Connect HSA, FSA, HRA, VEBA and DCAP data from My Health Spending Assistant to your stack — under member authorization
My Health Spending Assistant is the consumer-facing companion for HealthEquity-administered consumer-driven health accounts. It exposes real-time balances, claim status, debit-card events, direct-deposit transfers and barcode-eligibility checks. We deliver authorized integrations that mirror those flows so HR platforms, expense engines, neobanks and analytics tools can treat health-benefit dollars as first-class financial data.
- Per-plan-year balances across HSA, FSA, HRA, VEBA and DCAP sub-accounts
- Claim, reimbursement, payment-status and direct-deposit transaction history
- Barcode and SKU eligibility lookups against IRS Section 213(d) and SIGIS rules
Feature modules — what each block actually does
Balance and contribution sync
A single GET /accounts/{member_id}/balances call returns the current available balance, plan-year contribution, employer match (where applicable) and run-out-period status for every sub-account. Used for payroll reconciliation and benefits dashboards that need plan-year cut-off awareness.
Claim and reimbursement history
Paginated claim records — submission method (camera upload, debit-card swipe, recurring payment), date of service, provider, eligible amount, denial reason — exported as JSON, CSV or Excel. Plugs directly into accounting close and audit packages.
Receipt and barcode eligibility
Wraps the in-app barcode scanner so that POST /eligibility/check accepts a UPC or SKU and returns an eligibility verdict, the matching IRS category, and the SIGIS list reference. Useful for retailer checkout, pharmacy benefit managers and AI shopping assistants.
Card lifecycle & direct deposit
Programmatic equivalents of the in-app "request card", "cancel card" and "set up direct deposit" flows. Card events stream over webhooks within seconds of a swipe, including merchant category code, decline reason and partial auth amounts.
HSA investment transfers
For members who clear the invest threshold, the integration exposes the cash-to-invest sweep, lot-level holdings, dividend posting and rebalance trades. Aligns with brokerage-data exports so an HSA can be modelled inside a wider portfolio view.
Member messaging and notifications
Push notifications about claim approvals, denial appeals and run-out reminders are mirrored to a server-side queue. Teams use this to drive Slack alerts, ticket routing and member-experience analytics without rebuilding consent on top.
Data available for integration
The table below maps each data type to the screen or feature in My Health Spending Assistant where it originates, the granularity available, and a typical downstream use. Together these fields cover most reconciliation, analytics and compliance needs that come up around employer-sponsored health-benefit dollars.
| Data type | Source feature | Granularity | Typical use |
|---|---|---|---|
| Member profile & sub-account list | Sign-in / "My accounts" | Per member, per plan year | Onboarding, plan-year roll-over, eligibility checks |
| Available & pending balances | "Real-time balance updates" | Per sub-account, refreshed on demand | Spend caps, payroll reconciliation, employee dashboards |
| Claim records | "File reimbursement" / "Status of a payment" | One row per claim, with line items | Audit packages, denied-claim appeals, AP exports |
| Receipts & OCR text | Camera-based receipt upload | Image plus extracted fields | Substantiation, expense automation, AI categorization |
| Barcode eligibility verdicts | In-app barcode scanner | Per UPC / SKU | E-commerce checkout, pharmacy POS, mobile wallets |
| Debit-card events | Card request / cancel / swipe | Real-time, per authorization | Fraud monitoring, MCC analytics, member alerts |
| Direct deposit & deposit history | "Set up direct deposit", "Manage deposits" | Per ACH or paycheck contribution | Treasury reconciliation, contribution forecasting |
| HSA investment activity | "Transfer HSA funds into investment" | Lot-level trades and holdings | Wealth dashboards, performance reporting, tax lots |
Typical integration scenarios
1. HRIS payroll reconciliation
An HRIS team needs to confirm that pre-tax HSA and DCAP contributions deducted in payroll actually landed in the member's sub-accounts. We pull contribution_events nightly, match them to payroll batches by payroll_run_id, and flag stuck deposits before quarter close. This maps cleanly onto the OpenFinance pattern of "consumer holds the data, employer asks under consent".
2. E-commerce HSA/FSA checkout
A direct-to-consumer retailer wants to honour HSA/FSA cards while staying inside SIGIS rules. At cart time we call POST /eligibility/check with each line item's UPC; we tag eligible items, route them through a SIGIS-compliant MCC, and stream the resulting card swipe back into card_events. This mirrors the integration patterns used by Flex with RevenueCat for HSA-eligible app subscriptions.
3. Personal-finance aggregation
A neobank already aggregates checking, brokerage and credit-card data. Adding HSA/FSA balances closes a gap that Plaid cannot fully cover. We expose balances and claim history under member-granted OAuth, then feed them into a unified ledger. The OpenData angle: the consumer is the principal and authorizes a third party to read their own benefit dollars, exactly like PSD2 in payments.
4. Telehealth and pharmacy benefits
Telehealth platforms want to estimate out-of-pocket cost in real time. We chain a balance lookup with eligibility checks against the prescribed product to show a "you can pay $42 of this $58 visit using your FSA" tile. Behind the scenes the same APIs feed claim auto-substantiation to avoid follow-up paperwork.
5. Employer benefits analytics
Benefits leaders want to know which plan designs actually get used. Aggregated, de-identified utilization data flows into a warehouse via webhook + batch export, and powers dashboards on FSA forfeiture rates, HSA invest-threshold conversion and DCAP run-out claims. This is the analytics counterpart to OpenBanking's transaction-data marketplace.
Technical implementation
Authorize a member session
POST /api/v1/mhsa/auth/session
Content-Type: application/json
X-Partner-Id: openfinance-lab
{
"member_id": "0049-...-7321",
"plan_admin": "healthequity",
"device_binding": {
"method": "biometric_pin",
"device_attestation": "<Apple/Google attested blob>"
},
"consent_scope": [
"balances:read",
"claims:read",
"claims:write",
"card_events:read",
"investments:read"
]
}
200 OK
{
"access_token": "eyJhbGciOi...",
"refresh_token": "rt_4ec1...",
"expires_in": 900,
"consent_id": "csn_2026_05_09_8821"
}
Pull balances and claim history
GET /api/v1/mhsa/accounts/{member_id}/balances
Authorization: Bearer <ACCESS_TOKEN>
200 OK
{
"as_of": "2026-05-09T13:42:11Z",
"sub_accounts": [
{"type":"HSA","available":2148.55,"plan_year":2026,"investable":true},
{"type":"FSA","available":987.10,"plan_year":2026,"runout_until":"2027-03-31"},
{"type":"HRA","available":350.00,"plan_year":2026},
{"type":"VEBA","available":1820.00,"plan_year":2026},
{"type":"DCAP","available":420.00,"plan_year":2026}
]
}
# Same auth, paginated claims
GET /api/v1/mhsa/claims?status=pending,approved&since=2026-01-01
Webhook for card swipes & claim updates
POST https://your-app.example.com/webhooks/mhsa
X-MHSA-Signature: t=1715253945,v1=8c5...f0
{
"event": "card_event.authorized",
"consent_id": "csn_2026_05_09_8821",
"card_event": {
"id": "ce_91ab",
"amount": 24.18,
"currency": "USD",
"merchant_category_code": "5912",
"sigis_eligible": true,
"sub_account": "FSA",
"occurred_at": "2026-05-09T13:41:55Z"
}
}
# Verify the HMAC signature, then upsert into your ledger.
# Reject events older than 5 minutes to mitigate replay.
Compliance & privacy
Consumer-driven health accounts sit in two regulatory worlds at once. The HHS HIPAA FAQ confirms that medical FSAs and HRAs can be HIPAA covered entities, so any integration that touches diagnosis, provider or claim-line data must operate under a Business Associate Agreement and HIPAA Security Rule controls. HSA tax treatment is governed by IRS Publication 969, while eligible-expense rules come from IRS Publication 502; SIGIS publishes the merchant and product lists used at point-of-sale.
We implement consent capture, granular scopes, encryption in transit and at rest, key rotation, and a tamper-evident audit trail. PHI never leaves the customer's chosen region. Where the deployment is U.S.-only, we additionally align with the relevant state-level privacy laws (CCPA/CPRA in California, the Colorado Privacy Act, the new Washington My Health My Data Act). DCAP data is excluded from HIPAA but still requires the same care under IRS and ERISA.
Compliance modules shipped
- Member-authorization capture and revocation API
- BAA-ready logging schema (PHI access, scope, purpose)
- SIGIS / IRS Section 213(d) eligibility rule pack
- Data-minimization toggles per scope
- Data-residency configuration (US, US-Gov, Canada)
- PHI redaction filters for analytics warehouses
Data flow / architecture
The reference pipeline is intentionally narrow so it audits well: My Health Spending Assistant client → OpenFinance Lab Ingestion API → Encrypted PHI store → Normalized OpenData layer → Customer endpoints & warehouse. Ingestion handles consent enforcement and rate limits. The PHI store is encrypted with customer-managed keys; the OpenData layer publishes the de-identified or scope-limited views that downstream products actually consume. Webhooks fan out from the same store so that real-time card events reach the customer in seconds while batch exports run nightly.
Market positioning & user profile
My Health Spending Assistant is targeted at U.S. employees enrolled in HealthEquity-administered or partnered consumer-driven health plans, primarily on Android and iOS. The user base skews B2B2C: employers (HR, benefits and finance teams) procure the underlying plan, and individual members operate the app daily. The wider mHealth backdrop is large and growing — industry estimates put the global mHealth apps market at roughly $40B in 2025 with North America holding about 30%+ share — and a 2025 Bluefin announcement around its Epic MyChart integration shows demand for HSA/FSA acceptance is moving deeper into clinical settings, not just retail. Our integrations are built for partners that need to plug into that flow without becoming a healthcare claims processor themselves.
Screenshots
Click any thumbnail to enlarge. Screenshots are served from the official Google Play CDN.
Similar apps & integration landscape
Teams evaluating My Health Spending Assistant integrations frequently work with one or more of the following apps in the same consumer-driven health-account ecosystem. Each one holds adjacent data; treating them together lets you build a unified view of HSA, FSA, HRA, VEBA and DCAP dollars across plan administrators.
HealthEquity Mobile
The flagship HealthEquity member app. Holds claim history, contribution data and HSA investment positions — a frequent companion when partners need a unified pull across multiple HealthEquity-administered employers.
Optum Financial App
Bundles HSA and FSA management with payment tools and reimbursement filing. Useful when consolidating data across United/Optum plans alongside HealthEquity-side accounts.
ExpenseTracker by HSA Store
Lets users connect retailer accounts, scan receipts and identify HSA-eligible past purchases. Pairs naturally with My Health Spending Assistant for retailer-side eligibility data.
TrackHSA
Cloud-based HSA receipt and reimbursement record-keeping. Often used by long-horizon HSA investors who reimburse themselves years after the original expense.
Silver
AI-driven categorisation of FSA/HSA-eligible items across a 200K-product catalogue with automated claim submission. Complements My Health Spending Assistant's barcode scanner with broader retail coverage.
Prosaver: HSA Receipt Tracking
AI receipt manager focused on HSA and FSA accounts. Generates the structured records that downstream auto-substantiation engines consume.
Truemed
Letter-of-medical-necessity workflow that unlocks HSA/FSA spend on wellness products. Adds a referral data type — LMNs and signed PDFs — that can sit alongside claim records.
HSA Vault
AI-powered medical expense management for HSA and FSA accounts. A typical destination for receipts exported from My Health Spending Assistant.
Medpaid
API-first HSA/FSA payments for e-commerce. Useful as the merchant-side counterpart when integrating cardholder data sourced from the consumer app.
Flex (with RevenueCat)
Brings HSA/FSA acceptance into in-app subscription flows. Often combined with consumer-side balance APIs so users see "FSA can cover this" before checkout.
About us
OpenFinance Lab is an independent technical studio focused on app interface integration and authorized API delivery. Our engineers come from U.S. health-benefits administrators, fintech infrastructure providers and protocol-analysis backgrounds, so we understand both the IRS/HIPAA framing of health-benefit dollars and the practical realities of mobile-app reverse engineering done under authorization.
- HSA / FSA / HRA / VEBA / DCAP integrations and BAA-friendly hosting
- Open Banking and Open Finance style consent and consent-revocation APIs
- Custom Python, Node.js, Go and Java SDKs plus full test harnesses
- End-to-end pipeline: protocol analysis → build → validation → compliance review
- Source code delivery from $300 — receive runnable API source code and full documentation; pay after delivery upon satisfaction.
- Pay-per-call API billing — call our hosted endpoints and pay only per request, no upfront cost.
Contact
Send the target app, the data scopes you need (balances, claims, card events, investments) and the rough volume — we will reply with a scoped quote and a sandbox plan.
Engagement workflow
- Scope confirmation — which sub-accounts, which scopes, what regions, B2B or member-facing.
- Authorization model — design the consent flow that mirrors PIN + Face ID / Touch ID device binding.
- Protocol analysis & API design — typically 2–5 business days.
- Build, internal validation and PHI handling review — typically 3–8 business days.
- Documentation, sample apps and test data — 1–2 business days.
- First delivery: 5–15 business days. Card-issuer or plan-admin approvals may extend the schedule.
FAQ
Which account types does the integration cover?
How does authentication work without storing credentials?
How long does delivery take?
How do you handle HIPAA and IRS compliance?
📱 Original app overview (appendix)
The My Health Spending Assistant app gives members of select U.S. health plans secure access to their consumer-driven health accounts — HSA, FSA, HRA, VEBA and DCAP — from a single mobile experience. It is positioned as a daily-use companion for plan members rather than as an advisor or marketplace, and is published under the package id health.spending.app.
- Scan a product's barcode to see if it is eligible for HSA or FSA reimbursement.
- Submit reimbursement forms or receipts using the device's camera.
- Sign in with Face ID, Touch ID or a secure PIN.
- See real-time balance updates across all sub-accounts.
- Check the status of a payment; make payments and file reimbursements.
- Manage deposits, request or cancel a debit card, set up direct deposit.
- Transfer HSA funds into an investment account once the invest threshold is reached.
According to the publisher, no account information is stored on the device and the app is encrypted in transit. The app is restricted to members of participating health plans; eligibility is confirmed through the plan administrator, not the app itself.