SCHIO maintains various policies and procedures on how SCHIO Participants may use the data within the SCHIO.  These policies and procedures are reviewed and approved by the SCHIO Board of Directors.  Health information provided by Participants may be used as necessary to perform services by healthcare clinicians, health plans and others participating with SCHIO as permitted by federal and state laws and regulations.

We use advanced technology with sophisticated security.  Only authorized healthcare professionals with a secure login can access your health information.  Your health information isn’t just on the internet.  Your health information is encrypted when transmitted to your health care clinicians.  We implement role-based access technology to ensure that only clinicians involved in delivering care can access your information.  We monitor access to your health information and keep a log of every time anyone accesses your health record.  Under federal law, you have the right to receive a list of instances where your health information was accessed and for what purpose.

With SCHIO your information is safer electronically than traditional paper records.  No more faxing or mailing health information and your clinicians can access your records when needed, at the point of care even in the event of an emergency.

• Access Control – limit  patient information access to only authorized individuals
• Data Encryption – patient health information can’t be read or understood except by those using a system that can decrypt it with a key
• Audit Trail – event logs of who has accessed a particular patient’s information
• Notification of a breach – requirement by federal law that providers, hospitals, and other care professionals notify a patient of a breach of his or her health information.

Congress enacted the HIPAA Privacy Rule to ensure patients have the rights over their own health information, no matter what form it is in.  The government also created the HIPAA Security Rule to require specific protections to safeguard patients’ electronic health information.  Know your rights.

​For more information, click here.

There are some services provided in our organization through contracts with business associates.  When services are provided by contracted business associates, we may disclose the appropriate portions of your health information to them so they can perform the job we have asked them to do. However, our business associates are also required by law to safeguard your information.

SCHIO is an Opt-Out model.  This means that your health information can be shared electronically with Participants for the purposes of healthcare operations.  It is important for patients to understand the following:

• The right to opt-out of having their individually identified information securely shared through the HIO;
• The right to change their mind regarding an opt-out decision;
• The right to ask for a copy of their health information;
• The right to request a list of inidividuals who have viewed their information through the HIO for a period of 3 years before the patient’s request; and
• The right to be notified of a breach at the HIO that affects the patient’s individually identifiable health information.