Skip to main content
Menu

Sharing and Protecting Your Individual Healthcare Information

The Centers for Medicare and Medicaid Services (CMS) enacted the Interoperability and Patient Access Rule, to provide individuals/consumers access to their health information in a manner that can be best used when the individual needs such information.

The Sharing of Consumer Data

The CMS Interoperability Rule requires payers, such as AvMed, to implement and maintain a standards-based Application Programming Interface (API) that permits third-party applications to retrieve, with the approval and at the direction of a current individual enrollee or the enrollee’s personal representative the enrollee’s health information through the use of common technologies and without special effort from the enrollee. This enables enrollees to manage, through access to data, their health care  with the goal of improving healthcare outcomes.

Please be advised that a third-party application used by an individual/consumer to access their health information is not in any way connected to AvMed or any subcontractor for AvMed. When individuals/consumers grant  a third-party application access to their health information, AvMed cannot protect or monitor the maintenance, use, or disclosure of the individual’s health information. As such, AvMed cannot, and does not, guarantee that any third-party application will maintain the privacy and security of the health information of any individual/consumer.

Please be advised that AvMed shares all relevant claims, encounters, and clinical data of the individual/consumer, when the person requests that AvMed share health information with an application, which is also referred to as an “App.” AvMed cannot limit application/App  access to certain types of data, while sharing access to other data. If an individual/consumer, such as yourself, does not want sensitive health information shared with an application/App, then you should not, under any circumstance, request or authorize AvMed to share your data with any application/App.

The CARIN Alliance Code of Conduct sets forth standards for how consumer health information will be utilized and protected. You can use the resources below to understand how to protect the privacy and security of your health information while considering whether to use a particular third-party application/App to access your data.

 

Third-party Application Selection

When deciding whether to use  an application/App to view your health information, you should review the application’s/App’s Privacy Policy and Terms of Use/Terms of Service. You need to make certain that the policy is understandable and easy to read as applications often use data collected on behalf of customers for other purposes. The application’s Privacy Policy should outline how the data will be used and the steps the application company has taken to protect the data that it receives and stores. If an application/App does not have a privacy policy such as this, AvMed advises that an individual/consumer not use the application/App.

Items to consider about your health information when selecting an application:

  • What data will this app collect?
  • Will this app collect non-health care data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app share my data for any reason, such as advertising or research? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my data, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

As health information is very sensitive, you should choose applications/Apps with strong privacy and security standards to protect your health information. If the Privacy Policy does not clearly answer these questions, you should avoid using the application/App to access your health information.

If you have any additional questions, please view the Interoperability Frequently Asked Questions.

 

Third-party Applications and HIPAA

The Health Insurance Portability and Accountability Act (HIPAA) does not cover most third-party Apps. HIPAA protects the use and disclosure of Protected Health Information (PHI), which includes an individual’s medical information as well as personal identifiers such as name, address, date of birth, and social security number. AvMed is a covered entity under HIPAA. Hospitals, providers, and other health care entities may also be covered under HIPAA. Most applications are not covered under HIPAA. As an AvMed member, you can review AvMed's Privacy Policy.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. To find out more about your rights under HIPAA, visit U.S. Department of Health and Human Services (HHS).

The HHS Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and The Patient Safety and Quality Improvement Act of 2005 (PSQIA). Get more information about filing a complaint to the OCR and what to expect, or file a complaint directly through the OCR portal.

 

Third-party Applications and Federal Trade Commission Oversight

Most third-party Apps are regulated by the Federal Trade Commission (FTC) based on the requirements of the FTC Act, which among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers here: How To Protect Your Privacy on Apps | Consumer Advice (ftc.gov) You can report fraud to the Federal Trade Commission (FTC).

 

Applications That Act in an Inappropriate Manner

If you feel that your data has been breached or used in an inappropriate manner, you may contact the AvMed Compliance Officer by phone at 844-263-2376, or contact the Corporate Compliance Hotline, available 24 hours per day by phone at 800-981-6667, or report a concern online.

Please note that concerns may be reported anonymously. 

You may also write to:

AvMed, Inc. HIPAA Privacy Officer
P.O. Box 749
Gainesville, FL  32627-0749