Handling BYOD and BYOA in Health Care Interoperability: Consumer Consent Filtering and App Attestation

The CMS final rule interoperability is designed to free up a health plan member’s data to improve their care, help them lower health care spending and other benefits. Now people are going to access their currently HIPAA-secure data on the devices and apps of their choosing that are not bound by HIPAA protections. Plans can educate consumers about potential privacy risks, but ONC rules about information blocking provide few allowances to stop data sharing.

The final rule allows plans to ask third-party app developers to confirm that they are following certain privacy practices, including attesting that their privacy policy specifies any secondary uses for patient data. Plans must also determine how to manage right of access for current and past members. To maintain the trust of consumers, plans should carefully plan these processes and ensure data security when HIPAA-compliant data transitions from plan control to consumer/app control.

In this webinar, you’ll:

  • Find out about the final CMS and ONC rules and how to plan for apps and developers not covered by HIPAA
  • Explore how to educate members about the risks of sharing their data and how to access their data
  • Learn lessons from other industries dealing with sensitive PII and how they are maintaining security and consumer trust