Member Health App Privacy Rights and Resources
Covered Entities, Business Associates and HIPAA Enforcement.
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. BlueCross BlueShield of Tennessee is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists, and organizations who provide services to them or on their behalf. Individuals and organizations who are subject to HIPAA are called “Covered Entities” and “Business Associates.” Some Apps may be subject to HIPAA if they are providing services to, or on behalf of, a Covered Entity, such as your health care provider or health plan. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA here.
You can file a complaint with OCR related to HIPAA requirements. To learn more about how to file a complaint with OCR go here. If you want to file a complaint with BlueCross, contact us.
Apps and Privacy Enforcement
Most Apps will not be subject to HIPAA. An App that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. Most Apps will instead fall under the jurisdiction of the Federal Trade Commission Act (FTC). The FTC protects against deceptive acts (such as an App that discloses personal data in violation of its privacy notice).
The FTC also provides information about mobile App privacy and security for consumers.
If you believe an App inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant.