websites, mobile applications, social media tools, member and patient portals, and our other affiliated online or digital resources that link to this Online Privacy Policy. Users are also advised that some of our consumer platforms may have separate terms of use/service; users are encouraged to review applicable terms of use/service in addition to this Online Privacy Policy.

    Note on HIPAA and Protected Health Information
    The Health Insurance Portability and Accountability Act (HIPAA) defines how protected health information (PHI) can be used and disclosed. HIPAA requires covered entities to maintain a Notice of Privacy Practices (NPP), which describes how PHI is collected, used, and shared by the entity controlling the platform where the data collection occurred. While PHI can be part of the larger category of personal information, because PHI is regulated by HIPAA, the terms of an NPP will apply to its collection, use, and disclosure rather than this Online Privacy Policy. For example, even though our member and patient portals are included in our consumer platforms, the information collected on these secure portals post-password is subject to HIPAA and an applicable NPP. Links to the NPPs of our affiliated entities are included below for review:

1 Highmark Health includes all wholly and majority-owned subsidiaries and affiliates making up the Highmark Health enterprise, including, among others, Highmark Inc., Allegheny Health Network, HM Health Solutions, HM Home and Community Services, and other diversified businesses such as HM Insurance Group and United Concordia Companies Inc. For purposes of this Online Privacy Policy, Premier Medical Associates is excluded. References to "us," "we," and "our" in this Online Privacy Policy mean Highmark Health.

If you have questions about whether this Online Privacy Policy or an NPP applies to collection, use, or disclosure of information, please contact us using the information provided in section 5 below.

  • Reference to “users” means any individual visiting, using, and/or providing personal information via one of our consumer platforms. In short, “users” equals “you” when you are visiting or using any of our consumer platforms.
  • Similarly, references to “your” in this Online Privacy Policy means individual users. You = your = users.
  • The term “personal information” means any individually identifiable information about a user -- this includes, for example, demographic information such as your name or date of birth; contact information such as address, phone number, or email address; customer-related information such as account number or other identifier; financial information such as payment card or account number for online payments; and digital presence information such as internet protocol (IP) address, click streams (your clicking activity on a page or site), or cookie ID.
  • When we talk about “third party/third parties” we generally refer to non-affiliated companies whose platforms or components we may employ or present to our users, but whose data collection and usage activities we do not control, and which are not governed by Highmark Health’s Online Privacy Policy. It can also refer to other types of entities or bodies that we do not have a contractual or commercial relationship with. We’ll provide some examples of third parties below. 

1. What We Collect


We collect personal information from and about you in a number of ways. We leverage online forms, secure portals, third party links/icons, interactive chat, biometric login, location services, mobile device data, and cookie and tag technologies to collect personal information. 

How you interact with a particular Highmark Health consumer platform will generally determine the type and amount of personal information we collect. For general website browsing, we may capture limited personal information such as your browser type, IP address, device hardware model, as well as server log information such as session time, click streams, and crash reports. For other features, we may need to verify your identity through a login process and collect sufficient personal information to provide a response or administer the service requested. 

What follows below in Sections 1 and 2 are further details regarding the personal information we collect with our information-gathering tools, and our specific and general uses and access to and disclosure of your personal information associated with those tools. 

Online Forms 

Highmark Health invites users to contact us using inquiry forms available on our corporate-owned platforms for account questions or to learn more about our products and services. The personal information we request on inquiry forms generally includes your name, address, phone number, email address, and the details of your inquiry. We may use such information to review and respond to your request or communication, or use contracted service providers to do that for us. We may also use information collected through online forms as stated in Section 2 below. 

Secure Portals 

Highmark Health has established secure portals for use by members and patients. When you access them to review your health and benefit-related information or to contact your health plan or physician’s office regarding certain inquiries, such as reviewing claims or requesting prescription refills, we collect certain personal information, such as your user ID and password, IP address, click streams, and cookie ID. Communications sent by or to members or patients who choose to use these secure portals may also be recorded in transaction logs to monitor content, compliance with applicable law and regulations, or functionality of the services. If the information collected is deemed to be PHI as noted above, its use and disclosure will be subject to HIPAA and an applicable NPP. We may also use information collected through secure portals pre-password as stated in Section 2 below. 

Interactive Chat

Our consumer platforms may offer interactive chat technology to assist users. That interactive technology may collect personal information such as name, date of birth, address, and account number for authentication purposes or to provide specific plan benefit details in a personalized response. It may also capture session-related information such as web logs to document the interaction. If the information collected is deemed to be PHI as noted above, its use and disclosure will be subject to HIPAA and an applicable NPP. We may also use information collected through interactive chat pre-password as stated in Section 2 below. 

Biometric Login 

You may be invited by your mobile device to use fingerprint, facial recognition, or similar recognition and biometric technology to login to our consumer platforms. When a biometric login is enabled, our consumer platforms recognize that you have selected this as a preference and have been authenticated through your mobile device and you are permitted access. When you use biometric login functionality on our consumer platforms, we do not collect any of the actual biometrics (e.g., fingerprints or facial images); that is managed and maintained on your mobile device and by the mobile device manufacturer (e.g., Apple, Samsung). 

Geolocation Functionality 

Our consumer platforms may use the location services functionality on your mobile device and thereby collect your geolocation data. We use geolocation data to assist you in finding local care sites, communicating about geographically-based products and services, and other relevant content based on your location. We may also use information collected through location services as stated in Section 2 below. 

Mobile Device 

Our consumer platforms may collect certain personal information when being run on a mobile device; for example, if one of our mobile applications is downloaded, we may collect information about the device type, its software/operating system, and device identifier. We use this information to assess and analyze information about our general user base and to improve our technical support capabilities. We may also use information collected from your mobile device as stated in Section 2 below. 

Cookies -- yes, we use them 

A cookie is a small text file that is stored on a computer or other internet-connected device when it accesses a digital resource. Cookies can capture user information such as IP address, internet browser and operating system type, the date and time of a digital interaction, session information such as page response times, your search history, saved preferences and password information (if a user elects to have a website remember this information), information about the referring uniform resource locator (URL), click stream to and through and from our consumer platforms, and similar details. 

Highmark Health’s consumer platforms may use first-party cookies (i.e., ones we create) to support our digital resources, monitor their performance, enhance the user experience, and assess information about our user base to help inform our decisions about content delivery. We may gather and use information obtained from first-party cookies to provide customers and prospects with tailored messaging. We may also employ cookies on third party websites to facilitate the delivery of our services and help study users’ activities online over time. 

Highmark Health may use third party advertising cookies to serve our ads on other websites and digital properties. Advertising companies may also use information obtained from cookies placed on your device in order to measure advertising effectiveness and to provide non-Highmark Health advertisements they deem of interest to you on other platforms. If you would like to review and manage and/or opt-out of third party cookies used for targeted advertising, you may navigate to the following links provided by the Network Advertising Initiative ( and the Digital Advertising Alliance ( 

A third party, such as Twitter or LinkedIn, may employ cookies on our consumer platforms to facilitate the delivery of their services and help follow your online activities over time. Subsequent use of cookie data by third parties is subject to their online privacy policy and/or terms of use, and you are encouraged to review those documents. 

Cookies that may be employed on our consumer platforms include the following types: 

  • Strictly necessary: cookies which enable various underlying resource features and functionalities such as authenticating users.
  • Functional: cookies which support enhanced browsing experience and personalization.
  • Performance/Analytics: cookies which help us evaluate the effectiveness of digital resources, understand user patterns, and measure errors.