This page describes the Centers for Medicare & Medicaid Services (CMS) Patient Access API Mandate, risks and benefits for members and outlines support channels for issues with sharing member data with third-party apps.
API information for developers
In December 2016, the 21st Century Cures Act was signed into law with several important goals, including increased patient access to their own health data. CMS created rules to further this goal. This is known as the CMS Interoperability and Patient Access ﬁnal rule (CMS-9115- F). In order to increase patients' access to their health data, the rule requires health insurance plans to give members access and the ability to share their health plan data with third-party applications of their choice.
Prevea360 Health Plan (Prevea360) is committed to making sure that you have access to the information that you need to make decisions about your health. What this means is that we must make all of your claims and clinical data that we have in our systems available for you to access through the third-party applications of your choosing.
Prevea360 has contracted with 1upHealth, an industry leader in healthcare data integrations, and a cutting- edge data standard called FHIR, to give you access and the ability to share your data. If you choose to access your healthcare data through an application such as MyChart, Apple Health or FitBit, you will ask to connect these applications using the 1upHealth platform. To do this, you must conﬁrm your identity for 1upHealth and Prevea360 by entering the user ID and password that you use to log into your Prevea360 member portal. After we verify your identity, we will share your healthcare data with the application you have chosen.
There are many potential beneﬁts to this new way to access and share your health information. Take a look at our app gallery for a sampling of the third-party applications that are being developed to help you better use this information. Some apps allow you to combine your data from multiple health providers to create a complete record of your interactions with different doctors and hospitals – and even combine it with data you generate on your own from wearable devices like glucose meters, pedometers or heart rate monitors.
Some other common uses include:
Data sharing empowers you to have greater ownership of and visibility into your health data.
However, these beneﬁts are not without some risk. Prevea360 takes your privacy and the security of your health information as seriously as you do. That's why we never share your health information without your express permission. Prevea360 protects your data throughout the process of sharing it in several ways, including using challenge questions and multi-factor authentication to conﬁrm you - and no one else - can access and share your data.
It is important to understand though, that once your data is shared with an application, Prevea360 is no longer able to protect the security of that data. This is why it is important to read the privacy and security policies for any application you are considering sharing your data with, so you understand how it is protected and used by that application.
If you believe the privacy of your health care data has been violated, contact the federal Department of Health and Human Services Oﬃce of Civil Rights.