Aspirus Health Plan

Overview

Some of your favorite digital applications (apps) may ask for access to your health information. You may now choose to connect your Aspirus Health Plan health data to these apps. Aspirus Health Plan has developed an interface that will allow your apps access to certain health information when, where and in a way that you need it most. The types of data that may be shared with an app include:

• claims data (for example, the services you received, how much was paid and your cost sharing)
• information about your diagnosis and the treatment you received
• other specific clinical information that the app may require

Things to consider before allowing a third-party app to access your health care data

Before you ask Aspirus Health Plan to share your health data with a third-party app, read the information below to help you decide which third-party apps to share your health data with.  

Take an active role to protect your health information. Look for a privacy policy that clearly shows how the app will use your data. If an app doesn’t have a privacy policy that clearly answers the below questions, don’t share your health information with the app.

• What health data will this app collect? Will this app collect non-health data from my device, such as my location?
• Will my data be stored in a de-identified or anonymized form?
• How will this app use my data?
• Will this app give my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
• How can I limit this app’s use and sharing of my data?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family members?
• How can I find my data and fix a mistake with data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I end the app’s access to my data?
  • What is the app’s policy for deleting my data once I stop access? Do I have to do more than just remove the app from my device?
• How does this app tell users about changes that could affect its privacy practices?

How to Share your Data

For a third-party app to get access to your health data, you must authorize the app. If you decide to do this for any of the apps that you use, you can do so by following these steps:

• Step 1: Open this “Connected Health” link. This will open a new site, for which you must enroll. If you haven’t enrolled in the Connected Health site before, contact us for an invitation code.
• Step 2: Once enrolled, you can add and manage connections to your third-party apps on the Linked Services screen.

That’s it! Each app will have its own way of using the available data. It’s important that you consider how your data will be used before choosing to share it.

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)?

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who must follow HIPAA at https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html. Generally, HIPAA applies to health care providers and health plans such as Aspirus Health Plan

Are third-party apps required to follow HIPAA?

Most third-party apps won’t be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (for example, if an app shares personal data without permission, despite having a privacy policy that says it won’t do so). The FTC offers information about mobile app privacy and security for consumers at https://www.consumer.ftc.gov/articles/how-protect-your-privacy-apps.

What should I do if I think my health data was breached or used inappropriately?

1. You can file a complaint with the FTC using the FTC complaint assistant at https://www.ftccomplaintassistant.gov/#crnt&panel1-1.
2. You can file a complaint with OCR using the OCR complaint portal at https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
3. You can file a report with Aspirus Health Plan:
   
   Attn: Privacy Officer
   3000 Westhill Drive, Suite 303
   Wausau, WI 54401
   
   Or call Privacy Officer at 715-843-1391, Monday – Friday, 8 am – 5 pm.

Developing with Aspirus Health Plan APIs

Aspirus Health Plan Interoperability APIs allow members to consent to have their data shared with third-party applications. We use Change HealthCare’s platform to manage application registration and connecting to member data. If you are an app developer, you can register your application today. To find out more, see Change HealthCare’s Developer site.