Your health in your hands
HMSA is working on a new feature in third-party apps that will launch sometime in 2021 that gives you access to your health care information whenever you want. If you have Medicare, Medicaid, or a health plan that’s certified by the federal government (Affordable Care Act Qualified Health Plans) and purchased on HealthCare.gov , you can access your member information. You can download a third-party app to your mobile device (smart phone or tablet). For more information, visit the Centers for Medicare & Medicaid Services (CMS) website at www.cms.gov/newsroom/fact-sheets/interoperability-and-patient-access-fact-sheet.
What kind of information will be available?
- Your health history since January 2016.
- Claims and some clinical data from visits with health care providers.
- Data from services such as case management or care coordination.
Data may include sensitive details such as diagnosis, treatment, and care information.
When I use a third-party app to access my health information, does the Health Insurance Portability and Accountability Act of 1996 (HIPAA) protect me?
Third-party apps aren’t subject to HIPAA, a federal law that mandates national standards to protect the privacy and security of protected health information. Instead, it has its own privacy policy about how they will use, share, and possibly sell your information. Learn more at hmsa.com/privacy/hipaa-compliance.
The Federal Trade Commission Act protects against deceptive acts such as going against its own privacy policy. A third-party app that violates the terms of its privacy notice is subject to the Federal Trade Commission (FTC). Learn more about the FTC at consumer.ftc.gov/articles/0018-understanding-mobile-apps.
If you think that a third-party app inappropriately used, shared, or sold your information, file a complaint at reportfraud.ftc.gov.
Does HIPAA still cover my health information?
Yes. The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. HMSA complies with HIPAA. For more information about your rights under HIPAA and who must comply with HIPAA, visit hhs.gov/hipaa/for-individuals/index.html.
Learn more about filing a complaint with OCR about HIPAA requirements at hhs.gov/hipaa/filing-a-complaint/index.html.
For more information about HMSA and HIPAA compliance, visit hmsa.com/privacy/hipaa-compliance. To learn more about HMSA’s privacy notice or to see how to file a complaint, visit hmsa.com/privacy/notice.
How do I choose a third-party app?
Sharing information
- Will the third-party app sell my data?
- Will the third-party app share my data with anyone?
- How will the third-party app use my data and why?
- Will the third-party app let me control how it sells, shares, or uses my data?
Communication
- How will the third-party app let me know if there are changes in its privacy practices?
- How will the third-party app respond to user complaints?
Access and security
- Will the third-party app collect non-health data such as my location?
- How will the third-party app protect my data?
- Will the third-party app have access to the data of anyone else on my plan?
- Will the third-party app let me correct wrong information? (Any information you correct in the third-party app won’t change the information that comes from HMSA.)
Canceling
- If I want to stop using the third-party app, how do I cancel?
- What is their policy for deleting my data once I stop using it?
- Do I have to do anything else besides deleting it from my device?