Below you will find answers to some commonly asked questions. If you do not find an answer please feel free to contact us.

As healthcare organizations look to transform healthcare by providing better healthcare, improving the health of their patients, and reducing costs, the need to more effectively and efficiently coordinate the care of patients has never been more important.

The electronic transmission of patient health information between health care providers in a timely, secure, and confidential manner is an important next step in the evolution of health care delivery in the Granite State.

Below you will find answers to some commonly asked questions. If you do not find an answer to your question, please feel free to contact us.

General FAQ’s

What is Health Information Exchange (HIE)?

Health Information Exchange (HIE) refers to the secure and timely sharing of electronic health data across the boundaries of health care institutions.

An HIE organization is an entity that oversees or facilitates the exchange of health information among a diverse group of health care stakeholders within and across regions, according to nationally recognized standards. The exchange of health information has the potential to transform the way care is delivered by improving clinical workflow, and fostering increased communication among providers.

HIE is used by providers to easily and securely send patient information—such as lab results, patient referrals, or discharge summaries—directly to another health care professional. This information is sent over the internet in an encrypted, secure, and reliable way amongst health care professionals who already know and trust each other, and is commonly compared to sending a secured email.

Is patient information secure?

NHHIO uses fully certified software applications and federal standards of communication to ensure that all information sent through the NHHIO is secured and encrypted.

All participants of NHHIO agree to a stringent participation agreement ensuring that they comply with all State and Federal laws, including HIPAA, regarding the protection of protected health information (PHI), as well as NHHIO specific policies and procedures.

NHHIO does NOT maintain a centralized repository of clinical data. Instead, NHHIO facilitates the secure transmission of PHI between health care providers, replacing unreliable paper based faxing and mailing.

What is the value to healthcare providers?

Using HIE allows healthcare providers to exchange Transition of Care (TOC) summaries, medication lists and other relevant clinical information with referring or consulting providers in advance of an encounter with a patient. This improved communication initiative between healthcare teams enables greater care coordination to more comprehensively manage the health needs of patients.

Provider organizations can increase efficiency by sending patient information using a single electronic network instead of building multiple connections, or using traditional unsecure paper methods.

Access to an individual’s information helps the providers gain a complete picture of the patient's health and better prepare for a fully engaging dialogue at each encounter.

Access to patient data can help care teams better understand potential barriers to medication/treatment adherence and/or more appropriately prescribe controlled substances.

Do I need an Electronic Health Record (EHR) to participate?

No. NHHIO offers several methods of connecting to the network, including a web-based secure email product that will allow all providers to benefit from the electronic exchange of health information.

What is the value of HIE to patients?

Better coordination of care between healthcare providers can lead to significant improvements in a patients’ healthcare experience. Enabling providers of care to have the most up to date clinical information available to them at the time of a patients visit prevents patients from having to remember clinical details, including medication lists or what their specialist said at their last visit. In addition, improved care coordination can reduce patient healthcare costs by preventing duplicative diagnostic testing and hospital readmissions, for example.

Technical FAQ’s

How do I select an appropriate integration method?

NHHIO offers three service types to support Direct Secure Messaging (DSM): Direct (XDR), DSM Webmail and DSM Connect. With support and guidance from the NHHIO team, participants will be able to determine their preferred integration method(s) based upon their individual data needs and technical capabilities. NHHIO works alongside participants and their vendor(s) to determine the best integration method based on the export functions of their system(s), the ability to include Healthcare Provider Directory (HPD) information, and the trigger events for the release of information such as:

  • Medical Summary / Continuity of Care Document (CDA)
  • Transfer of Care Summary (TOC CDA)
  • Progress / SOAP notes
  • Discharge Summary
  • Referral requests / Referral letters

How does DSM Webmail communicate?

DSM Webmail is a payload agnostic, Direct enabled communication platform. In other words, there are no limitations to the types of documents that webmail users are able to send or receive. Webmail is cloud based service that does not integrate directly with electronic health records (EHRs) which makes this option very suitable for organizations that do not have Direct certified EHR systems within their environment.

How does the DSM Connect device communicate?

DSM Connect provides a simple, secure and scalable managed device for connecting to the NHHIO Direct Messaging ecosystem to send and receive encrypted healthcare information. The Connect device continually pings the participant’s environment and the NHHIO central site in order to determine if messages are waiting for retrieval and delivery. All communications from the device are outbound only and directed to a single IP address through a single Port on the local firewall. Once messages are identified, they are then pulled into the device and encrypted, then delivered to the intended recipient destination. Click Here for the Solution Diagram.

Where is the best placement of the DSM Connect device: Local Network vs. DMZ?

Since communication between the DSM Connect device and your source system is not encrypted, we recommend the appliance is placed on your network behind your Firewall which provides continuous security of PHI. Messages are encrypted by the device, and remain encrypted until they are received on the receiver’s destination, at which point they are safely decrypted.

How is data in transit secured and encrypted?

Data is sent through the NHHIO Health Information Service Provider (HISP), following Direct Project standards, using TLS version 1 transport mutual authentication protocols with PKI certificates, encrypted using AES256 algorithm. Encryption and decryption takes place within the DSM Connect device and messages are not opened or deposited and maintained at the central site.

Can I query NHHIO for available records and request the information?

NHHIO does not provide a centralized data repository of patient records for querying and retrieving functions, but is creating a platform for electronic directed secure messaging (DSM). However, NHHIO providers will be able to see a list of organizations that are Direct enabled and may then reach out to the organization to request information to be sent to them. NHHIO provides a Healthcare Provider Directory (HPD) of all participating providers and organizations with the ability to communicate via these secure protocols.

What type of network connectivity is required?

NHHIO relies upon participant’s commercial internet connectivity and does not utilize any private networks or dedicated circuits.

Where is the NHHIO central site?

The NHHIO network is securely hosted by Orion Health and LogicWorks in a hybrid cloud environment,, (SSAE16 certified) with separate server instances for NHHIO protected by Cisco ASA5520 firewalls with redundant communication ports and full anti-virus and intrusion detection software.

Legislative FAQ’s

What is Chapter 332-1?

Protected Health Information (PHI) is any information about health status, provision of health care, or payment for health care that can be linked to a specific individual. In today’s environment, PHI is routinely shared between healthcare providers, care coordinators, health plans and insurers, as well as the NH Department of Health and Human services for a variety of payment, treatment and administrative activities.

Since the RSA 332:I was last updated in 2014 regarding the use and disclosure of PHI, the healthcare community has undergone significant changes in the way business is conducted. With the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009, many NH providers have worked hard to implement Electronic Health Record (EHR) technology in order help manage their patients’ care more efficiently and effectively. The Affordable Care Act (ACA) in 2010, began to reshape payment reform and later in 2010, the Accountable Care Organizations (ACO) began to develop, and further emphasize the need for increased sharing of PHI and coordination of care.

In order for healthcare organizations and providers across the state to more efficiently and securely exchange data to increase the health of our patients, decrease cost, and provide the best possible patient experience, it is critical that we continue to evaluate the language of the RSA to support the highest quality care possible.

Will PHI be used for marketing and fundraising?


RSA 332-I:4 of the existing state law specifically prevents the use of PHI for this purpose. 

If a patient “opts out” can reportable public health data still be sent through the NHHIO?


RSA 332-I:3 paragraph VIII of the existing law allows for the submission of information to the Department of Health and Human services regardless of a patients’ opt-out status. Patients who want to opt-out of sending their information in a secure electronic format to support better care coordination, may do so by requesting to opt-out of NHHIO at their provider office or registration desk. Opt-out request forms are not accepted centrally and are managed by the provider organizations who are sending the information through NHHIO.

Join Our Network

Provider organizations can increase efficiency by sharing data using a single electronic network instead of building multiple connections, or using traditional unsecure paper methods.