What is the Interoperability & Patient Access Rule?

The Interoperability and Patient Access Rule (IPAR) is a federal requirement from the Centers for Medicare & Medicaid Services (CMS). It says MO HealthNet must offer a Patient Access Application Programming Interface (API), so patients can use third-party applications (apps) to easily access claims and health care information. Please review Policies and Technology for Interoperability and Burden Reduction for more information.

MO HealthNet IOX is Missouri’s implementation of the rule. It will allow MO HealthNet members to use a third-party application (app) to access their health care information from their personal phones or devices as needed.

Will my health information be protected?

The Health Insurance Portability and Accountability Act (HIPAA), requires your healthcare provider and MO HealthNet (Missouri Medicaid) to protect the privacy and security of your health information. But, most third-party apps are not covered by HIPAA. Because most third-party apps are not HIPAA-covered entities, they might not be liable for protecting your information or bound by the same rules and regulations as HIPAA-covered entities. Therefore, you should take the time to read and understand an app’s Privacy Policy and Terms of Service before giving them access to extremely personal data. It is your responsibility to read and understand their policies on how they may use or even sell your private information to other entities or organizations.

MO HealthNet is required to provide members with educational resources under IPAR. Here are some key facts about MO HealthNet IOX:

  • The recorded information you share with your providers is extremely personal and can include information about treatment for substance use disorders, mental health treatment, HIV status, and more.
  • To use the MO HealthNet IOX Solution, you must consent to giving personal data to a third-party app, including your name, social security number, Medicaid ID, and date of birth.
  • Please read all MO HealthNet IOX messages that appear during the registration process to ensure you are making an informed decision regarding the transfer of your personal data to a Third-Party App.
  • Third-party app developers and organizations are not typically Health Insurance Portability and Accountability (HIPAA) covered entities. Therefore, they may not follow the practices you would expect from a healthcare provider or payer.
  • MO HealthNet cannot protect you once you transfer your data to a third-party app.
  • You will have the ability to opt-out, if you change your mind after you have consented, but there is no guarantee the app will delete your data or stop using it for whatever their Privacy Policy allows.
  • MO HealthNet encourages you to read the app’s Privacy Policy, Terms of Service, and other provided information to ensure the app will do the best job of protecting your private health data. The key facts about MO HealthNet IOX has tips on what to look for when reviewing this policy.

How do I report a data breach?

Although third-party apps might not be HIPAA-covered, they are still required to comply with their Terms of Service, Privacy Policies, and Federal Trade Commission (FTC) protections. If you think your data has been breached or that your data was used inappropriately, please report the incident to the FTC at ReportFraud.ftc.gov or email MO HealthNet at MHD.Privacyofficer@dss.mo.gov.

Register for MO HealthNet IOX

Access the MO HealthNet IOX Interoperability Portal and follow the instructions to register.