Anything that can be stored on paper medical records can be stored in an EHR, but electronic records can be more comprehensive and flexible. EHRs and EMRs enable viewing of results not only in chronological order but also arranged in any other manner, such as charts and graphs, that would allow the patient's care providers to see trends and changes that could affect that person's treatment.  EHRs and EMRs also often allow care providers to quickly search and review lengthy patient records that may be difficult to sift through when they are on paper, thus improving the quality and quantity of information available to a care provider, especially in urgent situations.

Just like paper records, EHRs must comply with the federal Health Insurance Portability and Accountability Act (HIPAA), and other state and federal laws, so security must be built into the system. Unlike paper records, electronic records can be encrypted - using technology that makes them unreadable to anyone other than an authorized user - and security access parameters are set so that only authorized individuals can view them.  Further, electronic records offer the added security of an electronic tracking system that provides an accounting history of when records have been accessed and who accessed them.  So, in many ways, electronic health records are more secure than paper records.

• Storing health records electronically allows for quick retrieval of patient information by authorized physicians and staff wherever and whenever necessary. That ensures information about each patient is accessible and complete whenever a provider must make a treatment decision.
• EHRs make it easy for physicians and providers to search, track and analyze information that improves patient care. Unlike paper records, they are not bulky, they don't take up costly space and they don't require labor-intensive methods to maintain, retrieve and file. EHRs are also stored in a standard way, so information is where the provider expects it to be, and there is no need to decipher handwritten notes.
• EHRs also provide easier access in times of emergency and can be backed-up easily and cost effectively, thus avoiding loss of critical information during and after times of disaster (such as flood, hurricane or tornado destruction).
• Unlike paper records, electronic records are encrypted and access is restricted so that only authorized individuals can view them.  Furthermore, any time a person accesses an electronic record, the information is tracked and audited.  When paper records are viewed by people, it is very difficult to track who saw the information and whether it was authorized.

• A health information exchange (HIE) network allows health care information to be shared between health care providers within a community or larger region.
• It allows clinical information to quickly move electronically between the different health care information systems that may be used by a patient's different providers (e.g., specialists, labs) while maintaining the privacy, security and accuracy of the information being exchanged.

• An HIE allows two or more health care providers involved in providing care to a patient to quickly, securely, and accurately share information. Because each authorized provider can readily see a patient's complete electronic health record (EHR), the need for duplicate medical tests is reduced, efficiency is improved, and patients receive higher quality care.
• Authorized medical professionals can quickly and easily retrieve a patient's treatment record, lab results, prescription lists and other information even if those records are stored in a distant location. Currently, physicians and their staff are spending much of their time "chasing" paperwork and results, which means they have less time to spend with patients.
• HIE enhances accuracy, appropriateness and efficiency in patient care.

• Only health information important for providing care is exchanged between authorized health care providers who have a relationship with you (the patient) and have a need to know this information for providing treatment.
• Only providers who have entered into a legal contract with CORHIO and agree to abide by its strict privacy and security policies and comply with relevant federal and state laws are allowed access to their patients' information in the HIE.
• The law (often referred to as "HIPAA," or the Health Insurance Portability and Accountability Act Privacy and Security Rules) prohibits health care providers from sharing your personal health information for any purpose other than treatment, payment, and health care operations without special permission from you to do so.  HIEs, like CORHIO, have built-in support for HIPAA and other security and privacy laws.
• When your health information is shared through the HIE, information about access to your record is stored electronically in an accounting history.  This includes the identity of those who accessed your record, the date of access, the types of information accessed and the reason your record was accessed.  This makes it easier for health care providers to enforce laws and their own policies restricting access to your records and helps you track the privacy of your health information in a way that is not possible with paper records.

CORHIO policies and state and federal law require we use the minimum amount of personal information to ensure we are providing the right information regarding the right person to the right provider.

Yes. CORHIO maintains audit logs, tracking every occasion where your health records are accessed - identifying the authorized individual accessing your information, the date of access, the reason for accessing, and the relationship between you and the health care provider accessing your information.  You have the right to request a list of this information from your health care provider and review the access logs.

Yes.

• As with paper health records, you should receive a notice of privacy practices upon a first visit to a provider or admission to a hospital.  As specified by HIPAA, these notices describe how your protected health information is to be collected, used, and transmitted for the purposes of treatment, payment, and healthcare operations.
• HIPAA provides additional protections to psychotherapy notes maintained by mental health providers.  These notes may not be disclosed for any purpose unless you provide a written authorization to do so.  Please see more information on "sensitive information" below.
• CORHIO maintains audit logs, tracking every occasion where your health records are accessed - identifying the authorized individual accessing your information, the date of access, the reason for accessing, and the relationship between you and the health care provider accessing your information.  You have the right to request a list of this information from your health care provider and review the access logs.
• Health care providers who request access to your personal health information through CORHIO must affirm that they have a proper treatment relationship with you before being granted access.  This is called "breaking glass," meaning the system will not make your information available until the provider "breaks the glass" by affirming they have legally permissible authorization to view your information.  A record is created and logged in the system every time a provider "breaks the glass" on your health record.

• Under HIPAA requirements and CORHIO policies, you have the right to receive a list of instances where your health information was accessed and for what purposes.

• If you believe that a person, agency or organization covered under HIPAA violated your (or someone else's) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint with the federal Office for Civil Rights.  Individuals found in violation of HIPAA can be civilly and criminally prosecuted.  For more information, see: http://www.hhs.gov/ocr/privacy/hipaa/complaints/index.html

• If your health care provider is participating in the HIE, they are required to notify you of their participation at your next appointment or at the time of registration.  At that time, or anytime thereafter, you have the choice to "opt out" of having your information shared through the HIE.
• Should you choose to do so, CORHIO is committed to honoring your choice to opt out of the system and will ensure your information is not searchable in the HIE.
• Although your information will not be searchable if you opt out, your health care provider may still use CORHIO's network to issue electronic orders for lab tests, prescriptions, and other directed health care services, and may also receive lab results, x-rays, and other information that is sent directly to them electronically.  This service is no different than your provider using the mail or a fax machine to receive this information.

Note: not all health care providers are participating in HIE.  If your providers are not participating in HIE, then your health informtaion is not available in the HIE.

All participating health care providers are required to notify all patients that they are participating in CORHIO. When you visit a participating provider you will receive a notice about this, which may be accompanied with the provider's HIPAA privacy notification.

• HIPAA requires health care providers and health plans to allow you access to your medical records.  Notices you receive from your providers and plans must include information about how you can obtain copies of your medical records.
• You must request copies of your medical record from your health care provider. CORHIO employees are not permitted to access your health information in any way, therefore CORHIO cannot provide copies of your records.
• If you receive care in a federal medical facility, you have a right to obtain your records under the federal Privacy Act of 1974 (5 USC sec. 552a).

Personal health information is protected by state-of-the-art systems employing many security measures, including administrative, physical, and technical safeguards, against such risks as loss or unauthorized access, destruction, inappropriate use, modification, or disclosure.  All systems, including provider EHRs and CORHIO's network, must comply with the security provisions of HIPAA.  For added assurance, the CORHIO system is subjected to regular third-party security audits.

• Considering the highly sensitive nature of patient data and information, CORHIO maintains a zero-tolerance policy regarding inappropriate use of the CORHIO HIE system. Authorized users who violate CORHIO Policies, as identified through reporting, audit, or other processes, will be sanctioned appropriately, may have their access terminated by CORHIO, and will be referred for appropriate disciplinary action within their own organizations.
• Additionally, those found in violation of HIPAA can face civil and/or criminal penalties, including fines from $50,000 to $250,000 and/or imprisonment ranging from 1 to 10 years depending upon the severity of the offense.  They can also face civil penalties for HIPAA violations that could range from $100 for each violation up to $25,000 per calendar year for all violations of an identical requirement.  Maximum civil penalties for multiple violations can range from $25,000 to $1.5 million. You may obtain more information about HIPAA penalties on the website for the Department for Health and Human Services.

No, CORHIO does not share health information with any employers. Additionally, the HIPAA Privacy Rule absolutely prohibits health care providers and plans from disclosing personal health information to employers without a patient's explicit, written authorization.

No, CORHIO provides HIE services to share pertinent health information exclusively between health care providers for treatment purposes.

CORHIO's HIE services currently do not include claims processing or other interactions with health plans.  However, in the future, to assist health care providers in receiving payment, CORHIO's network may be used to transmit standard claims from providers to health plans.  This would not provide health plans with any more information than they already receive today, and it would not include giving insurance companies access to your personal health records.  If CORHIO were to provide the connectivity for providers to transmit standard insurance claims over the HIE network, only the minimum information necessary to ensure providers are paid for the health care services they provide to you would be included.

Yes, you can request revisions and corrections to your health records by talking with your health care provider who is the owner/creator of the record in question. CORHIO does not alter your health information in any way; the HIE simply provides a method to privately and securely transport health information from one provider to another.

Certain kinds of health information, including mental health notes, substance use and genetic testing, are subject to additional legal protections.  These additional protections may include a requirement that express written consent be obtained for each release of protected information and other requirements relating to the form of the consent or other information that must be provided to the patient at the time of consent.   All health care providers participating in CORHIO are required to comply with such laws and regulations and ensure these special protections are provided to this important and sensitive health information.