Third Party Health Applications

You can request copies of your medical records directly from the doctors you have seen at any time.

You can now access your health data securely through a “Patient Access Application Programming Interface (API).” An API is a simple way for two or more pieces of software to exchange data.

This access is only available once you create an account with an App that works with CenCal Health.

Apps are not owned, operate, or monitored by CenCal Health. Your App will have access to all your heath data once you allow it. CenCal Health has no control over how your App will use or share your health data.

Before sharing your health data, check if the app has an easy-to-read privacy policy. If an App does not have a privacy policy, you should not use the App. You should also think about the following questions when considering an App:

• Has the app been certified by a managing agency?
• What health data will this app collect?
• Will this app collect non-health data from my phone, such as my location?
• How will this app use my data?
• Will this app show my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? Why?
• How can I limit this app’s use and release of my data?
• What safety steps does this app use to protect my data?
• What impact could sharing my data with this app have on others?
• How does this app share change its privacy practices?
• How can I use my data and fix mistakes in data saved by this app?
• Does this app have a way of taking in and answering a user complaint?
• How do I stop the app from getting access to my data?
• What is the app’s policy for removing my data once I stop using it? Do I have to do more than just delete the app from my phone?

You should not use the App if the privacy policy does not answer the above questions. Health information is very private and sensitive. Choose Apps that have strong privacy standards to protect your information.

HIPAA is the Health Insurance Portability and Accountability Act. This is a Federal law that says your health information cannot be shared by CenCal Health without your consent. Unless it is for health care treatment, operations, and other reasons allowed by the Federal law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces

• HIPAA Privacy, Security, and Breach Notification Rules,
• The Patient Safety Act and Rule.
• To learn more about who is obligated to follow HIPAA and your HIPAA rights, please visit https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.

Most third-party health apps are not covered by HIPAA. Most Apps follow other privacy laws under the Federal Trade Commission (FTC). The FTC Act protects against fraudulent acts (e.g., if an app shares personal data without permission, against privacy policy).

Click here to learn how the FTC provides information about mobile app privacy and security for consumers.

If you think your health data was used incorrectly, file a complaint with the OCR, FTC, or CenCal Health.

To report a health care data breach with OCR:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html

To report a complaint about a third-party app’s misuse of your data with the FTC:
https://reportfraud.ftc.gov/#/assistant or call 1-877-FTC-HELP

To report a complaint to CenCal Health: Privacy@cencalhealth.org

1. Go to your Apple App Store or Google Play Store.
2. Search and download the Flexpa app pictured below:
   
3. Follow the steps your selected App requires to create your secure account.