The Centers for Medicare & Medicaid Services Interoperability and Patient Access final rule requires Qualified Health Plan (QHP) issuers on the Federally facilitated Exchanges (FFEs) to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API). This will allow members to have easy access to their own health information and opportunity to allow others permission to access that health information.
For more information, please read the CMS fact Sheet. This will open in a new window. Interoperability and Patient Access Fact Sheet | CMS
Patient Access to claims and cost including clinical health care data and encounter information. Provider Directory to ensure members are able to find providers and treatment easily. Aspirus Health Plan supports interoperability for our Qualified Health Plans on the Federally facilitated Exchanges with standards-based APIs that enable third party applications for vendors to connect their applications to access Aspirus Health Plan data.
What This Means for You
Why Share Your Data
It can help health plans and providers get on the same page. The new rule allows you to use apps to see data your insurance has from providers. When they can freely — and safely — share data, it allows all parts of your care to work together.
Your Rights Under HIPAA (Health Insurance Portability and Accountability Act)
Most third parties will not be subject to HIPAA or other federal or state privacy laws instead they fall under the Federal Trade Commission (FTC). They may use your data in ways you do not know about or do not want. Take the time to think about who you want to have access to your information. Only share it with third parties that you trust.
Learn more about the patient rights and privacy at www.hhs.gov under Programs & Services
Learn more about protecting your privacy on mobile apps at http://www.consumer.ftc.gov/ under Privacy, Identify & Online Security
Aspirus Health Plan will not share your data unless you authorize it or unless otherwise required or permitted by law. If you ask Aspirus Health Plan to share your data with a third party, Aspirus Health Plan can no longer protect or control what happens to the shared data. We encourage you to read and understand the privacy policies of any third party before authorizing Aspirus Health Plan to send your data to the third party.
What To Consider when Choosing a “Third Party”
Choosing to share your Aspirus Health Plan information, you understand you are requesting to send your health information to a third-party that is not affiliated with Aspirus Health Plan.
You should look for an easy-to-read policy that clearly explains how the app will use your data. The only recommendation we have when choosing a particular app, is to make sure they have a privacy policy, if they do not have one you should not use it.
A few other things to consider when deciding on a third-party app are:
Remember health insurance information is sensitive. Only apps that have a strong privacy and security standards should be used to protect your information.
What To Do If You Think Your Health Data Has Been Breached or Used Inappropriately
If you believe an app was inappropriately used, disclosed, or sold your information, you should contact the Federal Trade Commission (FTC). You may file a complaint with the FTC using FTC complaint assist – reportfraud.ftc.gov
You can also file a complaint with the Office for Civil Rights – ocrportal.hhs.gov
If you choose to use a third-party application, you can visit your app store to download one. Aspirus Health Plan does not recommend or have an opinion on any third-party applications. If you choose to allow a third-party application to use your personnel Aspirus Health Plan health information, you will acknowledge that you understand and agree to a disclaimer and the information-sharing as part of the process.
Third-party application developers are required to create an account and request application registration API access.
Once an account has been successfully created and an application is successfully registered, Aspirus Health Plan will review the request and if approved will send credentials securely to authenticate to the APIs.
Developers will be able to access documentation and supported APIs, if Aspirus Health Plan maintains the dataset
Third-party application developers can create account and register here.