Rochester RHIO Privacy Notice

Effective: September 10, 2018
Updated: December 7, 2020

At Rochester RHIO, we are committed to protecting your information as well as the privacy of patients. Rochester RHIO uses and discloses PHI lawfully, fairly and in a transparent manner. For more information, refer to the Privacy & Security Policies & Procedures for QEs in New York State.

Notice of Privacy Policy

Rochester RHIO is committed to maintaining the privacy of your protected health information ("PHI"), which includes information about your medical condition and the care and treatment you receive from health care providers. This Notice details how your PHI may be used and disclosed to third parties for purposes of your care, payment for your care, health care operations, and for other purposes permitted or required by law. This Notice also details your rights regarding your PHI.
  1. The RHIO may use and/or disclose your PHI for purposes related to your care, payment for your care, and health care operations. The following are examples of the types of uses and/or disclosures of your PHI that may occur. These examples are not meant to include all possible types of use and/or disclosure.

    (a) Care – To provide, coordinate and manage your care. The RHIO will allow access to your PHI to those health care professionals, directly involved in your care so that they may understand your medical condition and needs and provide advice or treatment (e.g., a specialist or laboratory). For example, a physician treating you for a condition such as arthritis may need to know what medications have been prescribed for you.
    (b) Payment – The RHIO may provide your PHI, directly or through a billing service, to appropriate third party payors, pursuant to their billing and payment requirements. For example, the RHIO may need to provide your health insurance carrier with information about health care services that you received so that providers can be properly reimbursed. 
    (c) Health Care Operations – In order to operate in accordance with applicable law and insurance requirements and in order to provide quality and efficient care, it may be necessary to compile, use and/or disclose your PHI. AUTHORIZATION NOT REQUIRED.
  2. The RHIO may use and/or disclose your PHI, without a written Authorization or Consent from you, in the following normal situations:

    (a) De-identified Information – If your PHI is altered so that it does not identify you and, even without your name, cannot be used to identify you.
    (b) Business Associate – To a business associate, which is someone who the RHIO contracts with to provide a service necessary for your treatment, payment for your treatment and health care operations (e.g., billing service or transcription service). The RHIO will obtain satisfactory written assurance, in accordance with applicable law, that the business associate will appropriately safeguard your PHI.
    (c) To You or a Personal Representative – To you, or a person who, under applicable law, has the authority to represent you in making decisions related to your health care.
  3. The RHIO may use and/or disclose your PHI, without a written Authorization from you, in the following special situations:

    (a) Public Health Activities - Such activities include, for example, information collected by a public health authority, as authorized by law, to prevent or control disease, injury or disability. This includes reports of child abuse or neglect.
    (b) Health Oversight Activities - Such activities, which must be required by law, involve government agencies involved in oversight activities that relate to the health care system, government benefit programs, government regulatory programs and civil rights law. Those activities include, for example, criminal investigations, audits, disciplinary actions, or general oversight activities relating to the community's health care system. 
    (c) Judicial and Administrative Proceeding - For example, the RHIO may be required to disclose your PHI in response to a court order or a lawfully issued subpoena.  
    (d) Law Enforcement Purposes - In certain instances, your PHI may have to be disclosed to a law enforcement official for law enforcement purposes. Law enforcement purposes include: (1) complying with a legal process (i.e., subpoena) or as required by law; (2) information for identification and location purposes (e.g., suspect or missing person); (3) information regarding a person who is or is suspected to be a crime victim; (4) in situations where the death of an individual may have resulted from criminal conduct; (5) in the event of a crime occurring on the premises of the RHIO; and (6) a medical emergency (not on the RHIOs premises) has occurred, and it appears that a crime has occurred.
    (e) Organ, Eye or Tissue Donation - If you are an organ donor, the Practice may disclose your PHI to the entity to whom you have agreed to donate your organs.
  4. Rochester RHIO provides for individual complaints concerning its privacy policies and procedures or its compliance with such policies and procedures. If you have a question, concern, or complaint regarding Rochester RHIO's privacy policies and procedures, contact us immediately via telephone at 1-877-865-RHIO or email Rochester RHIO responds to complaints, concerns, and questions from individuals within 10 business days.

    For questions or concerns regarding Rochester RHIO's Audit Policy, go to to learn more about how you can request a free Audit Report.
  5. Rochester RHIO employs secure mechanisms to ensure that PHI and PII are disposed of in a secure manner.
  6. Individiduals do not have the ability to consent to specific uses of thier information (PII/PHI) outside of the specific consent forms Rochester RHIO utilizes community-wide. For more information on patient consent, go to
  7. Rochester RHIO has authority to gather PHI and PII because it is a Qualified Entity of the State of New York. For more information on the New York State policies that govern this, refer to Section 1.2.5, of the New York Privacy and Security Policies and Procedures for QEs and Participants.  

    Section  1.2.5  Converting Data. Affirmative Consent shall not be required for the conversion of paper patient medical records into electronic form or for the uploading of Protected Health Information from the records of a Data Supplier to a QE, provided that (i) the QE is serving as the Data Supplier’s Business Associate (as defined in 45 C.F.R. § 160.103) and (ii) the QE does not Disclose the information until Affirmative Consent is obtained, except as otherwise permitted in these Policies and Procedures.

Rochester RHIO provides effective notice to the public and to individuals regarding:

  1. Its activities that impact privacy, including its collection, use, sharing, safeguarding, maintenance, and disposal of PII;
  2. Authority for collecting PII;
  3. The choices, if any, individuals may have regarding how the organization uses PII and the consequences of exercising or not exercising those choices; and
  4. The ability to access and have PII amended or corrected if necessary.
  5. Rochester RHIO revises its public notices to reflect changes in practice or policy that affect PII /PHI or changes in its activities that impact privacy, before, or as soon as practible after the change.

Website Privacy Practices

This privacy notice discloses the privacy practices for ( and This privacy notice applies solely to information collected by this website. It will notify you of the following:
  1. What personally identifiable information is collected from you through the website, how it is used and with whom it may be shared.
  2. What choices are available to you regarding the use of your data.
  3. The security procedures in place to protect the misuse of your information.
  4. How you can correct any inaccuracies in the information.

Information Collection, Use, and Sharing 

We are the sole owners of the information collected on this website. We only have access to/collect information that you voluntarily give us via email or other direct contact from you. 
We will use your information to respond to you, regarding the reason you contacted us. We may use the information we collect to enhance the customer service experience of other authorized users and participants of Rochester RHIO services.
If you submit other types of information through our newsletter sign up form, Support Form, or through any other way, we may use your name and email address to send you educational and marketing newsletters about the latest news regarding Rochester RHIO services, including, but not limited to, technical updates, educational materials, and information about grant funding opportunities.
Unless you ask us not to, we may contact you via email in the future to tell you about specials, new products or services, or changes to this privacy policy.

Your Access to and Control Over Information 

You may opt out of any future contacts from us at any time. You can do the following at any time by contacting us via the email address or phone number given on our website:
  • See what data we have about you, if any.
  • Change/correct any data we have about you.
  • Have us delete any data we have about you.
  • Express any concern you have about our use of your data.


We take precautions to protect your information. When you submit information via, your information is protected both online and offline.
Sensitive information can only be collected when an authorized user is logged into the Provider Portal. With this protection in place, when we collect sensitive information, that information is encrypted and transmitted to us in a secure way. You can verify this by looking for a lock icon in the address bar and looking for "https" at the beginning of the address of the Web page.
While we use encryption to protect sensitive information transmitted online, we also protect your information offline. Only employees who need the information to perform a specific job (for example, billing or customer service) are granted access to personally identifiable information. The computers/servers in which we store personally identifiable information are kept in a secure environment.
If you feel that we are not abiding by this privacy policy, you should contact us immediately via telephone at 1-877-865-RHIO or email

Website Terms & Conditions of Use

Content Reuse and Linking

The pages on the Rochester RHIO website ( and are copyrighted and are the property of the Rochester RHIO. No material may be copied from our site and posted on another site or published in any print source without our explicit permission and with full attribution (citation) as provided by us. However, we are a collaborative organization and we encourage others to link to our site freely. As a courtesy, we would appreciate learning of any new links to our site. Please send notification to the Communications Manager.

Links to Other Sites

The Rochester RHIO website includes links to external web sites. Inclusion of these links does not constitute an endorsement of the content, viewpoint, accuracy, opinions, policies, products, services, or accessibility of that website and is included as a convenience only. Once you link to another website from this website, you are subject to the terms and conditions of that website, including, but not limited to, its privacy policy. Every effort is made to maintain the currency of these external links; however, as the Internet is an inherently changeable medium, we cannot guarantee that all links will always work. We always appreciate hearing about any broken links. Please send notification to the Communications Manager.

Information Disclaimer

Information provided on this website is intended to allow the public access to information. While all attempts are made to provide accurate, current, and reliable information, the Rochester RHIO recognizes the possibility of human and/or mechanical error. Therefore, the Rochester RHIO, its employees, officers, agents and agencies make no representations as to the accuracy, completeness, currency, or suitability of the information provided by this website, and deny any expressed or implied warranty as to the same.

Go to top of page