Policy Revisions

Please take note that the Operating Committee of HEALTHeLINK has approved revisions to the HEALTHeLINK Privacy and Security Policies effective July 1, 2018. This Notice is given pursuant to Sections 2.3, 3.4, and 3.5 of the Participation Agreement Terms & Conditions, which, among other requirements, provides for 30 days’ notice to all HEALTHeLINK participants prior to the effective date of any changes to the Privacy and Security Policies. A copy of the current and revised Privacy and Security Policies are available for review below.

Current Privacy and Security Policies

Privacy and Security Policies in effect July 1, 2018

For convenience, the following is a summary of some of the more substantive changes to the policies

  • Glossary – Change to align HEALTHeLINK definition with the SHIN-NY Policy definition for Data Supplier (previously listed as Data Source.)
  • P04 Patient Consent – Changes to align HEALTHeLINK consent policies with the SHIN-NY Policy. These include:
    • Access of De-identified Data for Specified Uses: Affirmative Consent shall not be required for HEALTHeLINK to disclose to a third party that is designing a clinical trial or other clinical research study a count of the number of patients who appear to meet the inclusion and/or exclusion criteria being considered for such clinical trial or study, so long as there is no reasonable basis to believe that the count, when combined with the qualifying criteria, can be used to identify an individual.
    • Patient Consent Transition Rules (previously omitted):
      • Use of Approval Consents
      • Reliance on Existing Consents Executed Prior to the Consent Implementation Date
      • Use of Existing Consent Implementation Date
  • P02 Amendment of Data – This policy was updated to replace Data Source with Data Supplier
  • P13 Release of Data for Research – This policy was updated to replace Data Source with Data Supplier.
  • Security Policies – Added policy statements to comply with HITRUST requirements.