Blue Cross Blue Shield of Michigan WEB SITE

PRIVACY POLICY

Effective Date: July 1, 2019

SUMMARY OF PRIVACY POLICY

THIS WEB SITE IS HOSTED FOR Blue Cross Blue Shield of Michigan ("PLAN") BY Carenet Healthcare Services LLC AND ITS SUBCONTRACTORS ("Carenet Health")

WHEN YOU USE THIS SITE, Carenet Health WILL HAVE ACCESS TO ANY PERSONAL OR HEALTH INFORMATION ("INFORMATION") YOU SUBMIT TO THE SITE AND WILL BE COLLECTING, USING AND DISCLOSING THAT INFORMATION ON BEHALF OF PLAN TO PROVIDE YOU THE PLAN SITE SERVICES

Carenet Health MAY PROVIDE YOU WITH CONTENT OR MESSAGING ON BEHALF OF PLAN BASED ON THE PAGES YOU VISIT IN THE SITE, THE INFORMATION YOU SUBMIT AND THE SEARCHES YOU PERFORM ON THE SITE, BUT DOES NOT TRACK YOUR MOVEMENTS TO OTHER WEBSITES

THIS PLAN SITE PRIVACY POLICY IS SEPARATE FROM THE PLAN HIPAA NOTICE OF PRIVACY PRACTICES AND PROVIDES MORE DETAIL ABOUT HOW Carenet Health WILL USE AND DISCLOSE YOUR INFORMATION IN PROVIDING THE PLAN SITE SERVICES ON BEHALF OF THE PLAN

Carenet Health ALSO MAY HAVE ACCESS TO OTHER INFORMATION THAT PLAN HAS ABOUT YOU, LIKE YOUR CLAIMS INFORMATION, IN ORDER TO PROVIDE CUSTOMIZED COMMUNICATIONS AND MATERIALS TO YOU AND TO ALLOW YOU ONLINE ACCESS TO YOUR INFORMATION

Carenet Health IS REQUIRED, AND HAS AGREED, TO PROTECT YOUR INFORMATION IN ACCORDANCE WITH THE FEDERAL PRIVACY LAW CALLED HIPAA AND OTHER APPLICABLE PRIVACY, SECURITY AND OTHER LAWS

PLAN ALSO WILL HAVE ACCESS TO ANY INFORMATION YOU SUBMIT THROUGH THIS WEB SITE AND MAY USE THAT INFORMATION IN ACCORDANCE WITH THE PLAN HIPAA NOTICE OF PRIVACY PRACTICES

Carenet Health ALSO HAS AGREED TO USE AND DISCLOSE YOUR INFORMATION ONLY IN ACCORDANCE WITH THE PLAN HIPAA NOTICE OF PRIVACY PRACTICES, SO UNDER ANY CIRCUMSTANCES, THE PLAN HIPAA NOTICE OF PRIVACY PRACTICES WILL GOVERN HOW YOUR INFORMATION IS USED AND DISCLOSED

INTRODUCTION

This Blue Cross Blue Shield of Michigan ("PLAN Site" or "Site") is hosted and operated on behalf of PLAN by Carenet Health and its PLAN Site subcontractors ("Carenet Health"). PLAN has a contract with Carenet Health to provide certain care management services to PLAN members ("Members"), including the services and health tools made available through the PLAN Site. If you are not a PLAN Member or the legally authorized representative of a PLAN Member, you do not have authority to use this Site.

PLAN and Carenet Health respects your privacy and takes privacy very seriously. This PLAN Site Privacy Policy ("Privacy Policy") tells you how Carenet Health protects, collects, uses, discloses and stores the personal information you submit through the PLAN Site in order to provide you the PLAN Site Services on behalf of the PLAN.

The PLAN Site Privacy Policy is distinct from PLAN's HIPAA NOTICE OF PRIVACY PRACTICES, which describes in detail overall how the PLAN uses and discloses your individually identifiable health information ("Information"). As PLAN's business associate, Carenet Health has agreed that its collection, use and disclosure of your Information on behalf of PLAN will be done in accordance with the PLAN's HIPAA NOTICE of PRIVACY PRACTICES. Thus, in the event of any inconsistency between this Privacy Policy and the PLAN's HIPAA NOTICE OF PRIVACY PRACTICES, the PLAN's HIPAA NOTICE OF PRIVACY PRACTICES shall govern.

In general, a reference to "Carenet Health", "we" or "our" in these Terms of Use means Carenet Health and also shall include Carenet Health PLAN Site subcontractors unless another meaning is expressly noted. And, when Carenet Health and Carenet Health PLAN Site subcontractors both are referenced, it generally will be for purposes of enhancing clarity or for emphasis. A reference to "Member", "you" or "your" will mean you, the Member using this Site, or a legally authorized representative using the site on a Member's behalf.

TOOLS AND SERVICES ON THE SITE

The PLAN Site services and health tools supported by Carenet Health include live chat with nurses and other professionals ("Live Chat"), secure messaging ("Messaging") for communication with the PLAN, an interactive Symptom Advisor ("Symptom Advisor"), a health calendar for recording important dates and appointments ("Health Calendar"), on-line healthcare information, patient education, and related products, services and content (collectively the "PLAN Site Services").

You can tell when you are on a Carenet Health-supported site or using a Carenet Health-supported health information tool because the bottom of the webpage will be labeled "Powered by Carenet Health." If you are on a Carenet Health PLAN Site subcontractor-supported site or using a tool supported by a Carenet Health PLAN Site Subcontractor, the bottom of the webpage will be labeled by the respective Carenet Health PLAN Site subcontractor, but the site will still carry the Blue Cross Blue Shield of Michigan logo so that you know this Privacy Policy still applies.

ABOUT THIS PRIVACY POLICY AND CHANGES TO THIS POLICY

We understand the importance of your privacy and respect the confidential nature of your personal information, including Information related to your health. For that reason, we have made efforts to ensure that your use of the Site is secure and private. The following material will help you understand:

Your use of the Site and/or any services or health tools on the Site constitutes your acceptance and consent for the use and disclosure of personal information provided to us as outlined in this Privacy Policy. IF YOU DO NOT AGREE TO ALL THE TERMS OF THIS PRIVACY POLICY, PLEASE DISCONNECT FROM THIS SITE NOW.

We reserve the right to update or change this Privacy Policy at any time and for any reason and will post the modified Privacy Policy on this Site. If the change increases the Information we collect, or expands how we use or disclose your Information in a material way, we will notify you in advance of that change and you may choose whether to "opt-in" to the new Information practices. If you choose not to "opt-in" to the new practices, we will continue to make this Site available to you as long as we can provide that functionality in accordance with the Privacy Policy as it existed on the date your Information was collected. It is possible that in the future we will not be able to provide the PLAN Site Services under an older Privacy Policy.

If we change or update this Privacy Policy in a way that does not affect the way we collect, use or disclose your Information, we will post the new policy on this Site and your continued use of this Site after that posting constitutes your agreement to be bound by any such revisions. You should check this Privacy Policy frequently for the most recent version. The date of the last update to the Privacy Policy is stated at the top of this document as the policy Effective Date.

INFORMATION COLLECTED

The kind of information we collect about you depends greatly on how you choose to use the Site. To take advantage of our PLAN Site Services, you will need to fill out the Site membership registration, which asks for certain personal information. In particular, we may ask for your health plan member identification number, home address, date of birth, gender, telephone number and E-mail address. All this information will be retained by us and makes up your "Personal Profile," which will be associated with the username and password you choose.

When you use the various PLAN Site Services, we collect the Information you provide specific to the service or health tool you use, including the health information you share with us. Some services, like Symptom Advisor Messaging, and Health Calendar store the Information provided. Live Chat does not store your chats, but the nurse or other professionals with whom you chat may create records based on the information you share in your chats.

PLAN also may disclose to us Information about your medical condition or other health information that allows us to tailor PLAN Site Services to your specific individual needs and provide content and services designed for you.

In addition to the Information you choose to share with us or the PLAN provides to us, our system is set up to gather certain technical data to help PLAN better understand how the Site is being used and how we and PLAN can improve the PLAN Site Services. This automatically gathered information includes your computer's IP or "Internet Protocol" address, statistics about how you navigate through our site, and information provided through the use of cookies (which are described in more detail below under "Your Options"). We link the Information we obtain through cookies with the personal information we have about you in order to better tailor the PLAN Site Services we provide to you.

The PLAN Site does not include third-party advertisements or contain third-party cookies through which third parties that are not Carenet Health PLAN Site subcontractors could collect your personal information.

Finally, as you visit our Site, please be aware that we may provide links to third-party websites that are not powered by Carenet Health or a Carenet Health PLAN Site subcontractor, and these third-party sites may at times gather information from or about you. We have no control over the privacy practices of these third-party websites and recommend that you investigate the practices of those sites before submitting any Information through them.

CHILDREN UNDER 18; MINORS

PLAN and Carenet Health are committed to protecting the privacy of minors. We do not knowingly collect Information from children under the age of 18 or minors. We do, however, collect the personal information that a parent or legally authorized representative may submit to us about a minor. The parent or legally authorized representative also assumes full responsibility for the interpretation and use of any information or suggestions provided through PLAN Site Services for the minor.

USE OF INFORMATION

It is important for you to know how your Information will be used before you decide what to disclose. We will not use your information for purposes other than as set forth in this Privacy Policy unless you give us your permission or we are legally compelled to do so, such as by a subpoena or court order. In addition, under any circumstances, we will use your Information only as authorized by PLAN under our HIPAA business associate agreement.

To Evaluate What PLAN Site Services to Make Available to You: We may use the Information you submit or that PLAN provides to determine appropriate PLAN Site Services for you. The information we have gathered about you may include information about your current or prior health conditions. We will tailor the material and follow-up communications we provide you based on the Information we have from or about you, including the Information in your Personal Profile and other tools you use. The tailored material and follow-up communications we provide you may include useful information that may be relevant to one or more of your current or prior health conditions. These communications will originate either from Carenet Health or the Plan.

To Provide PLAN Site Services to You: We may use the Information that you submit or that PLAN provides to us to provide the various PLAN Site Services to you. Follow-up communications may include contact with Carenet Health to provide you with appropriate clinical care management and coaching. We may also use information about your use of the PLAN Site Services to 1) respond to requests for information from PLAN; 2) provide you with information regarding other PLAN Site Services; and 3) respond to your inquiries regarding PLAN Site Services.

To Contact You: The Information you provide or that the Plan discloses to us may be used to send you personal e-mails or Messaging, including information regarding common medical and health related topics or preventive care messages containing specific medical and health related information, links to other related websites and specific information related to the PLAN Site.

CHILDREN UNDER 18; MINORS

We will not disclose your information for purposes other than as set forth in this Privacy Policy unless you give us your permission or we are legally compelled to do so, such as by a subpoena or court order. In addition, under any circumstances, we will disclose your Information only as authorized by PLAN under our HIPAA business associate agreement.

To PLAN: We may disclose all Information that we collect from or about you to PLAN. PLAN will use and disclose this Information in accordance with the PLAN HIPAA NOTICE OF PRIVACY PRACTICES.

Carenet Health Employees: We disclose your Information to our employees who have a need to know in order to perform their duties to enable us to provide the PLAN Site Services. Those employees receive training on our privacy and security obligations as set forth in this Privacy Policy.

Carenet Health PLAN Site Subcontractors: Carenet Health and its PLAN Site subcontractors that provide all or part of one or more of the PLAN Site Services disclose your Information to each other to the extent reasonably necessary to enable each of us to provide those services. These PLAN Site subcontractors have each signed an agreement that binds them to the same restrictions on use and disclosure of your Information that are imposed by PLAN on Carenet Health. This Privacy Policy also applies to any of your Information that is collected or received by those PLAN Site subcontractors, which subcontractors are included in the definition of "Carenet Health" for purposes of this policy.

Carenet Health Operations and Maintenance Subcontractors: Subcontractors that provide operations and maintenance (O&M) services related to the Site and Carenet Health's ability to provide the PLAN Site Services sometimes have limited access to your Information in performing their duties. These O&M subcontractors are vendors and suppliers that provide products and services to Carenet Health (including to PLAN Site Subcontractors) such as information technology products and printing services that may require some access to the information stored by Carenet Health. Access to your Information by these O&M subcontractors is limited to that necessary for their provision of products and services and they are contractually bound to protect the privacy and security of your Information and not to use or disclose it for any purpose other than providing us the products and services.

In the Event of Merger or Acquisition: Carenet Health (including one or more of its PLAN Site subcontractors) may merge with another company or be acquired in whole or in part by another company. In that event, the transaction may involve the transfer of your Information to the new company in the event the new company assumes Carenet Health's contract with the PLAN for providing the PLAN Site Services (or with respect to a PLAN Site subcontractor, that subcontractor's contract with Carenet Health), but the new company would also be subject to the provisions of this Privacy Policy and the PLAN's HIPAA NOTICE OF PRIVACY PRACTICES.

INFORMATION SECURITY

In order to maintain the integrity and security of your personal information, we will ask for or transmit information involved in the PLAN Site Services only over secure Internet connections, using SSL (Secure Sockets Layer) encryption - the recognized standard for online security. In certain cases we may send you e-mails to the e-mail address in your Personal Profile that informs you that you have a secure message on the Site or provides other generic information, and these e-mails may not be as secure if your browser does not support SSL. While these messages will not contain sensitive information, you may want to be careful about accessing your e-mail using a browser that does not support SSL or providing us an e-mail account that is accessible to others. We also have implemented other administrative, technical and physical safeguards to protect the privacy and security of your Information, such as firewalls, limited access to our servers, security policies and procedures, employee training, back-up systems and disaster recovery plans.

Of course, we appreciate your help in safeguarding the integrity of your own privacy. It is your responsibility to keep your username and password confidential and safe from discovery by others, and close your browser after using our site to ensure that later users of your computer cannot return to pages displaying your personal information. Just as important, we encourage you to let us know immediately if you suspect that the information you share with us is being used in any way contrary to this Privacy Policy. To contact us you can send a feedback message using the Feedback/Support site features.

YOUR OPTIONS

Reading this Privacy Policy and the PLAN HIPAA NOTICE OF PRIVACY PRACTICES should help you understand how any information you share with us might be used and/or disclosed. If you are concerned about any of these uses or disclosures, you may elect not to participate in some of the PLAN Site Services.

Cookies: Cookies are small files that we send to and store on your computer for the duration of the Internet browser session so that we may provide customized content as you visit the Site. PLAN Site cookies are used to keep track of your information for your own convenience. Cookies also help us and the PLAN understand the demographics of PLAN Site and their traffic patterns within that Site. We use session cookies to track your movements within the Site and searches you perform in order to customize the PLAN Site Services. We do not track your movements to, across or on other websites. If you are concerned about the cookies that are sent to your computer, you may either choose to reject them automatically, or have your computer prompt you before accepting them. This is done by selecting the appropriate cookies setting on your web browser, usually found in "Internet Options" or "Preferences." Please note, however, that many features of the PLAN Site Services depend on the use of cookies. Therefore, you will be unable to take advantage of those features if you choose not to accept cookies.

Personal Profile: You may view and edit your Personal Profile at any time. You may also contact your PLAN customer service department by calling the number located on the back of your Member ID card.

Opt Out of Receiving E-mails: If you make a request to receive information, including Secure Messaging Notification e-mails, through this Site by providing your e-mail address, you also may make a request to discontinue any future such mailings. Also, if you receive information about the PLAN Site through e-mail, you may make a request to discontinue receiving such messages in the future. Information sent to you by e-mail will contain information about how you may opt out of receiving such e-mails.

YOUR INDIVIDUAL RIGHTS

Because the Information collected through your use of the PLAN Site is collected on behalf of PLAN, the individual rights you have to access, correct or modify your Information that are set forth in the PLAN's HIPAA NOTICE OF PRIVACY PRACTICES may apply to some or all of this Information. Please consult that notice for a description of those rights and how to exercise them.

SCOPE OF THIS PRIVACY POLICY

This Privacy Policy only applies to this PLAN Site, including those PLAN Site Services provided by Carenet Healthcare Services LLC and its PLAN Site subcontractors.

Links to Third Party Websites. Our pages may contain links to websites that are owned and operated by third parties that are not PLAN Site subcontractors. These third-party websites are outside our control. Please be aware that these third-party sites may collect information about you, and that they operate according to their own privacy practices. We encourage you to become familiar with any posted privacy policy on these third-party sites before submitting any personal information.

QUESTIONS?

If you have questions about this Privacy Policy, you may contact us by using the Feedback/Support features on the PLAN Site. This Site is owned and operated by Carenet Health and is made available to you on behalf of PLAN.