Notice to Participants
May 22, 2025 – The Operating Committee of HEALTHeLINK has approved revisions to the HEALTHeLINK Privacy and Security Policies and Procedures effective May 22, 2025. This provides for 30 days’ notice to all HEALTHeLINK Participants prior to the effective date of any changes to the Privacy and Security Policies and Procedures.
View the CURRENT (2024) HEALTHeLINK Privacy and Security Policies and Procedures AND the REVISED (2025) Privacy and Security Policies and Procedures.
2025 HEALTHeLINK Policy & Procedure Revisions: Summary Chart
For convenience, the following is a summary of some of the more substantive changes to the policies:
All Privacy Policies and Procedures and Glossary – HEALTHeLINK removed all redundancies with SHIN-NY Privacy and Security Policies and Procedures for Qualified Entities and their Participants in New York State under 10 N.Y.C.R.R. § 300.3(b)(1) (SHIN-NY Policy)
The addition of:
- Preamble P00 – Introducing Policies and Procedures and directing readers to the SHIN-NY Policy.
- P04 Patient Consent – A number of changes to align HEALTHeLINK policies and procedures with the current practice.The change of: Denial of Consent – Removal of the Yes, Except Specific Participants and the Yes, Only Specific Participants options.
Revised Terms and Conditions for the HEALTHeLINK Participation Agreement – compliant with the new Statewide Common Participation Agreement (SCPA). View the CURRENT HEALTHeLINK Terms and Conditions AND the REVISED (2025) HEALTHeLINK SCPA Terms and Conditions.
……………………………………………………………………………………………………………………………………………………..
Policies & Procedures
Protecting patient privacy is of the utmost importance to HEALTHeLINK. We have developed privacy and security policies and procedures that consider the patient’s rights and concerns. Review the current HEALTHeLINK Privacy and Security Policies and Procedures.
Terms & Conditions
In addition to the policies, the Terms & Conditions provide additional participant rights and obligations related to their participation with HEALTHeLINK. These are attached to the Participation Agreement that every participating entity signs prior to supplying data to or accessing data from the exchange. Review the current Terms and Conditions and Business Associate Agreements.
External Networks
HEALTHeLINK has an agreement to exchange data with an external network called the eHEALTH Exchange. This network enables the secure exchange of patient data between HEALTHeLINK and providers authorized to access patient data via the eHEALTH Exchange. The Data Use and Reciprocal Agreement (DURSA) governs the exchange of information via the eHEALTH Exchange. Review the Data Use and Reciprocal Agreement.
Access to Minor Data
Participating providers can securely access patient health information data through HEALTHeLINK for minor patients 10 – 17 years of age. Access to the data requires a parent or legal guardian to sign an affirmative HEALTHeLINK patient consent form on behalf of the minor patient. Consent forms can be collected on minors 10 – 17 years of age and with that consent their doctors can get access to their clinical data through HEALTHeLINK.
Please note that this record may contain minor consented information about services protected under New York State Law and may not be re-disclosed to the minor’s parent or guardian without the minor’s written consent. Such services include but may not be limited to reproductive health services, mental health or substance use treatment, HIV testing and STD treatment or services consented to by an emancipated minor.
For information on any of our policies and procedures, please contact HEALTHeLINK at 716-206-0993.