Share my health data notice

Sharing your information

The Interoperability and Patient Access rule (CMS-9115-F) was passed in 2020 by the Centers for Medicare & Medicaid Services (CMS). The rule makes it easier for you to access and share your health data. For example, using your smart phone app to find out about claims, medications and more. This shared data is found with certain insurance plans.

Apps can get information starting from 2016. The year apps can start collecting health data is based on when you enrolled in your current plan. Why share data between you, health care providers and the apps? It helps everyone work together to improve patient care. This may help reduce your health care costs, too.

Member Education

Third-Party App Guide

Protect your health information. This is information about you and your health.

Your privacy is important. Third-party apps may collect your health information. Third party means the app is not ours. The app is not working for us. Make sure you understand your apps. Read their privacy policies. Choose apps with strong privacy and security.

You should know:

  • What health information the app will collect
  • What other information the app will collect, for example your location
  • If your data will be stored in de-identified or anonymized form
  • If your identity will be stored
  • If and how the app will use your information
  • If and how the app will share your information
  • Why and with whom the app will share your information
  • If the app will sell your information
  • If and how the app will let you know about changes to its policies
  • If and how you can limit the app’s use of your information
  • If and how the app protects your information
  • How using this app could affect others, such as your family
  • If and how you can see your information and correct any mistakes
  • How to send complaints to the app
  • How to delete your account or information
  • If and how you can stop the app from seeing or using your information
  • What is the app’s policy for deleting your data once you terminate access and do you have to do more than just delete the app from your device
  • How does the app inform users of changes that could affect its privacy practices
  • If and how the app will let you know if there is a security breach

Some patients, particularly patients who are covered by Qualified Health Plans (QHPs) on the Federally-facilitated Exchanges (FFEs), may be part of an enrollment group where they share the same health plan as multiple members of their tax household.

What you should know:

  • If the primary policy holder and other members, can access information for all members of an enrollment group
  • If access to member data can be restricted for members of an enrollment group
  • How your data will be accessed and used based on the enrollment group policies of their specific health plan in their specific state

Patients who share a tax household but who do not want to share an enrollment group have the option of enrolling individual household members into separate enrollment groups, even while applying for Exchange coverage and financial assistance on the same application; however, this may result in higher premiums for the household and some members, (i.e. dependent minors, may not be able to enroll in all QHPs in a service area if enrolling in their own enrollment group) and in higher total out-of-pocket expenses if each member has to meet a separate annual limitation on cost sharing (i.e., Maximum Out-of-Pocket (MOOP)).

If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information.  Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

Sensitive Health Information

You must first allow us to give apps sensitive health information about:

  • Substance use disorder
  • Psychotherapy
  • Reproductive health
  • Communicable disease
  • Other sensitive health information

We will not release this information to apps without your permission.

Privacy Protections

The Health Insurance Portability and Accountability Act (HIPAA) is a federal privacy law that protects health information. It limits how it is stored and shared.

It protects information in apps that are from health plans or health care providers.

It does not protect information in apps that are not from health plans or health care providers.

The U.S. Department of Health and Human Services (HHS) Office of Civil Rights (OCR) enforces the HIPAA Privacy, Security and Breach Notification Rules, and the Patient Safety Act and Rule.  You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here:

You can also access HIPAA FAQs for Individuals at for additional information.

All apps are subject to the Federal Trade Commission (FTC) Act. It protects against unfair or deceptive acts. An example is if an app shares your information without permission despite having a privacy policy saying it won’t.

The FTC provides information about mobile app privacy and security for consumers here:


If you believe an app has improperly used your information:

  • You can file a complaint with our Privacy Office by submitting a written request to:
        UnitedHealthcare Privacy Office
        PO Box 1459
        Minneapolis, MN 55440
  • You can file a complaint with the Health and Human Services Office for Civil Rights (OCR). Use the OCR complaint portal.
  • You can file a complaint with the FTC. Use the FTC complaint assistant.