HIE privacy & security policy
KeyHIE privacy and security safeguards meet or exceed federal, state and local requirements including the:
- HIPAA Privacy Rule
- HIPAA Security Rule
- Health Information Technology for Economic and Clinical Health (HITECH) Act
- NIST 800-53
To ensure optimal security, KeyHIE uses the Transport Layer Security (TLS) version 1.2 protocol to provide secure communication across a Virtual Private Network (VPN) for all KeyHIE products.
Opt-in or opt-out privacy
KeyHIE supports the privacy model (opt-in or opt-out) that is preferred by each member organization. Opt-in requires a patient’s authorization before a health care provider can access KeyHIE for the patient’s relevant clinical information unless the patient chooses not to participate (opt-out). Opt-out allows a health care provider to access a patient’s clinical information without a signed authorization, except for protected data.
In addition, patient information in KeyHIE will be available to participating healthcare providers who are connected to the Pennsylvania Patient & Provider Network (P3N) (PDF).
Access to patient information is only granted to organizations that consent to follow to our KeyHIE participation agreement. KeyHIE's Security and Audit Committee routinely audits system access and reviews authentication logs.