HOME
Agency Information
Office Locations
Contact Information
Related Links
Site Map

SERVICES
Register of Regulations
Current Issue
Previous Issues
Regulatory Flexibility Act
Administrative Code
Delaware Code
Laws of Delaware
City & Town Charters
Style Manual
Cumulative Table
Subscription Services
Tour of Legislative Hall

INFORMATION
Citizen Participation

 

 

1.0 Purpose and Authority

1.1 The Delaware Health Information Network ("DHIN") is the sole sanctioned provider of health information exchange services in the State of Delaware. In carrying out this role, among other things authorized by its enabling legislation and Board of Directors, DHIN serves as a primary mechanism for delivering laboratory results and medical information to providers and other authorized entities and individuals throughout the State. DHIN makes clinical information available to patients, their providers, and others permitted by relevant state and federal law - such as health insurance companies and, where appropriate, the Delaware Division of Public Health - in order to improve the quality and lower the cost of health care. DHIN's general operations and use of clinical data for analytics are governed by 1 DE Admin. Code 101 and 102. In addition, since 2018, DHIN has served as the operator of the State of Delaware's Health Care Claims Database, a multi-payer claims database serving to promote the "Triple Aim Plus One" of health care service and delivery in the State of Delaware. Submission of data to and access to data from the Health Care Claims Database are governed by 1 DE Admin. Code 103 and 104. DHIN is a not-for-profit public instrumentality of the State of Delaware.

1.2 DHIN has been authorized by statute, 16 Del.C. §10306, to promulgate rules and regulations to carry out its statutory mandate.

 

2.0 Definitions

The following words and terms, when used in this regulation, have the following meaning unless the context clearly indicates otherwise:

"Act" means DHIN's enabling legislation, 16 Del.C. Chapter 103.

"Board" means DHIN's Board of Directors, as established by the Act.

"Bylaws" means the Bylaws as approved by the Board.

"Data" means medical or other health care information of or about an individual which is transmitted or available from Data Sending Organizations for transmission to DHIN and included in DHIN's clinical data repositories. The term includes PHI.

"Data Receiving Organization" means an organization that contracts with DHIN to receive clinical Data for use cases laid out in the Act, these regulations, and the contract between DHIN and Data Receiving Organization. The term does not include organizations that solely contract with DHIN to receive claims data or analytic services from DHIN and the Health Care Claims Database pursuant to 1 DE Admin. Code 104, or organizations that solely contract with DHIN to receive analytic services or clinical data for approved analytic use cases pursuant to 1 DE Admin. Code 102.

"Data Sending Organization" means an organization that contracts with DHIN to provide Data to DHIN for use in its clinical data repositories for purposes consistent with the Act, these regulations, and the contract between DHIN and Data Sending Organization. The term does not include organizations that solely provide claims data to the Health Care Claims Database pursuant to 1 DE Admin. Code 104, or organizations that solely contract with DHIN to receive analytic services or clinical data for approved analytic use cases pursuant to 1 DE Admin. Code 102.

"HIPAA" means the Health Insurance Portability and Accountability Act of 1996 as amended and associated regulations, including the Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) and Security Rule (45 CFR Part 160 and Subparts A and C of Part 164).

"Participant" means an organization contracted to participate in DHIN's health information ex-change services, either as a Data Sending Organization, a Data Receiving Organization, or both.

"Protected health information" or "PHI" means individually identifiable health information, as that term is defined in HIPAA.

"User" means an individual approved user of DHIN's clinical data. Each User is an employee or other agent of a Data Receiving Organization.

 

3.0 Data Submission Requirements

3.1 Data Sending Organizations shall comply with such data submission standards as may be required by DHIN. DHIN may adopt minimum requirements for connectivity and shall make such requirements public on its website. To the extent feasible, such standards shall conform to or incorporate national standards generally accepted in the Health IT industry. Data subject to legal disclosure restrictions beyond those identified in HIPAA should not be sent to DHIN prior to the time at which the Data Sending Organization enters into an agreement or agreements with DHIN that legally permit the disclosure of Data to DHIN and adequately identify the Data in question so as to permit any necessary sequestration or restrictions on re-disclosure.

3.2 In the course of fulfilling its statutory mandate to improve the interoperability of health care information and provide more streamlined transmission of data to appropriate individuals, DHIN has connected to a national health information exchange network. As the prompt and accurate flow of healthcare information has become more critical to providing quality care to patients, national organizations and federal regulatory agencies have implemented national standards and rules designed to facilitate the sharing of information and prohibit entities from engaging in information blocking activities that are likely to impede the fair flow of such information. In order to maintain its compliance with these legal obligations and industry standards, DHIN requires Data Sending Organizations to, at a minimum, permit DHIN to make the following uses with respect to Data sent to DHIN:

3.2.1 Treatment, payment, health care operations, and authorization-based disclosures as all of those terms are defined by HIPAA;

3.2.2 Public health activities and reporting as permitted by HIPAA and relevant Delaware law;

3.2.3 Providing individuals with access to their own information and the ability to direct that their own information be provided to third parties under such terms and conditions as may be established by DHIN;

3.2.4 Research or analytic purposes, in accordance with 1 DE Admin. Code 102 and the Act;

3.2.5 Fulfilling DHIN's legal requirements; and

3.2.6 Such other uses as are required by law.

3.3 DHIN may, if permitted by the Board and its agreements with relevant Data Sending Organizations, make additional uses of Data sent to DHIN if such uses are permitted by the Act and relevant law.

 

4.0 Restrictions on Use of Data by Data Receiving Organizations and Users

4.1 Data Receiving Organizations will use Data received from DHIN and will require that their Users use Data received from DHIN, consistent with the DHIN End User Data Use Agreement.

4.2 The DHIN End User Data Use Agreement shall permit the following use cases:

4.2.1 Treatment, payment, health care operations, and authorization-based disclosures as all of those terms are defined by HIPAA;

4.2.2 Public health activities and reporting as permitted by HIPAA and relevant Delaware law; and

4.2.3 To permit Data Receiving Organizations and their Users to fulfill their respective legal requirements.

4.3 DHIN may, in its sole discretion and subject to the approval of the Board, enter into contracts with Data Receiving Organizations to permit such additional use cases as are permitted by the Act, HIPAA, other relevant law and DHIN's strategic priorities.

 

5.0 Patient Access to Information

5.1 DHIN may provide individuals with information about them that is held by DHIN in a manner and under terms and conditions that DHIN establishes.

5.2 DHIN may, upon receipt of an appropriate authorization (as that term is defined in HIPAA) and subject to such other terms and conditions as may be established by DHIN, provide an individual's health information to such third parties as may be directed by that individual.

5.3 Individuals shall be informed of and may choose to preclude a search of their information in DHIN's clinical data repositories in accordance with any terms or conditions set forth by DHIN (to "opt out"). DHIN shall also provide a means for patients who have previously requested to opt out to re-establish the ability of Users to find their Data through search functionality. DHIN shall publish information regarding the process patients need to undertake in order to opt out and a description of what health information exchange services will be affected by the opt out on its website.

 

6.0 Dispute Resolution

6.1 Unless otherwise provided by the Act, any dispute that involves DHIN or its services shall be subject to dispute resolution under this section. Such disputes may involve Participants, DHIN or members of the public where there is a claim that this or other regulations or statutes were violated by any of the foregoing. A dispute may also be the result of an inquiry or request for information that is not responded to in a reasonable manner.

6.2 The Chair of the Board may appoint a number of individuals subject to approval by the Committee to serve on a Dispute Resolution Committee ("DRC"). The DRC shall be comprised of panels of no less than three or more than five members. No member may serve on a case before the DRC where that member has a conflict of interest as set forth in 29 Del.C. Chapter 58. The presiding member of the panel must be a member of the Board. The Board may promulgate rules for procedures for matters to be determined by the DRC. The DRC and the Board are authorized to grant relief to include financial penalties, suspension and termination of an entity or individual's Participation in or use of DHIN and its services.

6.3 Any party aggrieved by the decision of the DRC may seek review by filing written exceptions to the Panel's decision within ten days of the decision as would be computed in the Delaware Superior Court. The review shall be presented to the Board who may overturn the Panel's decision by a majority vote of a quorum of the Board.

6.4 An aggrieved party may seek legal review on the record only in accordance with 29 Del.C. Ch. 101, Subchapter V, and only to the extent that such legal review is not precluded by the Act or other relevant law.

2 DE Reg. 2046 (05/01/99)

25 DE Reg. 623 (12/01/21)