Interoperability refers to the U.S. Department of Health and Human Services (HSS) rules that require certain health insurance issuers to provide certain member health records electronically to a third party application (App) upon a member’s request.
Health Insurance Portability and Accountability Act of 1996 (HIPAA) sets standards to address the use and disclosure of individuals’ health information (known as “protected health information”) by entities subject to the Act. These individuals and organizations are called “covered entities.” HIPAA also contains standards for individuals’ rights to understand and control how their health information is used.
Health plans include health insurance companies, health maintenance organizations, government programs that pay for healthcare (Medicare for example), and military and veterans’ health programs.
HIPAA also applies to business associates of HIPAA-covered entities and their subcontractors. A business associate can be an individual or company that provides services to a HIPAA-covered entity which requires them to have access to, store, use, or transmit protected health information.
Generally speaking, third party applications such as those that used to obtain health records under the Interoperability provisions are not considered covered entities or business associates under HIPAA.
It is important to note that health insurance issuers are not responsible for the privacy or security of any protected health information (PHI) once it has been received by the third party application that you have chosen.
Developer-friendly, standards-based APIs that enable 3rd party applications for vendors to connect their application or programs to access Summit Health data. Access the Developer Portal
Individuals can file a complaint with the FTC using the FTC complaint assistant
The Office for Civil Rights (OCR) encourages individuals to file complaints about HIPAA-covered entities, or their business associates, if they feel that your privacy has been violated. Individuals are also able to file complaints if they believe the privacy of other individuals have been violated.
To learn more about learn more about filing a complaint with OCR under HIPAA
Individuals can file a complaint with OCR using the OCR complaint portal
Last updated Oct. 1, 2022