Regence is required to provide you with access to detailed information about your health history through a “Patient Access API.” While you are a current member, you may access this information by downloading a third-party application (the “App”) on your smart phone, tablet, computer or other similar device. The information available through the Patient Access API includes information we collect about you while you have been enrolled with us in certain lines of business since January 1, 2016. The information includes the following information for as long as we maintain it in our records:
- Demographic data and data about your health insurance coverage;
- Claims and “encounter” data¹ concerning your interactions with health care providers; and
Clinical data that we collect in the process of providing case management, care coordination, or other services to you.
The information we will disclose may include your name, address, diagnosis, treatments received, amounts paid to providers, as well as other data. It may include information about treatment for Substance Use Disorders, mental health treatment, HIV status, or other sensitive conditions.
1. The App has signed on to the CARIN Alliance Trust Framework and Code of Conduct.
- How your health information may be accessed, exchanged, or used by any person or other entity, including whether your health information may be shared or sold at any time (including in the future);
- A requirement for your express consent before your health information is accessed, exchanged, or used, including receiving express consent before your health information is shared or sold (other than disclosures required by law or disclosures necessary in connection with the sale of the application or a similar transaction);
- If the App will access any other information from your device; and
How you can discontinue the App’s access to your data and what the App’s policy and process is for disposing of your data once you have revoked your consent to share your data with the App.
If the App you select has not agreed to all these requirements, we suggest that you select another App to best protect your information.
Things you may wish to consider when selecting an App:
- Will this App sell your data for any reason?
- Will this App disclose your data to third parties for purposes such as research or advertising?
- How will this App use your data? For what purposes?
- Will the App allow you to limit how it uses, discloses, or sells your data?
- If you no longer want to use this App, or if you no longer want this App to have access to your health information, can you terminate the App’s access to your data? If so, how difficult will it be to terminate access?
- What is the App’s policy for deleting your data once you terminate access? Do you have to do more than just delete the App from your device?
- How will this App inform you of changes in its privacy practices?
- Will the App collect non-health data from your device, such as your location?
- What security measures does this App use to protect your data?
- What impact could sharing your data with this App have on others, such as your family members?
- Will the App permit you to access your data and correct inaccuracies? (Note that correcting inaccuracies in data collected by the App will not affect inaccuracies in the source of the data.)
Does the App have a process for collecting and responding to user complaints?
Deleting the App will not automatically stop Regence from sending your data to the App if you have authorized us to send your data to the App. To have Regence stop sending your data to the App you must revoke your authorization with Regence.
September 14, 2021
October 8, 2021
1upHealth Connect API
November 18, 2021
January 6, 2022
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. Regence is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA here: https://www.hhs.gov/hipaa/for-individuals/index.html. To learn more about filing a complaint with OCR related to HIPAA requirements, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html. You may also report any issues with Regence by contacting the phone number on the back of your member ID card.
An App generally will not be subject to HIPAA. An App that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts (such as an App that discloses personal data in violation of its privacy notice). An App that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission (FTC). The FTC provides information about mobile App privacy and security for consumers here:
If you believe an App inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant:
¹“Encounter” data is information about office visits and other interactions with providers that are paid for under a monthly (or annual) fee that Regence pays a provider for furnishing care to members. This type of payment arrangement is referred to as a “capitation arrangement.”