Privacy and Security
Protecting your health information in the Vermont Health Information Exchange is of utmost importance to VITL.
Most of us go to more than one place for health care. So we have medical records in many different places. The next time you visit your health care provider, you may be asked to give your consent to allow the providers involved in your care access to the Vermont Health Information Exchange.
If the providers in each place could see your other records, they would know more about your health. If they know more, they may be able to give you better care. To help with this, Vermont has a system to electronically share medical records among providers, called the Vermont Health Information Exchange (VHIE).
Protecting Your Health Information
The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules are the main federal laws that protect your health information.
- The Privacy Rule gives you rights with respect to your health information.
- The Privacy Rule also sets limits on how your health information can be used and shared with others.
- The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards.
There is an extensive set of questions and answers regarding what patients should know about their rights under HIPAA in the privacy and security section of the healthit.gov website.
There are also federal laws that protect specific types of health information, such as information related to federally-funded alcohol and substance abuse treatment.
As the operator of the Vermont Health Information Exchange, a statewide network that enables health care providers to securely send information to each other, VITL has adopted policies and procedures that meet all federal and state laws and rules.
VITL ensures the privacy and security of health information
- We routinely review our policies and procedures to ensure they are in compliance, and update them when necessary.
- VITL has designated the Chief Technology Officer as the privacy and security officer, who monitors adherence to our privacy and security policies and procedures and is able to act when needed.
- All VITL employees have signed confidentiality agreements, which legally require them to keep confidential any protected health information that they have access to as part of their employment.
- VITL works with its contractors to ensure that only authorized users have access to the Vermont Health Information Exchange, and that data on the network remains private and secure. We also advise hospitals, physician practices and other Vermont health care providers on privacy and security issues.
- Legal contracts have been signed with health care providers using VITL's services, including the Vermont Health Information Exchange, outlining the terms and conditions for VITL to handle protected health information on the provider's behalf. These terms and conditions meet all federal and state requirements.