Privacy and confidentiality notice

On this page:

Collection and use of personal information

Our website provides you with the opportunity to voluntarily submit forms to request additional information about Fallon Health (Fallon). In the course of these transactions, you may provide us with personal demographic information or possibly detailed medical information. We use the information you provide solely to help us respond to your request. As part of researching or fulfilling your request, your information may be shared with other Fallon employees. All employees of Fallon Health sign confidentiality agreements as part of our employment policy to ensure that any private information encountered through the course of their work is treated with the utmost respect.

At no time will Fallon Health sell, rent, loan, trade or lease any information collected on our site. However, please note that we may need to use this information within the Fallon family of affiliate companies or with a third party vendor to perform administrative, technical, or other functions that help us provide service to you. We seek to hold third party vendors to the same privacy practices as Fallon Health.

Except as noted above, Fallon will not release individualized information to another party unless required to do so by government authorities, legal processes, or otherwise required by law.

Any personally identifiable information collected through the website is not stored on the website, but will go to back office systems in the same manner that information from paper forms, submissions and phone calls to customer service are currently handled. The information is used as defined above. As a standard practice, as described below, we collect general statistical information on the content viewed, which is used to help us provide better service to you.

You have the right and ability to exit the Fallon Health site at any time and not remain in active session. If you choose to remain in session on our site, you implicitly consent to our privacy and security policies.

Fallon Health's website is designed and intended for adults; it is not directed toward children. As such, we do not knowingly collect or use personal information from children under 13.

| Back to top |

Collection of information from site visitors: Cookies

When you visit our website, we collect certain information that does not identify you personally, but provides us with aggregate "usage data." This information is used to measure the number of visitors to the different sections of our site and to help us make our site more useful to our visitors. This information is retained and periodically deleted from the site; no back-up copies are made.

Fallon Health's website does employ "cookies" to provide visitors with information that is specific to them. These cookies do not contain any personally identifiable information.

If you choose, you may disable or delete our cookies from your hard drive; however, blocking or deleting cookies may cause some of Fallon's website features and functionality to work incorrectly.

| Back to top |

Website security

Fallon Health takes precautions to protect information our members submit to us via this site. When we ask users to enter personal information, we utilize encryption to protect the transmission of data. The same procedures apply when users ask to see any of their personal information that we maintain.

Please be aware, though, that any unencrypted communication or material transmitted to or from Fallon Health through our website or unencrypted email may not be secure. Accordingly, Fallon Health is not responsible for the security of information transmitted via the internet or other global computer networks.

To protect your privacy, please do not use unencrypted email or unencrypted transmissions to communicate information to us that you consider to be confidential. For more private communication, visitors can contact Fallon Health by telephone or mail or, if you are a member, through our MyFallon member portal.

| Back to top |

Linked sites

Fallon Health's website has links to various other websites that we think might be useful or of interest to you. Fallon, however, cannot be responsible for and does not endorse the privacy practices or the content of its linked websites. Fallon Health urges you to review the privacy policies of any website you visit once you leave Fallon's website. Links to various non-Fallon websites do not constitute or imply endorsement by Fallon Health of these websites, any products or services described on these sites, or of any other material contained in them.

| Back to top |

Protecting your personal health information

As a Fallon Health member, what do I need to know about HIPAA?

Fallon adheres to the federal Health Insurance Portability and Accountability Act of 1996 (HIPAA).

You can tell us how you would like your personal health information shared by submitting forms available on HIPAA forms.

The HIPAA requirements are there to protect you, the consumer. With respect to health care, HIPAA is meant to simplify communications between health plans and providers—mostly through electronic means. However, you should be aware that HIPAA outlines strict guidelines to ensure the privacy and confidentiality of your PHI (protected health information, such as your name and medical information). These guidelines require that your PHI be used for purposes of treatment, payment and health plan operations, and not for purposes unrelated to health care.

Under HIPAA, Fallon Health must:

  • provide a Notice of Privacy Practices to all members (the Notice is issued to all new members with their new member materials and is also available here: Notice of Privacy Practices - pdf).
  • make sure that every person or company who works with us protects member information as we do.
  • carry out privacy training for all employees, whether they deal with member records or not.
  • have consequences in place if member information is used or shared improperly.

| Back to top |

As an employer, how does HIPAA impact my relationship with Fallon Health?

As part of HIPAA Administrative Simplification, Fallon Health is able to accept standard electronic transactions, such as enrollment (834 format) and premium payments (820 format). If you plan to use electronic transactions, please note that they must be in the standard formats set up under HIPAA.

With regard to the HIPAA Privacy Rule, it is Fallon's policy not to disclose member PHI (protected health information, such as member name and medical information) to employers or plan sponsors. Any medical information Fallon Health releases to you will be void of information that would disclose the identity of the member, unless that member has signed an authorization form for that disclosure.

For any exceptions, please discuss with your account executive and understand that if we send individually identifiable information to you, then you must:

  • amend enrollment and other benefit forms to include language outlining permitted uses and disclosures of member health information
  • certify that steps are being taken to secure the PHI of employees in the health plan

| Back to top |

As a broker, what is my relationship with Fallon Health under HIPAA?

Under HIPAA, Fallon Health considers you to be an associate of the employer you represent—business associate agreements with Fallon Health are not required. As an extension of the employer, you are permitted access only to enrollment information if the employer grants you permission.

Note: It is Fallon Health's policy not to disclose member PHI (protected health information, such as member name and medical information) to employers or plan sponsors. Any medical information, including discussing a specific member claim problem, Fallon Health releases to you will be void of any information that would disclose the identity of the member, unless that member has signed an authorization form for that disclosure.

| Back to top |

As a physician or provider, what do I need to know about HIPAA and Fallon Health?

A key HIPAA compliance issue for physicians and other health care providers is the use of electronic transactions.

Those providers using electronic data interchange (EDI) must use standard transactions, such as the 837 for claims. Fallon Health must accept standard transactions, and offers two methods of EDI for this: direct through Fallon Health or through our contracted clearinghouse.

If you are interested in submitting electronic health care transactions, please contact us at 1-866-275-3247, option 6, or email us to request to become a trading partner. Click here to start the enrollment process.
If you have any questions concerning testing with Fallon Health, please contact our EDI Coordinators at 1-866-275-3247, option 6.

To help you with the EDI process, we have created several Fallon-specific companion guides to the official implementation guides. They are available for download on the EDI page.

Another important note regarding HIPAA guidelines is that physicians and other health care providers may release protected health information to Fallon Health for payment and health care operations purposes.

Fallon Health currently contracts with the following clearinghouse:

  • Change Healthcare (formerly known as Emdeon and WebMD)
    Call 1-800-845-6592 or
    visit their website at www.changehealthcare.com.

| Back to top |

Interoperability

The Centers for Medicare and Medicaid Services (CMS) released the Interoperability and   Patient Access final rule on March 9, 2020. This final rule requires most CMS-regulated payers–including, but not limited to, Medicare Advantage (MA) organizations, Medicaid Fee-For-Service (FFS) programs, and Medicaid managed care plans, to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) that allows patients to easily access their claims and encounter information including cost, specifically provider remittances and enrollee cost-sharing, as well as a defined sub-set of their clinical information through third-party applications (app) of their choice.

Third-party apps and your health information

If you choose to allow a third-party app to retrieve your health care data, it is important for you to take an active role in protecting your health information. If an app you are considering does not have a privacy policy, Fallon Health advises you not to use that app.

When choosing your app, you should ask these questions:  

  • What health data will this app collect? Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could my sharing of my data with this app have on others, including my family members?
  • How can I access my data and correct inaccuracies in the data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

If the app’s privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information. Your health information is very sensitive, and you should be very careful to choose apps with strong privacy and security standards to protect it.

Most third-party apps will not be covered by the Health Insurance Portability and Accountability Act (HIPAA). If you want to learn more about HIPAA, who is required to follow it and your rights under HIPAA, please see above, or here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html

Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

The FTC provides information about mobile app privacy and security for consumers here:  https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps

If you think your data has been breached under HIPAA, you should contact our Privacy Officer:
Address: 10 Chestnut St Worcester, MA 01608
Phone: 1-800-868-5200 (TTY: 711)
Fax: 1-508-831-1136
Email: compliance@fallonhealth.org

Additionally, you can submit a complaint with the Office for Civil Rights under HIPAA, or with the FTC.

Accessing and sharing your health information

For members of Fallon Medicare Plus, NaviCare, Fallon 365 Care, Wellforce Care Plan and Berkshire Fallon Health Collaborative

If you are interested in accessing your health information and sharing it with an app, you can create an account with Change Health, a third-party vendor that Fallon has partnered with. The first step is to fill out a form to request access to Change Health. Once you’ve filled out the form, Fallon will email you an invitation code.

Once you’ve got your invitation code, you will need to follow these steps:

  1. Visit https://cch.changehealthcare.com/fallon/, and select “Enroll.”
  2. Type in the invitation code you received in your email from Fallon, and click “Next.”
  3. Verify your identity by providing your Fallon Member ID number, your date of birth and your ZIP code. Click “Next.”
  4. To confirm your identity, Change Health will send a code to your phone or email address. Once you receive the code, type it into the screen, and then click “Next.”
  5. Confirm your email address, as that will be your username every time you log in.
  6. Create a password. Keep this password in a safe location—you will need to use it every time you log into Change Health.
  7. Type your password in twice, and then click “Save.”
  8. Once your account is set up, sign in using your email address as your username and the password you just created.
  9. You will receive a verification code on your cell phone. Type the code into the next screen, and then click “Next.”
  10. Read and agree to the Terms & Conditions and Privacy Policy. Check the box, and then select “Next.”
  11. You are logged into your account.

| Back to top |

Compliance hotline

1-888-203-5295 (toll-free)
Call our Compliance Hotline to report any concerns you may have regarding compliance, fraud, waste or abuse. You can call the Hotline 24 hours a day, seven days a week. All calls are anonymous and confidential.