Privacy & Security
The N.C. Health Information Exchange Authority’s privacy and security safeguards meet or exceed federal, state and local requirements, including the:
• HIPAA Privacy Rule
• HIPAA Security Rule
• Health Information Technology for Economic and Clinical Health (HITECH) Act
Opt-out privacy – NC HealthConnex has an opt-out model. Patients have the right to opt out of having their information shared between providers through NC HealthConnex.
Strict confidentiality – Only participating health care providers and other HIPAA-covered entities that have signed contracts with the NC HIEA will be able to access patients’ medical information through NC HealthConnex. Patient data may also be provided to third parties who have entered into contracts with NC HIEA for limited purposes (e.g., the N.C. Department of Public Health for immunizations). These contracts ensure that all relevant privacy statutes and regulations are followed in how health information is viewed, used and shared. NC HIEA also has the power to audit the use of patient information by each participating practice and each third party to ensure that the law is being followed.