Health Information Technology   HIE    Health Information Exchange Registration

Overview

Health Information Exchange (HIE) aims to deliver the right information to the right place at the right time by enabling health care professionals to transfer patient data across disparate information systems. Patient data available through an HIE can include lab results, radiology reports, discharge summaries, consultation notes, transcribed documents (i.e. clinical summaries), and secure clinical messaging and referrals.  

HIE Privacy and Security Regulations

The Maryland Health Care Commission (MHCC) was given authority under Maryland law in May 2011 to adopt regulations for the privacy and security of protected health information (PHI) obtained or released through an HIE. [1]  The regulations set forth requirements for HIEs including:

 

  • Procedural and technical controls (e.g. authorization and authentication) for the exchange of health information;
  • Protocols for health care consumers to opt-out from having their health information exchanged via the HIE and request information on who has accessed their health information;
  • How HIEs disclose sensitive health information, including obtaining additional authorization or consent;
  • Annual audits to review and test the implementation of controls, including appropriate and permitted access, use and disclosure of PHI;
  • Processes to assess and respond to a breach or potential non-compliance with the regulations including investigations, remedial action plans, notifications, and suspension or termination of access, and notifications;
  • Protocols for the release of data for secondary use (e.g. population care management or research); and
  • Policies and procedures regarding access, use, and disclosure of data in emergency situations.

The regulations became effective March 17, 2014.

Click here for a general summary of the HIE Privacy and Security Regulations.

   

HIE Registration

Code of Maryland Regulations (COMAR) 10.25.18.09, Registration and Enforcement, requires an HIE operating in the State to register with MHCC annually. Registration is valid for one year.

Who must Register

Effective October 1, 2018, Maryland law defines an HIE as "an entity that provides or governs organizational and technical processes for the maintenance, transmittal, access, or disclosure of electronic health care information between or among health care providers or entities through an interoperable system”.[2] An HIE does not include an entity composed of health care providers under common ownership; or, if the organization and technical processes it provides or governs are certain transactions, carriers, carriers’ business associates, or an administrator.

HIEs may continue to submit an application under the existing definition prior to the October 1, 2018 effective date.  HIEs planning to submit an application under the revised definition should contact Alana Sutherland at alana.sutherland@maryland.gov for additional information.

How to Register

To register as an HIE in Maryland, please complete the application below. Please send the completed application and all supporting documents to HIE.Registration@Maryland.gov.

Application for Registration to Operate As a Health Information Exchange in Maryland

Registration Renewal

An HIE renewing its registration in Maryland must provide, in addition to a completed application and any updates to the supporting documentation, the following information within 120 days of its fiscal year end date:

a. The most current audited financial statements; and

b. The most current results of the privacy and security audit performed in accordance with COMAR 10.25.18.

Requirements for Registered HIEs

Registered HIEs in Maryland must comply with the requirements of COMAR 10.25.18. Key administrative requirements that involve notification or reporting of a registered HIE to MHCC, or performing audit-related activities at the request of the MHCC, are listed here.  

List of Registered HIEs

Organizational Logo Organizational Name
  Adventist HealthCare 
  Chesapeake Regional Information System for our patients
   Children's IQ Network
   Peninsula Regional Medical Center
   Surescripts

   

Contact

If you have questions or need additional information regarding the HIE regulations and registration process, please contact hie.registration@maryland.gov, or call 410-764-3330. 


__________________________    

[1] Md. Code Ann., Health-Gen. §§4-301 and 4-302 (2011)

[2] On May 15, 2018, Senate Bill 17, Health Information Exchanges – Definitions and Regulations, was signed into law, changing the definition of an HIE.

 

 

  

Last Updated: 8/20/2018