Patient Access API Member Education and Resources
The Rule gives you the right to see your own health data on a 3rd party health App you use on your mobile phone or computer. We will call this “your App.” This will allow you to make better decisions about your medical treatment. Santa Cruz County Behavioral Health gives your App access to your health data through a Patient Access API (Application Programming Interface).
What is an API? A simple way for two pieces of software to communicate with one another to get data. An example is when you send a message using a cell phone. Here, an API allows Santa Cruz County Behavioral Health to communicate with your App.
What is health data?
Health data is information about your medical history. Your doctors give us that information. It includes your name, your address, and your birthday. It also can include information about medical tests you have had, any medical conditions you might have had, and your insurance information. The health data that is available through your App includes data that Santa Cruz County Behavioral Health has collected about you, going back to January 1, 2016, or since you joined our plan.
How is my data available? Your data is available on a Patient Access API. The API will allow Santa Cruz County Behavioral Health to share your health data. It can be shared with your App. Santa Cruz County Behavioral Health has no control over how your App will use or share your health data.
What to think about before sharing your health data?
Before you agree to share your health data, you need to think about some things. Will your App sell your data? Will your App use your data for research or advertising? How will this app use your data? Will your App let you control how it can use your data? If you stop using your App, will your data be removed? If you no longer want to use your App, can you take away the App’s access to your data?
Is sharing information online safe? When making decisions about your health, you should only share your health data with people you trust, like your family or doctor. Never share your username or password. Store your paper records in a safe place. Only use software you trust and always use a password on your phone, tablet, and computer. Do not send any data by email unless you can protect it with a password.
Does your App fall under HIPAA?
HIPAA is the Health Insurance Portability and Accountability Act. This is a federal law that says your health information cannot be shared by Santa Cruz County Behavioral Health unless it is for health care treatment, payment or operations and other reasons allowed by the federal law.
Apps are not covered by HIPAA. Your App will have access to all your heath data once you allow it. You should read the App’s privacy policy to see how they the 3rd party health App may use your data. Make sure that you are comfortable with their rules. An App that publishes a privacy notice must do what it says in that notice. Apps may not be subject to other State and local privacy laws. What are your rights under HIPAA? If you want to learn more about your rights under HIPAA, visit this website: https://www.hhs.gov/ hipaa/for-individuals/index.html.
Apps are subject to other Privacy laws. For example, the FTC protects you against any App that breaks privacy rules. If an App breaks a privacy rule, the App will get in trouble. For more information from the FTC, click on this link: How To Protect Your Privacy on Apps | FTC Consumer Information.
How do you authorize Santa Cruz County Behavioral Health to share data with your App?
If you decide you want to use an App, you must authorize Santa Cruz County Behavioral Health to share data with it. There are 3 easy steps to do this from your App.
- Begin in your App. Your App will ask you to link your data from your health plan. Follow the instructions on your App to start the linking process.
- Step Two—Log in to your Santa Cruz County Behavioral Health Account. Your App will send you to the Santa Cruz County Behavioral Health Log In screen. If you have set up your member account with Santa Cruz County Behavioral Health, you will enter your Username and Password. If you have not set up your Santa Cruz County Behavioral Health account, you will set up your Santa Cruz County Behavioral Health account from this screen. Follow these simple steps:
- Click on the Register Now link from the Log In screen.
- Type in your name, date of birth, zip code, CHPDC Enrollee ID, and either your email address or cell phone number.
- Create a username and password. When you do this, a 6-digit code will be sent to you. You will get either an email or a text to your cell phone. Enter this code on the registration page to complete the account setup process.
- Step Three—Complete the Form.
- Fill in your name, home address, Santa Cruz County Behavioral Health Enrollee ID and phone number. Then, look at all the information that can be shared. If there is information you do not want to share, uncheck the box next to that information. When you click Submit, your data will be shared with the app.
Can minors share their PHI?
Members who are under the age of 12 are not allowed to share their health data unless their parent, guardian, or other personnel gives approval. Only explanation of benefit information will be available in a health app until a HIPAA form is filed with Santa Cruz County Behavioral Health.
Can someone else assist me?
You can have a Personal Representative help you. This is a family member or other person you trust. This person will have access to your health data. That person needs to do the following things.
Itemize the steps:
- Print a Personal Representative Form. Patients' Rights (Spanish)
- Fill in all the data on that form.
- Sign the form.
- Send the form to the Santa Cruz County Behavioral Health Privacy Office—the address is on the Form.
We will let you know if we need more information. Once Santa Cruz County Behavioral Health is done with their review, we will send an email to the family member or trusted person.
How do I protect my information?
Only share your information with people and apps you trust. These include doctors or others you see or rely on for care.
If you decide to use a health app, be sure it’s from a trusted source. If an app does not meet Santa Cruz County Behavioral Health security standards, it will be clearly labeled with a warning message. Please read that message.
What else can I do to keep my information safe?
Here are a few tips:
- Only use trusted health apps.
- Keep your passwords and log-in information private.
- Keep your private papers in a secure place.
- Purchase virus protection software for your computer.
What do you do if you think your data was used without your permission?
If you think your information was used without your permission, contact the Federal Trade Commission or the Washington, DC Office of the Attorney General.
Here is the information you will need to do this.
Federal Trade Commission Consumer Response Center
600 Pennsylvania Avenue,
NW Washington, D.C. 20580
1-877-IDTHEFT (438-4338) www.ftc.gov/idtheft
Office of the Attorney General for the District of Columbia
400 6th St. NW Washington DC 20001 Contact Us | Attorney General Brian Schwalb (dc.gov)
If you believe that a HIPAA-covered entity or its business associate violated your (or someone else’s) health information privacy rights or committed another violation of them, you may file a complaint with the (OCR). OCR can investigate complaints against covered entities (health plans, health care clearinghouses, or health care providers that conduct certain transactions electronically) and their business associate:
U.S. Department of Health and Human Services Office for Civil Rights
200 Independence Avenue, SW
Room 509F HHH Bldg.
Washington, D.C. 20201
1-800-368-1019, TDD: 1-800-537-7697.
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf