NOTICE TO HEALTHeLINK & HEALTHeNET PARTICIPANTS

Please take note that the Operating Committee of HEALTHeLINK has approved revisions to the HEALTHeLINK Privacy and Security Policies and Procedures, the Business Associate Agreement, Participation Agreement, and Terms and Conditions effective June 27, 2022. Also, the Operating Committee of HEALTHeNET has approved revisions to the HEALTHeNET Privacy and Security Policies and Procedures effective June 27, 2022. This Notice is given pursuant to Sections 2.3, 3.4, and 3.5 of the Participation Agreement Terms & Conditions, which, among other requirements, provides for 30 days’ notice to all HEALTHeLINK and HEALTHeNET Participants prior to the effective date of any changes to the Privacy and Security Policies and Procedures. A copy of the current and revised versions of all documents are available for review below.

Current HEALTHeLINK Policies & Procedures

 

HEALTHeLINK Policies & Procedures effective June 27, 2022

 

For convenience, the following is a summary of some of the more substantive changes to the policies and procedures:

 

  • Glossary – Changes to align with SHIN-NY definitions, as well as the addition of some defined terms from the HEALTHeLINK Terms and Conditions for consistency.
  • P04 Patient Consent – A number of changes to align HEALTHeLINK policies with the SHIN-NY Policy.
    • The change of:
      • Emergency Disclosures of PHI When Treating a Patient with an Emergency Condition or “Break the Glass” – Emergency medical technicians may access SHIN-NY information during a “break the glass” incident outside of the emergency room provided the EMT only does so after determining an emergency condition exists and other safeguards are followed.
      • Disclosures to Death Investigators – Individuals working under the supervision of physicians and nurse practitioners – such as individuals in medical examiners’ and coroners’ offices – may access SHIN-NY data for purposes of determining cause of death.
      • De-Identified Data – HEALTHeLINK may disclose de-identified data so long as doing so is in keeping with the mission of the SHIN-NY, HEALTHeLINK enters into a data use agreement with the recipient that contains certain protections, and the disclosure is consistent with HEALTHeLINK’s business associate agreement.
      • Consent Process – Participants are allowed, by policy, to either send HEALTHeLINK a copy of a consent form OR retain all consent forms and be able to produce the forms upon HEALTHeLINK request.
    • The addition of:
      • Public Health Reporting and Access – HEALTHeLINK may disclose PHI without Affirmative Consent to NYS OMH for public health purposes under certain circumstances.
  • P09 Sanctions for Failure to Comply with HEALTHeLINK Privacy and Security Policies and Procedures 
    • The change of:
      • Procedures – Update wording from “harm to a patient or other person” to “reasonable expectation that the violation did or may result in harm to a patient”.
  • P15 Patient Engagement and Access – A number of changes to align HEALTHeLINK policies with the SHIN-NY Policy.
    • The addition of:
      • Requests to Correct Erroneous Information – Instructions on what HEALTHeLINK should do if erroneous data is caused by HEALTHeLINK’s data aggregation and exchange activities.
  • Security Policies – Modified policy statements to comply with HITRUST requirements.

 

  • A number of changes were made to the HEALTHeLINK Business Associate Agreement, Participation Agreement, and Terms and Conditions to align with the SHIN-NY Policy.

For convenience, the following is a summary of some of the more substantive changes to the policies and procedures:

  • P03 Sanctions for Failure to Comply with HEALTHeNET Privacy and Security Policies and Procedures – A number of changes to align HEALTHeNET policies with HEALTHeLINK policies.
    • The change of:
      • Procedures – Update wording from “harm to a patient or other person” to “reasonable expectation that the violation did or may result in harm to a patient”.