Access your medical data with approved consumer health apps

You can grant consent to share your health data with any chosen third-party app starting July 1, 2021. When you consent, we're required to make your health data available to the third-party app within 1 business day.

However, for the third-party app to be able to access your data, the third-party app needs to register with us.

If you think your data is unsafe with the third-party app, or you want to stop accessing your data on the third-party app, you can immediately revoke the access granted to the app. Call the GHP Customer Care team or the number on the back of your member ID card.

As a GHP member, you may appoint a personal representative to act on your behalf. Minors usually have their parents or legal guardian as their personal representative.

You can appoint anyone, such as a family member or a trusted aide, as your authorized personal representative to make health decisions on your behalf. The appointed authorized personal representative is treated as the member and can grant, revoke or renew consent to the third-party apps to access your health data.

Be cautious in choosing who you appoint as your personal representative. Contact us for more information about authorized personal representatives.

When you consent to share your data with third parties, being aware of the potential risks helps you make an informed decision.

Allowing an app to access, store, manage or use your data involves some degree of risk. To help you with this decision, we've reviewed and rated several apps. We'll always try to keep your health data safe at all levels in our Geisinger processes and applications. But once your data is shared externally and is controlled by a third party, we have no visibility or control over how they store, manage or consume it.

If you think the safety of your data could be compromised by the third party, you can immediately stop sharing your data with them by calling the GHP Customer Care team or the number on the back of your member ID card.

A specific example of risk to your data is called secondary usage. When your data is shared with and controlled by a third-party app, they may use your data in other ways, such as for advertising. Pay close attention to the privacy policy and user agreement provided by the app.

If you think the safety of your data could be compromised by the third party, you can immediately stop sharing your data with them by calling the GHP Customer Care team or the number on the back of your member ID card.

An authorized personal representative can access all your health data via third-party apps. Without your knowledge, they can grant and revoke access to your data to any third-party app they choose. Because your authorized personal representative is treated as you, the member, with regard to making health decisions, be cautious about who you appoint.

Social engineering attacks, in which scammers try to access your health information, are becoming increasingly sophisticated. Beware of people or organizations posing as representatives of third-party health apps to trick you into sharing your sensitive information. Sometimes called "phishing scams," these could be phone calls or emails pretending to be a trustworthy company or person requesting your information.

You can protect yourself with these tips:

• Keep your anti-virus/anti-malware software updated.
• Use and check your email filters and spam filters.
• Use multifactor authentication for important accounts.
• Don't respond to requests for personal information or passwords.
• Don't open email from a suspicious source.
• Don't click on links received in an email from a suspicious sender.
• Don't download or open attachments in an email from an unknown sender.
• Don't use the same password for multiple accounts.

For more information on how to protect yourself from social engineering scams, or if you think you may have been a victim of such a scam, visit the FTC’s site on phishing scams.

Third-party apps are managed by people or organizations outside of Geisinger. As an app developer you can:

• Access Geisinger's developer portal
• Review information on developer instructions or API Documentation
• Register yourself or an application

As a GHP member, you'll be empowered and educated with a risk assessment framework for third-party apps. The risk assessment process will provide valuable information and insight into how safe, secure and transparent an app is and how your health data is protected within it. Use the result of the risk assessment to make an informed choice and select the most appropriate app for you.

This risk assessment framework was developed in line with Carin Code of Conduct, CMS Interoperability and Patient Access Final Rule, CMS Blue Button, ONC Privacy Model and HIPAA.

Following Geisinger's risk assessment process, the app developer fills out a risk assessment questionnaire to get access to the production environment and real-time member health data. The questionnaire is divided into three sections: data privacy, security assessment and technical assessment. These sections are divided further into seven domains.

Under each domain, developers must answer several questions to explain how the app addresses the requirements of data confidentiality, privacy and security. We evaluate a risk score and risk rating based on their answers.

The app developer is asked to self-attest. If they choose not to attest to the responses provided for the risk assessment questionnaire, we give the app a "high risk" rating regardless of the result of the risk assessment process carried out for the app.

You can see the risk ratings and corresponding scores provided for all the apps approved by Geisinger. Risk ratings are categorized as low risk, medium risk and high risk.

A smarter choice can be an app with a low risk rating.

An authorized personal representative is a person allowed to act on your behalf to make health decisions for you. Before someone can act as an authorized personal representative, you must appoint them by providing a legal document called Power of Attorney (POA).

A medical POA is a legally verifiable document that establishes a person's right to execute/make health decisions on your behalf. This POA document is created upon your direction while you're in a sound state of mind and health.

The Centers for Medicare and Medicaid Services (CMS) says that your authorized personal representative is to be treated as you yourself. That means we would honor the health decisions your representative makes on your behalf (just like we would honor yours). Because of this, you should be careful in choosing who you want to appoint as your authorized personal representative.

Authorized personal representative

• Legal Power of Attorney document is required.
• They can access member health information and make health decisions.

Authorized representative

• Power of Attorney documentation is not needed.
• They can access member information but cannot make health decisions.

In Pennsylvania, there are many guidelines on personal representatives for minors.

Emancipation of minors: In Pennsylvania, there's no general emancipation statute that explains procedures to follow to obtain that legal status. Generally, emancipation in Pennsylvania is based on a factual situation. The following situations do not need emancipation by a court order:

• Screening and treatment for sexually transmitted diseases
• Screening and treatment for HIV
• Contraception (but not abortion)
• Drug and alcohol treatment
• Mental health treatment if you are age 14 and older
• Minor who is pregnant (except for the decision to abort, which requires consent by parent/guardian)

Special conditions

• Pregnant minors
• Minor can make all medical decisions (except abortion)/provide consent.
• For abortion, consent for treatment needs to be provided by the parent/guardian.
• Mental health outpatient treatment
• Age: under 14 – The personal representative is required to provide consent.
• Age: 14 to 17 – The minor can provide consent for treatment, which cannot be contradicted or revoked by the personal representative.
• Age: 18 and above – The person is treated as an adult and can make their own health decisions.

Your authorized personal representative is treated like you, the member, in terms of health decisions they can make. They have rights that include:

• Making health decisions on your behalf
• Granting, revoking and renewing consent to third-party apps on your behalf
• Viewing the list of third-party app(s) that are accessing your health data
• Accessing your health data via the third-party app(s)

If you have restricted your authorized personal representative’s access to certain protected health information, they will not be able to view complete information.

To submit a request for appointing an authorized personal representative, follow these steps:

• View the form or access it securely on your GHP member portal.
• Fill out the online request form (Member information, representative information, electronic signature), then submit the request.
• Next, you’ll need to either
• Email the signed authorization form, the Power of Attorney (POA) document and other supporting documentation to solutionsteam@thehealthplan.com
• Fax the documents to 570-271-5871
• Or mail them to:
• Geisinger Health Plan
  Authorized Personal Representative Form
  100 N. Academy Ave.
  Danville, PA 17822-3229

Once approved, the authorized personal representative will receive an email from us with a unique access code to create a new account or link their existing account to the personal representative role.

If an active Power of Attorney document for the personal representative is already on record, we’ll approve your request and you may not need to separately send the POA document. Call 800-498-9731 for questions regarding POA.

1. To revoke, submit a revocation letter mentioning the POA status to be revoked. Your revocation request letter should be witnessed or notarized appropriately for proof of validity.
2. To replace, submit the updated POA document to revoke, then replace the existing POA on your file.
3. Submit documentation by:
1. Email: solutionsteam@thehealthplan.com
2. Fax: 570-271-5871
3. Or mail to:
   
   Geisinger Health Plan
   Authorized Personal Representative Form
   100 N. Academy Ave.
   Danville, PA 17822-3229

Although an authorized personal representative can act in full capacity of the member, there are certain limitations.

• A personal representative cannot access health information that has been withheld by the member, as permissible by applicable laws.
• Any third-party app for which consent to share data has been provided by the personal representative can be revoked by the member at any time.
• A personal representative cannot access a member's user credentials.
• A personal representative cannot sign in to access or replicate a member’s view of the Geisinger systems.
• If a member is deceased, the validity of the Power of Attorney ceases and the authorized personal representative can no longer access the member's health information.

You can grant consent to any registered third-party app to access your health data. To grant consent via the third-party app:

1. Sign in to your third-party app.
2. Identify the feature that enables health data access from your health plan (or any equivalent section).
3. On the list of health plans, select Geisinger Health Plan.
4. Sign in using your GHP member portal credentials.
5. Grant consent to the third-party app. Your data will be shared upon successfully granting consent.

You or your personal representative can renew consent for a third-party app if it's expired or is nearing expiration. Call the GHP Customer Care team or the number on the back of your member ID card and place a request to renew consent.

You can revoke consent to any third-party app anytime. Note that deleting the app from your device may not end the app's access to your data.

You can revoke consent by calling the GHP Customer Care team or the number on the back of your member ID card and they will revoke the app's access during the call. They can also revoke access to all apps at once to protect your data — for example, if your phone is lost or stolen.

If you think your data shown on the app is incorrect, contact the GHP Customer Care team or call the number on the back of your member ID card to resolve the issue.

To file a complaint, contact the GHP Customer Care team. If your complaint isn't resolved to your satisfaction, you can file a complaint with the Federal Trade Commission (FTC) or Office for Civil Rights (OCR).