Patient Access APIs (To Access Your Data Through a 3rd Party App)

The Centers for Medicare and Medicaid Services (CMS) require that most CMS-regulated payers, such as Medicare Advantage Organizations and Medicaid Managed Care Organizations, implement and maintain a secure, standards-based Patient Access Application Programming Interface or API. The patient access API allows you to download your health information from The Health Plan to a third-party application or “app” of your choosing.

Questions to consider when choosing a third-party app to access your information

  • What types of health information will the app collect?
  • Does the app collect non-health data from my device, such as my location?
  • Does the app have a process for collecting and responding to user complaints?
  • How will the data be stored in the app?
  • How will the app use my data?
  • Will the app disclose, share or sell my data to another party?
  • How can I limit the app’s use and disclosure of my data?
  • What impact could sharing my data with the app have on others, such as my family members?
  • How can I access my data and correct mistakes in my data?
  • If I no longer want to use the app, how do I terminate the app’s access to my data?
  • How does the app protect my data?
  • Does the app delete my data after I stop access?
  • How does the app tell its users of any privacy policy changes?

Some other things you should know

The Health Plan is a covered entity under the Health Insurance Portability and Accountability Act or HIPAA. Individuals have certain rights under HIPAA which are explained in The Health Plan’s Notice of Privacy Practices. These rights include the right to access your health information and the right to file a complaint. HIPAA regulations are enforced by the U.S. Department of Health and Human Services Office for Civil Rights.

Most third-party apps are not regulated by HIPAA. Most third-party apps are instead regulated by the Federal Trade Commission or FTC. Because third-party apps are not regulated by HIPAA or The Health Plan, it is important that you take an active role to protect your health information when choosing an application. Remember, The Health Plan does not control the third-party application. The third-party app you use to access your information through the patient access API is up to you. As a result, you should be careful when selecting a third-party app with which to access your information.

You should only use apps that you trust. You should read and understand the app’s privacy policies before accessing your information using that app.

If you have group-based insurance, the primary policyholder may be able to access your information unless a request has been granted to restrict access.

Frequently asked questions about accessing my information through a third party app

What information do I need to authorize an application to see my health plan data?
To provide access to your data through an application, you must create an account by providing your First Name, Last Name, Date of Birth, Member Plan ID, Zip Code, and a unique email address.
 
If I have already authorized one application to see my health plan data, will I have to create another account to authorize a second application?
No. Once you have authorized one application to see your health plan data, you only have to authenticate using your email address and corresponding code to allow a second application to see the data.
 
What email is used to authorize an application to see my health plan data?
You must use the unique email address that you initially used to authorize and allow access to your data. An authorization code will be sent to the email address, and you will be required to enter it into the application. If you do not remember the email address, contact The Health Plan to obtain the information.
 
Are the name fields case sensitive?
No
 
How can I find my Member ID?
It is the member ID listed on your ID card provided to you by The Health Plan. You may contact The Health Plan if you do not have this card or if the number resulted in an error.
 
What data can I share? 
The Health Plan has made available medical claims, prescription drug claims and clinical data that is controlled in The Health Plan’s systems. The availability of this data varies by your plan and the application you use. In general, you can expect to see your medical and pharmacy claims and clinical data that we have about your care. Currently you cannot limit the data that is shared with the application. If you authorize data sharing, the app will have full access to all data The Health Plan makes available.
 
Why am I not able to see data from last week?
Recent updates to your claims or clinical data may not appear right away. Check again in one week. If you still cannot find the data, you should contact the third-party application directly.

You can find out more information on third-party apps by accessing the following information published by the FTC here.

You can find a list of approved third-party applications here. You can find the app’s Terms of Service and Privacy Policy when you click on the application you wish to use (look under the “Developer Links” section).

The Health Plan’s role in the patient access API is to provide the information to the app of the member’s choosing. The Health Plan does not regulate or recommend specific third-party applications.

If you feel that your privacy rights have been violated, you can contact us at 1.800.624.6061 (TTY: 711). You can also file a complaint with the U.S. Department of Health and Human Services Office for Civil rights by sending a letter to 200 Independence Avenue, S.W., Washington, D.C., 20201, by calling 1.877.696.6775 or by visiting hhs.gov/ocr/privacy/hipaa/complaints. Complaints about third-party applications can be filed with the FTC by visiting reportfraud.ftc.gov. The Health Plan will not retaliate against any member for filing a complaint.