Information shared through the Local or State Health Information Exchange is protected under the Health Insurance Portability and Accountability Act of 1996 (“HIPAA”). HIPAA regulates the use and/or disclosure of your personal health information for purposes of treatment, payment, and operations.
HIE, participating providers, and health insurers use a combination of safeguards to protect your health information. Technical safeguards include encryption, password protection, and audit logs that track every participant’s use of the system. Administrative safeguards include written policies that require limited access to information through HIE. All participating providers and health insurers must agree to follow these policies. All participating providers and insurers are also regulated by HIPAA, as well as other federal and state privacy laws. They must have their own policies and other safeguards in place, including policies to train their staff and limit access to those with a need to know the information.