Patient FAQs


HEALTHeLINK is a collaboration among hospitals, physicians, health plans and other health care providers in the eight counties of western New York State to securely exchange clinical information to improve the quality of care, enhance patient safety and mitigate health care costs.

Founding members and funding organizations of this collaboration include Catholic Health System, Erie County Medical Center Corporation, Highmark Blue Cross Blue Shield of Western New York, Independent Health Association, Kaleida Health, Roswell Park Cancer Comprehensive Cancer Center and Univera Healthcare.

What exactly am I consenting to?

In order for health care providers involved in your care to access your medical records securely and electronically via HEALTHeLINK, authorized consent is needed. This is done through a HEALTHeLINK patient consent form. Western New York has community wide consent, where you only need to authorize your consent once and it’s registered within HEALTHeLINK.

What does it mean to me?

By consenting to allow your health care providers to access your medical information securely and electronically via HEALTHeLINK, you are giving them instant access to information that could improve the quality of your care, enhance safety, and mitigate health care costs through the elimination of duplicate testing. Your treating providers would have your most current medical information so they can make better medical decisions on your behalf.

Where does health information about me come from?

Information about you comes from places that have provided you with medical care or health insurance (“Information Sources”). These may include hospitals, physicians, pharmacies, clinical laboratories, health insurers, the Medicaid program, and other eHealth organizations that exchange health information electronically. A complete list of current Information Sources is available from HEALTHeLINK here or by calling 716- 206-0993 ext. 103.

How is my personal health information protected?

HEALTHeLINK takes the responsibility of the protection and security of patient health information very seriously and this continues to remain among its highest priorities. HEALTHeLINK uses state-of-the-art security features that include multiple levels of password protection to ensure user access is authorized and patient health information is kept private and confidential. As new security technologies are developed, we continue to enhance our efforts to keep patient health information as secure as possible. Should HEALTHeLINK or its Data Suppliers determine there is risk of possible harm to you, you will be notified in writing either by HEALTHeLINK or the Data Supplier(s).

Who is participating in HEALTHeLINK?

Clinical information from all of the hospitals in the eight counties of Western New York, as well as major independent laboratory and radiology centers and dozens of individual physician practices are available to health care providers through HEALTHeLINK. This means that if you have a test or procedure done at any of these facilities and have completed a HEALTHeLINK patient consent form, your health care providers can securely access this information. For a complete listing of health care facilities currently participating in HEALTHeLINK please click here.

Can I know who has accessed my data?

You can request a List of Disclosures which will include the Provider Office name, the date of the access, and what data was viewed. See Patient Access to Data page for more information.

Can I change my consent status at a future point?

Yes. Your consent to HEALTHeLINK can be changed at any time by simply filling out a new HEALTHeLINK patient consent form granting or denying consent and giving the signed form to your health care provider or to HEALTHeLINK.

How do I consent to HEALTHeLINK?

Consent to HEALTHeLINK can be done at any of our participating health care providers’ offices or by visiting our Patient Consent page for more information.

Can I access my records in HEALTHeLINK directly?

HEALTHeLINK is a service for your health care providers to get better access to your medical information, specifically to improve the care they provide you. This information is not currently available directly to patients through our system, however, you may request some, or all of your medical records contained in HEALTHeLINK by contacting us.  See Patient Access to Data page for more information.

What if I have a question about my information or think information in HEALTHeLINK is incorrect?

You should contact the Data Supplier who collected the result or your Primary Care Provider. You can also contact HEALTHeLINK who can provide you with contact information for that Data Supplier.

Does HIPAA protect all health information?

No. You may have heard about the Health Insurance Portability and Accountability Act (HIPAA) Privacy and Security Rules. These are federal laws that set national standards for protecting the privacy and security of health information. Health information that is kept by health care providers, health plans, and organizations acting on their behalf, such as HEALTHeLINK, is protected by these federal laws. However, you should know that there are many organizations that do not have to follow these laws.

Some examples of health information that is not covered by HIPAA include health information that patients:

  • Store in a mobile app or on a mobile device, such as a smartphone or tablet.
  • Share over social media websites or health-related online communities such as message boards.
  • Store in a personal health record (PHR) that is not offered through a health provider or health plan covered by HIPAA.

Think carefully before you post anything on the Internet that you don’t want to be made public or to be accessible by entities for purposes unrelated to your health care—do not assume that an online forum or a third-party app is private or secure.

  • Be aware that information posted on the web may remain there permanently.
  • Research third-party mobile apps, software programs that perform one or more specific functions, before you download and install any of them. Be sure to use known and trusted 3rd party apps, websites, or other services.
  • Read the terms of service and privacy notice of the mobile app to verify that the app will perform only the functions you approve and redisclose your data for purposes you approve.
  • Utilize non-profit resources like the CARIN Alliance to see if your consumer application abides by the CARIN Trust Framework and Code of Conduct.