privacy and security

The SYNCRONYS HIE allows for secure access by authorized users. Participating providers are required to meet the rigorous Health Insurance Portability and Accountability Act (HIPAA) regulations and Health Information Technology for Economic and Clinical Health (HITECH) Act privacy and security standards.

The New Mexico Electronic Medical Records Act established that all available electronic health information is included in the HIE. All patient information is sent to a secure storage area where data is organized and maintained. This means that all clinical information from participating providers is available and included in the HIE, including specially protected information.

SYNCRONYS enforces the security of confidential data by authenticating and auditing users’ access to its data. Authentication ensures that only authorized personnel can access the secured system. Access rights are based on the assigned user role and access privileges are checked for each data request. Auditing ensures that the data are accessed for the purpose of performing an approved duty. Access to the SYNCRONYS HIE is captured in an audit trail, which includes the identification, tracking, and reporting of suspicious incidents, usage behaviors or access patterns.

Participating healthcare organizations and their facilities are required to ensure that their End-Users are accessing patient information appropriately based on their organization’s pre-established consent rules, HIPAA, and applicable state law.

Patient Consent Information

New Mexico law reflects federal HIPAA protections, so access is limited to authorized users with a treatment, payment, or healthcare operations relationship with the patient.  Patients may completely opt-out of the health information exchange, making their information inaccessible, even in an emergency situation.

The privacy, confidentiality and security of protected health information are protected by state and federal laws.
These protections are safeguarded and built into the HIE.