Interoperability FAQs - Resources on Privacy and Security

What should I consider before allowing a third-party app to access my health care data?

You should protect your health data. Knowing what to look for can help you make better decisions. Look for easy-to-read privacy policies. The policy should tell you how the app will use your data. If an app does not have a privacy policy, you should not use it.

You should ask:

  • What data will be shared on the app? Will the app share non-health data?
  • Will my data be stored in the app?
  • How will the app use my data?
  • Will this app share my data to anyone else?
    • Will this app sell my data for advertising or research?
    • Will this app share my data for any reason?
  • Can I limit the app’s use of my data?
  • Does the app use security measures to protect my data?
  • Is there an impact on anyone else if I share my data in the app?
  • How can I access my data and make corrections in the app?
  • Does the app have a way to receive and respond to complaints?
  • How do I stop the app from having my data if I do not want to use the app anymore?
    • What is the app’s policy for deleting my data? Do I have to do more than just delete the app from my device?
  • How does the app tell users if it changes the rules?

The app’s privacy policy should answer these questions. If they do not answer these questions, then you should not use the app. You should choose an app with strong privacy standards that protects your data.

Third party apps are asked to confirm certain privacy policies. If the third-party app responds negatively or does not respond at all, a warning will show when you open the app. After you read the warning, you can change your mind about sharing your data to the app. If you choose to download the app after the warning, your data will be shared.

It is important to read the privacy policies of the app before you use it.

What if I’m part of an enrollment group?

Some members share an enrollment group with other family members in their house. Sometimes members can access information for all members of an enrollment group. You will only be able to access your own data through the app.

If you want to see a family member's data, you need permission from your family member. Call Customer Service (800-356-1204) and ask for the forms. If you are the parent of a minor child (age 14 or under), you can see their information on the app. Call Customer Service if you have questions.

If you do not want to share an enrollment group with your household, you can enroll household members to separate groups. Call Customer Service if you have questions.  

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)? Who must follow HIPAA?

More information about HIPAA is here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html 

More information in the HIPAA FAQs for Individuals is here: https://www.hhs.gov/hipaa/for-individuals/faq/index.html
 

Are third-party apps covered by HIPAA?

Most third-party apps are not covered by HIPAA. Most third-party apps are covered under the Federal Trade Commission (FTC) and the FTC Act. The FTC Act protects against false acts. The FTC provides information about mobile app privacy and security here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

What should I do if I think my data has been leaked or the app used my data inappropriately?

You can file a complaint with the MDWise Privacy Office. Complaints can be sent by mail or email.

Address:
MDwise
Attention: Privacy Officer
P.O. Box 441423
Indianapolis, IN 46244-1423

E-mail:
legal@mdwise.org

You can also submit a complaint to OCR or FTC.

Learn about filing a complaint with OCR under HIPAA:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html

File a complaint with OCR using the OCR complaint portal:
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

File a complaint with the FTC:
https://reportfraud.ftc.gov/