Privacy and Security

The NC HIEA’s privacy and security safeguards meet or exceed federal, state and local requirements, including the:

HIPAA Privacy Rule
HIPAA Security Rule
• Health Information Technology for Economic and Clinical Health (HITECH) Act

Opt-Out Privacy – NC HealthConnex has an opt out model. Patients have the right to opt out of having their information shared between providers through NC HealthConnex. Please note that there is an exception in state law that allows health care providers to access patient information during emergencies. However, only a privacy officer in an administrative capacity will have access to this information in the event of an emergency.

Strict Confidentiality – Only participating health care providers and other HIPAA covered entities that have signed contracts with the NC HIEA will be able to access a patient’s medical information through NC HealthConnex. Patient data may also be provided to third parties who have entered into contracts with the NC HIEA for limited purposes (e.g. the NC Department of Public Health for immunizations). These contracts ensure that all relevant privacy statutes and regulations are followed in how health information is viewed, used and shared. The NC HIEA also has the power to audit the use of patient information by each participating practice and each third party to ensure the law is being followed.

Privacy and Security Policies