HIPAA Compliance Statement

What is this about?

This information lets you know that we meet the federal requirements for the security and privacy of your protected health information.


In 1996, Congress passed the Health Insurance Portability and Accountability Act (HIPAA) and provided important security measures for protected health information (PHI).

In 2009, Congress passed the Health Information Technology for Economic and Clinical Health Act (HITECH), and The U.S. Department of Health and Human Services (HHS) published the Interim Final Rules. The Interim Final Rules strengthen the privacy, security and enforcement provisions around protected health information (PHI) compliance.

In 2013, The U.S. Department of Health and Human Services (HHS) published the HIPAA Final Rule. See the highlights of the rule below:

  • Genetic information is now protected health information (PHI). The Genetic Information Nondiscrimination Act (GINA) governs the use of genetic information. 
  • The rule provides guidance for the sale of protected health information (PHI) and the use of protected health information (PHI) for marketing.
  • The rule requires us to explain certain rights through Our Notice of Privacy Practices. We will let members know when a new Notice of Privacy Practices is available.
  • Business associates need to follow the security rule and most provisions of the privacy rule. 
  • "Breach" has a new definition.

Blue Cross Blue Shield of Michigan (Blue Cross) and Blue Care Network (BCN) implemented the requirements of the HIPAA rules.

For more information on our privacy practices, visit Notice of Privacy Practices.

Authorized and Personal Representatives

Members may allow Blue Cross to give protected health information (PHI) to: Authorized Representatives, Personal Representatives and Next of Kin.

Authorized Representatives may:

This Member Consent only allows the Authorized Representative to receive PHI from BCBSM and doesn't allow the Authorized Representative to make decisions on behalf of the member or make decisions related to the member’s health care and treatment.

Personal Representatives may:

  • Complete the Request for Release of Member's Protected Health Information (PDF) and attach one of the documents listed below as support.
  • Submit one of the legal documents listed below to receive a member’s protected health information (PHI).
  • Get information and make changes to the contract as described in the form or legal document.

Next of Kin may:

Authorized and Personal Representative Documents accepted by Blue Cross

Durable Power of Attorney A written document in which one person (the member) appoints another person to act as an agent on his or her behalf.
Patient Advocate A written document that appoints a person or entity to help a patient work with others who have an effect on the patient’s health, including doctors, insurance companies, employers, case managers, and lawyers.
Executor of a Deceased Individual's Will A court order indicating that per an individual’s will he/she chose an executor (or executrix) to administer that will after his/her death. The executor should be named in the will itself.
Trustee of Deceased Individual A document that designated a trustee to administer the trust and manage the trust property for the benefit of any beneficiaries.
Guardian A person who has been appointed by a judge to take care of a minor child and/or manage that person’s affairs.
Conservator A conservator is a person or entity appointed by a court to manage the property, daily affairs, and financial affairs of another person.