Library

| Our Take

Privacy and security protocols for interoperable health apps

How payers can help members protect their personal health information


Overview

The mandate
Under CMS’ Interoperability and Patient Access Final Rule, payers offering government-purchased or subsidized plans must make members’ personalized health data available to them via third-party apps by July 1, 2021. In order to enable access, payers must build and implement Application Programming Interfaces (APIs), or standardized data transfer structures. Once implemented, patients can request personal clinical and claims data through third-party apps, introducing a new player to the health data ecosystem.

The problem
While interoperability gives members the opportunity to engage with their own health data, it also makes patient information more vulnerable to privacy risks. On top of apps having access to personalized health information (PHI), data that’s transferred to apps is no longer covered by HIPAA. This removes restrictions on how apps can collect and share PHI, creating opportunities for bad actors to aggregate and use patient data in ways that members are not aware of or did not intend.

The takeaway
While the Interoperability and Prior Authorization rule is not yet finalized, CMS has added a provision requiring payers obtain attestation from apps guaranteeing they follow certain privacy protocols. However, CMS has not specified what privacy protocols should be included and has not amended the circumstances in which a plan can deny apps access to their APIs. To fill this gap in federal guidance, industry groups have stepped in to create their own codes of conduct that cover three key elements of data privacy: disclosure and consent, data management and breach response. Plans must build off of these guidelines to educate their members on how to protect their PHI.


SPONSORED BY

INTENDED AUDIENCE

AFTER YOU READ THIS

Don't miss out on the latest Advisory Board insights

Create your free account to access 1 resource, including the latest research and webinars.

Want access without creating an account?

   

You have 1 free members-only resource remaining this month.

1 free members-only resources remaining

1 free members-only resources remaining

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox

You've reached your limit of free insights

Become a member to access all of Advisory Board's resources, events, and experts

Never miss out on the latest innovative health care content tailored to you.

Benefits include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox

This content is available through your Curated Research partnership with Advisory Board. Click on ‘view this resource’ to read the full piece

Email ask@advisory.com to learn more

Click on ‘Become a Member’ to learn about the benefits of a Full-Access partnership with Advisory Board

Never miss out on the latest innovative health care content tailored to you. 

Benefits Include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox

This is for members only. Learn more.

Click on ‘Become a Member’ to learn about the benefits of a Full-Access partnership with Advisory Board

Never miss out on the latest innovative health care content tailored to you. 

Benefits Include:

Unlimited access to research and resources
Member-only access to events and trainings
Expert-led consultation and facilitation
The latest content delivered to your inbox
AB
Thank you! Your updates have been made successfully.
Oh no! There was a problem with your request.
Error in form submission. Please try again.