Application Programming Interface (API)

Data Sharing

Interoperability and API Access

At Mid-State Health Network (MSHN), we want to give our beneficiaries safe and easy access to their healthcare data following Center for Medicare & Medicaid Services (CMS) rules. Based on the ONC 2015 Edition Cures Update (170.315(g)(10)), MSHN makes sure beneficiaries and approved third-party developers can access health data using our secure Application Programming Interfaces (APIs). An API is a set of rules that help software applications (app) talk to each other and specify how apps request and share information, making it easier for systems to work together. A third-party app is a separate app made by another company that can connect with the primary system through APIs to allow more features and better communication between the apps.

HIPAA Protections and Your Healthcare Data

MSHN protects your healthcare data according to the Health Insurance Portability and Accountability Act (HIPAA). HIPAA keeps your personal health information (PHI) safe and secure by only allowing authorized people and companies to see it.

Your Rights Under HIPAA

As a beneficiary, you have specific rights over your healthcare data:

  • Right to Access: You can access your healthcare information and request copies of your medical records from health plans and providers.
  • Right to Request Amendments: If your healthcare data is incorrect, you can request changes to your records.
  • Right to Privacy: Your healthcare data is safe from unauthorized access. Health plans and providers must follow strict privacy rules.
  • Right to File a Complaint: If you think your privacy rights have been violated, you can file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). Learn more about this on their website here.

For more detailed information about your HIPAA rights, visit the official CMS webpage: Understanding HIPAA.

Important Notice: Third-Party Applications and HIPAA

Your healthcare data is protected by HIPAA when it is held by health plans or providers. However, third-party apps you use may not follow HIPAA rules. When you allow an app to access your data, it may not have the same privacy protections. Before using a third-party app, review its privacy policy to understand how your data will be handled and consider alternative options if you have concerns about the app's privacy practices.

Understanding MSHN APIs

MSHN has two main APIs to meet CMS requirements and give beneficiaries and developers access to important healthcare information:

  1. Patient Access API: This API allows MSHN beneficiaries to securely access their healthcare data, including claims and clinical information, to meet CMS standards for giving individuals more control and understanding over their healthcare information.
    • Key features include:
      • Secure access to health data.
      • Third-party apps can get patient data with consent.
      • Beneficiaries can share their health info with trusted apps.
  2. Provider Directory API: This API helps beneficiaries find in-network healthcare providers.
    • Key features include:
      • Search for covered providers.
      • Help third-party apps show correct provider details.
      • Assist beneficiaries in finding healthcare professionals and services.

Choosing Safe Third-Party Applications

When selecting a third-party app to access your healthcare data, consider these tips:

  • Understand How It Works: Learn how the app lets you access your health info. Review any guides provided by the developer.
  • Security Features: The app should use strong passwords or multi-factor authentication for added security.
  • Read the Privacy Policy: Ensure the app’s privacy policy clearly explains how your information will be used and shared.
  • Know What Data the App Collects: Check what information the app collects beyond your healthcare data. Be cautious if it requests too much personal info.
  • Data Storage: Understand where your data will be stored and if it will be accessed outside the U.S.
  • Data Sharing: Look into how the app shares your data. Ensure you can opt out of sharing with third parties.
  • Control Over Data: Choose apps that let you control how much data you share.
  • Security Measures: Verify that the app uses encryption and other security protocols to protect your data.
  • Complaint Handling: The app should have a clear process for addressing privacy concerns.
  • Ending Access: Ensure you can easily stop the app from accessing your data when you no longer need it.

By following these guidelines, you can choose an app that keeps your health information secure and allows you to control your data.

Access to Healthcare Data

MSHN provides beneficiaries with access to healthcare data. To access this data, beneficiaries must use a third-party application that connects to our API. We are accepting requests from developers to integrate their software to allow beneficiaries easy and secure access to their health records but there are currently no apps.

Partnering for Interoperability

MSHN works with PCE Systems, our Electronic Health Record (EHR) vendor, to meet CMS standards. Together, we ensure the safe sharing of healthcare information while protecting privacy.

Security and Privacy Measures

MSHN prioritizes healthcare data security and follows HIPAA and CMS requirements to safeguard sensitive information. Our API includes:

  • Encryption: All data shared via our API is encrypted.
  • Authorization: Third-party developers must apply and be approved for access to beneficiary data. Beneficiaries have control over who can access their health information.
  • Token-based Authentication: Access to data requires token-based authentication for an added level of security.

API Information

Web Service API Documentationhttps://www.pcesystems.com/g10APIInfo.html
Provider Directory API endpoint:  

https://fhir.pcesecure.com:9443/PCEFhirServer/MSH/metadata

If you are a developer interested in connecting your application to our API, please review our Web Service API Documentation for full details on the security protocols and technical requirements. To apply for access to the API, please submit a written request using the PCE API Access Request Form in Appendix A of our Web Service API Documentation.

For security reasons, Patient Access API endpoints are only available to application developers. Please review the Web Service API documentation information regarding how to access data via third-party applications or how to apply for API access as a developer.