Interoperability
API
Member Health Data Permissions, Privacy, and Security Educational Resources
CMS does not require Medicare Advantage plans to ask third-party application developers to confirm they have certain provisions in their privacy policy. Furthermore, we do not review or evaluate third-party applications or their privacy or security practices. Therefore, if you direct us to share your health data with a third-party application, we want you to know that we have no control over how the third-party application will use or share your health data.
It is important for you to make an informed decision about who you choose to share your health data with and take an active role in protecting your health data.
Below, we share important information for you to consider that may help protect the privacy and security of your health data.
How You Can Help Protect The Privacy And Security Of Your Health Data
Some third-party applications may share your health data with other third parties. Health data can be very sensitive, and you should be careful to choose a third-party application with strong privacy and security standards to protect your information.
Any third-party application you choose to receive your health data should have an easy-to-read privacy policy that clearly explains how the application will use your data. If an application does not have an easy-to-read privacy policy, you should consider not using the
application.
Therefore, before you direct us to share your health data with a third-party application, you should carefully read the application’s terms-of-use and privacy policy to understand how the application will use and share your health data.
Below, we have listed some questions for you to consider when selecting a third-party application to receive your health data. If an application’s privacy policy does not clearly answer these questions, you should reconsider allowing the application to access your health data.
Questions to consider when selecting a third-party application to receive your health data are (but not limited to):
- What health data will this application collect?
- Will this application collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this application use my data?
- Will this application disclose my data to third parties?
- Will this application sell my data for any reason, such as advertising or research?
- Will this application share my data for any reason? If so, with whom? For what purpose?
- How can I limit this application’s use and disclosure of my data?
- What security measures does this application use to protect my data?
- What impact could sharing my data with this application have on others, such as my family members?
- How can I access my data and correct inaccuracies in data retrieved by this application?
- Does this application have a process for collecting and responding to user complaints?
- If I no longer want to use this application, or if I no longer want this application to have access to my health information, how do I terminate the application’s access to my data?
- What is the application’s policy for deleting my data once I terminate access? Do I have to do more than just delete the application from my device?
- How does this application inform users of changes that could affect its privacy practices?
What Are Your Rights Under The Health Insurance Portability And Accountability Act (HIPAA) And Who Must Follow HIPAA?
The Health Insurance Portability and Accountability Act (HIPAA) is a federal law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.
You can also find related HIPAA frequently asked questions here:https://www.hhs.gov/hipaa/forindividuals/faq/index.html
Most third-party applications will not be covered by HIPAA. Instead, most third-party applications fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act.
The FTC Act, among other things, protects against deceptive acts, for example, when an application shares personal data without a user’s permission, despite having a privacy policy that says it will not do so.
The FTC provides information about mobile application privacy and security here:https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
What Should You Do If You Think Your Health Data Has Been Breached Or An Application Has Used Your Data Inappropriately?
Longevity Health Plan
11770 U.S Hyw 1
Suite E102
Palm Beach Gardens, FL 33408
You may also write the Secretary of the U.S. Department of Health and Human Services
(HHS).
You can file a complaint with HHS OCR using the OCR Complaint Portal Assistant at: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
You can also file a complaint with the FTC using the FTC complaint assistant at: https://www.ftc.gov/media/71268
More Resources
Plan Documents
Access important plan information, documents, directories and forms.
Exceptions and Appeals
Appoint a representative, file a grievance or appeal, request a coverage determination, and more.
Out-of-Network Coverage Rules
Understand our network rules before scheduling an appointment with your doctor.
Member Rights
Understand your member rights and responsibilities.
Enrollment Cancellation
Thanks for choosing Longevity Health. Your medical care will continue until you cancel your plan membership.
CONTACT US
Or visit our Contact Us section to find more useful numbers
in your state.