Community Health Plan of Washington (CHPW) is required to create a secure, standards-based Patient Access Application Programming Interface (API) that allows members to easily access their health information through third-party apps of their choice. This is known as “interoperability.”
On this page, you’ll learn:
- What information is included in CHPW’s Patient Access API
- Your privacy rights under HIPAA, and who has to follow HIPAA
- How to choose third-party apps that are most likely to protect your health information
- How to file a complaint when your health information has been compromised
- How to authorize people to share your health information
Terms to Know
- API. A way of letting applications and websites talk to each other to exchange limited amounts of data. Information included in CHPW’s Patient Access API includes:
- Claims, office visits, and other interactions with providers; and
- Clinical data collected during case management, care coordination, or other CHPW services
- Interoperability means that you can retrieve and share health information securely with people you authorize. You can use a third-party app to access your health information to better understand and manage your own health care.
- Third-party app. A company or organization that isn’t related to CHPW.
Learn more about interoperability and CHPW’s Patient Access API in our FAQs ➜
Your Rights under the Health Insurance Portability and Accountability Act (HIPAA) and Who Must Follow HIPAA
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. HIPAA applies to covered entities (health plans such as CHPW and providers (primary care physician, facilities)).
Find more information and FAQs about your rights under HIPAA here ➜
Are third-party apps covered by HIPAA?
Because third-party apps are not covered entities, HIPAA rules do not apply. Instead they fall under the jurisdiction of the Federal Trade Commission (FTC) and the FTC Act. The FTC Act protects against deceptive acts (e.g., shares personal data without permission).
Find more information about mobile app privacy and security ➜
Questions to ask yourself before you share your information
When choosing an app, you should look for their privacy policy that clearly explains how the app will use your information. If the privacy policy doesn’t clearly answer these questions, think twice about using the app.
Questions to ask:
- What health data will this app collect?
- Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a way that protects my identity?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app sell my data?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- How can I correct inaccuracies in my data?
- Does this app have a process for collecting and responding to complaints?
- How can I terminate the app’s access to my data if I no longer want to use it?
- What is the app’s policy for deleting my data once I terminate access?
- How does this app inform users of privacy policy changes?
What can CHPW do to protect your health information
CHPW requests that third-party apps attest to having a privacy policy and follow best practices for protecting your health information.
If a third-party app doesn’t complete the attestation, the following warning message will appear when connecting to CHPW:
Filing a complaint
If you believe your rights under HIPAA have been violated, you can file a complaint with CHPW by contacting our Customer Service department at 1-800-461-5738 (TTY Relay: Dial 711), or by completing a Privacy/Security Incident Report and returning it to CHPW.
You can also file a complaint with OCR through their Complaint Portal.
Learn more about filing a complaint with OCR under HIPAA ➜
If you believe a third-party app has inappropriately used, disclosed, or sold your information, you may file a complaint with the FTC by using the FTC Complaint Assistant.
Authorizing someone to access your health data
You can allow someone else to access your health information, like a caretaker or relative.
Any representative you authorize to access your health information through a third-party app will have access to all your health information. You will not be able to limit access to information you do not want shared. This includes treatment for substance use disorders, mental health, HIV status, or other sensitive information.
To authorize a representative to access your health information through a third-party app, you will need to complete and return the Authorization to Disclose Health Information for Electronic App Access Packet.
Upon receipt CHPW’s Customer Service department will record your authorization and provide login information to the authorized representative.
You can also contact CHPW’s Customer Service department at 1-800-461-5738 (TTY Relay: Dial 711) to have a Packet sent to you.