Access your health information

Member Resources

In order to access your data yourself, you will need to download and use a third-party application and approve that your health care data be shared. If you do choose to share your data, it will be transferred by HPSM to Care Evolution myFHR, the only third-party application that currently works directly with HPSM.

Information about how to share your health care data can be found below. But before you share your data, make sure you weigh the benefits against the risks. 

Benefits of sharing your health care data

The information you can see on an app may include details about your:

• Health care insurance. 
• Medications, immunizations and lab results.
• Medical history (such as conditions, treatments and procedures).
• Doctors and health care appointments.
• Medical payment history – including payments for health care made by HPSM and by you.

Sharing your health care data can:

• Help you understand your health care better and make more informed choices by making all your data available to you in one place.
• Help researchers improve treatments and find cures (if you agree to share your anonymous data for this purpose).
  

Risks of sharing your health care data

HPSM is committed to protecting your privacy and the security of your health care data. However, once you share your health data with a third-party app, they will be able to access all of your health care data. Sharing only some types of your data is not an option. HPSM does not contract with or endorse any third-party application that connects with HPSM. After you share your data, HPSM cannot guarantee the safety of your personal health information and cannot be held responsible if your information is illegally misused or stolen.

Before sharing your health care data 

Read the app's or third-party's privacy policy to understand how your health care data will be used. Do not use any app that doesn’t have a privacy policy or doesn’t answer the following questions in their privacy policy:

• What data will the app collect?
• Will the app also collect non-health data from my phone or computer, such as my location?
• How will the app save my health care data?
• How will the app use my health care data?
• Will the app share my data? If so, with who and why?
• How can I limit the app's use of my health care data?
• How does the app protect all of my data?
• Does the app have a way to contact customer service?
• Can I stop sharing my health care data with the app? 
• If I want to stop sharing my health care data with the app, will my data be deleted from the app?
• Will the app let me know when its privacy policy changes?

Reporting suspected data misuse

If you believe an app or third-party has misused your health care data in violation of their stated privacy policy, file a report with the Federal Trade Commission on their website or call them at 877-382-4357. If you believe someone other than the application has violated the privacy of your health care data, file a report with the Department of Health and Human Services Office of Civil Rights on their website or call them at 1-800-368-1019. You can also revoke or block third-party applications from accessing your HPSM health information at any time.

Security measures to protect your data

Security measures HPSM takes to protect your data

These include:

• Requiring your express permission before sharing your data.
  
• Using methods to confirm your identity, such as security questions and multi-factor authentication.
  
• Not renting, selling or sharing information about you for direct marketing or other purposes without your permission.
  
• Never sharing your personal payment information (such as credit card numbers, HSA account details, bank account details or other types of financial information).

Measures you can take to protect your health care data 

• Learn about the privacy settings on apps. 
• When you download apps, they often ask for consent to access personal data like contacts, location or your camera. Think about whether the app really needs to access your location or photos.
• Lock your phone using a password or fingerprint ID. 
• Only download apps from an official app store.
• Use a strong password on the app and update it often.
• Do not share your password with anyone.
• Back up your data.
• Update your software.
• Remove your health care data from your phone before you dispose of it.

How to approve transfer of your health care data

If you are a current HPSM member

If you are no longer an active HPSM member (Term Members)

1. Go to your current health plan's site to begin the data transfer process.
2. Select Health Plan of San Mateo from the list of previous health plans.
3. When prompted, sign in to the HPSM Member Portal with your HPSM username and password.
4. Click "Allow" to authorize a one-time transfer of your data.

The data transfer can take up to 48 hours after authorization. Contact your current health plan if you need assistance.

How to share your health care data

Care Evolution myFHR is the only app that you can share your HPSM health care data with at this time. To get started, you will need to: 

• Download the Care Evolution myFHR app to your mobile device.
• Create a new account by agreeing to their terms and conditions.
• Authenticate your account and log in.
• Approve sharing your HPSM health care data.   

After these steps are completed you may be sent marketing emails or texts based on your medical history and health care use.

Health Insurance Portability and Accountability Act (HIPAA) regulations

Entities that must follow HIPAA regulations 

Health care organizations that must follow Health Insurance Portability and Accountability Act (HIPAA) regulations are called "covered entities." They include:

• Health plans, including health insurance companies, health maintenance organizations (HMOs), company health plans and Medicare/Medi-Cal managed care plans (like HPSM).
• Most health care providers, including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies and dentists. It includes any providers that conduct certain business electronically (such as electronically billing your health insurance).
• Health care clearinghouses, including entities that process nonstandard health information they receive from another entity into standard health information (i.e., standard electronic format or data content), or vice versa.

Entities that do not have to follow HIPAA laws

Examples of businesses that do not have to follow HIPAA Privacy and Security Rules include:

• Life insurers.
• Employers.
• Workers compensation carriers.
• Most schools and school districts.
• Many state agencies like child protective service agencies.
• Most law enforcement agencies.
• Many municipal offices.

Third-party health apps and HIPAA

Most third-party health apps do not need to comply with HIPAA Privacy and Security Rules. However, most third-party apps do have to follow Federal Trade Commission (FTC) rules under the FTC Act. These include rules about mobile app privacy and security for consumers.