Understanding your Protected Health Information:

You can now use mobile apps to request a copy of your protected health information, also called PHI. Florida Blue is here to help you understand how it works and to give you tips on how to protect your health information when you use these apps. In these FAQs, you’ll learn:

  • The types of PHI you can access using an app
  • What steps you should take to better protect your PHI when using an app
  • How you can file a complaint if you think your PHI has been breached or misused by an app

Frequently Asked Questions

Florida Blue and Florida Blue Medicare members can request an electronic copy of their protected health information through an app of their choice. The app has to have registered with Florida Blue first.

Yes. All members can request a copy of their protected health information through an app of their choice.

You can request a copy of your PHI in accordance with the Florida Blue Notice of Privacy Practices. A copy of Florida Blue’s Notice of Privacy Practices can be found here. If you use an app to request PHI, Florida Blue may electronically provide the following information:

  • Any claims, office visit (if your plan is an HMO plan) and medical information in our records going back to January 1, 2016. What we provide to the app depends on what information the app requests and what information we have.
  • All of your medical information in our records going back to January 1, 2016, may be released, depending on what the app requests. This may include sensitive medical information, such as treatment or diagnosis information about mental health, substance use disorders, sexually transmitted diseases and more. At this time, Florida Blue cannot withhold sensitive information when responding to a PHI access request through an app, even at your request.
  • The PHI Florida Blue provides is limited to what is in our records. For a more complete picture of your health records, you may also need to request PHI from your doctors and any previous insurers.

Florida Blue is required to disclose all claim, office visit and clinical information (including sensitive information) that an app requests going back to January 1, 2016. If there is sensitive information you do not want an app to receive, you should not request your PHI through that app.

An app will need to register with Florida Blue before you can use it to access your PHI. Under certain circumstances, Florida Blue may deny an app’s registration. If you want to request PHI through an app, make sure the app you choose is registered with Florida Blue before requesting your health information. If the app has not registered with Florida Blue, contact the app’s developer so they can begin the registration process. Florida Blue is not responsible for issues that may occur with an app that delay or prevent the transmission of information. A list of registered apps will be available soon.

It’s important to take an active role in protecting your PHI. Look for an easy-to-read privacy policy that clearly explains how the app will use your PHI. If an app does not have a privacy policy, or if you do not understand it, you may want to reconsider using the app. Here are some issues to look for when reviewing an App’s privacy policy:

  • What PHI will this app collect? Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymous form (in a way that does not allow me to be identified)?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?
  • If the privacy policy does not clearly answer these questions, we encourage you to reconsider using this app to access your PHI. Again, PHI disclosed by Florida Blue in response to an app request by a Member may include sensitive information. Make sure to choose apps with strong privacy and security standards for protecting your PHI.

Also, be aware that Florida Blue does not review the privacy or security of registered apps. Just because we have created a connection with an app does not mean we believe the app is secure or will appropriately handle our members’ PHI. It is your responsibility to choose an app with strong privacy protections that will secure your PHI.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html.

HHS also has published HIPAA FAQs for Individuals, which contain information on specific topics that may interest you: hhs.gov/hipaa/for-individuals/faq. Here’s another helpful resource to understand your rights under HIPAA: healthit.gov/how-to-get-your-health-record

If you want more information on how Florida Blue complies with HIPAA for our members and what Florida Blue does to protect your information, you can find our HIPAA Notice of Privacy Practices here.

HIPAA does not cover most third-party apps. HIPAA governs health insurance plans (such as Florida Blue), health care providers (such as doctor’s offices and hospitals), and health care clearinghouses (collectively known as “covered entities”) or entities performing services on behalf of Covered Entities that involve PHI. Most third-party apps are not created by, or affiliated with covered entities, so these app developers are not likely bound by HIPAA privacy and security protections. These apps may be regulated by the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (for example, if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC also enforces the promises that are made in an app’s privacy policies, which is why it’s important for you to review an app’s privacy policies before using it to request PHI from Florida Blue.

The FTC provides information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

If you’re concerned an app has violated your privacy rights or believe that your information has been breached in an app, you should consider filing a complaint with the app using the contact information it provides.

  • You can also file a complaint with the FTC using the FTC complaint assistant at ftccomplaintassistant.gov. Florida Blue has no control over the app you choose. While you may contact us if an app has misused your data or if there was a breach, we may not be able to help you.

 

  • If you think we violated your privacy rights, you may file a complaint with us in accordance with our Notice of Privacy Practices. Members also may file a complaint with the U.S. Department of Health and Human Services (HHS). We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
      • Contact: Business Ethics, Integrity & Compliance
        Florida Blue PO Box 44283 Jacksonville
        Jacksonville FL 32203-4283
        Phone: 1-888-574-2583
         

 

Ready to stop using an app? If you want Florida Blue to stop allowing an app to access your health information, call Member Services at one of the below numbers. Calling Member Services is currently the only way you can stop an app from collecting your health data after you have given them access.

  • Group, Individual and Family members: Call 1-800-FLA-BLUE (352-2583). TTY users, please call 1-800-955-8770. Member Services is open from 8 a.m. to 6 p.m., Monday through Friday.
    • Medicare members: Call 1-800-926-6565. TTY users, please call 1-800-955-8770. Medicare Member Services is open from 8 a.m. to 8 p.m. local time, seven days a week from October 1 through March 31, except for Thanksgiving and Christmas. From April 1 through September 30, we are open Monday through Friday, 8 a.m. to 8 p.m. local time.

This educational product was prepared as a service to the public and is not intended to grant rights or impose obligations. This educational product may contain references or links to statutes, regulations, policy materials, and other external sites. The information provided is only intended to be a general summary.  It is not intended to take the place of either the written law or regulations.  We encourage readers to review the specific statutes, regulations, and other interpretive materials for a full and accurate statement of their contents. We comply with applicable Federal civil rights laws and do not discriminate on the basis of race, color, national origin, age, disability or sex. You may access the Nondiscrimination and Accessibility notice at floridablue.com/ndnotice. © 2021 Blue Cross and Blue Shield of Florida, Inc., DBA Florida Blue. All rights reserved.

FB FAQ PHI 001 NF 062021