Accessing Your Data
Health Choice is required to provide a “Patient Access API.” This provides a simple way for apps to access your data when you allow them to do so. No app can access your data through the “Patient Access API” without your explicit permission.
If you wish to access your data, you must first register on Health Choice’s Interoperability Portal here.
If you would like to share your personal health data with someone else, fill out a Confidential Information Release Form.
The link is also available under “My Health Data” on the Health Choice Member Portal. You will then need to select an app and use your Interoperability Portal email and password to allow the app access to your Health Choice data.
The information available through the Patient Access Application Programming Interface (API) includes information we collect about you while you have been enrolled in certain lines of business since January 1, 2016.
The information is available for as long as we maintain it in our records and includes:
- Claims and “encounter” data concerning your interactions with healthcare providers.
- Clinical data that we collect in the process of providing case management, care coordination, or other services to you. “Encounter” data is information about office visits and other interactions with providers that are paid for under a monthly or annual fee that Health Choice pays a provider for furnishing care to members.
- The information we will disclose may include information about treatment for Substance Use Disorders, mental health treatment, HIV status, or other sensitive information.
What Are Your Responsibilities with Interoperability?
You are responsible for the sharing of your data. Centers for Medicare & Medicaid Services (CMS) rules on interoperability limit what health insurance companies can do to stop apps from asking you to access your health data.
Things You Should Consider When Selecting an App to Share Your Data
At this time there are no third party applications (Apps) available in the marketplace that will allow you to connect to your data. Once Apps become available, you will need to go to your App store and select a preferred App.
- Will this app sell my data for any reason?
- Will this app disclose my data to third parties for purposes such as research or advertising?
- How will this app use my data? For what purposes?
- Will the app allow me to limit how it uses, discloses, or sells my data?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, can I terminate the app’s access to my data? If so, how difficult will it be to terminate access?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How will this app inform me of changes in its privacy practices?
- Will the app collect non-health data from my device, such as my location?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- Will the app permit me to access my data and correct inaccuracies?
- Does the app have a process for collecting and responding to user complaints?
- If the app’s privacy policy does not satisfactorily answer these questions, you may wish to reconsider using the app to access your health information.
Covered Entities and HIPAA Enforcement
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. Health Choice is subject to HIPAA as are most healthcare providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA here:
https://www.hhs.gov/hipaa/for-individuals/index.html
To learn more about filing a complaint with OCR related to HIPAA requirements, visit:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html
Apps and Privacy Enforcement
An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts (such as an app that discloses personal data in violation of its privacy notice). An app that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission (FTC). The FTC provides information about mobile app privacy and security for consumers here:
https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
For App Developers
If you are a third-party developer seeking information on connecting your interoperability-capable application to our platform, please click here.