Interoperability refers to the U.S. Department of Health and Human Services (HSS) rules that require certain health insurance issuers to provide certain member health records electronically to a third party application (App) upon a member’s request.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets standards to address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Act. These individuals and organizations are called “covered entities.” HIPAA also contains standards for individuals’ rights to understand and control how their health information is used.
Health plans include health insurance companies, health maintenance organizations, government programs that pay for healthcare (Medicare for example), and military and veterans’ health programs.
HIPAA also applies to business associates of HIPAA-covered entities and their subcontractors. A business associate can be an individual or company that provides services to a HIPAA-covered entity which requires them to have access to, store, use, or transmit protected health information.
Generally speaking, third party applications such as those that used to obtain health records under the Interoperability provisions are not considered covered entities or business associates under HIPAA.
It is important to note that health insurance issuers are not responsible for the privacy or security of any protected health information (PHI) once it has been received by the third party application that you have chosen.
A clear, plain language privacy policy is the primary way you can be informed about how your information will be protected and how it will be used once shared with a third party application. It is important that you review the Privacy Policy of the third party application you are using to obtain your information so you can see how your information will be shared and stored by the third party application. Below are some important factors to consider when choosing a third party application:
If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information.
Developer-friendly, standards-based APIs that enable 3rd party applications for vendors to connect their application or programs to access ODS Community Dental data. Access the Developer Portal at fdp.edifecsfedcloud.com
If you feel that the third-party application has violated any section of their privacy policy, you have the ability to report them to the Federal Trade Commission (FTC).
The Federal Trade Commission (FTC) will handle complaints regarding third party applications that members utilize to obtain their health information. If an app has a written privacy policy and does not follow the policies as written or is engaging in unfair business practices, you can submit a complaint to the FTC.
Individuals can file a complaint with the FTC using the FTC complaint assistant www.ftccomplaintassistant.gov
The Office for Civil Rights (OCR) encourages individuals to file complaints about HIPAA-covered entities, or their business associates, if they feel that your privacy has been violated. Individuals are also able to file complaints if they believe the privacy of other individuals have been violated.
To learn more about filing a complaint with OCR under HIPAA, visit www.hhs.gov/hipaa/filing-a-complaint
Individuals can file a complaint with OCR using the OCR complaint portal ocrportal.hhs.gov/ocr/smartscreen
We’re here for you, and we want to help.