This page, MassHealth Patient Access Application Programming Interface, is offered by
MassHealth

MassHealth Patient Access Application Programming Interface

MassHealth may be able to share certain health care information with you through a third-party app. Learn more about what this means for you.

Important: MassHealth did not create the third-party apps discussed on this web page and wants you to be able to make an informed decision about using them. If you choose to use a third-party app to access your health care information, MassHealth will provide your health care information to that app through a Patient Access Application Programming Interface (API). It’s up to you to decide if you want to use a third-party app, and which third-party app you choose. MassHealth does not endorse or recommend one third-party app over another. MassHealth is not responsible for your use of a third-party app and is not responsible for any outcomes from that use.

Skip table of contents

You skipped the table of contents section.

What is a Patient Access Application Programming Interface (API)?

On May 1, 2020, Centers for Medicare & Medicaid Services (CMS) issued the Interoperability and Patient Access Final Rule. This rule gives you the option to access your own health care information on a third-party application (third-party app) of your choice.

An API is a connection between computers or software programs that allows them to talk to each other. For example, an API makes it possible to use a third-party app on your phone to check your bank account. The Patient Access API lets MassHealth securely share your health information with a third-party app you choose.

MassHealth can share certain health care information with you through a third-party app. This includes:

Personal information about you. This may include your name, address, phone number, email, date of birth, Social Security Number (SSN), and other personal information about you
Information about services you received previously from a MassHealth provider. This includes diagnosis and procedure codes and insurance payments made on your behalf and the amount you paid
List of providers and organizations involved in your care
Information about outpatient drugs covered by MassHealth
Your insurance information

You should be able to see your health care information that MassHealth maintains as far back as January 1, 2016. If you enrolled into MassHealth after January 1, 2016, you should be able to see your information back to your date of enrollment.

HIPAA

HIPAA is the Health Insurance Portability and Accountability Act. This is a federal law that says MassHealth can’t share your health information unless it is for health care treatment, payment or operations, or other reasons required or allowed by law.

The U.S. Department of Health and Human Services Office for Civil Rights (OCR) enforces HIPAA regulations. Find more information about your rights under HIPAA and who needs to comply with HIPAA.

If you need, you can file a complaint with OCR regarding HIPAA.

Apps and privacy enforcement

Third-party apps are generally not regulated by HIPAA. A third-party app that publishes a privacy notice should comply with the terms of its notice. However, they are generally not subject to privacy laws. Once you allow your data to be shared with a third-party app, MassHealth is no longer responsible for the privacy and security of that data.

The Federal Trade Commission Act protects against unfair or deceptive acts. For example, an app that violates the terms of its privacy notice is subject to the authority of the Federal Trade Commission (FTC). The FTC provides information about mobile app privacy and security for consumers.

If you believe a third-party app inappropriately used, disclosed, or sold your information, you should contact the FTC. Use the FTC complaint assistant to file a complaint.

Who can access health care information with a third-party app

Current MassHealth members and their representatives

You may access a member’s health care information at any time through a third-party app if you are:

A currently enrolled member, or
A currently enrolled member’s personal representative, parent, legal guardian, or authorized representative designee

New MassHealth members and their representatives

New MassHealth members and their personal representative, parent, legal guardian, or authorized representative designee may access their health care information with a third-party app after they have been enrolled with MassHealth for seven calendar days.

Previous MassHealth members

If you were enrolled in MassHealth within the past year, you, your personal representative, parent, legal guardian or authorized representative designee, may access your MassHealth health care information with a third-party app.

If you were enrolled in MassHealth more than one year ago, you will not be able to access your MassHealth health care information with a third-party app. Example: If the last time you were an enrolled MassHealth member was March 31, 2025, then you would be able to access your MassHealth health care information via a third-party app, up to and including March 31, 2026. On April 1, 2027, you would no longer be able to access your MassHealth health care information via a third-party app.

Personal representatives or authorized representative designees will not be able to access health care information for a deceased MassHealth member via a third-party app. Please see MassHealth Member Records Request to request a record.

How to get your health care information with a third-party app

The amount of health care information that a third-party app can access through the MassHealth Patient Access API may depend on how you are receiving MassHealth services.

As a reminder, if you were enrolled in MassHealth more than one year ago, you will not be able to access your MassHealth health care information with a third-party app.
If you are enrolled in a managed care organization, such as a Senior Care Options (SCO), OneCare, an Accountable Care Partnership Plan (ACPP), or a Managed Care Organization (MCO), you should work primarily with your health plan to access the your health care information through a third-party app. Depending on the managed care entity you are enrolled in, additional health care information may be available through the MassHealth Patient Access API, such as information about dental or vision services.
If you are enrolled in the Massachusetts Behavioral Health Partnership (MBHP), the Primary Care Clinician Plan (PCC Plan), or a Primary Care Accountable Care Organization (PCACO), you may use the MassHealth Patient Access API to access most of your health care information through a third-party app. You may be able to access additional health care information through a third-party app by using the MBHP Patient Access API, such as information about behavioral health services.
If you are not enrolled in any of the organizations or plans mentioned above, you may use the MassHealth Patient Access API to access your health care information through a third-party app.

Learn more about each MassHealth Health Plan.

Please note: If you are enrolled in a health plan, you may need to use one third-party app or account to view your health care information available through the MassHealth Patient Access API, and a separate third-party app or account to view your health care information available through your health plan’s Patient Access API.

How to access your health care information

The exact steps to allow a third-party app to access your health care information may vary from app to app. The general process is below.

Step 1: Choose the app that you want to use to get your health care information.

There are a variety of third-party apps that may be able to access your health care information if you grant them permission. Some apps have already established a connection with MassHealth systems. A current list of these is at the bottom of this page. You may be able to get your health care information very quickly after you grant permission. If you want to use an app that is not listed on the list below, see the instructions at the bottom of this web page.

Step 2: Review the app’s privacy policy and terms of service carefully.

Before you agree to share your health care information with a third-party app, it is important to think about how the app might use it. Ask yourself these questions.

What health data will this app collect?
How does the app protect my data?
How will this app use my data?
Will the app sell my data or use it for advertising or research?
Will the app share my data with others? If so, with whom? For what purpose?
Will this app disclose my data to third parties?
How do I limit the app’s use and disclosure or my data?
Will this app collect non-health data from my device, such as my location?
What security measures does this app use to protect my data?
Is my data de-identified when it is stored?
What is the app's policy to delete my data once I no longer want to use the app? Do I have to do more than just delete the app from my device?
How would this app inform me of changes that could affect the app’s privacy practices?
Could sharing my data with this app have an impact on others, such as my family members?
Does the app have a process for collecting and responding to user complaints?
How can I access my data and correct inaccuracies in data retrieved by this app?

If the third-party app’s privacy policy does not clearly answer these questions, you may want to reconsider using the app to access your health care information. Health care information is very sensitive information. You should be careful to choose apps with strong privacy and security standards to protect it. MassHealth does not control what a third-party app does with your data. Always review the app’s privacy policy and only choose third-party apps you trust.

Step 3: Agree to the third-party apps privacy policy and Terms of Service.

It’s up to you to decide if you agree to a third-party app’s privacy policy and Terms of Service. You are encouraged to only agree to an app’s privacy policy and Terms of Service if you feel comfortable with how they will access, use, and store your data.

Step 4: Give the third-party app information to help them access your health care information.

The app will ask for the following information to access your health care information.

Your full name
Your date of birth
Your MassHealth member ID
Your zip code
A valid, unique email address

Step 5: The app will connect with MassHealth systems to collect your health care information.

If the third-party app already has access to MassHealth systems, this may take a few minutes. If the third-party app does not yet have access to MassHealth systems, this may take some time.

Step 6: Verify that your health care information is correct.

If you believe that health care information is missing from the third-party app, contact the app developer using available support or outreach tools available on their platform. They will work with MassHealth to resolve any errors. The app developer will guide you through the process.

How to stop allowing an app to access your health care information

You will need to work with the third-party app to identify the process to remove your health care information from their records. Before agreeing to share your health care information with a third-party app, you should read all the app’s available privacy policies to make sure you feel comfortable with how your health information is used, how long it will be kept, and what steps you can take to delete it if you choose to stop using the app.

Third-party apps that currently have access to MassHealth systems

The following third-party apps have access to the MassHealth Patient Access API. You can use them to access your health care information. MassHealth does not endorse or encourage use of a specific app and provides the list below only as a helpful reference for MassHealth members.

MyFlexpa

This list was updated on 1/1/2026.

If you want to use a third-party app that is not listed above, you may need to contact the app developers to request that the app gain access to MassHealth systems. Some apps may have a request form for this. For other apps, you may need to use publicly available contact information to get in touch with the app developers. It is the app developer’s responsibility to establish a connection with MassHealth. No action will be required on your part. Please note that it may take some time for an app to establish a new connection with MassHealth.

An additional list of apps that you may be able to use to get your health care information once you have authorized their access, can be found on the CARIN Alliance website.

Members should note that, consistent with the HIPAA Rules, MassHealth may deny or remove third-party app access to the Patient Access API. MassHealth may not allow an app to connect or remain connected to the API should the app present an unacceptable level of risk to the security of personal health information (PHI) on MassHealth’s systems based on objective and verifiable criteria. MassHealth may remove the third-party app’s access to the Patient Access API without prior warning if an event occurs that results in an unacceptable level of risk to the security of PHI on MassHealth’s systems. If a member can’t use an app because it’s not allowed to connect or has been removed, they are encouraged to select an alternative app.

Information for third-party app developers

Use the links below to navigate to MassHealth’s Patient Access API Developer Portal and Implementation Guide. Third-party app developers can use the Developer Portal to request to establish a connection with MassHealth’s Patient Access API.

Developers should note that, consistent with the HIPAA Rules, MassHealth may deny or remove third-party app access to the Patient Access API. MassHealth may not allow an app to connect or remain connected to the API if it would present an unacceptable level of risk to the security of personal health information (PHI) on MassHealth’s systems based on objective and verifiable criteria. MassHealth may remove the third-party app’s access to the Patient Access API without prior warning if there is an event that results in an unacceptable level of risk to the security of PHI on MassHealth’s systems. After conducting additional outreach, MassHealth may reinstate a third-party app’s access to the Patient Access API if MassHealth can determine that doing so would not cause an unacceptable level of risk to the security of PHI on MassHealth’s systems.

Developer Portal

Learn More about Developer Portal

Patient Access Implementation Guide

Learn More about Patient Access Implementation Guide

Date published:	December 31, 2025

Help Us Improve Mass.gov with your feedback

Did you find what you were looking for on this webpage?

Yes

If you have any suggestions for the website, please let us know. How can we improve the page?

Please do not include personal or contact information.

The feedback will only be used for improving the website. If you need assistance, please For help on some common issues, see here.. Please limit your input to 500 characters.

Please remove any contact information or personal data from your feedback. You will NOT get a response.

If you need assistance, please For help on some common issues, see here..

Please let us know how we can improve this page.