Loader

Skip to main content request-anthem-io

Loader

Skip to main content

Anthem Patient Access API Registration Request Form

This form is intended to facilitate inbound requests from application developers to register to connect with Anthem’s Patient Access API Production Environment. Under the Terms of Service described in Exhibit A, individuals holding themselves out as a developer’s authorized representative agree that their digital representations have the power to contractually obligate the developer organization.

The information captured below is for the purposes of processing this request, completing an appropriate and documented security risk analysis, and populating some of the displays that members see when they participate in the OAuth process. Any questions can be directed to InteroperabilityWorkgroup@Anthem.com.

Contact Information

Developer And Entity Information


Registrant’s Primary Business Point of Contact


Registrant’s Primary Technical/Developer Point of Contact

interoperabilityworkgroup@anthem.com,aman.nimje@carelon.com

https://www.anthem.com/japi/mail/sendEmail

Application Information

As Applicable, What Is The Application’s:

*Voluntary Attestation Workflow:

The individual completing this questionnaire should have an understanding of (1) federal and state laws and regulations applicable to the health data and the Organization offering the Application, (2) the Application’s data practices, and (3) the Application’s terms of service and privacy policy.


Completed By:


Is The Organization Offering The Application1,2


Do The Application’s Data Practices Follow The CARIN Alliance Trust Framework And Code Of Conduct1 ?


Has The Application Been Registered On The CARIN Alliance’s MyHealthApplication.com?


  1. https://www.carinalliance.com/our-work/trust-framework-and-code-of-conduct/
  2. The CARIN UX Compliance Guide, accessible via https://carinuxguide.arcwebtech.com, offers guidance for delivering education to consumers about safeguarding their health data and informing themselves about an application’s privacy practices.

Questionaire

Transparency

The Organization Includes A Publicly Accessible Link To The Application’s Privacy Policy On Its Website And Through The Application. (Optional)


The Privacy Policy Covers Collection, Use, And Disclosure Of Personal Data. (Optional)


The Privacy Policy Covers Collection, Use, And Disclosure of De-identified Information. (Optional)


The Organization Provides Updates When Privacy Policies Have Changed, And Provides Individuals With The Option To Re-Affirm Consent Or To Withdraw Consent. (Optional)


The Privacy Policy is clear about what happens to Data when Consent is re-affirmed or withdrawn. (Optional)


The Privacy Policy is clear about what happens to Data is the Application has a change in ownership or The Organization (Or Application Developer, If Different From The Organization) Goes Out Of Business. (Optional)


Questions About Data Collection

The Privacy Policy Is Clear About The Scope Of Information Collected By The Application (Optional)


The Application Only Collects Personal Data Through External Data Connections With Users’ Consent. (Optional)


The Application Only Collects Personal Data With Users’ Consent. (Optional)


After Collecting Personal Data From An External Source, The Application: (Optional)


Questions About Data Uses By The Application

The Privacy Policy Is Clear About The Scope Of Permitted Uses Of Personal Data (Optional)


The App Developer (If Different From The Organization) And All Other Third-Party Service Providers Are Contractually Obligated To Follow The Privacy Policy. (Optional)


The Organization Prohibits Uses Of Personal Data And De-Identified Information Except With Consent From The Individual. (Optional)


The Organization Collects A Separate Consent Before Marketing Third-Party Goods Or Services To An Individual. (Optional)


Questions About Disclosures Of Data To Third Parties

The Privacy Policy Is Clear About The Scope Of Permitted Disclosures, When The Application Will Collect An Informed, Proactive Consent Before Sharing A User’s Data With Third Parties And When Disclosures Are Permitted Without An Informed, Proactive Consent (For Example, As Required By Law Or In Connection With The Business Transfer). (Optional)


The Privacy Policy Requires The Application To Collect A Separate Consent If The Purpose Of Disclosure Is To Facilitate The Marketing Of Goods Or Services To The Individual. (Optional)

Data Questions

Questions About Individual Rights

The Application Supports The Right Of Users To Access Their Data. (Optional)


The Application Supports The Right Of Users To Easily Change Their Consent Options. (Optional)


The Application Supports The Right Of Users To Close Their Account And Delete Their Data And Is Clear About Situations When Data Deletion May Not Be Feasible. (Optional)


Questions About Data Security

The Organization And App Developer (If Different From The Organization) Protects Identifiable Health Information By Implementing Security Safeguards Including Encryption Of Data In Transit And At Rest And Internal Accountability Measures Such As Access Controls And Audit Logs. (Optional)


The Organization And App Developer (If Different From The Organization) Comply With Applicable Breach Notification Laws. (Optional)


The Organization And App Developer (If Different From The Organization) Use Provider Portal Credentials (Compliant With SMART On FHIR Standards) Or A Digital Identity Credential That Meets NIST Assurance Level 2. (Optional)


The Organization And App Developer (If Different From The Organization) Prohibit Re-Identification Of De-Identified/Anonymized/Pseudonymized Data. (Optional)


Questions About Accountability

The Organization And App Developer (If Different From The Organization) Comply With All Applicable Federal And State Laws. (Optional)


The App Developer Regularly Trains Its Workforce On Compliance With The Data Practices Covered By The CARIN Code Of Conduct. (Optional)

Education, Certificates and Connections

Questions About Consumer Education2

The Application Includes Educational Resources To Help Users Understand The Application’s Data Practices, And Steps They Can Take To Protect Their Privacy And The Confidentiality Of Their Personal Data. (Optional)

2.The CARIN UX Compliance Guide, accessible via https://carinuxguide.arcwebtech.com, offers guidance for delivering education to consumers about safeguarding their health data and informing themselves about an application’s privacy practices.


Questions About Certifications

In The Last 12 Months, The Application’s Data Practices Has Been Reviewed By An Independent Assessment Organization For Compliance With The Application’s Privacy Policy And AICPA Privacy Principles, And Is Documented By A Written SOC-2 Certification Report.


In The Last 12 Months, The Application’s Data Practices Have Been Certified By An Independent Assessment Organization For Compliance With The HITRUST CSF.


The Developer Will Immediately Suspend The Application’s Connections With The API Endpoints If Its Data Practices Are Not Consistent With Its Applicable SOC-2 Or HITRUST CSF Certifications.


Questions About Other FHIR-Based API Connections

The Application Has Been Approved By The U.S. Centers For Medicare And Medicaid Services For Access To Personal Data Through The CMS Blue Button 2.0 APIs.


The Application Has Been Approved By U.S. Veterans Administration For Access To Personal Data Through The VHA’s Lighthouse APIs.


The Application Is Currently Registered To Access Personal Data From Other Health Care Organizations, Through Open (Non-Proprietary) Or Proprietary FHIR-based APIs.


The Organization Or App Developer Has Not Been Permanently Banned From Connecting With The FHIR-Based APIs Of Any Health Care Organization.

Acceptance Of Terms Of Service

By typing your name and contact information in the forms below, you accept and agree to the Terms of Service in Exhibit A on behalf of the Developer entity identified above and represent you are duly authorized to do so by the Developer.

Terms Of Service For API Access

Parties To The API Access Terms Of Services:

These Terms of Services, (the “Agreement”) is entered into by and between the Party accepting these Terms of Service (“Developer”) for and on behalf of its Affiliates and [Anthem, Inc.] for and on behalf of its Affiliates health benefit plan affiliates (“API PROVIDER”). Developer and API Provider may each be referred to as a “Party” or collectively as “Parties.”

Overview

Developer is interested in accessing certain APIs offered by API Provider along with associated documentation consistent with the following terms and conditions.

Scope

By accessing or using APIs and other developer documentation and services, Developer agrees to the terms below, as well as any applicable laws and regulations (collectively, Terms).

Data Rights and Usage

IN WITNESS WHEREOF, By Developer’s use of the APIs and acceptance to these Terms of Service API Provider and Developer execute this Agreement to be effective upon acceptance of the terms by Developer