Frequently Asked Questions (FAQ)

Interoperability gives people access to their health information when they need it most, and in a way that they can best use it.

What does this mean for you as a member of University of Utah Health Plans? This means you will have access to your health information in a new way. This regulation requires that health Plans like University of Utah Health Plans enable patients through independent third-party applications (apps) on computer and mobile devices, and with your authorization, to access your health information maintained by University of Utah Health Plans.

Interoperability allows you to access your electronic health information through a third-party app, which you can then view on a personal computer or mobile device.

It is important for you to take an active role in protecting your health information. Helping you know what to look for when choosing an application. You should look for an easy-to-read privacy policy that clearly explains how the app will use your data. It is also important to read the terms and conditions of any third-party app prior to using the app. If an application does not have a privacy policy, you should not use the application. You should be able to find the answers to the questions below in the app’s privacy policy.

• What health data will this app collect?
• Will this app collect any of your non-health data from your device, such as your location?
• Will your data be stored in a de-identified or anonymized form?
• How will the app use your data?
• Will the app disclose your information to third parties?
  • Will the app sell your data for any reason, such as advertising or research?
  • Will this app share your data for any reason? If so, with whom? For what purpose?
• How can you limit this apps use and disclosure of your data?
• What security measures does this app use to protect your data?
• What impact could sharing your data with this app have on other, such as your family members?
• How can you access your data and correct inaccuracies in data retrieved by the app?
• Does this app have a process for collecting and responding to user complaints?
• If I you no longer want to use the app, or if you no longer want the app to have access to your health information, how do you terminate the app’s access to your data?
• What is the app’s policy for deleting your data once you terminate access? Do you have to do more than just delete the app from your device?
• How does this app inform you of changes that could affect its privacy practices?

If the app’s privacy policies and terms of conditions do not clearly answer the questions above, you should reconsider using the app to access your health information. Health information is very sensitive, and you should be careful to choose apps with strong privacy and security standards to protect your health information.

You may be part of an enrollment group where you share the same health plan as other members of your tax household. This is common for individuals who are covered by Qualified Health Plans (QHPs) on the federally facilitated Exchanges (FFEs), otherwise known as the marketplace. Often, the primary policyholder and other members of the household, can access information for all members of an enrollment group unless a specific request is made to restrict access to member data. You should be informed about how your data will be accessed and used if you are part of an enrollment group based on the enrollment group policies of your health plan in your state. If you share a tax household but do not want to share an enrollment group, you have the option of enrolling individual household members into separate enrollment groups, even while applying for Exchange coverage and financial assistance on the same application however, this may result in higher premiums for the household and some members, (i.e. dependent minors, may not be able to enroll in all QHPs in a service area if enrolling in their own enrollment group) and in higher out-of-pocket expense if each member has to meet a separate annual limitation non cost sharing (i.e., Maximum Out-of-Pocket (MOOP)).

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act Rule. You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here:
https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.
You may also want to refer to the HIPAA FAQs for Individuals which can be found here:
https://www.hhs.gov/hipaa/for-individuals/faq/index.html.

Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares your personal data without permission, despite have a privacy policy that says it will not do so.)

The FTC provide information about mobile app privacy and security for consumers here:
How Websites and Apps Collect and Use Your Information.

University of Utah Health Plans (UUHP) Notice of Privacy Practices can be found here:
Notice of Privacy Practices
UUHP’s Notice of Privacy Practices provides guidance to file a complaint with our internal privacy office.

You can learn more about filing a complaint with OCR under HIPAA here:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

You may also file a complaint with OCR using the OCR complaint portal:
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.

You may file a complaint with the FTC using the FTC complaint assistant:
https://reportfraud.ftc.gov/#/