SFHP Privacy Policies

Member Data Rights

Helpful Information for Members

What should a member know before letting a third-party app get their health care data?

It is vital for members to take an active role in protecting their health data. Members should look for an easy-to-read privacy policy that clearly tells you how the app will use your data. If an app does not have a privacy policy, members should not use the app.

Members should think about:

  • Has the app been passed by any regulatory agency?
  • What health data will this app collect?
  • Will this app collect non-health data from my phone, such as my location?
  • How will this app use my data?
  • Will this app show my data to third parties?
    • Will this app sell my data for any reason, such as advertising or research?
    • Will this app share my data for any reason? If so, with whom? For what reason?
  • How can I limit this app’s use and release of my data?
  • What safety steps does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How does this app let users know of changes that could change its privacy practices?
  • How can I use my data and fix mistakes in data saved by this app?
  • Does this app have a way of taking in and answering a user complaint?
  • If I don’t want to use this app anymore, or if I don’t want this app to use my health data, how do I stop the app from getting my data?
  • What is the app’s policy for removing my data once I stop using it? Do I have to do more than just delete the app from my phone?

If the app’s privacy policy does not answer these questions, members should either not use the app or look at other apps. Health data is very private and members should be careful to pick apps that have strong privacy and safety standards to protect their data.


What are a member’s rights under the Health Insurance Portability and Accountability Act (HIPAA) and who must follow HIPAA?

The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the member Safety Act and Rule. You can find more information about member rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

You may also want to share with members the HIPAA FAQs for Individuals: https://www.hhs.gov/hipaa/for-individuals/faq/index.html

Are third-party apps covered by HIPAA?

Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections given by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares private data without your okay, despite having a privacy policy that says it will not do so).

The FTC gives information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

What should a member do if they think their data have been breached or an app has used their data incorrectly?

To file a complaint, members should follow the below listed rules.

San Francisco Health Plan Customer Service is ready to help you in the language you prefer to speak. We answer questions about your benefits and health services. We also help solve problems you may be having with your health care services.

Customer Service representatives are available Monday through Friday, 8:30am to 5:30pm at any of the following phone numbers:

Local Callers 1(415) 547-7800
Toll-Free Callers 1(800) 288-5555
TDD/TTY for People Who Are Deaf, Hard-of-Hearing, or Have Speech Disabilities 1(415) 547-7830 or 1(888) 883-7347 toll-free or 711