Interoperability and Patient Access

Federal interoperability rules make it easier for Clever Care members to safely view, download, and share their health information using a third‑party app. These rules use tools called Application Programming Interfaces (APIs) that help different computer systems connect.  This means you and your Clever Care providers can get the information you need, right when you need it- helping you stay informed and take charge of your health.

What’s available now (2026): You can use third‑party health apps to access your claims, encounters, and certain clinical data we maintain. Clever Care will follow new federal timelines and transparency for prior authorization decisions.

Prior Authorization Timelines & Transparency (effective 2026)

• Decision timeframes: Standard requests within 7 calendar days; expedited requests within 72 hours (non‑drug services).
• Denial explanations: Every denial includes a specific reason.
• Annual metrics: We post PA metrics (e.g., volumes, approvals/denials, average decision times) on this page each year.

What’s coming Jan 1, 2027: Prior authorization details (non‑drug) will also be available through the Patient Access API; new Provider Access, Payer‑to‑Payer, and Prior Authorization APIs will go live.

No app can access your data without your permission. You decide which app to use and what it can see. How it works:

1. Pick an app
2. Connect your Clever Care account inside the app and review the app’s request to access your data. You’ll sign in and consent to share.
3. See your information (typically available no later than one business day after we receive or process it) and use the app’s tools to track your care.

What information can be available through the API?

Because federal interoperability rules require health plans to share certain information, the app will be able to access data maintained by Clever Care:

• Claims and encounter information including paid and denied claims.

• Clinical information , such as your conditions, medicines, allergies, and lab results.
• Formulary information, which shows the drugs covered by your plan.
• Part D drug information, including details about claims that have already been processed.

Privacy & security—choosing an app wisely

General information on steps the individual may consider taking to help protect the privacy and security of their health information, including factors to consider in selecting an application, including secondary uses of data, and the importance of understanding the security and privacy practices of any application to which they will entrust their health information

Clever Care is committed to helping you understand how to protect your personal health information—especially when choosing to use third-party health apps. Below you’ll find simple, easy-to-understand guidance and complaint resources, as required by federal rules for Medicare Advantage (MA) organizations.

How to Help Protect Your Health Information

Your health data is valuable, and safeguarding it starts with knowing how it may be used. Before sharing your information with an app or online service, consider the following:

• Review the App’s Privacy Policy – Choose apps that clearly explain how your data is collected, used, stored, shared, or sold. Avoid apps without a privacy policy.

• Understand Secondary Uses of Your Data – Some apps use your information for advertising, research, analytics, or may share it with other companies. Make sure you understand how your data may be used before granting access.

• Know What Permissions You’re Giving – Look closely at whether an app requests access to your device’s location, contacts, or other non-health information. Only allow access to what you feel comfortable sharing.

• Check Security Features – Look for apps that use strong protections such as encryption, access controls, and established privacy frameworks (for example, the CARIN Code of Conduct).

• Know How to Revoke Access – Before using an app, understand how to stop data sharing and request deletion of your information. Deleting an app alone may not remove its access.

If an app lacks a clear, easy-to-read privacy policy, consider choosing a different app.

How Websites and Apps Collect and Use Your Information | Consumer Advice

Your rights and choices

• You can stop sharing at any time in the app’s settings and/or by unlinking your Clever Care account.
• You can still access your information through Clever Care’s usual member tools if you prefer not to use a third-party app.

Who Is—and Isn’t—Protected by the Health Insurance Portability and Accountability Act (HIPAA)

HIPAA is a law that helps protect your personal health information and keeps it safe and private.

Not every organization that handles health-related data is required to comply with HIPAA and maintain the privacy of your data. HIPAA privacy and security rules generally applies to covered entities and its business associates and are overseen by the HHS Office for Civil Rights (OCR).

HIPAA Covered Entities include:

• Health plans (including Medicare Advantage organizations like Clever Care)
• Health care providers who transmit health information electronically
• Health care clearinghouses

Business Associates are people or companies that work with a HIPAA‑covered entity and is given access to protected health information so they can perform services such as billing, data analysis, or administrative support.

Not Typically Covered by HIPAA:

• Most third-party mobile apps
• Consumer health apps not created or controlled by a health plan or provider
• Wellness apps, fitness trackers, or technology companies operating outside healthcare

These entities are generally regulated by the Federal Trade Commission (FTC), which enforces consumer protection laws regarding privacy and security.

 Your Rights Under HIPAA | HHS.gov

How to File a Privacy or Security Complaint:

How to submit a complaint to The HHS Office for Civil Rights (OCR) and The Federal Trade Commission (FTC).

If you believe your health information privacy or your rights have been violated, you can file a complaint with one or both of the agencies listed below.

U.S. Department of Health & Human Services – Office for Civil Rights (OCR).

OCR oversees HIPAA compliance for health plans, providers, and other covered entities.

You may file a complaint if:

• You believe a HIPAA-covered entity improperly used or disclosed your health information
• Your rights under HIPAA have not been honored

File a complaint online: https://www.hhs.gov/ocr/privacy/hipaa/complaints

Federal Trade Commission (FTC)

The FTC oversees privacy and security practices of most consumer apps and non-HIPAA covered entities.

You may file a complaint if:

• A third party app misused your information
• You believe an app misled you about its privacy or security practices

File a complaint online: https://reportfraud.ftc.gov/

We’re Here to Help

If you have questions about protecting your health information, or if you’re unsure whether an app is appropriate to use, Clever Care is here to support you. We can help you understand your options so you can make informed decisions about your privacy and data sharing.

FAQs

What is “interoperability”?
It’s the ability of different systems and apps to securely access, exchange, and use data so members and providers have timely information.

Who is covered by these rules?
Medicare Advantage organizations (like Clever Care for MA/MAPD), Medicaid/CHIP programs, and QHP issuers on FFEs.

Do I have to use a third party app?
No. It’s optional. You can keep using Clever Care’s portals and standard channels to view information.

 When will prior authorization details show in my app?
For non-drug services, impacted payers must expose prior authorization data via the Patient Access API by January 1, 2027.

 How quickly does data appear?
CMS expects data to be available no later than one business day after we receive or process it, for data we maintain.