What is Patient Access API?

Patient Access API is a system that allows for the secure transfer of information from BlueCross to apps of your choosing. You can use these apps to access information from your health plan. This includes records from your doctor visits or clinical information we may use for case management, care coordination, or other programs or services. 

Right now, this option is available to our Medicare Advantage and Affordable Care Act (ACA) plan members. It may expand to include other plans in the future.

We value your privacy and won’t release your information without your consent. If you do consent for us to share your data, we can ensure its transfer is secure. We cannot, however, control how a third-party app uses your information once we release it. 

Protect your privacy

We strongly recommend you carefully vet third-party apps before connecting them with Patient Access API. A good place to start is by reading the terms of use. This sometimes is called the end user licensing agreement. Also review the app’s privacy policy. Look for details such as:

  • What health information the app collects
  • If it collects non-health information, such as your location from your device
  • How the app stores information 
  • What security measures are in place for protecting your privacy
  • Whether the app shares or sells information, such as for advertising or research
  • If the app allows you to limit disclosure of your data
  • If there are impacts to your family members’ privacy
  • How the app allows you to access and correct inaccuracies to your data 
  • Whether the app has a process for collecting and responding to a complaint 
  • How to terminate the app's access to your data if you no longer want the app to have access to your health information 
  • What the app requires to delete your data when you terminate access 

Your privacy on mobile apps

It's important to know about privacy settings on apps. When you download apps, they often ask for permission to access personal information like contacts, your location or even your camera. They may need this information to make the app work, but they also may share this information with other companies. 

Before you install an app, here's what you can do to better protect your privacy:

  • Use official app stores: To reduce the risk of installing potentially harmful apps, download apps only from official app stores, like those provided by your device's manufacturer or operating system. Also, research the developer before installing an app. 
  • Know what information the app will be able to access: Before you download an app, read the app’s privacy policy to see how your data will be used or if your data will be shared. Is the policy vague about how the app will share your data? If it is, or if you’re not comfortable with how your information could be shared, you might want to find another app.
  • Check out the permissions: To gain access to information like your location or contacts or to get access to features like your camera and microphone, apps need your permission. You may be asked to give permission when you first download the app, or at the time the app first tries to access that information or feature. Pay close attention to the permissions the app requests. For example, does it really need to access your location or photos to do its job? 

Your privacy on apps you already use

If an app is already on your phone or tablet, there are still some things you can do to protect your privacy: 

  • Review the app’s permissions: Go to your settings to review the permissions to make sure the app doesn’t have access to information or features it doesn’t need.
  • Turn off unnecessary permissions: Consider deleting apps that need a lot of permissions. Some apps request lots of permissions that aren’t needed for the app’s function. Pay special attention to apps that have access to your contact list, camera, storage, location and microphone.
  • Limit location permissions: Some apps have access to your device’s location services. If an app needs access to your location data to function, think about limiting the access to only when the app is in use. 
  • Don’t automatically sign in to apps with a social network account: Signing in to an app with your social network account information often lets the app collect information from your social network account and vice versa. If you aren’t OK with that, use your email address and a unique password to sign in.
  • Keep apps updated: Apps with out-of-date software may be at risk of being hacked. Protect your device from malware by installing app updates as soon as they’re released.
    Delete apps you don’t need. To avoid unnecessary data collection, if you’re not using an app, delete it.

Your rights under HIPAA

You have rights under the Health Insurance Portability and Accountability Act (HIPAA). The U.S. Department of Health and Human Services Office for Civil Rights enforces them with the HIPAA Privacy, Security and Breach Notification Rules, and the Patient Safety Act and Rule. BlueCross is subject to HIPAA, as are most health care providers, such as hospitals, doctors, clinics and dentists.

Important: Most third-party apps will not be covered by HIPAA. Most third-party apps will fall under rule of the Federal Trade Commission (FTC) and the protections in the FTC Act. The FTC Act, among other things, protects against deceptive acts (for example, if an app shares personal data without permission, even though it has a privacy policy that says it will not).

Find out more about patient rights under HIPAA and who needs to follow HIPAA
See frequently asked questions about HIPAA
Get FTC information on how to protect your privacy on apps

Getting started

Once you’ve selected a third-party app, you can provide authorization for us to share your information with that app through My Health Toolkit®. Simply follow the link provided in the patient portal. If you want to connect with multiple apps, you’ll need to complete a separate authorization for each one.

With your consent, BlueCross will allow the authorized third-party app to access information such as your:

  • Name
  • Address
  • Diagnoses
  • Treatments
  • Prescription drugs
  • Claims data
  • Case management services
  • Other additional medical data

This will include records from January 1, 2016, to the current year.

Questions and complaints 

If you believe an app has inappropriately used, disclosed or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant.

If you want more information about our privacy practices, or if you have questions or concerns, please contact us using the provided information. If you believe we may have violated your privacy rights, you may submit a complaint to us using this contact information. You also may submit a written complaint to the U.S. Department of Health and Human Services. We will provide you with that address upon request. We support your right to the privacy of your medical information. We will not retaliate in any way if you choose to file a complaint with us or with the U.S. Department of Health and Human Services.

Attn: Privacy Officer
I-20 East @ Alpine Road (AX-E01)
Columbia, SC 29219
Telephone: (803) 264-7258 
Fax: (803) 264-7257

You may also file a civil rights complaint with the U.S. Department of Health and Human Services, Office for Civil Rights.

U.S. Department of Health and Human Services
200 Independence Avenue, SW Room 509F, HHH Building
Washington, D.C. 20201

To file a complaint online, visit the Office for Civil Rights Complaint Portal. You can also find complaint forms on the HHS website
Telephone: 1-800-368-1019
TDD: 800-537-7697

Frequently asked questions

How can I assist my grandmother or another family member in downloading their personal health information onto a third-party app?

You will need to be designated a personal representative for your grandmother. You can download an Authorization To Disclose Protected Health Information form to achieve this. You can also call the number on the back of your grandmother’s member ID card to talk with a customer service advocate. Once you have submitted that form, you will be granted access.

How do I revoke my authorization for releasing data to a third-party app?

Call the number on the back of your member ID card to speak with a customer service advocate.

Why did I get a message saying I cannot import my information into a third-party app?

At this time, only ACA and Medicare Advantage plan members can import their data.

Why do I need to create a username and password?

If you don't already have a My Health Toolkit account, you'll need to create one to provide your authorization. This is so we can confirm you are a health plan member. You can use your My Health Toolkit account to access your benefits information and self-service tools for your health plan. The third-party app you choose will require a separate login, since that is separate from BlueCross.

Why do I need to sign this authorization?

We need your authorization to release protected health information to a third-party app. We also use this authorization to let you know that the app is not subject to federal health information privacy laws such as the Health Insurance Portability and Accountability Act (HIPAA). While we, your insurer, are subject to that law, third-party apps are regulated by the Federal Trade Commission (FTC).

How can I get a third-party app?

Several third-party apps are available. You can download them from the app stores for both Apple and Android devices.

We’re making it easier to access your patient information.

Some BlueCross BlueShield of South Carolina members now have the option to retrieve some of their health information via third-party apps that connect through the Patient Access Application Programming Interface (API). If this option is available to you, it’s important to understand how it works and how it might affect your privacy.

Some links on this page lead to third-party websites. Those parties are solely responsible for the contents and privacy policies of their sites. 

Complementary Content