Healthcare organizations, who access information sent from MiHIN, are subject to strict confidentiality and accountability standards under the Health Insurance Portability and Accountability Act (HIPAA). In addition, all organizations connected to MiHIN have signed comprehensive data sharing and trust agreements to provide greater protection of information shared. The services currently provided by MiHIN fall into three general categories with regard to health information access, with more specific instances of sharing covered under our Use Case Exhibits:
Changing your participation (opting out) with MiHIN affects the availability of your health information within the Longitudinal Health Record only. If you choose to opt-out, information is no longer available to any of your health care providers searching for your information. So, the information will not be deleted, but it will be hidden from providers.
The electronic delivery of your health information in the last two categories may only be restricted by contacting your healthcare provider. Providers are the best resource for opting patients out of health information exchange because they are able to verify the identity of the patient when the request is given, and further, to ensure they are not continuing to send that patient’s information to MiHIN against an individual’s wishes. Under our legal agreements and associated Business Associate Agreements (BAAs) with entities, they agree they will not send us information unless they have the appropriate consent or authorization in place necessary. For information shared for Treatment, Payment, and Healthcare operations, an entity may be able to share without consent so long as the individual has not requested their information not be shared. For information that requires consent, such as specially protected information (SPI), the entity should not share with MiHIN unless they obtain the proper consent. An example of this would be substance use disorder information from a federally protected 42 CFR Part 2 facility.
Under what authority is MiHIN able to share health information for Michigan Residents?
Under the HIPAA Privacy Rule, Covered Entities and Business Associates are able to share information about patients that they have in common for specific purposes. Those are for the purposes of treatment, payment, or healthcare operations. It also allows sharing for public health purposes, though this is subject to slightly different rules under HIPAA.
What are Covered Entities and Business Associates?
Covered Entities are typically organizations who would have direct interactions with patients and are the creators of that patient’s information itself. Think of covered entities as providers like your primary care doctor, the hospital that you might visit, or even the entity that pays for your healthcare, like your health insurance plan. Business Associates are entities that support covered entities for the purposes stated above. Think of business associates as an entity’s vendors, accountants, lawyers, etc. MiHIN is an example of a business associate and most of our Participant Organizations connected to us are Covered Entities.
Am I able to opt out of health information exchange through MiHIN?
How am I able to opt out of my LHR/VIPR?
You must complete the standard form listed on this page in order to opt out. This requires filling out limited pieces of demographic information so we can appropriately locate your record. It also requires utilizing a notary so we are able to confirm you are who you say you are.
What does opt out mean?
Opt out for us means that when a provider searches for the patient in LHR/VIPR, they will not be able to see any health information on that patient. It would be similar to viewing a blank screen. What opt out does not mean is that all information will be deleted.
What if I want to opt out of all health information exchange?
The best way to opt out of all information exchange is to work with your providers to opt out. There are two reasons for this. First, they are able to verify your identity and second, it your provider may have a process for opting out at their organization so information never travels to MiHIN. This protects your privacy by going to the source of information. In addition, in our legal agreements, providers attest they will not share any information that they are not allowed to share by law. Once you are opted out, we can always coordinate with your provider to ensure that your records are no longer being sent to us.
If you have any questions regarding our privacy practices, please reach out to our Privacy Officer for more information.
MiHIN Privacy Officer
120 W. Saginaw Hwy
East Lansing, Michigan 48823