Home For Patients

For Patients

About Us:

Rochester RHIO (Regional Health Information Organization) is a secure health information exchange (HIE) that connects authorized medical providers with accurate patient health data. We serve more than 1.5 million residents across 14 counties in the Finger Lakes region.

Rochester RHIO is an accredited Qualified Entity of the Statewide Health Information Network for New York (SHIN-NY). We receive electronic health information (EHI) from many trusted sources to support better care coordination.

Want to see which providers share data with Rochester RHIO?
👉 View Participating Providers → https://providerportal.grrhio.org/ParticipantMap
(Select “Participants Sending Data” on the map.)

 

Consumer Education: Mind the App

At Rochester RHIO, we believe that access to health information can improve care and health outcomes. We also believe patients have the right to their own health data—and the right to choose who they share it with.

It’s important to understand that when you share your health information with an app, your data may no longer be protected by state or federal privacy laws like HIPAA. This means the app could use your information in ways you might not expect, such as targeted advertising or even selling it to third parties. These practices can put your privacy at risk.

Not all apps are the same. Some are safer than others.
Before you share your health information with any app, take time to learn how your data will be used and protected. Ask questions like:

  • Will my data be sold or shared?
  • How will the app keep my information secure?
  • Can I control what happens to my data?

Be informed. Be safe. Protect your health information.

When it comes to your health data, mind the app. Click for more information.






 

 

 

We’ve created an easy-to-understand educational guide for patients and consumers who use mobile health apps. You can download it and share it widely with individuals and communities to help raise awareness. Together, we can make sure everyone stays informed, safe, and remembers to “Mind the App.”
Source: New York eHealth Collaborative

Mind the App is available in the following languages:

Access Your Health Information

Your rights and how to get your records easily and securely.

Patients have the right to obtain a copy of their health data under HIPAA and the 21st Century Cures Act. Rochester RHIO provides a secure way for you to download the data we store about you.

If your providers participate in RHIO, you may receive a comprehensive record going back at least five years. Some providers may not participate or share all data.

How to Get Your Records

Use our self-service tool to create an account, verify your identity, and download your records—all at no cost.

Important:

  • Adult patients with a valid ID can use this process.
  • Minors and patients without a valid ID must contact their providers directly to obtain records.

Ready to Access Your Records?

View the Selfiie User Guide →
(Includes QR code and step-by-step instructions)

A Look Back and Ahead: The Evolution of Cures Gateway

Rochester RHIO partnered with Selfiie to deliver Cures Gateway, a secure solution aligned with NIST identity-proofing standards. This direct-access app enables patients to seamlessly view their Electronic Health Information (EHI) and share it as needed. 

Why is Cures Gateway Important? 

Cures Gateway is more than just a tool—it’s your secure way to access all your healthcare information in compliance with the federal Cures Act. With Cures Gateway, you can easily access, download, and store your medical records whenever you need them.

Patients can now view health information from their providers and regional health information exchanges, as required by the Cures Act. Records can be delivered electronically or by postal mail.

Important:
Once your information is delivered, it’s your responsibility to protect the privacy and confidentiality of your electronic Protected Health Information (ePHI). Please note that HIPAA does not apply to individuals or most personal health record systems (PHRs) and apps.

How is Cures Gateway Different? Does it Replace MyChart or Other Portals? 

Cures Gateway, powered by the Selfie app, is a patient-controlled repository that brings together health information from multiple sources into one secure, convenient location. While it doesn’t replace portals like MyChart, it goes further by including data from outside Epic/MyChart and other EMR-connected systems.

Manual Process to Obtain your Health Information

If you prefer a paper-based request, follow these steps:

  1. Complete the Rochester RHIO Authorization for Release formRochester RHIO Authorization for Release 
    (Download the form from our website.)

  2. Provide proof of identity along with the completed form. Acceptable identification includes:

    • A government-issued photo ID
    • OR a non-government photo ID plus a utility bill with your address
    • For additional options, call RHIO Support at 1-877-865-7446 (RHIO)

  3. Mail the notarized Authorization for Release form, a copy of your identification, and your contact information to:
    Rochester RHIO
    200 Canal View Blvd, Suite 200
    Rochester, NY 14623

Office Hours:
Monday–Friday, 8:00 a.m.– 5:00 p.m.
Closed on major holidays (New Year’s Day, Dr. Martin Luther King, Jr. Day, Memorial Day, Juneteenth, Independence Day, Labor Day, Thanksgiving, Day after Thanksgiving, and Christmas).
You may also schedule an in-person appointment by calling 1-877-865-7446 (RHIO).

Once Rochester RHIO confirms your identity and verifies the form, we will process your request and provide your health information in a secure PDF format.

What, Why, and Who

WHAT:
Rochester RHIO provides patients with a consolidated Clinical Care Document (CCD), which includes information about care delivered by any healthcare provider contributing data to Rochester RHIO.

WHY:
Patients have the right to access their health information from each of their providers and regional health information exchanges, as mandated by the 21st Century Cures Act.

WHO:
To ensure security, Rochester RHIO must confirm your identity. If the destination cannot verify patient identity and authorization, identity proofing will be completed by the RHIO team.

Important Reminders

  • Protect your health data. Before sharing your information with an app, learn how your data will be used. For more details, see Consumer Education: Mind the App 
  • Patient health information is consolidated into a CCD as required by the Cures Act.
  • Patients can receive their EHI electronically or by postal mail.
  • Once delivered, it’s your responsibility to protect the privacy of your ePHI.
  • Identity confirmation is required for secure access to your health data.

 

Rochester RHIO is committed to protecting patient privacy. For a healthcare provider to access your information through RHIO’s secure services (such as Explore+ or Alerts), you must first give your consent. This ensures that your health record is only shared with providers you trust.

Most patients choose to allow their doctors and other medical professionals to exchange important information—like lab results, radiology reports, and prescriptions—as part of routine care. Before RHIO, this information was shared by mail, fax, or phone calls. Today, RHIO makes this process faster, safer, and more efficient through a secure online health information exchange.

How to Provide Consent

  1. Decide if you want your doctor or provider to have access to your health record through RHIO’s secure health information exchange.
  2. View a sample Patient Consent Form:
  3. Complete the Patient Consent Form at your next doctor’s office visit.

SAMHSA (42 CFR Part 2) – Substance Abuse and Mental Health Services Administration

When you sign Rochester RHIO’s standard consent form, the provider organizations and/or health plans you choose can access all of your electronic health information (EHI) available through RHIO—including sensitive health information. This includes information protected under SAMHSA’s 42 CFR Part 2, a federal regulation that governs the confidentiality of certain substance use disorder records in federally assisted programs.

What does this include?

  • Health information created before and after the date you sign the consent form
  • A list of medications you take
  • Sensitive health conditions, such as:
    • Alcohol or drug use
    • Birth control and abortion (family planning)
    • Genetic conditions or test results
    • HIV/AIDS
    • Mental health conditions
    • Sexually transmitted diseases

Rochester RHIO’s consent form complies with SAMHSA regulations and is approved by the New York State Department of Health.
Important: SAMHSA prohibits re-disclosure of Part 2 data without proper authorization.

Have questions about who has accessed your information in Rochester RHIO?
You can request an audit report at any time.

For general questions, call RHIO Support at 1-877-865-7446 (RHIO).
You can also reach out directly to Rochester RHIO’s Privacy Officer for assistance.

Denying Access to Your Health Information

If you choose to deny all providers access to your clinical information through RHIO services that require patient consent, you must complete a RHIO-Wide Denial of Access form (or a Change Denial of Access form). This form must be notarized and submitted directly to Rochester RHIO by you.
Important: This form prevents access to your health information even in an emergency.

Key points to know:

  • RHIO-Wide Denial forms cannot be submitted by your doctor or provider.
  • You must call RHIO and submit the notarized form yourself.

Forms:

To submit a notarized form (or make changes), please call RHIO Support at 1-877-865-7446 (RHIO).
Fax: 1-585-410-6801

Note: If you have consented to other RHIOs in New York State, you must contact those RHIOs directly to change consent for providers outside the greater Rochester and Finger Lakes regions. For a list of other RHIOs, visit NYeC.org.

Rochester RHIO is a fully accredited Qualified Entity of the Statewide Health Information Network for New York (SHIN-NY).

Minor Consent – What Patients Need to Know

Rochester RHIO helps providers access important clinical information about pediatric patients to support safe, effective care. In some cases, a Minor Consent form may be used. This is a one-time override consent for a specific visit only—it does not change the consent status at other providers who treat the minor.

Key points about Minor Consent:

  • A minor receiving a Minor Consented Service cannot override earlier parental consent for RHIO.
  • In a medical emergency, if a minor has a “No” consent on file, emergency medical staff can still access the minor’s health information to provide life-saving care.
  • The Minor Consent form must be faxed or mailed to Rochester RHIO for processing.
  • Minor consent forms are tracked manually and cannot be part of auto-consenting.
  • Information accessed through RHIO may include sensitive health details and will not be re-disclosed to parents.

Resources:

Other Types of RHIO Patient Consent

Rochester RHIO works with several consent processes to ensure your health information is shared appropriately and securely. Here are the main types:

Health Home Patient Information Consent Forms

Behavioral Health Care Collaborative (BHCC) Consent Forms

Note: BHCC and other universal consent forms do not replace Rochester RHIO’s Minor Consent process.

Research Consent (Level 2 Consent)

Researchers working with provider organizations use this form before starting a study. It must be submitted to Rochester RHIO for approval prior to the research project.

Why this matters:

  • A “Yes” consent indicator allows researchers to securely access medical records from multiple locations through RHIO’s statewide network.
  • This form should be read together with the Informed Consent for Research Document, which you sign when agreeing to participate in a study.

For details, see Section 1 of the Level 2 Research Consent Form for a description of research activities and how your health information is accessed.

 

Protecting Patient Privacy

Your privacy is our priority. Only authorized healthcare providers can access your information—and only when you give consent, except in a medical emergency. Providers can view only the information related to the care they are providing at that time.

We’ve worked closely with privacy officers from local hospitals, legal experts, community representatives, and patient advocates to create a privacy policy that respects your rights while supporting safe, effective care.
View RHIO Participant Map to see all organizations that participate in RHIO.

Your health information is protected by:

  • Doctor-patient confidentiality
  • Federal HIPAA regulations
  • New York State privacy laws

Rochester RHIO uses advanced security safeguards and gives patients the ability to audit their records to see which providers have accessed their information.

We also conduct regular audits to ensure proper use of the exchange by authorized users. Audit results are available to the public upon request.

 

Audit Reports Available Upon Request

Patients can request a report showing who has accessed their health information through Rochester RHIO’s secure health information exchange.

To request an audit report or learn more, call RHIO Support at 1-877-865-7446 (RHIO).

 

Data Sources

Where does Rochester RHIO get its data?
RHIO’s health information exchange brings together patient information from trusted healthcare organizations across the region. This includes:

  • Hospitals and health systems
  • Reference laboratories
  • Radiology centers
  • Health plans and payers

To see all organizations that contribute data, visit the RHIO Participant Map and select “Participants Sending Data.”

 

Go to top of page