The Centers for Medicare & Medicaid Services Interoperability and Patient Access final rule requires Qualified Health Plan (QHP) issuers on the Federally facilitated Exchanges (FFEs) to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API). This will allow members to have easy access to their own health information and opportunity to allow others permission to access that health information.
For more information, please read the CMS fact Sheet. This will open in a new window. Interoperability and Patient Access Fact Sheet | CMS
There are two main components for the Interoperability Guidelines
Patient Access to claims and cost including clinical health care data and encounter information. Provider Directory to ensure members are able to find providers and treatment easily. Aspirus Health Plan supports interoperability for our Qualified Health Plans on the Federally facilitated Exchanges with standards-based APIs that enable third party applications for vendors to connect their applications to access Aspirus Health Plan data.
What This Means for You
- You control who can see your information. That includes health care claims, doctor visits, health care benefits and more.
- You will be able to use a digital application (“app”) from another company (a “third party”) to see your health care and insurance information.
- It is always your choice to disclose health information – No information is shared until you choose to share it.
Why Share Your Data
It can help health plans and providers get on the same page. The new rule allows you to use apps to see data your insurance has from providers. When they can freely — and safely — share data, it allows all parts of your care to work together.
Your Rights Under HIPAA (Health Insurance Portability and Accountability Act)
Most third parties will not be subject to HIPAA or other federal or state privacy laws instead they fall under the Federal Trade Commission (FTC). They may use your data in ways you do not know about or do not want. Take the time to think about who you want to have access to your information. Only share it with third parties that you trust.
Learn more about the patient rights and privacy at www.hhs.gov under Programs & Services
Learn more about protecting your privacy on mobile apps at http://www.consumer.ftc.gov/ under Privacy, Identify & Online Security
Aspirus Health Plan will not share your data unless you authorize it or unless otherwise required or permitted by law. If you ask Aspirus Health Plan to share your data with a third party, Aspirus Health Plan can no longer protect or control what happens to the shared data. We encourage you to read and understand the privacy policies of any third party before authorizing Aspirus Health Plan to send your data to the third party.
What To Consider when Choosing a “Third Party”
Choosing to share your Aspirus Health Plan information, you understand you are requesting to send your health information to a third-party that is not affiliated with Aspirus Health Plan.
A few other things to consider when deciding on a third-party app are:
- What health data will this app collect? Will this app collect non-health data from my device, like my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app disclose my data to third parties? Will this app sell my data for any reason, like advertising or research? Will this app share my data for any reason? If so, with whom and why?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, like my family?
- How can I access my data? How can I correct inaccuracies in data retrieved by this app?
- Does this app have a process for collecting and responding to complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data? What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
Remember health insurance information is sensitive. Only apps that have a strong privacy and security standards should be used to protect your information.
What To Do If You Think Your Health Data Has Been Breached or Used Inappropriately
If you believe an app was inappropriately used, disclosed, or sold your information, you should contact the Federal Trade Commission (FTC). You may file a complaint with the FTC using FTC complaint assist – reportfraud.ftc.gov
You can also file a complaint with the Office for Civil Rights – ocrportal.hhs.gov
If you choose to use a third-party application, you can visit your app store to download one. Aspirus Health Plan does not recommend or have an opinion on any third-party applications. If you choose to allow a third-party application to use your personnel Aspirus Health Plan health information, you will acknowledge that you understand and agree to a disclaimer and the information-sharing as part of the process.
Third-party application developers are required to create an account and request application registration API access.
Once an account has been successfully created and an application is successfully registered, Aspirus Health Plan will review the request and if approved will send credentials securely to authenticate to the APIs.
Developers will be able to access documentation and supported APIs, if Aspirus Health Plan maintains the dataset
Third-party application developers can create account and register here.