Blue Cross Blue Shield of North Dakota (BCBSND) Patient Access API

As an active BCBSND member, we are required to provide you access to your health history data through a “Patient Access API.” To access your data, you can choose from a variety of applications (apps) on your smart phone, tablet, computer or other device.

Patient Access API data includes personal information collected while you were enrolled in certain lines of business since January 1, 2016. The data remains for as long as we maintain it in our records.

Data includes:

  • Claims and “encounter” data about your interactions with health care providers
  • Clinical data we collect while providing you case management, care coordination or other services

Your health data may include very sensitive information about substance use disorder treatment, mental health treatment, HIV status or other personal information.

It’s important to understand the app you choose will have access to all your information. App are not subject to HIPAA Rules and other privacy laws that protect your health information. Instead, the app’s self-imposed privacy policy describes how it will use, disclose and (possibly) sell your data. You should be careful to choose an app the protects your data with strong privacy and security standards.

If you decide to access your information through the Patient Access API, carefully review the app’s privacy policy to ensure you’re comfortable with how they use your information.

BCBSND requests that app developers attest to having privacy and security policies. If they do not, we will notify the member before releasing his/her information.

When selecting an app, consider:

  • Will this app sell my data for any reason?
  • Will this app disclose my data to third parties for research, advertising or other reasons?
  • How will this app use my data? For what reasons?
  • Will the app allow me to limit how it uses, discloses or sells my data?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, can I stop the app’s access to my data? If so, how difficult will it be to stop access?
  • What is the app’s policy for deleting my data once I stop access? Do I have to do more than delete the app from my device?
  • How will this app inform me of changes in its privacy practices?
  • Will the app collect non-health data from my device, such as my location?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as family members?
  • Will the app permit me to access my data and correct errors? (Note that correcting data errors collected by the app will not affect the original data source.)
  • Does the app have a process for collecting and responding to user complaints?

If the app’s privacy policy does not satisfactorily answer these questions, you may wish to reconsider.

To select and register an app

  1. To begin, select an app from the Apple or Google Play store.
  2. On your selected app, follow prompts to connect your BCBSND data. On initial use, you will need to create a new account. This account is separate than your BCBSND member portal account.
  3. Each member on your BCBSND plan will need their own account to connect their data.

If you are a parent or guardian of a minor under age 12, an active health care power of attorney, or court ordered guardianship, we need to collect more information before processing your request. Please stop and call 844-363-8457 after December 1 so we can assist you with your request.

For all other scenarios, including covered 12- to 18-year-olds, members will need to create their own account to connect their data.

Covered entities and HIPAA enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces HIPAA Privacy, Security and Breach Notification Rules. BCBSND is subject to HIPAA, as are most health care providers, such as hospitals, doctors, clinics and dentists.

Get more information about your HIPAA rights and who is obligated to comply:
https://www.hhs.gov/hipaa/for-individuals/index.html.

Learn about filing a complaint with OCR related to HIPAA requirements:
https://www.hhs.gov/hipaa/filing-a-complaint/index.html.

You may also file a complaint with BCBSND by contacting the Customer Contact Center at 844-363-8457.

Apps and privacy enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to follow the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission (FTC) Act protects against deceptive acts (such as an app that discloses personal data in violation of its privacy notice).

An app that violates its own privacy terms is subject to FTC jurisdiction. The FTC provides consumers information about mobile app privacy and security here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps.

If you believe an app inappropriately used, disclosed or sold your data, contact the FTC. You may file a complaint by using the FTC complaint assistant: https://www.ftccomplaintassistant.gov/#crnt&panel1-1.

Application developer information

If you are an application developer looking to access the BCBSND API, visit https://apiportal.bcbsnd.com/ assistant: https://www.ftccomplaintassistant.gov/#crnt&panel1-1.