Alberta Blue Cross® Privacy Policy

Effective Date: October 14, 2019

At Alberta Blue Cross, protecting your personal information and respecting your privacy is important to us. We have developed this policy (‘Privacy Policy’) to explain how we collect, use, and disclose personal information. It is designed to help you obtain information about our privacy practices and to help you understand your privacy choices.

1. Definitions

  • weus, and our means Alberta Blue Cross;
  • you and your means any individual whose personal information we collect, use, and disclose as described in this Privacy Policy; and
  • personal information means any information that on its own or when put together with other information can identify a person but does not include business contact information or anonymous or de-identified data that is not associated with a particular individual.

2. Scope and Application

This Privacy Policy relates to the personal information collected by us, including via our website and mobile applications.

This Privacy Policy applies to you when you:

  • apply for, purchase, or receive our products or services;
  • sign up to be a part of any of our programs, promotions, contests or events; or
  • visit our premises, website, or mobile applications.

This Privacy Policy does not explain how personal information is managed by our online Balance program. Please refer to the Balance Privacy Statement for details on how we collect, use, and disclose your personal information when you use our Balance program.

3. How we limit the collection of personal information

We limit collection of personal information to what is reasonably required to fulfill the purposes for which it was collected.

The type of personal information collected depends on the type of product or service involved:

For example:

  • We may collect your name, date of birth, and contact information to identify you, set you up in our system or communicate with you;
  • If you apply for individual or group benefits, we may collect health or lifestyle-related information, such as your occupation, travel history and plans, and employment information such as place of employment and annual income.
  • We may record or monitor incoming and outgoing calls for quality assurance and training purposes, or to create a record of the information you provided and your instructions;

4. How we collect your personal information

We use different methods to collect your personal information including directly from you, from third parties, through technology, and when you are interacting with us online or through our mobile applications.

A. Directly from you:

We may receive personal information from you, when you provide it to us.

For example:

You may provide personal information to us through a form, in person, by telephone, by email, by our website or other method.

B. From third parties

We may receive personal information about you from other sources that may include:

  • Your employer or third-party administrator, if you apply for group benefits;
  • Third parties we work with to issue and manage our products and services, whether now or in the future;
  • Third parties you allow to disclose information to us, or third-party accounts you allow us to access;
  • Public sources such as government agencies and websites; and
  • With your consent, we may gather personal information from your doctor(s) and health care provider(s), and from other insurance companies to confirm or obtain additional information about you.

In these cases, we take steps to ensure the individual providing the personal information understands their obligations regarding the collection, use, and disclosure of that personal information. We receive your personal information from these other sources with your consent, or if the law requires or permits us to do so.

For example:

When you have a sponsored plan, we may obtain personal information from Alberta Health, your employer, or another representative. They may provide your personal information to us through application forms, a member site, a phone call, or other methods.

C. Through Technologies

We may collect personal information through various technologies used at our offices or branches. These include point of sale systems, video surveillance, and other similar types of technologies which we may use from time to time.

For example:

We use video surveillance in areas surrounding our offices for security purposes, to protect against theft, to prevent damage to our properties, and to prevent fraud.

D. Through our Website and Mobile Applications

We may collect certain types of personal information electronically when you interact with our websites, email, mobile applications, social media accounts, and online advertising, or when you use our or a third-party’s technologies. These technologies include cookies and your internet protocol (IP) address, which can be downloaded when you visit our website or open an email link (see ‘Use of Cookies’).

5. How your consent is obtained

When subscribing to our products and services and/or submitting information to us in connection with our products and services, you are providing your consent to the collection, use, and disclosure of personal information as set out in this Privacy Policy. Your consent may be implied based upon your actions or explicit through an agreement.

A. Directly from you:

When we collect personal information directly from you, we may obtain your consent in writing, verbally, or electronically depending on the method you used to communicate with us.

B. Implied Consent

Your actions may imply your consent.

For example:

  • By presenting your benefits card, you give your consent for health service provider(s) to disclose your personal information to us; and
  • When you apply for coverage under a benefit plan and include your spouse or your dependants, their consent is implied to enroll and cover them under the plan.

6. How you can withdraw your consent

Where you have provided your consent to the collection, use, and disclosure of personal information, you may choose to withdraw your consent under certain circumstances. If you withdraw your consent, we may not be able to provide you with the product or service requested. We will explain the impact of withdrawing your consent to help you with your decision.

You may withdraw your consent to receive electronic or printed documents from us by contacting our office or controlling your preferences on the member site.

If you do not want your calls recorded, you have other options for conducting business with us; for example, by visiting one of our branches, or by writing to us or using the member site.

7. How we use your personal information

We use your personal information:

  • to provide you with programs, products, and services;
  • to manage our business operations;
  • to communicate information we think may be of interest to you; and
  • as permitted or required by law.

If we want to use your personal information for a purpose other than those stated at the time of collection, that new purpose will be documented and if required, we will obtain your consent.

Generally, we may use your personal information for the following reasons:

A. Providing Products or Services

  • To confirm your identity;
  • To identify the browser you use to ensure the best performance of our site;
  • To provide you with information about products and services you request from us;
  • To determine your eligibility for a product or service;
  • To determine and offer other products or services you may be interested in;
  • To fulfill the purposes for which you provided the information to us when it was collected;
  • To initiate a payment of a claim or premium; or
  • To manage the terms and conditions of your benefit plan.

B. Communicating with you

  • To provide you with notices about your account, including expiration and renewal notices and payment details;
  • To provide you with information and updates about products and services you enrolled in;
  • To respond to your questions (for example, to contact you about a question you submitted to our customer service team); or
  • To better manage our relationship with you.

C. Managing our business needs

  • To improve our products and services to better meet your needs;
  • For quality assurance or training;
  • To protect you and us from errors, fraud, or other misrepresentations; or
  • To maintain the security of our employees, customers, and property (for example, through the use of video surveillance).

D. As permitted or required by law

  • To comply with any court order, law, or legal process, including responding to any government or regulatory requests;
  • To carry out our obligations and enforce our rights arising from any contracts with you, including for billing and collection; or
  • To comply with legal requirements.

8. When we disclose your personal information

We may disclose your personal information to our service providers and other third parties for the purposes described in this Privacy Policy and in accordance with applicable law.We limit access to personal information to those individuals in our business that have a valid business reason for accessing the information. We do not sell your personal information.We disclose your personal information to contractors, service providers, and other third parties we use to support our business and who are contractually obligated to keep personal information confidential, to use it only for the purpose we disclose it to them for, and to handle it with the same standards as set out in this Privacy Policy.

A. Service Providers

For example:

  • When you give us your consent to discuss your personal information with a specific person or organization;
  • To third-party service providers to manage your benefits with us;
    • For example: our 24/7 travel assistance provider or life insurance provider
  • To other insurers to determine eligibility for benefits, or to coordinate benefits;
  • To financial institutions to set-up payments for your claims or your plan; or
  • To third-party auditors, consultants, or administrators to fulfill the terms of your benefit plan.

We attempt to limit the number of service providers we use outside of Canada. However, some providers may be located outside of Canada.

  • We may transfer personal information to these service providers for specific services.
  • When we engage a service provider outside of Canada, we require that they are contractually obligated to keep personal information confidential, to use the personal information only for the purpose we disclose it to them for, and to process the personal information with the same standards as set out in this Privacy Policy.
  • Personal information outside of Canada is subject to the laws in the foreign country that may allow law enforcement, courts, and regulatory agencies to access the personal information.
  • If you would like more information on our use of service providers outside of Canada, please contact our Privacy Office.

B. Sale or Transfer of Business

We may disclose your personal information in the event of a merger, sale, or partial sale of our business or assets to a buyer or other successor.

C. Other Permitted Purposes

  • We may disclose your personal information to enforce our agreements with you or your employer, or to investigate and defend ourselves against any third-party claims or allegations;
  • We may disclose your personal information when required by law, subpoena, or other legal reason;
  • We may disclose your personal information when it is reasonably necessary to investigate, prevent, or act against suspected or actual illegal activities, or to assist government agencies; and
  • We may disclose your personal information if we believe the disclosure is necessary or appropriate to protect the rights, property, or safety of Alberta Blue Cross, its customers, or others. This includes exchanging information with other companies or organizations for the purposes of fraud protection.

If we need to disclose your personal information for additional purposes, we will obtain your consent where required by law.

9. How you can access your personal information

You have the right to access the personal information we have about you subject to certain legal restrictions. Upon request, we will provide you with access to your personal information within a reasonable timeframe in compliance with applicable law.

Depending on the information you are requesting, you may be able to receive a copy via telephone inquiry, the member site, or in person. If we are not able to provide the information through our normal channels, we will tell you how to obtain access through a written request.

We may not be able to provide you with all your personal information, as access may be limited or prohibited by privacy legislation.

For example:

  • If the release of the information would reveal personal information about another individual;
  • If the release of the information would reveal the identity of an individual who has provided a confidential opinion about another individual;
  • If the information is protected by any legal privilege;
  • If the information was collected for an investigation or legal proceeding; or
  • If the information has been destroyed, erased, or made anonymous in accordance with our record retention obligations and practices.

If we cannot provide you with all or part of your personal information, we will inform you of the reason why and provide you with a contact to answer your questions. We will also provide you information on how you can request a review of our decision.

Your personal health and medical information should be obtained through your physician or health provider in accordance with Alberta’s Health Information Act.

10. How you can correct your personal information with us

We rely on you to keep your personal information up to date and accurate. If you notice any errors in your personal information or if you need to update it, please contact us.You may challenge the accuracy and completeness of your personal information and request it be amended.

You can contact us via telephone, the member site, or in person to update your personal information.

If you have a group plan, ensure your employer or third-party administrator has your updated personal information as well.

If we are unable to update your personal information, we will explain why, and we will make note of your requested correction(s). We will also provide you with a contact to answer your questions, and information on how you can request a review of our decision.

11. How we secure your personal information

We use a variety of administrative, physical, and electronic safeguards designed to provide reasonable protection of your personal information from accidental loss including unauthorized access, disclosure, copying, use, and modification.

Where appropriate, we use various safeguards including:

  • Physical Safeguards: such as our building security measures;
  • Organizational Safeguards: through our policies, practices, and access levels, including:
    • Limiting access to personal information to those employees, contractors, and third parties who use the information for one of the identified purposes;
    • Requiring our employees and contractors to complete annual privacy training and to agree to comply with our Privacy Policy; and
    • Making reasonable efforts to ensure third-party service providers have appropriate security to protect your personal information.
  • Electronic Safeguards: by using various technological methods including:
    • Passwords: If you use a password to access our web services, you are responsible for keeping the password confidential to prevent unauthorized access, disclosure, copying, use, and modification through the web service;
    • Multi-Factor Authentication, which is a method of confirming your identity by using more than one way to authenticate you; for example, asking for your password and a code that is sent to your email address or phone number;
    • Anonymization, which is the process of altering your personal information so that it can no longer be used to identify you (See ‘Combined Data’);
    • Masking, which is the process of modifying your personal information so that the structure remains the same, but the content is no longer identifiable;
    • Encryption, which is the process of obscuring your information to make it unreadable without the use of a code or a key; and
    • Logging and monitoring, which is the process of tracking, recording, and monitoring activity related to the access and/or use of your accounts or personal information.

12. How long we keep your personal information

We keep your personal information for a reasonable period of time after it is no longer needed to fulfill the purposes identified, or for purposes required by law.

Once your personal information is no longer needed, it will be securely destroyed or anonymized so that it no longer identifies you, in accordance with our record retention obligations and practices.

We reserve the right to use anonymous information for legitimate business purposes without further notice to you and without your consent.

If your information is collected directly by a third-party, it will be retained in accordance with the privacy policy and record retention policy of that third-party.

For example:

We may securely destroy or anonymize your personal information after we:

  • Manage the products and services we provide to you;
  • Fulfill reporting or accounting requirements; and
  • Comply with legal and regulatory requirements.

13. Combined Data

Under some circumstances we may make your personal information anonymous. The data will no longer be associated with you. We may use this anonymous information for valid business reasons without further notice to you and without your consent.

We may combine anonymous information to create a collection of data that may be used or disclosed in the following ways:

  • To understand overall user needs to design new products and services;
  • To perform research and studies aimed at improving our products, services, and technologies;
  • For clinical research, market research, education, and other related projects; and
  • Where you are part of a group health benefits program, for your employer to gauge the health of their organization and identify areas for wellness interventions.

14. Use of Cookies

Cookies are small text files placed on your device to store data that can be recalled by the web server in the domain that placed the cookie. The cookies we use do not store personal information about you. We do not link non-personal information in a cookie to personally identifiable information. We do not use cookies to collect or store personal health information about you.

Our website assigns each computer with a different cookie for select purposes, for example:

  • To collect anonymous statistical information to help us understand the website use. For example: traffic patterns, pages visited, number of clicks, average time spent on a page;
  • To honour your preferences and settings to speed-up load time of our pages;
  • To enhance the security features of some of our web sites;
  • To improve the websites to provide better service;
  • To help develop interest-based advertising; and
  • To show us how many people opened a link in an email.

For your use of the member site, your browser must be set to accept cookies due to the enhanced security features for these sites.

You can control cookies by setting your preferences on your browser. We suggest using the help button on your computer or web browser to find out more on how to set the browser to notify you about cookies.

15. Changes to this Privacy Policy

We reserve the right to update this Privacy Policy at any time to reflect changes to our business practices or applicable laws. We include an “effective date” on the revised Privacy Policy which indicates when the changes become effective.

If the revised Privacy Policy makes material changes to how we treat your personal information, we will provide you advance notice of the changes by posting a notification of the revised Privacy Policy on our website. We may also notify you of the changes by using email or other means.

By continuing to participate in our programs and/or use our services or purchase our products after the effective date of the revised Privacy Policy, you are accepting changes to this Privacy Policy.

16. Contacting Our Privacy Officer

If you have any questions about this Privacy Policy or how we handle your personal information, please contact us at:

Alberta Blue Cross Privacy Officer:

Email: privacy@ab.bluecross.ca

Note: Email is not a 100% secure medium. Please consider the type of personal information you are sending to us when contacting us via email.

Address:

10009 – 108 ST NW

Edmonton, AB

T5J 3C5

Phone: 1-855-498-7302

To report a privacy concern anonymously, use our Alberta Blue Cross Fraud, Privacy and Ethics Reporting service.