Accessing Your Health Information
Oklahoma Medicaid Members can now access their Healthcare data electronically!
Oklahoma supports the new CMS rule which authorizes currently eligible Medicaid members to have electronic access to their Medicaid claim and health data through the authorized third party supplied application of their choice.
What are important things patients should consider before authorizing a third-party app to retrieve their health care data?
It is important that members take an active role in protecting their health information. Members should make informed decisions when choosing an app which will download, display and potentially share your personal healthcare information. Members should look for an easy-to-read privacy policy that clearly explains how the app will use your data. If an app does not have a privacy policy, we recommend that you do not to use the app.
Here are some questions that members should consider when choosing which application they will use to access their Medicaid healthcare data. Note: Oklahoma does not endorse any specific application.
- What health data will this app collect? Will this app collect non-health data from my device, such as my location?
- Will my data be stored in a de-identified or anonymized form?
- How will this app use my data?
- Will this app disclose my data to third parties?
- Will this app sell my data for any reason, such as advertising or research?
- Will this app share my data for any reason? If so, with whom? For what purpose?
- How can I limit this app’s use and disclosure of my data?
- What security measures does this app use to protect my data?
- What impact could sharing my data with this app have on others, such as my family members?
- How can I access my data and correct inaccuracies in data retrieved by this app?
- Does this app have a process for collecting and responding to user complaints?
- If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
- What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
- How does this app inform users of changes that could affect its privacy practices?
If the app’s privacy policy does not clearly answer these questions, consider not using the app to access your health information. Health information is very sensitive information, and members should be careful to choose apps with strong privacy and security standards to protect it.
Please review this list often, it will continue to grow as more third-party health apps are approved.
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here: https://www.hhs.gov/hipaa/for-individuals/guidance-materials-forconsumers/index.html
HIPAA FAQs for Individuals: https://www.hhs.gov/hipaa/for-individuals/faq/index.html
Most third-party apps will not be covered by HIPAA. Most third-party apps will instead fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps
To learn more about filing a complaint with OCR under HIPAA, visit:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html
Individuals can file a complaint with OCR using the OCR complaint portal:
https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf
Individuals can file a complaint with the FTC using the FTC complaint assistant: https://www.ftccomplaintassistant.gov/#crnt&panel1-1
- Review the apps available in the gallery.
- Review their terms of use and privacy statements.
- Select and download an app.
- Follow the apps procedures for connecting to <state PAI API Endpoint>
- Follow the registration screens to set up your ID and access to your Medicaid healthcare data.
Have more questions? View more frequently asked questions here.