Educational Resources Regarding Privacy & Security

It is important for you to take an active role in protecting your own health data. If you direct CHRISTUS Health to share your health data with a third-party app, CHRISTUS Health has no control over how the third-party app will use or share your health data. CHRISTUS Health does not generally review or evaluate third-party apps or their privacy or security practices with respect to your health data. Some third-party apps may share your health data with other third parties. Because your health data can be very sensitive, you should be careful to choose apps with strong privacy and security standards to protect it. Any app you choose to receive your health data should have an easy-to-read privacy policy that clearly explains how the app will use your health data. If an app does not have a privacy policy, you should consider not using the app.

Before you direct CHRISTUS Health to share your health data with an app, you should read carefully the app’s terms of use and privacy policy to understand how the app will use and share your health data. CHRISTUS Health may be required by law to comply with your request to share your health data with a designated third-party app. Health data transmitted to an app at your request will no longer be under CHRISTUS Health’s protection and control, will no longer be subject to the protections and rights outlined in our Privacy Statement located on our website, and may no longer be subject to the same laws, regulations, policies or procedures regarding its confidentiality, security, privacy, use, or disclosure. You make requests to CHRISTUS Health to transmit your health data to an app at your own risk and you assume all responsibility for the consequences of such action taken by CHRISTUS Health at your direction.

• Below are factors to consider when selecting an app to receive your health data:
• What health data will this app collect?
• Will this app collect non-health data from my device, such as my location?
• Will my data be stored in a de-identified or anonymized form?
• How will this app use my data?
• Will this app disclose my data to third parties?
• Will this app sell my data for any reason, such as advertising or research?
• Will this app share my data for any reason? If so, with whom and for what purpose?
• How can I limit this app’s use and disclosure of my data?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family members?
• How can I access my data and correct inaccuracies in data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
• What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
• How does this app inform users of changes that could affect its privacy practices?

If an app’s terms of use and privacy policy do not clearly answer these questions, you should reconsider authorizing such app to access your health data.

HIPAA is a federal law setting forth standards for the use, disclosure and protection of certain health information. It applies to certain health care providers, health care clearinghouses, health plans like CHRISTUS Health, and such entities’ business associates. However, many of the organizations that may have health information about you do not need to follow HIPAA. Examples of these organizations may include life insurers, employers, workers compensation carriers, many schools and school districts, many state agencies, many law enforcement agencies, and many municipal offices. For more information on our responsibilities under HIPAA, please refer to our Privacy Statement located at https://www.christushealthplan.org/privacy-statement. For more information about HIPAA generally, please refer to the U.S. Department of Health and Human Services (“HHS”) Office for Civil Rights (“OCR”) website at: https://www.hhs.gov/hipaa/for-individuals/index.html. 

 

Most third-party apps are not covered by HIPAA and instead fall under the jurisdiction of the Federal Trade Commission (“FTC”) and the protections provided by the FTC Act. Among other things, the FTC Act protects consumers against deceptive acts, for example, when an app shares personal data without a user’s permission despite having a privacy policy that says it will not do so. The FTC provides information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps. 

If you believe that that we have violated your rights under HIPAA, you may file a complaint with us or HHS OCR by following the instructions provided on CHRISTUSHealthPlan.org. If you believe that an app has used your data inappropriately, you may file a complaint with the FTC using the FTC complaint assistant: https://reportfraud.ftc.gov/#/ .