Interoperability
and Third-Party Applications
Patient Access API
At eternalHealth, we believe your health information should be easy to access, easy to understand, and always protected. That’s why we offer the Patient Access API—a secure way for you to connect your health information to health apps you trust.
What Is the Patient Access API?
The Patient Access API is a safe, digital tool that lets you:
- View your health information in one place
- Connect your data to approved health apps
- Share information with providers or caregivers (if you choose)
Think of it as a way to secure a bridge between your health plan and your personal health apps.
Examples of health apps include Apple Health, Epic MyChart, Google Health Microsoft Health, and SMART. Only download and use an app if you approve of the app. Learn more about mobile app privacy.
What Information Can You Access?
The information that can be accessed through apps includes the following as long as we maintain it in our records:
- Claims and Encounter Data
- Medications and Pharmacy Records
- Provider Information
- Coverage and Benefit Details
How Can the Patient Access API Help You?
The information that can be accessed through apps includes the following as long as we maintain it in our records:
· Better Care Coordination – Your doctors can have the information they need.
· Smarter Health Decisions – See your medications and visits in one place.
· Convenience – No more searching through paperwork.
· Personalized Tools – Use apps to track your health and goals.
Is It Safe? Yes—Your Privacy Comes First
- You’re in Control – You choose if and when to share your information.
- Secure Technology – We use encryption and security protections.
- Trusted Access Only – Apps must meet requirements and need your permission.
- HIPAA Protections – Your data is protected under federal law.
Important: Once you share data with a third-party app, that app’s privacy practices apply. Sharing data with these apps includes data related to your interactions with your health care providers and data that eternalHealth collects when providing care management or other services for you. Any information disclosed may reveal potentially sensitive data such as medical diagnoses, procedures, and medications, which may contain information related to reproductive health, substance abuse, and more. If you enable an app to access any of your data, you enable access to all of your data.
How Do I Get Started?
Choose how you want eternalHealth to share your health information with third‑party apps. Complete the “Member Authorization Form” and send to interoperability@eternalhealth.com.
We will take it from here and you’ll be on your way to accessing your health information!
Can I Opt Out of Sharing My Information with the App?
Yes you can opt-out at any time. Complete the “Member Opt Out” Form and send to interoperability@eternalhealth.com.
We will process your opt-out request and no additional health information will be shared with the app(s).
Frequently Asked Questions
What is the patient Access API?
It is a secure way to access and share your health information using apps you choose.
Is my information safe?
Yes. eternalHealth uses strong security protections. You control what is shared.
Do I have to use it?
No. Using the Patient Access API is optional.
What apps can I use?
You can use apps that support Patient Access API. Be sure to review their privacy policies.
Can I stop sharing my data?
Yes. You can disconnect access at any time through the app. Filling out the “eternalHealth Opt Out Form” will prevent new access requests.
Will this cost me anything?
eternalHealth does not charge for API access. Some apps may have their own fees.
What information is shared?
Claims, medications, providers, and coverage details may be available.
Who can I contact for help?
Contact eternalHealth Member Services for assistance.
Covered Entities and HIPAA Enforcement
The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. eternalHealth is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and find who is obligated to comply with HIPAA here: https://www.hhs.gov/hipaa/for-individuals/index.html. To learn more about filing a complaint with the OCR related to HIPAA requirements, isit https://www.hhs.gov/hipaa/filing-a-complaint/index.html. You may also file a complaint with eternalHealth by contacting Member Services at 1-800-680-4568 (TTY 711).
Apps and Privacy Enforcement
Each app provider will have different policies; we suggest that you ask each app provider for their “Notice of Privacy Practices.” Additionally, note that most apps will not be covered by HIPAA, but will instead be subject to the jurisdiction of the Federal Trade Commission (FTC) and the protections offered by the FTC Act. The FTC provides information about mobile app privacy and security for consumers here:
https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps.
If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant:
https://www.ftccomplaintassistant.gov/#crnt&panel1-1.
What to do if you believe your health data has been breached or an application has used your data inappropriately?
If you think your HIPAA Privacy Rights have been violated, you can contact us at 1-800-680-4568 (TTY 711) toll-free, or you may contact our Privacy Office directly at the address below:
eternalHealth Privacy Officer eternalHealth, Inc.
31 Saint James Ave. Suite 950
Boston, MA 02116
If you believe a HIPAA-covered entity (e.g., a doctor, hospital, or a health plan like eternalHealth) has violated your HIPAA Privacy Rights, you may file a complaint with the Office for Civil Rights (OCR). The OCR is the agency within the U.S. Department of Health and Human Services (HHS) that investigates a complaint and has the authority to enforce the HIPAA privacy and security rules. To learn more about filing a complaint, visit HHS.gov.
Can Third-party App Developers Register to Use eternalHealth’s APIs?
Requests for API must be authorized by the eternalHealth member(s). Member directed requests for API access can be submitted to interoperability@eternalhealth.com and we will respond with access details to the member after verifying member authorization.
The eternalHealth Provider Directory and Formulary information are publicly available on our website.
Questions?
Call our Customer Service line at 1-800-680-4568 (TTY 711). Our hours are October 1st-March 31st 8:00am- 8:00PM local time, 7 days a week and April 1st-September 30th 8:00AM-8:00PM local time, Monday through Friday.
Citations 42 C.F.R. ? 422.119(g)
