HIE privacy & security policy
KeyHIE privacy and security safeguards meet or exceed federal, state and local requirements including the:
- HIPAA Privacy Rule
- HIPAA Security Rule
- Health Information Technology for Economic and Clinical Health (HITECH) Act
To ensure optimal security, KeyHIE uses the Transport Layer Security (TLS) protocol to provide secure communication across a Virtual Private Network (VPN) for all KeyHIE products.
Opt-in or opt-out privacy
KeyHIE supports the privacy model (opt-in or opt-out) that is preferred by each member organization. Opt-in requires a patient’s authorization before a health care provider can access KeyHIE for the patient’s relevant clinical information and unless the patient chooses not to participate or “opts-out”, opt-out allows a health care provider to access a patient’s clinical information without a signed authorization, except for protected data.
In addition, patient information in KeyHIE will be available to participating healthcare providers who are connected to the Pennsylvania Patient & Provider Network (P3N) (PDF).
Access to patient information is only granted to organizations that consent to follow to our Regional Health Information Exchange (RHIO) agreement. KeyHIE's Security and Audit Committee routinely audits system access and reviews authentication logs.