What VITL Is Doing

Protecting the Privacy and Security of Your Health Information
The privacy and security of patient health information is a top priority for patients and their families, health care providers and professionals, and the government. Federal laws require many of the key persons and organizations that handle health information to have policies and security safeguards in place to protect your health information — whether it is stored on paper or electronically.

The Health Insurance Portability and Accountability Act of 1996 (HIPAA) Privacy, Security, and Breach Notification Rules are the main federal laws that protect your health information. The Privacy Rule gives you rights with respect to your health information. The Privacy Rule also sets limits on how your health information can be used and shared with others. The Security Rule sets rules for how your health information must be kept secure with administrative, technical, and physical safeguards. There is an extensive set of questions and answers regarding what patients should know about their rights under HIPAA in the privacy and security section of the healthit.gov website.

There are also federal laws that protect specific types of health information, such as information related to federally-funded alcohol and substance abuse treatment.

As the operator of the Vermont Health Information Exchange, a statewide network that enables health care providers to securely send information to each other, VITL has adopted policies and procedures that meet all federal and state laws and rules. We routinely review our policies and procedures to ensure they are in compliance, and update them when necessary.

We also have designated a staff person as our privacy and security officer, who monitors adherence to our privacy and security policies and procedures and is able to act when needed.

All VITL employees have signed confidentiality agreements, which legally require them to keep confidential any protected health information that they have access to as part of their employment.

VITL works with its contractors to ensure that only authorized users have access to the Vermont Health Information Exchange, and that data on the network remains private and secure. We also advise hospitals, physician practices and other Vermont health care providers on privacy and security issues.

Legal contracts have been signed with health care providers using VITL's services, including the Vermont Health Information Exchange, outlining the terms and conditions for VITL to handle protected health information on the provider's behalf. These terms and conditions meet all federal and state requirements.