For Patients

Access My Health Data (Request My ePHI)

You'll need:

WHAT:  Rochester RHIO provides patients (requestors) with a consolidated Clinical Care Document (CCD), which will include information about care delivered by any healthcare provider who contributes data to the Rochester RHIO.  

WHY:  Patients have access to their health information from each of their providers and from regional health information exchanges. A new federal rule that is a result of the CURES Act requires sharing this information.

  1. Patients can receive their ePHI through a secure, electronic method, or through postal mail.* 
  2. Patients have the responsibility to protect the privacy and confidentiality of their ePHI once it has been delivered to the destination or their choice. The HIPAA law does not apply to individuals, or most patient health record systems (PHRs) and personal apps.

WHO:  It is very important that Rochester RHIO confirms your identity. If the chosen destination cannot provide us with proof of patient identity and authorization, then the patient will need to undergo identity proofing by the RHIO team.

For more details, go to the Access My Health Data informational page.

Mind the App! Resources

Rochester RHIO is designed to help protect patient privacy. In order for a provider to access patient information through Rochester RHIO's services gated by patient consent, a patient must first give consent in order for that provider to have access to their healthcare record (i.e. Explore+, Alerts). Most patients allow medical professionals to exchange radiology and lab test results, prescription, and other information as a routine part of their care. Before the RHIO, information was shared by postal mail, fax, and phone calls. Today, the RHIO allows information to be exchanged faster and more efficiently using a secure, online information exchange rather than paper. 

How to provide consent for RHIO.

  1. Decide if you want your doctor/provider to have access to your health care record through the RHIO's secure health information exchange.
  2. View a sample Patient Consent Form. (English | Spanish)
  3. Complete the Patient Consent Form at your next doctor's office visit.

SAMHSA (CFR Part 2) - Substance Abuse and Mental Health Services Administration 

With a signed Rochester RHIO standard consent form, provider organizations and/or health plans chosen by the patient may access ALL of a patient’s ePHI (electronic Personal Health Information) available through the Rochester RHIO, including sensitive health information. This includes sensitive health information that is covered under SAMHSA, 42 CFR Part 2, a federal regulation. SAMHSA governs confidentiality of certain substance use patient records maintained in connection with the performance of federally assisted programs or activities.

This includes:

  • PHI created before/after the date the consent form is signed.
  • List of medications taken by the patient.
  • Sensitive health conditions, including, but not limited to:
    • Alcohol or drug use
    • Birth control and abortion (family planning)
    • Genetic (inherited) diseases or tests
    • HIV/AIDS
    • Mental health conditions
    • Sexually transmitted diseases

Rochester RHIO’s consent form complies with SAMSHA regulations and has been approved by the New York State Department of Health. SAMHSA prohibits re-disclosure of Part 2 Data without proper authorization.

If you have any questions about who has seen your information in Rochester RHIO, audit reports are available upon request. For more general questions, please call Customer Support at 1-877-865-7446 (RHIO). You can also contact the Rochester RHIO Privacy Officer directly.

RHIO-Wide Denial

For patients who choose to deny ALL providers access to their clinical information through RHIO services gated by patient consent, a RHIO-Wide Denial of Access, or Change Denial of Access, form must be notarized and submitted to the Rochester RHIO directly. *This form prevents user access even in the event of an emergency.* The RHIO-Wide Denial forms cannot be submitted by a physician or provider. The patient must call and submit the RHIO-Wide Denial form to the Rochester RHIO directly.

To submit a notarized RHIO-Wide Denial Access form (or change), please call Customer Support at 1-877-865-7446 (RHIO). Fax number: 1-585-410-6801.

Note: Patients consenting to other RHIOs in New York State should reach out to those RHIOs directly to modify consent for service area providers outside of the greater Rochester and Finger Lakes regions. For a list of other RHIOS throughout New York, go to NYeC.org.

Rochester RHIO is a fully, accredited Qualified Entity of the Statewide Health Information Network of New York (SHIN-NY).

Minor Consent – Background for Patients

In addition, Rochester RHIO preserves parental rights to provide consent for their minor children, while still supporting the minor's ability to control which doctors can view their health information through the RHIO during or as a result of an emancipating event. Rochester RHIO allows existing parental consents to be enforced for their minor children until the minor experiences a minor-consented service. During this type of service, the attending clinician will provide the minor with a new Minor RHIO Consent Form and inform them of their consent options. The minor will complete the form. The Minor Consent form MUST be faxed or mailed to the Rochester RHIO for processing.
 
Note: Minor consent forms are tracked manually and cannot be part of auto-consenting. 

If the minor chooses NO, only emergency access will be allowed under the law. If the minor chooses YES, doctors are approved to view their information through the Rochester RHIO. Information available through the RHIO may include minor-consented information and will not be re-disclosed to parents.

Other Types of Patient Consent

Health Home Patient Information Consent Forms 

BHCC Patient Consent Forms

There are specific patient information consent forms used for the Behavioral Health Care Collaborative (BHCC).

As for Minor Consent, BHCC and other universal consent forms do not have provisions for the Rochester RHIO’s minor consent process. This includes: 

  1. Emergency “Break the Glass” access when a minor denies consent.
  2. Only asking minor for consent for specially protected services.
  3. Language not conducive for minors.
  4. No information sheet for minors explaining RHIO consent model.
  5. How will consents for individual agencies be handled outside of the BHCC’s universal consent? 
  6. What happens if a minor patient denied consent to agency, but gives consent to BHCC?  

Research Consent Form (Known as Level 2 Consent)

The researcher fills out this form prior to conducting research studies with a Provider Organization provided in the reference informed consent document. The Level 2 Research Consent form for health information exchange is submitted directly to the Rochester RHIO for approval before research project begins.

More About Level 2 Research

Yes: This consent indicator allows access to researchers working with Provider Organizations for research purposes. These research activities can help collect the medical records from different places where health care is received and make them available electronically to these researchers. The Level 2 Research Consent Form should read together with the [Name of Informed Consent For Research Document] which is signed when a participation agreement is made in one or more research studies. See Section 1 of the Level 2 Research Consent Form for a description of research activities performed to access all medical records for research purposes through a computer network operated by Rochester RHIO, which is part of a statewide computer network.

Protecting Patient Privacy

Only authorized healthcare providers can access patient information. Doctors will not see your information unless you provide your consent, except in a medical emergency. In addition, providers can only access patient information that is related to the care they are providing to you at the time of service.
 
We have worked closely with privacy officers from area hospitals, legal counsel, community participants, and patient advocates to develop a privacy policy that considers patients’ rights and expectations while balancing the needs of healthcare providers in the community. Go to RHIO Participant Map for a listing of all RHIO participants. 

As always, your personal health information is protected by doctor-patient confidentiality, the federal Health Insurance Portability and Accountability Act (HIPAA), and state privacy regulations. The RHIO's exchange employs the most advanced information safeguards available, and gives patients the ability to audit their individual records and see which health care providers have accessed their information.

In addition, the RHIO conducts its own audits on a periodic basis to ensure proper use of the exchange by authorized users. Audit results are available to the public upon request.

Audit Reports Available Upon Request

Patients can request a report of anyone who has viewed their health information through the Rochester RHIO's health information exchange. There is no charge for an audit report (one per year).  

For further information, refer to the Rochester RHIO Audit Policy.

To request an audit, or to get more information, please call the RHIO Support Center at 1-877-865-7446 (RHIO).

Data Sources

Where does the RHIO get it's data from? What are the data sources for patient information? Go to RHIO Participant Map and select "Participants Sending Data" to view all data contributors. 

The RHIO's exchange contains patient information from major health care organizations, including hospital systems, reference labs, radiology centers, and payers in the greater Rochester area. 

Go to top of page