Recently, the Department of Health and Human Services (HHS) released a set of FAQs from the Office of Civil Rights. HIPAA’s new FAQs are meant to address the HIPAA right of access as it relates to health and wellness apps designated for use by patients and application programming interfaces (APIs) used by providers’ electronic health record systems.
What’s included in the FAQs?
HIPAA’s new FAQs explain that once protected health information (PHI) is shared with a third-party application, the HIPAA-covered entity will not be liable for subsequent use or disclosure of electronic PHI as long as the app developer is not itself a business associate of a covered entity or other business associate. Common examples of third-party health and wellness applications include Fitbit, MyFitnessPal, Garmin Connect, Google Fit and Apple’s Health app.
What does this mean?
Employees should be aware that if they request their PHI to be transferred to a third-party health and wellness application, the app won’t receive HIPAA protections. Additionally, the entity that transfers the PHI to the third-party app will not be held liable for subsequent use or disclosure of the PHI.
As a result, the information shared with the app could be sent or sold to other companies to advertise products or services to you based on your information. This is similar to how your social media sites present products you might be interested in based on your searches or your interests.
For More Information
For more information on HIPAA or HIPAA’s new FAQs, please contact Insurance Solutions at 866-335-8602