Close Icon Dismiss modal Close Icon Dismiss modal External Icon Link to an external resource Gear Icon Display options X Icon X Icon Plus Icon Minus Icon Arrow Right Arrow Left Arrow Up Arrow Down Calendar Edit Refresh First Last Question Info Block PDF PDF Document Word Word Document Excel Excel Document Powerpoint Powerpoint Document Active Checkbox Checked checkbox Active Radio Selected radio button Checkmark Error Warning Visibile Hidden


Moda Health and Interoperability


What is Interoperability?

Interoperability refers to the U.S. Department of Health and Human Services (HSS) rules that require certain health insurance issuers to provide certain member health records electronically to a third party application (App) upon a member’s request.

 

HIPAA & HIPAA Covered Entities

Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets standards to address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Act. These individuals and organizations are called “covered entities.” HIPAA also contains standards for individuals’ rights to understand and control how their health information is used.

Covered Entities under HIPAA include health plans, healthcare providers, and healthcare clearinghouses.

Health plans include health insurance companies, health maintenance organizations, government programs that pay for healthcare (Medicare for example), and military and veterans’ health programs.

HIPAA also applies to business associates of HIPAA-covered entities and their subcontractors. A business associate can be an individual or company that provides services to a HIPAA-covered entity which requires them to have access to, store, use, or transmit protected health information.

Generally speaking, third party applications such as those that used to obtain health records under the Interoperability provisions are not considered covered entities or business associates under HIPAA.


Selecting a Third Party Application

It is important to note that health insurance issuers are not responsible for the privacy or security of any protected health information (PHI) once it has been received by the third party application that you have chosen.

A clear, plain language privacy policy is the primary way you can be informed about how your information will be protected and how it will be used once shared with a third party application. It is important that you review the Privacy Policy of the third party application you are using to obtain your information so you can see how your information will be shared and stored by the third party application. Below are some important factors to consider when choosing a third party application:

  • What health data will this app collect?
  • Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate success? Do I have to do more than just delete the app from my device.
  • How does this app inform users of changes that could affect its privacy policy?

If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information.

Access to Interoperability APIs

Developer-friendly, standards-based APIs that enable 3rd party applications for vendors to connect their application or programs to access Moda Health data. Access the Developer Portal at fdp.edifecsfedcloud.com

 

How to submit complaints to OCR or FTC

If you feel that the third-party application has violated any section of their privacy policy, you have the ability to report them to the Federal Trade Commission (FTC).

The Federal Trade Commission (FTC) will handle complaints regarding third party applications that members utilize to obtain their health information. If an app has a written privacy policy and does not follow the policies as written or is engaging in unfair business practices, you can submit a complaint to the FTC.

Individuals can file a complaint with the FTC using the FTC complaint assistant reportfraud.ftc.gov

The Office for Civil Rights (OCR) encourages individuals to file complaints about HIPAA-covered entities, or their business associates, if they feel that your privacy has been violated. Individuals are also able to file complaints if they believe the privacy of other individuals have been violated.

To learn more about filing a complaint with OCR under HIPAA, visit www.hhs.gov/hipaa/filing-a-complaint

Individuals can file a complaint with OCR using the OCR complaint portal ocrportal.hhs.gov/ocr/smartscreen 


 

 

Questions?

Medical Customer Service is at 844-931-1779.

We're available 6:00 a.m. to 6:00 p.m. Monday through Friday, 9:00 a.m. to Noon Saturday, Sunday, and Holidays (Central Time).

See more contact details

......