Processing Integrity Policy

Purpose

OneHealthPort understands the importance of communicating to customers about its position on processing integrity. This policy is intended to provide transparency on the following:

  1. When and why customer-submitted data may or may not be modified.

  2. To communicate the importance of putting controls in place to ensure that customer-submitted data conforms to what is expected.

     

Policy Statement

Except where required for specific transactions by design, the Health Information Exchange (HIE) does not modify any customer data in passthrough transactions. For the Single Sign-On (SSO) service, OneHealthPort does not modify SSO user data, except upon the users' request, in compliance with security policy, or as part of a legal or security investigation or response. For the Clinical Data Repository (CDR), OneHealthPort does not modify any of the originally submitted clinical data that is persisted in the repository database.
Validation of customer-supplied data will be performed when OneHealthPort is managing data within its own system boundaries. Data validation may not be possible when OneHealthPort is acting as a passthrough and is not permitted to look at the data payload. In those cases, data may be provided directly to the recipient without any validation being performed by OneHealthPort.

 

Applicability

This policy applies to data processed by OneHealthPort in the following data flows:

  1. Data submitted by trading partners through the HIE via supported transaction that does not explicitly require modification of data by design. Data payloads submitted via the HIE that are part of a passthrough transaction may or may not have its content validated.

  2. For the SSO, Organizational Administrators manage the data of users for their organizations, self-service management of a user's own data, and any assistance provided by OneHealthPort.

  3. For the CDR, clinical data submitted by provider organizations.