Skip to main content

Electronic Health Record System API application programming

Adult Behavioral Health provides support with Behavioral Health for Residents.

About this service

This page provides interoperability and data API information for Marin County Behavioral Health and Recovery Services (BHRS). It explains how Marin BHRS supports third-party API connections and FHIR APIs, and provides educational information to help members understand privacy, security, and complaint options when using third-party health applications.

Marin BHRS provides these interoperability capabilities in alignment with the CMS Interoperability Rule, including the Patient Access Final Rule and Prior Authorization Final Rule, and DHCS Behavioral Health Information Notice 23-032. Marin BHRS collaborates with CalMHSA to provide third-party API connections through CalMHSA Connex, a county behavioral health-focused health information exchange.

Who this service is for

This service is for:

  • Members interested in accessing Marin County BHRS interoperability and FHIR APIs
  • Third-party application developers and organizations seeking API connections through CalMHSA Connex
  • People who want information about the Marin County BHRS Provider Directory API
  • Clients and caregivers who want to understand privacy and security considerations when using third-party health applications
  • People who need information about HIPAA, health information privacy rights, and complaint processes

Details

Interoperability and data API information

Marin County Behavioral Health and Recovery Services provides interoperability capabilities and FHIR APIs through CalMHSA Connex. The current BHRS page directs users to CalMHSA Connex APIs – California Mental Health Services Authority for more information or to request access to Marin County BHRS interoperability and FHIR APIs. It also directs users to Swagger UI for the Marin County BHRS Provider Directory API.

Links to include on this page:

Member educational resources

Privacy and security

Marin BHRS states that it protects the privacy and security of health information through compliance with DHCS, federal, and state privacy and data-sharing requirements; regular audits; secure internal health data practices; HIPAA-compliant vendor communications; multifactor authentication; layered software security monitoring; vendor security assessments and clearances; disaster and data loss recovery planning; and secure network communication protocols.

Understanding third-party application privacy and security

Marin BHRS provides educational resources so members can better understand how to protect their health information when using third-party applications. The current page points users to resources on understanding third-party app privacy practices, FTC oversight of mobile and third-party health apps, and HHS guidance on member access rights and third-party app APIs.

HIPAA-covered entities, non-covered entities, and oversight agencies

HIPAA applies to covered entities that handle protected health information, including healthcare providers that transmit health information electronically, health plans, healthcare clearinghouses, and business associates that handle health information on behalf of covered entities. The current BHRS page gives examples such as hospitals, doctors’ offices, clinics, dentists, psychologists, chiropractors, nursing homes, pharmacies, health insurance companies, HMOs, Medicare, Medicaid, third-party administrators, IT service providers for health information systems, billing companies, and legal or accounting firms with access to health information.

The page also explains that some entities generally are not covered by HIPAA, including employers acting only in an employment role, life insurance companies, workers’ compensation carriers, most schools, personal health app developers that are not connected to providers or health plans, research institutions without healthcare provider roles, and some non-healthcare providers unless they otherwise meet HIPAA criteria.

For general consumer guidance on HIPAA, the page points users to HHS consumer guidance materials.

Oversight responsibilities

  • Office for Civil Rights (OCR) — part of the U.S. Department of Health and Human Services, which enforces HIPAA privacy and security rules for covered entities, investigates complaints, and conducts audits
  • Federal Trade Commission (FTC) — helps enforce privacy and security standards for non-HIPAA-covered entities such as mobile health apps and health-related websites and addresses deceptive or unfair practices

How to submit complaints

If someone believes a HIPAA-covered entity or its business associate violated health information privacy rights or another HIPAA privacy, security, or breach notification requirement, the page directs them to file a complaint with OCR. The page also includes OCR email and phone contact information and notes that written complaints may be mailed to the appropriate OCR regional office.

If the concern involves a non-HIPAA-covered entity, the page directs users to the FTC complaint process and also provides the FTC Consumer Resource Center phone number.

County privacy notice

The County of Marin Notice of Privacy Practices explains that HIPAA requires the County to keep personal medical and treatment information private, explains how protected health information may be used or disclosed, describes privacy rights, and provides contact information for the County Privacy Officer. The notice says it is available in other languages and alternate ADA-compliant formats.

County of Marin Notice of Privacy Practices

Additional information

Behavioral health contact numbers

Related

Page last updated on May 7, 2026.

Was this page helpful?