The Centers for Medicare & Medicaid Services’ Patient Access Rule 

CMS’s Interoperability and Patient Access Rule requires Medicare, Medicaid, and CHIP health plans to grant electronic access to a member’s health history through a third-party Patient Access API app. The information that is available through the app will include information we collect about you while you have been enrolled in our health plan including: 

  • Claims data concerning your interactions with health care providers. 
  • Clinical data that we collect in the process of providing case management, care coordination, or other services to you. 

We want you to know that if you choose to disclose your health data through one of these apps, they will have access to all of your information. This might include things like mental health or substance abuse treatment, HIV status, or other sensitive information.  

Why do I need to be careful when sharing my information? 

It’s important to take an active role in protecting your health data. If you direct My Choice Wisconsin to share your health data with a third-party Patient Access API app, we have no control over how the app will use your health data. The app should have an easy-to-read privacy policy that clearly explains how the app will use your data. If an app does not have a privacy policy, you should consider not using the app.  

You should carefully review the privacy policy of any app you are considering using to ensure you are comfortable with what the app will do with your information. Consider the following factors when selecting an app to receive your health data: 

  • What health data will this app collect? 
  • How will this app use my data? 
  • Will this app collect non-health data from my device, such as my location? 
  • Will this app disclose my data to third parties for purposes such as research or advertising? 
  • Will this app sell my data for any reason, such as advertising or research? 
  • Will this app share my data for any reason? If so, with whom? For what purpose? 
  • Will the app allow me to limit how it uses, discloses, or sells my data? 
  • What security measures does this app use to protect my data? 
  • What impact could sharing my data with this app have on others, such as my family members? 
  • How can I access my data and correct inaccuracies in data retrieved by this app? 
  • Does this app have a process for collecting and responding to user complaints? 
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data? 
  • Is there clear information on how to terminate this app having access to my data?  
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device? 
  • How does this app inform users of changes that could affect its privacy practices? 

Member Records Release Authorization Consent 

If you wish to authorize My Choice Wisconsin to send your health records to a payer, fill out the Member Records Release Authorization Consent Form. Please return the form via fax, mail, or encrypted email: 

Fax: 608-245-3107 
Encrypted email: 
Or Mail:   Attn: Member Records Coordinator 
                     1617 Sherman Avenue 
                     Madison, WI 53704    

What is the Health Insurance Portability and Accountability Act (HIPAA)? 

The Health Insurance Portability and Accountability Act (HIPAA) is a federal law that regulates how personal health information is protected. My Choice Wisconsin is subject to HIPAA laws, as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to follow HIPAA here: 

 If you think your HIPAA Privacy Rights have been violated, you may file a complaint with the U.S. Department of Health and Human Services’ Office for Civil Rights at:   

 Are third-party apps required to follow HIPAA rules? 

Most third-party apps are not subject to HIPAA laws, which generally protect your health information. An app that publishes a privacy policy is required to comply with the terms set forth, but generally is not subject to other privacy laws. An app that violates the terms of its privacy policy will instead fall under the jurisdiction of the Federal Trade Commission (FTC) which protects against deceptive acts. The FTC provides information about mobile app privacy and security for consumers here: 

If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant: 

 App Developers API Support 

Explore and test APIs, view documentation, connect with a community of developers, and more: here and here.