Blue Cross Blue Shield of North Dakota (BCBSND) Patient Access API

BCBSND is required to provide you with access to detailed information about your health history through a “Patient Access API.”  While you are a current member, you may access this information by downloading an Application (App) on your smart phone, tablet, computer or other similar device.  The information available through the Patient Access API includes information we collect about you while you have been enrolled in certain lines of business since January 1, 2016.  The information includes the following information for as long as we maintain it in our records:

  • Claims and “encounter” data concerning your interactions with health care providers; and
  • Clinical data that we collect in the process of providing case management, care coordination, or other services to you.  

The information we will disclose may include information about treatment for Substance Use Disorders, mental health treatment, HIV status, or other sensitive information.

It is important for you to understand that the App you select will have access to all of your information.  The App is not subject to the HIPAA Rules and other privacy laws, which generally protect your health information.  Instead, the App’s privacy policy describes self-imposed limitations on how the App will use, disclose, and (possibly) sell information about you.  If you decide to access your information through the Patient Access API, you should carefully review the privacy policy of any App you are considering using to ensure you are comfortable with what the App will do with your information. 

BCBSND requests that App developers attest to having Privacy and Security policies in place. If the App developer does not complete the attestation, we will notify the member prior to releasing his/her information.

Things you may wish to consider when selecting an App:

  • Will this App sell my data for any reason?
  • Will this App disclose my data to third parties for purposes such as research or advertising?
  • How will this App use my data?  For what purposes?
  • Will the App allow me to limit how it uses, discloses, or sells my data?
  • If I no longer want to use this App, or if I no longer want this App to have access to my health information, can I terminate the App’s access to my data?  If so, how difficult will it be to terminate access?
  • What is the App’s policy for deleting my data once I terminate access?  Do I have to do more than just delete the App from my device?
  • How will this App inform me of changes in its privacy practices?
  • Will the App collect non-health data from my device, such as my location?
  • What security measures does this App use to protect my data?
  • What impact could sharing my data with this App have on others, such as my family members?
  • Will the App permit me to access my data and correct inaccuracies?  (Note that correcting inaccuracies in data collected by the App will not affect inaccuracies in the source of the data.)
  • Does the App have a process for collecting and responding to user complaints?

If the App’s privacy policy does not satisfactorily answer these questions, you may wish to reconsider using the App to access your health information.  Your health information may include very sensitive information.  You should therefore be careful to choose an App with strong privacy and security standards to protect it.

Selecting an App and Registering

To begin the process of registering, you'll first need to select an application. To select an app, visit the Apple or Google Play stores to get started.

Once you have selected an app, choose to connect your BCBSND data. If this is your first time connecting your data to an app, you will need to create a new account. This account is separate from the account information you use to access the BCBSND member portal.

Each member on your BCBSND plan will need their own account to connect their data.

If you are a parent or guardian of a minor under age 12, an active health care power of attorney or court ordered guardianship, we need to collect more information from you before processing your request. Please stop here and call 844-363-8457 so we can assist you with your request.

For all other scenarios, including members age 12-18, the member will need to create their own account to connect their data.

Covered Entities and HIPAA Enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules.  BCBSND is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and who is obligated to comply with HIPAA here: https://www.hhs.gov/hipaa/for-individuals/index.html.  To learn more about filing a complaint with OCR related to HIPAA requirements, visit: https://www.hhs.gov/hipaa/filing-a-complaint/index.html.  You may also file a complaint with BCBSND by contacting the Customer Contact Center at 844-363-8457.

Apps and Privacy Enforcement

An App generally will not be subject to HIPAA.  An App that publishes a privacy notice is required to comply with the terms of its notice, but generally is not subject to other privacy laws.  The Federal Trade Commission Act protects against deceptive acts (such as an App that discloses personal data in violation of its privacy notice).  An App that violates the terms of its privacy notice is subject to the jurisdiction of the Federal Trade Commission (FTC).  The FTC provides information about mobile App privacy and security for consumers here: https://www.consumer.ftc.gov/articles/0018-understanding-mobile-apps.   

If you believe an App inappropriately used, disclosed, or sold your information, you should contact the FTC.  You may file a complaint with the FTC using the FTC complaint assistant: https://reportfraud.ftc.gov/#/.

Application Developer Information

If you are an application developer looking to access the BCBSND API, please visit https://apiportal.bcbsnd.com/