The Healthix Privacy and Security Policies provide a common and consistent framework for the exchange of patient health information through Healthix and the Statewide Health Information Network for New York (SHIN-NY). Data governance is covered in the Healthix Bylaws. Should you wish to receive a copy of the Healthix bylaws, contact us at [email protected].
Healthix regularly reviews the OCR Breach Portal for any breaches submitted by our Participants. This is done to assure our Participant’s compliance with the Healthix Privacy and Security Policy Section 7 which sets forth minimum standards that shall be followed in the event of a breach. Please take the time to review critical information about responsibilities for breach notification as referenced in the policy. A copy of Healthix Incident Response Plan, which is referenced in Section 7 | Appendix C, can be obtained by request. Contact us and state your request by selecting “Privacy Concern” and adding your request in the details section before submitting. Please see more >>
If Healthix determines that a breach of patient data has occurred, patients/consumers will be notified in accordance with Healthix Policy SECTION 5: PATIENT ENGAGEMENT AND ACCESS.
Healthix adopts a continual data security improvement model. We invest in the people, processes, and technology to exceed data privacy requirements. Healthix adheres to both HIPAA and HITECH requirements and has also earned HITRUST CSF Certification for information security.
We use state-of-the-art technologies that actively block would-be attackers, alert us of potential attacks, and protect our servers. Our technologies include:
As a steward of data for over a thousand organizations in the network, Healthix is deeply committed to protecting the privacy of patient information. We follow the New York Department of Health Policies developed for Health Information Exchange providers and regularly perform audits to monitor access to patient data.
Healthix has a range of cybersecurity programs including;
Healthix conducts a variety of annual audits to ensure the integrity of privacy, security and compliance with the New York State and Healthix policies. These include Consent Audit, User Audit, User Access Audit, Identity Proofing Audit and validation of authorizations/consents received from life and disability insurers. In addition to annual audits, Healthix monitors access by public health agencies and accesses in cases of emergency called “Break The Glass”. Please contact [email protected] for details.”
| CY 2023 | CY 2024 | |||
|---|---|---|---|---|
| Audit Type | Participant # | Compliance Rate | Participant # | Compliance Rate |
| Consent Audit | 74 | 86% | 78 | In Progress |
| User Audit | 84 | 98% | 83 | 97% |
| User Identity Proofing | 78 | 97% | 81 | In Progress |
| User Access Audit (Q1) (# Accesses) | 30 | 71% | 30 | 77% |
| User Access Audit (Q2) (# Accesses) | 30 | 77% | 30 | Scheduled for Q3’2024 |
| User Access Audit (Q3) (# Accesses) | 31 | 77% | 30 | Scheduled for Q4’2024 |
| User Access Audit (Q4) (# Accesses) | 30 | 90% | 30 | Scheduled for Q1’2025 |
| Life and Disability Insurer | 2 | 96% | 2 | Scheduled for Q3’2024 |
