Interoperability and Patient Access

In compliance with the Interoperability and Patient Access Rule (CMS-9115-F), Alliant Health Plans is providing our members with a secure, standards-based Patient Access Application Programming Interface (API) that will allow you to store and access all of your personal health information (PHI) in one place. Complete access to your PHI will allow you to personally manage your health and know what health care resources are available to you, but extreme caution should be used to ensure that you are actively protecting your personal health information.

Starting in 2021, this new federal rule will make it possible for you to access and share your health information with health care providers via an app on your phone or computer concerning:

  • Claims (paid and denied)
  • Past test results
  • Your cost of care
  • Healthcare providers
  • Provider appointments
  • Health status
  • Specific parts of your clinical information
  • Pharmacy directory data (for Medicare Advantage Prescription Drug – MAPD – plans)

*CAUTION: Before choosing a third-party application programming interface or app, please consider the following information on how to choose a credible app provider and to better understand how storing your PHI in this way could impact your rights according to HIPAA – as well as the rights of any dependents listed on your insurance plan.

Please contact Alliant Customer Service at (866) 403-2785 to request access to your PHI.

Here are questions you’ll want to ask before releasing your personal information:

What health data will this app collect?

The app will collect your health data including, but not limited to, your claims, medications, diagnoses, procedures, and doctor visits. When you enroll in the app, you are giving your permission for the app to collect this information.

Will this app collect non-health data from my device, such as my location?

Apps do have the ability to collect non-health data such as location. Some apps let you have the option to provide that information. Alliant recommends that you contact your app provider about this.

Will my data be stored in a de-identified or anonymized form?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand how the app will store your data.

How will this app use my data?

Although the purpose of the app is for you to be able to see your data in one place, Alliant recommends that you request a Notice of Privacy Practices to understand how the app will use your data.

Will this app sell my data for any reason, such as advertising or research?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand if the app will share your data with third parties for advertising and research.

Will this app disclose or share my information with third parties?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand if the app will share your data with third parties.

How can I limit this app’s use and release of my data?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand how you can limit the use and release of your data.

What security measures does this app use to protect my data? Will they inform me if an incident occurs?

Alliant recommends that you request a Notice of Privacy Practices and additional information on security practices from the app provider to understand how they handle a security incident.

What impact could sharing my data with this app have on others, such as my family members?

Requesting your health data via an app could potentially include the health data of family members who are associated with your health account. If there is a breach of privacy, their personal health information could also be impacted.

How can I access my data and correct inaccuracies in data retrieved by this app?

To correct mistakes in your health data, you will need to contact your provider or health insurance company. The health app only makes data available from healthcare sources. The app does not create this data. If the app is showing incorrect information that was not sent to the app, then the app must correct this problem.

Does this app deal with collecting and responding to user complaints?

App providers may respond to user complaints in different ways. Alliant recommends that you ask your app provider about this.

If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data? Do I have to do more than just delete the app from my device?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand what happens to your data after you stop using the app.

What is the app’s policy for deleting my data once I terminate access/stop using it?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand what happens to your data after you stop using the app.

How does this app inform users of changes that could affect its privacy practices?

App providers may inform users of policy or app changes in different ways. Alliant recommends that you ask your app provider about this.

Why is the safety of my Personal Health Information (PHI) important to Alliant Health Plans?

At Alliant Health Plans, your privacy and the security of your PHI is a top concern. The new rule allows you to look up your information using an app from a third-party application developer – a company that may not have the same security measures in place as Alliant Health Plans.  For this reason, we want to you to be aware of the security risks that may be associated with releasing your PHI to a third-party app. Please feel free to contact Alliant Customer service at  (866) 403-2785 if you have any questions or concerns about your information and sharing it with a third-party application developer.

If I want to proceed, how can I do this correctly – ensuring my privacy is protected, as well as my family’s?

Please contact Alliant Customer service at (866) 403-2785 to access your PHI and learn about your next steps.

What are my rights under the Health Insurance Portability and Accountability Act (HIPAA)?

Alliant recommends that you ask the app provider for their Notice of Privacy and Security Practices. Most apps will not be covered by HIPAA. Most apps fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers on the FTC Consumer Information website. For apps that are subject to HIPAA, you can find more information about patient rights under HIPAA and who is obligated to follow HIPAA. You can also see the HIPAA FAQs for Individuals.

I’m not comfortable storing all of my healthcare info on an app. Do I have to?

No, you do not have to use an app to access your health care information. If you need to access your health care information, you can contact your doctor or provider or your health plan.

What are my rights when it comes to my data collected on this app?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand your rights.

What should I do if my data has been shared, stolen or an app has used my data inappropriately?

Alliant recommends that you request a Notice of Privacy Practices from the app provider to understand how they respond to a privacy and security incident. You have the right to file a complaint with enforcement agencies including the Office for Civil Rights (OCR) and the Federal Trade Commission (FTC). Most apps will not be considered covered entities under HIPAA. Most apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). Learn more about filing a complaint with OCR under HIPAA. Individuals can file a complaint with OCR using the OCR complaint portal.  Individuals can file a complaint with the FTC using the FTC complaint assistant.

What types of medical information can I see?

Patient Demographics

  • first name
  • last name
  • previous name
  • middle name
  • suffix
  • birth sex
  • date of birth
  • race
  • ethnicity
  • preferred language

New Demographics

  • current address
  • previous address
  • phone number
  • phone number type
  • email address

Allergies & Intolerances

  • substances (medications)
  • substances (drug class)
  • reaction

Clinical Notes

  • consultation note
  • discharge summary note
  • history & physical
  • imaging narrative
  • laboratory report narrative
  • pathology report narrative
  • procedure note
  • progress note

Vital Signs ****

  • body height
  • body weight
  • BMI percentile (2-20 years)
  • blood pressure
  • heart rate
  • respiratory rate
  • body temperature

Health Concerns
Immunizations
Procedures
Medications|
Laboratory Tests & Results
Assessment &Treatment Plan
Care Team Members

How can this help me? How can this hurt me?

This new rule allows you to have your medical information in one place, which could help you and your doctors or providers understand your health so that you can make decisions that would improve your health outcomes. This may reduce health care (2 words) costs, and this information could follow you to any provider or health plan in the future. The downfall is that this may increase your chances of a significant privacy breach if you decide to share your information with a third-party app provider. Please make your choice to share your personal information carefully and always request, read and understand your app provider’s Notice of Privacy Practices before transferring your PHI.

How many years back will my information go?

Any health information maintained by your Health Plan with a date of service January 1, 2016 or later will be made available.

What happens to my health information if I go to a different health plan or provider?

You will have access to your health information, no matter what health plan or provider you go to.

Do I have to use an app from Alliant Health Plans?

No, you are not required to use an app affiliated with Alliant Health Plans.

Will all of the apps keep my health information private?

There may be some apps that don’t follow all the privacy provisions. Alliant recommends that you request a Notice of Privacy Practices from the app. If the app does not provide you with a Notice of Privacy Practices, Alliant recommends that you choose another app.

When will I have access to my healthcare information through the app?

Once you have made the request for Alliant to share your Alliant Health Plan information with a third-party app, your PHI will be made available shortly.

How does a third-party app developer access the API?

Alliant Plans and Change Healthcare are working together to offer our members an interoperability solution based on the FHIR/HL7 standards. Applications from outside sources must first register with Change Healthcare Solution in order to access their APIs. The given data will subsequently be verified by Change Healthcare. The company works to make sure the program and the company that created it are offering a quality and secure application and that they can fulfill all contractual obligations. Following approval of the application, Client Ids and, if necessary, Client Secrets (For Confidential Applications) will be issued, and appropriate access to public keys will be established to guarantee the confidentiality of communications and the signatures of access requests (Public Applications).

Third-party apps that want to be included in the Change Healthcare App Registry must first register here. If you like to use already approved application you can go here.

Is there any API standard documentation that I should follow?

These are the required technical specifications and attributes necessary to successfully register an application (i.e., API syntax, datatypes and parameters, exceptions and exception handling, configurations etc.):

Where can I find the API Endpoints?

You can download a spreadsheet of API URL endpoints here. For more information on API endpoints may be found here,  

Please contact Alliant Customer Service at (866) 403-2785 to request access to your PHI.