- Collection and use of personal information
- Cookies
- Website security
- Linked sites
- Protecting your personal health information
- Interoperability and third-party applications
Collection and use of personal information
Our website provides you with the opportunity to voluntarily submit forms to request additional information about Fallon Health (Fallon). In the course of these transactions, you may provide us with personal demographic information or possibly detailed medical information. We use the information you provide solely to help us respond to your request. As part of researching or fulfilling your request, your information may be shared with other Fallon employees. All employees of Fallon Health sign confidentiality agreements as part of our employment policy to ensure that any private information encountered through the course of their work is treated with the utmost respect.
At no time will Fallon Health sell, rent, loan, trade or lease any information collected on our site. However, please note that we may need to use this information within the Fallon family of affiliate companies or with a third party vendor to perform administrative, technical, or other functions that help us provide service to you. We seek to hold third party vendors to the same privacy practices as Fallon Health.
Except as noted above, Fallon will not release individualized information to another party unless required to do so by government authorities, legal processes, or otherwise required by law.
Any personally identifiable information collected through the website is not stored on the website, but will go to back office systems in the same manner that information from paper forms, submissions and phone calls to customer service are currently handled. The information is used as defined above. As a standard practice, as described below, we collect general statistical information on the content viewed, which is used to help us provide better service to you.
You have the right and ability to exit the Fallon Health site at any time and not remain in active session. If you choose to remain in session on our site, you implicitly consent to our privacy and security policies.
Fallon Health's website is designed and intended for adults; it is not directed toward children. As such, we do not knowingly collect or use personal information from children under 13.
| Back to top |
Collection of information from site visitors: Cookies
When you visit our website, we collect certain information that provides us with aggregate "usage data." This information is used to measure the number of visitors to the different sections of our site and to help us make our site more useful to our visitors. This information is retained and periodically deleted from the site; no back-up copies are made.
Fallon Health's website does employ "cookies" to provide visitors with information that is specific to them. We do not use cookies on an any page that requires you to submit any data about yourself or create a login.
If you choose, you may disable or delete our cookies from your hard drive; however, blocking or deleting cookies may cause some of Fallon's website features and functionality to work incorrectly.
At no time will Fallon Health sell, rent, loan, trade or lease any information collected through cookies on our site.
| Back to top |
Website security
Fallon Health takes precautions to protect information our members submit to us via this site. When we ask users to enter personal information, we utilize encryption to protect the transmission of data. The same procedures apply when users ask to see any of their personal information that we maintain.
Please be aware, though, that any unencrypted communication or material transmitted to or from Fallon Health through our website or unencrypted email may not be secure. Accordingly, Fallon Health is not responsible for the security of information transmitted via the internet or other global computer networks.
To protect your privacy, please do not use unencrypted email or unencrypted transmissions to communicate information to us that you consider to be confidential. For more private communication, visitors can contact Fallon Health by telephone or mail or, if you are a member, through our MyFallon member portal.
| Back to top |
Linked sites
Fallon Health's website has links to various other websites that we think might be useful or of interest to you. Fallon, however, cannot be responsible for and does not endorse the privacy practices or the content of its linked websites. Fallon Health urges you to review the privacy policies of any website you visit once you leave Fallon's website. Links to various non-Fallon websites do not constitute or imply endorsement by Fallon Health of these websites, any products or services described on these sites, or of any other material contained in them.
| Back to top |
Protecting your personal health information
As a Fallon Health member, what do I need to know about HIPAA?
Fallon adheres to the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).
You can tell us how you would like your personal health information shared by submitting forms available on HIPAA forms.
The HIPAA requirements are there to protect you, the consumer. With respect to health care, HIPAA is meant to simplify communications between health plans and providers—mostly through electronic means. However, you should be aware that HIPAA outlines strict guidelines to ensure the privacy and confidentiality of your PHI (protected health information, such as your name and medical information). These guidelines require that your PHI be used for purposes of treatment, payment and health plan operations, and not for purposes unrelated to health care.
Under HIPAA, Fallon Health must:
- provide a Notice of Privacy Practices to all members (the Notice is issued to all new members with their new member materials and is also available here:Notice of Privacy Practices - pdf).
- make sure that every person or company who works with us protects member information as we do.
- carry out privacy training for all employees, whether they deal with member records or not.
- have consequences in place if member information is used or shared improperly.
| Back to top |
Interoperability
The Centers for Medicare and Medicaid Services (CMS) released the Interoperability and Patient Access final rule on March 9, 2020. This final rule requires most CMS-regulated payers–including, but not limited to, Medicare Advantage (MA) organizations, Medicaid Fee-For-Service (FFS) programs, and Medicaid managed care plans, to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) that allows patients to easily access their claims and encounter information including cost, specifically provider remittances and enrollee cost-sharing, as well as a defined sub-set of their clinical information through third-party applications (app) of their choice.
Third-party apps and your health information
If you choose to allow a third-party app to retrieve your health care data, it is important for you to take an active role in protecting your health information. If an app you are considering does not have a privacy policy, Fallon Health advises you not to use that app.
When choosing your app, you should ask these questions:
- What health data will this app collect? Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what purpose?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could my sharing of my data with this app have on others, including my family members?
- How can I access my data and correct inaccuracies in the data retrieved by this app?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information. Your health information is very sensitive, and you should be very careful to choose apps with strong privacy and security standards to protect it.
Most third-party apps will not be covered by the Health Insurance Portability and Accountability Act (HIPAA). If you want to learn more about HIPAA, who is required to follow it and your rights under HIPAA, please see above, or here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html
Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).
The FTC provides information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
If you think your data has been breached under HIPAA, you should contact our Privacy Officer:
Address: 1 Mercantile St., Ste 400, Worcester, MA 01608
Phone: 1-800-868-5200 (TTY: 711)
Fax: 1-508-831-1136
Email: compliance@fallonhealth.org
Additionally, you can submit a complaint with the Office for Civil Rights under HIPAA, or with the FTC.
- To learn more about filing a complaint with OCR under HIPAA,visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
- You can file a complaint with OCR using the OCR complaint portal: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
- You can file a complaint with the FTC using the FTC complaint assistant: https://reportfraud.ftc.gov/#/assistant
Accessing and sharing your health information
For members of Fallon Medicare Plus, NaviCare, Fallon 365 Care, Fallon Health-Atrius Health Collaborative, and Berkshire Fallon Health Collaborative
If you are interested in sharing your health information with an app, here are the steps you will need to take:
- Download the app(s) of your choice to your device. Click here to view a selection of apps that will allow you to access your Fallon Health data.
- When you are in the app, use the search bar to search for your health plan. You should search for “Fallon Health.”
- Once you have selected your health plan, you will need to provide your consent for Fallon to share your health data with the app of your choice. You will be asked for information including your email address, your birth date, and your member ID number.
- You will then be asked to provide a code that will be sent to your email address. The email will come from “no-reply@fallonhealthfhir.com.” This is the third-party vendor that Fallon has partnered with.
- Type the code from your email into the app.
- At that point, you can agree to share your Fallon Health medical data with the app of your choice.
| Back to top |