Privacy and Third Party Apps
What You Should Know to Protect Your Private Health Information:
It is important for you to take an active role in protecting your health information. In setting health care goals, many people use certain types of technology or apps to help track their health and wellbeing goals. This is a great way to stay informed on your progress!
When selecting an app or type of technology, you should review the privacy policy to understand how your health information is kept private. That is why the federal Government create the Health Insurance Portability and Accountability Act of 1996 (HIPAA). The Privacy Rule, a federal law, gives you rights over your health information and set limits on who can look at and receive your health information. The Security Rule is a federal law that requires security for health information in electronic form. Every app, medical staff members, health insurance plan, web-based portal, and health care facility is required to have a privacy policy that will inform you on how they will use and store certain health information. Some questions to be aware of when reviewing the privacy policy include:
- What health data is collected and how will it use my data?
- Will the app or web-portal disclose, sell, or share my data to others?
- How will the data be stored electronics?
- What security measures does the healthcare setting, app, or web-portal have to protect my health information?
- How can I access the data and correct inaccuracies in the data?
- If I want to restrict access or no longer want to use the healthcare facility, app, or web-portal, what is the policy for deleting my data once I stop access?
Understanding privacy and security practices of any application and organization is very important. Entities that follow the HIPAA regulations include:
- Health Plans, like Cascade Health Alliance and other Oregon Coordinated Care Organizations
- Most Health Care Providers like your Primary Care Provider, healthcare clinic, hospital, psychologist, pharmacies, and dentists
- Health Care Clearinghouses
- Business organizations who work with the above list entities to help with administrative tasks
What Organizations Are Not Required to Follow HIPAA?
Many Organizations that have health information about you do not have to follow HIPAA privacy and security laws. This includes:
- Employers
- Workers’ compensation carriers
- Most school districts
- Many states agencies
- Most law enforcement agencies
- Local government offices
What You Can Do
The Office for Civil Rights ensures compliance with health information privacy and security laws by investigating complaints to protect your rights. If you believe a HIPAA-covered entity or business violated your (or someone else’s) health information privacy rights, you may file a compliant with the Office of Civil Rights.
To file a Compliant with CHA's Privacy Officer or the Office of Civil Rights:
CCC’s Privacy Officer:
- Mail: 2909 Daggett Ave #225 Klamath Falls, OR 97601
- Phone: 883.2947
- Email: compliance@cascadecomp.com
Office for Civil Rights
- 200 Independence Avenue SW
- Washington D.C. 20201
- 1-877-696-6775
- hhs.gov/ocr/privacy/hipaa/complaints
Learn more about filing a compliant with the Office of Civil Rights: Learn More
For additional information visit the Health and Human Services website
More resources about app privacy and security
- “Using a Health App” infographic
- Tips on finding a secure health app
- How to protect your privacy on apps
- How to protect your personal information and data
Resources from HealthIT.gov: