Recently, the Department of Health and Human Services (HHS) released a set of FAQs from the Office of Civil Rights. These FAQs are meant to address the Health Insurance Portability and Accountability Act (HIPAA) right of access as it relates to health and wellness applications designated for use by patients and application programming interfaces (APIs) used by providers’ electronic health record systems.
The new FAQs explain that once protected health information (PHI) is shared with a third-party application, the HIPAA-covered entity will not be liable for subsequent use or disclosure of electronic PHI as long as the app developer is not itself a business associate of a covered entity or other business associate. Common examples of third-party health apps include Fitbit, MyFitnessPal, Garmin Connect, Google Fit and Apple’s Health app.
Employees should be aware that if they request their PHI to be transferred to a third-party health and wellness app, the app won’t receive HIPAA protections. Additionally, the entity that transfers the PHI to the third-party app will not be held liable for subsequent use or disclosure of the PHI.
As a result, the information shared with the app could be sent or sold to other companies to advertise products or services to you based on your information. This is similar to how your social media sites present products you might be interested in based on your searches or your interests.
Take 2 minutes to discover how much you can
save with ThinkTank's custom solutions.
ThinkTank Insurance Partners, Inc.
18521 Spring Creek Rd Unit B.
Tinley Park, IL 60477
© 2019 ThinkTank Insurance Partners, Inc.