Technical Information

The information provided below is designed to help optimize your experience browsing our website. You can find additional descriptions on accessibilityenterprise systems and machine readable data by clinking the links provided.
 

Accessibility

All modern browsers include several features to make the web more accessible, such as the option to "zoom in" on a web page. To learn more about the accessibility features of your browser, please view our Accessibility Statement
 

Enterprise Systems

A software application or computer system that collects, stores, exchanges, and analyzes information an agency uses that is both a multi-departmental system or a system that contains information collected about the public and an identified system to record is referred to as Enterprise Systems.
 

Machine Readable Data

L.A. Care Health Plan is required to publish information regarding their provider directories and formulary drug lists on their website in a machine-readable format this format is known as Machine Readable Data.
 

CMS Interoperability Mandate

CMS recently introduced new interoperability mandates for health plans. This rule is designed to make health information more easily available to patients by implementing new industry standards like HL7 FHIR APIs and by deterring information blocking. The effort is pursuant to the Centers for Medicare & Medicaid Services ("CMS") Interoperability and Patient Access Final Rule (CMS-9115-F). 

Developers can refer to Developer Portal via Developer Portal

Members can access their data via third-party applications listed on the application tab
 

Disclosures:

L.A. Care Health Plan is required to make certain member health information through a software application of your choice, available on your own device. This is to encourage you to access your health care data, all in one place, using your tablet or cell phone.

Risks of sharing your health care data

L.A. Care is committed to protecting your privacy and the security of your health care data. However, once you share your health data with another health data application, they will be able to access ALL of your health care data. Sharing only some types of your data may be an option. After you share your data, L.A. Care cannot guarantee the safety of your personal health information and cannot be held responsible if your information is illegally misused or stolen.

Third-party app privacy

We respect your right to share your electronic health care and coverage information with non L.A. Care (third party) web and mobile applications. From the registered third party application(s) or “app(s)” of your choosing, you can request via the in app consent process that your L.A. Care data be imported. Many of these third party applications aren’t bound by the same strict privacy and security requirements that govern health care organizations like L.A. Care and may not be covered by HIPAA.

Most third-party apps do not have to follow HIPAA and will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). Third party apps must comply with the FTC Health Breach Notification Rule, which requires them to notify you, as well as the FTC, if there is a breach of unsecured, individually identifiable health information (Complying with FTC’s Health Breach Notification Rule | Federal Trade Commission). We cannot guarantee the security of your private information once released to a third party, so it’s important to do your homework first.

When considering sharing your health care and/or coverage information with a third party application, be sure to look at their privacy and security policies and learn how they will use and protect your data. It is important for you to take an active role in protecting your health information and you should consider questions including:

  • What health data will this app collect? Will this app collect non health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access?
  • Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information. Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

The Office of the National Coordinator for Health Information Technology offers resources to help you protect yourself as well as the Federal Trade Commission Understanding Mobile Apps | FTC Consumer Information.

Rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?

You can find more information about your rights and who is obligated to follow HIPAA here: Your Rights Under HIPAA and HIPAA FAQs for Individuals | HHS.gov. If you think your data may have been breached or used inappropriately by a third party app, you may file a complaint with the Federal Trade Commission. You can also contact the Office for Civil Rights for other HIPAA related concerns. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. Entities that must follow the HIPAA rules are called “covered entities,” which include, but are not limited to, health plans, most health care providers, and health care clearinghouses.

Are third-party apps covered by HIPAA?

Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers here.

What should I do if I think my data have been breached or an app has used my data inappropriately?

If you believe an application is misusing the data you’ve shared with them in violation of their stated privacy policy, you may also file a complaint with our internal privacy office. In addition, you may submit a complaint to OCR or FTC, as appropriate. You may file a report with the Federal Trade Commission on their website. If you believe someone other than the application has violated the privacy of your health care data, you may file a report with the Department of Health and Human Services Office of Civil Rights on their website or call them at 1-800-368-1019.

Learn more about filing a complaint with OCR under HIPAA

Individuals can file a complaint with OCR using the OCR complaint portal

Individuals can file a complaint with the FTC using the FTC complaint assistant