How It Works ?
 Step 1: Healthcare consumer registers for an account at www.HePoEx.com
In order to receive documents via HePoEx service, you need to register with HePoEx. HePoEx leverages HealthVault security, so that you don't have to remember multiple passwords. When you click on the "Sign in" button on the left, you are redirected to HealthVault site to sign in. If this is the first time you are using HePoEx.com, you would be asked to add HePoEx to the list of allowed applications in your HealthVault account. This is a one-time process. You are then redirected to the My Profile page. In order to complete the registration, you are required to set up a secret question, answer to the question and select an email. Your address is considered as your HePoEx id.

Step 2: Healthcare provider uploads a digital copy of the consumer's health records at www.hepoex.com

To receive their health records, the consumer shares his HePoEx id to the provider. Consumer can complete and fill out a copy of the Authorization form for Release of Information (ROI) from HePoEx.com itself. Once the form is submitted to the provider, the provider representative obtains a digital copy of the consumer's health records. The format of these records can vary depending on the medical records system of the provider. They can be directly exported from the providers Electronic Medical Records (EMR) system or could be a scanned copy if the provider doesn't have an EMR. The provider then logs on to www.hepoex.com with his/her provider account, enters the HePoEx id provided by the consumer, uploads the documents and submits the form. All the uploaded documents are converted into a single encrypted Health Information Package and uploaded to HealthVault site.

Step 3: Consumers follow the steps in the email to import the documents into their HealthVault account.
The consumer will receive an email with a 16 digit secret code and detailed instructions to retrieve the Health information package. Consumer can click on the link in the email to go to the HealthVault site. He or she is then asked for the secret code from the email. After the code is verified, the user is required to provide the answer to the secret question that they had registered with HePoEx. After providing the correct answer to the question, the consumer is able to import the Health Information Package directly into the consumer's HealthVault account.

 


 But Email is not a secure channel. What about privacy?


 Once the provider clicks the submit button, all the documents are encrypted into a Health Information Package (HIP) and uploaded to the HealthVault repository. This encryption is done using a key derived from the answer to the secret question that the consumer had registered with HePoEx. The answer is not shown to the provider and is not sent to HealthVault either. Just prior to uploading the HIP to HealthVault, the system also creates a unique secret code. This secret code is unique for each instance of Health Information package that is sent via HePoEx.com. This secret code is not stored anywhere and is emailed to the registered email as soon as it is created. The question and the answer is not included in the email. At the time of retrieval of the package, the consumer needs to provide the secret code from the email AND the answer to the secret question to retrieve the package. The secret code and the correct answer together confirm that only the intended consumer can download the HIP.

Click here to read more about security and privacy