Privacy Policy - HIPAA Requirements

Blue Cross of Idaho respects the privacy of our members and maintains confidentiality of information as required by the Health Insurance Portability and Accountability Act (HIPAA).

Nearly all the information we deal with is considered Protected Health Information (PHI) under HIPAA, including a member's name and address. In order to serve your individual clients and communicate with Blue Cross on their behalf, our brokers/agencies are required to sign a Business Associate Agreement (BAA). If you are appointed with Blue Cross through an agency, the agency will have signed the BAA. Without a BAA, you have to provide us with a HIPAA Authorization Form signed by the member before we can discuss that member's information with you.

To service a group client, you or your agency must also sign a BAA with the group before we can discuss or release information regarding that group's members. The level of information that can be disclosed is dependent upon the group's size and the HIPAA obligations the group is willing to accept, as follows:

Level 1: Enrollment/Disenrollment Information
Level 2: Summary Health Information — no member/subscriber level information
Level 3: Protected Health Information (PHI) — member level detail

A group or group broker can also receive and/or discuss specific member information (PHI) with the group enrollee's permission via a HIPAA Authorization Form.

The Health Information Technology for Economic and Clinical Health Act (HITECH Act) encourages a much broader use of health information technology, particularly electronic health records, with the goal of having an electronic health record for everyone by 2014. The HITECH Act includes greater privacy and security requirements to help incentivize this effort. Portions of the HITECH Act extend HIPAA privacy and security requirements to Blue Cross of Idaho business associates — which means brokers can incur substantial monetary fines for security breaches that lead to a leak of personal health information. For more information on the HITECH Act and how it affects you, please refer to the FAQs or visit

If you have any questions regarding a privacy issue or the HIPAA status of a group, please contact your local district office.