Third-party app developers click here

Important Patient Access Application Program Interface (API) Information

Background/Overview

Florida Health Care Plan, Inc., (FHCP) is a health maintenance organization licensed to conduct business in the state of Florida. The Federal Interoperability Rule requires that health plans, like FHCP, make available to their current and former members certain healthcare information through a designated API application (API app) on your smart device. This API app will allow you to access your data via FHCP’s Patient Access API. To access this information, you need to select a third-party API app that will serve as the conduit to your information. This will only be done at your direction and only through the API app that you select. The API app you select will be from a third party. It is not created, maintained, or approved by FHCP.

Selecting an API App

Before you install an API App, here’s what you can do to better protect yourself:

• Use official app stores. To reduce the risk of installing a potentially harmful API app, download the API app only from official app stores, such as your device’s manufacturer or operating system app store. Also, research the developer before installing an API app.
• Know what information the API app will be able to access and how they will use this information. Before you download an API app, read the API app’s privacy policy to see how your data will be accessed and used or if your data will be shared. Is the policy vague about how the API app will share your data? If it is, or if you’re not comfortable with how your information could be shared, you might want to find another API app. If the API app does not have a privacy policy, you may not want to use the API app.
• Check out the permissions. To gain access to information like your location or contacts, or to get access to features like your camera and microphone, all apps need your permission. You may be asked to give permission when you first download the API app, or at the time the API app first tries to access that information or feature. Pay close attention to the permissions the API app requests. For example, does it really need to access your location or photos to do its job?

Privacy and Security

It’s important to know about privacy settings on API apps. When you download an API app, it may ask for permission to access personal information like contacts, your location, or even your camera. The API app may need this information to make some features work, but they also may share this information with other companies.

Once you have downloaded and installed the API app, there are still some things you can do to protect yourself:

• Review the API app’s permissions.Go to your Settings to review the permissions to make sure the API app doesn’t have access to information or features it doesn’t need. Turn off unnecessary permissions.
• Limit location permissions. Some API apps may have features that need to access to your device’s location services. If an API app needs access to your location data to function, think about limiting the access to only when the API app is in use.
• Keep your API app updated. API apps with out-of-date software may be at risk of being hacked. Protect your device from malware by installing API app updates as soon as they’re released.
• Delete the API app if you stop using it. To avoid unnecessary data collection, if you stop using your API app, delete it.

API Apps and the Health Insurance Portability and Accountability Act

The Health Insurance and Accountability Act (HIPAA) put in place a number of requirements including rules to protect and secure your health information. These rules apply to Covered Entities, including health plans, providers and healthcare clearing houses. FHCP’s Notice of Privacy Practices describes many of those requirements and how FHCP complies with them. It is unlikely that the developers or suppliers of API apps are Covered Entities, therefore, in most cases, HIPAA will not apply. FHCP strongly encourages you to investigate thoroughly the privacy and security of any API app you may consider. Health information is very sensitive information and you should carefully choose API apps with strong privacy and security standards to protect your information.

You can find HIPAA FAQs for individuals from HHS here: https://www.hhs.gov/hipaa/for-individuals/faq/index.html

How to File a Complaint About your API App

In the event that you have a complaint about the API app that you selected and are unable to resolve the issue with the API app vendor, you have the right to report the issue/complaint to the Federal Trade Commission or the Department of Health and Human Services’ Office of Civil Rights. Those agencies have oversight responsibility for this initiative. They can be reached at:

U.S. Federal Trade Commission
https://www.ftccomplaintassistant.gov/#crnt&panel1-1
1-877-FTC-HELP
Office for Civil Rights
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
1-800-368-1019

Florida Health Care Plans is an independent licensee of the Blue Cross Blue Shield Association servicing Volusia, Flagler, St. Johns, Brevard, and Seminole counties in the state of Florida.