Patient Privacy and Security Resources for Members
Before authorizing a third-party app to retrieve your health care data:
- Choose an app that can help you make more informed decisions.
Please consider the following when choosing an app:
- What health data will app collect? Will app collect non-health data from my devices, such as my location?
- Will the data be stored in a de-identified or anonymized form?
- How will the app use my data?
- Will the app disclose my data to third parties?
- How can I limit the app’s use and disclosure of my data?
- What security measures does the app use?
- What impact could sharing my data with the app have on others, such as my family?
- How can I access my data and correct inaccuracies?
- Does the app have a process for collecting and responding to user complaints?
- If I no longer want to use the app, how do I terminate the app’s access to my health information?
- What is the app’s policy for deleting data once I terminate access?
- How does the app inform users of changes that could affect its privacy practices?
What are Member’s rights under HIPAA and who must follow HIPAA?
- The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.
- You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here: Your Rights Under HIPAA | HHS.gov You can also find HIPAA FAQs for Individuals here: HIPAA FAQs for Individuals | HHS.gov
Are Third-Party Apps Covered by HIPAA?
- Most third-party apps will not be covered by HIPAA.
- Instead, they will fall under the jurisdiction of the FTC and the protections provided by the FTC Act.
What should members do if they think their data has been breached or an app has used their data inappropriately?
- If you believe your data has been breached, please contact Central Health Plan of California’s Compliance Department via email at firstname.lastname@example.org or by telephone at (626) 388-2392. You may also mail us at Attn: Compliance Department, Central Health Plan of California, 1540 Bridgegate Drive, Diamond Bar, CA 91765.
Alternatively, you may also submit a complaint to OCR or FTC:
To learn more about filing a complaint with OCR under HIPAA, visit:
Individuals can file a complaint with OCR using the OCR complaint portal:
Individuals can file a complaint with the FTC using the FTC complaint assistant: