Your health data includes your personal health-related records. While you are a Kern Family Health Care (KFHC) member, your health data is shared with us by your health care providers so that we can pay for and manage your health care services.
KFHC keeps your health data stored in safe and secure data files. We will only share your health data when it is allowed by law to help manage your health care. We can also share your health data when you give us consent. For more information about how we keep your health data private, please review the Notice of privacy practices page.
Interoperability means that systems are able to work with other systems to exchange data. KFHC has a system that will work with other systems, also called third party applications (apps), to share electronic health data. We will only share your health data when you tell us to.
Why share your health data? You may have health data, also called an electronic health record (EHR), with other health plans and providers. KFHC may not have all of your health data to share. To get all of your health data you may want to use a third-party health app.
Health applications (Health apps) are tools that can be downloaded to a smart phone or tablet. The health app offers health related services and may use your health data to do so. To get your health data, the health app must first be signed up with your health plan(s) or health care provider(s). The health app will let you see what health plan and health care provider is signed up with them. To let the health app access your health data, you will need to give consent.
If your health app is not signed up with KFHC you may contact your health app and ask them to sign up with us. To sign up, your health app will need to go to the KFHC website and find out how to sign up.
Did you know KFHC is not in charge of your health data after it is sent to a mobile app or third-party? Before you agree to share your health data, think over taking steps to keep it safe. Read the helpful tips below to learn how you can protect your personal health information (PHI).
- Know the risks
Before you share your PHI with a mobile app or third-party, look for the privacy policy that explains how it will use your health care data. Do not use the app if it does not have a privacy policy. If the app's policy does not answer the questions below, you should not share your PHI with the app.
- What data will the app collect?
- Will this app also collect non-health data from my phone or computer, such as my location?
- How will my PHI be saved?
- How will this app use my PHI?
- Will this app share any of my data? If so, with who and why?
- How can I limit the app's use of my PHI?
- How does this app protect all of my data?
- Does this app have a customer service contact?
- How do I stop sharing my PHI with the app?
- Will the app delete my data when I want to stop sharing it?
- Will the app let me know when there are changes to its privacy policy?
It is also good to know about the privacy settings on apps. When you download apps, they often ask for consent to access personal data like contacts, location, or even your camera. Ask yourself, does the app really need to access your location or photos to do its job?
- Protect your health data on your phone
- Lock your phone.
- Download apps from an official app store.
- Use a strong password and update it often.
- Do not share your password with anyone.
- Back up your data.
- Update your software.
- Remove your PHI from your phone before you dispose of it.
For more data on what you can do to protect the data on your phone, click on the following link: How To Protect Your Phone and the Data on It | FTC Consumer Information.
A federal law called the Health Insurance Portability and Accountability Act (HIPAA) gives you the right to see and get a copy of your health record. Most health insurance plans and health care providers — including doctor's offices, clinics, hospitals, pharmacies, labs, and nursing homes — must follow this law. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.
We call the entities that must follow HIPAA regulations "covered entities." Covered entities include:
- Health Plans, including health insurance companies, HMOs, company health plans, Medicare, and Medi-Cal Managed Care Plans like KFHC.
- Most Health Care Providers—those that conduct certain business electronically, such as electronically billing your health insurance—including most doctors, clinics, hospitals, psychologists, chiropractors, nursing homes, pharmacies, and dentists.
- Health Care Clearinghouses—entities that process nonstandard health information they receive from another entity into standard health information (i.e., standard electronic format or data content), or vice versa.
Who does not have to follow these laws?
Examples of businesses that do not have to follow the Privacy and Security Rules include:
- Life insurers
- Employers
- Workers compensation carriers
- Most schools and school districts
- Many state agencies like child protective service agencies
- Most law enforcement agencies
- Many municipal offices
Are third-party health apps covered by HIPAA?
Most third-party health apps will not be covered by HIPAA. Most third-party apps have to follow Federal Trade Commission (FTC) rules under the FTC Act.
The FTC has rules about mobile app privacy and security for consumers, click on the link to learn more: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
If you think your information was used or shared in a way that is not allowed, or that you did not consent to, you can file a complaint.
You have the right to file a grievance with our Privacy Official in writing or by calling the KFHC Member Services Department.
To file a grievance in writing, please download and complete the grievance form (English/Spanish) and send to us by mail or email.
By mail:
Privacy Official
c/o Compliance Department
Kern Family Health Care
2900 Buck Owens Blvd.
Bakersfield, CA 93308
By email:
By phone:
KFHC Member Services Department at 1.800.391.2000 (TTY 711)
You may also file a complaint with the Office for Civil Rights (OCR). Your complaint must be filed in writing by mail, email, or online here: OCR Complaint Portal.
To file by mail, open and fill out the Health Information Privacy Complaint Form Package - PDF in PDF format.
Print and mail the completed complaint and consent forms to:
Centralized Case Management Operations
U.S. Department of Health and Human Services
200 Independence Avenue, S.W.
Room 509F HHH Bldg.
Washington, D.C. 20201
Email the completed complaint and consent forms to: OCRComplaint@hhs.gov (Note that sending forms through email has a risk if not secure or encrypted.)
To learn more about filing a complaint with OCR under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html.
If you believe that a company that is not covered by HIPAA has shared your health information in a way that conflicts with their privacy policy on their website, you can file a complaint with the Federal Trade Commission (FTC). The FTC works to prevent fraudulent, deceptive, and unfair business practices and provide information to help you spot, stop, and avoid them. You can file a complaint online at https://reportfraud.ftc.gov/#/, a federal government website where you can report fraud, scams, and bad business practices.
Click on the following link for the FTC complaint assistant: https://reportfraud.ftc.gov/
If you cannot use https://reportfraud.ftc.gov/#/ to file a report, you can call the FTC's Consumer Response Center at 1-877-FTC-HELP (1-877-382-4357). TTY: 1-866-653-4261. Watch a video, How to File a Complaint, to learn more.