Reminder:

Sharing of Health Home Member´s Protected Health Information (PHI)

  • Reminder is also available in Portable Document Format (PDF)

The sharing of PHI in all cases must be restricted to the minimum amount of information necessary to accomplish the purpose. Additionally, the two parties sharing PHI must attain legal assurance to ensure confidentiality of the information and prevention of re-disclosure to other parties. This may come in the form of Business Associate Agreements, Confidentiality and Non-Disclosure Agreements, Qualified Service Organization Agreements, or Data Exchange Application Agreements. Additionally, in the case of information relating to alcoholism or substance use disorder treatment through OASAS-certified programs, individual consent is always required for any information that may identify an individual as participating in these programs. For HIV-related information, generally, can only be disclosed if the person signs an approved HIV release form.

Sharing Protected Health Information after Enrollment/Consent have been completed

After a member has been consented and enrolled into a Health Home, PHI may be shared with the various entities that are included on the consent form. For example, in order for a Health Home to share additional PHI with a Managed Care Plan and Care Management Agency, the HH would want to include the Managed Care Plan, any contracted behavioral health management entity and the Care Management Agency on its consent for release of information. The Managed Care Plan and/or Care Management Agency may, in addition, require its own release of information for bidirectional sharing of PHI.

Health Home
Division of Program Development and Management
New York State Department of Health
Office of Health Insurance Programs