Member Health Data Permissions, Privacy, and Security Educational Resources
As a Great Plains Medicare Advantage plan member, you have the right to direct us to disclose claims data, encounter data, and a defined sub-set of your clinical information (collectively “health data”) held by us to a designated third-party application of your choice through standardized technology as established in the Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access final rule.
It is important for you to make an informed decision about who you choose to share your health data with and take an active role in protecting your health data.
Below, we share important information for you to consider that may help protect the privacy and security of your health data.
How you can help protect the privacy and security of your health data.
Some third-party applications may share your health data with other third parties.
Health data can be very sensitive, and you should be careful to choose a third-party application with strong privacy and security standards to protect your information.
Questions to consider when selecting a third-party application to receive your health data are (but not limited to):
- What health data will this application collect?
- Will this application collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this application use my data?
- Will this application disclose my data to third parties?
- Will this application sell my data for any reason, such as advertising or research?
- Will this application share my data for any reason? If so, with whom? For what purpose?
- How can I limit this application’s use and disclosure of my data?
- What security measures does this application use to protect my data?
- What impact could sharing my data with this application have on others, such as my family members?
- How can I access my data and correct inaccuracies in data retrieved by this application?
- Does this application have a process for collecting and responding to user complaints?
- If I no longer want to use this application, or if I no longer want this application to have access to my health information, how do I terminate the application’s access to my data?
- What is the application’s policy for deleting my data once I terminate access? Do I have to do more than just delete the application from my device?
- How does this application inform users of changes that could affect its privacy practices?
What are your rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.
You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html
You can also find related HIPAA frequently asked questions here: https://www.hhs.gov/hipaa/for-individuals/faq/index.html
Are third-party applications required to follow HIPAA rules?
Most third-party applications will not be covered by HIPAA. Instead, most third-party applications fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act.
The FTC provides information about mobile application privacy and security here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
What should you do if you think your health data has been breached or an application has used your data inappropriately?
If you think your HIPAA Privacy Rights have been violated, you can contact us using the toll-free Member Services number on your health plan ID card or you may contact our Privacy Office directly at the address below:
Great Plains Medicare Advantage
PO Box 91110
Sioux Falls, SD 57109
You may also write the Secretary of the U.S. Department of Health and Human Services (HHS).
To learn more about filing a complaint with HHS Office of Civil Rights (OCR) under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
You can file a complaint with HHS OCR using the OCR Complaint Portal Assistant at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
You can also file a complaint with the FTC using the FTC complaint assistant at: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
For more information, or to see the list of approved applications, please click here