Using an App to Access Your Information

New federal interoperability regulations from the Centers for Medicare and Medicaid Services (CMS) require that health insurance plans provide members with a way to obtain their protected health information through a third-party application or “App”.  These regulations only apply to certain types of insurance.  If you purchased your Blue Cross and Blue Shield of Louisiana (Blue Cross) insurance plan on the federal marketplace or exchange (healthcare.gov) or if you have a Medicare plan, you are eligible to access your health information through an App of your choice.

Members will need to select an App that has registered with Blue Cross in order to access their information through the App. The Blue Cross logo will be presented as follows for members to choose in the App’s list of connected health plans.

Of course, all Blue Cross members may continue to use MyAccount, an online service available through our website, or call Customer Service using the phone number on the back of the member identification card to access account information, explanation of benefits, and more.

Important note: If you are trying to create an account for a minor child you will be prompted to call Customer Service for assistance. If you are trying to create an account by using an email address that is already in use, you will be unable to do so.  Each account must be created with a unique email address.

Blue Cross asks all App developers to register with us and provide their privacy practices and terms of use. The App should also make this information available to you.  

Be sure to read the App’s privacy policy before use. Remember, the App you choose will have access to most of your protected health information, including sensitive conditions you may have experienced. Consider the following questions and make sure you are satisfied with the answers before proceeding with use of an App.

• What health information will this App collect?
• Will this App collect non-health information from my device, such as my location?
• Will my information be stored in a de-identified or anonymized form?
• How will this App use my information?
• Will this App share my information with third parties?  
• Will this App sell my information for any reason, such as advertising or research?
• Will this App share my information for any reason? If so, with whom? For what purpose?
• How can I limit this App’s use and disclosure of my information?
• What security measures does this App use to protect my information?
• What impact could sharing my information with this App have on others, such as my family members?
• How can I correct inaccuracies in information retrieved by this App?
• Does this App have a process for collecting and responding to user complaints?
• If I no longer want to use this App, or if I no longer want this App to have access to my health information, how do I terminate the App’s access to my information?
• What is the App’s policy for deleting my information once I terminate access? Do I have to do more than just delete the App from my device?
• How will this App inform me of changes that could affect its privacy practices?

If the App’s privacy policy does not clearly answer these questions, you may want to consider another App that does. Health information is very sensitive – we advise you to be careful to choose Apps with strong privacy and security standards to protect it.

Blue Cross must follow strict privacy and security rules outlined in the Health Insurance Portability and Accountability Act (HIPAA) as well as other federal and state privacy laws to protect your information and keep it confidential. Health insurance plans and health care providers, like doctors, pharmacies, and hospitals, are all required to follow HIPAA. 

The Office for Civil Rights (OCR) under the federal Department of Health and Human Services is responsible for making sure that health plans and health care providers follow HIPAA. You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.

An App generally will not be subject to HIPAA. An App that publishes a privacy policy is required to comply with the terms of its policy, but typically is not subject to other privacy laws. An App that violates the terms of its privacy policy is subject to the jurisdiction of the Federal Trade Commission (FTC). You can learn more about the FTC here: How To Protect Your Privacy on Apps | FTC Consumer Information.

If you wish to file a complaint with Blue Cross about how your health information was used or accessed, you may contact the Blue Cross Information Governance Office in the following ways:

• Call (225) 298-1751 or 1 (800) 258-3746
• Email privacy.office@bcbsla.com
• Write us at Blue Cross and Blue Shield of Louisiana, Information Governance Office/Privacy, P.O. Box 84656, Baton Rouge, LA 70884-4656.

To learn more about filing a complaint with OCR under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

Individuals can file a complaint with OCR using the OCR complaint portal:
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.
 
Individuals can file a complaint with the FTC using the FTC complaint assistant:
https://reportfraud.ftc.gov.

Developers of third party apps can visit our developer portal for registration and technical documentation for Medicare Advantage and Commercial insurance coverages.