KernBHRS clients have two ways to access the records created and maintained by the Department. 

Option 1: Print and complete a Request to Access or Copy Protected Health Information Form. 

Option 2: Beginning in March 2024, clients can access their records via an app on their smart devices. KernBHRS has made available a Patient Access Application Programming Interface (API) that third-party applications can interface to. The technology behind this new API meets the regulatory standards defined by the Centers for Medicare and Medical Services. 

If you are interested in using a third-party application to access your client records, there are several important factors to consider when selecting an application: 

• Security - Be sure the application utilizes strong data encryption, multi-factor authentication, and other security measures to protect your private medical information. Ask questions about their security protocols. 
• Data Access - Understand what data the application can access. Can you limit access to certain records? Are access logs are kept so you can see who viewed your records and when?
• Data Sharing - Confirm if the application has a plan to share or sell your data to another party. Ask if you can prevent your data being disclosed to anyone else. Read their privacy policies. 
• Compliance - Confirm the application is HIPAA compliant to ensure your data is managed according to strict federal privacy regulations. Request their HIPAA compliance documentation as many third-party apps are not HIPAA-covered entities. It is important that as a client, you understand what information is covered and not covered by HIPAA. 
  • Information about HIPAA and those requirements are found on the US Department of Health and Human Services website.
  • If an app is not a HIPAA covered entity it will fall under the jurisdiction of the Federal Trade Commission (FTC) and the protections provided by the FTC Act. The FTC Act, among other things, protects against deceptive acts (e.g., if an app shares personal data without permission, despite having a privacy policy that says it will not do so). The FTC provides information about mobile app privacy and security for consumers.
  • To learn more about filing a complaint with OCR under HIPAA, visit the US Department of Health and Human Services website. Individuals can file a complain with OCR using the OCR complaint portal. 
  • Individuals can file a complaint with the FTC using the FTC complaint assistant.
• User Interface - The application should have an intuitive, easy-to-use interface so you can quickly find and view relevant medical records. Try before you buy. 
• Cost - There may be fees to use the application either one-time or recurring. Make sure you are clear on all pricing details.
• Reviews - Check reviews from independent consumer sites to evaluate real customer experiences with the application and technical support. 

We recommend doing your due diligence by closely examining the privacy policies and terms of service for any third-party applications you may consider using with your personal medical information. Ensure you are comfortable with how your data will be utilized before approving access. 

 If you are a vendor of a third-party Health Information Application and would like to connect to our Patient Access or Provider Directory APIs, please visit CalMHSA Connex APIs - California Mental Health Services Authority for more information.