Empower Your Care

Access Health Records

Connected Consumer Site FAQ and Resources

What is Interoperability/Connected Consumer?

In March 2020, the Federal Department of Health and Human Services’ Centers for Medicare & Medicaid Services (CMS) finalized a rule requiring all Medicare Advantage plans to support a Patient Access Application Programming Interface (API). This API makes member data available to third-party applications based on the member’s specific consent.  This allows members to leverage individual healthcare apps of their choosing to access and manage their health and wellness.

For more information, see:

https://www.cms.gov/priorities/key-initiatives/burden-reduction/policies-and-regulations/cms-interoperability-and-patient-access-final-rule-cms-9115-f

Members wishing to use this API to grant access to their data from a 3rd party application  must register for an account through Aspire’s Member Portal, which manages the authentication and access to the platform.

If you already have a registered account with Aspire’s Member Portal, you do not need to create a new one.

 

If you have not registered for the Aspire Member Portal, you can do so here:

https://aspire.healthtrioconnect.com/app/index.page

 

Once an account is created, those credentials can be used to access your Aspire data, via the app you are trying to use. Once you sign in, they will be prompted to grant access to the app. This will allow the app access to their unique member information.

Any third party apps must be approved before they can be used. Apps can be approved by going here: https://fdp.edifecsfedcloud.com/#/portal/ss.c.health/home

  • Medical and pharmacy claims
  • Laboratory data from the following providers:
    • Quest Diagnostics
    • LabCorp
    • Salinas Valley Health
    • Montage Health
  • Medical and pharmacy provider directory
  • Prescription Drug Formulary

It is important for members to take an active role in protecting their health information. Aspire Health Plans is committed to helping members  know what to look for when choosing an app to help members make more informed decisions. Members should look for an easy-to-read privacy policy that clearly explains how the app will use their data. If an  app does not have a privacy policy, members should be advised not to use the app. members should consider:

  • What health data will this app collect? Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

If the app’s privacy policy does not clearly answer these questions, members should reconsider using the  app to access their health information. Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

It is important to note that third-party app developers fall outside of standard healthcare data management requirements under the Health Insurance Portability and Accountability Act (HIPAA).  Aspire Health Plan does not maintain a contractual relationship with third-party app developers and therefore (by CMS policy) is not able to audit or otherwise control app experiences.

However, in an effort to best protect member information, under the provisions of the CMS Interoperability Rule Aspire does require third-party app developers to register and attest to how they handle and protect member data.  This includes:

  • How a patient’s PHI may be accessed, exchanged, or used by any person or other entity, including whether the PHI may be shared or sold at any time (including in the future) ∙ A requirement for express consent from a patient before PHI is accessed, exchanged, or used,  including receiving express consent before a patient’s PHI is shared or sold (other than  disclosures required by law or disclosures necessary in connection with the sale of the  application or a similar transaction)
  • If an app will access any other information from a patient’s device
  • How a patient can discontinue app access to their data and what the app’s policy and process is for disposing of a patient’s data once the patient has withdrawn consent

Apps can agree, revise or reject this attestation.  Additionally, App developers are asked to attest to:

  • NOT store data outside of the United States
  • Conformance with the FTC Model Health Best Practice
  • Conformance with the ONC Model Privacy Policy
  • Conformance with the CARIN Code of Conduct

Any application that does not attest to these items must supply a satisfactory description as to why they do not/will not attest to them.  Based on these responses, the application will be granted access if they are deemed adequate and not believed to subject member data to any unnecessary risk of harm