Member Education on Giving Third-party Apps Access to Your Health Information

Medical Mutual is enhancing the way you access your healthcare data by giving you the option to retrieve your information using a third-party app on your smartphone, tablet, computer or other similar device. You will be in control of your data, and you can decide who gets to see your healthcare details.

You may choose any app to access your Medical Mutual member data when you give your permission. Apps will use our Patient Access API to access your data. No app can access your data through the Patient Access API unless you provide your explicit consent.

Who Can Give Apps Access to Member Health Data?

Currently, you may direct and approve Medical Mutual to share certain health information with an app of your choice if you are a Medical Mutual Medicare Advantage or Individual ACA plan member, or the personal representative of such a member.

If you are a member of an Individual ACA plan that provides benefits for your covered dependents, you will only have access to your own member information. Your covered dependents would need to choose an app and grant permission to allow the app to access their Medical Mutual member data. If you are a personal representative of an Individual ACA plan member, you will only have access to that member’s health information. You will not have access to another member’s health information.

How Third-party Apps Work with Medical Mutual

Once you download an app on your smartphone, tablet, computer or other similar device, check to see if the app has created a connection to Medical Mutual. If it has, you can authorize the app to access your health data.

What Information May Third-party Apps Access?

The information available through the Patient Access API includes data Medical Mutual has collected about you since Jan. 1, 2016. 

Member-approved third-party apps may have access to:

  • Your personal and confidential claims data and information from encounters (office visits or other provider interactions),
  • Certain limited clinical information that we collect while providing you with services such as case management and care coordination, if such information is maintained by Medical Mutual,
  • Your formulary data,
  • Your provider directory information.

What Third-party App is Right for You?

Because you have control over which apps can access your data, you should be careful to choose an app with strong privacy and security standards. It is your responsibility to pick the app that is right for you. Medical Mutual does NOT collect information about an app’s privacy or security practices and will NOT notify you of an app’s privacy or security practices.  

Keep in mind that your data may reveal sensitive information, including details about treatment for substance use disorders, mental or behavioral health disorders, HIV/AIDS, sexually transmitted diseases, communicable diseases, developmental or intellectual disabilities, genetic disorders (including genetic testing for such disorders and genetic history), or other sensitive information.

Things to Consider When Selecting an App

  • What health data will this app collect?
  • Will this app collect non-health data from my device, such as my location?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • Will my data be stored in a de-identified or anonymized form?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on other people, such as my family members?
  • Does this app have a process to let me correct inaccuracies in data retrieved by the app? If so, please note that any changes you make to data within the app will only be reflected in the app.
  • Does this app have a process for collecting and responding to user complaints?
  • How can I limit the app’s use and disclosure of my data?
  • If I no longer want to use an app, or if I no longer want an app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How will this app inform me of changes in its privacy practices?

You can usually find answers to these questions in the app’s privacy policy or terms of use. If you cannot find the app’s privacy policy, or if the app’s privacy policy does not clearly answer these questions, you may wish to reconsider using the app to access health information.

You can learn more about apps, privacy and security on the Federal Trade Commission’s (FTC) How To Protect Your Privacy on Apps webpage.

Privacy and Security Enforcement

The U.S. Department of Health and Human Services’ (HHS) Office for Civil Rights enforces the Health Insurance Portability and Accountability Act (HIPAA) Privacy, Security, and Breach Notification Rules. Medical Mutual is subject to HIPAA, as are most healthcare providers, such as hospitals, doctors, clinics and dentists. Health plans and healthcare providers subject to HIPAA are called “covered entities.” Organizations who provide services to, or on behalf of, these health plans and healthcare providers are also subject to HIPAA. Such organizations are called “business associates.” Medical Mutual and its business associates are subject to HIPAA and must protect the privacy and security of protected health information in accordance with the HIPAA Privacy, Security and Breach Notification Rules. You can learn more about your rights under HIPAA and who is obligated to comply with HIPAA on the HHS HIPAA for Individuals website, which includes links to Your Rights Under HIPAA, HIPAA FAQs for Individuals and more.

Some third-party apps may be subject to HIPAA if they are providing services to, or on behalf of, a covered entity. However, most third-party apps WILL NOT be subject to HIPAA.

A third-party app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws, such as HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC). The FTC protects against deceptive acts, such as an app that discloses personal data in violation of its privacy notice. Please visit the FTC’s app privacy page to learn more. 

What to Do if You Think Your Information Has Been Breached or Used Inappropriately by a Third-party App

If you believe a third-party app has inappropriately used, disclosed or sold your information, you should contact the FTC immediately. You may file a complaint with the FTC using the FTC complaint assistant.

You may also file a complaint with HHS’ Office for Civil Rights if you believe there has been a breach or other HIPAA privacy or security violation of your health information. The Office for Civil Rights will not investigate complaints against third-party apps that are not subject to HIPAA. Remember, apps are usually not subject to HIPAA. You can learn more about how to file a HIPAA complaint on the HHS/Office for Civil Rights Filing a Complaint webpage.

You may also file a complaint with Medical Mutual by contacting us toll free at 1-888-404-0353 (TTY: 711 for hearing impaired).

Y0121_W2473_2021_C