Health Information Technology   Health information exchange  

Overview

Health information exchange allows authorized users to securely and electronically access and share patient health information for clinical, quality improvement, and public health purposes. Organizations providing HIE services (HIEs) support efforts to improve safety and efficiency in health care by making the right information available in the right place at the right time. HIEs range from regional, public entities (including State-Designated entities) and developers of health information technology (health IT) (e.g., electronic health record vendors) certified by the Office of the National Coordinator for Health Information Technology

Information for Health Care Consumers

Consumers benefit from understanding the electronic exchange of their health information among treating providers. The MHCC is helping raise consumer awareness and understanding of HIEs and their role in electronic data exchange. For more information, visit MHCC's HIE Consumer web page.

Nationally, there is a coordinated focus to improve access, exchange, and use of electronic health information (see the 2020-2025 Federal Health IT Strategic Plan). Federal programs and policies aiming to advance electronic health information exchange and interoperability include:

Information Blocking

Beginning in April 2021, health care providers and HIEs are prohibited from information blocking under federal regulations. Information blocking consists of certain actions that could interfere with electronic health information access or exchange by authorized users. Certain exceptions apply. More information is available here.

Centers for Medicare & Medicaid Services (CMS) Interoperability and Patient Access Rule

As of July 2021, CMS is enforcing requirements that aim to improve patient access to their health information. Under the rule, CMS-regulated payers must implement patient access and provider directory APIs, and payer to payer data exchange. More information is available here

Trusted Exchange Framework and Common Agreement (TEFCA)

Released in January 2022, TEFCA outlines a set of principles, terms, and conditions for nationwide electronic health information exchange. A voluntary network based on the Common Agreement offers a centralized model for standardized electronic health information exchange. More information is available here.

State Regulations

Maryland law (2011) requires MHCC to adopt regulations governing the privacy and security of protected health information (PHI) obtained or released through an HIE.COMAR 10.25.18, Health Information Exchanges: Privacy and Security of Protected Health Information (regulations) builds upon protections established by the Health Insurance Portability and Accountability Act of 1996 (HIPAA), as amended by the Health Information Technology for Economic and Clinical Health Act (HITECH) in 2009. The regulations aim to ensure privacy and security of PHI while improving access to clinical records by treating providers and supporting public health goals. The MHCC is currently aligning the regulations with leading national policies and new HIE requirements legislated in 2021 and 2022 by the Maryland General Assembly.

Stakeholder Working Sessions: Informal Draft Amendment to COMAR 10.25.18, Health Information Exchanges: Privacy and Security of Protected Health Information

In July 2024, the MHCC convened stakeholder working sessions to discuss informal draft regulations specific to support the implementation of a consent management application as required by Chapter 798 (2021) and dispenser reporting of noncontrolled prescription drugs as required by Chapter 296 (2022).  Information on each working session follows:

Contact Nicole Majewski at (nicole.majewski@maryland.gov) with questions. 

Legally Protected Health Information

During the 2023 legislative session, the Maryland General Assembly passed Chapter 248 (Senate Bill 786) and Chapter 249 (House Bill 812), Health - Reproductive Health Services - Protected Information and Insurance Requirements (law).  The law prohibits the disclosure of legally protected health information by HIEs and electronic health networks (EHNs) operating in the State.  Legally protected health information includes mifepristone data, the diagnosis, procedure, medication, and related codes for abortion care, and other sensitive health services with a date of service after May 31, 2022, as determined by the Secretary of Health.  

Town Halls

The MHCC convenes virtual Town Halls to support implementation of the law.  The events provide a forum to share implementation progress and ask questions.

Implementation Guidance

The MHCC prepared implementation guidance based on stakeholder questions.  The documents that follow serve as a resource for HIEs and EHNs in the management, disclosure, and protection of legally protected health information.

Implementation Guidance:  Health Information Exchanges (May 2024)

Implementation Guidance:  Electronic Health Networks (May 2024)

Reporting on Implementation

In January 2024, HIEs and EHNs submitted an affirmation of compliance or an implementation plan to comply with the law.  Entities that submitted implementation plans were required to submit a status report by April 1, 2024 detailing progress made under its implementation plan and a validation that it possesses the technological capability to restrict from disclosure legally protected health information by June 1, 2024.  Vendor implementation strategies are fluid and timelines are subject to change.

Given the need for additional time to implement requirements for legally protected health information, MHCC is requesting entities provide ongoing implementation updates.  The MHCC has prepared the following guidance on the scope of what should be included in the implementation updates. 

Implementation Update Guidance (August 2024) 

HIE Policy Board

The MHCC engages stakeholders with a diversity of perspectives to advise staff on policies for statewide health information exchange. The HIE Policy Board informs development of COMAR 10.25.18 relating to private and secure data exchange; consumer control over the use of and access to their health information, to the extent technically feasible; and maximizing the benefit of HIE for clinical and public health purposes.

In 2021 and 2022, the HIE Policy Board convened to deliberate on proposed draft updates to COMAR 10.25.18, aiming to align the regulations with evolving federal and state polices. For more information, visit MHCC’s HIE Policy Board web page.

State-Designated HIE

Maryland law (2009) charged MHCC and the Health Services Cost Review Commission with designating a statewide HIE, a process that occurs every three years. The State-Designated HIE is responsible for building and maintaining technical infrastructure and an efficient and effective data management strategy that can support the secure statewide exchange of electronic health information. The Chesapeake Regional Information System for our Patients (CRISP) was competitively selected to serve in this role in 2009 and has been chosen at each designation cycle based on their performance. CRISP offers a variety of tools and services to meet the needs of health care facilities, providers, patients, and State agencies.

For more information about CRISP services, click here. For historical information about HIE planning in Maryland, click here.

Quarterly Reports

CRISP reports quarterly to MHCC information on participating organizations and their utilization of HIE services. To view the most recent quarterly report, click here.

HIE Registration Process and List of Registered HIEs

Entities operating in Maryland that meet the definition of an HIE are required to register with MHCC annually, including EHR developers whose systems offer data exchange capabilities.  

Click here for information on how to register or renew registration and for a list of registered HIEs.

Health Data Utility

The Maryland General Assembly passed Chapter 296 (House Bill 1127) Public Health - State Designated Exchange - Health Data Utility requiring the State-Designated HIE to operate as a health data utility (HDU) for certain purposes effective October 1, 2022.  An HDU has advanced technical capabilities to support electronic exchange of clinical, non-clinical, administrative, and public health data to enhance care delivery, bolster population health, and expand public health reporting.  For more information on the evolution of HIEs to advance multi-directional exchange, click here.

Resources

Information on national HIE efforts and web-based interoperability training:

Office of the National Coordinator for Health Information Technology (ONC)

Information about HIE benefits and the federal vision for achieving interoperability.

Centers for Medicare and Medicaid Services (CMS)

Information about how CMS engage states to align their Medicaid programs to support HIE.

Heath Information and Management Systems Society (HIMSS)

Resource library that supports electronic information exchange to advance interoperability.

ONC Interoperability Training Courses

A five-part series of training on interoperability as it relates to the following key areas: basics training, transitions of care, lab exchange, patient and family engagement, and public health.

Contact

For more information, contact Nicole Majewski at (nicole.majewski@maryland.gov).


Last Updated: 11/26/2024