Your Personal Health Data

Your personal health data is available to you when and where you need it. We believe your health data, such as electronic health records, should be available and accessible to you with your consent. You bank or shop online, and can get a degree online, therefore, it makes sense that you can get a complete view of your health information online, too.

What’s Available to You

  • Easily retrieve all healthcare data that is meaningful or actionable and share that information securely with whom you choose.
  • Be able to use apps or devices to access your healthcare data to better understand, analyze, track, and manage your healthcare needs.

What Is Interoperability?

It is the ability of different information systems, devices, and apps to access, exchange, integrate, and cooperatively use data in a coordinated manner within and across organizations to provide timely information. Interoperability empowers you to have access to your healthcare data easily, whenever you need it.

The Centers for Medicare & Medicaid Services (CMS) put forth new rules that create a more consistent framework for interoperability. They shifted the responsibility of your healthcare data to you as the member and owner of that data. Part of this change includes a simplified and consistent mechanism for apps to ask you for your permission to access your data.

Who Is Eligible To Access Their Health Data Through Interoperability?

Blue Cross® Blue Shield® of Arizona (BCBSAZ) and Health Choice are required to provide access to individuals on Qualified Health Plans (Marketplace plans only), Medicare Advantage plans and Medicaid (AHCCCS) plans.

Accessing Your Data

BCBSAZ and Health Choice are required to provide a “Patient Access API.” This provides a simple way for apps to access your data when you allow them to do so. No app can access your data through the “Patient Access API” without your explicit permission.

Accessing your data is easy and secure. Visit the Interoperability Portal to sign up for the account or sign in if you have already created an account. Access is available to BCBSAZ members on Qualified Health plans and Medicare Advantage plans and for Health Choice members on Medicaid (AHCCCS) plans and Blue Pathway (HMO D-SNP) plans.

The information available through the Patient Access Application Programming Interface (API) includes information we collect about you while you have been enrolled in certain lines of business since January 1, 2016. The information is available for as long as we maintain it in our records and includes:

  • Claims and “encounter” data concerning your interactions with healthcare providers.
  • Clinical data that we collect in the process of providing case management, care coordination, or other services to you. “Encounter” data is information about office visits and other interactions with providers that are paid for under a monthly or annual fee that BCBSAZ and Health Choice pays a provider for furnishing care to members.
  • The information we will disclose may include information about treatment for Substance Use Disorders, mental health treatment, HIV status, or other sensitive information.

What Are Your Responsibilities with Interoperability?

You are responsible for the sharing of your data. Centers for Medicare & Medicaid Services (CMS) rules on interoperability limit what health insurance companies can do to stop apps from asking you to access your health data.

 

Things You Should Consider When Selecting an App to Share Your Data

At this time there are no third party applications (Apps) available in the marketplace that will allow you to connect to your data. Once Apps become available, you will need to go to your App store and select a preferred App.

  • Will this app sell my data for any reason?
  • Will this app disclose my data to third parties for purposes such as research or advertising?
  • How will this app use my data? For what purposes?
  • Will the app allow me to limit how it uses, discloses, or sells my data?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, can I terminate the app’s access to my data? If so, how difficult will it be to terminate access?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How will this app inform me of changes in its privacy practices?
  • Will the app collect non-health data from my device, such as my location?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • Will the app permit me to access my data and correct inaccuracies?
  • Does the app have a process for collecting and responding to user complaints?
  • If the app’s privacy policy does not satisfactorily answer these questions, you may wish to reconsider using the app to access your health information.

Covered Entities and HIPAA Enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. BCBSAZ and Health Choice is subject to HIPAA as are most healthcare providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA for individuals.

How to File a Complaint

To learn more about filing a complaint with OCR related to HIPAA requirements, visit U.S. Department of Health & Human Services website.

Apps and Privacy Enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts (such as an app that discloses personal data in violation of its privacy notice). An app that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission (FTC). The FTC provides information about mobile app privacy and security for consumers. If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant.

For App Developers

Blue Cross Blue Shield of Arizona Interoperability APIs provide the functionality listed below:

If you are a third-party developer seeking information on connecting your interoperability-capable application to our platform, please click here. The base URL for our APIs is https://azblue.innovaccer.com/fhir/

  • It is the ability of different information systems, devices, and apps to access, exchange, integrate, and cooperatively use data in a coordinated manner, within and across organizations to provide timely information. Interoperability empowers you to have access to your healthcare data easily, whenever you need it.
  • You are in control of your healthcare data and how you share your data. The interoperability standards defined by the government will make it easier for apps to share your data and look at your health data to help you make better decisions about your healthcare needs and healthcare spending. This means you may be prompted to allow an app to access your health data from BCBSAZ and Health Choice. You get to decide if you want to allow this and use the services that the app provides, giving you more freedom and more choices on how to use your health data.
  • The term app is how people interact with computers and mobile devices. An app is a computer program or software for interacting with people. Spreadsheets, word processing programs, browsers, and email clients are all apps. On your mobile device, the various icons on your home screen that allow you to interact on your phone are all apps.
  • Third-party apps cannot get access to your health data unless you grant them permission to do so. The app will prompt you to authorize it to get your health data from BCBSAZ and Health Choice.
  • Interoperability makes it easier for third-party apps to access your health data. Your health data exists separately from interoperability, but interoperability makes it much easier for apps to use your health data and for you to authorize and allow an app to access your health data.
  • Your BCBCSAZ and Health Choice data is yours, and only people or apps you authorize can access it.
  • It is important to carefully consider which apps you trust to access your health data. Consider looking at the app’s privacy policy, if the app can sell your data, and whether or not you trust the app publishers. Only use apps that are trusted and well-known.
  • BCBSAZ and Health Choice ensures that data is protected by strong encryption while in transit and strong authentication when transmitted to third-party apps. Protecting your data is a priority at BCBSAZ. There are government regulations that also help ensure your data is protected by healthcare and insurance companies. One of those regulations is known as the Health Insurance Portability and Accountability Act (HIPAA). Visit BCBSAZ or Health Choice notice of privacy practices for information regarding Privacy and Security policies.
  • Each app creates a privacy policy and other policies that explain how they will use your health data and whether they can sell your health data to others. These policies control what they will do with your data, so it is important that you understand what you are agreeing to when you download a third-party app. The app is also responsible for reporting inadvertent disclosure of your health data to you and appropriate government authorities. Once you choose to allow an app to have access to your personal heath data, that data is no longer protected by HIPAA or BCBSAZ.

    The Federal Trade Commission (FTC) – the nation’s consumer protection agency – has issued the Health Breach Notification Rule to require certain businesses not covered by HIPAA to notify their customers and others if there is a breach of unsecured, individually identifiable electronic health information. 
  • By agreeing to share your data with an app, you authorize BCBSAZ and Health Choice to disclose certain information, which may include your name, address, diagnoses, treatments performed on you, amounts paid to providers, etc. Other information that could be disclosed might include claims and encounter data related to your interactions with healthcare providers, and clinical data that we collect in the process of providing case management, care coordination, or other services to you. The information we will disclose may include information about treatment for Substance Use Disorders, mental health treatment, HIV status, or other sensitive information.
  • The data applies to dates of service January 1, 2016 for as long as BCBSAZ and Health Choice maintains the information and you are enrolled in the applicable line of business.
Medicare Advantage organizations: 42 C.F.R. § 422.119(g);
Medicaid MCOs: 42 C.F.R. § 438.242(b)(5) (by reference to 42 C.F.R. § 431.60(f));
CHIP MCOs: 42 C.F.R. § 457.1233(d)(2) (by reference to 42 C.F.R. § 457.730(f)); and
QHP Issuers on FFEs: 45 C.F.R. § 156.221(g).