Data Sharing

Application Programming Interface (API)

Data Sharing

Interoperability and API Access

Southwest Michigan Behavioral Health is now able to provide beneficiaries safe and easy access to their behavioral health claims data following Center for Medicare & Medicaid Services (CMS) rules. Based on the ONC 2015 Edition Cures Update (170.315(g)(10)), SWMBH created an API so approved third-party developers can provide access to beneficiary claims data using our secure Application Programming Interface (API).

An API is a set of rules that help software applications (apps) talk to each other and specify how apps request and share information, making it easier for systems to work together. A third-party app is a separate app made by another company that can connect with the primary system through APIs to allow more features and better communication between the apps.

HIPAA Protections and Your Healthcare Data

SWMBH protects your healthcare data according to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA keeps your personal health information (PHI) safe and secure by only allowing authorized people and companies to see it.

Your Rights Under HIPAA

As a beneficiary, you have specific rights over your healthcare data:

· Right to Access: You can access your healthcare information and request copies of your medical records from health plans and providers.

· Right to Request Amendments: If your healthcare data is incorrect, you can request changes to your records.

· Right to Privacy: Your healthcare data is safe from unauthorized access. Health plans and providers must follow strict privacy rules.

· Right to File a Complaint: If you think your privacy rights have been violated, you can file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). Learn more about this on their website here.

For more detailed information about your HIPAA rights, visit the official CMS webpage: Understanding HIPAA.

Important Notice: Third-Party Applications and HIPAA

Your healthcare data is protected by HIPAA when it is held by health plans or providers. However, third-party apps you use may not follow HIPAA rules. When you allow an app to access your data, it may not have the same privacy protections. Before using a third-party app, review its privacy policy to understand how your data will be handled and consider alternative options if you have concerns about the app’s privacy practices.

Understanding SWMBH’s Patient Access API

This API allows SWMBH beneficiaries to securely access their healthcare claims data that we maintain in our systems, to meet CMS standards for giving individuals more control and understanding over their healthcare information.

o Key features include:

§ Secure access to behavioral health claims data.

§ Third-party apps can get patient data with consent.

§ Beneficiaries can share their health info with trusted apps.

Choosing Safe Third-Party Applications

When selecting a third-party app to access your healthcare data, consider these tips:

· Understand How It Works: Learn how the app lets you access your health info. Review any guides provided by the developer.

· Security Features: The app should use strong passwords or multi-factor authentication for added security.

· Read the Privacy Policy: Ensure the app’s privacy policy clearly explains how your information will be used and shared.

· Know What Data the App Collects: Check what information the app collects beyond your healthcare data. Be cautious if it requests too much personal info.

· Data Storage: Understand where your data will be stored and if it will be accessed outside the U.S.

· Data Sharing: Look into how the app shares your data. Ensure you can opt out of sharing with third parties.

· Control Over Data: Choose apps that let you control how much data you share.

· Security Measures: Verify that the app uses encryption and other security protocols to protect your data.

· Complaint Handling: The app should have a clear process for addressing privacy concerns.

· Ending Access: Ensure you can easily stop the app from accessing your data when you no longer need it.

By following these guidelines, you can choose an app that keeps your health information secure and allows you to control your data.

Access to Healthcare Data

SWMBH provides beneficiaries with access to healthcare data. To access this data, beneficiaries must use a third-party application that connects to our API. We are accepting requests from developers to integrate their software to allow beneficiaries easy and secure access to their health records but there are currently no apps available.

Security and Privacy Measures

SWMBH prioritizes healthcare data security and follows HIPAA and CMS requirements to safeguard sensitive information. Our API includes:

· Encryption: All data shared via our API is encrypted.

· Authorization: Third-party developers must apply and be approved for access to beneficiary data. Beneficiaries have control over who can access their health information.

· Token-based Authentication: Access to data requires token-based authentication for an added level of security.

API Information

If you are a developer interested in connecting your application to our API, please review our Web Service API Documentation for full details on the security protocols and technical requirements. To apply for access to the API, please submit a written request helpdesk@swmbh.org.

For security reasons, Patient Access API endpoints are only available to application developers. Please review the API documentation information regarding how to access data via third-party applications or how to apply for API access as a developer.