Electronic Health Networks (EHN)
EHNs operating in the State (also referred to as "clearinghouses" or "networks") exchange electronic health care transactions between providers and payors. Their services include:
- verifying the accuracy of claims submitted
- reporting on errors identified during the data cleaning process
- formatting transactions to align with national standards established under the Health Insurance Portability and Accountability Act of 1996 (HIPAA)
COMAR 10.25.07, Certification of Electronic Health Networks and Medical Care Electronic Claims Clearinghouses (regulations) is the EHN regulatory framework. It includes requirements for certification by MHCC and submitting electronic health care transactions to the State-Designated Health Information Exchange, CRISP.
EHN Certification
COMAR 10.25.07 requires government and private payors that accept electronic health care transactions originating in Maryland to only accept transactions from MHCC-certified EHNs. Certification is valid for a two-year period and requires a network to be accredited or certified by a nationally recognized organization that evaluates standards related to privacy and confidentiality, business practices, physical and human resources, technical performance, and security.
Reporting Electronic Health Care Transactions
State law (Chapter 791 [Senate Bill 748] and Chapter 790 [House Bill 1022], Public Health - State Designated Exchange - Clinical Information, 2021) requires EHNs to submit electronic health care transaction information to CRISP for public health and clinical purposes. CRISP is required to develop and implement supporting policies and procedures for EHNs. Transaction data provides valuable information to support the State’s participation in the Achieving Healthcare Efficiency through Accountable Design (AHEAD) Model.
Regulation Amendment Process
COMAR 10.25.07 supports implementation of the law. Final regulations became effective on November 10, 2025. The MHCC engaged stakeholders in an iterative process to amend the regulations:
- May 2024 – Draft amendments to COMAR 10.25.07 released for informal public comment
- July 2024 – Stakeholder working session to discuss draft regulations
- December 2024 – Comments on Proposed amendments published in the Maryland Register for public comment
- August 2025 – Comments on Reproposed amendments published in the Maryland Register for public comment
- November 2025 – Final regulations
- Regulatory guidance prepared by MHCC serves as a resource for EHNs required to report electronic health care transactions to CRISP:
- CRISP developed draft technical submission guidance in collaboration with EHNs:
For more information, visit CRISP’s EHN website, or email Megan.Lamar@crisphealth.org.
The MHCC convened a virtual Town Hall on January 30, 2026, to discuss regulatory guidance to support EHNs' implementation of Maryland law (2021).
- Town Hall Recording (January 30, 2026)
Legally Protected Health Information
State law (Chapter 248 [Senate Bill 786] and Chapter 249 [House Bill 812], Health - Reproductive Health Services - Protected Information and Insurance Requirements, 2023) prohibits the disclosure of legally protected health information by health information exchanges (HIEs) and EHNs operating in the State, with some exceptions. Legally protected health information includes mifepristone data; the diagnosis, procedure, medication, and related codes for abortion care; and other sensitive health services with a date of service after May 31, 2022, as determined by the Secretary of Health and defined in COMAR 10.11.08.
Implementation
The MHCC convened virtual Town Halls and provided guidance to support implementation of the law:
- LPHI Town Hall Recording (April 2024)
- LPHI Town Hall Recording (May 2024)
Additional Resources
- Electronic Healthcare Network Accreditation Commission (EHNAC)
- Information on accreditation programs that ensure the privacy and security of protected health information
- Health Information Trust Alliance (HITRUST)
- Provides common risk and compliance management frameworks, related assessment, and assurance methodologies to support an organization’s information risk management and compliance objectives
Contact Us
For more information on electronic health care transactions reporting and legally protected health information, please email Anna Gribble at anna.gribble1@maryland.gov.