Privacy Policy

Last Update: November 19, 2021

This privacy policy explains why we collect personal information and how we use and disclose personal information. This privacy policy applies (i) when we provide benefits and services to our members and their dependents, (ii) when we personalize marketing and advertising based on your interactions with us, and (iii) when we collect, use and disclose your personal information for other purposes described in this privacy policy.

This page also provides information about your rights and options. Your rights include the right to access your personal information and to opt-out of non-essential uses of your personal information (such as personalized advertising and marketing).

Some words have special meanings in our privacy policy:

you / your means the person whose personal information we collect and use.
we / us / our means Pacific Blue Cross and its related companies.
member means our client, including our First Nations clients.
dependent means the dependents of our members.
Plan Administrator means an entity that arranged for us to provide you with benefits. The Plan Administrator could be your employer, a health benefits trust, the First Nations Health Authority, or another entity administering a plan for you that includes our benefits and services
Your Provider means the service provider providing services to you or your dependents, such as a health, dental, paramedical, pharmaceutical or medical equipment provider

We are accountable for compliance with British Columbia’s Personal Information Protection Act (“PIPA”), which sets out the rules for how organizations, collect, use, and disclose personal information. In certain circumstances, we are also accountable for compliance with other privacy legislation, such as British Columbia’s Freedom of Information and Protection of Privacy Act or Canada’s Personal Information Protection and Electronic Documents Act.

Personal information is defined under PIPA as information about an identifiable individual. It includes employee personal information but does not include contact information or work product information.

We are committed to being accountable for how we handle personal information under the applicable privacy legislation and how we follow the rules and procedures outlined in this privacy policy.

Navigation Links

Use the navigation links below to help you find the information you are looking for.

Purposes for collecting and using personal information

When we share or disclose your personal information

Obtaining your consent

Data analytics

Personalization

Insurance abuse and/or fraud

First Nations clients – important information

HBT, JCBT, JFBT, and JHSBT clients – important information

Security, retention and destruction

International transfers

Cookies

De-identified and combined information

Accuracy, correction, and access to your personal information

Your rights and options

Changes to this privacy policy

Contacting our Privacy Officer

Contacting the Office of the Information and Privacy Commissioner

Purposes for collecting and using personal information

The table below explains the purposes for collecting and using different types of personal information. We may also collect and use personal information for other purposes with your consent.

Personal information Collected and used for

name, address, email address, phone number and other contact details
  • to establish and administer our relationship with you
  • to provide the benefits and services requested by the member or dependent
  • to verify your identity when you contact us
  • to develop and deliver marketing and advertising, including personalized marketing and advertising (see our section on personalization for more information)

benefits and services applied for or used
  • to establish and administer our relationship with you
  • to provide the benefits and services requested by the member or dependent
  • to understand your interests
  • to develop and deliver marketing and advertising, including relevant personalized marketing and advertising (see our section on personalization for more information)
  • data analytics

eligibility information, such as the product or service requested, age, sex, gender, existing health conditions, and any other information relating to any eligibility criteria
  • to evaluate and verify eligibility for our benefits and services
  • data analytics

claim details regarding a service provider’s expenses
  • to assess and process a benefit claim by the member or dependent
  • to coordinate coverage if the member or dependent has benefits or insurance with another plan or insurer or a government provider, such as the BC Medical Service Plan
  • data analytics

customer service requests, customer service call recordings, email and other electronic communications
  • to assist you with your request
  • to identify potential improvements to our benefits and services and our interactions with you
  • to understand your interests
  • to develop and deliver marketing and advertising, including relevant personalized marketing and advertising (see our section on personalization for more information)
  • data analytics

marketing interactions, such as opening or interacting with one of our emails, clicking on our webpages, or using areas of our websites
  • to understand your interests
  • to develop and deliver marketing and advertising, including relevant personalized marketing and advertising (see our section on personalization for more information)
  • data analytics

survey responses
  • to identify potential improvements to our benefits and services and our interactions with you
  • to understand your interests
  • to develop and deliver marketing and advertising, including relevant personalized marketing and advertising (see our section on personalization for more information)
  • to share your comments with members and third parties, including for marketing purposes (if you are a member or dependent, you will be identified only by first name and city of residence)
  • data analytics

technical information relating to the use of our websites, such as IP address, inferred location, device and browser type, referring page that came from before visiting our site, the pages visited on our site and the time spent on each page
  • to provide you with the pages and information you requested
  • to monitor our websites for security purposes and to identify pages that are not functioning
  • to evaluate the usefulness of content and features on our sites
  • to develop and deliver marketing and advertising, including relevant personalized marketing and advertising (see our section on personalization for more information)
  • data analytics

When we share or disclose your personal information

We may share or disclose your personal information in some cases. The following table explains the most common reasons why we may share or disclose your personal information. We may also share or disclose your personal information for other purposes with your consent or if it is reasonable to do so and we are permitted to do so by law.

Shared with / disclosed to Purpose of disclosure

Your Provider
  • to assess or confirm eligibility for benefits and services
  • to process claims
  • to investigate insurance abuse and/or fraud (see our section on insurance abuse and/or fraud for details)

auditors for the Plan Administrator
  • to evaluate whether we are paying claims in accordance with the terms and conditions in our contract with the Plan Administrator

our investigators, experts, lawyers, advisors and other third parties
  • to adjudicate or assist in the adjudication of complex claims
  • to investigate insurance abuse and/or fraud (see our section on insurance abuse and/or fraud for details)
  • to enforce our legal rights or respond to claims or threatened claims against us

Plan Administrator
  • if you are a member or dependent who is part of a group benefits health program, to fulfill any contractual reporting obligations to your Plan Administrator to report information (including claims and payment details) for the purposes of allowing your Plan Administrator to perform its various obligations, such as ensuring that our claims processing is in accordance with our contractual obligations, and ensuring that you are provided with efficient and cost-effective solutions for your benefits
  • to establish eligibility for our benefits and services
  • to investigate insurance abuse and/or fraud (see our section on insurance abuse and/or fraud for details)

your employer, if different from the Plan Administrator
  • to investigate insurance abuse and/or fraud (see our section on insurance abuse and/or fraud for details)
  • if you are a member or dependent who is part of a group health benefits program, to disclose information to your employer for specific business purposes, such as determining the efficiency, performance, and cost-effectiveness of these programs. (In order to reduce the risk that your information may be linked to your identity, we seek to remove identifiers when we share information with your employer for these specific business purposes)

health benefits trusts
  • to fulfill our contractual reporting obligations, if your Plan Administrator is a health benefits trust

other insurers, such as Blue Cross Life
  • to determine eligibility for benefits or to coordinate benefits if you have benefits with other insurers
  • to allow other insurers to fulfil their obligations with us, such as underwriting or reinsurance
other companies for claims assistance, claims pooling, and re-pricing
  • to support us in claims adjudication, re-pricing, and claims insurance pooling, in order for a sustainable benefits program to be maintained

other Blue Cross entities
  • to provide services on our behalf to individuals outside of British Columbia or the Yukon (for example, an employer may have engaged us to provide benefits to employees in both British Columbia and Alberta. In that case, we may engage Alberta Blue Cross to assist with providing benefits to the employees who reside in Alberta)

our internal audit, insurance abuse and/or fraud investigators
  • to evaluate whether we are paying claims in accordance with the terms and conditions in our contracts
  • to endeavour to maintain a sustainable benefits program for members, dependents, employers, and/or Plan Administrators

our advisors
  • to obtain advice from professional services providers such as our lawyers, independent auditors, accountants, information technology and cybersecurity experts, and cybersecurity incident response providers

data analytics companies
  • to produce data insights, including risk assessments, for our company to understand the needs and preferences of members, dependents, employers, service providers, and Plan Administrators.
  • to design new products and services
  • to conduct research and analyze ways to improve our products, services, and technologies
  • to obtain data insights into the benefits plans we provide as well as into the healthcare services supplied by Your Providers.

(We enter into agreements with these companies to ensure that they comply with the applicable privacy legislation. In order to reduce the risk that your information may be linked to your identity, we seek to remove identifiers when we share information with these companies)

governmental authorities and other third parties
  • to comply with binding legal obligations, orders, subpoenas or warrants
  • to comply with applicable laws

police, emergency responders, and regulatory authorities
  • to report a crime or an emergency involving an imminent threat to an individual
  • to report professional misconduct by Your Provider
  • to comply with applicable laws

Obtaining your consent

How we obtain your consent depends on the type of personal information we are collecting and the purposes for collecting that personal information. Examples of how we obtain your express consent to the collection, use and disclosure of personal information in accordance with this privacy policy are:

  • Enrollment forms – we ask for express consent when you complete an enrollment form for benefits
  • Claims submissions – when you submit claims (paper or online) we ask for express consent
  • Plan Administrators – Plan Administrators may seek your consent in their communications with you
  • Providers – Your Providers may obtain your consent when you complete our forms in order to facilitate direct payment

We may rely on your implied consent when we provide you with notice of this privacy policy and you do not opt-out from uses of your personal information. For example, we rely on opt-out consent for advertising and marketing, including personalization. See our section on personalization for more information.

In some cases, we are permitted or required by law to collect, use or disclose your personal information without your consent. For example, we may collect, use or disclose your personal information as part of an investigation without your consent in order to prevent insurance abuse and/or fraud. We may also disclose your personal information to governmental authorities, including the police, if we are required to do so by law.

Data Analytics

Data analytics is the science of using data to discover useful information and to support decision-making. Data analytics at Pacific Blue Cross involves collecting and using your personal information as well as pooling and analyzing information from many individuals in order to obtain insights about you. We perform data analytics for many purposes, including:

  • to understand what benefits and services our members and dependents find useful
  • to understand how we are performing against our objectives
  • to identify areas in which we can improve the customer service experience
  • to make our member portal, our website pages, and our advertising and marketing more effective
  • to conduct underwriting and actuarial analysis
  • to prevent, detect and respond to insurance abuse and/or fraud and other threats to our business
  • to identify ways of meeting the needs of members and dependents in a cost-effective and efficient manner

Some of our data analytics tools use data and initial instructions to train a computer to look for patterns and trends. The computer can assist our personnel, such as by helping to identify insurance abuse and/or fraud or to anticipate what might interest our members.

Personalization

We want to understand the experience of our members and their dependents in using our benefits and services. We also want to provide you with information that is relevant to you. We do this by combining data from our interactions with you. This data includes the information from the benefits and services you apply for and use, your interactions with our customer service representatives, your interactions with the member portal and our websites, and your interactions with our advertising and marketing team.

We combine this data and use it to develop a better understanding of your interests and potential needs. We use those insights to personalize our interactions with you. This includes making our advertising and marketing more relevant and contacting you about benefits and services we anticipate will be of interest to you.

For example, we may use information you provide to us about your age and number of dependents as well as information we collect about your interactions with the member portal, our websites, our email and phone communications with you, your service requests, and our other interactions with you, in order to make product and service recommendations that fit your personal circumstances.

You may opt-out of receiving personalized advertising and marketing at any time by contacting us. See the section on your rights and options for more information.

Insurance abuse and/or fraud

We may collect, use and disclose your personal information, including with you and Your Provider, as well as with our third party experts and investigators, for the purposes of conducting internal reviews and investigations to prevent and respond to insurance abuse and/or fraud. Your personal information may include your name, date of birth, claim history, and information derived from your customer interactions with us, such as your IP address. For instance, we may collect from and disclose your personal information to Your Provider to confirm that claims, which are submitted to us for payment either by you or Your Provider, are not submitted with the purpose of obtaining, or attempting to obtain, a payment to which the person is not entitled, or which is submitted in a way that is contrary to the intended purposes of the benefit plan.  Such initiatives not only address potential insurance abuse and/or fraud by members, but by Your Providers who direct bill us on your behalf.  Your personal information will in such cases be disclosed by Your Provider to us upon receiving a written request from us and without your further consent.  We may disclose your personal information to the police, or to Your Provider’s regulatory body, if we believe that Your Provider and/or you are engaging in insurance abuse and/or fraud.

We may use your personal information for the purposes of training a computer to detect trends as well as to conduct data analytics, such as risk assessments, in order to prevent and respond to insurance abuse and/or fraud. We may also pool your personal information with information belonging to other individuals for the same purposes.

First Nations clients – important information

For our First Nations clients, we may collect from, use and disclose your personal information to the First Nations Health Authority, including details of your services being received and claimed, for the purposes of delivering our benefits to you, coordinating our benefits with other benefits to which you may be entitled, investigating insurance abuse and/or fraud, and meeting our contractual obligations to the First Nations Health Authority.  The First Nations Health Authority is contractually obliged to use your personal information that it obtains from us for the purposes of overseeing and coordinating your health benefits, determining your eligibility for benefits, accessing and improving your benefits, meeting its contractual obligations with us, and other purposes as set out in the contract.

HBT, JCBT, JFBT and JHSBT clients – important information  

If your Plan Administrator is one of the following health benefits trusts, namely the Healthcare Benefit Trust (“HBT”), the Joint Community Benefits Trust (“JCBT”), the Joint Facilities Benefits Trust (“JFBT”), or the Joint Health Science Benefits Trust (“JHSBT”), Pacific Blue Cross is contractually obliged to disclose your personal information, including your claim and payment details, to the applicable health benefits trust, or to HBT as the administrative agent of these health benefits trusts, for the purposes of allowing these health benefits trusts to meet their obligations, such as ensuring that our claims processing is in accordance with our contractual obligations, and ensuring that you are provided with efficient and cost-effective solutions for your benefits. We encourage you to contact the Privacy Officer of these health benefits trusts with any further questions, or to contact our Privacy Officer, who can put you in touch with the Privacy Officers of these health benefits trusts.

Security, Retention and Destruction

We employ reasonable safeguards to protect your personal information. The safeguards we use depend on the sensitivity of the information. Examples of how we protect your personal information include:

  • requiring confidentiality agreements as a condition of employment
  • restricting access to personal information to employees who need access to it
  • employee privacy and security training
  • using encrypted connections, strong passwords, multifactor authentication, firewalls and other technical security tools
  • physical measures such as locked storage areas and restricted access to our offices and other areas where personal information is stored

If we use your personal information to make a decision about you, we will retain that personal information for at least one year. The retention period we apply to personal information depends on why we collected it. In some cases, we may be required to keep your personal information after our last interaction with you for tax, accounting, legal, and other valid business reasons. We may also be required to retain your personal information to manage our relationship with you after your benefits expire, including responding to your inquiries, communicating about outstanding claims and your former benefits, resolving disputes regarding claims and, if necessary, for litigation purposes.

We may send advertising and marketing communications to you after your benefits expire at the termination of your policy. You may unsubscribe or opt-out of receiving advertising and marketing communications at any time by contacting us. See the section on your rights and options for more information.

We will securely destroy or de-identify your personal information once we no longer need your personal information, in accordance with our records retention obligations and practices.

International transfers

We may use some service providers and online services that are located outside of Canada, and we may transfer your personal information to them. If we do so, we will comply with any contractual obligations as well as the applicable privacy legislation.

Cookies

When you visit our site, we may place a cookie on your computer that will allow us to customize and enhance your experience and improve the services we offer on our website, or to report site activity.

Cookies are small text files that are stored on your browser. Pixels are small image files that appear on our web pages or in our advertisements. We use these technologies for a variety of business purposes. Some examples include:

  • to remember your device the next time you visit one of our websites or web applications
  • to keep you signed into the member portal
  • to understand how you are using our website
  • to deliver online advertising
  • to find out if your emails have been read
  • to find out if links were clicked in our promotional email content and advertisements

Some cookies and pixels are provided by third parties with data analytics tools who share information with us. For example, we use Google Analytics to provide us with reports on where our website visitors are coming from and what website pages and features are useful. If we advertise on other sites, the advertisement and our website may contain pixels so that we understand that a visitor to our website saw the advertisement. This helps us know that the advertisement was useful and relevant.

De-identified and combined information

We may de-identify your personal information by removing identifiers and by other means, so that the information is no longer linked to your identity.

We may use and disclose the de-identified information from an individual or combine the de-identified information from many individuals to create a pool of data. De-identified information, whether individual or combined, may be used and disclosed by us for various purposes. For example:

  • To understand overall clients’ needs and preferences
  • To design new products and services
  • To conduct research and analyze ways of improving our products, services, and technologies
  • If you are part of a group benefits health program, to disclose the information to your employer for their purposes, such as determining the efficiency, performance and cost-effectiveness of the group benefits plan.

Accuracy, correction, and access to your personal information

We seek to ensure that your information is accurate, current and complete.  It is your responsibility to ensure that you or your Plan Administrator contact us with any changes to your information such as a change of address, marital status or dependents.

You may challenge the accuracy and completeness of your personal information by contacting our Privacy Officer in writing.  We may either correct or amend any personal information if its accuracy and completeness is challenged and found to be deficient, or may annotate the information, noting that the correction was requested but not made. (See the section on your rights and options about how to request correction of your personal information.)

You may request access to your personal information under our control. Upon sending a written access request for your personal Information to our Privacy Officer, we will inform you of the existence, use and disclosure of your personal information within 30 business days, unless an extension is granted under PIPA. You may be required to confirm your identity before we process the request.  We may charge a minimal fee for responding to this request.  If a fee is required, we will provide you with a written estimate in advance.

While you may make a request for your own personal information, we may be authorized or required by PIPA to refuse access. We will inform you in writing for the reasons for refusal and outline further steps available to you. (See the section on your rights and options about how to access your personal information.)

Your rights and options

You can opt-out of certain uses of your personal information and exercise rights to access and correct your personal information. Please see the table below on how to exercise these options and rights.

Your right or option How to exercise your right or option

Access your personal information
  • log into your online member profile to access your personal information
  • for information that is not available through your online member profile, contact the Privacy Officer at PO Box 7000, Vancouver, BC V6B 4E1 or email privacyofficer@pac.bluecross.ca
Correct your personal information
Opt-out of personalized advertising and marketing
  • log into your online member profile to update your account settings
  • contact a Pacific Blue Cross representative to ask not to receive personalized advertising or marketing
  • you can also opt-out of cookies on our site used for online advertising. To opt-out of personalized advertising content, please visit Digital Advertising Alliance of Canada Opt-Out Page and the NAI Opt-Out Page (these tools identify member companies that have placed cookies on your browser and provide mechanisms to opt-out)
Opt-out of receiving advertising and marketing from us via email, direct mail and telemarketing (we will still contact you about information relating to your benefits, the use of our services, or the investigation of insurance abuse and/or fraud)
  • use the unsubscribe function in our marketing emails to unsubscribe from email marketing
  • log into your online member profile to update your account settings
  • contact a Pacific Blue Cross representative to ask not to receive direct mail or telemarketing calls
Opt-out of providing feedback to us to assist in improving product offerings and services through surveys
Opt-out of optional cookies
  • you can block or restrict cookies using your browser settings
  • you can also opt-out of third-party cookies on our site used for online advertising. To opt-out of personalized advertising content, please visit Digital Advertising Alliance of Canada Opt-Out Page and the NAI Opt-Out Page (these tools identify member companies that have placed cookies on your browser and provide mechanisms to opt-out)
Make a complaint or raise a concern about the collection, use, retention or disclosure of your personal information
Report a privacy concern anonymously

Changes to this privacy policy

We may update this privacy policy at any time to reflect changes to our business practices or applicable laws.

If the revised privacy policy makes material changes to how we treat your personal information, we will provide you advance notice by notifying you on our website, sending you an email, and/or using other means.

By continuing to use our programs or services or buying our products after the effective date of the revised privacy policy, you are accepting changes to this privacy policy.

Contacting our Privacy Officer

If you have any questions about this privacy policy or how we handle your personal information, please contact us at:

Pacific Blue Cross Privacy Officer
Email: privacyofficer@pac.bluecross.ca
Mailing Address: PO Box 7000, Vancouver, BC V6B 4E1

Contacting the Office of the Information and Privacy Commissioner

You may contact the Office of the Information and Privacy Commissioner for British Columbia if you made a privacy-related complaint to our Privacy Officer and are not satisfied with our response, or if you wish to seek a review of our response to an access or correction request. Please contact the office at:

Office of the Information and Privacy Commissioner for British Columbia
PO Box 9038 Stn. Prov. Govt.
Victoria, BC V8W 9A4  
info@oipc.bc.ca
604.660.2421 (Vancouver)
1.800.663.7867 (Elsewhere in British Columbia)