Printable Version
Policies and Procedures
NOTICE PRIOR TO ADOPTION OF PROCEDURES
HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT
Pursuant to section 1-121(a) of the General Statutes, notice is hereby given that the Health Information Technology Exchange of Connecticut (HITE-CT) is proposing to adopt the operating procedures outlined below for the operations of the HITE-CT, pursuant to section 19a-750 of the General Statutes. The procedures include: Governance; Administration; Adoption of Annual Operating Budget; Personnel Policies; Purchase, Lease, Acquisition Policy for Personal Property; Contracting for Professional Services; State Contracting Requirements; Funding Sources and Procedures of General Applicability to Grant Assistance; Surplus Funds; and Periodic Review; Amendment of Procedures. Click on link for operating procedures:
HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT
OPERATING PROCEDURES
The Operating Procedures were adopted by the HITE-CT Board on February 22, 2012.
ADOPTED POLICIES OF THE
HEALTH INFORMATION TECHNOLOGY EXCHANGE OF CONNECTICUT
The following policies for the implementation of a state-wide health information exchange under the authority granted to the HITE-CT by Chapter368dd of the Connecticut General Statutes were adopted by the HITE-CT Board of Directors on November 21, 2011 after notice and an opportunity to comment was provided pursuant to section 1-121(a) of the Connecticut General Statutes.
Adopted policies:
|
Audit Policy |
The purpose of the policy is to ensure that the security and confidentiality of patient data transmitted through HITE-CT is protected through privacy/security audits.
Audit is defined as follows: systematic and independent examination of accesses, additions, or alterations to electronic health records to determine whether the activities were conducted, and the data were collected, used, retained or disclosed according to organizational standard operating procedures, policies, good clinical practice, and applicable regulatory requirement(s). |
|
Identity Management Policy |
The purpose of the policy is to ensure that the identities of the persons and entities interacting with HITE-CT are assured through the performance of tests to enable a data processing system to recognize entities (individuals or machines interacting with the HITE-CT system). |
|
Authentication Policy |
The purpose of the policy is to ensure that systems and persons interacting with HITE-CT system are known through the process of reliable security identification of subjects by incorporating an identifier and its authenticator. |
|
Access Control Policy |
The purpose of the policy is to define who and how individuals and systems can access HITE-CT managed data through a means of ensuring that the resources of a data processing system can be accessed only by authorized entities (individuals or machines interacting with the HITE-CT system) in authorized ways. |
|
Consumer Authorization and Consent Policy |
The purpose of the policy is to define the circumstances in which a consumer can permit or withhold disclosure of HITE-CT accessible health information. |
|
Consumer Rights Policy |
The purpose of the policy is to define consumers’ and patients’ expectations that will govern the design and implementation of health information exchange and technology in Connecticut. |
|
Breach Notification Policy |
The purpose of the policy is to define policy surrounding identification, investigation, notification, and mitigation of a breach. Breach is defined as a Reportable Event involving the unauthorized acquisition, access, use or disclosure of protected health information on the Connecticut Health Information Exchange which compromises the security or privacy of protected health information maintained by or on behalf of a person. Such term does not include a Reportable Event where an unauthorized person to whom such information is disclosed would not have reasonably been able
to retain such information. An example of a Reportable Event is a clinician sharing his/her user name and password with another clinician in the practice who had forgotten his/her own user name or password. |
|
Purpose of Use Policy |
The purpose of the policy is to define permissible uses of the HITE-CT information such as Patient Care, Public Health, and Quality. |
|
Affinity Domain Policy |
This document describes the statewide standard interoperability requirements and specifications including standard content, identification schemes, vocabularies, systems and their interactions to be supported by the Connecticut Health Information Exchange (HITE-CT). |
|
Information Security Policy |
The purpose of the policy is to ensure that the information security is conducted in a manner that protects personal health information and that supports the availability, confidentiality, integrity, and accountability of HITE-CT shared clinical information. |
The following Operating and Finance Policies have been adopted by the HITE-CT Board of Directors.
The following Human Resources Policy has been adopted by the HITE-CT Board of Directors. |
Content Last Modified on 9/12/2013 10:42:38 AM
Printable Version
|
