Third-party app developers click here
Important Patient Access Application Program Interface (API) Information
Florida Health Care Plan, Inc., (FHCP) is a health maintenance organization
licensed to conduct business in the state of Florida. The Federal Interoperability
Rule requires that health plans, like FHCP, make available to their current
and former members certain healthcare information through a designated
API application (API app) on your smart device. This API app will allow
you to access your data via FHCP’s Patient Access API. To access
this information, you need to select a third-party API app that will serve
as the conduit to your information. This will only be done at your direction
and only through the API app that you select. The API app you select will
be from a third party. It is not created, maintained, or approved by FHCP.
Selecting an API App
Before you install an API App, here’s what you can do to better protect yourself:
Use official app stores. To reduce the risk of installing a potentially harmful API app, download
the API app only from official app stores, such as your device’s
manufacturer or operating system app store. Also, research the developer
before installing an API app.
Know what information the API app will be able to access and how they will
to see how your data will be accessed and used or if your data will be
shared. Is the policy vague about how the API app will share your data?
If it is, or if you’re not comfortable with how your information
could be shared, you might want to find another API app. If the API app
Check out the permissions. To gain access to information like your location or contacts, or to get
access to features like your camera and microphone, all apps need your
permission. You may be asked to give permission when you first download
the API app, or at the time the API app first tries to access that information
or feature. Pay close attention to the permissions the API app requests.
For example, does it really need to access your location or photos to
do its job?
Privacy and Security
It’s important to know about privacy settings on API apps. When you
download an API app, it may ask for permission to access personal information
like contacts, your location, or even your camera. The API app may need
this information to make some features work, but they also may share this
information with other companies.
Once you have downloaded and installed the API app, there are still some
things you can do to protect yourself:
Review the API app’s permissions. Go to your Settings to review the permissions to make sure the API app
doesn’t have access to information or features it doesn’t
need. Turn off unnecessary permissions.
Limit location permissions. Some API apps may have features that need to access to your device’s
location services. If an API app needs access to your location data to
function, think about limiting the access to only when the API app is in use.
Keep your API app updated. API apps with out-of-date software may be at risk of being hacked. Protect
your device from malware by installing API app updates as soon as they’re
Delete the API app if you stop using it. To avoid unnecessary data collection, if you stop using your API app, delete it.
API Apps and the Health Insurance Portability and Accountability Act
The Health Insurance and Accountability Act (HIPAA) put in place a number
of requirements including rules to protect and secure your health information.
These rules apply to Covered Entities, including health plans, providers
and healthcare clearing houses. FHCP’s Notice of Privacy Practices
describes many of those requirements and how FHCP complies with them.
It is unlikely that the developers or suppliers of API apps are Covered
Entities, therefore, in most cases, HIPAA will not apply. FHCP strongly
encourages you to investigate thoroughly the privacy and security of any
API app you may consider. Health information is very sensitive information
and you should carefully choose API apps with strong privacy and security
standards to protect your information.
You can find HIPAA FAQs for individuals from HHS here:
How to File a Complaint About your API App
In the event that you have a complaint about the API app that you selected
and are unable to resolve the issue with the API app vendor, you have
the right to report the issue/complaint to the Federal Trade Commission
or the Department of Health and Human Services’ Office of Civil
Rights. Those agencies have oversight responsibility for this initiative.
They can be reached at:
U.S. Federal Trade Commission
Office for Civil Rights
Florida Health Care Plans is an independent licensee of the Blue Cross
Blue Shield Association servicing Volusia, Flagler, St. Johns, Brevard,
and Seminole counties in the state of Florida.