Scambusters

Your Personal Information: Is It Safe on Insurance and Health Apps?

health apps

Learn the Risks of Third-Party Health Apps: Scambusters #1,213

Scheduling appointments. Viewing lab results. Messaging your doctor. Submitting insurance claims. Medical and insurance apps make managing your healthcare easier than ever. But this convenience also involves something very important – your personal health information.

Health data is a prime target for identity thieves. If it is stolen, it can be used for medical fraud, insurance scams, and long-term identity theft. Before you think your data is completely safe, it’s crucial to understand how these apps work, what laws protect you, and where the risks might be.

Your Personal Information: Is It Safe on Insurance and Health Apps?

Health portals and insurance apps are now common tools for managing your medical care. Doctors' offices send you links to patient portals, and insurance companies encourage you to download their apps. Every time you sign up, you give them sensitive personal information, including your Social Security number, medical history, prescription details, and financial data. But how safe is that information? What if it gets stolen?

Why Doctors and Insurance Companies Are Pushing Apps

Healthcare providers and insurers are increasingly using digital platforms for several important reasons. First, they make things more efficient. Apps allow patients to schedule appointments, request prescription refills, and check test results without needing to call the office. Insurance companies use apps to speed up claims processing, provide up-to-date coverage information, and lower customer service costs. Many also collect data through these apps to track health habits, like steps taken and medications used, and offer lower premiums as incentives.

For the healthcare industry as a whole, moving to digital records through patient portals supports federal initiatives like the 21st Century Cures Act. This law requires healthcare providers to give patients electronic access to their health information. This is indeed a handy tool for the patient.

The Benefits of Using a Health or Insurance App

There are genuine advantages to using these platforms:

  • Faster access to records – View lab results, visit summaries, and imaging reports without waiting for a callback.
  • Easier communication – Message your doctor directly instead of navigating phone trees.
  • Streamlined billing – Pay bills, review claims, and track deductibles in one place.
  • Medication management – Refill prescriptions and set reminders without a phone call.
  • Coordination of care – Multiple providers can access shared records, reducing duplicate testing and medical errors.
More Scam Reports:  How Doctored Photos Help Social Security Scammers

When these platforms work correctly, they save time and improve patient outcomes. Again, a very convenient tool.

Are You Required to Use the App?

No, patients do not have to use a health portal or insurance app. Under HIPAA, you have the right to get your health information in the way you prefer, including on paper.

If you prefer not to use an app, you can:

  • Request printed or mailed copies of records and explanations of benefits.
  • Call your insurance company or provider's office directly for information.
  • Ask to receive communications by mail instead of through a digital portal.

Some providers may make it harder to use paper options, but they cannot refuse you care or coverage just because you don’t want to use an app.

Safety Concerns With Personal Health Data

Health and insurance apps collect a lot of sensitive information. This includes your full name, date of birth, Social Security number, diagnosis codes, prescription history, payment details, and sometimes, biometrics data.

Key concerns include:

  • Data breaches – Scammers specifically target healthcare data because it sells for significantly more on the dark web than credit card data.
  • Third-party data sharing – Some apps share anonymized (or not-so-anonymized) data with third-party vendors, advertisers, or researchers.
  • Weak security practices – Not all apps use end-to-end encryption or enforce strong password requirements.
  • Phishing attacks – Fraudulent emails or texts mimicking your health portal can trick you into entering login credentials on fake sites.
  • App vulnerabilities – Outdated apps with unpatched security flaws can expose your data even without a targeted attack.

How Breaches Have Affected Patients

Healthcare data breaches happen frequently. The US Department of Health and Human Services reports that hundreds of breaches affecting 500 or more people occur each year.

More Scam Reports:  Detecting Hidden Fees in a Hidden Cost Economy

Patients whose data is breached face serious problems, including identity theft, fraudulent medical claims made in their name, and unauthorized access to their prescription histories. In some cases, stolen information is used to get prescription drugs illegally. Resolving financial fraud linked to these breaches can take months or even years.

A Documented Real-World Incident – Change Healthcare (2024)

In February 2024, Change Healthcare, a part of UnitedHealth Group, experienced one of the largest healthcare data breaches in US history due to a ransomware attack by the ALPHV/BlackCat group. Change Healthcare handles about 15 billion healthcare transactions a year and affects nearly one in three patient records in the country.

The attack disrupted prescription processing, claims payments, and insurance verifications for weeks. UnitedHealth Group confirmed that a large number of Americans may have had their personal health information and personal identification information compromised. This breach included medical records, insurance details, and Social Security numbers. The company paid a ransom of $22 million to the attackers.

As a result of the breach, pharmacies, hospitals, and patients faced major disruptions, with many unable to get prescriptions filled or insurance claims processed. The incident led to congressional hearings and increased scrutiny of cybersecurity standards in the healthcare industry.

How to Check If an App Is Safe

Before entering your information into any health or insurance app, take these steps:

  • Check for HIPAA compliance – The app or portal should clearly state it is HIPAA-compliant.
  • Review the privacy policy – Look specifically for language about third-party data sharing and how long your data is retained.
  • Look up the company's breach history – Search the HHS “Wall of Shame” (the official HHS breach reporting tool) to see if a provider has reported past breaches.
  • Check app store reviews and news coverage – A quick search of the company name alongside “data breach” or “lawsuit” can surface important information.
  • Enable multi-factor authentication – If the app offers it, use it.

Are Companies Required to Notify You of a Breach?

Under HIPAA, healthcare providers, insurers, and their business partners must inform people if there is a breach of their unsecured health information. They must send notifications within 60 days of discovering the breach.

More Scam Reports:  iPhone Scams: ScamBusters.org Predicts the Top 7 iPhone Scams

If a breach affects more than 500 people in a state, the company must also notify major media outlets in that state and report the breach to the Department of Health and Human Services (HHS). Breaches involving more than 500 individuals must be reported to HHS right away; smaller breaches can be reported once a year.

Some states have their own laws that require notifications to be sent even faster than the federal law.

What to Do If Your Health Data Has Been Breached

If you receive a breach notification or suspect your information has been compromised, act quickly:

  • Read the notification carefully – Identify exactly what information was exposed.
  • Place a fraud alert or credit freeze – Contact one of the three major credit bureaus, Equifax, Experian, or TransUnion . A fraud alert is free and lasts one year. A credit freeze is also free and provides stronger protection.
  • Monitor your medical records – Request copies of your records and look for any unfamiliar diagnoses, prescriptions, or procedures.
  • Check your insurance claims – Review your explanation of benefits statements for claims you don't recognize.
  • Report identity theft – File a report at the FTC's official resource for identity theft victims.
  • Change your passwords – Update login credentials for any affected portals and any accounts using the same password.

Summary

Health and insurance apps are very convenient, but they come with risks. The more you know about how these apps collect, store, and share your data, the better you can protect it. Use strong and unique passwords for each health-related account. Turn on multi-factor authentication whenever you can. Read the privacy policies, especially the parts about sharing your data with others. Keep an eye on news about data breaches; the next big incident may involve you. Your medical information is very personal. Handle it carefully.

Remember, Stay Alert and Stay Informed!