CMS Interoperability and Patient Access Rule

Your Health Information – In One Place

Search Search

What is Interoperability?

It is like a secure bridge. Interoperability uses secure Application Programming Interface (API) connections (digital messengers) so you can see and share your health information. It also lets your doctors, hospitals, and health plan share your health information safely.  

You can pick a trusted third-party health app and request your health information through the app, but there are risks.  

  • Make sure to always check the third-party application’s privacy policy as they work differently than your doctors, hospitals and health plan. If there is no privacy policy, it is best not to use that third-party app. 
  • Once the app gets your health information it may not be protected by privacy laws (like HIPAA). That means Advanced Health won’t be responsible for keeping your data safe anymore. But most third-party apps must follow the rules under the Federal Trade Commission (FTC) Act. Which includes rules on mobile app privacy and security. You can read more on the Federal Trade Commission Consumer Advice website about how websites and apps collect and use your information. 
  • If there are certain records you do not want to share, you should check the third-party app’s privacy settings or reach out to Advanced Health for help. 

To learn more about Interoperability and Patient Access rules, please visit CMS’s Patient Access API and Interoperability Ruling (CMS-9115-F) 

  • What Does This Mean For You?

    When you have given permission to a trusted third-party app, this gives the third-party app access to information such as: 

    • Your basic information, like your name, birthday, address, phone number, and email. 
    • Information about your health insurance through Advanced Health (like what kind of coverage you have and your member ID number). 
    • Details about what your provider charged.
      • What Advanced Health paid. 
      • What you had to pay yourself, if you had to.
      • This would include drug or alcohol use services paid by Advanced Health. 
    • Records of past medical treatments or surgeries. 
    • Notes about your health conditions from your doctors. 
    • Your care plan with Advanced Health. 
    • The doctors, clinics, or other groups taking care of you. 
    • Prior Authorizations (approval for services). 
    • Your chosen personal healthcare representative. 
    Some of this info may be very private, such as: 
    • Mental health. 
    • Drug or alcohol use (this does not include your counselor’s notes). 
    • Pregnancy or abortion. 
    • HIV or AIDS. 
    • Domestic or physical abuse. 
    • Sexual health and infections. 
    • Genetic testing. 

  • Steps You Can Take to Protect Your Health Information

    • When you download a third-party app, download from an official app store.
    • When setting your app up, the app will usually ask for consent to access your information. The third-party apps you pick are your responsibility. Pick ones that promise to guard your information and data well. 
    • Always read the third-party app’s Privacy Policy and Terms of Use so you understand how they will use your information and take time to learn about the privacy settings. It is important to understand how the third-party app will use your information. Does the privacy policy answer the following questions: 
      • What health information will this third-party app collect from me? 
      • Does the app grab other information from my phone or computer too, like where I am? 
      • How does the third-party app store my health records? 
      • What will the third-party app do with my health information? 
      • Will the third-party app give my data to others? If yes, who and for what reasons? 
      • Can I control how much health information the third-party app uses? 
      • How does the third-party app keep all my information safe? 
      • Is there customer support I can call if I need help? 
      • Can I stop sharing my health data at any time with the third-party app? 
      • If I stop sharing, will the third-party app delete my data? 
      • Will the third-party app tell me if it changes its privacy policy?
    • Do not share your password to your third-party app with anyone. 

    Advanced Health will give you clear steps on how to opt out of sharing your data, and how to start sharing again (opt back in) if you change your mind. 

    Something to remember, if at any time you will no longer have your phone, such as trading it in for a new one, or allowing another person to use it, it is important to remember to remove your health information from your phone. 

  • How Advanced Health Keeps Your Information Safe

    As a covered entity (45 CFR § 160.103), Advanced Health follows strict rules from CMS and state and federal Health Insurance Portability and Accountability Act (HIPAA) privacy and security laws to protect your health information. These privacy and security measures are described in our HIPAA policies and procedures.   

    Advanced Health only shares what you allow with third-party apps. We require you to give us permission. We are also able to share information with your doctors you know and see regularly. No extra permission is needed if you are already their patient. This helps your care team work together and keep your information safe. 

    You can view Advanced Health’s Notice of Privacy Practices on our website: Advanced Health Notice of Privacy Practices 

Your Choice About Sharing Health Information Between Health Plans 

  • You decide if we ask your last health plan for your health information or share your data with another health plan you have now. You can opt in (say yes) at any time. Your data is not shared automatically.
    • Saying yes to sharing your data can help your care go more smoothly. It can help your doctors see a more complete record, reduce gaps in your care, and support better health and a better care experience. 
  • If you opt in to sharing your data with other health plans, you can change your mind and opt out (say no) at any time. 
  • If you tell us who your last health plan was, we will ask them for your records so you can see your older and newer records in one place. 
  • If you have two or more health plans at the same time, we will share your data with your other current plan about every three months. This helps us work together so your coverage fits your needs as well as possible. 
  • Even if you opt in, we will not share your data with any health plan you are not enrolled in. We only use this data sharing to get information from a past plan, share with a plan you have now, and send information to a future plan when needed. 
  • Your health information is protected by strong privacy and security steps to help keep it safe. 

Important Information to Know

Even if you opt out of sharing your data through these tools, other laws, like HIPAA and state laws, may still allow your doctor to get some information they need to treat you. Your health information is only shared with providers in our network who we show have given you care before. 

When you allow your health information to be shared with your doctor, it can help them: 

    • Work better with other providers,  
    • Speed up approvals for your care,  
    • Help you get care on time, and  
    • Support better health results for you. 
    • Your health information is protected by strong privacy and security rules to help keep it safe. 

Do You Think Your Information Wasn’t Handled Right?

If you think a third-party app broke its own privacy policy with your health information, tell the Federal Trade Commission. Go to their website to make a report or call 1-877-382-4357. 

If you think someone else other than the third-party application has broken a privacy policy or did not handle your health information in the right way, let Advanced Health know by calling 541-269-7400 or toll free 1-800-264-0014; TTY users can call 711 or 1-800-735-1232.  You can also tell the Department of Health and Human Services Office of Civil Rights. Visit their website or call 1-800-368-1019. 

You can always remove access or block third-party apps from accessing your health information with Advanced Health at any time. 

Forward Forward

1UpHealth Third-Party App Directory

A list of third-party applications includes apps for patients, providers, and payers approved by 1upHealth and granted access to the 1upHealth Health Plan Patient Access API endpoints.

Tools Tools

1UpHealth Developer site

Help Help

1UpHealth Help Center

Eye Eye

Patient Access Endpoint