Notice of Privacy Practices

Highmark Wholecare Online Privacy Statement

This Online Privacy Statement discloses the practices of Highmark Wholecare  regarding information gathering and disclosure from Highmark Wholecare’s website.

Highmark Wholecare may collect information regarding its website visitors and the computers they use, such as e-mail addresses, files downloaded, home server domain names, type of computer, search engine, operating system and web browser. Highmark Wholecare may also collect information the visitor submits on-line when the visitor completes forms or surveys, sends e-mail messages or enters other data into website fields. In the event an e-mail is addressed to specific Highmark Wholecare staff or is sent using the “Contact Us” option of this website, Highmark Wholecare may retain the message for up to one year. Highmark Wholecare uses information and discloses it to third parties as permitted by law and to the least extent necessary. Highmark Wholecare’s website and certain link sites use cookies to facilitate navigation. A cookie is a small piece of information about an Internet session that may be created when a person accesses a website. Cookies may contain a variety of information including the name of the website that issued them, what parts of the website the user accessed, passwords and user’s name. Most web browsers can be modified by users to prevent cookies from being attached.

Personal data collected by Highmark Wholecare may be used by Highmark Wholecare for many reasons, including analysis of how and when the website gets visited, for development of Highmark Wholecare services or for changes in the content and appearance of this website. Aggregate data on visitors' home servers may be used for internal purposes or provided to third parties. Individually identifying information, such as names, postal and e-mail addresses, phone numbers and other personal information that visitors voluntarily provide to Highmark Wholecare may be added to Highmark Wholecare's databases and/or used for future calls and mailings regarding website updates, new products and services, upcoming events, and for other purposes that comply with federal and state law. Highmark Wholecare may contact website visitors regarding membership issues, including specific issues affecting a member and general issues affecting groups of members, for example, changes to the Member Handbook, privacy statement, business practices or Highmark Wholecare policies.

Highmark Wholecare does not sell its member lists. Unless otherwise authorized by a visitor or validly requested by governmental authorities or legal process, Highmark Wholecare does not distribute its members’ specific information to outside persons or firms unless a disclosure is needed for the member’s care, payment of members’ claims or the necessary operations of the health plan. Highmark Wholecare may disclose to its affiliates and service providers that assist in meeting the needs of Highmark Wholecare members’ personal information of users that has been collected through its website, as permitted by law. Information collected by Highmark Wholecare affiliates and service providers may also be shared with Highmark Wholecare as permitted by law. Information disclosed by users on-line may be re-disclosed if needed to respond to the user’s requests and inquiries. Highmark Wholecare affiliates and service providers are required to follow no less than the privacy and confidentiality standards of law.

While Highmark Wholecare may provide links to other websites, a link on Highmark Wholecare’s website is not and should not be construed as an endorsement of the content, viewpoint, policies, products or services provided or advertised on the linked site. Website visitors linking to other sites receive messages about leaving Highmark Wholecare's website. Once a visitor leaves the Highmark Wholecare website by linking to a site not maintained by Highmark Wholecare, the visitor should become familiar with the on-line privacy statement of the linked website before accessing or supplying information.

Although Highmark Wholecare makes reasonable efforts to protect user information from unauthorized use or alteration, users should be aware that there is always some risk in sending information over the Internet. Highmark Wholecare uses commercially reasonable security features; however, the confidentiality of any communication or material transmitted to/from Highmark Wholecare’s website or e-mail cannot be guaranteed. Highmark Wholecare only grants access to personal information to those employees, affiliates, service providers and other third parties as required by law, as required to provide healthcare products and services or as the user permits. For private health matters, members of Highmark Wholecare or their authorized representatives are encouraged to contact Highmark Wholecare by telephone at the number listed on the member identification cards.

Highmark Wholecare will provide website visitors with a summary of their personally identifiable information retained by Highmark Wholecare from on-line sessions, upon request by mail, e-mail or phone. Website visitors may modify, correct, change or update personally identifiable information that Highmark Wholecare has collected on-line by contacting Highmark Wholecare via regular mail, e-mail or telephone.

To the extent that Highmark Wholecare is able to determine the age of website visitors by their submissions to or communications with Highmark Wholecare, Highmark Wholecare will not knowingly collect or post information from individuals under the age of eighteen without consent of a parent or guardian. If registration is required on the Highmark Wholecare website for offered services and a visitor submits information through the website that indicates the visitor is a minor, the minor's parent or guardian will be contacted regarding the registration. If the parent or guardian agrees, the registration processing will continue. If the parent or guardian indicates a desire to withdraw the registration, Highmark Wholecare will provide instructions to the parent or guardian for deletion of the registration. No information collected through Highmark Wholecare’s website from users self-identified as minors will be used knowingly for any direct marketing or promotional purposes.

Highmark Wholecare’s Compliance Program regarding privacy and security of user information includes oversight of privacy practices, training of employees and maintenance and updates to security systems. Highmark Wholecare will investigate privacy and security complaints through its Privacy Officer or Security Officer.

This On-Line Privacy Statement is subject to change at any time and should be reviewed by interested website visitors periodically. Questions or concerns regarding use of on-line information may be directed to Highmark Wholecare by clicking “Contact Us” from the top of any of Highmark Wholecare’s web pages.

Highmark Wholecare Notice of Privacy Practices


Highmark Wholecare is required by law to protect the privacy of your health information and non-public personal (financial) information. This protection extends to all forms of communication (oral, written, and electronic) of this information. Also, Highmark Wholecare is required to give you this notice about how it uses or shares (“discloses”) your health and personal (“non-public”) information. We are required to notify you if you are affected by a breach of unsecured health information.

  • You or someone who acts for you

  • Doctors and healthcare providers who care for you

  • Our contracted vendors who help us provide services to you (such as member services support and pharmacy benefit management)

  • Other government programs such as Medicare and Medicaid to manage your benefits and payments

  • State and federal agencies that have the legal right to receive such data

  • The Secretary of the Department of Health and Human Services, if necessary, to make sure your privacy is protected

  • Treatment: While we do not provide treatment, we may share health information that your doctor or other health care provider requests to help them with your medical treatment. For example, we may disclose what prescriptions you have filled to help your doctor prescribe the appropriate medication.
  • Payment: To help pay for your covered benefits, we may use and share your health information in a number of ways, including to conduct utilization and medical necessity reviews; coordinate your care; determine eligibility for your plan benefits; pay for your healthcare; and respond to complaints, appeals and requests for external review. For example, we may use your health information to decide whether a particular treatment is medically necessary and what the payment should be.
  • Healthcare Operations: We may use and share your health information for our health plan operations, including administrative, financial, legal, and quality improvement activities that are necessary to run our business. These activities include coordinating and managing your care; contacting you for appointment reminders, medication management, or disease management programs and alternative treatments that may interest you; checking the quality of our services and making improvements where necessary; and arranging legal services, audit services, and fraud and abuse detection programs. For example, we may use your health information to provide disease management programs for members with specific conditions such as diabetes or asthma.
  • For public health activities (such as reporting disease outbreaks; child abuse and neglect; reporting domestic violence; preventing or controlling disease, injury or disability))
  • For government healthcare oversight activities (such as fraud investigations, audits, and activities related to oversight of the healthcare system
  • For judicial and administrative proceedings (such as in response to a court order)
  • ·         For law enforcement purposes or when required by law, for example, locating a suspect, fugitive, material witness or missing person; complying with a court order or subpoena; and other law enforcement purposes.
  • For purposes of national security
  • To comply with workers’ compensation or similar laws
  • For research studies that meet all privacy law requirements such as research related to the prevention of disease or disability
  • To avoid a serious and likely threat to health or safety
  • To create a collection of information that can no longer be traced back to you
  • To group health plans, to coordinate plans and to permit the plan to administer benefits
  • To coroners, medical examiners, funeral directors and organ donations
  • To your school when proof of immunization is required by law
  • To others involved in your health care (if you are not present or able to agree to these disclosures of your health information, we may use our professional judgment to determine whether the disclosure is in your best interest)
  • For underwriting purposes if needed, however, we are not allowed to use or share your genetic information to decide whether coverage can be given or at what price. Additionally, Gateway will not use your race, ethnicity, or language information for underwriting purposes.

If we receive compensation from another company for providing you with information about other products or services (other than drug refill reminders or generic drug availability), we will obtain your authorization to share information with this other company. 

Highmark Wholecare must have your written permission (an “authorization”) to use or give out your health and claims information for any purpose that is not listed in this notice.  Giving us permission to use or give out your health and claims information will not be a condition for getting healthcare and will not be used to determine your eligibility for enrollment or benefits, or for paying claims. You may take back (“revoke”) your written permission at any time, except if Highmark Wholecare already took action based on your permission. 

We will restrict uses and disclosures concerning HIV/AIDS, mental health, and drug and alcohol treatment or other particular categories of health information based on state law if state law is stricter or provides safeguards not included in federal regulations.

Some examples of when we need your permission to use or give out your information are:

  • For fundraising
  • For selling your protected health information (PHI)

Get a copy of your health and claims information.
You can ask to see or get a copy of your health or claims records and other health information we have about you. We will provide a copy or a summary of your health or claims records within 30 days of your request.


Ask us to correct health and claims records.
You can ask us to change your health and claims records if you feel they are incorrect or incomplete. We may say “no” to your request but we’ll tell you why in writing within 60 days. If Highmark Wholecare cannot change your records, you may have a statement of your disagreement added to your personal medical information.


Get a list of those with whom we’ve shared information.
You can ask for a list (called “an accounting”) of the times we’ve shared your health information within the last six years. You must tell Highmark Wholecare the dates for which you are requesting the list. The list will not cover information that was given to you or your personal representative, or information given for healthcare payments, for Highmark Wholecare business operations, or for law enforcement needs.


Request Confidential Communications.
You can ask us to contact you in a specific way, for example, on a home or office phone or to a different address. We will consider all reasonable requests, and must say “yes” if you tell us you would be in danger if we do not.


Ask us to limit what we use or share.
You can ask us not to share certain health information for treatment, payment or our operations. We are not required to agree to your request, and we may say “no” if it would affect your care.


Choose someone to act for you.
If you have given someone medical power of attorney, or if someone is your legal guardian, that person can act for you and make choices about your health information. We will make sure the person has this authority before we take any action.

Get a copy of this privacy notice.
Contact us for a separate paper copy or e-mail copy of this Notice.

Get a copy of this privacy notice.
Contact us for a separate paper copy or e-mail copy of this Notice.

  • It is personal information but is non-medical, for example, the information you completed on your enrollment application that identifies who you are and how you can be contacted.
  • Also, it is information collected for a request for services by you or your doctor.
  • Also, it is information collected to answer a question or concern from you.
  • With health care providers, for example, physicians, hospitals, long term care agencies, durable medical equipment providers, and pharmacies.
  • With those who plan your benefits and your care, for example, for utilization reviews; external reviews; and case management.
  • Highmark Wholecare does not make your non-public information available to anyone other than those necessary to provide medical or health plan services to you.
  • Highmark Wholecare does not give out your non-public information, except if required or permitted by law.
  • Highmark Wholecare does not give out your non-public information to anyone unrelated to providing your care under the health plan unless you or your representative gives permission.
  • You have the right to give or withhold permission for other uses or disclosures of this information, except as required by law.

Questions and Complaints

If you have a question about this notice or believe Highmark Wholecare has violated your privacy rights as stated in this notice, you can file a complaint by contacting:

Highmark Privacy Department
120 Fifth Avenue Place
Pittsburgh, PA 15222

Telephone: 1-866-228-9424

For more information on filing a complaint or your rights stated in this notice, you may call our Member Services at 1-800-392-1147 or 1-800-685-5209 (TTY/TDD users: 711).  Filing a complaint will not affect your benefits. Translations services are available at no cost to you.

You may also file a complaint with the Secretary of the Department of Health and Human Services:

U.S. Department of Health and Human Services
Office for Civil Rights
Centralized Case Management Operations
200 Independence Ave., S.W. 
Room 509F HHH Bldg.
Washington, D.C. 20201

Customer Response Center:

1-800-368-1019 Fax: (202) 619-3818
TDD: 1-800-537-7697

Texting or Short Message service (SMS) Policy - Highmark Wholecare

Highmark Wholecare respects your privacy. Learn more about this policy in the Highmark Wholecare’s Texting Services (“Text(s)”) or Short Message Service (SMS)

Change to the terms of this notice

Highmark Wholecare is required to follow the terms in this privacy notice. Highmark Wholecare has the right to change the way your medical information is used and given out and to apply those changes to all the information we maintain about you. If Highmark Wholecare makes any material changes they will be posted on our website, and you will be notified within sixty (60) days of the change.

The initial privacy practices were effective April 14, 2003.
These privacy practices have been revised as of October 05, 2023.