Skip to content

Patient Frequently Asked Questions

HEALTHeLINK is a collaboration among hospitals, physicians, health plans and other health care providers in the eight counties of western New York State to securely exchange clinical information to improve health outcomes and health care delivery, control costs, increase access to care and improve health equity.  

As a resource for broad health system transformation, founding organizations of this collaboration include Catholic Health System, Erie County Medical Center Corporation, Highmark Blue Cross Blue Shield of Western New York, Independent Health, Kaleida Health, Roswell Park Cancer Comprehensive Cancer Center and Univera Healthcare. 

For health care providers involved in your care to access your medical records securely and electronically via HEALTHeLINK, authorized consent is needed. This is done through a HEALTHeLINK patient consent form. Western New York has community wide consent, where you only need to authorize your consent once and it’s registered within HEALTHeLINK. 

By consenting to allow your health care providers to access your medical information securely and electronically via HEALTHeLINK, you are giving them instant access to real-time information that could improve the quality of your care, enhance safety, and mitigate health care costs through the elimination of duplicate testing. Your treating providers would have your most current medical information so they can make better medical decisions on your behalf. 

Information about you comes from places that have provided you with medical care or health insurance. These may include hospitals, physicians, pharmacies, clinical laboratories, health insurers, the Medicaid program, and other eHealth organizations that exchange health information electronically. A complete list of current data information sources is available.

The protection and security of patient health information is taken very seriously and is HEALTHeLINK’s highest priority.

HEALTHeLINK uses state-of-the-art security features to ensure user access is authorized and patient health information is kept private and confidential. As new security technologies are developed, we continue to enhance our efforts to keep patient health information as secure as possible. Should HEALTHeLINK or its data suppliers determine there is risk of possible harm to you, you will be notified either by HEALTHeLINK or the data supplier(s). 

Clinical information from all the hospitals in the eight counties of Western New York, as well as major independent laboratory and radiology centers and hundreds of individual physician practices are available to health care providers through HEALTHeLINK. This means that if you have a test or procedure done at any of these facilities and have completed a HEALTHeLINK patient consent form, your treating providers can securely access this information. A complete list of current HEALTHeLINK participants is available.

You can request a List of Disclosures which will include the provider’s office name, the date of access, and what data was viewed. See Patient Access to Data page for more information. 

Yes. Your consent to HEALTHeLINK can be changed at any time by simply filling out a new HEALTHeLINK patient consent form granting or denying consent and giving the signed form to your health care provider or to HEALTHeLINK. 

Consent to HEALTHeLINK can be done at any of our participating health care providers’ offices or by visiting our Patient Consent page for more information. 

HEALTHeLINK is a service for your health care providers to get better access to your medical information, specifically to improve the care they provide you. This information is not currently available directly to patients through our system; however, you may request some, or all your medical records contained in HEALTHeLINK by contacting us. See Patient Access to Datapage for more information. 

You should contact the data supplier who collected the result or your primary care provider.  

As part of our HEALTHeWNY initiative and population health efforts, HEALTHeLINK has developed a community dashboard to provide de-identified data (so patient privacy remains a top priority) to be able to be broken down by specific health outcome, demographics, etc. Having this data available will allow community health organizations to direct needed resources based on the location, ailment, or population, without having access to patient-specific personal health information. And as always, any use of the patient’s data for public health, and other research efforts will be done as allowed or required by the guidelines of HIPAA and NYS laws and regulation, and SHIN-NY policies.  

No. You may have heard about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These are federal laws that set national standards for protecting the privacy and security of health information. Health information that is kept by health care providers, health plans, and organizations acting on their behalf, such as HEALTHeLINK, is protected by these federal laws. However, you should know that there are many organizations that do not have to follow these laws. 

Some examples of health information that is not covered by HIPAA include health information that patients: 

    • Store in a mobile app or on a mobile device, such as a smartphone or tablet. 
    • Share over social media websites or health-related online communities such as message boards. 
    • Store in a personal health record (PHR) that is not offered through a health provider or health plan covered by HIPAA. 

Think carefully before you post anything online that you don’t want to be made public or to be accessible by entities for purposes unrelated to your health care—do not assume that an online forum or a third-party app is private or secure. 

Be aware that information posted on the web may remain there permanently. 

    • Research third-party mobile apps, software programs that perform one or more specific functions, before you download and install any of them. Be sure to use known and trusted third-party apps, websites, or other services. 
    • Read the terms of service and privacy notice of the mobile app to verify that the app will perform only the functions you approve and redisclose your data for purposes you approve. 
    • Utilize non-profit resources like the CARIN Alliance to see if your consumer application abides by the CARIN Trust Framework and Code of Conduct