Health Information Technology   HIE    Health Information Exchange Registration

Overview

Health Information Exchange (HIE) aims to deliver the right information to the right place at the right time by enabling health care professionals to transfer patient data across disparate information systems. Patient data available through an HIE can include lab results, radiology reports, discharge summaries, consultation notes, transcribed documents (i.e. clinical summaries), and secure clinical messaging and referrals.  

HIE Privacy and Security Regulations

The Maryland Health Care Commission (MHCC) was given authority under Maryland law in May 2011 to adopt regulations for the privacy and security of protected health information (PHI) obtained or released through an HIE. [1]  The regulations set forth requirements for HIEs including:

 

  • Procedural and technical controls (e.g. authorization and authentication) for the exchange of health information;
  • Protocols for health care consumers to opt-out from having their health information exchanged via the HIE and request information on who has accessed their health information;
  • How HIEs disclose sensitive health information, including obtaining additional authorization or consent;
  • Annual audits to review and test the implementation of controls, including appropriate and permitted access, use and disclosure of PHI;
  • Processes to assess and respond to a breach or potential non-compliance with the regulations including investigations, remedial action plans, notifications, and suspension or termination of access, and notifications;
  • Protocols for the release of data for secondary use (e.g. population care management or research); and
  • Policies and procedures regarding access, use, and disclosure of data in emergency situations.

The regulations became effective March 17, 2014 can be found here.

HIE Registration

Code of Maryland Regulations (COMAR) 10.25.18.09, Registration and Enforcement, requires an HIE operating in the State to register with MHCC annually. Registration is valid for one year.

Who must Register

Effective October 1, 2018, Maryland law defines an HIE as "an entity that provides or governs organizational and technical processes for the maintenance, transmittal, access, or disclosure of electronic health care information between or among health care providers or entities through an interoperable system”.[2] An HIE does not include an entity composed of health care providers under common ownership; or, if the organization and technical processes it provides or governs are certain transactions, carriers, carriers’ business associates, or an administrator.

How to Register

The MHCC is currently revising the registration application. Please contact Alana Sutherland at alana.sutherland@maryland.gov for more information if your organization is planning to submit an application under the revised definition.

List of Registered HIEs

Organizational Logo Organizational Name
  Adventist HealthCare 
  Chesapeake Regional Information System for our patients
   Children's IQ Network
   Peninsula Regional Medical Center
   Surescripts

   

Contact

If you have questions or need additional information regarding the HIE regulations and registration process, please contact hie.registration@maryland.gov, or call 410-764-3330. 


__________________________    

[1] Md. Code Ann., Health-Gen. §§4-301 and 4-302 (2011)

[2] On May 15, 2018, Senate Bill 17, Health Information Exchanges – Definitions and Regulations, was signed into law, changing the definition of an HIE.

 

 

  

Last Updated: 11/9/2018