PRIVACY AND SECURITY
How does Connie protect patient privacy?
Connie complies with all federal and state laws and regulations on data sharing and privacy. This is codified in Connie’s enabling legislation, its contract with OHS to perform its functions as the state-designated HIE, and its data sharing agreements with its participating organizations. Connie has a Data Release Policy available on its website that details the circumstances under which Connie shares data and an active Privacy, Security, and Confidentiality Committee of its board to provide oversight over Connie’s programs.
Connie is a voluntary benefit for Connecticut’s residents – they have the option of opting out of Connie and have had that option since we began. Additionally, all patients have the right to request an Accounting of Disclosures to see who has had access to their information in Connie.
What security measures does Connie use to ensure the protection of my information?
Keeping patient data safe is a Connie priority. Connie’s technical infrastructure partner, the organization that is responsible for managing the data on behalf of Connie, CRISP Shared Services (CSS), is HITRUST and EHNAC (HIEAP) certified. These certifications are considered the national gold standards for privacy and security and demonstrate that an organization is taking the most proactive approach to cybersecurity, data protection, and risk management & mitigation. These certifications require ongoing updates, training, and recertification activities.
CSS also adheres to federal and state regulations and undergoes an annual security audit by a third-party firm. As part of its security program, CSS has deployed a suite of next generation security tools and exercises to protect data in accordance with the NIST Cybersecurity Framework (CSF).
How does Connie protect reproductive health data specifically in the case of a subpoena?
By state law and Connie’s own policies, Connie cannot provide any information nor contribute in any way to civil or criminal inquiries of a patient’s legal reproductive services in Connecticut.
Does Connie share data nationally?
Yes, in keeping with our mission of enhancing the health and well-being of Connecticut’s residents, we connect with National Networks so that our patients’ data is accessible by their treating providers no matter where they receive care, especially in the event of an emergency when you’re not in your home state. Similarly, we don’t want the burden of relaying clinical information to fall solely on a patient who receives care out of state – that data can be accessible to that patient’s Connecticut-based provider.
If you share data nationally, how are you ensuring that reproductive health data, or other sensitive data, isn’t being used inappropriately?
There are several laws at both the federal and state level that govern who can access a patient’s healthcare data, including reproductive health or other sensitive data. Further, the data sharing agreements for all the National Networks stipulate that data can only be accessed for specific permitted purposes – in this case, treatment. Simply put, it’s illegal to query a patient’s record through national exchanges for anything other than treatment purposes or for individual access (meaning a patient requesting access to their data through a third-party app). Connie is in the same boat as all provider organizations who currently share and have shared clinical data through private HIEs, like Epic’s CareEverywhere or National Networks and frameworks like Carequality and eHealth Exchange.
Does Connie share my health information with employers?
No. Connie does not share any of your information with employers.
Do health insurance companies have access to my data and will they have access to the same data that my provider sees?
Health insurance companies can access your data through Connie if they are connected to it for care coordination, management, and quality improvement purposes for active members.
What do I do if I think an unauthorized person viewed my records?
Contact Technical User Support at 866-987-5514 immediately, and we will investigate. Patients may view the history of who has accessed their individual data by requesting an Accounting of Disclosures from Connie. All access is tracked and may be audited internally by Connie. You can also talk to your provider who participates with Connie.
How can I find out who has accessed my data?
Request an Accounting of Disclosures from Connie to view the history of who accessed your information. The form for this request is available here: https://disclosures.crisphealth.org/form
Can I control who sees my information in Connie?
You can control whether you want your data shared through Connie to authorized users who have a declared relationship with you, such as your doctor or your hospital. However, you cannot pick and choose which healthcare providers are authorized to view your information in Connie. You may choose not to make your data available in Connie by opting out. If you choose to opt out of Connie, none of your data will be shared with any healthcare provider you visit for your care.
Can my data be purchased?
Privacy, security and confidentiality of individuals' data along with transparency around data collection and release is of paramount importance to the state, Connie’s board and Connie’s management. Under HIPAA, Connie is prohibited from selling Protected Health Information (PHI) without written authorization from the patient. Connie does not and will not sell patient PHI. No entity can skirt the law and access patient data from our HIE through other means, such as subscriptions, without approved purposes of use and authorized access.
Access to patient data in the HIE is governed by, and consistent with, federal and state law, including HIPAA. The HIE does not expand or increase such access rights in any way. Rather, Connie improves the method by which such already-permitted access occurs, making it more secure, more timely and more transparent. All participating organizations sign legal agreements that require that access to and sharing of patient data be in compliance with applicable laws and for only those purposes authorized by applicable laws.
Opt Out
Can patients opt out of having their health information shared through Connie?
Yes, patients can opt out of Connie. If a patient opts out, they are opted out of every aspect of data sharing that is not otherwise required by law. Connie maintains a service to allow providers to view a patient’s Narx report from the state’s Prescription Monitoring Program (PMP) from within the Connie portal. State law does not allow patients to opt out of the PMP.
What happens once I send in my opt-out form?
Your health information will be deleted from Connie within 5 business days. Once your data is deleted, your provider will not be able to search Connie for your health information. However, some providers will use Connie to send information about their patients to each other directly. This is the same as when providers share information by fax or by mail.
If a provider searched Connie for your information and put that information into their medical records before you completed your opt-out, that information will remain in that provider’s medical records.
If you have a Connie Patient Connect account, data within the account will no longer be updated after you are fully opted out of Connie, and your Patient Connect account will be deleted within 30 business days. If you would like to download any of your data from your Connie Patient Connect account, we recommend that you access your account and download your data before opting out.
I have opted-out, can I opt back into Connie?
Yes, you can opt back into Connie at any time. Patients who want to opt back in, or have any questions, should call Technical User Support at 866-987-5514.
Unfortunately, we cannot retrieve the information we deleted when you opted out so your historical clinical information will not be in Connie.
Can a person under the age of 18 opt-out of Connie?
In accordance with Connecticut law, any patient that can legally consent to health services can opt out of Connie. Accordingly, children under the age of 13 need to have a parent or guardian opt-out for them. Because children aged 13-17 are permitted to consent to some health services in Connecticut, either the parent/guardian or the child (between the age of 13-17) can opt themselves out.
If I opt-out, does that cover everything?
No. There are some limited and specific instances where the opt-out choice does not apply:
Public Health Reporting: Certain information is required to be reported by providers to public health agencies, such as monitoring disease trends, conducting outbreak investigations, and responding to public health emergencies. In these specific cases, Connie may be used as the mechanism for the provider to report this information. Also, Controlled Dangerous Substances (CDS) information, as part of the Connecticut Prescription Monitoring Program (PMP), will continue to be available through the HIE to licensed providers.
As required by law: The HIE may access, use or disclose your health information as required by law, regulation, court order or legal process.
For Connie’s Internal Management and Operations: In order for Connie to be able to maintain your decision to opt out, we will need to maintain some basic demographic information including your name, date of birth, and address.
Please note that even if you opt out of your data being shared to and through Connie, this may not impact your other healthcare providers who may be sharing data through local EMR networks and to and through National Networks.
Do my providers know if I have opted out?
Connie does not explicitly notify your providers if you have opted out. However, if you opt out of Connie and your provider searches for your information in the Health Information Exchange at a later time, they will see a pop-up notification stating you have opted out.
My Health Data
How do I know if my doctor participates with Connie?
Per state statute, all healthcare organizations are required to participate with Connie. Timeframes for connectivity to Connie vary. To see a list of organizations who currently share information with Connie, CLICK HERE.
Your healthcare organization may let you know that they’re sharing data with Connie in a variety of ways including through their Notice of Privacy Practices, by updating language on their website, or by posting information where you can see it.
How far back do my online records go?
Connie began collecting information in January 2021. It is possible that you may have records prior to 2021 in Connie. Ask your healthcare provider when they began sending information to Connie, and what types of information were shared. To see a list of organizations who currently share information with Connie, CLICK HERE.
How is Connie notified when I change providers?
The foundation for a Health Information Exchange is the established care relationship between providers and patients when a medical encounter occurs. Connie uses these encounters to determine and update a patient's care team when any encounters take place. When you are seen by your provider, information is sent to Connie to share your demographic information as well as summary information about your visit. That encounter information establishes a care relationship between you and your provider. When you change providers, your new provider will send us encounter information that establishes your new relationship.
Accessing My Health Information
How can I access my health information through Connie?
Connie has created an online patient portal called Connie Patient Connect free to Connecticut residents. If you prefer a choice in personal health applications, we also provide Patient Access through third-party health applications that commit to the privacy and secure framework of Carequality.
What is the cost?
Connie does not charge any fees for accessing your data. Although we do not charge for Connie Patient Connect, some third-party personal health applications (PHAs) may charge a fee to use their apps.
Why can’t I access all my information?
There are several reasons you may not be able to access or see all of your medical information.
Connie can only provide access to data sent to Connie. We may not be receiving data from all of your providers. Go to Connected Orgs Dashboard to see if your providers are connected to Connie.
Providers may not send all data to Connie for various reasons.
Providers only began coordinating patient health information through Connie in 2021, so health information will not go back beyond when providers started using Connie.
At this time, Connie provides data regarding the encounters you have had with different medical providers connected to Connie, lab results, medications, immunizations, health issues or “problems” you are experiencing, and allergies to name a few. Nevertheless, not all providers are sending each of these data elements. In addition, we are not yet able to provide radiology reports or images or data that is considered “sensitive”, for example treatment information from a substance use disorder program.
In some cases, a licensed healthcare provider who believes that viewing or downloading your information could cause you or another person harm can request that Connie not provide you access to their information. You can contact Connie for more information about the provider who has made this determination. You have a right to appeal this decision with the provider directly.
A provider may determine the data they sent Connie was inaccurate and request that Connie not make that data available.
What if I see a mistake in my record or I have questions about the information?
If you believe there is a mistake in your medical record or have any questions about the information, you should talk to your doctor or healthcare provider since they created your medical record and are the only ones authorized to make changes.
Who can access their information in Connie?
All patients ages 18 and over may have access to their information once they have appropriately validated their identity.
At this time, parents and legal guardians of children ages 0-12 are not able to access their child’s information as we are working to develop an appropriate way to validate their identity and custodial relationship with the child. To comply with state and federal privacy laws, Connie is not able to provide any information for patients ages 13-17.
We encourage parents and guardians to access their children’s health information directly from their healthcare provider.
Accessing your Health Information through Connie Patient Connect
How do I set up an account?
To access your personal health information available through Connie, create an account at https://conniepatientconnect.org. You will be required to provide proof of identity using Clear. This will include taking a picture of your government ID using your cell phone to verify who you are.
What if I already have a Clear account?
If you already have a Clear account, you will not be required to revalidate your identity. You can simply log into your existing Clear account when prompted.
I cannot get Clear to validate me?
Strict federal patient identity validation guidelines help us to make sure only the appropriate person is accessing their records. We follow these guidelines as our policy to protect your data. These guidelines require a government issued ID. If you have any questions about the CLEAR ID verification process, call 1-855-CLEARME (253-2763).
When I access my new account, there’s no information?
If you have opted out of Connie, Connie is not receiving any health information from your providers. If you have not opted out of Connie, check to see if your provider is sending Connie data by visiting Connected Orgs Dashboard.
I have forgotten my username and/or password, how can I get into my account?
If you have forgotten your password or username, you can use the “forgot password?” or “forgot username?” link on the log-in page. You will be emailed a link to the email address you used to set up your account. Use the link in your email to reset your password or be reminded of the username you used to set up the account.
I cannot log into my Connie Patient Connect account?
Connie reserves the right to delete accounts under certain circumstances. These include if you have not logged in within the past 18 months, if you have opted out of Connie, or if you have violated the terms of use.
What happens to my Connie Patient Connect account if I opt out of Connie?
If you have opted out after creating your Connie Patient Connect account, data within the account will no longer be updated after you are fully opted out of Connie, and your Patient Connect account will be deleted within 10 business days. If you would like to download any of your data from your Connie Patient Connect account, we recommend that you access your account and download your data before opting out.
What’s the difference between Connie Patient Connect and the patient portal my provider has?
Provider portals, like MyChart, provide you with an interactive link to your provider. These portals may allow you to message your provider, make appointments, pay bills, and see health information limited to what is within that providers record for you.
Connie Patient Connect serves as a one-stop source for your health information no matter which provider you visit. However, it does not enable you to interact with your provider(s) the way the provider portals do. For example, although you can add appointments to the My Appointments calendar, you cannot make an appointment with your provider through Connie Patient Connect.
If I upload documents, can my provider see them?
Connie does not push information from the patient portal to your provider.
Can I message my provider through the portal?
The portal currently does not enable you to communicate with your provider directly.
Can I add or remove information?
You can upload and delete additional information to your record. For example, if you have a list of medications, or monitor your own heart rate, you can add that information to your record and delete it. You are not able to delete any information coming from your providers.
Why can’t I delete information coming from my providers?
Deleting information from your portal account does not change information that your provider has. Your provider pushes a copy of your health information to Connie. Connie then pushes a new copy to your portal. Deleting information in the patient portal will not impact the information your provider sees through Connie, or within your provider’s own system.
I’m helping an adult loved one manage their health. Can I get access to their account?
Yes. You will both need to have a Connie Patient Connect account. They will need to use the authorized access feature to grant you access. Please review the User Guide for details.
Accessing your health information through 3rd Party Personal Health Applications
Is Connie selling my patient health record to Personal Health Applications (PHAs)?
No. Connie does not sell personal health information (PHI). Your PHI is protected by HIPAA, and we take that protection very seriously. Whether or not you choose to use a PHA to access your health information is your choice. We will only release your information to a PHA on your behalf with your approval.
Why is Connie making patients go through Carequality to access their record?
We heard from many patients that they didn’t want yet another portal to access their health record. In addition, federal rules require organizations like Connie to let patients have a choice in how they access their health information. But patients didn’t want to worry about which apps were “okay” to use. And federal rules restrict how Connie can determine which apps should or should not have access. But we wanted some way for patients to have some peace of mind regarding the PHAs they give access to their health information. We feel Carequality provides a trusted framework for Connecticut patients to access their data.
Apps connected through Carequality have signed onto the CARIN Alliance Code of Conduct, considered an industry best practice for patient health information exchange. The CARIN Alliance is a multi-sector group of stakeholders representing numerous hospitals, thousands of physicians, and millions of consumers and caregivers. They are committed to enabling consumers to get digital access to their personal health information. They also believe that when an individual makes a request for their data to be sent to an application of their choice, it should be treated as an individual “right of access” request pursuant to the HIPAA Privacy Rule. More information about your right to access your health information under HIPAA can be found on the Department of Health and Human Services website.
What if I’ve opted out of Connie, but I’m still seeing my health data through 3rd Party applications?
If you have opted out of Connie but are seeing your health data in your selected personal health application (PHA) connected through Carequality, it is likely that the PHA is also connected to other sources of your health record in Connecticut. If you would like to confirm that Connie has honored your opt-out request, you can request an “accounting of disclosures”—a list of people who have viewed your healthcare information in Connie. To make the request, use this form.
Why did I receive an error when I tried to access my information?
There are a few reasons why you may have received an error message. If you have worked through the PHA you have selected to address any issues, please call Connie’s user support services for additional help at (888) 601-7345 or email PatientSupport@ConnieCT.org.