Home For Patients

For Patients

About Us: Rochester RHIO (Regional Health Information Organization) is a secure, electronic health information exchange (HIE) serving authorized medical providers and over 1.5 million residents in 14 counties. Rochester RHIO is a fully, accredited Qualified Entity of the Statewide Health Information Network of New York (SHIN-NY). Rochester RHIO receives electronic health information (EHI) from many data sources across the greater Finger Lakes Region. For a full listing of which providers submit data to Rochester RHIO, go to: https://providerportal.grrhio.org/ParticipantMap and select "Participants Sending Data".

Consumer Education: Mind the App

Rochester RHIO believes in the power of health information to improve patient care and outcomes. That includes a belief that patients have a right to their own health data, and a right to decide with whom that data is shared. We believe it is extremely important to share information about health data privacy and explain to users that if they share their data with an app, it is likely no longer protected by state and federal privacy law (such as HIPAA), and the app may use health data however it decides—including targeted marketing and selling to third parties. This could put patients’ information at risk of being used in ways that violate their privacy.

Some apps are safer than others. Be safe and protect your health data. Before you agree to share your health information with an app, find out more about how your data will be used.

When it comes to your health data, mind the app. Click for more information.






 

 

 

We have shared an easy to understand educational document to share with patients and consumers who may use mobile health apps. Please feel free to download and share this broadly with individuals and communities to help promote awareness so that everyone can be safe and “mind the app”. Source: New York eHealth Collaborative

Mind the App is available in the following languages:

Introducing Cures Gateway: Your Gateway to Personal Health Data

Welcome to the future of managing your health information! Rochester RHIO is excited to introduce Cures Gateway, a revolutionary self-service tool designed with you in mind. This tool empowers you to access your medical records easiy and securely from RHIO participating data sources, putting you in control of your healthcare journey.

 

A Look Back and Ahead: The Evolution of Cures Gateway

Rochester RHIO partnered with Selfii to introduce the Cures Gateway, aligning with NIST identify proofing standards. This direct access app allows patients to seamlessly access their Electronic Health Information (EHI) records and share them as needed. 

Why is Cures Gateway Important? 

Cures Gateway is more than just a tool--- it's a way for you to access ALL your healthcare information in alignment with the federal rule for patient sharing of information per CURES Act. With Cures Gateway, you have the power to access, download and store your medical records whenever you need them. 

Patients now have access to health information from each of their providers and regional health information exchanges, as mandated by the CURES Act.

  1. Patients can receive their EHI through a secure, electronic method or via postal mail.
  2. It's your responsibility to protect the privacy and confidentiality of your ePHI once it's delivered. Note that the HIPAA law does not apply to individuals or most Patient Health Record Systems (PHRs) and personal apps.

How is Cures Gateway Different? Does it Replace MyChart or Other Portals? 

Cures Gateway, also known as the Selfii app, is a patient-controlled repository that consolidates health information from various sources into one accessible location. While it doesn't replace portals like MyChart, it goes beyond by including data from outside Epic/My Chart or other EMR-connected portals.

Who Can Access Cures Gateway? Can Family and Caregivers Access My Information?

Currently, only the individual requesting records can create an account via the self-serve onboarding process. While we haven't implemented parent/child or caregiver access yet, we have a manual process to accommodate such users, if necessary. See information on the manual process below.

What Do You Need to Access Cures Gateway?

To get started, you'll need a computer or smartphone with a camera, a government-issued ID, and a phone to receive a text. The identity proofing process takes 5-10 minutes, and you'll be prompted to enter basic information like your name, date of birth, userID (email), and a password.

How Quickly Can You Sign Up, and When Will Your Information be Available?

The identity proofing process takes about 5 minutes if you have your ID handy. Once completed, you can access your records immediately after logging into the app. Data usually appears within about a minute, but it may take up to 30 minutes. Keep in mind that data isn't updated automatically; there's a button to initiate a re-query.

Is Help Available? How Can You Reach Support?

Yes, help is available! The intercom chat bot on the Ciitizen website and the Ciitizen account, accessed by clicking on the "?" during onboarding, are convenient ways to get assistance. You can also reach out to our support team at 855-244-8493 or via email at cii-support@invitae.com.

Thank you for choosing Cures Gateway—a step towards a healthier, more informed you!

Manual Process to Obtain your Health Information

What is the manual process to obtain your patient health information? You'll need to complete the following paper Authorization for Release form to secure the files via a pdf type of format.

  1. You'll need to provide proof of identity and a copy of the Authorization Release form to our office before your health information can be released to you. Some suggested types of identification are provided below. 
  2. Some types of acceptable identification include:
    - A government-issued photo ID.
    - A photo ID (non-government issued) and a utility bill with an address.
    - Call RHIO Support at 1-877-865-7446 (RHIO) for additional options.
  3. Next, mail in notarized Rochester RHIO Authosrization for Release form along with a copy of your identification and contact information.
    Please note: Our office is closed for the following holidays: Day after New Year’s, Memorial Day, Juneteenth, 4th of July, Labor Day, Thanksgiving, Day after Thanksgiving and Christmas. On the day preceding a holiday, the office may close early (3 p.m.).call RHIO Support at 1-877-865-7446 (RHIO) if you choose to schedule an in-person appointment or visit our office during normal business hours, 8:30 a.m. - 4 p.m., Monday - Friday, located at 200 Canal View Boulevard, Suite 200, Rochester, NY 14623.
  4. Once Rochester RHIO has confirmed your identity, and the information on the form is complete, we'll process your request.

What, Why, and Who

WHAT:  Rochester RHIO provides patients (requestors) with a consolidated Clinical Care Document (CCD), including information about care delivered by any healthcare provider contributing data to Rochester RHIO.  

WHY:  Patients have access to their health information from each of their providers and regional health information exchanges mandated by the CURES Act.

WHO:  It is crucial that Rochester RHIO confirms your identity. If the chosen destination cannot provide proof of patient identity and authorization, the patient will need to undergo identity proofing by the RHIO team.

Important Reminders:

  • Be safe and protect your health data. Before you agree to share your health information with an app, find out more about how your data will be used. For more information, see the Consumer Education: Mind the App section.
  • Patient health information is consolidated into a Clinical Care Document (CCD) as required by the CURES Act.
  • Patients can receive their EHI electronically or through postal mail.
  • Protect the privacy of your ePHI once delivered—it's your responsibility.
  • Confirm your identity for secure access to your health data.

Providing Consent

Rochester RHIO is designed to help protect patient privacy. In order for a provider to access patient information through Rochester RHIO's services gated by patient consent, a patient must first give consent in order for that provider to have access to their healthcare record (i.e. Explore+, Alerts). Most patients allow medical professionals to exchange radiology and lab test results, prescription, and other information as a routine part of their care. Before RHIO, information was shared by postal mail, fax, and phone calls. Today, RHIO allows information to be exchanged faster and more efficiently using a secure, online information exchange rather than paper. 

How to provide consent for RHIO.

  1. Decide if you want your doctor/provider to have access to your health care record through RHIO's secure health information exchange.
  2. View a sample Patient Consent Form. (English | Spanish)
  3. Complete the Patient Consent Form at your next doctor's office visit.

SAMHSA (CFR Part 2) - Substance Abuse and Mental Health Services Administration 

With a signed Rochester RHIO standard consent form, provider organizations and/or health plans chosen by the patient may access ALL of a patient’s EHI available through Rochester RHIO, including sensitive health information. This includes sensitive health information that is covered under SAMHSA, 42 CFR Part 2, a federal regulation. SAMHSA governs confidentiality of certain substance use patient records maintained in connection with the performance of federally assisted programs or activities.

This includes:

  • PHI created before/after the date the consent form is signed.
  • List of medications taken by the patient.
  • Sensitive health conditions, including, but not limited to:
    • Alcohol or drug use
    • Birth control and abortion (family planning)
    • Genetic (inherited) diseases or tests
    • HIV/AIDS
    • Mental health conditions
    • Sexually transmitted diseases

Rochester RHIO’s consent form complies with SAMSHA regulations and has been approved by the New York State Department of Health. SAMHSA prohibits re-disclosure of Part 2 Data without proper authorization.

If you have any questions about who has seen your information in Rochester RHIO, audit reports are available upon request. For more general questions, please call RHIO Support at 1-877-865-7446 (RHIO). You can also contact Rochester RHIO's Privacy Officer directly.

RHIO-Wide Denial

For patients who choose to deny ALL providers access to their clinical information through RHIO services gated by patient consent, a RHIO-Wide Denial of Access, or Change Denial of Access, form must be notarized and submitted to Rochester RHIO directly. *This form prevents user access even in the event of an emergency.* RHIO-Wide Denial forms cannot be submitted by a physician or provider. The patient must call and submit the RHIO-Wide Denial form to Rochester RHIO directly.

To submit a notarized RHIO-Wide Denial Access form (or change), please call RHIO Support at 1-877-865-7446 (RHIO). Fax number: 1-585-410-6801.

Note: Patients consenting to other RHIOs in New York State should reach out to those RHIOs directly to modify consent for service area providers outside of the greater Rochester and Finger Lakes regions. For a list of other RHIOS throughout New York, go to NYeC.org.

Rochester RHIO is a fully, accredited Qualified Entity of the Statewide Health Information Network of New York (SHIN-NY).

Minor Consent – Background for Patients

Rochester RHIO provides valuable clinical information about pediatric patients for treating providers and clinicians. The Minor Consent form is a one-time, override consent form for the requesting provider during that specific visit only and does not change the consent status at other providers with whom the minor may also have a treating relationship. A minor receiving a Minor Consented Service cannot unilaterally override earlier parental consent for Rochester RHIO. In the case of a medical emergency, and a minor has a "no" consent on file, a minor's PHI can still be accessed during a life-threatening event by emergency medical staff. 

The Minor Consent form MUST be faxed or mailed to Rochester RHIO for processing. Important: Minor consent forms are tracked manually and cannot be part of auto-consenting. Information available through RHIO may include sensitive health information and will not be re-disclosed to parents.

In addition, here are some additional FAQs for practices AND information for minor patients who may be receiving a Minor Consented Service. 

Other Types of Patient Consent

Health Home Patient Information Consent Forms 

BHCC Patient Consent Forms

There are specific patient information consent forms used for the Behavioral Health Care Collaborative (BHCC).

As for Minor Consent, BHCC and other universal consent forms do not have provisions for Rochester RHIO’s minor consent process. 

Research Consent Form (Known as Level 2 Consent)

The researcher fills out this form prior to conducting research studies with a Provider Organization provided in the reference informed consent document. The Level 2 Research Consent form for health information exchange is submitted directly to Rochester RHIO for approval before research project begins.

More About Level 2 Research

Yes: This consent indicator allows access to researchers working with Provider Organizations for research purposes. These research activities can help collect the medical records from different places where health care is received and make them available electronically to these researchers. The Level 2 Research Consent Form should read together with the [Name of Informed Consent For Research Document] which is signed when a participation agreement is made in one or more research studies. See Section 1 of the Level 2 Research Consent Form for a description of research activities performed to access all medical records for research purposes through a computer network operated by Rochester RHIO, which is part of a statewide computer network.

Protecting Patient Privacy

Only authorized healthcare providers can access patient information. Doctors will not see your information unless you provide your consent, except in a medical emergency. In addition, providers can only access patient information that is related to the care they are providing to you at the time of service.
 
We have worked closely with privacy officers from area hospitals, legal counsel, community participants, and patient advocates to develop a privacy policy that considers patients’ rights and expectations while balancing the needs of healthcare providers in the community. Go to RHIO Participant Map for a listing of all RHIO participants. 

As always, your personal health information is protected by doctor-patient confidentiality, the federal Health Insurance Portability and Accountability Act (HIPAA), and state privacy regulations. RHIO's exchange employs the most advanced information safeguards available, and gives patients the ability to audit their individual records and see which health care providers have accessed their information.

In addition, RHIO conducts its own audits on a periodic basis to ensure proper use of the exchange by authorized users. Audit results are available to the public upon request.

Audit Reports Available Upon Request

Patients can request a report of anyone who has viewed their health information through Rochester RHIO's health information exchange. There is no charge for an audit report (one per year).  

For further information, refer to the Rochester RHIO Audit Policy.

To request an audit, or to get more information, please call RHIO Support at 1-877-865-7446 (RHIO).

Data Sources

Where does RHIO get it's data from? What are the data sources for patient information? Go to RHIO Participant Map and select "Participants Sending Data" to view all data contributors. 

RHIO's exchange contains patient information from major health care organizations, including hospital systems, reference labs, radiology centers, and payers in the greater Rochester area. 

Go to top of page