Start Of Main Content


for the Health Insurance Division of State Farm Mutual Automobile Insurance Company

We value your privacy.

This is our HIPAA Notice of Privacy Practices (Notice). We’ll provide a copy of the Notice at the time of policy issuance of a HIPAA-covered product, upon request, or as required by law thereafter.

Protected Health Information (PHI) is individually identifiable health information created, received, held, or transmitted by the Health Insurance Division or its business associates, in any form or media, except certain other information excluded from federal regulations. This Notice describes how PHI about you may be used and disclosed and how you can get access to this information.

We are required by law to maintain the privacy of PHI and to provide you with notice of our legal duties and privacy practices with respect to PHI. We are required to abide by the terms of this Notice as long as it remains in effect. We reserve the right to change our privacy practices, procedures, and terms of this Notice as necessary, and to make the new Notice effective for all PHI maintained by us. If a material change is made to the terms of this Notice, a revised Notice will be provided to all primary insureds. You may obtain a copy of this Notice on our website at® or by contacting us as described in the How To Contact Us section below.


Your Authorization — Even though we do not use or disclose your PHI for marketing (except for in-person communications) or sell your PHI to third parties, we must notify you that the following uses or disclosures specifically require your prior authorization: 1) uses and disclosures of PHI for marketing purposes 2) disclosures that constitute a sale of PHI and 3) most uses and disclosures of psychotherapy notes. In addition, except as outlined below, we will not use or disclose your PHI for any purpose unless you have signed a form authorizing the use or disclosure. You have the right to revoke that authorization in writing unless we have taken any action in reliance on the authorization. Finally, we may use your PHI to communicate in-person with you regarding other State Farm products which may assist you in fulfilling your insurance or financial needs. This specific use of PHI does not require prior authorization.

Uses and Disclosures for Payment — We may use and disclose your PHI as necessary for payment purposes. For instance, we may use and disclose information regarding your medical care to process and pay claims.

Uses and Disclosures for Health Care Operations — We may use and disclose your PHI as necessary, and as permitted by law, for our health care operations, such as customer service, premium rating, fraud and abuse prevention and detection, and other functions related to your health policy. We may use and disclose your PHI to provide you with information about treatment alternatives or other benefits and services that may be of interest to you.

Family, Friends, and Others Involved in Your Care — With your approval, we may disclose your PHI to designated family, friends, and others to assist in caring for you or in paying for your care. If you are unavailable, incapacitated, or facing an emergency medical situation, and we determine that a limited disclosure may be in your best interest, we may share limited PHI with such individuals without your approval. If you have designated a person to receive information regarding payment of the premium on your health policy, we will inform that person when your premium has not been paid.

Business Associates — It may be necessary for us to provide some PHI to one or more outside persons or organizations who assist us with our business activities. We require these business associates to appropriately safeguard the privacy of your information.

Additional Uses and Disclosures Without Your Authorization — We are permitted or required by law to make certain other uses and disclosures of your PHI without your authorization, including under the following conditions:

  • For any purpose as required by law.
  • For public health activities, such as required reporting of certain diseases.
  • As required by law if we suspect child abuse or neglect; we may also release your PHI as required by law if we believe you to be a victim of abuse, neglect, or domestic violence.
  • If required by law to a government oversight agency conducting audits, investigations, or civil or criminal proceedings.
  • If required to do so by a court or administrative order, subpoena, discovery request, or qualified protective order.
  • To law enforcement officials as required by law.
  • To coroners and/or funeral directors consistent with law.
  • If necessary to arrange an organ or tissue donation from you or a transplant for you.
  • For certain research purposes when such research is approved by an institutional review board with established rules to ensure privacy.
  • If you are a member of the military as required by armed forces services; we may also release your PHI if necessary for national security or intelligence activities.
  • If necessary to avert a serious threat to health or safety.
  • To workers' compensation agencies, if necessary for your workers' compensation benefit determination.

Underwriting — We are prohibited from using or disclosing PHI that is genetic information for underwriting purposes.


Access to Your PHI — You have the right to obtain a copy and inspect specific items of your PHI, such as your policy or claim information, for as long as we maintain it. We may deny your request to access certain PHI, as permitted or required by law. We may require your request for access in writing. Your request for access should contain as much detail as possible regarding the PHI you wish to review. We may charge a reasonable fee for access to your PHI.

Amendments to Your PHI — You have the right to request an amendment of the PHI we maintain about you if you believe it is incorrect. We are not legally obligated to make all requested amendments but will give each request appropriate consideration. Requests for amendment must be in writing and must state the reasons for the amendment request.

Accounting for Disclosures of Your PHI — You have the right to request a list or accounting of certain disclosures of your PHI. We are not legally obligated to provide an accounting of every disclosure but will give each request appropriate consideration. Requests must be made in writing.

Restrictions on Uses and Disclosures of Your PHI — You have the right to request restrictions on certain uses and disclosures of your PHI for treatment, payment, or health care operations by notifying us of your request for a restriction in writing. We are not legally required to agree to your restriction request.

Notification of Breaches — You have the right to receive notice following a breach of your PHI.

Confidential Communication of PHI — You have the right to request and to receive communications from us regarding your PHI by another method of contact or at an alternative address. We will accommodate reasonable requests, which must clearly state that disclosure of all or part of the information could endanger your health or safety.

Complaints — If you believe your privacy rights have been violated, you can file a complaint with us or with the Secretary of the U.S. Department of Health and Human Services in Washington D.C. There will be no retaliation for filing a complaint.


If you have questions or need further assistance regarding this Notice, or wish to exercise any of the above-mentioned rights, you may contact us at:

State Farm Mutual Automobile Insurance Company
Health Operations Privacy/HIPAA Administrator
PO Box 2360
Bloomington, Illinois 61702


Your state law may provide greater or different privacy rights regarding the protection, use, or disclosure of information related to victims of abuse or domestic violence.


This HIPAA Notice of Privacy Practices is effective September 23, 2013.


©Copyright, State Farm Mutual Automobile Insurance Company, 2021
Home Offices: Bloomington, IL 61710-0001


Last updated 03/21


Print PDF