Key Points About Cures Act Payer Data Exchange:
- Interoperability focus: The primary goal is to promote interoperability, allowing different systems to easily communicate and share patient data without barriers.
- Patient access: The Cures Act also empowers patients to access their own health information from payers, giving them greater control over their healthcare data.
- API utilization: To facilitate data exchange, payers are required to implement APIs that enable secure access to patient information, including claims, clinical data, and encounter details.
- Benefits: This data exchange can lead to improved care coordination, better decision-making by healthcare providers, reduced administrative burdens, and enhanced patient experience.
Individuals Access to Healthcare Data
OCHN offers access to healthcare data specifically for our individuals served. To access this data, individuals will need to download and use a third-party application that connects to our healthcare data API. While no third-party applications are currently registered and available, we are actively accepting requests from app developers to integrate their software with our system, providing individuals with easy and secure access to their health records.
Security and Privacy Measures
OCHN is fully compliant with HIPAA and CMS requirements to protect sensitive information. Our API features multiple layers of security, including:
- Encryption: All data exchanged via our API is encrypted to ensure confidentiality.
- Authorization and Pre-registration: Third-party developers must go through a pre-registration process to gain access to individua’s data. Individuals served maintain full control over who can access their health information.
- Token-based Authentication: Access to data requires token-based authentication, adding an extra layer of security for every transaction.
If you are a developer interested in connecting your application to our API, please review our Web Service API Documentation for full details on the security protocols and technical requirements. To apply for access to the API, please submit a written request using the PCE API Access Request Form in Appendix A of our Web Service API Documentation.
Your Rights Under HIPAA
As a beneficiary, HIPAA grants you specific rights over your healthcare data, including:
- Right to Access: You have the right to access your healthcare information and request copies of your medical records from covered entities like health plans and healthcare providers.
- Right to Request Amendments: If you believe that your healthcare data is incorrect or incomplete, you have the right to request amendments to your health records.
- Right to Privacy: Your healthcare data is protected from unauthorized disclosure. Covered entities must follow strict privacy and security standards to ensure your information is only shared with authorized parties.
- Right to File a Complaint: If you believe your healthcare privacy rights have been violated, you have the right to file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). You can learn more about how to file a complaint here. You can also file a complaint with the Federal Trade Commission (FTC). ReportFraud.ftc.gov is the federal government’s website where you can report fraud, scams, and bad business practices.
For more detailed information about your HIPAA rights, visit the official CMS webpage: Understanding HIPAA
API Information
In our ongoing effort to meet CMS interoperability standards, OCHN collaborates with our EHR vendor, PCE Systems. Together, we ensure the secure and compliant sharing of healthcare information in a way that meets the needs of our individuals while protecting their privacy.
Link to Web Service API Documentation
Provider Directory API: The Payer Data Exchange will allow for exposing some public facing access points that will allow for querying and displaying of provider directory data in the system. This allows for applications /sites developed by third party developers to query basic information out of payer systems. Please see link below to use OCHN’s Provider Directory API.
OCHN’s Provider Directory API (PDF)
Provider Directory API endpoint: https://fhir.pcesecure.com:9443/PCEFhirServer/OAK/metadata
Provider Directory API endpoints: Refer to the above document for specific API endpoints.
Patient Access API: The public-facing Web Service API provides an interface into the PCE Care Management Version 9.4 system for the purposes of meeting criteria for ONC 2015 Edition Cures Update criteria test 170.315(g)(10).
Patient Access API endpoints: These are only available to application developers for security reasons. Please see the link above Web Service API Documentation regarding how to access data via third party applications or how to apply for API access as a developer.
