Participant Security Requirements

We aim to help your organization level-up your security practices.

Here is what we expect of our Participants:

Notification to RHIO of Suspected Incident

When an Unauthorized Use or any other type of security breach impacting Protected Health Information (PHI) is suspected by a Bronx RHIO Participant, we require the incident to be immediately reported to the RHIO for investigation and, if relevant, escalation to the State Designated Entity, the New York eHealth Collaborative (NYeC).

Employee Security Awareness Training

The Bronx RHIO requires that all Bronx RHIO Participant employees interfacing with the Bronx RHIO receive security awareness training including but not limited to HIPAA best practices and Bronx RHIO Privacy and Security Policies and Procedures. The Bronx RHIO may work with Participants to build and improve this training based on the results of the Participant’s Participant Risk Assessment (PRA) security questionnaire. The Bronx RHIO can provide HIPAA training to Participants as needed.

Employee Responsible System Usage Training

Before receiving Bronx RHIO login credentials, all Bronx RHIO Participant employees interfacing with the Bronx RHIO as Authorized Users or for collecting consent will be trained by Bronx RHIO staff on responsible system usage. Training will be administered by the Bronx RHIO either on site or online depending on Participant needs. Trained Authorized Users will then be annually retrained with refresher material to maintain a high level of appropriate system use awareness.

Read more about Bronx RHIO Training on our Becoming a User page.