top of page
Copy of Copy of Black Minimalist Health Insurance Linkedin Banner (3).png

PATIENT PRIVACY AND SECURITY IS OUR TOP PRIORITY

How does Connie protect patient privacy?
Connie complies with all federal and state laws and regulations on data sharing and privacy. This is codified in Connie’s enabling legislation, its contract with OHS to perform its functions as the state-designated HIE, and its data sharing agreements with its participating organizations. Connie has a Data Release Policy available on its website that details the circumstances under which Connie shares data and an active Privacy, Security, and Confidentiality Committee of its board to provide oversight over Connie’s programs.


Connie is a voluntary benefit for Connecticut’s residents – they have the option of opting out of Connie and have had that option since we began. Additionally, all patients have the right to request an Accounting of Disclosures to see who has had access to their information in Connie.


How does Connie protect reproductive health data specifically in the case of a subpoena? 
By state law and Connie’s own policies, Connie cannot provide any information nor contribute in any way to civil or criminal inquiries of a patient’s legal reproductive services in Connecticut.

 

Does Connie share data nationally? 

Yes, in keeping with our mission of enhancing the health and well-being of Connecticut’s residents, we connect with National Networks so that our patients’ data is accessible by their treating providers no matter where they receive care. Similarly, we don’t want the burden of relaying clinical information to fall solely on a patient who receives care out of state – that data can be accessible to that patient’s Connecticut-based provider. 

If you share data nationally, how are you ensuring that reproductive health data, or other sensitive data, isn’t being used inappropriately?
There are several laws at both the Federal and state level that govern who can access a patient’s healthcare data including reproductive health or other sensitive data. Further the data sharing agreements for all the National Networks stipulate that data can only be accessed for specific permitted purposes – in this case, treatment. Simply put, it’s illegal to query a patient’s record through national exchanges for anything other than treatment purposes or for individual access (meaning a patient requesting access to their data through a third-party app). Connie is in the same boat as all provider organizations who currently share and have shared clinical data through private HIEs, like Epic’s CareEverywhere or National Networks and frameworks like Carequality and eHealth Exchange. 
 

Can patients opt out of sharing information about medication history? 

Yes, patients can opt out of Connie. If a patient opts out, they are opted out of every aspect of data sharing that is not otherwise required by law. Connie maintains a service to allow providers to view a patient’s Narx report from the state’s Prescription Monitoring Program (PMP) from within the Connie portal. State law does not allow patients to opt out of the PMP. 

I have opted-out, can I opt back into Connie? 

Yes, you can opt back into Connie at any time. Patients who want to opt back in, or have any questions, should call Technical User Support at 866-987-5514.  

 

Unfortunately, we cannot retrieve the information we deleted when you opted out so your historical clinical information will not be in Connie.  

 

Can a person under the age of 18 opt-out of Connie? 

In accordance with Connecticut law, any patient that can legally consent to health services can opt out of Connie. Accordingly, children under the age of 13 need to have a parent or guardian opt-out for them. Because children aged 13-17 are permitted to consent to some health services in Connecticut, either the parent/guardian or the child (between the age of 13-17) can opt themselves out. 

 

If I opt-out, does that cover everything? 

No. There are some limited and specific instances where the opt-out choice does not apply:  

 

Public Health Reporting: Certain information is required to be reported by providers to public health agencies, such as monitoring disease trends, conducting outbreak investigations, and responding to public health emergencies. In these specific cases, Connie  may be used as the mechanism for the provider to report this information. Also, Controlled Dangerous Substances (CDS) information, as part of the Connecticut Prescription Monitoring Program (PMP), will continue to be available through the HIE to licensed providers.  

 

As Required by Law: The HIE may access, use or disclose your health information as required by law, regulation, court order or legal process.  

 

For Connie’s Internal Management and Operations: In order for Connie to be able to maintain your decision to opt-out, we will need to maintain some basic demographic information including your name, date of birth, and address.  

 

Please note that even if you opt out of your data being shared to and through Connie, this may not impact your other healthcare providers who may be sharing data through local EMR networks and to and through National Networks. 

 

Do my providers know if I have opted-out? 

Connie does not explicitly notify your providers if you have opted out. However, if you opt out of Connie and your provider searches for your information in the Health Information Exchange at a later time, they will see a pop-up notification stating you have opted out. 

How do I know if my doctor participates with Connie? 

Per state statute, all healthcare organizations are required to participate with Connie. Timeframes for connectivity to Connie vary. To see a list of organizations who currently share information with Connie, CLICK HERE.  

 

Your healthcare organization may let you know that they’re sharing data with Connie in a variety of ways including through their Notice of Privacy Practices, by updating language on their website, or by posting information where you can see it.  

 

How can I find out who has accessed my data? 

Patients may view the history of who has accessed their individual data by requesting an Accounting of Disclosures from Connie. All access is tracked and may be audited internally by Connie. 

 

Will I be able to access my own medical information through Connie? 

Coming soon, patients will be able to access their records in Connie. Connie is in the process of evaluating both the technical considerations and the policy aspects in accordance with patient access and interoperability rules. 

 

Can I control who sees my information in Connie? 

You can control whether you want your data shared through Connie to authorized users who have a declared relationship with you, such as your doctor or your hospital. However, you cannot pick and choose which healthcare providers are authorized to view your information in Connie. You may choose not to make your data available in Connie by opting-out. If you choose to opt out of Connie, none of your data will be shared with any healthcare provider you visit for your care.

 

How far back do my online records go? 

Connie began collecting information in January 2021. It is possible that you may have records prior to 2021 in Connie. Ask your healthcare provider when they began sending information to Connie, and what types of information was shared. To see a list of organizations who currently share information with Connie, CLICK HERE

 

Can my data be purchased? 

Privacy, security, and confidentiality of individuals' data along with transparency around data collection and release is of paramount importance to the State, Connie’s board, and Connie’s management. Under HIPAA, Connie is prohibited from selling Protected Health Information (PHI) without written authorization from the patient. Connie does not and will not sell patient PHI. No entity can skirt the law and access patient data from our HIE through other means, such as subscriptions, without approved purposes of use and authorized access. 

Access to patient data in the HIE is governed by, and consistent with, Federal and state law, including HIPAA. The HIE does not expand or increase such access rights in any way. Rather, Connie improves the method by which such already-permitted access occurs making it more secure, more timely and more transparent. All participating organizations sign legal agreements that require that access to and sharing of patient data be in compliance with applicable laws and for only those purposes authorized by applicable laws.  

 

In the future, Connie will charge reasonable and cost-based fees for providing the services necessary to facilitate that exchange within the parameters of federal and state laws.  

 

What can I do if there is a mistake in the information Connie has about me? 

If you believe there is a mistake in your medical record, you should talk to your doctor or health care provider since they created your medical record and are the only ones authorized to make changes. You may contact Connie for a list of healthcare providers who have shared information about you through Connie. 

Does Connie share my health information with employers? 

No.  Connie does not share any of your information with employers. 

Do health insurance companies have access to my data and will they have access to the same data that my provider sees? 

Health insurance companies can access your data through Connie if they are connected to it for care coordination, management, and quality improvement purposes for active members. 

What do I do if I think an unauthorized person viewed my records? 

Contact Technical User Support at 866-987-5514 immediately, and we will investigate. Patients may view the history of who has accessed their individual data by requesting an Accounting of Disclosures from Connie. All access is tracked and may be audited internally by Connie. You can also talk to your provider who participates with Connie. 

What security measures does Connie use to ensure the protection of my information? 

Keeping patient data safe is a Connie priority. Connie’s technical infrastructure partner, the organization that is responsible for managing the data on behalf of Connie, CRISP Shared Services (CSS), is HITRUST and EHNAC (HIEAP) certified. These certifications are considered the national gold standards for privacy and security and demonstrate that an organization is taking the most proactive approach to cybersecurity, data protection, and risk management & mitigation. These certifications require ongoing updates, training, and recertification activities. 

 

CSS also adheres to federal and state regulations and undergoes an annual security audit by a third-party firm. As part of its security program, CSS has deployed a suite of next generation security tools and exercises to protect data in accordance with the NIST Cybersecurity Framework (CSF). 

 

How is Connie notified when I change providers? 

The foundation for a Health Information Exchange is the established care relationship between providers and patients when a medical encounter occurs. Connie uses these encounters to determine and update a patient's care team when any encounters take place. When you are seen by your provider, information is sent to Connie to share your demographic information as well as summary information about your visit. That encounter information establishes a care relationship between you and your provider. When you change providers, your new provider will send us encounter information that establishes your new relationship.  

bottom of page