to main content

CMS Interoperability and Patient Access

Starting in 2021, a new federal rule will make it easier for members* to have more access to their digital medical records.

The Interoperability and Patient Access rule CMS-9115-F puts patients first. It gives you control. Get easy access to your health information when you need it most. Having complete access to your health information allows you to manage your health better. You can know what healthcare resources are available to you.

* Applies to Medicare Advantage, Medicaid and CHIP Managed Care and federally funded ACA exchange plans

Keeping Your Protected Health Information (PHI) Safe Is Important To KelseyCare Advantage.

Your privacy and the security of your PHI is a top concern. The new rule allows you to look up your information using an app from a third-party application developer (a company with no connection to KelseyCare Advantage). We promise to give you information on what to consider when selecting an app, the ways your data can be used by the third party, and the importance of understanding the security and privacy practices of the app. We will give you information on federal agencies you can contact if you feel your rights to patient privacy have not been protected.

The CARIN alliance is a bipartisan, multi-sector collaborative working to advance consumer-directed exchange of health information. Learn more about third-party application privacy standards on the CARIN Alliance website. The CARIN Code of Conduct is a set of industry-leading best practices these applications have voluntarily adopted to protect and secure your health information. We will require third-party application developers to prove they will follow certain privacy standards by attesting to the CARIN Code of Conduct. Visit My Health Application for a list of apps that have attested to the CARIN Code of Conduct.

Granting Access to Your Healthcare Information Via MyKelseyOnline (Epic MyChart)

For you to fully utilize a third-party healthcare application, you will need to share your healthcare information with the application. Applications whose developers participate in Epic System’s App Orchard will guide patients through the sharing process via Epic’s MyChart.

Please see instructions here.

Frequently Asked Questions

Question About How To Find The Right Third-Party App?
Contact Us.

Questions about the new Interoperability and Patient Access Rule and how it affects you?
Contact Us.

For more information on CMS Policies and Technology for Interoperability and Burden Reduction visit the CMS website.

How many years back will my information go?
Any health information maintained by KelseyCare Advantage with a date of service January 1, 2016 or later will be made available.

What happens to my health information if I go to a different health plan or provider?
You will have access to your health information, no matter what health plan or provider you go to.

Can I find out if I’m up to date on my immunizations?
Yes, you can use an app to see what shots you’ve had with a date of service January 1, 2016 or later.

Will all of the apps keep my health information private?
There may be some apps that don’t follow all the privacy provisions. We will let you know which apps have agreed to follow our guidelines for your privacy. If you have already selected an app prior to us receiving a response from the app provider on their privacy policies, you will have a chance to select another app within a certain timeframe. We recommend that you request a Notice of Privacy Practices from the app. If the app does not provide you with a Notice of Privacy Practices, we recommend that you choose another app. You may also visit My Health Application for a list of trusted apps.

When will I have access to my healthcare information through the app?
Starting July 1, 2021, you will be able to access your KelseyCare Advantage health information through the apps.

I’m not comfortable using an app to get my healthcare info. Do I have to?
No, you do not have to use an app to access your healthcare info. You can contact your provider or health plan for needed information.

What health data will the app collect?
The app will collect your health data including, but not limited to, your claims, medications, diagnoses, procedures, and doctor visits.

Will the app collect non-health data from my device, such as my location?
Apps do have the ability to collect non-health data such as location. Some apps let you have the option to provide that information. We recommend that you ask your app provider.

What impact would sharing my data with this app have on others, such as my family members?
Requesting your health data via an app could potentially include the health data of family members who are associated with your health account.

How do I correct mistakes in my health data?
To correct mistakes in your health data, you will need to contact your provider or health insurance company. The health app only makes data available from healthcare sources. The app does not create this data.  If the app is showing incorrect information that was not sent to the app then the app must correct this problem.

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)?
We recommend that you ask the app provider for their notice of privacy and security practices.

Most apps will not be covered by HIPAA. Most apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

The FTC provides information about mobile app privacy and security for consumers on the FTC consumer information website.

For apps that are subject to HIPAA, you can find more information about patient rights under HIPAA and who is obligated to follow HIPAA.

You can also see the HIPAA FAQs for Individuals.

What are my rights when it comes to my data collected on this app?
We recommend that you request a Notice of Privacy Practices from the app provider to understand your rights.

What should I do if my data has been shared or stolen or an app has used my data inappropriately?
We recommend that you request a Notice of Privacy Practices from the app provider to understand how they respond to a privacy and security incident. You have the right to file a complaint with enforcement agencies including the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC).

Most apps will not be considered covered entities under HIPAA. Most apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).

Learn more about filing a complaint with OCR under HIPAA.

Individuals can file a complaint with OCR using the OCR complaint portal.

Individuals can file a complaint with the FTC using the FTC complaint assistant.

How will the app use my data?
Although the purpose of the app is for you to be able to see your data in one place, we recommend that you request a Notice of Privacy Practices to understand how the app will use your data.

Can the app share my data with third parties?
We recommend that you request a Notice of Privacy Practices from the app provider to understand if the app will share your data with third parties.

If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I stop the app’s access to my data? Do I have to do more than just delete the app from my device?
We recommend that you request a Notice of Privacy Practices from the app provider to understand what happens to your data after you stop using the app.

What is the app’s policy for deleting my data once I stop using it?
We recommend that you request a Notice of Privacy Practices from the app provider to understand what happens to your data after you stop using the app.

What is the process I have to go through to stop sharing data?
The best way to stop sharing data is through the Third Party Application or by contacting the Third Party Application support. You may revoke access to your healthcare information by accessing the Share My Record section in MyChart, View Device Connections, and Unlink the service accessing your account. You can refer to the last page of these instructions. If you are unable to successfully stop sharing data through the Third Party Application or using the Third Party Application Support then you may call KelseyCare Advantage member services for assistance.

Will this app sell my data for any reason, such as advertising or research?
We recommend that you request a Notice of Privacy Practices from the app provider to understand if the app will share your data with third parties for advertising and research.

How does this app deal with collecting and responding to user complaints?
App providers may respond to user complaints in different ways. We recommend that you ask this question to your app provider.

Will my data be stored in a de-identified or anonymized form?
We recommend that you request a Notice of Privacy Practices from the app provider to understand how the app stores your data.

What security measures does this app use to protect my data? Will they inform me if an incident occurs?
We recommend that you request a Notice of Privacy Practices and additional information on security practices from the app provider to understand how they handle a security incident.

How can I limit this app’s use and release of my data?
We recommend that you request a Notice of Privacy Practices from the app provider to understand how you can limit the use and release of your data.

Information for Third Party App developers:
FHIR Endpoint information

 

X
Cookies help us improve your website experience.
By using our website, you agree to our use of cookies.
Confirm