Key Questions: What are the Privacy and Security Policies and Procedures of the Statewide Health Information Network for New York? What are the definitions of the key sections?
This document, the Privacy and Security Policies and Procedures for Qualified Entities and their Participants (the “Policies and Procedures”), sets forth the privacy and security-related policies governing interoperable health information exchange through the Statewide Health Information Network for New York (the “SHINNY”). Through the adoption of comprehensive, standardized policies and procedures governing privacy and security, New York State aims to ensure trusted health information exchange through the SHIN-NY that will improve health care delivery and health outcomes for all New Yorkers.
The New York State Department of Health (“NYS DOH”), along with key stakeholders, participated in the development of the Policies and Procedures through the Statewide Collaboration Process described below. It is the opinion of the NYS DOH that the Policies and Procedures are compliant with state and federal laws.
Although specific to the SHIN-NY context, the information contained within may be relevant to other entities setting up an HIE.
- SECTION 1: CONSENT
- SECTION 2: AUTHORIZATION
- SECTION 3: AUTHENTICATION
- SECTION 4: ACCESS
- SECTION 5: PATIENT ENGAGEMENT AND ACCESS
- SECTION 6: AUDIT
- SECTION 7: BREACH
- SECTION 8: HIPAA COMPLIANCE
- SECTION 9: SANCTIONS
- APPENDIX A: MODEL LEVEL 1 CONSENT
- APPENDIX B: MODEL LEVEL 2 CONSENTs
- Oversight & Enforcement Policies and Procedures for QEs
- Qualified Entity (QE) Minimum Technical Requirements
- Qualified Entity (QE) Member Facing Services Requirements
- Qualified Entity (QE) Organizational Characteristics Requirements