Members have the option to access their health information and health claims data using apps made by other companies (third-party apps). Blue Cross & Blue Shield of Rhode Island (BCBSRI) did not create these apps, and we want you to be able to make an informed decision about using them.
Your health information is private and should be shared with only those whom you wish to see it. The information here can help you make the choice that is best for you. While we don’t have details about each app and their rules, we can give you an idea about what you should look for when picking an app to use.
In order to use these apps, you will need to agree to share your information (and that of your dependents covered under the same plan). Once you agree to give the app access it will “fetch” all the member details that BCBSRI has stored about you. You can also choose to let someone else—called a designee— (like a family member that helps take care of your health) to access this information. You can remove a designee any time.
The purpose of this is to create easier access to your information. The companies that make the apps use something called a “Patient Access API” to gather the information BCBSRI collects about you while you have been enrolled at BCBSRI. They can gather this information from us as far back as January 1, 2016.
Important things to know about your privacy and how to get help
Apps do not have to follow the same rules—Health Insurance Portability and Accountability Act (HIPAA)—about your privacy as your medical and dental providers, hospitals, or even BCBSRI. (You can learn more about HIPAA and your rights here: https://www.hhs.gov/hipaa/for-individuals/index.html.) Make sure you read the rules the app promises to follow before you use the app. This is often called a Privacy Notice and usually appears when you first download an app. You often need to agree to the terms or say that you understand them in order to use the app. If you don’t understand the rules it is important to get someone to help you. The rules that the app states are ones they choose AND these rules are the only ones the app is required to follow by law. The law is enforced by the Federal Trade Commission (FTC).
You can learn more about mobile app privacy and security here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
If you think an app didn’t follow the rules they stated when you downloaded the app, or if they gave out or sold your information, you can file a complaint with the FTC. To use the FTC complaint assistant, visit https://www.ftccomplaintassistant.gov/#crnt&panel1-1.
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces HIPAA privacy, security, and breach notification rules. To learn more about filing a complaint with OCR about HIPAA rules, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html. You may also file a complaint with Blue Cross & Blue Shield of Rhode Island by contacting Customer Service at (401) 459-1077.
Choosing an app—what to consider
If you decide to use one of these third-party apps, it is important for you to know that the app you select will be able to access all your information while you’re enrolled with BCBSRI. This may include information that you talked about with your health providers during visits, as well as information we collect if you use our case management, care coordination, or other services. It may also include data about treatment for substance use disorders, mental health treatment, HIV status, or other sensitive data. So, make sure you are comfortable with what the app will do with your information. Here are some questions that can help guide your app choices:
- Will this app sell my data for any reason?
- Will this app give my data to third parties for purposes such as research or advertising?
- How will this app use my data? For what purposes?
- Will the app allow me to limit how it uses, gives out, or sells my data?
- If I no longer want to use the app, or if I don’t want this app to have access to my health information, can I remove the app’s access to my data? If so, how hard will it be to remove the app’s access?
- What is the app’s policy for deleting my data once I remove access? Do I have to do more than just delete the app from my device?
- How will this app tell me about changes to its rules?
- Will the app collect non-health data from my device, like my location?
- What security does this app use to keep my data safe?
- How could sharing my data with this app affect others, such as my family members?
- Will the app let me access my data and fix wrong information? (Note that correcting wrong data on the app will not correct the data at the original source.)
- Does the app have a process for taking and answering my questions and complaints?