Interoperability Website Resources
The Centers for Medicare and Medicaid Services (CMS) established the Interoperability and Patient Access final rule in May 2020. This rule applies to Medicare Advantage HMO Plans members and Medicare Advantage PPO members. The rule requires applicable issuers to make certain patient data available via an API, or application programming interface. Medicare Advantage and Medicaid members may also access formulary and provider directory information. Current Medicare Advantage and Medicaid members will be able to connect to CarePartners of Connecticut’s API to access their data via their preferred third-party app beginning on July 1, 2021.
What are important things individuals should consider before authorizing a third-party app to retrieve their health care data?
- What health data will this app collect? Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what purpose?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could share my data with this app have on others, such as my family members?
- How can I access my data and correct inaccuracies in data retrieved by this app?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
Can personal representatives obtain access to health information for a member?
CarePartners of Connecticut recognizes a person with legal authority to act on behalf of an individual in making decisions related to health care (e.g. health care proxy, power of attorney, conservator, legal guardian, etc.) as their Personal Representative.
If you are already documented in CarePartners of Connecticut’s system as a Personal Representative, you can:
- Contact Member Services using the telephone number on your ID to request Interoperability Data access.
- Member Services Representative will trigger the process for you to create an online account to allow accessing Interoperability data.
What are an individual’s rights under the Health Insurance Portability and Accountability Act (HIPAA), and who must follow HIPAA?
- The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security and Breach Notification Rules, and the Patient Safety Act and Rule.
- You can find more information about individual rights under HIPAA and who is required to follow HIPAA here: www.hhs.gov/hipaa/for-individuals/guidance-materials-for-consumers/index.html.
- HIPAA FAQs for Individuals: www.hhs.gov/hipaa/for-individuals/faq/index.html.
Are third-party apps covered by HIPAA?
- The FTC provides information about mobile app privacy and security for consumers here: www.consumer.ftc.gov/articles/0018-understanding-mobile-apps.
What should an individual do if they think the privacy or security of their data has been breached by a third-party app or an app has used their data inappropriately?
Accompanying Technical Documentation
This information is for 3rd party application developers and is not applicable to our members.
API syntax, function names, required and optional parameters supported and their data types, return variables and their types/structures, exceptions and exception handling methods and their returns:
The software components and configurations an application must use in order to successfully interact with the API and process its response(s):
Applicable technical requirements and attributes necessary for an application to be registered with any authorization server(s) deployed in conjunction with the API: