New Ways to Access Your Health Information

The Interoperability and Patient Access rule (CMS-9115-F) allows you to access your health information using the mobile application of your choice.

About The CMS Interoperability and Patient Access Rule:

The CMS Interoperability and Patient Access Rule allows you to access your health information using a registered third-party application(s) of your choice. This information includes:

  1. Claims and Explanation of Benefits
  2. Certain parts of your clinical record, such as lab tests
  3. Care Plan Information
  4. Pharmacy information (for Medicare only)

From the registered third-party application(s) or “app(s)” of your choosing, you can request via the in-app consent process that your Positive Healthcare data be shared with that application. You will need to select either Aids Healthcare Foundation or Positive Healthcare as your insurer, provide identifying information for authentication, and authorize the release of information to the third-party application you choose.

Positive Healthcare provides your health data to third-party applications upon your consent using a standard API (Application Programmer Interface), but how your health information is presented and used depends on the application you choose. For a list of applications that have connected to data provided by Positive Healthcare, see CARIN My Health Application.

Protecting Your Privacy - Your Rights and Responsibilities

Many of these third-party applications aren’t bound by the same strict privacy and security requirements that govern health care organizations like Positive Healthcare. We cannot guarantee the security of your private information once you authorize its released to a third party application. You are in the driver’s seat, so it’s important for you to do your homework before you choose to share your health information with a third-party application.

Unlike healthcare providers and health plans, most third party applications are not covered by HIPAA (Health Insurance Portability and Accountability Act).  Instead, they are covered by the Federal Trade Commission (FTC) and the protections given by the FTC Act. The FTC Act protects against deceptive acts. (For example: if an app shared private data without consent, even though their privacy policy says they will not do so). For people who live in California, Personally Identifiable Information (PII) data is governed and secured under the California Medical Information Act (CMIA) and the California Consumer Privacy Act (CCPA). It is important for you to ask for and review Privacy Policies and Terms of Use before choosing to authorize release of your health information to a third-party application.

When reviewing Privacy Notices and Terms of Use, you should ask questions including:

  • What health data will this app collect? Will this app collect non health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access?
  • Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

If the third-party app’s privacy policy does not clearly answer any of these questions, you should reconsider using the app to access your health information. The office of the National Coordinator for Health Information Technology (Patient Access Information for Individuals: Get it, Check it, Use it! | and the Federal Trade Commission (How To Protect Your Privacy on Apps | Consumer Advice ( offers resources and information about your rights.

If you think your data may have been breached or used inappropriately by a third-party app, you may file a complaint with the Federal Trade Commission ( You can also contact the Office for Civil Rights (

Additional Questions?

For questions or help contact Member Services: (800) 263-0067

PHP is an HMO with a Medicare contract. Enrollment in PHP depends on contract renewal.

PHC California:
For questions or help contact Member Services: (800) 263-0067


Third-Party Developers: 

To offer interoperability services to Positive Healthcare members, please get in touch with our interoperability API vendor, 1up Health, for registration, documentation, and API access. Developers (

Page Updated: April 4, 2024 @ 8:21pm