etHIN complies with all state and federal privacy, security, and confidentiality laws, including HIPAA (Health Insurance Portability and Accountability Act of 1996). It is important for you to know that authorized healthcare providers may only access patient information for patients with whom they have a relationship to support treatment, payment, or operational activities.
etHIN and healthcare providers are subject to strict policies and procedures to protect patient information. All clinicians must complete a stringent onboarding process in order to become etHIN authorized users. All user activity within the Health Information Exchange (HIE) is monitored and audited to enforce compliance with those policies.
You may request an audit of your records at any time by contacting one of your healthcare providers who participates with etHIN (etHIN Participants).
Because etHIN is contracted with healthcare providers to furnish health information exchange services and does not serve as a patient portal, we cannot provide information directly to a patient. For that reason, the audit report will be sent to your provider who will deliver it to you. The audit will allow you to see when your medical records were accessed and by which provider.
As a Regional Health Information Organization operating a Health Information Exchange (HIE) between HIE Participants in Tennessee, etHIN will not knowingly or willingly take any action to limit or to restrict the interoperability of any of its HIE software or the EHR software of its connected Participants.
etHIN implements its HIE technology, including all supported interfaces and data transports , in a manner reasonably calculated to ensure its HIE technology is in compliance with available data exchange standards, applicable Policies, Participant Agreements, and applicable law to enable and allow for timely exchange of structured electronic health information in a secure and trusted bi-directional manner with and among Participants of the HIE.
etHIN responds in good faith and in a timely manner to requests to retrieve or exchange electronic health information, from and among etHIN Participants, in compliance with applicable law and active Participant Agreements.
etHIN will comply with the requirements of the 21st Century Cures Act applicable to health information networks and health information exchanges, including any regulations and guidance issued relating to information blocking under 42 U.S.C. § 300jj-52 (the “Cures Act”). etHIN acknowledges that it may engage in reasonable and necessary activities that may impact requests to access, exchange or use electronic health information stored or made available through the etHIN network. Any such activities will be based on etHIN’s good faith belief that such activities meet the conditions of an exception to the information blocking rules identified by the Office of the National Coordinator for Health Information Technology in 45 C.F.R. Parts 170 and 171 or any subsequent regulation or guidance.