Rochester RHIO Privacy Notice

Effective: September 10, 2018

At Rochester RHIO, we are committed to protecting your information as well as the privacy of your patients. Rochester RHIO uses and discloses PHI lawfully, fairly and in a transparent manner. For more information, refer to the Privacy & Security Policies & Procedures for QEs in New York State.

Notice of Privacy Policy

The Rochester RHIO is committed to maintaining the privacy of your protected health information ("PHI"), which includes information about your medical condition and the care and treatment you receive from health care providers.  This Notice details how your PHI may be used and disclosed to third parties for purposes of your care, payment for your care, health care operations, and for other purposes permitted or required by law.  This Notice also details your rights regarding your PHI.
  1. The RHIO may use and/or disclose your PHI for purposes related to your care, payment for your care, and health care operations.  The following are examples of the types of uses and/or disclosures of your PHI that may occur.  These examples are not meant to include all possible types of use and/or disclosure.

    (a) Care – To provide, coordinate and manage your care.  The RHIO will allow access to your PHI to those health care professionals, directly involved in your care so that they may understand your medical condition and needs and provide advice or treatment (e.g., a specialist or laboratory).  For example, a physician treating you for a condition such as arthritis may need to know what medications have been prescribed for you.
    (b) Payment – The RHIO may provide your PHI, directly or through a billing service, to appropriate third party payors, pursuant to their billing and payment requirements.  For example, the RHIO may need to provide your health insurance carrier with information about health care services that you received so that providers can be properly reimbursed. 
    (c) Health Care Operations – In order to operate in accordance with applicable law and insurance requirements and in order to provide quality and efficient care, it may be necessary to compile, use and/or disclose your PHI.  AUTHORIZATION NOT REQUIRED
  2. The RHIO may use and/or disclose your PHI, without a written Authorization or Consent from you, in the following normal situations:

    (a) De-identified Information – If your PHI is altered so that it does not identify you and, even without your name, cannot be used to identify you.
    (b) Business Associate – To a business associate, which is someone who the RHIO contracts with to provide a service necessary for your treatment, payment for your treatment and health care operations (e.g., billing service or transcription service).  The RHIO will obtain satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI.
    (c) To You or a Personal Representative – To you, or a person who, under applicable law, has the authority to represent you in making decisions related to your health care.
  3. The RHIO may use and/or disclose your PHI, without a written Authorization from you, in the following special situations:

    (a) Public Health Activities - Such activities include, for example, information collected by a public health authority, as authorized by law, to prevent or control disease, injury or disability.  This includes reports of child abuse or neglect.
    (b) Health Oversight Activities - Such activities, which must be required by law, involve government agencies involved in oversight activities that relate to the health care system, government benefit programs, government regulatory programs and civil rights law.  Those activities include, for example, criminal investigations, audits, disciplinary actions, or general oversight activities relating to the community's health care system. 
    (c) Judicial and Administrative Proceeding - For example, the RHIO may be required to disclose your PHI in response to a court order or a lawfully issued subpoena.  
    (d) Law Enforcement Purposes - In certain instances, your PHI may have to be disclosed to a law enforcement official for law enforcement purposes.   Law enforcement purposes include: (1) complying with a legal process (i.e., subpoena) or as required by law; (2) information for identification and location purposes (e.g., suspect or missing person); (3) information regarding a person who is or is suspected to be a crime victim; (4) in situations where the death of an individual may have resulted from criminal conduct; (5) in the event of a crime occurring on the premises of the RHIO; and (6) a medical emergency (not on the RHIOs premises) has occurred, and it appears that a crime has occurred.
    (e) Organ, Eye or Tissue Donation - If you are an organ donor, the Practice may disclose your PHI to the entity to whom you have agreed to donate your organs.
  4. Rochester RHIO provides for individual complaints concerning its privacy policies and procedures or its compliance with such policies and procedures. If you have a question, concern, or complaint regarding Rochester RHIO's privacy policies and procedures, contact us immediately via telephone at 1-877-865-RHIO or email

    For questions or concerns regarding Rochester RHIO's Audit Policy, go to to learn more about how you can request a free Audit Report. 

Website Privacy Practices

This privacy notice discloses the privacy practices for ( and This privacy notice applies solely to information collected by this website. It will notify you of the following:
  1. What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  2. What choices are available to you regarding the use of your data.
  3. The security procedures in place to protect the misuse of your information.
  4. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing 

We are the sole owners of the information collected on this website. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. 
We will use your information to respond to you, regarding the reason you contacted us. We may use the information we collect to enhance the customer service experience of other authorized users and participants of Rochester RHIO services.
If you submit information through MyCommunity Profile, we will use this information to update the Patient Care Network and Community Provider Directory found inside of Explore, our clinical query portal. This information will be shared with authorized users of RHIO Explore because it is a community provider directory. The purpose of the directory inside of the Patient Care Network is to provide the latest contact information for physicians in our region in order to help expedite treatment and support higher quality patient care and patient transitions of care.
For the Patient Care Network and the Community Provider Directory, we will share information we collect about you through MyCommunity Profile with authorized users of RHIO services. We may also share this information with a third party outside of our organization for the purposes of selling and distributing a Community Provider Directory to participants who are data sources for the Patient Care Network. Only Rochester RHIO data sources for the Patient Care Network may receive a copy of the Community Provider Directory, which serves as a backbone to the Patient Care Network.
If you submit other types of information through our newsletter sign up form, Support Form, or through any other way, we may use your name and email address to send you educational and marketing newsletters about the latest news regarding Rochester RHIO services, including, but not limited to, technical updates, educational materials, and information about grant funding opportunities.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information 

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:
  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit information via, your information is protected both online and offline.
Sensitive information can only be collected when an authorized user is logged into the Provider Portal. With this protection in place, when we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 1-877-865-RHIO or email

Website Terms & Conditions of Use

Content Reuse and Linking

The pages on the Rochester RHIO website ( and are copyrighted and are the property of the Rochester RHIO. No material may be copied from our site and posted on another site or published in any print source without our explicit permission and with full attribution (citation) as provided by us. However, we are a collaborative organization and we encourage others to link to our site freely. As a courtesy, we would appreciate learning of any new links to our site. Please send notification to the Communications Manager.

Links to Other Sites

The Rochester RHIO website includes links to external web sites. Inclusion of these links does not constitute an endorsement of the content, viewpoint, accuracy, opinions, policies, products, services, or accessibility of that website and is included as a convenience only. Once you link to another website from this website, you are subject to the terms and conditions of that website, including, but not limited to, its privacy policy. Every effort is made to maintain the currency of these external links; however, as the Internet is an inherently changeable medium, we cannot guarantee that all links will always work. We always appreciate hearing about any broken links. Please send notification to the Communications Manager.

Information Disclaimer

Information provided on this website is intended to allow the public access to information. While all attempts are made to provide accurate, current, and reliable information, the Rochester RHIO recognizes the possibility of human and/or mechanical error. Therefore, the Rochester RHIO, its employees, officers, agents and agencies make no representations as to the accuracy, completeness, currency, or suitability of the information provided by this website, and deny any expressed or implied warranty as to the same.

"The organization provides for individual complaints concerning its privacy policies and procedures or its compliance with such policies and procedures."
Go to top of page