Policies & Procedures
November 22, 2024 – Please take note, the Operating Committee of HEALTHeLINK has approved revisions to the HEALTHeLINK Privacy and Security Policies and Procedures effective December 23, 2024. This Notice is given pursuant to Sections 2.3, 3.4, and 3.5 of the Participation Agreement Terms & Conditions, which, among other requirements, provides for 30 days’ notice to all HEALTHeLINK Participants prior to the effective date of any changes to the Privacy and Security Policies and Procedures.
You can view the CURRENT (2023) HEALTHeLINK Privacy and Security Policies and Procedures AND the REVISED (2024) HEALTHeLINK Privacy and Security Policies and Procedures.
For convenience, the following is a summary of some of the more substantive changes to the policies:
Glossary – Changes to align with SHIN-NY definitions.
The addition of:
- Statewide Consent Date
- Statewide Form of Consent
P03 Authorized User Access – A number of changes to align HEALTHeLINK policies and procedures with the SHIN-NY Policy.
The change of:
- Authentication – The Participant is now required to verify the identity of their Authorized Users. HEALTHeLINK is also required to verify the identity of their personnel.
- Community-Based Organizations Not Subject to HIPAA – CBOs not subject to HIPAA are now allowed to Access patient data in HEALTHeLINK with affirmative consent and minimum necessary standards.
P04 Patient Consent – A number of changes to align HEALTHeLINK policies and procedures with the SHIN-NY Policy.
The change of:
- Disclosures to DOH – Clarification that PHI may be shared with DOH without affirmative consent to evaluate services or initiatives, to determine trends, or to coordinate care under the state Medicaid program.
Statewide Consent Form Technical Changes – Making room in policy for the upcoming Statewide Consent initiative.
——————————————————————————————————————————————————–
Protecting patient privacy is of the utmost importance to HEALTHeLINK. We have developed privacy and security policies and procedures that consider the patient’s rights and concerns. Review the current HEALTHeLINK Privacy and Security Policies and Procedures.
Terms & Conditions
In addition to the policies, the Terms & Conditions provide additional participant rights and obligations related to their participation with HEALTHeLINK. These are attached to the Participation Agreement that every participating entity signs prior to supplying data to or accessing data from the exchange. Review the current Terms and Conditions and Business Associate Agreements.
External Networks
HEALTHeLINK has an agreement to exchange data with an external network called the eHEALTH Exchange. This network enables the secure exchange of patient data between HEALTHeLINK and providers authorized to access patient data via the eHEALTH Exchange. The Data Use and Reciprocal Agreement (DURSA) governs the exchange of information via the eHEALTH Exchange. Review the Data Use and Reciprocal Agreement.
Access to Minor Data
Participating providers can securely access patient health information data through HEALTHeLINK for minor patients 10 – 17 years of age. Access to the data requires a parent or legal guardian to sign an affirmative HEALTHeLINK patient consent form on behalf of the minor patient. Consent forms can be collected on minors 10 – 17 years of age and with that consent their doctors can get access to their clinical data through HEALTHeLINK.
Please note that this record may contain minor consented information about services protected under New York State Law and may not be re-disclosed to the minor’s parent or guardian without the minor’s written consent. Such services include but may not be limited to reproductive health services, mental health or substance use treatment, HIV testing and STD treatment or services consented to by an emancipated minor.
For information on any of our policies and procedures, please contact HEALTHeLINK at 716-206-0993.