How to Keep Your Health Information Safe Online

Blues Perspectives

| 4 min read

Woman uses her laptop while sitting on her couch working online
When it comes to protecting personal information online, most of us are worried about our credit cards or bank accounts. But experts say your medical records may be more valuable to hackers than your credit card. That’s why it’s important for everyone to take information security seriously when online and when using smartphones. Blue Cross Blue Shield of Michigan understands the importance of keeping your health information private. We follow strict privacy policies in accordance with state and federal law. We have layers of protections in place for members who log in to their accounts at and who use the BCBSM mobile app. But not every website or smartphone app offers such protections – or is subject to the same requirements under state and federal law. Individuals must stay vigilant online to keep their personal information safe. Here are some tips for better passwords, as well as common scams to be aware of.

Keep Passwords Strong and Secure

A secure password has at least 12 characters and includes numbers, symbols, capital letters, lower-case letters, and a mix of different characters to make the password harder to crack. Secure passwords that are changed often and never shared are mandatory for data security. Here are some best practices:
  • Ensure you are not using standard dictionary words in your passwords.
  • A mix of upper and lower-case letters, numbers, and special characters make a strong password.
  • Using an abbreviated passphrase such as your favorite quote, movie dialogue, or song lyric, makes it easy to remember but hard for a hacker to guess.

Scam Attempts to Be Aware Of

Cyberattacks from hackers can come in all shapes and sizes. Here are some of the ways hackers could attempt to gain access to personal information. 
  • Business email compromise (BEC) is when an attacker hacks into a company email account and impersonates the real owner to defraud the company, its customers, partners, and/or employees into sending money or sensitive data to the attacker's account.
    • What you can do: When using corporate email account, follow documented company processes for sharing information and verify the requestor’s identity in case of a suspicious request. When using free web-based email services like Gmail, Yahoo, etc. the two-step verification provided by the service provider is recommended.
  • Phishing is an online scam where criminals send an email that appears to be from a legitimate source and ask you to provide sensitive information.
    • What you can do: To identify the authenticity of an email, place your mouse over (without clicking) any links to view the authenticity of the website before clicking. If the website address does not match the company or seems suspicious, it's best not to click on the link and mark the email spam.
  • Vishing is the telephone equivalent of phishing. It is described as the act of using the telephone to scam the user into surrendering private information that will be used for identity theft.
    • What you can do: Instead of answering spam and unknown numbers, let them go to voicemail. If a caller identifies themselves as a financial institution, IRS, insurance company, home alarm company, etc., instead of using the information in the voicemail, contact the company directly with contact information available publicly. Do not give out personal information on the phone to an unverified source.

Points of Vulnerability

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) legally requires health plans like Blue Cross and Blue Care Network, health care providers, hospitals and other organizations to protect medical records and other health information in their custody. For example, personal health information communicated through the BCBSM mobile app is protected by HIPAA. However, there are some places where information may be shared where you are not protected by HIPAA:
  • Storing health information in a mobile app or on a mobile device, such as a smart phone or tablet.
  • Sharing health information over social media websites or health-related online communities, such as message boards.
  • Storing health information in a personal health record (PHR) that is not offered through a health provider or health plan covered by HIPAA.
Being mindful of where and when you share personal health information – as well as being aware of the terms of service of mobile apps that you use – are important steps to keeping your electronic health information private and secure. 

How Blue Cross Keeps Your Information Safe

Blue Cross Blue Shield of Michigan understands the importance of keeping your health information private. We follow strict privacy policies in accordance with state and federal law, including HIPAA. Blue Cross is HITRUST CSF® Certified. The certification covers Electronic Data Interchange system and infrastructure. HITRUST, a leading data protection standards development and certification organization, provides a certifiable privacy and security framework that can be used by any and all organizations to manage compliance across a broad range of regulatory requirements. HITRUST Certification is a globally recognized certification of an organization’s compliance to the comprehensive security and privacy protection requirements specified in the HITRUST CSF®. We at Blue Cross have extensive measures in place to keep members’ protected health information safe. To learn more, click here. More from MIBluesPerspectives:
Photo credit: Getty Images
MI Blues Perspectives is sponsored by Blue Cross Blue Shield of Michigan, a nonprofit, independent licensee of the Blue Cross Blue Shield Association