this site demands javascript

Interoperability API


Member Health Data Permissions, Privacy, and Security Educational Resources

As AgeRight Advantage plan member, you have the right to direct us to disclose claims data, encounter data, and a defined sub-set of your clinical information (collectively “health data”) held by us to a designated third-party application of your choice through standardized technology as established in the Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access final rule.

CMS does not require Medicare Advantage plans to ask third-party application developers to confirm they have certain provisions in their privacy policy. Furthermore, we do not review or evaluate third-party applications or their privacy or security practices. Therefore, if you direct us to share your health data with a third-party application, we want you to know that we have no control over how the third-party application will use or share your health data.

It is important for you to make an informed decision about who you choose to share your health data with and take an active role in protecting your health data.
Below, we share important information for you to consider that may help protect the privacy and security of your health data.

How you can help protect the privacy and security of your health data.

Some third-party applications may share your health data with other third parties.
Health data can be very sensitive, and you should be careful to choose a third-party application with strong privacy and security standards to protect your information.

Any third-party application you choose to receive your health data should have an easy-to-read privacy policy that clearly explains how the application will use your data. If an application does not have an easy-to-read privacy policy, you should consider not using the application.

Therefore, before you direct us to share your health data with a third-party application, you should carefully read the application’s terms-of-use and privacy policy to understand how the application will use and share your health data.
Below, we have listed some questions for you to consider when selecting a third-party application to receive your health data. If an application’s privacy policy does not clearly answer these questions, you should reconsider allowing the application to access your health data.

Questions to consider when selecting a third-party application to receive your health data are (but not limited to):

  • What health data will this application collect?
  • Will this application collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this application use my data?
  • Will this application disclose my data to third parties?
  • Will this application sell my data for any reason, such as advertising or research?
  • Will this application share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this application’s use and disclosure of my data?
  • What security measures does this application use to protect my data?
  • What impact could sharing my data with this application have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this application?
  • Does this application have a process for collecting and responding to user complaints?
  • If I no longer want to use this application, or if I no longer want this application to have access to my health information, how do I terminate the application’s access to my data?
  • What is the application’s policy for deleting my data once I terminate access? Do I have to do more than just delete the application from my device?
  • How does this application inform users of changes that could affect its privacy practices?

 

What are your rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.

You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html
You can also find related HIPAA frequently asked questions here: https://www.hhs.gov/hipaa/for-individuals/faq/index.html

Are third-party applications required to follow HIPAA rules?

Most third-party applications will not be covered by HIPAA. Instead, most third-party applications fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act.

The FTC Act, among other things, protects against deceptive acts, for example, when an application shares personal data without a user’s permission, despite having a privacy policy that says it will not do so.

The FTC provides information about mobile application privacy and security here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

What should you do if you think your health data has been breached or an application has used your data inappropriately?

If you think your HIPAA Privacy Rights have been violated, you can contact us using the toll-free Member Services number on your health plan ID card or you may contact our Privacy Office directly at the address below:

AgeRight Advantage
PO Box 4440
Glen Allen, VA 23058

You may also write the Secretary of the U.S. Department of Health and Human Services (HHS).

To learn more about filing a complaint with HHS Office of Civil Rights (OCR) under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
You can file a complaint with HHS OCR using the OCR Complaint Portal Assistant at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
You can also file a complaint with the FTC using the FTC complaint assistant at: https://www.ftccomplaintassistant.gov/#crnt&panel1-1

Additional Resources

For more information, or to see the list of approved applications, please click here

Close

START TYPING AND PRESS ENTER TO SEARCH