Interoperability

As a SummaCare Medicare or Marketplace member, you can now access and download your SummaCare health record information and both members and non-members can search for a doctor or pharmacy using a smart phone, computer, tablet or other electronic device. 

The Interoperability and Patient Access Rule from the Centers for Medicare & Medicaid Services (CMS) requires most CMS-regulated payers to implement and maintain a secure, standards-based Patient Access Application Programming Interface (API) that allows members to easily access their health records through third-party apps of their choice. These health records include health insurance claims and other information submitted to SummaCare by healthcare providers such as doctors and hospitals and may include cost and other clinical information.

SS&C Health is the company SummaCare has contracted with to manage the secure download of your data to the app of your choice.  

Please note: the ability to access and download your SummaCare health record information is not available to all SummaCare members, including those enrolled in our off-Marketplace, Commercial Group or Self-Funded plans. 

Important Information and FAQs for Members

Things to consider when selecting an app
The application in which you choose to share your health record information may not be subject to HIPAA privacy and security regulations. SummaCare cannot protect your personal health information once it is downloaded to third-party apps. Extra care should be taken to ensure that the application receiving your data has strong security and privacy policies.

When selecting a third-party app, look for an easy-to-read privacy policy that clearly explains how the app will use your data. If an app does not have a privacy policy, you should not use the app.

Consider the following when selecting an app:

• What health data will this app collect? Will this app collect non-health data from my device, such as my location?
• Will my data be stored in a de-identified or anonymized form?
• How will this app use my data?
• Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
• How can I limit this app’s use and disclosure of my data?
• What security measures does this app use to protect my data?
• What impact could sharing my data with this app have on others, such as my family members?
• How can I access my data and correct inaccuracies in data retrieved by this app?
• Does this app have a process for collecting and responding to user complaints?
• If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
• How does this app inform users of changes that could affect its privacy practices?

If the app’s privacy policy does not clearly answer these questions, reconsider using the app to access your health information. Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

Things to consider if you are part of an "enrollment group"
Some members, particularly those covered by Qualified Health Plans (QHPs) on the Federally-facilitated Exchanges (FFEs), may be part of an enrollment group where you share the same health plan as multiple members of your tax household. Often, the primary policy holder and other members can access information for all members of an enrollment group unless a specific request is made to restrict access to member data. Please be aware of how your data will be accessed and used if you are part of an enrollment group.

Your rights under the Health Insurance Portability and Accountability Act (HIPAA)
The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule. You can find more information about patient rights under HIPAA and who is obligated to follow HIPAA here.

Read the HIPAA FAQs for Individuals here.

Information about third-party apps and HIPAA

Third-party applications are required to submit their privacy and security practices to SummaCare (through SS&C) for approval to gain access to the API. SummaCare can deny or discontinue a third-party application's access to the API if such access is found to endanger the PHI stored and protected by SummaCare. 

Most third-party apps will not be covered by HIPAA. Covered entities include health care plans, including insurers and employer group plan sponsors, health care providers and healthcare clearinghouses. The entities with which a covered entity contracts to provide administrative or healthcare services are called business associates, and they are also subject to at least a subset of the HIPAA rules. To learn more about filing a complaint with OCR under HIPAA, click here. Individuals can file a complaint with OCR using the OCR complaint portal.

Third-party apps fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so).  The FTC provides information about mobile app privacy and security for consumers here.Individuals can file a complaint with the FTC using the FTC complaint assistant

Important Information for Developers

For complete API documentation from SS&C Health, click here.