Hixny: How it Works
Think of Hixny as an extension of your medical provider. Your doctors—including those in emergency room settings, urgent care centers and hospitals—have asked us to work on their behalf to help them get data from, and share your information with, other doctors you may see.
This seamless exchange of health data empowers your providers to make the right decisions concerning your health.
How Hixny works is best described with an example:
- Your primary care provider (PCP), who is connected to Hixny, sees you for a cough. They add notes about your visit to their electronic medical records (EMR) system.
- A month later, you visit urgent care with symptoms of a sinus infection.
- When the urgent care provider logs into their EMR system, the details from your PCP visit flow through Hixny from your PCP.
- The doctor at urgent care can now decide what tests to run and whether the cough and the sinus infection might be related.
Your Consent is Needed
We have been hired by your doctors to make your data available electronically to other doctors involved in your care. They’ve also hired us to provide them with electronic access to your medical records from these other doctors.
Under current New York State regulations, we can only do this if you have signed a consent form saying we are allowed to do so. A consent form is signed at each Hixny-connected doctor, urgent care center, or hospital the first time you visit.
The person checking you in at the doctor’s office may ask you to sign a paper consent form or they may describe Hixny and ask you to sign a digital signature pad. There are even some doctors who may text ahead of your appointment, asking for you to give them Hixny consent electronically.
If you’re not sure whether you’ve given consent to a specific doctor or facility, ask their office staff to check.
Hixny is a delivery system for your providers, we are not the source of your medical records and information contained within.
Hixny has no authority to change, modify or delete data at the request of patients.
You need to speak directly with your providers to have them verify and correct information you believe is inaccurate.
“Why should I sign a consent form?”
The most direct answer is that it allows your doctors to make the most informed decisions about your care, based on the most up-to-date health information available from all of your doctors. It also reduces the likelihood you’ll be subjected to duplicate tests and exams.
Let’s use another example.
- You have an appointment coming up with a cardiologist for high blood pressure, and it’s likely they will want to test your cholesterol. This means you will need to get blood drawn.
- You remember last month during your annual physical, your primary care doctor drew blood for a full panel of tests—including cholesterol. You let your cardiologist know this.
- If you’ve signed the Hixny consent form with your cardiologist, they can see those lab results from your PCP while you’re there in the office.
By having signed Hixny consent, you’ve saved time by avoiding the need to track down records and have them mailed/faxed to your cardiologist, prevented yourself from having to get blood drawn again and reduced cost by eliminating an unnecessary test.
Your consent only covers use of Hixny as a tool to see your records.
Denying consent to Hixny does not mean you can entirely restrict access to your health records. Federal and state law permit certain providers and organizations to access your records without your permission.
The following circumstances are the most common ways your healthcare data may be accessed, regardless of your Hixny consent status:
- Providers who are involved in your care can contact other members of your healthcare team directly to request your records be sent to them by mail, fax or email. Hixny is not involved in—nor made aware of—these requests.
- If you are in an emergency situation and are unable to communicate with medical staff, they may opt to access your records to ensure your safety, this is called “Breaking the Glass.” In every one of these circumstances, the access is documented and an audit initiated to ensure proper procedure was followed.
- You can see a full list of exceptions in the Consent section of the Privacy & Security Policies and Procedures for qualified entities of the Statewide Health Information Network for New York (SHIN-NY).
If you want to deny nearly all providers the ability to use Hixny to see your records, you may download and complete a Hixny-Wide Denial of Access Form. Please read the form in its entirety to understand the limitations that may still apply.
Hixny and HIPAA
Hixny is a non-profit organization enlisted by your providers to make your health information available electronically.
HIPAA stands for Health Insurance Portability and Accountability Act. Its goal is to allow for health information to flow freely between providers and patients to improve care. This includes allowing for information to flow from one provider to another if they are both involved in a shared patient’s care.
HIPAA has many parts to it. The most relevant to you as a patient are:
- The Privacy Rule. A piece of HIPAA set to ensure your Protected Health Information (PHI) is just that—protected—while still allowing data to flow. It allows the people who need it most (e.g., your providers) access to your health information, electronically or otherwise.
- The Security Rule. Another piece of HIPAA whose purpose is to ensure the protection of health information while it is being exchanged electronically.
Under HIPAA terms, Hixny is a “business associate.” A business associate can be hired by a covered entity to outsource key functions they don’t have the resources to complete internally. Your doctors are “covered entities.”
Both business associates and covered entities are subject to HIPAA’s Privacy Rule and Security Rule. HIPAA requires that specific contracts are in place between covered entities (e.g., your doctors) and business associates (e.g., Hixny) to ensure the data being exchanged is properly used, disclosed and protected.
Hixny is not a government agency. However, just like your doctors, we are required to adhere to government mandates and strict guidelines set forth by applicable law. Hixny has no authority in the creation, maintenance or amending of these mandates and guidelines.
Hixny and the Statewide Health Information Network for New York (SHIN-NY)
Per the New York Codes, Rules and Regulations, the Statewide Health Information Network for New York (SHIN-NY) makes the statewide electronic exchange of clinical information possible for the purposes of:
- Improving the quality, coordination and efficiency of patient care
- Reducing medical errors
- Carrying out public health and health oversight activities
Hixny is a “qualified entity” (QE) under the SHIN-NY. As a QE, we are subject to an annual third-party certification that, among other things, confirms we comply with the privacy and security policies and procedures established by the SHIN-NY regulations.
This certification process is overseen by the New York State Department of Health (NYS DOH). For further information, visit the New York Codes, Rules and Regulations website.
View your records through Hixny.
Register for My Health Record NY to see the same information your healthcare providers see when they’re using Hixny.
Simply go to the My Health Record NY home page and click the blue “Get Started” button to confirm eligibility and verify your identity.
The information on this page is intended to keep patients informed of Hixny’s role in the exchange of health information.
It is not complete, but it is comprehensive. If you would like further information about Hixny, we encourage you to explore our website.
If you would like more information about any of the organizations, policies or otherwise that govern how Hixny conducts business, we encourage you to explore these resources:
• Statewide Health Information Network for New York (SHIN-NY)
• Privacy & Security Policies and Procedures for Qualified Entities (SHIN-NY)
• SHIN-NY Policy Guidance
• New York Codes, Rules and Regulations (10 NYCRR Part 300)
• Health Insurance Portability and Accountability Act (HIPAA)
If you have specific questions about the information contained in your health records, please reach out to your healthcare providers.
Last updated March 2024