Interoperability and Patient Access

Introduction

As your trusted health partner, we are committed to providing you with digital access to your health information. To that end, we are working to allow you to easily retrieve healthcare data so you can:

  • Share the information in a secure method with whomever the member choses; or
  • Utilize apps or devises to analyze, track and manage the member’s data.

Interoperability

The Centers for Medicare & Medicaid Services published new interoperability rules that will make it easy for patients and health insurance members to access their health information.

Interoperability will create the opportunity to connect your health and claims data to the application of your choice. This means that you can access your data in the manner that is best for you, leading to more flexibility and knowledge about your health.

These new rules mean that your health care data can be shared more easily, but they also mean you’ll have to take additional steps to protect it.

We believe it is important for you to know all the facts about third-party apps, your protected health information and privacy and security.

What You Need to Know

Your health data is available for you to download to a third-party App of your choice. This includes all of your health data that your health plan maintains. These third-party Apps may NOT be covered by the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”) Privacy or Security Rules or other privacy or security laws/regulations that are in place for healthcare entities to protect your health information.

Before you choose a mobile App, we recommend you review and evaluate the mobile App’s privacy and security policies.

Below are some items you may consider when evaluating the App’s privacy and security policy.

  • Does this App have privacy policies in place to keep my health information confidential and private?
  • Does the App have security measures in place to ensure my health information is not compromised?
  • Can the third party that owns the App disclose my health information to others without my permission? Can they sell my information?
  • How will the third party App use my data and for what purpose?
  • If I want to delete the App, will all my data be deleted from the third party server?
  • Does the third party have a customer service number where you can call to ask questions or file a complaint?
  • Will the App have access to other information on my device such as location or contacts?

Information shared could include:

  • allergies
  • primary care provider
  • demographics
  • documents
  • health goals
  • implants
  • lab results
  • medications
  • problems
  • procedural and diagnostic orders
  • procedures
  • immunizations
  • vitals
  • appointments
  • provider details
  • referral orders
  • smoking status
  • clinical notes
  • lines, drains, airways
  • encounters

Enforcement

A third party App should have a privacy notice. If you have questions or concerns about the way your health plan uses your personal data, refer to your health plan’s Notice of Privacy Practices at https://www.healthalliance.org/documents/85/2021. To file a complaint with your health plan, contact your health plan’s privacy office by emailing ComplianceLine8304@healthalliance.org or calling 1-800-851-3379 ext. 29152.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces federal civil rights laws, conscience and religious freedom laws, the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule, which together protect your fundamental rights of nondiscrimination, conscience, religious freedom, and health information privacy. If you believe that a HIPAA-covered entity or its business associate violated your (or someone else’s) health information privacy rights or committed another violation of the Privacy, Security, or Breach Notification Rules, you may file a complaint with the Office for Civil Rights (OCR). OCR can investigate complaints against covered entities (health plans, health care clearinghouses, or health care providers that conduct certain transactions electronically) and their business associates.

To learn more about filing a complaint with the Office of Civil Rights (OCR) under the Health Insurance and Portability and Accountability Act (HIPAA), visit https://www.hhs.gov/hipaa/filing-a-complaint/index.html

The Federal Trade Commission (FTC) Act protects against deceptive acts such as violations of the terms of its privacy notice. The FTC provides information about mobile App privacy and security for consumers.

If you believe an App inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the www.ftc.gov/complaint.

How do I grant access of this data to a Third Party App?

In order to grant access to this information you must have an account with Hally. If you do not already have an account please visit http://login.hally.com/.

Additionally, a third-party app must have registered with Health Alliance and affiliates for this data to be available to transfer.

Need Help?

Call customer service at 1-800-851-3379 or email us at customerservice@healthalliance.org.

If you would like to register your App with Health Alliance click here.