Access to your health records

You choose which app you want us to send your information to. The app you choose should protect the privacy and security of your health information. Once your health information is downloaded to the app of your choice, IU Health Plans can no longer protect it. Also, the company that provides the app may not be subject to HIPAA privacy and security regulations. See How to tell if a health records app is private and secure section on this site for more tips

Check the app’s privacy policy, website, and reviews to learn more about its privacy and security.

Note: If the app’s privacy policy does not clearly answer these questions, please reconsider using that app. Health records are very sensitive information, and you should choose apps with strong privacy and security standards.

• What is the app developer or company’s reputation?
  • How long has the company been in business? Are there positive reviews?

• What are the app’s security measures?
  • Is it secure enough that no one else can login to your account?
  • Will your health records be stored in way that no one else can access them or identify you?
  • If you no longer want to use the app, is it easy to end the app’s access to your health records?

• Does the app’s privacy policy clearly explain how the app will use your health records?
  • Will it collect non-health data from your device, such as your location? Can you turn this off?
  • Will it sell your health records or data about your activity on the app for advertising, research, or any other reason? Most consumers do not want their information sold.
  • Will it share your health records or data about your activity on the app for any reason? If so, find out why. Are you ok with this sharing?
  • Does it allow you to limit the app’s use and disclosure of your health records or data?
  • How does the app inform you of changes to their privacy practices?
• How does the app collect and respond to complaints?
  • How easy is it to contact the app if you have complaints?

Choose the app you want to use. IU Health Plans does not have a relationship with any app developer.

In the app itself, you should have an ability to delete your health records.

1. Delete your health records in the app first.
2. Delete your account in the app, if available, next.
3. Lastly, delete the app from your device.

Who oversees the privacy and security practices of health records apps?

• • Most health record apps will not be covered by HIPAA, the law that outlines privacy and security requirements for health information.
  • These apps will fall under the Federal Trade Commission (FTC) and the protections provided by the FTC Act. This Act, among other things, protects against deceptive acts like sharing personal data without permission, despite having a privacy policy that says it will not do so. You can find more information about mobile app privacy and security for consumers here.

• Who do I complain to if I think my health records app did not secure my data, or the app used my data inappropriately?
  • Submit a complaint to the FTC. Since the Federal Trade Commission (FTC) has jurisdiction over these apps, you should submit a complaint to the FTC using the FTC complaint assistant here.
  • File a HIPAA complaint. Your situation may fall under the HIPAA Privacy, Security, or Breach Notification Rules, or the Patient Safety Act and Rule. HIPAA is overseen by the U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR).
    • You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here.
    • Learn more about filing a complaint with OCR under HIPAA here.
    • Individuals can file a complaint with OCR using the OCR complaint portal here.
  • Report privacy or security concerns to the IU Health Plans Compliance Department at VBCCompliance@IUHealth.org. Though IU Health Plans does not have relationships with the apps you may choose, we would like to hear of any privacy or security issues you may experience.

• What if I have more questions?
  • Call IU Health Plans Customer Solutions Center at 800.455.9776 or 317.963.9700 (TDD/TTY 711). Hours are April 1 – Sept. 30: 8 am – 8 pm, Monday – Friday and Oct. 1 – March 31: 8 am – 8 pm, seven days a week.

Patient Access API

As required by the U.S. Centers for Medicare & Medicaid Services (CMS), the IU Health Plans Patient Access API meets the specification as outlined in the CARIN Consumer Directed Payer Data Exchange (CARIN IG for Blue Button) Implementation Guide and the US CORE Implementation Guide which conforms to the technical standard for data exchange via secure API.

IU Health Plans has contracted with HealthTrio to manage and support the Patient Access API. Instructions on how to get started are provided by clicking the FHIR API link. Developers should be familiar with HL7 FHIR APIs and understand how APIs work.

Please note that the mandate requires this information to be publicly available. Should you have questions regarding the HL7 FHIR API standards or requirements, please refer to the CARIN Consumer Directed Payer Data Exchange (CARIN IG for Blue Button) Implementation Guide and the US CORE Implementation Guide.

Should you have questions regarding the IU Health Plans FHIR API, please contact HealthTrio by clicking the FHIR API link and following the instructions. IU Health Plans does not support developer-specific questions.

Provider Directory API

As mandated by the U.S. Centers for Medicare & Medicaid Services (CMS), the IU Health Plans Provider Directory API meets the specification as outlined in the DaVinci PDEX Plan-Net Implementation Guide and conforms to the technical standard for data exchange via FHIR API.

IU Health Plans has contracted with HealthTrio to manage and support the Provider Directory API. Instructions on how to get started are provided by clicking the FHIR API link. Developers should be familiar with HL7 FHIR APIs and understand how APIs work.

Please note that the mandate requires this information to be publicly available. Should you have questions regarding the HL7 FHIR API standards or requirements, please refer to the Da Vinci PDEX Plan-Net Implementation Guide.

Should you have questions regarding the IU Health Plans FHIR API, please contact HealthTrio by clicking the FHIR API link and following the instructions. IU Health Plans does not support developer-specific questions.

Drug Formulary API

As mandated by the U.S. Centers for Medicare & Medicaid Services (CMS), the IU Health Plans Drug Formulary API meets the specification as outlined in the DaVinci Payer Data Exchange (PDex) US Drug Formulary Implementation Guide and conforms to the technical standard for data exchange via FHIR API.

IU Health Plans has contracted with HealthTrio to manage and support the Drug Formulary API. Instructions on how to get started are provided by clicking the FHIR API link. Developers should be familiar with HL7 FHIR APIs and understand how APIs work.

Please note that the mandate requires this information to be publicly available. Should you have questions regarding the HL7 FHIR API standards or requirements, please refer to the DaVinci Payer Data Exchange (PDex) US Drug Formulary Implementation Guide.

Should you have questions regarding the IUHealth Plans FHIR API, please contact HealthTrio by clicking the FHIR API link and following the instructions. IU Health Plans does not support developer-specific questions.