Connect your health data to third-party apps

Look for a privacy policy that’s easy to read and explains how the app will use your health data. Then, use the privacy policy to try to answer these questions:

• What health data will this app collect? Will this app collect non-health data from my device, such as my location?
• What security measures does this app use to protect my data? Will this app store my data in a de-identified or anonymized form?
• How will this app use my data?
• Will this app sell my data for any reason, such as advertising or research?
• How can I limit this app’s use and disclosure of my data?
• What impact could sharing my data with this app have on others, such as my family members?
• How can I access my data and correct errors in data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• How do I stop the app from accessing my data? What is the app’s policy for deleting my data once I remove access?
• How does this app inform users of changes that could affect its privacy practices?

If the app doesn’t have a privacy policy or doesn’t answer these questions, it may not be secure or private. You should reconsider allowing the app to access your health information.

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about your rights under HIPAA, and who has to follow HIPAA, here. You can also find frequently asked questions about HIPAA here.
 
Most third-party apps are not covered by HIPAA. Instead, these apps fall under the protections of the Federal Trade Commission (FTC) Act. The FTC Act protects against deceptive acts.

Here's an example: an app shares your data, even though its privacy policy says it won't. You can find information about mobile app privacy and security from the FTC here.

If you believe your privacy has been breached, you can reach out to our Customer Service team to report the incident. We will then forward the report to our internal Privacy Officer.
 
You can contact Customer Service by calling us at 866-414-5533 or at the number on the back of your member ID card. You can also email us at healthplanCustomerService-Members@mgb.org or go to Member.MassGeneralBrighamHealthPlan.org to start a live chat with a Customer Service Professional. We are available Monday through Friday, 8:00 AM to 6:00 PM and 8:00 AM to 8:00 PM on Thursdays.
 
Note that email sent over the Internet is not secure and should not be used to communicate confidential or health information directly to Mass General Brigham Health Plan. You can learn more about email security with Mass General Brigham Health Plan here.
 
You can also file a complaint with the Office for Civil Rights (OCR) or Federal Trade Commission (FTC) using the links below.

• Learn about filing a complaint with the OCR under HIPAA
  • File a complaint using the OCR complaint portal
• File a complaint using the FTC complaint assistant