You can now access your health data information

You can grant consent to share your health data with any chosen third-party app. When you consent, we are required to make your health data available to the third-party app within 1 business day.

However, for the third-party app to be able to access your data, the third-party app needs to register with us.

There are no apps available at this time, check back in the future to view a list of registered apps and their risk scores.

A federal law called the Health Insurance Portability and Accountability Act (HIPAA) gives you the right to see and get a copy of your health record. Most health insurance plans and health care providers — including doctor's offices, clinics, hospitals, pharmacies, labs, and nursing homes — must follow this law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.

We call the entities that must follow the HIPAA regulations "covered entities." Covered entities include:

• Health Plans, including health insurance companies, HMOs, company health plans, Medicare, and Medi-Cal Managed Care Plans. 
• Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
• Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa.

Many organizations that have health information about you do not have to follow these laws. Examples of organizations that do not have to follow the Privacy and Security Rules include:

• Life insurers
• Employers
• Workers compensation carriers
• Most schools and school districts
• Many state agencies like child protective service agencies
• Most law enforcement agencies
• Many municipal offices

Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the Federal Trade Commission (FTC) jurisdiction and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

The FTC has information about mobile app privacy and security for consumers, click on the link to learn more: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

Before you share your health information with a mobile app or third-party, look for the privacy policy that explains how it will use your health care data. Do not use the app if it does not have a privacy policy. If the app's policy does not answer the questions below, you should not share your health information with the app. Consider the following questions:

• What information will the app collect? Will this app also collect non-health information from my phone or computer, such as my location?
• How will my health information be saved?
• How will this app use my health information?
• Will this app share my information? If so, with who and why?
• How can I limit the app's use of my health information?
• How does this app protect my information?
• Does this app have customer service contact information?
• How do I stop sharing my health information with the app?
• Will the app delete my information when I stop sharing it?
• Will the app let me know when there are changes to its privacy practices?

It's also important to know about the privacy settings on apps. When you download apps, they often ask for permission to access personal information like contacts, location, or even your camera. Ask yourself, does the app really need to access your location or photos to do its job?

A specific example of risk to your data is called secondary usage. When your data is shared with and controlled by a third-party app, they may use your data in other ways, such as for advertising. Pay close attention to the privacy policy and user agreement provided by the app.

If you think the safety of your data could be compromised by the third party, you can immediately stop sharing your BHSD-held data with them by contacting the BHSD Call Center. 

Social engineering attacks, in which scammers try to access your health information, are becoming increasingly complex. Beware of people or organizations posing as representatives of third-party health apps to trick you into sharing your sensitive information. Sometimes called “phishing scams,” these could be phone calls or emails pretending to be a trustworthy company or person requesting your information.

You can protect yourself with these tips:

• Keep your anti-virus/anti-malware software updated.
• Use and check your email filters and spam filters.
• Use multi-factor authentication for important accounts.
• Don’t respond to requests for personal information or passwords.
• Don’t open email from a suspicious source.
• Don’t click on links received in an email from a suspicious sender.
• Don’t download or open attachments in an email from an unknown sender.
• Don’t use the same password for multiple accounts.

For more information on how to protect yourself from social engineering scams, or if you think you may have been a victim of such a scam, visit the FTC's site on phishing scams.

Third-party apps are managed by individuals or organizations outside of BHSD.