Health Information Access

Patient Access API

Getting your health information is getting easier through YCCO’s Interoperability Application Programming Interface (API).

You have the ability to access records from your coordinated care organization, Yamhill Community Care, through an app on your phone, computer or other device.

These records may include information about:

Health care services and their costs
Clinical data, such as medications
Providers you have seen: Their name, specialty and contact information

View this helpful infographic to learn more

As a member of YCCO you now have direct access to your health information through our partnership with 1upHealth.

With your consent, your personal health information can be shared with 3rd party applications (apps) that you select.

How do I sign up?

1) Visit 1upHealth 3^rd party applications App Gallery for health plan members.

AND

2) Select and Download one of 1upHealth’s approved apps from the Apple (IOS) Store or Google Play store to your mobile device to set up an account.

Note: You can pick and download any of the 3rd party apps approved on the 1upHealth registry onto your smart phone or visit their website to set up an account online. Follow the instructions presented to create a unique user account and consent to share your information with one or more 3rd party apps.

Before you sign up, make sure to read the important information below about health information privacy and safety.

Is my information safe and private?

It is important to know that while 1upHealth allows you to share important health information with the click of a button, it also connects your health information to 3rd party apps.

3rd party apps are not required to follow the same State and Federal rules that we do as a Coordinated Care Organization (CCO).

If the app’s privacy policy does not clearly answer the following questions, or you don’t feel comfortable with the answers given, think about finding another app to use.

What health data will this app collect?
Will this app collect non-health data from my device, such as my location?
How will this app store my data? Will it also use my personal information such as name and date of birth? Will my data be anonymous?
How will this app use my data?
Will this app sell my data for any reason, such as advertising or research?
Will this app share my data for any reason? If so, who will get my data, and why?
Can I limit how this app uses and shares my data? If so, how?
How will this app protect my data and keep it secure?
If I use this app for my health data, would it affect others, such as my family members?
Can I view and correct data collected this app? If so, how?
Can I send complaints about the app? If so, how? Does the app developer respond to complaints?
If I want the app to stop accessing my data, can I stop it? If so, how?
If I stop access, will the app delete my data?
If I want to delete the app, how do I make sure my data is also deleted?
Does the app notify users about changes to the app? If so, do the notices include changes that could affect the app’s privacy or security?

If the app’s privacy policy does not clearly answer these questions, you should consider using a different app.

Health information is very sensitive information, and you should be careful to choose apps with strong privacy and security standards to protect it.

Learn about the Health Insurance Portability & Accountability Act (HIPAA)

The HIPAA Privacy and Security rules enforce protect individuals’ medical records and other personal health information. The U.S. Department of Health and Human Services (HHS) Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules, and the Patient Safety Act and Rule.

You can find more information about member and patient rights under HIPAA and who is obligated to follow HIPAA here:

Your Rights Under HIPPA

HIPPA FAQ Facts for Individuals

Are third-party apps covered by HIPAA?

Most third-party apps are not covered by HIPAA. Most third-party apps fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers here:

How Websites & Apps Collect & Use Your Information

What should a member do if they think their data has been breached or an app has used their data inappropriately?

Individuals can file a complaint with OCR under HIPAA

Individuals can file a complaint with the OCR using the OCR complaint portal

Individuals can file a complaint with FTC

What 3rd party apps can I use to access my health information?

You can view the list of 3rd party apps registered with 1upHealth within 1upHealth Registry. View the list of 3rd party apps registered with 1upHealth and confirm which apps you’d like to share your health information.

1up Health Plan Member Page

This page describes the CMS Patient Access API Mandate for Health Plan members, why it is a benefit to members, and outlines support channels for issues with sharing member data with 3rd party apps.

1up Health Plan Member Page

How to Make a Complaint About Share Health Information

If your health information was shared without your permission, you have the right to make a complaint. But first, ask these questions.

Is the business required to protect my health information?

The U.S. Department of Health & Human Services website lists who is and isn’t required to protect your health information.

Who is required? Health care providers, health plans, and other businesses who support health care treatment, payment and operations for providers and plans.
Who is not required? Businesses that do not manage health care, such as employers, life insurers, schools, law enforcement agencies, and state/local government agencies that do not provide health care services or coverage. Most third-party apps will not be covered by HIPAA.

Is the business a provider, clinic, health plan or other medical organization?

The Oregon Health Authority and health plans each have their own Notice of Privacy Practices that explains how they will use your health information.

OHA’s Notice of Privacy Practices

YCCO’s Privacy Policy

If you don’t agree with how your information was shared, you can file a complaint with the federal Office of Civil Rights:

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) investigates complaints against people and organizations who follow HIPAA rules, like providers and health plans. You can find more information about patient rights under HIPAA on the OCR website.

If you feel your health care information was shared in error, file a health information protection complaint with OCR.

Is the business a third-party app, website, or other business?

Most third-party apps are not covered by HIPAA. Instead, the FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, even though the app’s privacy policy says it will not do this).

The Federal Trade Commission (FTC) investigates online security violations, fraud, and bad business practices.

Questions about information provided through your app?

If you want to correct information in the health records you view on your app please contact us at info@yamhillcco.org or call customer service at 1-855-722-8205.

Frequently Asked Questions (FAQs) for Health Plan Members

Visit 1UpHealth FAQs for Health Plan Members

Payer to Payer API

Yamhill Community Care (YCCO) is working to make it easier for your health information to follow you if you change health plans.

Starting in early 2027, YCCO will support a secure process that allows your health information to be shared between your old health plan and your new one. This means that important information—such as medications and past care—can be safely transferred for up to the last five years, when available.

Your health information will only be shared if you choose to allow it. This is called “opting in.” Your information is not shared automatically, and you can choose to opt in or opt out at any time.

Your health information is shared securely and only for the purpose of supporting your
care.

Provider Access API

Starting in early 2027, Yamhill Community Care (YCCO) will securely share certain health information with in-network providers to support your care. This may include claims, encounters, and prior authorization information. Payment details are not shared.

Having this information helps your providers better understand your health history, avoid unnecessary repeat tests, and support better care decisions.

You are included in this data sharing by default, but you can opt out at any time. Your information is only shared with in-network providers involved in your care and is protected by privacy and security safeguards.

Prior Authorization API-Coming Soon

Prior Authorization Metrics for Medical Items and Services (Excluding Drugs)

To comply with the CMS Interoperability and Prior Authorization final rule, YCCO is required to annually report aggregated prior authorization metrics on our website. Specifically, this includes a list of all medical items and services (excluding drugs) that require prior authorization, as well as data on prior authorization requests for those items and services (e.g., approvals, denials, etc.) over the previous calendar year. Publicly reporting these metrics promotes transparency and accountability, helps patients understand prior authorization processes, and enables providers to evaluate payer performance. In addition, metrics can be used to compare plans, programs, and payers. For questions on the data below, contact: info@yamhillcco.org or call customer service at 1-855-722-8205.

Reporting Period: 2025

These are the medical items and services for which we require prior authorization (excluding drugs): Prior Authorizations

YCCO CY2025 Prior Auth
Approval Rate and Timeliness

Prior to January 1, 2026, impacted payers are required to send prior authorization decisions within the following timeframes:

7 calendar days for standard requests (non-urgent)
For MA plans and applicable integrated plans, 72 hours for expedited requests (urgent) and 14 calendar days for standard requests (non-urgent)
For state CHIP FFS programs, 14 days for standard requests (non-urgent)
For Medicaid managed care plans and CHIP managed care entities, 72 hours for expedited requests (urgent) and 14 calendar days for standard requests (non-urgent)
For QHP issuers on the FFEs, 72 hours for expedited requests (urgent) and 15 days for standard requests (non-urgent)

There are no Medicaid FFS program required timeframes for either type of prior authorization request prior to January 1, 2026, and there are no CHIP FFS program required decision timeframes for expedited prior authorization requests prior to January 1, 2026.

Beginning January 1, 2026, the CMS Interoperability and Prior Authorization final rule requires Medicaid managed care plans to send prior authorization decisions within:

72 hours for expedited requests (urgent)
7 calendar days for standard requests (non-urgent)

Have Questions or Need Assistance?

All members have a right to know about and use our programs and services.

We give these kinds of free help:

Sign language
Spoken language interpreters
Materials in other languages
Braille, large print, audio, and any way that works better for you

If you need help or have questions, please call Customer Service at 855-722-8205.

For information on certified Health Care Interpreters call Customer Service at 855-722-8205. If you need an interpreter at your appointments, tell your provider’s office that you need an interpreter and for which language.