Interoperability and Patient Access
Oakland Community Health Network (OCHN) is committed to providing secure health information to individuals and their healthcare providers. As part of the ONC 2015 Edition Cures Update (170.315(g)(10)), OCHN ensures that persons served and approved third-party developers can access health data through our secure APIs.
What is Interoperability?
An easy, secure way to exchange, access and integrate health information (Electronic Health Record (EHR)/Personal Health Record (PHR) and/or encounters) across systems. Access may be within any health system. App accesses the insurer’s system to get health information.
Why Interoperability?
Interoperability ensures that your health care insurer is compliant with federal government guidelines. Individuals get easy, secure access to health information. By sharing information with providers and using it for tracking personal health, members receive quality health care services and outcomes.
Click here to read more about the Interoperability and Patient Final Rule.
Key Points About Cures Act Payer Data Exchange:
- Interoperability focus: The primary goal is to promote interoperability, allowing different systems to easily communicate and share patient data without barriers.
- Patient access: The Cures Act also empowers patients to access their own health information from payers, giving them greater control over their healthcare data.
- API utilization: To facilitate data exchange, payers are required to implement APIs that enable secure access to patient information, including claims, clinical data, and encounter details.
- Benefits: This data exchange can lead to improved care coordination, better decision-making by healthcare providers, reduced administrative burdens, and enhanced patient experience.
Individuals Access to Healthcare Data
OCHN offers access to healthcare data specifically for our individuals served. To access this data, individuals will need to download and use a third-party application that connects to our healthcare data API. While no third-party applications are currently registered and available, we are actively accepting requests from app developers to integrate their software with our system, providing individuals with easy and secure access to their health records.
Security and Privacy Measures
OCHN is fully compliant with HIPAA and CMS requirements to protect sensitive information. Our API features multiple layers of security, including:
- Encryption: All data exchanged via our API is encrypted to ensure confidentiality.
- Authorization and Pre-registration: Third-party developers must go through a pre-registration process to gain access to individua’s data. Individuals served maintain full control over who can access their health information.
- Token-based Authentication: Access to data requires token-based authentication, adding an extra layer of security for every transaction.
- Appointment Reminders: Text Messaging Provided by Twilio.
Terms and Conditions
Oakland Community Health Network has partnered with Twilio to provide Appointment Reminders when individuals opt in. You can cancel the SMS service at any time. Just text “STOP” to the short code. After you send the SMS message “STOP” to Twilio, Twilio will send you an SMS message to confirm that you have been unsubscribed. After this, you will no longer receive SMS messages from Twilio. If you want to join again, just sign up as you did the first time and we will start sending SMS messages to you again. If you are experiencing issues with the messaging program, you can reply with the keyword HELP for more assistance, or you can get help directly from the ODIN Help desk at odin@oaklandchn.org. Carriers are not liable for delayed or undelivered messages. As always, message and data rates may apply for any messages sent to you from us and to us from you. You will receive messages 3 days and then 24 hours prior to the appointment. If you have any questions about your text plan or data plan, it is best to contact your wireless provider.
Individuals can cancel the SMS service/text messaging at any time by replying “Stop”. Message and data rates may apply for any messages sent to the individual from Twilio and from the individual back to Twilio. For a complete review of Twilio’s Terms of Service please visit their website at Terms and Conditions.
Privacy Policy
Oakland Community Health Network does not share, sell, or lease mobile information or opt-in data to any third party for marketing purposes. If you have any questions regarding Twilio’s Privacy Policy, please read their privacy policy found on their website at Privacy Policy.
If you are a developer interested in connecting your application to our API, please review our Web Service API Documentation for full details on the security protocols and technical requirements. To apply for access to the API, please submit a written request using the PCE API Access Request Form in Appendix A of our Web Service API Documentation.
Your Rights Under HIPAA
As a beneficiary, HIPAA grants you specific rights over your healthcare data, including:
- Right to Access: You have the right to access your healthcare information and request copies of your medical records from covered entities like health plans and healthcare providers.
- Right to Request Amendments: If you believe that your healthcare data is incorrect or incomplete, you have the right to request amendments to your health records.
- Right to Privacy: Your healthcare data is protected from unauthorized disclosure. Covered entities must follow strict privacy and security standards to ensure your information is only shared with authorized parties.
- Right to File a Complaint: If you believe your healthcare privacy rights have been violated, you have the right to file a complaint with the U.S. Department of Health & Human Services (HHS) Office for Civil Rights (OCR). You can learn more about how to file a complaint here. You can also file a complaint with the Federal Trade Commission (FTC). ReportFraud.ftc.gov is the federal government’s website where you can report fraud, scams, and bad business practices.
For more detailed information about your HIPAA rights, visit the official CMS webpage: Understanding HIPAA
API Information
In our ongoing effort to meet CMS interoperability standards, OCHN collaborates with our EHR vendor, PCE Systems. Together, we ensure the secure and compliant sharing of healthcare information in a way that meets the needs of our individuals while protecting their privacy.
Link to Web Service API Documentation
Provider Directory API: The Payer Data Exchange will allow for exposing some public facing access points that will allow for querying and displaying of provider directory data in the system. This allows for applications /sites developed by third party developers to query basic information out of payer systems. Please see link below to use OCHN’s Provider Directory API.
Provider Directory API endpoint: https://fhir.pcesecure.com:9443/PCEFhirServer/OAK/metadata
Provider Directory API endpoints: Refer to the above document for specific API endpoints.
Patient Access API: The public-facing Web Service API provides an interface into the PCE Care Management Version 9.4 system for the purposes of meeting criteria for ONC 2015 Edition Cures Update criteria test 170.315(g)(10).
Patient Access API endpoints: These are only available to application developers for security reasons. Please see the link above Web Service API Documentation regarding how to access data via third party applications or how to apply for API access as a developer.