Skip to Main Content
<< Back | Return to Main COMAR Search Page

13 records match your request.

FileAbstract
10.25.18.00.htm 10.25.18.00. Title 10 DEPARTMENT OF HEALTH AND MENTAL HYGIENE Subtitle 25 MARYLAND HEALTH CARE COMMISSION Chapter 18 Health Information Exchanges: Privacy and Security of Protected Health Information Authority: Health-General Article, §4-301, 4-302.2, 19-101, and 19-143, Annotated Code of Maryland
10.25.18.01.htm 10.25.18.01. 01 Scope and Purpose.. A. This chapter addresses the privacy and security of protected health information maintained by a health information exchange, or obtained or released by any person through a health information exchange by adopting specific requirements:1) To assure the privacy and security of protected health information accessed, used, or disclosed through a health information exchange, including protections for the secondary use of protected health information obtained, a
10.25.18.02.htm 10.25.18.02. 02 Definitions.. A. In this chapter, the following terms have the meanings indicated.. B. Terms Defined.. 1) “Ancillary clinical service provider” means a health care provider who has a direct contractual agreement with the hospital to provide therapeutic, diagnostic, or custodial ancillary services for the hospital as part of its affiliation. Ancillary services may include skilled nursing, home care, outpatient rehabilitation and therapy, transportation, ambulatory surgery, d
10.25.18.03.htm 10.25.18.03. 03 Rights of a Health Care Consumer Concerning Information Accessed, Used, or Disclosed Through an HIE.A. A health care consumer has the following rights in accordance with the requirements specified in this section:1) The right to have information regarding the health care consumer’s rights under these regulations readily available to assist the health care consumer in making an informed decision concerning:
10.25.18.04.htm 10.25.18.04. 04 Access, Use, or Disclosure of Sensitive Health Information.. A. Consistency with disclosure requirements under federal and State law.. 1) A person shall comply with all relevant State and federal laws, including but not limited to 42 CFR Part 2, concerning the access, use, or disclosure of sensitive health information through an HIE and maintenance of such information by an HIE. Until the Commission issues regulations governing the access, use, or disclosu
10.25.18.05.htm 10.25.18.05. 05 Requirements for Accessing, Using, or Disclosing Health Information Through an HIE.. A. As a requirement of participation in an HIE, the HIE shall require each participating organization to enter into a binding participation agreement that:1) Requires the participating organization and each authorized user to comply with this chapter;. 2) Requires the participating organization and each authorized user to comply with all applicable federal and State privacy and security laws; and
10.25.18.06.htm 10.25.18.06. 06 Auditing Requirements.. A. In order to ensure that only an authorized user who is appropriately authenticated is granted access to HIE information, an HIE shall:1) Develop and implement protocols, methodologies, and a monitoring approach designed to discover any unusual finding, which may be identified within an audit of the user access logs, including conducting ongoing electronic monitoring of user access logs and investigate any unusual findings in accor
10.25.18.07.htm 10.25.18.07. 07 Remedial Actions to Be Taken by an HIE.. A. An HIE shall immediately suspend a person’s access to the HIE when it is necessary to avoid serious harm to the privacy or security of health information accessed, used, or disclosed through or from the HIE.1) An HIE may, in its sole discretion, suspend a person’s access to the HIE pursuant to this section before an investigation under Regulation .07B of this chapter is completed.In addition, if the HIE determines that serious h
10.25.18.08.htm 10.25.18.08. 08 Notice of Breach and non-HIPPA Violation.. A. Notification of a breach shall be required consistent with notification requirements of applicable federal and State laws, including HIPAA and the HITECH Act.B. When federal or State law does not require an HIE or other entity to provide notification to a participating organization or to an effected health care consumer, or when Part 2 does not mandate other notification requirements, the HIE shall provide notification of breach
10.25.18.09.htm 10.25.18.09. 09 Registration and Enforcement.. A. To operate an HIE in the State, a person shall be recognized by the Commission as having met requirements for registration.1) A person shall complete an application for registration in a form and manner specified by the Commission that shall include:a) The HIE’s definition of what constitutes an unusual finding within Regulation .06 of this chapter;b) The HIE’s current audited financial statement that demonstrates the fina
10.25.18.10.htm 10.25.18.10. 10 Requirements for Accessing, Using, or Disclosing of Data Through an HIE for Secondary Use.. A. Population Care Management.. 1) An HIE may disclose de-identified data or a limited data set to a care management organization for purposes related to population care management, if approval is obtained from an internal review committee designated by the care management organization, which has:a) Entered into a data use agreement with the HIE; and. b) Attested that the request is:.
10.25.18.11.htm 10.25.18.11. 11 Requirements for Accessing, Using, or Disclosing of Data Through an HIE in an Emergency.. A. An HIE shall develop and implement emergency access policies and procedures that satisfy the following requirements:1) The policies and procedures shall be included in the HIE’s health care consumer education materials required by Regulation .03B(1) of this chapter; and2) Clearly communicate the following:. a) The extent to which the HIE has the capability to disclose the patient’s
10.25.18.9999.htm 10.25.18.9999. Administrative History Effective date: March 17, 2014 (41:5 Md. R. 344). Regulation .01A,B amended effective June 20, 2016 (43:12 Md. R. 666). Regulation .02B amended effective June 20, 2016 (43:12 Md. R. 666). Regulation .03 amended effective June 20, 2016 (43:12 Md. R. 666). Regulation .05 amended effective June 20, 2016 (43:12 Md. R. 666). Regulation .06A, F amended effective June 20, 2016 (43:12 Md. R. 666). Regulation .07 amended effective June 20, 2016 (43:12 Md. R. 666).
<< Back | Return to Main COMAR Search Page