Consumer Notice: Sharing Data with a Third-Party Application

Due to Federal regulations, certain members have the right to consent that pieces of their personal information (as specified by law) be shared with a third-party application (“Third-Party App”) that has satisfied regulatory conformance criteria set forth by regulatory guidelines.

Personal information includes any information that can identify you as an individual, such as your name, address, as well as your demographic, health, and other information. This notice provides information on tips for selecting a Third-Party App, protecting the privacy and security of your data, and regulatory oversight. Please note: Any sharing with a Third-Party App is voluntary.


Selecting a Third-Party App

It is important for you to take an active role in protecting your health information. You should look for an easy-to-read privacy policy that clearly explains how the Third-Party App will use your data. If a Third-Party App does not have a privacy policy, you should not use the Third-Party App. You should consider:

  • Does this Third-Party App have a privacy notice and where can I find it?
    • How will the Third-Party App communicate changes of this privacy notice to me?
  • What security measures does this Third-Party App use to protect my data?
  • What data will this Third-Party App collect from me?
    • Will the Third-Party App collect non-health information such as my location, photos, contacts, microphone, or device information (e.g., unique identifier or IP address)?
    • Certain devices may have a permission manager, which allows you to view and edit permissions granted by category to installed applications.
  • How will this Third-Party App use my data?
    • Will the Third-Party App share or sell my data? If so, to whom and for what purpose?
    • Does the Third-Party App share my data outside of the United States?
    • Can I limit the way the Third-Party App uses or discloses my data?
  • How can I access my record of data the Third-Party App holds?
    • Can I correct errors found in the data and how?
  • How can I ensure my data is deleted from the Third-Party App if I so choose?
    • Is deleting the Third-Party App from my device enough or do I need to take other steps?
  • Does this Third-Party App have a process for handling any complaints I may have?

If you do not know the answers to the above and would like more information, you may contact the Third-Party App.


Your Rights to Protecting Your Data

  • Your Rights Under the Health Insurance Portability and Accountability Act (HIPAA)
  • Federal Trade Commission (FTC) Act
    • Most Third-Party Apps will fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act.
    • The FTC Act, among other things, protects against deceptive acts (e.g., if a Third-Party App shares personal data without permission, despite having a privacy policy that says it will not do so).
    • The FTC provides information about mobile application privacy and security for consumers


Reporting a Suspected Breach or Complaint

  • Internal
    • You have the right to file a complaint if you believe your privacy rights have been violated or if you disagree with a decision Independent Health made about your access to your personal information. We will not take any action against you for filing a complaint.
    • You may contact us with your complaint by calling, writing, or e-mailing Independent Health’s Information Risk Office at:

      Information Risk Office
      Independent Health
      511 Farber Lakes Drive
      Buffalo, New York 14221
      (716) 631-3001 or 1-800-247-1466
      TTY: 1-800-432-1110


How We Protect Your Data

  • Through Independent Health, you can withdraw your consent for sharing data to the Third-Party App at any time by disconnecting the Third-Party App from your account.
    • Please note: This does not apply to data shared prior to your disconnecting the Third-Party App.
    • Any disconnect requests may take up to 24-hours to be fulfilled.
  • There may be situations in which we will not send data to the Third-Party App, including:
    • If we determine sharing the requested information would present an unacceptable level of risk to the security of the PHI on the organization system based on objective and verifiable criteria.
    • If your explicit consent was not given as required for conditions regulated by either Federal or State law (information pertaining to HIV/AIDS, mental health, alcohol and substance abuse, sexually transmitted diseases, pregnancy/reproductive, and genetic testing), we will not share records that may contain such data. You may contact us directly to receive any such records.
    • If you have withdrawn your consent by disconnecting the Third-Party App, we will refuse data sharing to the Third-Party App until such time you grant a new consent by connecting the Third-Party App again.
    • To persons requesting data sharing on your behalf who are not authorized under Federal or State law to act as your personal representative.

Nondiscrimination Notice
Language Assistance Services