Why do I need to consent to HealtheConnections?
New York State Regulations require that patient consent be obtained prior to health care providers being allowed to access Protected Health Information (PHI) and clinical data via HealtheConnections.
What happens when I sign a consent form?
When you provide consent to a hospital or physician office, you are allowing them access to all of your health information that resides in HealtheConnections.
What does it mean to me?
By consenting to allow your health care professionals to access your medical information, you are giving them instant access to information that could improve the quality of your care and could save money through the elimination of duplicate testing. It also saves you the “hassle” of having to remember the dates and specifics of previous medical tests and the prescriptions you are currently, or had previously taken. This saves you time and ensures the medical professional providing services to you has the most current, up to date information about you.
How is my personal health information protected?
Protection of your PHI is of the utmost concern at HealtheConnections. HealtheConnections uses state-of-the-art security features that include password protection to ensure authorized user access (authentications), strong encryption, and restricted access. Unlike a paper chart, every time your medical information is accessed via HealtheConnections by any user, it is logged electronically and can be audited. Authorized users are individuals who have fulfilled training requirements and whose organization has signed a participation agreement with HealtheConnections.
What about privacy and security of the information?
HealtheConnections complies with all New York state and Federal regulations and policies that are applicable to healthcare information. Each of our participating organizations are required to sign agreements and to fulfill the terms and conditions to allow authorized users of that organization to access medical records. Audits of the accesses are conducted on a regular frequency (see below).
Who is participating in HealtheConnections?
Patient data is provided to the health information exchange (HIE) by hospitals, laboratories, radiology centers, doctors’ offices, and other healthcare organizations.
To view a list of our current participating organizations, click here.
Participating organizations that contribute data to the HIE can be found here.
Can I change my consent status?
Yes. Your consent to HealtheConnections can be changed at any time by simply filling out a new consent form granting or denying consent and giving the signed form to your healthcare provider.
Can I access my personal medical record?
HealtheConnections does not provide a patient portal for patients to access their data. By providing consent to your doctor, you can contact him/her to get copies of your data.
Patients may request to see audit reports at no cost once every 12 months to view which authorized users have viewed their medical records. See below for audit report types. Contact HealtheConnections Support: 315-671-2241 x5
Any inquiries or disputes over the accuracy or integrity of a patient’s PHI should be handled through a discussion with the patient’s healthcare provider. HealtheConnections is not responsible for the accuracy or integrity of the patient data provided to the HIE.
How do I give consent for HealtheConnections?
Providing consent to HealtheConnections can be easily done at any of our participating hospitals or physician’s offices. They will present you with the HealtheConnections consent form, and you simply select your consent choice for that participating organization. You must give your consent at every participating organization at which you receive care. See Consent Example for consent selection choices.
If you want to deny consent for all Provider Organizations and Health Plans participating in HealtheConnections, you may do one of the following:
- Visit HealtheConnections’ office, located at 443 North Franklin Street, Suite 001, Syracuse, NY 13204 with photo identification and complete form B-9.1 – Community-wide Deny Consent.
- Visit your provider and complete form B-9.1 – Community-wide Deny Consent. Your provider will forward the form to HealtheConnections for processing.
Does HealtheConnections audit the access to patient data?
Yes, HealtheConnections generates daily, weekly, and monthly audit reports that are provided to their participating organizations through a secure, on-line process. HealtheConnections’ participants are required to review and attest to their audit reports, as follows:
- Daily Audits
- Break-the-Glass (BTG) report – a Break-the-Glass event is when an Authorized User gains one-time access to patient information used by a HealtheConnections participating organization in an emergency situation when the patient has selected “Emergency Only” consent or in a life-threatening medical emergency when a patient has not yet consented to that participant. Participants who have used the BTG functionality are notified on the next business day to review and attest to these events.
- Weekly Audits
- Public Health and Organ Procurement Services – public health authorities, health oversight agencies, and federally designated organ procurement organizations are allowed to view patient records without the patient’s consent for purposes of public health activities, health oversight activities, and for facilitating organ, eye, or tissue donation and transplantation. The participants that are designated as public health or organ procurement organizations are notified at the beginning of each week to review and attest to their user accesses for the previous week.
- Monthly Audits
- Patient Records Accessed report – this report includes the participating organization name, the participant’s authorized user who accessed a patient record, patient’s name, patient’s date of birth, the type of patient information that was accessed, and the date and time of access.
- Consent Sample report – this is a random sample of up to 40 affirmative patient consents that have been entered for a participating organization. In addition to validating the affirmative patient consents, the participating organization must return a copy of the patient-signed consent form for the first five (5) entries on the report.
- These reports are available to all participating organizations every month; however, each organization is only required to attest once per year.
What if I suspect my data has been accessed improperly?
There are penalties for inappropriate access to or use of your electronic health information. If at any time you suspect that someone who should not have seen or gotten access to information about you has done so, you may call your Provider’s office; or contact HealtheConnections at 315.671.2241; or call the NYS Department of Health at 518-474-4987; or follow the complaint process of the federal Office for Civil Rights at www.hhs.gov/ocr/privacy/hipaa/complaints.
Tell me about Part 2 protected health information.