Patient Access API

What is this about?

If you purchased your own insurance on the Marketplace or you have a Medicare plan, you're entitled to access and share your health information. Blue Cross Blue Shield of Michigan and Blue Care Network now makes this process easier.

Your health information is available for other apps through a Patient Access Application Program Interface, or API. This technology allows applications to talk to each other by exchanging data.

 

What this means for you

As a member, you now have the ability to share your health information with third-party apps.

You can share your information dating back to Jan. 1, 2016, if you're enrolled in certain health plans. The following information is available as long as we maintain it in our records:

Claims and other health information

Clinical data collected while providing case management, care coordination, or other services to you

Additional information can be found in our frequently asked questions about Patient Access API.

The data made available, through the API, may include information about treatment for behavioral health, chronic illness and other sensitive information.

It's important for you to understand that the app you select will have access to all your information. The app is not subject to HIPAA rules and other privacy laws. These rules and laws protect your health information. You'll be subject to the app’s privacy policy for how they will use, disclose, and sell information about you. If you decide to share your information through the Patient Access API, you should review their privacy policy to ensure you're comfortable with what the app will do with your information.

You can find more information about what to consider when choosing to share your information with an app.

If the app's privacy policy doesn't answer these questions, you may want to reconsider. You should choose an app with strong privacy and security standards to protect your information.

Covered entities and HIPAA enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights, or OCR, enforces the HIPAA Privacy, Security, and Breach Notification Rules. Your Blue Cross health plan is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA.

You can learn more about filing a complaint with OCR related to HIPAA requirements. You may also file a complaint with Blue Cross by contacting the appropriate Customer Service office:

Individual Medicare Plus Blue

Phone: 1-877-241-2583

TTY: 711

Blue Cross Blue Shield of Michigan

Grievances and Appeals Department

P.O. Box 2627

Detroit, MI 48231-2627

Group Medicare Plus Blue

Phone: 1-866-684-8216

TTY: 711

Blue Cross Blue Shield of Michigan

Grievances and Appeals Department

P.O. Box 2627

Detroit, MI 48231-2627

Prescription Blue

Phone: 1-800-565-1770

TTY: 711

Blue Cross Blue Shield of Michigan

Pharmacy Help Desk

Mail Code: TC-1308

P.O. Box 807

Southfield, MI 48037

BCNA Group and Individual

Phone: 1-800-450-3680

TTY users call 711

BCN Advantage Appeals and Grievance Unit

P.O. BOX 284

Southfield, MI 48037-0284

Individual member

Please contact customer service by dialing the number listed on back of your member ID card.

Apps and privacy enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts, such as an app that discloses personal data in violation of its privacy notice. An app that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission, or FTC. The FTC provides information about mobile app privacy and security for consumers.

If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant.

Additional information can be found in our HIPAA FAQ.

Registering third-party developer app

In order to enable API connections, third-party developers must register their app with InterOp Station to make the app available for use by Blue Cross or BCN members.