Patient Access API and Payer to Payer Data Transfer

What is this about?

If you purchased your own insurance on the Marketplace or you have a Medicare plan, you're entitled to access and share your health information. Blue Cross Blue Shield of Michigan and Blue Care Network now makes this process easier.

Your health information is available for other apps through a Patient Access Application Program Interface, or API. This technology allows applications to talk to each other by exchanging data.


What this means for you

As a member, you now have the ability to share your health information with third-party apps.

You can share your information dating back to Jan. 1, 2016, if you're enrolled in certain health plans. The following information is available as long as we maintain it in our records:

Claims and other health information

Clinical data collected while providing case management, care coordination, or other services to you

Additional information can be found in our frequently asked questions about Patient Access API.

The data made available, through the API, may include information about treatment for behavioral health, chronic illness and other sensitive information.

It's important for you to understand that the app you select will have access to all your information. The app is not subject to HIPAA rules and other privacy laws. These rules and laws protect your health information. You'll be subject to the app’s privacy policy for how they will use, disclose, and sell information about you. If you decide to share your information through the Patient Access API, you should review their privacy policy to ensure you're comfortable with what the app will do with your information.

You can find more information about what to consider when choosing to share your information with an app.

If the app's privacy policy doesn't answer these questions, you may want to reconsider. You should choose an app with strong privacy and security standards to protect your information.

Covered entities and HIPAA enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights, or OCR, enforces the HIPAA Privacy, Security, and Breach Notification Rules. Your Blue Cross health plan is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA.

You can learn more about filing a complaint with OCR related to HIPAA requirements. You may also file a complaint with Blue Cross by contacting the appropriate Customer Service office.

Apps and privacy enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts, such as an app that discloses personal data in violation of its privacy notice. An app that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission, or FTC. The FTC provides information about mobile app privacy and security for consumers.

If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant.

Additional information can be found in our HIPAA FAQ.

Registering third-party developer app

In order to enable API connections, third-party developers must register their app with InterOp Station to make the app available for use by Blue Cross or BCN members. 

Interoperability - Payer-to-Payer Data Transfer Request

On March 9, 2020, the Department of Health and Human Services (HHS) released final rules outlining standards for interoperability and the secure exchange of health information. As part of these rules, the Centers for Medicare and Medicaid Services (CMS) requires that the payers must maintain a process for the electronic exchange of member clinical data, which includes things like lab test results, vital signs, clinical notes and current medications.

CMS’s requirement says that with the approval of a current or former enrollee or the enrollee’s personal representative, the insurance carrier (payer) must:

  • Receive data for a current enrollee from any other insurance carrier (payer) that has provided coverage to the enrollee within the five previous years
  • At any time an enrollee is currently enrolled and up to five years after disenrollment, send all such data to any other insurance carrier (payer) that the enrollee (or their personal representative) specifically requests receives the data

If you're enrolled in a Blue Cross Medicare Advantage Plan or Individual Qualified Health Plan (QHP), you have the option to request data transfer from your former insurance carrier (payer) to Blue Cross. Likewise, you're a former enrollee in a Blue Cross Medicare Advantage or Individual QHP plan you have the option to request Blue Cross to send your data to your current insurance carrier.

This transfer will ensure that your clinical data stays with you in case you change insurance carrier.

However, CMS has indefinitely delayed this exchange requirement, so BCBSM can only send data to and receive data from health insurance carriers that are currently registered to facilitate data exchange.

Unfortunately, none of the health insurance carriers are registered and ready to transfer data right now. The health insurance carrier names will be added here once they are ready to transfer data. 

You'll need an account on the Blue Cross member portal to request a data transfer. Please create an account if you don't have one.

Additional information about data transfer and insurance carrier registration can be found in our frequently asked questions (PDF).