We value the trust you place in us. Protecting your privacy is important to Aetna and we take care to safeguard your personal information. Additional information regarding how we collect, maintain and use your information is available in our Privacy Center.
Web and Mobile Privacy Statement
This statement describes how Aetna (“Aetna”, “we” or “us”) may collect information about you through your interactions with us on our website and mobile applications (“apps”) that contain a link to this statement (collectively, the “Services”).
If information collected through the Services is member information, please refer to the "Notice of Privacy Practices" and not this Privacy Statement. If you are a member covered by an Aetna insured policy, this Notice can be found on this app. If you are covered through an employer plan which is self funded, ask your employer for a copy of your Notice. Examples of member information are information collected when you enroll in an Aetna health plan or access services related to your health plan.
Our websites and mobile applications are designed for general audience and not directed to children under the age of 13. We do not knowingly collect personal information online from any person we know to be under the age of 13.
We want you to know what personal information we may collect about you. Some examples of the personal information we may collect about you include:
- Contact information including your name, address, email address, telephone number and certain personal device information
- Your password, if you create an account
- Demographic information, such as your age and date of birth, sex and/or gender
- Language preferences
- Driver’s license information or Social Security number
- Information collected automatically through your device, such as web browser information, server log files, cookies, pixel tags and web beacons and other tracking information
In addition, our mobile apps may ask for your permission to collect/use the following:
- Your GPS Location, to support searching for nearby providers and services
- Bluetooth, Camera, and Audio, to enable communication with a provider
- Your Calendar, so appointments can be added
- Your Files and Images, to enable the uploading of files when speaking with a provider
- Your IMEI (International Mobile Equipment Identity) number, which is used to authenticate your device as part of our security program
We collect your personal information when you:
- Sign up or create a personal profile with us
- Enter into a transaction with us
- Request products, services or information from us
- Sign up with or interact with our products or services
- Participate in surveys or quizzes
We may also automatically collect certain device information. This may include your device’s physical location, internet protocol (IP) address, battery information, app activity, data usage, and malware information. This helps us identify you and your device to prevent fraud and data loss and keep our app secure. It may also help us customize your application or website experience.
In some cases, and in all cases required by law, you can update the information you give us. Just send us an email or update your online profile. Please revisit the specific place in the app where you first gave us your information.
Providing personal information for the purposes of seeking health insurance coverage/enrollment is a voluntary submission of personal information under applicable law. If you choose not to provide your personal information to us, we may not be able to provide you with requested products, services or information.
To respond to you. We use your personal information to deliver services and to respond to your requests. For instance, we may use it to fulfill your order, contact you about your order, send you email alerts, send you newsletters, and to provide you with related customer service.
To send marketing and administrative information to you. For example, we may use your personal information to manage subscription services, such as your order management, billing, reorder experience, and account communication. We may also offer other products and services that may be of interest to you. This could be done through push notifications in our apps.
To add to your experience. We may use your personal information to personalize your experience when interacting with us. We may present products and offers tailored to you. And we may use your details for our business purposes, along with data analysis, audits, fraud monitoring and prevention, and new product and service development. We may also use it to gauge the effectiveness of our campaigns, and to run and grow our business efforts.
For a sale or transfer of business assets. We may share or transfer your personal information to other parties if some or all of our business, assets or stock are sold, transferred or used as security. This includes in connection with any bankruptcy or similar proceeding.
To give information to our businesses. As allowed by law, we may give your personal information to our affiliated businesses or to our business partners. They may use it to send you marketing and other communications.
To respond to law enforcement officials. We may share your personal information if required to do so by law enforcement officials or judicial authorities.
We may use or share your information including without court process, in matters involving claims of personal, public safety or in a litigation, where the information is pertinent. This may include use or sharing to allow us to pursue remedies or to limit the damages we may sustain.
We may also use or share your information to enforce our terms and conditions, to protect our operations or those of any of our affiliates, or to protect our rights, privacy, safety or property and/or that of our affiliates, you or others.
To our service providers. We may disclose personal information to our service providers, who provide services such as website hosting, data analysis, payment processing, order fulfilment, information technology and related infrastructure provision, customer service, email delivery, auditing, and other services.
To look for security breaches. We may use and disclose personal information to investigate security breaches or otherwise work with authorities in a legal matter.
To use information that does not identify you. If information does not personally identify you, we may use and share it for any purpose except as limited by applicable law. This includes information described in the “Cookies and other technologies” section. To the extent we are required to treat such information as personal information under applicable law, then we may use it for all the purposes we use and disclose personal information.
To combine information. We may combine information that does not personally identify you with personal information. If we do, we will treat the combined information as personal information for as long as it stays combined.
We use this information for various purposes:
A "cookie" is a bit of data that we can send to your browser when you link to our apps. It isn’t a computer program. It can’t get any data or personal information on your computer. Your browser software can be set to reject or accept cookies.
Collecting IP addresses is also a standard practice and is done automatically by many websites and apps. We use IP addresses to administer our Services, measure service levels and help diagnose server problems. Your IP address is a number that is automatically assigned to the computer that you are using by your Internet Service Provider. An IP address may be identified and logged automatically in our server log files whenever a user accesses our Services, along with the time of the visit and the page(s) visited.
Our Services use tracking technologies to collect and record your activities and movements across our websites throughout your browsing session, including page hits, mouse movements, scrolling, typing, out-of-the-box errors and events, and API calls (“session data”). We use this information to provide us with analytics and to improve our products, services, and your experience. Such tracking may also include recorded sessions, which we may play back for these purposes. We may share session data with our vendors (which may change over time) for these purposes, who will use the session data solely on our behalf.
We understand that the security, integrity and confidentiality of your information are very important to you. And we want to protect it. Here’s how:
- We seek to use technical, administrative and physical security measures to protect your personal information from unauthorized access, disclosure, use or changes.
- We regularly review our security practices. We test our apps regularly to mimic attempts to breach our security. We also have robust disaster recovery plans in place. Despite our best efforts, though, note that no security measures are perfect or 100 percent secure.
We don’t show you third parties’ ads on our apps. But we may use third-party advertising companies to serve you our ads on other sites based on the web pages you may have visited or your online activity. These are known as interest-based or personalized ads. They may also be known as targeted ads.
We (Aetna) show you these ads so you can see products and services that might interest you.
In order to serve up information related to our Services, the third-party companies may place or recognize a unique cookie on your browser (including through the use of pixel tags). We follow the guidelines of the Digital Advertising Alliance (DAA) Self-Regulatory Principles for Online Behavioral Advertising. These help you understand and have greater control over the ads you see based on your online behavior. The DAA has a web site where you can opt out from getting targeted ads from some or all of the companies in the program. Our apps don’t respond to “Do Not Track” signals from browsers.
This statement doesn’t apply to, and we aren’t responsible for, the cookies or web beacons, or other tracking methods used by third parties. You can check out the privacy policies of these other companies to learn more.
The Services may contain links to, or otherwise make available, third-party websites, services, or other resources not operated by us or on our behalf (“Third-Party Services”). We aren’t responsible for the privacy practices, content or accuracy of the Third-Party Services. We also don’t review or endorse their content or the products or services they describe.
In addition, we aren’t responsible for the information, collection, use, disclosure or security policies and practices of other organizations. These include companies such as Apple, Google, Microsoft, RIM, or any other app developer, app provider, operating system provider, wireless service provider, or device manufacturer.
If you have any questions or concerns about this statement, or the way your information is collected and used, please contact the Aetna Privacy Office at PrivacyAetna@Aetna.com.
Keep your information safe. Don’t email us information you consider confidential. If you’re a health plan member, call us at the number on your member ID card instead. Or call the number in the app you’re using. There are also some secure areas of our apps to share this type of information.
We may change this Privacy Statement. You can find the date changes were last made at the bottom of the page. Any changes become effective when we post the revised Privacy Statement. Your use of the Services following these changes means you accept the revised version.
Privacy Statement update: February 25, 2022
Text message alert terms & conditions
Effective date 02/01/2020
Read these Terms and Conditions (this “Agreement”) for important information about our text alert services (“Aetna text alerts”). THIS AGREEMENT CONTAINS A MANDATORY ARBITRATION OF DISPUTES PROVISION THAT REQUIRES THE USE OF ARBITRATION ON AN INDIVIDUAL BASIS TO RESOLVE DISPUTES, RATHER THAN JURY TRIALS OR CLASS ACTIONS.
Aetna or one or more of its affiliates offers access to healthcare service messages via recurring SMS (Short Message Service), MMS (Multimedia Message Service) text alerts and email alerts. Enrollment in text alerts requires a member to provide his or her own mobile phone number with an area code within the 50 United States or the District of Columbia. Enrollment in email alerts requires member to provide an email address. By enrolling to receive Aetna text or email alerts, you agree to these terms and conditions, which become effective upon your enrollment. You may be asked to verify your mobile phone number before the service will start. This requires responding to a text alert sent to your mobile phone confirming your enrollment in this Service.
You acknowledge that alerts will be sent to the mobile phone number or email address you provide to Aetna. Such alerts may include personal information about your health based on the type of information you choose to receive via electronic communication, and whoever has access to the mobile phone or carrier account or email address will also be able to see this information. You acknowledge that if you elect to receive Protected Health Information as defined in HIPAA via text alerts or e-mail alerts, you are (i) electing to receive such information through an unencrypted method of communication, and that (ii) information contained in an unencrypted e-mail and/or text message is at risk of being intercepted and read by, or disclosed to, unauthorized third parties. Once you enroll, the frequency of text or email alerts we send to you will vary. You will typically receive alerts when we have information for you about healthcare information. Aetna does not impose a separate charge for text alerts; however, your mobile carrier’s message and data rates may apply depending on the terms and conditions of your mobile phone contract. You are solely responsible for all message and data charges that you incur. Please contact your mobile service provider about such charges. The following carriers are supported: AT&T, Verizon Wireless, Sprint, T-Mobile, U.S. Cellular, Boost Mobile, MetroPCS, Virgin Mobile, Alaska Communications Systems (ACS), Appalachian Wireless (EKN), Bluegrass Cellular, Cellular One of East Central, IL (ECIT), Cellular One of Northeast Pennsylvania, Cricket, Coral Wireless (Mobi PCS), COX, Cross, Element Mobile (Flat Wireless), Epic Touch (Elkhart Telephone), GCI, Golden State, Hawkeye (Chat Mobility), Hawkeye (NW Missouri), Illinois Valley Cellular, Inland Cellular, iWireless (Iowa Wireless), Keystone Wireless (Immix Wireless/PC Man), Mosaic (Consolidated or CTC Telecom), Nex-Tech Wireless, NTelos, Panhandle Communications, Pioneer, Plateau (Texas RSA 3 Ltd), Revol, RINA, Simmetry (TMP Corporation), Thumb Cellular, Union Wireless, United Wireless, Viaero Wireless, and West Central (WCC or 5 Star Wireless).
You may opt out of Aetna text alerts at any time. To stop receiving text alerts, text STOP to the number upon which you are receiving text alerts, including 41368, 46716, 49540, 66902, 67954, 72483, 77583, 79720, 90156, or 37046 (or the number from which you are receiving Aetna alerts). After you submit a request to unsubscribe, you will receive one final text alert from Aetna confirming that you will no longer receive text alerts. No additional text alerts will be sent unless you re-activate your enrollment to the text alert program. For questions about text alerts, text the word HELP to 41368, 46716, 49540, 66902, 67954, 72483, 77583, 79720, 90156, or 37046. Text alerts may come from any one of these short codes and Aetna may change, add or remove short codes as necessary.
The Aetna text alert programs are offered on an “as is” basis and: (1) may not be available in all areas at all times; and (2) may not continue to work in the event of product, software, coverage or other service changes made by your wireless carrier. Aetna may change or discontinue any of its text alert programs without notice or liability to you. Aetna and its related companies and each of their respective officers, directors and employees are not responsible and shall not be liable for any losses or injuries of any kind resulting, directly or indirectly, from any Aetna text alert program or from technical failures or delays of any kind. Aetna reserves the right to cease delivery of text alerts to any person at any time in its sole discretion.
EXCEPT FOR DISPUTES THAT QUALIFY FOR SMALL CLAIMS COURT, ALL DISPUTES ARISING OUT OF OR RELATED TO THIS AGREEMENT OR ANY ASPECT OF THE RELATIONSHIP BETWEEN YOU, ON THE ONE HAND, AND AETNA OR ITS SUPPLIERS OR VENDORS, ON THE OTHER HAND, WHETHER BASED IN CONTRACT, TORT, STATUTE, FRAUD, MISREPRESENTATION, OR ANY OTHER LEGAL THEORY, WILL BE RESOLVED THROUGH FINAL AND BINDING ARBITRATION BEFORE A NEUTRAL ARBITRATOR INSTEAD OF IN A COURT BY A JUDGE OR JURY AND YOU AGREE THAT AETNA AND YOU ARE EACH WAIVING THE RIGHT TO TRIAL BY A JURY. YOU AGREE THAT ANY ARBITRATION UNDER THIS AGREEMENT WILL TAKE PLACE ON AN INDIVIDUAL BASIS; CLASS ARBITRATIONS AND CLASS ACTIONS ARE NOT PERMITTED AND YOU ARE AGREEING TO GIVE UP THE ABILITY TO PARTICIPATE IN A CLASS ACTION. The arbitration will be administered by the American Arbitration Association (“AAA”) under its Consumer Arbitration Rules (currently available at the Consumer Arbitration Rules PDF), as amended by this Agreement. The arbitrator will conduct hearings, if any, by teleconference or videoconference, rather than by personal appearances, unless the arbitrator determines upon request by you or by us that an in-person hearing is appropriate. Any in-person appearances will be held at a location which is reasonably convenient to both parties with due consideration of their ability to travel and other pertinent circumstances. If the parties are unable to agree on a location, such determination should be made by the AAA or by the arbitrator. If you are able to demonstrate that the costs of arbitration will be prohibitive as compared to the costs of litigation, Aetna will pay as much of your filing and hearing fees in connection with the arbitration as the arbitrator deems necessary to prevent the arbitration from being cost-prohibitive. The arbitrator’s decision will follow the terms of this Agreement and will be final and binding. The arbitrator will have authority to award temporary, interim, or permanent injunctive relief, or relief providing for specific performance of this Agreement, but only to the extent necessary to provide relief warranted by the individual claim before the arbitrator. The award rendered by the arbitrator may be confirmed and enforced in any court having jurisdiction thereof. Notwithstanding any of the foregoing, nothing in this Agreement will preclude you from bringing issues to the attention of federal, state, or local agencies and, if the law allows, they can seek relief against us for you.
With the exception of any of the language above in this Dispute Resolution provision relating to the waiver of class and representative actions, if a court decides that any part of this Dispute Resolution provision is invalid or unenforceable, the other parts of this Dispute Resolution provision shall still apply. If a court decides that any aspect of the language above in this Dispute Resolution provision relating to the waiver of class and representative actions is invalid or unenforceable, then the entirety of this Dispute Resolution provision shall be null and void. The remainder of the Agreement will continue to apply and be unaffected by this severability provision.
The Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule affords members the right to receive a notice that describes how health information may be used and disclosed and how to get access to this information. Aetna is required to send a notice ("Notice of Privacy Practices") to members of our insured Health and Long Term Care plans and Mail Order Pharmacy customers.
Aetna is also required to send a privacy notice ("Notice of Information Practices") to our insured Life and Disability plan members and to our Large Case Pension payees.
Notice of privacy practices by plan type
Medical, Dental, Pharmacy, Managed Behavioral Health and Vision plans Notice of Privacy Practices
Federal Risk Plans
Aetna Senior Supplemental Health Notice of Privacy Practices
Aetna Student Health Notice of Privacy Practices
Employee Assistance Plan Notice of Privacy Practices
Long-Term Care Notice of Privacy Practices
Aetna Voluntary Notice of Privacy Practices
Aetna International – U.S. Based Plans Notice of Privacy Practices
Notice of information practices by plan type
Large Case Pension Notice of Information Practices
Life and Disability Notice of Information Practices
Life Privacy Notice for American / Continental Notice of Information Practice
If you think your HIPAA Privacy Rights have been violated, you can contact us using the toll-free Member Services number on your ID card or you may contact the Aetna Privacy Office directly at the address below:
HIPAA Member Rights Team
P.O. Box 14079
Lexington, KY 40512-4079
You also may write to the Secretary of the U.S. Department of Health and Human Services.
Aetna takes information security seriously and we diligently safeguard your personal information. Here are some ways Aetna protects your information and steps you can take to help.
A list of steps we take to secure your health information.
Our effort to reduce the use of SSNs
Protect your medical records and identity
Because we’re committed to protecting the privacy of our members, we’re moving away from the use of Social Security numbers whenever possible. Thieves often steal Social Security numbers when they hack websites and computers. A Social Security number is not required for health care services.
Here's how you can help
If you're a health care professional working with us:
- Collect the patient's member ID number, rather than a Social Security number.
- For your own transactions, use your Employer Identification Number (EIN), rather than a Social Security number.
If you're an Aetna member:
- Give your member ID number -- not your Social Security number -- when you go to the doctor, dentist or hospital.
If you're an employer working with us:
- Work with your Aetna Contact or Account Rep to reduce the transmission of SSNs
Protecting the privacy and security of sensitive information is one of our highest priorities. Accordingly, Aetna encrypts all Internet e-mails that contain member-specific health and financial information -- examples include, but aren't limited to, personal and demographic information (e.g., name, SSN, address), employment information, information about payment of benefits, provider information, diagnostic or treatment information, claims status information and information related to behavioral health and/or sexually transmitted disease services.
Use of encrypted e-mail enables us to send quick, reliable communications while maintaining our commitment to protecting the confidentiality of member-specific information.
What is encrypted e-mail?
Encrypted e-mail is scrambled by the sender's e-mail program, which renders it unreadable until it is descrambled or "decrypted" by the recipient. Unencrypted e-mail is similar to a postcard - the message can be viewed by anyone who picks it up. Encrypted e-mail is similar to a sealed letter -- the content cannot be viewed until the envelope is opened - except, in this case, the envelope has a lock on it to which only the recipient has a key.
How does Aetna's use of encrypted e-mail impact recipients?
- Whenever Aetna transmits member-specific health or financial information via Internet e-mail, the e-mail includes a message indicating that the content has been secured via encryption.
- Encrypted e-mails from Aetna include instructions on how to decrypt the message for viewing - this requires the recipient to perform a few simple clicks.
- Anyone who receives an encrypted e-mail from Aetna is able to send an encrypted reply.
- Third party messages that are sent to Aetna via the "Contact Us" feature on Aetna.com are also encrypted.
Who can receive member-specific health and financial information?
Aetna has strict procedures in place for determining if a third party can receive member health and financial information i.e., Aetna employees are required to verify whether a requestor is authorized to receive the information before it is released.
Whom can the recipient of an Aetna encrypted e-mail call with questions?
Each encrypted e-mail from Aetna includes instructions on how to open the message and view the secure content. In the event a recipient receives an error message while in the process of trying to open an Aetna-generated encrypted e-mail, the error message provides guidance for troubleshooting the problem. In addition, the error message includes the following contact information:
If you experience any problems, please contact 1-800-237-7476 (TTY: 711), option 4 (Secure Email) during normal business hours; 8AM to 6PM ET.
Medical identity theft is a growing problem
Medical identity theft happens when someone steals your personal or health insurance information. They use it to get medical care, prescriptions, insurance payouts, even surgery. It’s a lot like regular identify theft. It can damage your credit rating. Cost you money and take time to clear up. Even hurt your chances to get some jobs. And it's happening more and more in the United States.
Here are a few steps to protect yourself
Be careful with your member ID card
It could be used to get medical services or drugs. And these will be on your medical record permanently. If your card is missing, lost or stolen, notify Aetna Member Services right away.
Keep personal information personal
Don’t give out your insurance ID, Social Security or driver’s license numbers on the phone or by mail to just anyone. Make sure you initiated the contact. And make sure there is a valid reason for giving out the number.
Be on guard even if someone claims to be from Aetna
We avoid asking for your Social Security number. However, there are times we need it. For example, if you:
- Sent us a form that requested your Social Security number but you didn’t provide it or it is not readable, we might call you to ask for it.
- Left a voice mail for someone at Aetna that did not include enough information to identify you, we might ask for additional information when returning your call.
Review health care information
Take time to read mailed Explanation of Benefits (EOB) statements or online claims. Even if they are marked, “This is not a bill." Look for:
- Wrong group or identification numbers
- Unfamiliar provider offices or hospitals
- Dates for services on which you did not receive care
- Prescriptions you did not fill
Make sure “free” is free
If you visit a free clinic, make sure it’s free. Don’t show your ID card for any reason.
Check your credit report
Identity thieves can run up medical costs in your name. The bills can be mailed to another address. You won’t know unless you check your report. Or you get a call from a collection agency.
Find out how you can get a credit report for free visit the Federal Trade Commission.
Health care privacy FAQs
Simple, direct answers to common questions about health care privacy.
If you don't believe your health information is protected, you may be less likely to visit or talk to your doctors and other health care experts about health issues because you are afraid of who else may learn about your conditions. This may place you at greater risk: Your doctor needs to know as much as possible about your health to give you the best possible care.
The Health Insurance Portability and Accountability Act (“HIPAA”) includes a privacy rule that require people who manage your health care keep your information private (other federal and state laws include privacy protections as well). Health care companies must follow the HIPAA privacy rule as well as health care providers. Examples of health care companies and health care providers include:
- Nursing homes
Here are some examples of protected information:
- Anything your doctors, nurses, and others put in your medical record
- Conversations your doctor has about your care or treatment with nurses and others
- Information about you in an insurer's computer system
- Billing information about you at a doctor's office, clinic or hospital
You have the right to:
- Know who has your personal health information
- Request limits on who can see this information
- Get a copy of this information
- Be provided with privacy notices that explain our use and disclosure of your information
- Have this information safeguarded
- Request corrections to your information
- Decide if you want to give your permission before your information can be used or shared for certain purposes, such as for marketing
- Get a report on when and why your information was shared for certain purposes
- File a complaint if you feel your right to privacy has been violated
We have the responsibility to:
- Put safeguards in place to protect your information
- Limit the use and disclosure of your information to the minimum needed to accomplish our goals
- Enter into agreements with our contractors and others to make sure they use and disclose your information properly and safeguard it appropriately
- Have procedures in place to limit who can see your information
- Hold training programs for employees to learn how to protect your information
Call us at the number on your member ID card. Tell us what you need. For example, you may want to:
- Request information on how we may use or share your health information
- See what health information we have about you
- Authorize someone else to see your private health information
- Ask us to refrain from sharing your information under certain circumstances. You may need to complete and send in a form depending on your request. Our response will depend on the nature of your request.
Do you get your health insurance where you work? If so, where you go for privacy information depends on the kind of plan you joined.
There are two kinds of health plans offered by employers. One kind of plan is called "insured" because an insurance company pays for claims. The other kind of plan is called "self-insured" because your employer actually pays for claims and hires another company only to run the systems that support the plan. If you are a member of a self-insured plan, you may need to work with your employer to address your privacy concerns.
To find out whether to address a privacy issue with your employer or with Aetna, call the number on your member ID card or talk to your company HR representative.
Contact us if you think your rights are being denied or your health information isn't being protected. Call the number on your member ID card. Or write to:
HIPAA Member Rights Team
P.O. Box 14079
Lexington, KY 40512-4079
You may also write to the Secretary of the U.S. Department of Health and Human
Services. You will not be penalized for filing a complaint.
You have the right to ask us to communicate with you in a certain way or at a certain location.
If you are on someone else's insurance and would like us to send your Explanation of Benefits statements and other claim information to an address that's different from the primary subscriber's, please call Member Services at the number on your ID card.
To stop paper mailings of Explanation of Benefits and claim information, log in to your secure account and use the "Profile" link in the upper right corner to change your paper saving preferences. Your Explanation of Benefits and claim information will still be available in your secure account.
You also can use the "Profile" link to opt in or out of receiving emails from us, or to add or change a phone number.
Aetna is the brand name used for products and services provided by one or more of the Aetna group of companies, including Aetna Life Insurance Company and its affiliates (Aetna).
Health benefits and health insurance plans contain exclusions and limitations.