The Rules of the road: SHARE policies
You’ll find complete, detailed information about our specific policies in the OHIT Privacy Policies.
The Office of Health Information Technology (OHIT), in collaboration with the health care community, has developed Privacy and Security Policies that provide guidance and “rules of the road” for SHARE participants.
SHARE’s core privacy principles and policies promote balance between patient control of and access to health information, and the operational needs of participating providers. Health Information Exchange can bring many benefits for patients and improvements to the health care system. Our goal is to ensure that protected health information uses and disclosures through SHARE help these gains become reality.
The policies and procedures are rooted in nine (9) privacy principles:
- Disclosure Limitation: Participating providers must comply with federal and state laws, including HIPAA, when disclosing patient information.
- Individual Access: Patients may access their health information unless access is not permitted under state or federal law.
- Correction: Patients may dispute the accuracy or integrity of their health information.
- Openness and Transparency: OHIT has an educational process to help patients understand the HIE concept, protected health information and the purposes for using or disclosing information.
- Individual Choice: Patients can choose whether to make their protected health information available in SHARE.
- Collection & Use: OHIT enforces limitations on the collection, use and disclosure of protected health information through SHARE.
- Data Quality & Integrity: Participating providers are responsible for the quality and integrity of data exchanged in SHARE.
- Safeguards: Only authorized users have access to the information in SHARE. Compliance monitoring and auditing further safeguard the data.
- Accountability: Participating individuals and entities must sign binding contracts, which define requirements for protecting data and notifying SHARE of privacy or security incidents.