Interoperability
Upper Peninsula Health Plan (UPHP) is required by the Centers for Medicare and Medicaid Services (CMS) to provide you electronic access to your health information. This is done through a patient access application programming interface (API). As a UPHP member, this only includes information we collect about you, such as:
- Medical and pharmacy claims
- Clinical data, such as care plans, care teams, and health barriers, for example
- Your list of covered drugs (formulary)
- Provider and pharmacy directory
Interoperability allows you to share your health information with third-party applications so that you can use your healthcare data in a way that works for you! UPHP partners with 1UpHealth, a leader in interoperability technology, to give you access to your healthcare data.
What Apps Can I Use to Get My Health Data?
1UpHealth reviews and approves the apps that UPHP members can use to access their health information. Below is the list of currently approved apps, which are available in the app gallery.
How Can I Keep My Information Safe?
UPHP takes information security very seriously. The new rules give every member the right to share their personal health information with whoever they choose, and some apps may not have the same security measures as us.
The rules do not allow UPHP to limit which apps you share your information with. It is up to you to decide if an app is trustworthy. Here are some things to keep in mind when deciding which app you will use:
- Review the app’s Privacy Policy and/or Terms of Service. You should feel comfortable asking whether the third-party app has a Privacy Policy and/or Terms of Service. In some instances, the app’s privacy and security language may be in the app’s Terms of Service and not a separate Privacy Policy. If the app does not have a Privacy Policy, you should evaluate the possible risks in moving forward with the app.
- What are my rights under the Health Insurance Portability and Accountability Act (HIPAA), and who must follow HIPAA? The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification rules and the Patient Safety Act and Rule. The HIPAA Privacy Rule covers health plans, healthcare clearinghouses, and healthcare providers who conduct certain financial and administrative transactions electronically. UPHP is subject to HIPAA.
- Learn more about rights under HIPAA and who is obligated to follow HIPAA.
- Read more about HIPAA FAQs for individuals.
- Are third-party apps covered by HIPAA? Most third-party apps will not be covered by HIPAA because they are not affiliated with entities governed by the HIPAA Privacy Rule. Third-party apps likely fall under the Federal Trade Commission (FTC)’s jurisdiction and the protections provided by the FTC Act. Among other things, the FTC Act protects against deceptive acts (e.g., if an app shares personal data without permission despite having a privacy policy stating that it will not do so).
- Learn more from the FTC about mobile app privacy and security.
What Should I Do If I Think An App Has Used My Information Inappropriately?
If you believe your data through a third-party app was used inappropriately or breached, there are resources available to help you.
- Contact UPHP’s Customer Service Department: 1-800-835-2556 (TTY: 711).
- You should contact the Office for Civil Rights (OCR) and file a complaint through their Complaint Portal Assistant.
- Learn more about How Websites and Apps Collect and Use Your Information or Report Fraud through the Federal Trade Commission.
Frequently Asked Questions:
- What is Interoperability?
In 2020, the Centers for Medicare and Medicaid Services (CMS) developed rules to help people access their health insurance information more easily. This concept is called interoperability. The rule is called the CMS Interoperability and Patient Access Rule. If you have purchased individual coverage through the ACA Marketplace, your plan is covered under these new rules. Learn more about CMS Patient Access Rule CMS-9115-F.
Interoperability allows different health information systems and organizations to work together to help ensure effective healthcare communications. Health plans must provide certain health information, such as claims, provider directories, laboratory, and other clinical information, in a digital, shareable format. Interoperability allows you to access your health information on a mobile or other electronic device securely for personal use through an app. For example, you could show your information to healthcare providers to create a more complete picture of your health and healthcare.
Your information will not be automatically shared. You are the owner of your data and have control over who has access to it.
How Does Interoperability work?
Interoperability uses FHIR® (pronounced fire) as a data exchange standard for healthcare information using modern web technologies. FHIR® was developed by HL7, a Standards Development Organization. FHIR® is based on modern web technologies that software developers can easily use, without in-depth healthcare domain knowledge. FHIR® resources are open source and available to any developer, which allows for limitless connections to applications (apps), providers, payers, and patients. Information on FHIR® can be found here: HL7 FHIR R4 (Version 4.0.1)
The Interoperability and Patient Access final rule requires CMS-regulated payers to implement and maintain a secure, standards-based Patient Access API that enables patients to access their health information through a third-party application of their choice.
UPHP is required to comply with the CMS Interoperability and Patient Access Final Rule and is using the 1upHealth to support these API connections with third party applications. Developers interested in creating an account with 1UpHealth should review Overview for Developers.
UPHP’s Patient Access API & Provider Directory API or FHIR Server Capability Statement outline the supported resources and function names. Documentation surrounding API syntax, function/operations, parameters and example queries can be found in the 1upHealth API References page.
Information regarding errors:
APIs and Relevant Standards and Implementation Guides (IGs)
ONC Standards Version Advancement Process (SVAP) (PDF)
View a chart of required API interoperability standards and recommended IGs by API (PDF)
General
United States Core Data for Interoperability (USCDI) Version 1.0.0 and Version 3.0.0
HL7 SMART Application Launch Framework IG Release 1.0.0
HL7 FHIR CARIN Consumer Directed Payer Data Exchange (CARIN IG for Blue Button®) IGSTU 2.0.0
HL7 FHIR Da Vinci Payer Data Exchange (PDex) IG STU 2.0.0
Patient Access
Open ID Connect Core 1.0, incorporating errata set 1
HL7 FHIR Da Vinci – Payer Data Exchange (PDex) U.S. Drug Formulary IG STU 2.0.1
Page Last Updated: 09/29/2025