Each app creates a privacy policy and other policies that explain how they will use your health data and whether they can sell your health data to others. These policies control what they will do with your data, so it is important that you understand what you are agreeing to when you download a third-party app.
The app is also responsible for reporting inadvertent disclosure of your health data to you and appropriate government authorities. Interoperability means that Blue KC has virtually no control over which apps can ask you for access to your data, so the responsibility shifts to you to decide which apps you want to access your health data.
Once you choose to allow an app to have access to your personal heath data, that data is no longer protected by HIPAA or Blue KC.
For most hospitals, doctors’ offices, and health insurance companies, HIPAA governs the privacy and security of health records stored online. But many web-based businesses that collect people’s health information are not covered by HIPAA. These include online services people use to keep track of their health information and online applications that interact with those services.
The Federal Trade Commission (FTC), the nation’s consumer protection agency, has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there is a breach of unsecured, individually identifiable electronic health information. FTC enforcement began on February 22, 2010.
You can find more information regarding the FTC here.