Data Privacy & Security

The security and confidentiality of the patient health records in the Vermont Health Information Exchange is a primary focus of VITL’s work.

VITL maintains a Privacy Officer and a Security Officer to oversee policy development and implementation and deliver education for all VITL staff about the privacy and security of Vermont Health Information Exchange data and systems. Access to patient data is governed by a services agreement with each organization that provides data to or accesses data from the Vermont Health Information Exchange. Data access is logged continuously and audited regularly, in compliance with federal and state laws and VITL policies.

Our security management program ensures regular risk assessments, vulnerability scans, and penetration tests are performed. The results of these technical assessments are used to identify steps we take to further bolster our security. We continuously review and update our security tools and policies to ensure they align with best practices and mitigate the ever-changing threat landscape in order to maintain relevant and effective protections across all Vermont Health Information Exchange data.

Our policies offer more information about how we secure access to data.