Eastern New York’s Most Secure Health Information Exchange


Hixny prides itself on being ahead of the crowd, and there’s no exception when it comes to keeping protected health information (PHI) private, safe and secure.

Privacy and Security

As a health information exchange (HIE), Hixny complies with the many rules and regulations set forth by New York State and the federal government that govern the exchange of medical information. Hixny additionally complies with voluntary safety and security protocols in an effort to remain the most secure HIE in eastern New York.

Those include:

  • HIPAA Privacy Rule
  • HIPAA Security Rule
  • HIPAA Breach Notification Rule
  • 42 CFR Part 2
  • SHIN-NY Privacy and Security Policies and Procedures for Qualified Entities and Their Participants
  • Minimum Acceptable Risk Standards for Exchanges (MARS-E)
  • NYS Cybersecurity Requirements for Financial Services Companies (23 NYCRR 500)
  • NYS Shield Act
  • EHNAC’s Privacy and Security framework
  • HITRUST’s Common Security Framework (CSF)

Direct Trust


HITRUST CSF Certified Logo


In 2018, Hixny’s system was among the first health information exchanges (HIEs) in New York to be certified by the Health Information Trust Alliance (HITRUST), the group of healthcare, business, technology and information security leaders that oversees the best practices and regulatory standards called the Common Security Framework (CSF).

The goal of the CSF is to ensure the confidentiality, integrity and availability of private data, including PHI. In fact, it could be described as a universally accepted blueprint for keeping information out of the hands of the wrong people.

Read more about what HITRUST and CSF mean for you and for Hixny.


Audit Summary

Hixny continually audits user activity to ensure compliance with policies and procedures that have been put in place to protect and secure patient data.

Request access to our user audit reports.


Questions and Concerns

Hixny will be performing extended maintenance beginning Thursday, December 31 through Friday, January 1. During this time, all services
will be impacted and unavailable—including access to the provider portal.