Skip to content
HEALTHeLINK™

Keeping Data Safe

Protecting patient privacy is of utmost importance to us. Learn more about our current policies.  

Policies & Procedures 

June 4, 2024 – Notice to HEALTHeLINK Participants

Please take note that the Operating Committee of HEALTHeLINK has approved revisions to the HEALTHeLINK Privacy and Security Policies and Procedures effective June 28, 2024. This Notice is given pursuant to Sections 2.3, 3.4, and 3.5 of the Participation Agreement Terms & Conditions, which, among other requirements, provides for 30 days’ notice to all HEALTHeLINK Participants prior to the effective date of any changes to the Privacy and Security Policies and Procedures. For convenience, the following is a summary of some of the more substantive changes to the policies:

Security Policies: Restructured to conform policies to the NIST 2.0 framework. Restructuring allows for a comprehensive and concise policy set that will continue to meet HEALTHeLINK program requirements. External requirements (i.e., SHIN-NY) remain within the policy set.

You can view the CURRENT (2023) HEALTHeLINK Privacy and Security Policies and Procedures AND the REVISED (2024) HEALTHeLINK Privacy and Security Policies and Procedures.

——————————————————————————————————————————————————–

Protecting patient privacy is of the utmost importance to HEALTHeLINK. We have developed privacy and security policies and procedures that consider the patient’s rights and concerns. Review the current HEALTHeLINK Privacy and Security Policies and Procedures

Terms & Conditions 

In addition to the policies, the Terms & Conditions provide additional participant rights and obligations related to their participation with HEALTHeLINK. These are attached to the Participation Agreement that every participating entity signs prior to supplying data to or accessing data from the exchange.  Review the current Terms and Conditions and Business Associate Agreements.

External Networks 

HEALTHeLINK has an agreement to exchange data with an external network called the eHEALTH Exchange. This network enables the secure exchange of patient data between HEALTHeLINK and providers authorized to access patient data via the eHEALTH Exchange. The Data Use and Reciprocal Agreement (DURSA) governs the exchange of information via the eHEALTH Exchange.  Review the Data Use and Reciprocal Agreement. 

Access to Minor Data 

Participating providers can securely access patient health information data through HEALTHeLINK for minor patients 10 – 17 years of age. Access to the data requires a parent or legal guardian to sign an affirmative HEALTHeLINK patient consent form on behalf of the minor patient. Consent forms can be collected on minors 10 – 17 years of age and with that consent their doctors can get access to their clinical data through HEALTHeLINK.  

Please note that this record may contain minor consented information about services protected under New York State Law and may not be re-disclosed to the minor’s parent or guardian without the minor’s written consent. Such services include but may not be limited to reproductive health services, mental health or substance use treatment, HIV testing and STD treatment or services consented to by an emancipated minor.  

For information on any of our policies and procedures, please contact HEALTHeLINK at 716-206-0993.