Interoperability and Your Health Information

Interoperability is only available to those members enrolled in government types of health insurance coverage. For CommunityCare, that means members enrolled in an individual plan (metal level plans purchased through healthcare.gov only) or enrolled in one of our Medicare Advantage plans have the potential to use third-party applications to view benefit information.

What is Interoperability?

It is the ability of different information systems, devices and applications (systems) to access, exchange, integrate and cooperatively use data in a coordinated manner, to provide timely and seamless portability of information and optimize the health of individuals and populations globally. Through interoperability, systems and devices can exchange data and interpret that shared data so the consumer understands it and can use it in their treatment and care decisions.

What it means for you: Access to your health information

It is important for our members to take an active role in protecting their health information. Helping you know what to look for when choosing an app can help guide you to make more informed decisions. Look for an easy-to-read documentation and privacy policy that clearly explains how the app will use your data. Using an app that does not have a privacy policy is not advised.

What you should consider:

  • What health data will this app collect? Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

If the app's privacy policy does not clearly answer these questions, you should reconsider using the app to access your health information. Health information is very sensitive information, so it is important to choose an app with strong privacy and security standards to protect it.

What types of organizations may or may not be covered under HIPAA?

The Health Insurance Portability and Accountability Act (HIPAA) requires that Covered Entities protect the privacy and security of your health information. Covered Entities include health care providers, health insurance plans, and healthcare clearinghouses. Physicians, hospitals, and other entities that provide your care are usually HIPAA covered entities. CommunityCare is a covered entity. The Health and Human Services Office of Civil Rights (OCR) oversees Covered Entities’ compliance with HIPAA to ensure they are following requirements to protect your health information.

Most apps are not covered by HIPAA. Instead, the Federal Trade Commission (FTC) oversees their compliance with the FTC Act, which protects against deceptive practices, such as an app sharing personal data without permission. We suggest you review the Notice of Privacy Practices for the app provider for information on how your data will be shared.

Filing a Complaint

If you suspect inappropriate use of your data by a third party application, you may file a complaint directly with the Federal Trade Commission (FTC) by using the FTC complaint assistant found at https://reportfraud.ftc.gov/ or by contacting the FTC Consumer Response Center at 877-382-4357.

In addition, you may file a complaint about a potential data breach or violation of your privacy rights directly to the Secretary of Health and Human Services, 200 Independence Avenue SW, Washington, D.C. 20201, phone (877) 696-6775(toll free), or through the Office of Civil Rights complaint portal at https://ocrportal.hhs.gov/ocr/smartscreen/main.jsf.

If you believe that your privacy rights have been violated or that your data has been used inappropriately, you may report the matter to CommunityCare by calling CommunityCare's Customer Service Department or by writing directly to our Compliance Officer. Complaints to CommunityCare’s internal privacy office may be directed to our Grievance and Appeals Coordinator or Compliance Officer:

CommunityCare
Customer Service, Tulsa: (918) 594-5200
Customer Service, Statewide toll-free: 1-800-278-7563
Customer Service, TTY/TDD: toll-free: 1-800-722-0353

CommunityCare
Attn.: Compliance Officer
Two West Second Street, Suite 100
Tulsa, OK 74103

CommunityCare
Attn.: Grievance and Appeals Coordinator
P.O. Box 3249
Tulsa, OK 74101

Provider Directory API

How to register your third-party application - for App Developers

The developer portal, linked below, provides documentation on how to use and access to our patient access APIs. Our APIs are based on the Health Level 7® (HL7) Fast Healthcare Interoperability Resources (FHIR®) 4.0.1 standard.