Frequently Asked Questions
Health information exchange, or HIE, is the electronic transmission of health-related information between organizations according to nationally recognized standards. By sharing documentation in a uniformly accepted manner, providers ensure information will be received in a way that is usable for the recipient and that the data and privacy of the patient stay protected.
The ability to securely exchange health information is essential for transforming health care. Connecting health care providers, including clinicians and facilities, can ensure continuity and coordination of care for every patient. It can also provide opportunities to engage patients in their own health care.
Reduced redundancies, improved quality of care. An HIE allows two or more health care providers involved in providing care to a patient to quickly, securely and accurately share information. Because each authorized provider can readily see a patient's complete electronic health record (EHR), the need for duplicate medical tests is reduced, efficiency is improved and patients receive higher quality care.
Less paperwork, more time with patients. Authorized medical professionals can quickly and easily retrieve a patient's treatment record, lab results, prescription lists and other information even if those records are stored in a distant location. Currently, physicians and their staff are spending much of their time "chasing" paperwork and results, which means they have less time to spend with patients.
Increased accuracy and efficiency. By streamlining and simplifying transitions of care, an HIE enhances accuracy, appropriateness and efficiency in patient care.
Some states require organizations that facilitate the exchange of health information to seek a certificate of authority to operate. Certification is a process that:
- Provides an opportunity for public review of HIE service provider applications.
- Defines requirements for HIE service providers that serve the best interests of both providers and patients.
- Defines a compliance and enforcement framework to ensure certified entities conduct business in accordance with state/federal requirements.
Only health information important for providing care is exchanged between authorized health care providers who have a relationship with you (the patient) and have a need to know this information for providing treatment.
Only providers and their care partners who have entered into a legal contract with a health information exchange provider such as Simply Connect, agree to abide by its strict privacy and security policies and comply with relevant federal and state laws are allowed access to their patients' information in the HIE.
Anything that can be stored on paper medical records can be stored in an electronic health record (EHR), but electronic records can be more comprehensive and flexible. EHRs enable viewing of results not only in chronological order but also arranged in any other manner—such as charts and graphs—that would allow the patient's care providers to see trends and changes that could affect that person's treatment. EHRs also often allow care providers to quickly search and review lengthy patient records that may be difficult to sift through when they are on paper, thus improving the quality and quantity of information available to a care provider, especially in urgent situations.
Just like paper records, EHRs must comply with the federal Health Insurance Portability and Accountability Act (HIPAA), as well as other state and federal laws, so security must be built into the system. Unlike paper records, electronic records can be encrypted—using technology that makes them unreadable to anyone other than an authorized user—and security access parameters are set so that only authorized individuals can view them. For additional security, electronic records are electronic tracked to provide an accounting history of when records have been accessed and who accessed them. So in many ways, electronic health records are more secure than paper records.
Personal health information is protected by state-of-the-art systems employing many security measures—including administrative, physical and technical safeguards against such risks as loss or unauthorized access, destruction, inappropriate use, modification or disclosure. All systems, including provider EHRs and the Simply Connect network, must comply with the security provisions of HIPAA. For added assurance, the Simply Connect system is subject to regular security audits.
Health care providers who request access to your personal health information through Simply Connect must affirm that they have a proper treatment relationship with you before being granted access. The system will not make your information available until the provider affirms they have legally permissible authorization to view your information. A record is created and logged in the system every time a provider accesses your health record.
Yes. As with paper health records, you should receive a notice of privacy practices upon an initial agreement with a home care provide, a first visit to a provider or admission to a hospital. As specified by HIPAA, these notices describe how your protected health information is to be collected, used and transmitted for the purposes of treatment, payment and healthcare operations.
HIPAA provides additional protections to psychotherapy notes maintained by mental health providers. These notes may not be disclosed for any purpose unless you provide a written authorization to do so. Please see more information on "sensitive information" below.
Simply Connect maintains audit logs, tracking every occasion where your health records are accessed—identifying the authorized individual accessing your information, the date of access, the reason for accessing, and the relationship between you and the health care provider accessing your information. You have the right to request a list of this information from your health care provider and review the access logs.
No. Simply Connect and its participating providers and vendor partners take your privacy and the security of your healthcare information very seriously. Health care providers are only allowed to access the Simply Connect system using a secure login, and transmission of your information is encrypted. Providers are also only allowed to access your information if they have a health care relationship with you.
Yes. Under HIPAA requirements and Simply Connect policies, you have the right to receive a list of instances where your health information was accessed and for what purposes. If you believe that a person, agency or organization covered under HIPAA violated your (or someone else's) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint with the federal Office for Civil Rights. Individuals found in violation of HIPAA can be civilly and criminally prosecuted. For more information, see http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html
Yes. If your health care provider is participating in the HIE, they are required to notify you of their participation in HIE. At that time, or anytime thereafter in some states, you have the choice to "opt out" of having your information shared through the HIE.
Should you choose to do so, Simply Connect is committed to honoring your choice to opt out of the system and will ensure your information is not searchable in the HIE.
Although your information will not be searchable if you opt out, your health care provider may still use the Simply Connect network to issue electronic orders for lab tests, prescriptions and other directed health care services. They may also receive lab results, x-rays and other information that is sent directly to them electronically. This service is no different than your provider using the mail or a fax machine to receive this information.
Note: not all health care providers are participating in an HIE. If your providers are not participating in an HIE, then your health information is not available in the HIE.
The meaningful use incentives are only available to a specific subset of health care professionals, yet the need to securely exchange health information is something all health care professionals are experiencing regardless of settings and patient populations. Implementing a standards-based exchange is a good business practice internally and between your care and vendor partners so you are able to use the capability of your electronic health record (EHR) system to share information between your trading partners.