Interoperability

Upper Peninsula Health Plan (UPHP) is required by the Centers for Medicare and Medicaid Services (CMS) to provide you electronic access to your health information. This is done through a patient access application programming interface (API). As a UPHP member, this only includes information we collect about you, such as:

• Medical and pharmacy claims
• Clinical data, such as care plans, care teams, and health barriers, for example

It does not include things such as your health history, medicals records, etc., that would be collected through your provider(s).

Through the application, you will also have access to:

• Your list of covered drugs (formulary)
• Provider and pharmacy directory

UPHP does not host this information through an app of our own. You may access this information through a third party app of your choice, such as one you could download on your mobile device, tablet, or computer.

It is important for you to take an active role in protecting your health information when choosing an app. Third party apps may not be subject to the privacy and security rules  established by the Health Insurance Portability and Accountability Act (HIPAA). Knowing what to look for when choosing a third party app can help you make a more informed decision about what is right for you. If you decide to use a third party app to retrieve your information from UPHP through the patient access API, you should carefully review the app’s privacy policy first. Ensure you are comfortable with that company’s privacy practices before proceeding further.

Things to consider when selecting a third party app include:

• What data will this app collect? Will this app collect non-health data from my device, such as my location?
• Will my data be stored in an anonymous format?
• How will this app use my data?
• Will this app disclose or sell my data to third parties?
• Can I limit this app’s use and disclosure of my data?
• What security measures does this app use to protect my data?
• Does this app have a process for collecting and responding to user complaints?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I end the app’s access to my data?
• What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?

For more information about mobile app privacy and security, visit the Online Privacy and Security | Consumer Advice (ftc.gov).

If you believe your data in an app may have been breached or an app has misused your data, you can file a complaint with the Office for Civil Rights (OCR) or Federal Trade Commission (FTC) at:

• To learn more about filing a complaint with OCR under HIPAA, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html
• Individuals can file a complaint with OCR using the OCR complaint portal: https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf

Individuals can file a complaint with the FTC using the FTC complaint: https://reportfraud.ftc.gov/#/

The Interoperability and Patient Access final rule requires CMS-regulated payers to implement and maintain a secure, standards-based Patient Access API that enables patients to access their health information through a third-party application of their choice.

UPHP is required to comply with the CMS Interoperability and Patient Access Final Rule and is using the Michigan Health Information Network (MiHIN) InterOp Station® to support these API connections with third party applications. 

In order to enable API connections, third party developers must register their app with the MiHIN InterOp Station to make the app available for use by UPHP members.

Please visit MiHIN InterOp Station for details on creating an account, registration, security attestations, privacy policy and technical information.