You likely have questions related to privacy and security of electronic health records (EHRs) and health information exchange (HIE). We can assure you that systems are in place to protect patient confidentiality.

Georgia Health Information Network (GaHIN) is an independent, nonprofit organization dedicated to improving healthcare for all Georgians. GaHIN is committed to maintaining the public’s trust and ensuring complete privacy of all patient information.

GaHIN follows all applicable state and federal laws and regulations relating to the protection of patient health information.*

With GaHIN, healthcare management is simple, effortless and secure.

What is an electronic health record (EHR)?

An electronic record is a digital record that contains all the health information that was traditionally kept in a doctor’s or hospital’s paper files. In today’s electronic world, many healthcare providers are converting their paper charts into electronic records.

An EHR will store a complete record of all your health information—such as doctor’s notes, medical history, medications, vital signs, allergies, immunizations, laboratory results and radiology reports. An EHR is often referred to as an electronic medical record (EMR).

Anything that can be stored on paper medical records can be stored in an EHR. But EHRs can be more comprehensive and flexible. EHRs allow doctors to quickly search and review lengthy patient records, rather than sifting through stacks of paper records.

EHRs allow doctors to view results in the form of charts or graphs, which allows the patient’s healthcare providers to see trends and changes that could affect the treatment. Thus, EHRs improve the quantity and quality of information the providers see, which is especially important in emergency situations.

Why are EHRs important?

There are several reasons why EHRs help you and your family:

  • Your doctor can more easily track your checkups, medications and immunizations, so you and your family get preventive care on schedule.

  • In emergencies, your doctors can quickly access medical information for you (or your child)—and you won’t have to complete long medical history forms or try to remember your medications.

  • Your medical records can be easily sent to specialists with much more confidentiality than old-fashioned paper charts, which are sent via fax, telephone or postal mail. You won’t need a suitcase to carry your medical records to specialists!

  • All your doctors will have a complete picture of your medical history and your condition. Armed with this information, they can therefore make the best treatment decisions.

  • Your health records are safe from disasters like floods, so there’s no risk of losing valuable x-rays, MRIs or other reports in your medical history.

How secure are electronic records?

Electronic records are considered very secure. Your information is protected by the Health Insurance Portability and Accountability Act (HIPAA).

State and federal regulations, including HIPAA's security standards, govern access to or inappropriate use of these records. If your doctor is a member of a health information exchange, the controlled access provides further protection of these documents.

Because electronic records are sent to doctors and hospitals in a digital format, the information is more secure compared with old-fashioned paper charts, which are sent via telephone, fax and postal mail. There is always the risk of a confidentiality breach with paper charts. For example, a fax could be sent to the wrong number or sit on a fax machine overnight.

With an electronic record, those risks are eliminated. Your electronic records will reach their intended destination without security breach.

What is a health information exchange (HIE)?

An HIE is a network that connects practitioners and healthcare settings, all of whom have made the decision to participate for one reason—to improve patient care. An HIE network allows authorized healthcare providers to share their patients’ electronic health records on an “as needed” basis.

Physician practices, hospitals, long-term care facilities, labs, radiology centers, health insurance plans and other organizations can participate in an HIE.

GaHIN provides a “network of networks” for HIEs throughout Georgia, and it connects these networks with the nationwide HIE. If you’re traveling, relocating to another state or simply need care in another state, your doctors can easily exchange your patient records. This is especially critical in emergency situations, whether it’s you or your child who needs immediate medical care.

With GaHIN, your doctors have your complete medical history within minutes.

What type of health information is being shared on the exchange?

When they join an HIE, providers share patients’ electronic records. This includes your medical history (except for sensitive information), doctors’ notes, allergies, lab and radiology reports, immunizations and medications.

This is all the information doctors and hospitals need to make sure you get the best care possible. When your healthcare providers have easy access to your medical records, you and your family will benefit from more efficient, safer, better healthcare.

What types of sensitive information are NOT shared on the HIE?

Sensitive health information includes genetic testing and mental health notes. All providers are required to comply with federal and state laws and regulations that protect this type of confidential information.

If you want to make this information known in specific instances, you may provide express written consent for each release. This is your information, and it’s your right to release it when you wish.

Who has access to my electronic records?

Only authorized members of GaHIN and the national HIE network have access on an “as needed” basis. That includes doctors, hospitals, labs, nursing stations, radiology centers, health insurance plans and other member organizations.

GaHIN takes the issue of security very seriously. The GaHIN network has a secure login. Every transmission of patient information on the network is encrypted. Every person who accesses a record is tracked. This is a protected network, not the Internet, so your records are secure.

Will I know if my health information was misused?

Under HIPAA requirements and GaHIN policies, you have the right to receive a list of occurrences where your health information was accessed and for what purposes. If there is a breach of security involving your health information, you will be notified.

  • GaHIN will send breach notifications: These must be provided without unreasonable delay and never later than 60 days following the discovery of a breach.

  • Notifications contain specific information: To the extent possible, notifications must include a brief description of the breach, a description of the types of information that were involved in the breach, the steps affected individuals should take to protect themselves from potential harm, a brief description of what is being done to investigate the breach, mitigate the harm and prevent further breaches, as well as contact information.

  • Complaints can be filed: If you believe that a person, agency or organization covered under HIPAA violated your (or someone else's) health information privacy rights or committed another violation of the Privacy Rule, you may file a complaint with the federal Office for Civil Rights. Individuals found in violation of HIPAA can be civilly and criminally prosecuted. For more information, visit

How can I get access to my own medical records—or request changes to my record?

You won’t be able to log into the GaHIN network. But you can request copies of your electronic record by asking your healthcare provider(s). This is your health information, and it’s your right to see it when you wish.

You can request changes to your electronic record. Ask your doctor about making any revisions or corrections to your health record. GaHIN does not alter your health information in any way; the network simply provides a method to privately and securely transport health information.

Can I choose NOT to share my health information on GaHIN?

At any time you may choose to “opt-out” of having your electronic record shared through the network. You simply complete an opt-out form from your doctor. If you opt-out, no healthcare provider can share your health record through the network. If you opt-out, but change your mind, you can easily opt back into the system.

Before you decide to opt-out, keep in mind the many advantages of staying in the network—especially in emergencies. When first responders and physicians are trying to save your life, their jobs are a lot easier if your complete medical history is at their fingertips.

The GaHIN network helps protect the safety and security of you and your family. We hope you see the advantages of the GaHIN system and will decide that it’s critical to your family’s good health.

How secure are EHRs and why are they valuable?

Just like paper records, EHRs must comply with HIPAA, and other state and federal laws, so security must be built into the system. Unlike paper records, EHRs can be encrypted—using technology that makes them unreadable to anyone other than an authorized user—and security access parameters are set so that only authorized individuals can view them.

Further, EHRs offer the added security of an electronic tracking system that provides an accounting history of when records have been accessed and who accessed them. So, in many ways, EHRs are more secure than paper records.

Why are EHRs valuable?

  • EHRs improve information storage and retrieval: A healthcare provider’s ability to store health records electronically allows for quick retrieval of patient information by authorized physicians and staff wherever and whenever necessary. That ensures information about each patient is accessible and complete whenever a healthcare provider must make a treatment decision.

  • EHRs improve search and tracking functions: EHRs make it easy for physicians and healthcare providers to search, track and analyze information that improves patient care. Unlike paper records, they are not bulky, they don't take up costly space and they don't require labor-intensive methods to maintain, retrieve and file. EHRs are also stored in a standard way, so information is where the healthcare provider expects it to be, and there is no need to decipher handwritten notes.

  • EHRs improve access in emergencies: EHRs also provide easier access in times of emergency in the event of a natural disaster.

  • EHRs improve information protection: EHRs can be backed-up easily and cost effectively, thus avoiding loss of critical information during and after times of disaster (such as flood, hurricane or tornado destruction).

  • EHRs improve security: Unlike paper records, EHRs are encrypted and access is restricted so that only authorized individuals can view them. Furthermore, any time a person accesses an electronic record, the information is tracked and audited. The provider manages both the electronic records and the access tracking information, as GaHIN does not store clinical data. When paper records are viewed by people, it is very difficult to track who saw the information and whether it was authorized.

What are the advantages of health information exchange?

  • HIE provides access to multiple providers: An HIE allows two or more authorized healthcare providers involved in providing care to a patient to quickly, securely, and accurately share information. Because each healthcare provider can readily see a patient's complete EHR, the need for duplicate medical tests is reduced, efficiency is improved and patients receive higher quality care.

  • HIE speeds information retrieval: Authorized healthcare professionals can quickly and easily retrieve a patient's treatment record, lab results, prescription lists and other information even if those records are stored in a distant location. Currently, physicians and their staff are spending much of their time "chasing" paperwork and results, which means they have less time to spend with patients.

  • HIE improves patient care: HIE enhances accuracy, appropriateness and efficiency in patient care.

How much of my personal information can be shared through GaHIN?

GaHIN policies and state and federal law require we use the minimum amount of personal information to ensure we are providing the right information for the right person to the right healthcare provider.

If I participate as a patient in the HIE, does GaHIN track who accesses my health information?

Yes. GaHIN maintains audit logs, tracking every occasion where your health records are accessed—identifying the authorized individual accessing your information, the date of access, the reason for accessing and the relationship between you and the healthcare provider accessing your information. You have the right to request a list of this information from your healthcare provider and review the access logs.

How do I know if my healthcare provider is a participant in a health information exchange?

All participating healthcare providers will notify patients that they are participating in a health information exchange. When you visit a participating healthcare provider you will receive a notice about this, which may be accompanied with the provider's HIPAA privacy notification. You can request a copy of your healthcare provider’s notice of privacy practices (NoPP)

Is my healthcare information sitting on the Internet for anyone to see?

No. GaHIN and its participating healthcare providers take your privacy and the security of your healthcare information very seriously. Healthcare providers are only allowed to access the GaHIN HIE Network system using a secure login, and transmission of your information is encrypted.

Healthcare providers are also only allowed to access your information if they have a treatment relationship with you.

How is GaHIN ensuring the security of my health information when it is being transferred or exchanged?

Personal health information is protected by state-of-the-art systems employing many security measures, including administrative, physical, and technical safeguards, against such risks as loss or unauthorized access, destruction, inappropriate use, modification, or disclosure. All systems, including healthcare provider EHRs and GaHIN’s network, must comply with the security provisions of HIPAA. For added assurance, the GaHIN system is subjected to regular third-party security audits.

How does GaHIN handle unauthorized requests for access to my health information? Are there any penalties for those who misuse or inappropriately disclose my information?

Considering the highly sensitive nature of patient data and information, GaHIN maintains a zero-tolerance policy regarding inappropriate use of the GaHIN HIE Network system. Authorized users who violate GaHIN policies, as identified through reporting, audit, or other processes, will be sanctioned appropriately, may have their access terminated by GaHIN, and will be referred for appropriate disciplinary action within their own organizations.

Additionally, those found in violation of HIPAA can face civil and/or criminal penalties, including fines from $50,000 to $250,000 and/or imprisonment ranging from 1 to 10 years depending upon the severity of the offense. They can also face civil penalties for HIPAA violations that could range from $100 for each violation up to $25,000 per calendar year for all violations of an identical requirement. Maximum civil penalties for multiple violations can range from $25,000 to $1.5 million. You may obtain more information about HIPAA penalties on the website for the US Department for Health and Human Services.

Does GaHIN share my health information with employers?

No, GaHIN does not share health information with any employers. Additionally, the HIPAA Privacy Rule absolutely prohibits healthcare providers and plans from disclosing personal health information to employers without a patient's explicit, written authorization.

Is some of my most sensitive health information provided extra protection?

Certain kinds of health information, including mental health notes, substance use and genetic testing, are subject to additional legal protections. These additional protections may include a requirement that express written consent be obtained for each release of protected information and other requirements relating to the form of the consent or other information that must be provided to the patient at the time of consent.

All healthcare providers participating in GaHIN are required to comply with such laws and regulations and ensure these special protections are provided to this important and sensitive health information.

*These laws include, but are not limited to, the following:

  • Health Insurance Portability and Accountability Act of 1996 (HIPAA)
  • Health Information Technology for Economic and Clinical Health Act (the HITECH Act)
  • American Recovery and Reinvestment Act of 2009 (ARRA) (Applicable Laws).