Skip to main content

Aetna’s Privacy Center


We value the trust you place in us. Protecting your privacy is important to Aetna and we take care to safeguard your personal information. Additional information regarding how we collect, maintain and use your information is available in our Privacy Center.

Web privacy statement

Welcome to the Aetna® Medicaid website. Thank you for your interest in us.


We will not collect personal information about you unless you voluntarily give it to us when you come to our sites. We will use your personal information that you may provide us through our websites only for the purpose stated on the page where we collect it.


In some cases, you will be able to update the information you give us.


To make an update


Just send us an email or update your profile online.


We will not sell your information to a third party. We may share your information when:


  • You tell us to
  • It allows our partners to do their work
  • It is required or permitted by law

When we share your information, we will:


  • Follow all laws and regulations
  • Require the recipient to protect the information
  • Require the recipient to use the information only for the purpose we gave it to them

By “personal information,” we mean data that is about you only. For example:


  • Name
  • Address
  • Social Security number
  • Email address
  • Telephone number

From time to time, we may ask for your personal information to:


  • Answer your questions
  • Deliver a product or service

We welcome your comments or questions about our websites. We have set up email boxes for that purpose. We will share your feedback with our employees who can best reply to you.


Your email may be accessed and viewed by other Internet users without your knowledge or permission. Please do not use email to discuss information you want to keep private.

We collect certain information that does not identify you when you visit our websites. This helps us analyze and improve the usefulness of the information we offer online.


Sometimes, we use “cookies.” This is an element of data that a website can send to your browser when you link to that website. A “cookie” cannot read data on your computer. It also doesn’t take your personal information. A “cookie” allows us to:


  • Recognize you when you come back
  • Track what parts of the site you use
  • Better serve you when you return to that site

We may also use “client-side page tagging.” This process logs certain information about the page and your visit to it. This technique is also commonly used on commercial websites. “Tagging” does allow a JavaScript program to run on your computer. The program only provides information about the page you are requesting and your browser. It will not read any of your data files. It will not start any other programs. It does not read your personal information, such as your name or address.


To stop “tagging,” turn off JavaScript in your browser. If you do, it may stop you from using all our website’s functions.

We may also sell or disclose patient and/or member information that has been deidentified as permitted by law and applicable regulations.


If we do sell or share such deidentified patient or member information, we follow one of the deidentification methodologies described in Section 164.514(b)(1) or (b)(2) of Title 45 of the Code of Federal Regulations. These are also known as the HIPAA expert determination method and the HIPAA safe harbor method, respectively.

From time to time, our websites may link to other sites not owned or controlled by us. We think the links may be useful or of interest to you. We are not responsible for the privacy practices used by other website owners. We cannot be responsible for the content or accuracy of those sites. Links to other websites do not mean or imply we approve these sites. Linking to other sites does not mean or imply that we approve any materials, products or services described on them.

We use tough security standards on our websites. We try to protect your personal information from accidental or unauthorized access or disclosure. We use administrative, physical and technical “firewalls” around the information stored at this site. From time to time, we test our site security. We also have developed comprehensive disaster recovery plans.

We may change this statement. When this happens, we will change the date at the bottom.


You should reread this from time to time to see if there have been any changes that may affect you. We do not intend this statement to create any contractual or other legal rights in or on behalf of any party.

Last revised: 8/11/2021

Health data permissions and privacy

Some members have the right to tell Aetna to release some of their health data to third-party apps.


Here are some educational materials. You can use them to help decide who to share your health data with.


Learn about the payer-to-payer data exchange


If you are an ABH of LA member, click here to learn about the payer to payer data exchange

Take care when choosing which apps you share your health data with. Health data can be very sensitive. We don’t control how third-party apps use or share your health data. We don’t review third-party apps or their privacy and security standards for your health data.


We recommend choosing apps with strong privacy and security standards. Always read apps’ terms of use first. They should have an easy-to-read and find privacy policy. This should tell you how they plan to use your data. Some apps may share your health data with other third parties. If they don’t have a privacy policy, think again about using the app.

You want to make sure an app’s privacy policy answers these questions.


  • What health data will this app collect?
  • Will this app collect non-health data from my phone, such as my location?
  • Will this app store my data in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app share my data with other third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact does sharing my data with this app have on others? Does this impact my family members?
  • How can I access my data and correct wrong info saved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I stop the app from getting my data?
  • What is the app’s policy for removing my data once I end access?
  • Do I have to do more than just delete the app from my device?
  • How does this app tell users about changes that could affect its privacy practices?

  • The Health Insurance Portability and Accountability Act (HIPAA) is a federal law. One part of it helps protect personal health information. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.
  • You can find HIPAA FAQs for individuals from HHS

“Covered entities” must follow HIPAA rules. This can include: 


  • Health plans:

    • Health insurance companies
    • Health maintenance organizations (HMOs)
    • ­Company health plans
    • Certain government programs that pay for health care, like Medicare and Medicaid
  • Many health care providers that do business electronically. For example, if they bill your health insurance electronically. This can include:

    • Doctors
    • Health clinics
    • Hospitals
    • Psychologists
    • Chiropractors
    • Nursing homes
    • Pharmacies
    • Dentists
  • Health care clearinghouses

“Business associates” who provide certain services for covered entities must follow parts of the HIPAA rules. This can include:


  • Billing companies
  • Health care claims processors
  • Companies that store or destroy medical records
  • Those that help administer health plans

Many entities that have your health info don’t need to follow HIPAA rules. These may include:


  • Life insurers
  • Employers
  • Workers compensation carriers
  • Schools and school districts
  • State agencies
  • Law enforcement agencies
  • Municipal offices

You can find more info from HHS about patient rights under HIPAA and who must follow HIPAA

HIPAA doesn’t cover most third-party apps. Instead, the apps fall under the authority of the Federal Trade Commission (FTC) and the protections of the FTC Act. The act protects against deceptive acts. For example, if an app shares personal data without your permission, despite having a privacy policy that says it will not do so.


Read more from the FTC about mobile app privacy and security

If you think your HIPAA privacy rights were violated, you have options:


Last revised: 8/11/2021

Also of interest: