Sharing your health data with third-party applications (apps)
Overview
Some of your favorite digital applications (apps) may ask for access to your health information. You may now choose to connect your Aspirus Health Plan health data to these apps. Aspirus Health Plan has developed an interface that will allow your apps access to certain health information when, where and in a way that you need it most. The types of data that may be shared with an app include:
- claims data (for example, the services you received, how much was paid and your cost sharing)
- information about your diagnosis and the treatment you received
- other specific clinical information that the app may require
Things to consider before allowing a third-party app to access your health care data
Before you ask Aspirus Health Plan to share your health data with a third-party app, read the information below to help you decide which third-party apps to share your health data with.
Take an active role to protect your health information. Look for a privacy policy that clearly shows how the app will use your data. If an app doesn’t have a privacy policy that clearly answers the below questions, don’t share your health information with the app.
- What health data will this app collect? Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app give my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what purpose?
- How can I limit this app’s use and sharing of my data?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- How can I find my data and fix a mistake with data retrieved by this app?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I end the app’s access to my data?
- What is the app’s policy for deleting my data once I stop access? Do I have to do more than just remove the app from my device?
- How does this app tell users about changes that could affect its privacy practices?
How to Share your Data
For a third-party app to get access to your health data, you must authorize the app. If you decide to do this for any of the apps that you use, you can do so by following these steps:
- Step 1. Select Aspirus Health Plan: From your chosen third-party application you will select that you would like to pull data from Aspirus Health Plan. This will redirect you to the login page.
- Step 2. Set up an account: On the bottom of the screen, select “click here” and you will be redirected to the account setup page.
- Step 3. Verify your identity: You will need to provide your first and last name, date of birth, member ID and zip code. (Once you have authorized one application to see your health plan data, you only have to authenticate using your email address and corresponding code to allow a second application to see the data.)
- Step 4. Link account to your email address: Enter a unique email address to associate with the user you selected in the previous step. Note, the code will be sent from the email address no-reply@ucarefhir.com. Check your junk and spam folders if you don't see the email in your inbox.
- Step 5. Confirm your account: Enter the verification code from your email and click “confirm code."
- Step 6. Approve data share: Read through consent and authorization language and if you would still like to proceed, check the box and click “approve data share."
That’s it! Each app will have its own way of using the available data. It’s important that you consider how your data will be used before choosing to share it.
What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)?
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who must follow HIPAA at https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html. Generally, HIPAA applies to health care providers and health plans such as Aspirus Health Plan
Are third-party apps required to follow HIPAA?
Most third-party apps won’t be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (for example, if an app shares personal data without permission, despite having a privacy policy that says it won’t do so). The FTC offers information about mobile app privacy and security for consumers at https://www.consumer.ftc.gov/articles/how-protect-your-privacy-apps.
What should I do if I think my health data was breached or used inappropriately?
- You can file a complaint with the FTC using the FTC complaint assistant at https://reportfraud.ftc.gov/#/.
- You can file a complaint with OCR using the OCR complaint portal at https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
- You can file a report with Aspirus Health Plan:
Attn: Privacy Officer
3000 Westhill Drive, Suite 303
Wausau, WI 54401
Or call the Aspirus Health Plan Privacy Officer at 715.843.1391, Monday – Friday, 8 am – 5 pm.
Developing with Aspirus Health Plan APIs
Aspirus Health Plan Interoperability APIs allow members to consent to have their data shared with third-party applications. We use 1upHealth’s platform to manage connecting to member data. If you're an app developer, you can create a developer account on 1upHealth’s Developer Console.
For more information on the process and steps to connecting your application, visit 1upHealth’s Help Center.