This is the list of approved policies for HealthShare Exchange. Approved policies are posted to this website within five (5) business days. If you have any questions about the policies please contact HSX at concerns@healthshareexchange.org.
HealthShare Exchange Policies
- Acceptable Use
- Access Control
- Audi Logging and Monitoring
- Behavioral Health Data Sharing Principles
- Breach Notification
- Business Associate Privacy
- Business Continuity Management
- Change Management
- Clear Desk and Clean Screen
- Clinical Data Repository
- Compliance
- Consumer Right to Direct and Control Transmission of Data
- Contracting and Signatory Authority Policy
- Data and Media Sanitization
- Data Classification
- Data Handling Labeling and Storage
- Data Misuse
- Data Quality Management Program Policy
- Data Retention and Archiving
- Data Sharing Principles
- Disposal of IT Related Assets
- Encryption
- End User Computing Device Security
- Endpoint Protection
- Incident Management
- Information Asset Management
- Information Exchange
- Information Security
- Information Security Management Program
- Media Protection
- Minimum Necessary
- Mobile Computing Device Security
- Network Protection
- Notice of Privacy Practices
- Password Management
- Patient Opt Out and Opt Back In
- Personnel Security
- Physical Security and Access
- Privacy and Security Awareness Education and Training
- Privacy and Security Officer Role
- Privacy Management Program
- Remote Access
- Remote Work Policy
- Risk Management
- Sanctions
- Secure Disposal
- Self-Pay Information
- Source Code Management
- Teleworking
- Termination
- Third Party Risk Management
- Transmission Security and Encryption
- Virus and Malware
- Vulnerability Management
- Wireless Network Security
Use Cases
- Accountable Care Organizations (ACO)
- Clinical Data Repository Access (CDR)
- Clinical Data Repository for External Networks (CDR)
- Consumers’ Right to Direct and Control Transmission of Their Personal Data via HSX MarketStreet Use Case
- Coroner/Medical Examiner’s Office
- Direct Secure Messaging (DSM)
- Encounter Notification Service (ENS)
- Health Plan Quality Reporting
- Participant Population Health
- Patient-Authorized Research
- Public Health Authority Population Health
- Urgent Patient Activity Liason (UPAL)