for patients
Health information exchange (HIE) is the secure exchange of information across organizations and regions. HealtheConnections provides the capability to electronically move clinical information among different health care information systems.
HealtheConnections is a Regional Health Information Organization, accredited by the New York State Department of Health to operate the health information exchange (HIE) for 26 counties of New York State.
Even if you have relatively simple healthcare needs, coordinating information among your doctors can be daunting. However, through HealtheConnections, all your doctors and healthcare providers can communicate and share your health information for more coordinated care.
Now more than ever, it is critical to understand how your data is being accessed, shared, or used. HealtheConnections has the highest security standards in the country to protect your information, and your written consent is always required for a provider to access your records.
It is also important to be mindful of the mobile health apps or websites you use. Carefully review their data-sharing rules and security protocols.
LEARN MORE from our partners at the New York eHealth Collaborative
commonly asked questions
HealtheConnections manages a health information exchange (HIE), governed by regulations and policies established by the New York State Department of Health for the Statewide Health Information Network of New York (SHIN-NY). The statute requires that a patient has the right to allow or deny access to their medical records in the HIE via a consent process for each participating organization of HealtheConnections. By allowing access, the patient authorizes the participating organization to view the patient’s personal health information (PHI) contributed to HealtheConnections.
A patient has the option to select a consent for each of their provider organizations that participate with HealtheConnections.
I give consent is an affirmative consent that allows that provider organization’s authorized users to access and view your personal health information (PHI) that has been contributed to HealtheConnections.
I deny consent does not allow that provider organization to access and view your personal health information (PHI) that has been contributed to HealtheConnections.
I deny consent except in a medical emergency allows a hospital or other critical health care providers to only access and view your personal health information (PHI) that has been contributed to HealtheConnections when you are facing a life-threatening event.
By consenting to allow your health care professionals to access your medical information, you are giving them the ability to view your medical information quickly and efficiently that could improve the quality of your care. Access to your information can save you time and money by eliminating duplicate testing, not having to remember dates and details of previous medical tests, and helping to verify medications that you are currently taking or had previously taken.
Personal Health Information, known as PHI, requires enhanced security to ensure confidentiality and integrity of patient medical records. HealtheConnections (HeC) is governed by regulations and policies set forth by the New York State Department of Health (NYSDOH) for the Statewide Health Information Network of New York (SHIN-NY). As a Qualified Entity (QE) of the SHIN-NY, HeC must comply with all security certification requirements. These certifications include requirements such as password protection, encryption of data, virtual private networks, data transmission standards, auditing, physical premises security, training for staff and authorized users at participating organizations, and more. The policies, procedures, and implementations of all security controls by HealtheConnections has created an environment based on best practice security measures to protect patient data.
HealtheConnections (HeC) complies with all New York State and Federal regulations and policies that are applicable to healthcare information. Each of HeC’s participating organizations are required to sign agreements and to fulfill the terms and conditions that allow authorized users of that organization to access and view a patient’s medical records. Audits of the accesses are conducted on a regular frequency, depending on the type of access.
If you have questions about HealtheConnections’ security or privacy policies, call 315.671.2241 x5 and request to be transferred to the Chief Privacy, Security, and Compliance Officer. To learn more about SHIN-NY Privacy & Security Policies, click here.
There are many different types of health care providers that participate with HealtheConnections—hospitals, laboratories, radiology centers, physician offices, urgent care, and other healthcare organizations. All participating organizations are encouraged to contribute data to HealtheConnections.
To view a map or list of HealtheConnections’ participating organizations and how to contact them, click here. You can search for a specific provider, or you can filter by facility type and whether they are sharing data.
To view a list of data contributors to HealtheConnections, click here.
HealtheConnections does not provide a patient portal for patients to access their data directly; however, you can refer to your provider’s portal to access your medical records. You may also obtain a report of all your data in HealtheConnections. Click to download the Patient Records Request Form. Please fill out this form and follow the instructions included to return it to HealtheConnections.
For additional information, you can find our procedures by clicking Medical Record Request Policy and Procedures. For some essential tips on how to protect your health data, click Consumer Privacy. You can learn more about consumer privacy from our partners at NYeC here.
If you have difficulty downloading any of these files, an option to have copies sent to you is available by Contacting Us. Be sure to include the form name(s) in the Message box. Or, if you prefer, you may also contact our Support Team at 315.671.2241 x5
A list of participating organizations who have accessed your records and a list of your provided consents are available. Click to download the Patient Audit Log Request Form. Complete and follow the instructions on the sheet to return to HealtheConnections. For additional information, you can find our procedures by clicking Patient Audit Log Request Policy and Procedures.
If you have difficulty downloading any of these files, an option to have copies sent to you is available by Contacting Us. Be sure to include the form name(s) in the Message box. Or, if you prefer, you may also contact our Support Team at 315.671.2241 x5
When you visit your healthcare provider that participates with HealtheConnections, you will be presented with a consent form. You can simply select your consent choice for each participating organization where you receive care. See Consent Example for consent selection choices.
If you discover errors in your medical record, you may contact HealtheConnections at 315.671.2241 x5. If the error was caused by a mis-merging of records done by HealtheConnections, we will correct the error. If the error was caused by inaccurate information shared with us by one of your providers, we will direct you to the appropriate provider.
Yes, you can change your consent to HealtheConnections at any time for any of your participating providers. Simply request and fill out a new consent form with your updated consent option at your participating provider.
If you want to deny consent for all HealtheConnections’ participants, you may do one of the following:
- Contact support@healtheconnections.org to schedule an appointment to visit HealtheConnections’ office, located at 443 North Franklin Street, Suite 001, Syracuse, NY 13204 with photo identification and complete form B-9.1 – Community-wide Deny Consent.
- Visit your provider and complete form B-9.1 - Community-wide Deny Consent. Your provider will forward the form to HealtheConnections for processing.
- Contact HealtheConnections using one of the contact methods below and we will send you a “Community-Wide Deny Consent” form. Follow the instructions on the form to complete and return it to us.
- Click on Contact us and fill in your contact information; include the form name in the Message box.
- You may also contact our Support Team at 315.671.2241 x5 to request the form.
Yes, HealtheConnections generates daily, weekly, and monthly audit reports that are provided to their participating organizations through a secure, on-line process. HealtheConnections’ participants are required to review and attest to their audit reports, as follows:
- Daily Audits
- Break-the-Glass (BTG) report – a Break-the-Glass event is when an Authorized User gains one-time access to patient information used by a HealtheConnections participating organization in an emergency situation when the patient has selected “Emergency Only” consent or in a life-threatening medical emergency when a patient has not yet consented to that participant. Participants who have used the BTG functionality are notified on the next business day to review and attest to these events.
- Weekly Audits
- Public Health and Organ Procurement Services – public health authorities, health oversight agencies, and federally designated organ procurement organizations are allowed to view patient records without the patient’s consent for purposes of public health activities, health oversight activities, and for facilitating organ, eye, or tissue donation and transplantation. The participants that are designated as public health or organ procurement organizations are notified at the beginning of each week to review and attest to their user accesses for the previous week.
- Annual Audits
- Organizations are required to review a sample of patient records they have accessed and ensure that:
- accesses to patient records were appropriate
- all active users are still working in roles that require them to have access, and users were actually working in those roles at the time that they accessed patient records.
- Organizations are required to review a sample of patient records they have accessed and ensure that:
There are penalties for inappropriate access to or use of your electronic health information. If at any time you suspect that someone who should not have seen or gotten access to information about you has done so, you may call your Provider’s office; or contact HealtheConnections at 315.671.2241 x5; or call the NYS Department of Health at 518-474-4987; or follow the complaint process of the federal Office for Civil Rights at www.hhs.gov/ocr/privacy/hipaa/complaints.
To learn more about Substance Use Disorder (also known as 42 CFR Part 2) protected health information and to understand how HealtheConnections manages this data, please click here.
Per New York State regulation, healthcare providers are allowed to share their patients’ medical records with HealtheConnections health information exchange (HIE). A patient does not need to consent or give permission to their healthcare providers to do this; however, a patient does control who they want to allow access to view their medical records.
Here are the types of data that may be available through HealtheConnections:
- Demographics / Profile – name, address, phone numbers, email, marital status, next of kin, insurances, advance directives, ethnicity, race, language preferences
- Lab and Radiology reports and Images
- Encounters – hospital, doctor office, emergency room, and other healthcare facility visits
- Procedures / Surgeries
- Medications / Immunizations
- Conditions / Allergies
- Family and Social History
- Vital signs – height, weight, blood pressure readings
