Interoperability FAQs - Resources on Privacy and Security for Members

What should I consider before allowing a third-party app to access my health care data?

It is important that you take an active role in protecting your health data. Knowing what to look for can help you make better decisions. Look for easy-to-read privacy policies. The third-part app’s policy should tell you how the app will use your data. If an app does not have a privacy policy, you should not use it.

You should ask:

  • What data will be shared or collected on the app? Will the app collect or share non-health data that is on my phone or device?
  • Will my data be stored in the app?
  • Will the data be stored in a secure way?
    • Will my data be encrypted?
    • How else will the app protect my data?
  • How will the app use my data?
  • Will this app share my data with anyone else?
    • Who will the app share my data with? For what reason?
    • Will this app sell my data for any reason, like for advertising or research?
  • How can I limit the app’s use of my data?
  • Is there an impact on anyone else if I share my data in the app, like my family members?
  • How can I access my data and make corrections in the app?
  • Does the app have a way to receive and respond to complaints?
  • How do I stop the app from having my data if I do not want to use the app anymore?
    • What is the app’s policy for deleting my data? Do I have to do anything more than just delete the app from my device?
  • How does the app tell me if it changes its rules in a way that may affect my privacy?

The app’s privacy policy should answer these questions. If it does not answer these questions, you should not use the app. You should choose an app with strong privacy and security standards that protect your data.

Third party apps are asked to confirm certain privacy policies. If the third-party app responds negatively or does not respond at all, a warning will show when you open the app. After you read the warning, you can change your mind about sharing your data to the app. If you choose to download the app after the warning, your data will be shared.

It is important to read the privacy policies of the app before you use it.

What about family members data?

You will only be able to access your own data through the app. If you have other family members who are MDwise members and you want to see their data, you will need permission from those family members. Call MDwise Customer Service at 800-356-1204 and ask for the forms. If you are the parent of a minor child (age 14 or under), you can see their information on the app. Call Customer Service if you have questions.

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)? Who must follow HIPAA?

More information about HIPAA is here:

https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

More information in the HIPAA FAQs for Individuals is here

https://www.hhs.gov/hipaa/for-individuals/faq/index.html

Are third-party apps covered by HIPAA?

Most third-party apps are not covered by HIPAA. Most third-party apps are covered under the Federal Trade Commission (FTC) and the FTC Act. The FTC Act protects against deceptive acts or fraud — for example, if an app shares personal data without your permission despite having a privacy policy that states it will not share your data without your permission. The FTC provides information about mobile app privacy and security here:

https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

What should I do if I think my data has been leaked or the app used my data inappropriately?

You can file a complaint with the MDwise Privacy Office. Complaints can be sent by mail or email to:

Address:
MDwise
Attention: Privacy Officer
P.O. Box 441423
Indianapolis, IN 46244-1423

E-mail:
legal@mdwise.org

You can also submit a complaint to OCR or FTC.

Learn about filing a complaint with OCR under HIPAA:

https://www.hhs.gov/hipaa/filing-a-complaint/index.html

File a complaint with OCR using the OCR complaint portal:

https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

File a complaint with the FTC:

https://reportfraud.ftc.gov/

 

 DR-04-2025-16675/HHW-HIPM1617 (4/25)