For Members: Information about Third Party Apps

The Interoperability and Patient Access rule (CMS-9115-F) for Medicare, Medicaid and Child Health Plan Plus (CHP+) plans was put in place by the Centers for Medicare & Medicaid Services (CMS) to give you access to your health information anytime, anyplace and share it securely with any provider involved in your medical care. Through this coordinated system, you can provide vital information in real time to physicians, specialists, pharmacists and billing so they can implement and process your treatment plan most effectively and efficiently. Some of the benefits of this new rule include:

  • Seamless data exchange
  • Real-time information on out-of-pocket cost/copay information
  • Better chronic disease management
  • Improved health outcomes

The Tools to Stay on Top of Your Care

In compliance with the Interoperability and Patient Access rule, Denver Health Medical Plan (DHMP) allows you to link your health information with the computer health records application (app) of your choice. Once linked, you can easily access the information you need through a smartphone, tablet, computer or smartwatch:

  • Access health claims data, including treatment history and prescriptions.
  • Get reminders for tests and services.
  • Learn how to manage your medical conditions.
  • Find an up-to-date list of in-network providers.
  • Send messages to your doctors.
  • Track medical claims.
  • Easily share data when switching plans or providers.

Protecting Your Privacy

Before selecting an app, make sure it has strong security standards. Ask yourself:

  • Does this app provide an easy-to-read privacy policy that clearly explains how it’ll use my data? (If it doesn’t, you shouldn’t use it.)
  • What is the app’s reputation? How long has it been in use?
  • What health data will the app collect? Will it collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will the app use my data?
  • Will the app disclose my data to third parties? If so, with whom — advertising or research organizations? For what purpose?
  • How can I limit the app’s use and disclosure of my data?
  • What security measures does the app use to protect my data?
  • What impact could sharing my data with this app have on others, such as family members?
  • How can I access my data and correct inaccuracies?
  • Does the app have a process for collecting and responding to user complaints?
  • If I no longer want to use the app, how do I terminate its access to my health information?
  • What is the policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?

Know Your Rights

You will want to ensure the app you choose protects the privacy and security of your health information. Keep in mind, when you consent for an app to access your data, HIPAA protections no longer apply once the data is released by DHMP.

  • Most third-party apps will not be covered by HIPAA protections. They will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).
  • The FTC provides information about mobile app privacy and security for consumers.
  • The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security and Breach Notification Rules as well as the Patient Safety Act and Rule. As a health plan and because we are considered a HIPAA-covered entity, DHMP is required to keep your health information secure while it is in our possession. Other examples of covered entities who must also keep your health information secure under HIPAA include health care providers that conduct certain business electronically (i.e., doctors, clinics, pharmacies) and health care clearinghouses (entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa).
  • HHS provides information about member rights under HIPAA and who is obligated to follow HIPAA.
  • Visit the CMS website for information about patient privacy and security resources as well as interoperability and patient access.

Filing a Complaint

If you feel your data has been breached or an app has used your data inappropriately:

Whether or not to utilize these services and the choice of an app is yours alone. DHMP does not endorse or recommend one app over another. DHMP is not responsible for your use of an app and disclaims all liability resulting from that use.