Third-Party Application Data Sharing

You can choose to share your health data with Third-Party Applications (mobile phone apps). We care about your privacy, so we want you to know some things before you use any apps or share your data with them.

  1. We look over apps to make sure that there are privacy protections.
  2. If the review shows a risk, we can deny use of the app. We will use the My CareSource® member portal to let you know about a privacy risk.
  3. We are not responsible for the security of your data after it has been shared with the app. You will need to work with the app if you have any issues.
  4. Research these apps. Choose apps you trust to have your data.
  5. You must use your My CareSource account to allow apps. Go to the Preferences page and check YES on the Member Consent.

Before You Download An App

Look for an easy-to-read privacy policy when you choose  an app. It should go over how it will use your info. If an app does not have a policy, do not use it.

Think about:

  • What health info will this app get from me?
  • Will this app save other data like my location?
  • Will my data be stored safely?
  • How will this app use my data?
  • Will this app share or sell my data?
    • If so, to whom? Why?
  • How can I limit this app’s use and sharing of my data?
  • What security does this app have to protect my data?
  • Could sharing my info with this app impact others, such as my family?
  • How can I see the data used by this app?
  • How do I fix mistakes in the data used by this app?
  • How does this app answer complaints?
  • What do I do if I do not want to use this app or no longer want it to have my health info?
    • What is the policy for deleting my data once I stop access?
    • Can I just delete the app?
  • How does the app tell me about changes to its privacy policy?

You should not share your health info if the privacy policy does not answer these questions.

If you are a Marketplace Member:

Some apps may let you see health information for everyone in your plan or enrollment group. Others may only let you see your own. You can apply together and be part of a separate enrollment group, sharing the same application and financial information, but enrolling in separate plans. There may be some limits to this if you are a minor. This can result in higher out-of-pocket costs if each member has to meet separate annual deductibles and limits on cost sharing.

What are your rights under the Health Insurance Portability and Accountability Act (HIPAA)? Who must follow HIPAA?

The U.S. Department of Health and Human Services Office for Civil Rights enforce  HIPAA. You can learn about your rights under HIPAA and who must follow HIPAA at: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html.

You can also read FAQs at: https://www.hhs.gov/hipaa/for-individuals/faq/index.html.

HIPAA law must be followed by health care providers like hospitals, doctor’s offices, and health care clinics. Apps that providers like this offer will be covered by HIPAA.

Are third-party apps covered by HIPAA?

Most apps will not be covered by HIPAA. They will be covered by the Federal Trade Commission (FTC) and the FTC Act. The FTC Act protects you against dishonest acts. Learn more about mobile app privacy and security at <https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps.> Apps that are not associated with your direct health care, like wellness, step trackers, diet and nutrition, glucose monitors, and heart apps will be covered by the FTC Act.

What should you do if you think your data has been breached or an app has used your data inappropriately?

You should file a complaint with the CareSource privacy office. You can reach us by:

Mail:    CareSource
Attn: Privacy Office
P.O. Box 8738
Dayton, OH 45401-8738

Email: HIPAAPrivacyOfficer@caresource.com

Phone: 1-833-230-2099, ext. 2023 (TTY: 711)

File a Complaint with the Office of Civil Rights or the Federal Trade Commission

The unauthorized release of your health information may violate the FTC Act and could create a breach of security under the FTC’s Health Breach Notification Rule.

The Office of Civil Rights enforces the HIPAA Rules that protect the privacy and safety of peoples’ health information. If you think that your or another person’s health information, privacy or civil rights have been violated, you can file a complaint with OCR at:  https://www.hhs.gov/ocr/complaints/index.html.

Office for Civil Rights (OCR): Federal Trade Commission (FTC):

https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

 

https://reportfraud.ftc.gov/#/