Data Sharing and Privacy

Health data rules and what they do

Known as the Interoperability and Patient Access Rules, the new regulations have two goals:

  1. Update how health plans, providers, and patients share information.
  2. Let you decide who can see your health information.

What does this mean for you and your health plan?

We're committed to making sure that you have access to the information that you need to make decisions about your health. This means all your claims and clinical data in our systems must be made available to you through the third-party applications of your choice.  

We've contracted with 1upHealth, an industry leader in healthcare data integrations using a cutting-edge data standard called Fast Healthcare Interoperability Resources (FHIR), to give you access and the ability to share your data. If you choose to access your healthcare data through an application you will be asked to connect these applications using the 1upHealth platform. To do this, you must confirm your identity for 1upHealth and Medica Central Insurance Company.

How it works

Step 1: Go to the 1upHealth App Gallery.

Step 2: Select the third party app of your choice.

Step 3: Follow the registration steps in the app and then connect your  member account information by entering the user ID and password that you use to sign in to your member account. After we verify your identity, we'll share your healthcare data with the application you have chosen.

Step 4: Review and approve the data-sharing privacy statement.

Once the steps above are completed, Medica Central Insurance Company will share your health care data with the third-party application you have chosen through the 1upHealth platform.

Why share your data

It can help health plans and providers get on the same page. The rule allows you to use apps to see data we have from providers. When they can freely — and safely — share data, it allows all parts of your care to work together. And that may help you get better care at lower costs.

Privacy risks

Third parties may not be subject to HIPAA or other federal or state privacy laws. They may use your data in ways you don't know about or don't want.  So, please take time to think about who you want to have access to it. Only share it with third parties that you trust.

We won't share your data unless you authorize it or unless otherwise required or permitted by law. If you ask us to share your data with a third party, we can no longer protect or control what happens to the shared data. We encourage you to read and understand the privacy policies of any third party before authorizing us to send your data to the third party.

Note: Not everyone can choose to share their health-care data.

You can choose to share your data if you have one of these health insurance plans:

  • Individual and family
  • Medicare Advantage
  • Medicaid

Things you should consider when selecting an app to share your data

  • Will this app sell my data for any reason?
  • Will this app disclose my data to third parties for purposes such as research or advertising?
  • How will this app use my data? For what purposes?
  • Will the app allow me to limit how it uses, discloses, or sells my data?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, can I terminate the app's access to my data? If so, how difficult will it be to terminate access?
  • What is the app's policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How will this app inform me of changes in its privacy practices?
  • Will the app collect non-health data from my device, such as my location?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • Will the app permit me to access my data and correct inaccuracies?
  • Does the app have a process for collecting and responding to user complaints?

Covered entities and HIPAA enforcement

The U.S. Department of Health and Human Services' Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. Medica Central Insurance Company is subject to HIPAA as are most healthcare providers, such as hospitals, doctors, clinics, and dentists.

You can find more information about your rights under HIPAA and who is obligated to comply with by visiting: HIPAA for individuals.

To learn more about filing a complaint with OCR related to HIPAA requirements, visit the website for the U.S. Department of Health & Human Services.

Apps and Privacy Enforcement

An app generally will not be subject to HIPAA. An app that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws. The Federal Trade Commission Act protects against deceptive acts (such as an app that discloses personal data in violation of its privacy notice). An app that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission (FTC).

The FTC provides information about mobile app privacy and security for consumers.

If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint webpage.

Information for App Developers

Developers can use 1upHealth APIs to create applications that interact with Medica Central Insurance Company electronic health data including clinical and claims data via the FHIR standard. 1upHealth provides a common RESTful API across 10,000+ health centers within their growing network.

1upHealth's API fully supports HL7® Fast Healthcare Interoperability Resources (FHIR ®) Release 4.0.1 and OpenID Connect Core 1.0.  The API provides rich programmatic access to electronic medical record data for patients and the companies and institutions who serve them. The available data includes patient demographics, labs, medications, observations, procedures, allergies and much more. The 1upHealth platform is HIPAA compliant.  

1upHealth supports all FHIR® R4 resources defined in the HL7v2 Specification. The HL7® FHIR R4 specification defines more than a hundred types of data that are the basis of interoperability for healthcare use cases. Some commonly used FHIR resources include Patient, Encounter, ExplanationOfBenefit, and Provider.

Each type of FHIR resource is represented by a table. Each row in the table represents a single resource of that type.

You can find a complete list of all of the available FHIR resources and information about how to use them in the HL7 FHIR R4 Resource Index.

1upHealth's HL7 specifications and FHIR resource information

Additional OpenID Connect specifications

Sample cURL requests and other example queries


You can get started for free with 1upHealth's developer tier.

Login or create a Developer Account