and Third-Party Applications

Accessing Your Health Information

The CMS Interoperability and Patient Access Rule (“The Rule”) was established by the Centers for Medicare and Medicaid Services (CMS) in May 2020. This rule applies eternalHealth members. The Rule made it simpler for eternalHealth members to access their health information. The Rule also created methods to enable members to access their healthcare information through third-party software apps.

What is Interoperability?

Interoperability is the ability for electronic systems to communicate and exchange data in the same way, which will simplify how app developers create connections to eternalHealth and your health information. Interoperability improves the efficiency of healthcare. Interoperability allows you to securely access your health information on a smartphone or other electronic device for personal use. You could show your healthcare information to your healthcare provider so any provider who’s treating you can have more information about your health history. This does not mean your information will be automatically shared: you will get to control over who has access to your data.

eternalHealth Patient Access API

Under The Rule, eternalHealth must provide a “Patient Access API.” The Patient Access API will be used to provide you with detailed information about your health information. The Patient Access API provides a method for apps to access your health information when you approve that access. Apps cannot access your data through the Patient Access API without your express permission. While you are a current eternalHealth member, you can take advantage of these capabilities by downloading an app on your smart phone, tablet, computer or other similar device and checking to see if they have created a connection to eternalHealth. If they have then you can authorize the app to access your health information. The information available through the Patient Access API includes information we collect about you while you have been enrolled in certain lines of business since January 1, 2016. The information includes the following information for as long as we maintain it in our records:
  • Claims and “encounter” data concerning your interactions with health care providers; and
  • Clinical data that we collect in the process of providing case management, care coordination, or other services to you
  • The information we will disclose may include information about treatment for substance use disorders, mental health treatment, HIV status, or other sensitive information.

What important things should you consider before authorizing a third-party app to retrieve your health data?

  • What health data will this app collect?
  • Will this app collect non-health data from my device, such as my location?
  • Will my data be stored in a de-identified or anonymized form?
  • How will this app use my data?
  • Will this app disclose my data to third parties?
  • Will this app sell my data for any reason, such as advertising or research?
  • Will this app share my data for any reason? If so, with whom? For what purpose?
  • How can I limit this app’s use and disclosure of my data?
  • What security measures does this app use to protect my data?
  • What impact could sharing my data with this app have on others, such as my family members?
  • How can I access my data and correct inaccuracies in data retrieved by this app?
  • Does this app have a process for collecting and responding to user complaints?
  • If I no longer want to use this app, or if I no longer want this app to have access to my health information, how do I terminate the app’s access to my data?
  • What is the app’s policy for deleting my data once I terminate access? Do I have to do more than just delete the app from my device?
  • How does this app inform users of changes that could affect its privacy practices?

Covered Entities and HIPAA Enforcement

The U.S. Department of Health and Human Services’ Office for Civil Rights (OCR) enforces the HIPAA Privacy, Security, and Breach Notification Rules. eternalHealth is subject to HIPAA as are most health care providers, such as hospitals, doctors, clinics, and dentists. You can find more information about your rights under HIPAA and find who is obligated to comply with HIPAA here: To learn more about filing a complaint with the OCR related to HIPAA requirements, visit You may also file a complaint with eternalHealth by contacting Member Services at 1-800-680-4568 (TTY 711).

Apps and Privacy Enforcement

Each app provider will have different policies; we suggest that you ask each app provider for their “Notice of Privacy Practices.” Additionally, note that most apps will not be covered by HIPAA, but will instead be subject to the jurisdiction of the Federal Trade Commission (FTC) and the protections offered by the FTC Act. The FTC provides information about mobile app privacy and security for consumers here: If you believe an app inappropriately used, disclosed, or sold your information, you should contact the FTC. You may file a complaint with the FTC using the FTC complaint assistant:

What should you do if you believe your health data has been breached or an application has used your data inappropriately?

If you think your HIPAA Privacy Rights have been violated, you can contact us at (888) 712-4150 toll-free, or you may contact our Privacy Office directly at the address below: eternalHealth Privacy Officer eternalHealth, Inc. 31 Saint James Ave. Suite 950 Boston, MA 02116 If you believe a HIPAA-covered entity (e.g., a doctor, hospital, or a health plan like eternalHealth) has violated your HIPAA Privacy Rights, you may file a complaint with the Office for Civil Rights (OCR). The OCR is the agency within the U.S. Department of Health and Human Services (HHS) that investigates a complaint and has the authority to enforce the HIPAA privacy and security rules. To learn more about filing a complaint, visit I Am a Third-party App Developer. How Can I Register to Use the eternalHealth’s APIs? Please email your request to and we will reach out to you with access details after verifying your credentials. Citations 42 C.F.R. § 422.119(g)
Page Last Updated On: September 27, 2022
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
This link will leave, opening a new window.
Tom Cunniffe

Tom Cunniffe

Director of Operations 

Tom Cunniffe comes to eternalHealth with over 20 years of healthcare operations’ experience, having held leadership positions in Call Center, Enrollment, Credentialing, UAT and Reimbursement teams. Tom has worked with Medicaid, Commercial and Medicare lines of business and has consistently built teams who are metrics driven with proven successful outcomes. Making sure our business strives for an efficient, best-in-class customer experience is at the center of Tom’s philosophy.

Tom has a bachelor’s degree from Fordham University and a master’s in business administration from University of Massachusetts at Amherst.

Tom Lawless

Tom Lawless

Chief Financial Officer

Tom Lawless has spent the past 20+ years building, sustaining, and growing new healthcare-related programs that balance fiscal responsibility & prudence with creativity & innovation, focusing on models of care that are novel, person-centered, and improve the social welfare of those who are served. He is very excited to continue doing so in his role as the Chief Financial Officer of eternalHealth.

Tom comes to eternalHealth from a not-for-profit, member-centric, health insurance cooperative. He helped the company continuously strive toward its dual goals of thriving financially, while keeping members at the very epicenter of its mission and service model. While there, Tom also spearheaded the creation of a brand new private, charitable foundation, which will be meaningfully giving back to those in need in the surrounding communities for years to come. Previously, Tom worked in the finance department of a successful hospice that provided high-quality care to persons experiencing their unique and poignant end-of-life journeys, assuring that the appropriate financing was always available. Tom’s career began as a civil servant in the Wisconsin Medicaid program, where he helped to create a program that expanded the institutional entitlement to care into home and community-based settings. Starting with only a blueprint in hand, the program now serves more than 57,000 frail elders and disabled adults and is considered a national model. Growing into a senior leadership role, Tom was a key architect of an innovative financing model, through which the public and private sectors successfully collaborated to better the lives of persons in great need.

Tom holds undergraduate and graduate degrees from the University of Chicago, with additional graduate work in economics completed at the University Wisconsin-Madison.

This link will leave, opening a new window.
This link will leave, opening a new window.