eHealth Exchange is a network that enables exchange of healthcare information among its Participants. More specifically, eHealth Exchange is not a repository of healthcare data but, instead, is simply a secure conduit for exchange among Participants.
On behalf of and as authorized by our Participants pursuant to the provisions of the Data Use Reciprocal Support Agreement, eHealth Exchange receives patient information from eHealth Exchange Participants. The information includes information in the Participant’s electronic medical record for specific individuals who are the subject of an eHealth Exchange transaction. eHealth Exchange participates in the Carequality initiative, which allows Carequality Implementers to exchange electronic health records. eHealth Exchange may participate in other networks or initiatives in the future. Additionally, eHealth Exchange may de-identify and use the information its Participants provide for its business and administrative purposes related to the operation of eHealth Exchange but does not aggregate information that is individually identifiable.
Yes
Yes
Yes, if authorized
by the patient
Yes
Yes
Yes, if authorized
by the patient
No
Healthcare organizations that have direct relationships with patients are typically required to provide their patients and members electronic access to their healthcare data. The eHealth Exchange is not a Participant with the right to share patient data. The eHealth Exchange enables the sharing of patients’ health information between/among Participant healthcare organizations, but the eHealth Exchange itself does not contribute, request, or initiate the sharing of patient health data. The eHealth Exchange also does not have a direct relationship with patients. Therefore, the eHealth Exchange is not able to provide patients access to their data. Consumers should contact their healthcare providers and health plans to access their data.
Yes
Yes
No
Yes
Yes
No
No
Yes
This list represents the data that are most commonly exchanged, but the list is not exhaustive, and the actual data exchanged vary among Participants.
Active in all 50 states, the eHealth Exchange is the largest query-based health information network in the country.
Beyond exchanging with the eHealth Exchange’s 300+ health systems, federal agencies, providers, and provider collaboratives, the eHealth Exchange also provides Participants the optional ability to exchange with other health networks such as Carequality’s 25+ health networks.
The eHealth Exchange Data Use Reciprocal Support Agreement (DURSA) requires every eHealth Exchange Participant to only request, use, or disclose patient information if the request, use, or disclosure is permitted by law. In order to effectively operate the eHealth Exchange Network, the eHealth Exchange operates as a business associate of each Participant, where the business associate contract requires the eHealth Exchange to protect the privacy and security of patient information.
Some uses and disclosures that are permitted by law require patient consent or authorization, while others do not. HIPAA generally permits providers, health plans, and other covered entities to use and disclose patient information for purposes of Treatment, Payment, and Healthcare Operations without obtaining the individual’s consent or authorization. Some states, however, may impose addition consent requirements where HIPAA does not. Before exchanging patient data for any purpose that requires patient consent, it is the responsibility of covered healthcare providers and health plans to ask patients whether their healthcare data should be exchanged or, if authorization is required, to obtain the patient’s written authorization.
Some healthcare organizations collect patient consents via an “opt-in” model, where patients must affirmatively elect to share their data as specified. Other healthcare organizations utilize an “opt-out” process, where they share data with other trusted organizations unless the patient explicitly chooses to not have his/her data exchanged. Some states have laws that require either an opt-in or opt-out model, while other states leave it up to the provider or other healthcare organization to determine its own consent process.
The eHealth Exchange serves as an intermediary that relays health information from trusted Participants when such information is requested by a trusted Participant.
As a conduit for the exchange of information, the eHealth Exchange stores patients’ encrypted clinical information for up to up to two hours to ensure completion of the transmission to the requesting Participant. The eHealth Exchange stores the entire computerized transaction for up to 7 days, in case technical troubleshooting is required. Lists of queries made (without any clinical data) are stored indefinitely for auditing purposes.
We’ve got answers. Fill out this form to be contacted by a member of the eHealth Exchange team.
"*" indicates required fields
This form is not to be used to request patient data. Please visit our information handling practices for more information.
This form is not to be used to request patient data. Please see our information handling practices for more information.