Skip to main content

Know Your Rights

You will want to ensure the app you choose protects the privacy and security of your health information. Keep in mind, when you consent for an app to access your data, HIPAA protections no longer apply once the data is released by Vermont Medicaid.

  • Most third-party apps will not be covered by HIPAA protections. They will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

  • The FTC provides information about mobile app privacy and security for consumers.

  • The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security and Breach Notification Rules as well as the Patient Safety Act and Rule. As a health plan and because we are considered a HIPAA-covered entity, DHMP is required to keep your health information secure while it is in our possession. Other examples of covered entities who must also keep your health information secure under HIPAA include health care providers that conduct certain business electronically (i.e. doctors, clinics, pharmacies) and health care clearinghouses (entities that process nonstandard health information they receive from another entity into a standard (i.e., standard electronic format or data content), or vice versa).