Understanding your Protected Health Information:
You can now use mobile apps to request a copy of your protected health information, also called PHI. Florida Blue is here to help you understand how it works and to give you tips on how to protect your health information when you use these apps. In these FAQs, you’ll learn:
- The types of PHI you can access using an app
- What steps you should take to better protect your PHI when using an app
- How you can file a complaint if you think your PHI has been breached or misused by an app
Frequently Asked Questions
Florida Blue and Florida Blue Medicare members can request an electronic copy of their protected health information through an app of their choice. The app has to have registered with Florida Blue first.
Yes. All members can request a copy of their protected health information through an app of their choice.
You can request a copy of your PHI in accordance with the Florida Blue Notice of Privacy Practices. A copy of Florida Blue’s Notice of Privacy Practices can be found here. If you use an app to request PHI, Florida Blue may electronically provide the following information:
- Any claims, office visit (if your plan is an HMO plan) and medical information in our records going back to January 1, 2016. What we provide to the app depends on what information the app requests and what information we have.
- All of your medical information in our records going back to January 1, 2016, may be released, depending on what the app requests. This may include sensitive medical information, such as treatment or diagnosis information about mental health, substance use disorders, sexually transmitted diseases and more. At this time, Florida Blue cannot withhold sensitive information when responding to a PHI access request through an app, even at your request.
- The PHI Florida Blue provides is limited to what is in our records. For a more complete picture of your health records, you may also need to request PHI from your doctors and any previous insurers.
Florida Blue is required to disclose all claim, office visit and clinical information (including sensitive information) that an app requests going back to January 1, 2016. If there is sensitive information you do not want an app to receive, you should not request your PHI through that app.
An app will need to register with Florida Blue before you can use it to access your PHI. Under certain circumstances, Florida Blue may deny an app’s registration. If you want to request PHI through an app, make sure the app you choose is registered with Florida Blue before requesting your health information. If the app has not registered with Florida Blue, contact the app’s developer so they can begin the registration process. Florida Blue is not responsible for issues that may occur with an app that delay or prevent the transmission of information. A list of registered apps will be available soon.
- What PHI will this app collect? Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymous form (in a way that does not allow me to be identified)?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what purpose?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- How can I access my data and correct inaccuracies?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
Also, be aware that Florida Blue does not review the privacy or security of registered apps. Just because we have created a connection with an app does not mean we believe the app is secure or will appropriately handle our members’ PHI. It is your responsibility to choose an app with strong privacy protections that will secure your PHI.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html.
HHS also has published HIPAA FAQs for Individuals, which contain information on specific topics that may interest you: hhs.gov/hipaa/for-individuals/faq. Here’s another helpful resource to understand your rights under HIPAA: healthit.gov/how-to-get-your-health-record
If you want more information on how Florida Blue complies with HIPAA for our members and what Florida Blue does to protect your information, you can find our HIPAA Notice of Privacy Practices here.
The FTC provides information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
If you’re concerned an app has violated your privacy rights or believe that your information has been breached in an app, you should consider filing a complaint with the app using the contact information it provides.
- You can also file a complaint with the FTC using the FTC complaint assistant at ftccomplaintassistant.gov. Florida Blue has no control over the app you choose. While you may contact us if an app has misused your data or if there was a breach, we may not be able to help you.
- If you think we violated your privacy rights, you may file a complaint with us in accordance with our Notice of Privacy Practices. Members also may file a complaint with the U.S. Department of Health and Human Services (HHS). We support your right to protect the privacy of your PHI. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.
- Contact: Business Ethics, Integrity & Compliance
Florida Blue PO Box 44283 Jacksonville
Jacksonville FL 32203-4283
- Contact: Business Ethics, Integrity & Compliance
- To learn more about filing a complaint with the Office of Civil Rights (the department of HHS that enforces HIPAA), visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
- Individuals can file a complaint with OCR using the OCR complaint portal: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
Ready to stop using an app? If you want Florida Blue to stop allowing an app to access your health information, call Member Services at one of the below numbers. Calling Member Services is currently the only way you can stop an app from collecting your health data after you have given them access.
- Group, Individual and Family members: Call 1-800-FLA-BLUE (352-2583). TTY users, please call 1-800-955-8770. Member Services is open from 8 a.m. to 6 p.m., Monday through Friday.
- Medicare members: Call 1-800-926-6565. TTY users, please call 1-800-955-8770. Medicare Member Services is open from 8 a.m. to 8 p.m. local time, seven days a week from October 1 through March 31, except for Thanksgiving and Christmas. From April 1 through September 30, we are open Monday through Friday, 8 a.m. to 8 p.m. local time.