Privacy Policy Management

Policy management enables patients/consumers, organizations and jurisdictions to proactively safeguard the privacy of personal health information (PHI), also called individually identifiable health information (IIHI).

With HIPAAT’s centralized, interoperable, standards-based solution:

Patients and consumers are able to:

Create, edit, store and withdraw health information privacy policies, e.g. “do not disclose my medication history” or “do not disclose my PHI for research purposes.” This is done using simple Web-based consent forms, or with the guidance of a healthcare provider or privacy officer.

confirm or refuse participation in health information exchange (HIE).

allow or deny override (‘break the glass’) access to their PHI, if legislation permits.

Authorized users at care delivery organizations and HIEs are able to restrict access to a patient’s PHI at the patient’s request. Restrictions can be placed at various levels of granularity including purpose of use and type of information (e.g. lab results), from specific user(s), role(s), group(s) of users, facility or jurisdiction.

Authorized administrators are able to create and record organizational privacy policies, e.g. “restrict internal use of employees’ health information” and jurisdictional policies, e.g. “restrict disclosure of mental health records.”

For more on privacy policy management, visit myConsentMinder and Privacy eSuite.