Customer Resources



Customer Navigation

CMS Interoperability


FAQs

The Interoperability and Patient Access final rule (CMS-9115-F) puts patients first by giving access to payer health information through third-party applications (“apps”) of choice.

For more information, view CMS Interoperability fact sheet.

On May 1, 2020, CMS released the Interoperability and Patient Access final rule, listing ways to give patients better access to electronic health information held by payers or providers.

View the final interoperability rule. Initially only Qualified Health Plan (QHP) members will be able to take advantage of interoperability Patient Access APIs. View additional privacy and security considerations for using third-party applications.

Developer account and application registration is required. Third-party application developers can create an account and request application registration API access.

Once an account has been successfully created and an application is successfully registered, Patient Access APIs will be made available to allow developers to access documentation and supportive interoperability Patient Access APIs, if WPS maintains the dataset.

Use of registered applications is at the sole discretion of WPS members, former, present, or future. Applications must obtain direction, approval, and consent from WPS members or member-authorized personal representative. No member data will be accessible without proper authentication and consent.

Third-party application developers can request registration here.

Patient Access API–Patient Claims, which is member information held by payers (like health plans) and which includes claims data, will be available through Application Program Interfaces (APIs). APIs allow certain third-party applications chosen by the member to connect to the payer’s system to display current and historical information without the need to submit a separate request to the payer for this data.

Ensuring the privacy and security of member information is a priority for WPS. WPS is responsible for compliance with the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”), as amended, which means we are required by law to take certain steps to safeguard the privacy and security of our members’ data. Not all third-party apps are required to comply with HIPAA, and the Interoperability rules only allow WPS to refuse to integrate with apps in very limited circumstances. Because of this, members are strongly encouraged to read their chosen third-party app Privacy Policy and Terms of Use prior to consenting to that app receiving members’ health information, as WPS cannot control how that specific third-party app uses, stores, and/or discloses member health information.

Members are encouraged to read the third-party app Privacy Policies and Terms of Use before a third-party app can gain access to the health data WPS stores as a payer; members must download the app of choice and follow the app’s steps to connect to WPS. Members will be prompted to provide the information necessary for WPS to confirm that the request is valid (including identity verification), and then additionally consent to the release of relevant WPS payer health data to that app.

It depends on the app’s policy. Members are encouraged to read the third-party app’s Privacy Policies and Terms of Use when choosing to share payer health data with a third-party app. Any opt-out or restriction may not apply to data already transmitted to the third-party app based on a member’s consent and, instead, any opt-out or further restriction would be subject to that app’s Privacy Policy, Terms of Use, and/or other conditions.

Members are very strongly encouraged to read their chosen app’s Privacy Policy, Terms of Use, and/or other conditions when choosing to share payer health data with that app. Third-party app policies will determine what payer health data will be collected, stored, maintained and/or shared once consent is granted and is likely to vary significantly, depending on the app and whether it’s provided by an entity otherwise subject to HIPAA.

There will be apps that have significant safeguards in place to prevent the use or sharing of member health data with third parties and which have strong security protections in place. In contrast, there may be apps that allow for the unrestricted use of member health data, including the sale of that data to other parties, and which may be less concerned about data security. WPS is required by law to provide the app access to all of that member’s data if requested by the member (through providing a consent, or “I agree” statement, within the app), which means that certain particularly sensitive health information (such as treatment for sexually-transmitted diseases, mental health and/or substance abuse treatment, etc.) that may otherwise be subject to more stringent protection is also required to be disclosed.

To reiterate, the intent of the Interoperability requirements is to allow members to consent to various terms regarding the collection, use, and sharing of their personal health information, and also to allow for a less burdensome way for members to obtain their most current information, but this also presents certain risks to member privacy if members do not understand how their information will be collected, stored, used, and/or disclosed.

It depends. The third-party app Privacy Policy, Terms of Use, and/or other conditions will determine what non-health data will be collected, stored, maintained, and/or shared once consent is granted. Again, please thoroughly read the Privacy Policy, Terms of Use, and/or other conditions of any third-party app you are considering use of.

Specific third-party app policies will determine what security provisions are in place to protect the member health data that will be collected, stored, maintained, and/or shared once consent is granted. By law, WPS can only restrict the sharing of data with a particular app if doing so would risk the security of WPS data systems, not if it would risk the security or privacy of member data once that information is released from WPS to the app based on member consent. Because of this, it is extremely important that members read and understand their chosen third-party app’s Privacy Policy, Terms of Use, and/or other conditions, including by review of any security safeguards. WPS understands that some of this information may be “technical” and use terms members may not be familiar with. If members have questions, WPS encourages outreach directly to the app provider.

Based on the individual third-party app policies and protocols, members may need to disable permissions for the third-party app within certain settings, then delete the app, and/or follow instructions provided within the app’s Privacy Policy, Terms of Use, and/or other conditions. Some third-party apps may require a written request to stop sharing data and/or to destroy any member data.

If you believe an app used your information inappropriately or did not comply with its privacy and security policies, you may reach out to the U.S. Federal Trade Commission (FTC), Office for Civil Rights, HIPAA, Health and Human Services, or your state’s consumer protection agency.

Is your doctor in your network?