Policies, Privacy, Security

Patient privacy and data security,
our first priority


Healthix Policies and Procedures

The Healthix Privacy and Security Policies provide a common and consistent framework for the exchange of patient health information through Healthix and the Statewide Health Information Network for New York (SHIN-NY). Data governance is covered in the Healthix Bylaws. Should you wish to receive a copy of the Healthix bylaws, contact us at compliance@healthix.org.




Healthix adopts a continual data security improvement model. We invest in the people, processes, and technology to exceed data privacy requirements. Healthix adheres to both HIPAA and HITECH requirements and has also earned HITRUST CSF Certification for information security.


We use state-of-the-art technologies that actively block would-be attackers, alert us of potential attacks, and protect our servers. Our technologies include:

  • Firewalls
  • Antivirus
  • Managed Security Services Provider
  • File Integrity Monitoring
  • Multifactor Authentication
  • Network Intrusion Prevention Systems


As a steward of data for over a thousand organizations in the network, Healthix is deeply committed to protecting the privacy of patient information. We follow the New York Department of Health Policies developed for Health Information Exchange providers and regularly perform audits to monitor access to patient data.


Healthix has a range of cybersecurity programs including;

  • Cybersecurity Risk Management
  • Incident Response
  • Security Architecture (Network and Application)
  • Identity and Access Management
  • Threat and Vulnerability (including yearly penetration testing)
  • Awareness and Training
  • Configuration Management
  • Data Protection

Public Availability of Audits

Healthix conducts a variety of annual audits to ensure the integrity of privacy and security and compliance with New York State and Healthix Policies. These include Consent Audit, User Identity Audit, User Access as well as audits on emergency Break the Glass Access, Payer Access, Public Health Access and others. Please contact compliance@healthix.org for details.


Healthix Audit Activity
CY 2020 CY 2021
Audit Type Participant # Compliance Rate Participant # Compliance Rate
Consent  —  Suspended due to COVID-19  —  —  Suspended due to COVID-19  —

User Access 77 91% Q3′ 2021 Q3′ 2021
Payer Access (Portal) 4 99% Q3′ 2021 Q3′ 2021
Payer Access (CEN) 10 90% Q3′ 2021 Q3′ 2021
User Identity 70 99% Q3′ 2021 Q3′ 2021
Life and Disability Insurer N/A N/A 3 98%