Sharing your health data with third-party applications (apps)

Overview

Some of your favorite digital applications (apps) may ask for access to your health information. You may now choose to connect your UCare health data to these apps. UCare created an interface that lets your apps access certain health information when, where and in a way you need it most. The types of data that may be shared with an app include:

• Claims data (for example, the services you received, how much was paid and your cost sharing)
• Information about your diagnosis and the treatment you received
• Other clinical information that the app may require

Things to think about before letting a third-party app access your health care data

Before you ask UCare to share your health data with a third-party app, read the information below to help you decide which apps should have it.

Protect your health information actively. Look for a privacy policy clearly showing how the app will use your data. If an app doesn't have a privacy policy that answers the questions below, don't share your health information with it.

• What health data will this app collect? Will this app collect non-health data, such as my location from my device?
• Will my data be stored in a de-identified or anonymized form?
• How will this app use my data?
• Will this app give my data to third parties?
  
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
• How can I limit the use and sharing of my data with this app?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family?
• How can I find my data and fix a mistake with data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• What if I no longer want to use this app or don't want it to have access to my health information? How do I end this app's access to my data?
  
  • What's this app's policy for deleting my data once I stop access? Do I have to do more than remove this app from my device?
• How does this app tell users about changes that could affect its privacy practices?

How to share your data

For a third-party app to access your health data, you must authorize the app. If you decide to do this for any of the apps that you use, follow these steps:

1. Select UCare. You'll select from your chosen third-party application that you want to pull data from UCare. This will redirect you to the login page.
2. Set up an account. On the bottom of the screen, select "click here." You'll be redirected to the account setup page.
3. Verify your identity. You'll need to give your first and last name, date of birth, member ID number and zip code. Once you authorize one application to see your health plan data, you only have to authenticate using your email address and corresponding code to let a second application see the data.
4. Link the account to your email address. Enter a unique email address to associate with your selected user in the previous step. Note that the code will be sent from the email address no-reply@ucarefhir.com. Check your junk and spam folders if you don't see the email in your inbox.
5. Confirm your account. Enter the verification code from your email and click "confirm code."
6. Approve the data share. Read through the consent and authorization language, and if you'd still like to continue, check the box and click "approve data share."

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)?

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who must follow HIPAA at hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html. Generally, HIPAA applies to health care providers and health plans such as UCare.

Do third-party apps need to follow HIPAA?

Federal Trade Commission (FTC) and the protections given by the FTC Act. The FTC Act, among other things, protects against deceptive acts (for example, if an app shares personal data without permission, although having a privacy policy that says it won't do so). The FTC offers consumers information about mobile app privacy and security at consumer.ftc.gov/articles/how-protect-your-privacy-apps.

What should I do if I think my health data was breached or misused?

1. You can file a complaint with the FTC at reportfraud.ftc.gov/#/.
2. You can file a complaint with OCR using the OCR complaint portal at ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
3. You can file a report with UCare in three ways.
   • Write to us at:
     Attn: Privacy Officer
     PO Box 52
     Minneapolis, MN 55440-0052
   • Call our 24-hour Compliance Hotline at 612‑676‑6525 or 1‑877‑826‑6847 toll-free. TTY users call 1‑800‑688‑2534 toll-free.
   • Email us at compliance@ucare.org.

Developing with UCare Application Programming Interfaces (APIs)

UCare Interoperability APIs let members consent to share their data with third-party applications. We use 1upHealth's platform to manage the connection to member data. You can create a developer account on 1upHealth's Developer Console if you're an app developer.

For more information on the process and steps to connecting your application, visit 1upHealth's Help Center.