Delaware.gov logo

Authenticated PDF Version

DELAWARE HEALTH INFORMATION NETWORK

 

Statutory Authority: 16 Delaware Code, Section 10306 (16 Del.C. §10306)
1 DE Admin. Code 101

FINAL

ORDER

101 Delaware Health Information Network Regulations

The Delaware Health Information Network ("DHIN") published a notice of proposed regulation changes in the September 2021 Delaware Register of Regulations pursuant to 16 Del. C. § 10306 and Senate Bill 88 of the 151st General Assembly (2021), requiring written materials and suggestions from the public concerning the proposed regulations to be produced by October 29, 2021 at which time DHIN would receive information, factual evidence and public comment to the proposed changes to the regulations.

Summary of Proposed Changes

The proposed changes to DHIN's regulations update DHIN's regulatory language to clearly define the permissible access to and use of data by DHIN and its Participants, and to align DHIN participation requirements with current and best practices. The statutory authority for the changes is 16 Del. C. § 10306 and Senate Bill 88 of the 151st General Assembly (2021).

The proposed changes to DHIN's regulations were published in the Register of Regulations, Volume 25, Issue 3 on September 1, 2021. Comments were to have been received by 4:30 p.m. on October 29, 2021.

Summary of Comments Received and DHIN Response

Two comments were received by DHIN, by the Governor's Advisory Council for Exceptional Citizens and by the State Council for Persons with Disabilities. Both comments endorsed the regulatory changes. DHIN appreciates the thoughtful input given by both organizations and appreciates the support.

Findings of Fact and Conclusions

The public was given notice and an opportunity to provide DHIN with comments in writing on the proposed amendments to DHIN's regulations. There were two public comments provided to DHIN in writing during the comment period, both of which were supportive of the proposed regulatory changes.

Pursuant to 16 Del. C. § 10306, DHIN has the statutory authority to promulgate rules and regulations.

Having considered the public comments received, DHIN finds no reason to amend the regulations as proposed.

Decision and Effective Date

DHIN hereby adopts the changes to its regulations as proposed, to be effective 10 days following publication of this Order in the Register of Regulations. The new regulations are attached hereto as Exhibit A.

IT IS SO ORDERED this 12th day of November, 2021.

DELAWARE HEALTH INFORMATION NETWORK

Janice Lee, MD

Chief Executive Officer

101 Delaware Health Information Network Regulations on Participation and Use of Data

1.0 Board of Governance and Administration

1.1 Appointment; Terms of Office

1.1.1 Individuals appointed to the Board of the Delaware Health Information Network (hereafter "Board") shall be appointed in writing by the entity holding the power of appointment pursuant to 16 Del.C. §9921. The appointing entity may remove any of its appointees by appointing another with at least thirty days notice to the Chairperson of the Board.

1.1.2 Individuals shall be appointed to the Board for a term of three years, except as provided herein. The term for each Board position shall be staggered by thirds, more or less, so that the first term for a Board position may be one, two or three years and shall be determined by lot. The Secretary shall maintain a record of the terms for each Board position. Terms shall commence on January 1 and expire on December 31 of the appropriate year and upon appointment of their successors.

1.1.3 A member of the Board may be removed for cause by the majority of the members appointed to the Board and confirmed by the Delaware Health Care Commission.

1.2 Officers of the Board; Duties

1.2.1 One member of the Board shall be elected to serve as Chairperson by a majority of the members appointed to the Board. The Chairperson shall:

1.2.1.1 preside over meetings of the Board;

1.2.1.2 maintain good order;

1.2.1.3 determine the agenda for meetings

1.2.1.4 appoint the membership of committees and work groups, except the Executive Committee;

1.2.1.5 execute documents in the name of the Board; and

1.2.1.6 perform such other matters as determined by the Board.

1.2.2 One member of the Board shall be elected to serve as Vice-Chairperson by a majority of the members appointed to the Board. The Vice-Chairperson shall perform the duties of the Chairman when he or she is not able to do so.

1.2.3 One member of the Board shall be elected to serve as Secretary by a majority of the members appointed to the Board. The Secretary shall maintain the records of the Board and its members, and attest to the official matters of the Board. Additionally, the Secretary shall perform the duties of the Chairman when the Chairperson and Vice-Chairperson are not able to do so.

1.3 Committees, Work Groups

1.3.1 The Board shall have an Executive Committee and such other committees or work groups as may be desirable from time to time. A member of the Board shall serve as the Chairperson of such committees. The Executive Committee shall be comprised of 7 members, to include the Chairperson, who shall preside, the Vice-Chairperson, the Secretary and 4 other members elected by a majority of the Board. The Executive Committee is authorized to act on behalf of the full Board where the full Board can not be reasonably convened to act in a timely manner on a matter, as assigned by the Board.

1.3.2 No Committee, except the Executive Committee, or work group needs a quorum to conduct business. Nevertheless, such meetings shall be conducted publicly, unless the meeting is determined to be closed to the public.

1.3.3 Meetings and activities of committees and work groups shall be determined by the committee and group leadership, and in accordance with the direction of the Board.

1.4 Board Meetings; Notice

1.4.1 The Chairperson, with the advice of the Board, shall determine the frequency and schedule of Board meetings and with the assistance of the staff provide the required notices pursuant to 29 Del.C., Ch. 100.

1.4.2 A majority of the members of the Board shall constitute a quorum and shall be sufficient for any action by the Board provided, however, that if the number afterwards should be reduced below a quorum, business is not interrupted unless a member calls attention to the fact.

1.4.3 The Board may convene special meetings or reschedule meetings as provided by law.

1.4.4 All meetings of the Board shall be conducted in public unless it is closed to the public in accordance with law.

1.5 Public Access to Records

1.5.1 The Board shall permit access to its public records in accordance with the law and as that term is defined in 29 Del.C., Ch. 100. A Delaware citizen that wishes to inspect the Board's public records shall call or write to staff to determine a convenient time and place. The Board may impose a reasonable charge for requested copying of any public records. The Chairperson may request legal advice from the Attorney General and authorize access to public records.

1.5.2 No access shall be provided to the health information network or data without an order of the Health Care Commission or otherwise in accordance with these rules.

1.6 Conflict of Interest; Recusal

1.6.1 The members shall conduct themselves in accordance with the Delaware Code of Ethics, 29 Del.C., Ch. 58.

1.6.2 If any member has a conflict of interest as defined in the Code of Ethics, they shall recuse themselves from voting in the matter. The conflicted members may participate in discussions on the conflicted matter as long as they have disclosed the nature of the conflict to the other members. If they choose not to disclose the nature of the conflict to the other members, such conflicted members must publicly state at the Board meeting or in writing to the Chairperson they will not be participating in the conflicted matter. The Secretary shall maintain a record of such recusals.

1.6.3 Members may seek legal advice on purported conflicts from the Attorney General or a determination from Ethics Counsel.

1.7 Statutory Authority

1.7.1 The Delaware Health Care Commission is authorized pursuant to 16 Del.C. §9925(a) to promulgate these rules in accordance with 29 Del.C., Ch. 101.

1.0 Purpose and Authority

1.1 The Delaware Health Information Network ("DHIN") is the sole sanctioned provider of health information exchange services in the State of Delaware. In carrying out this role, among other things authorized by its enabling legislation and Board of Directors, DHIN serves as a primary mechanism for delivering laboratory results and medical information to providers and other authorized entities and individuals throughout the State. DHIN makes clinical information available to patients, their providers, and others permitted by relevant state and federal law - such as health insurance companies and, where appropriate, the Delaware Division of Public Health - in order to improve the quality and lower the cost of health care. DHIN's general operations and use of clinical data for analytics are governed by 1 DE Admin. Code 101 and 102. In addition, since 2018, DHIN has served as the operator of the State of Delaware's Health Care Claims Database, a multi-payer claims database serving to promote the "Triple Aim Plus One" of health care service and delivery in the State of Delaware. Submission of data to and access to data from the Health Care Claims Database are governed by 1 DE Admin. Code 103 and 104. DHIN is a not-for-profit public instrumentality of the State of Delaware.

1.2 DHIN has been authorized by statute, 16 Del.C. §10306, to promulgate rules and regulations to carry out its statutory mandate.

2.0 Definitions

The following words and terms, when used in this regulation, have the following meaning unless the context clearly indicates otherwise:

"Act" means DHIN's enabling legislation, 16 Del.C. Chapter 103.

"Board" means DHIN's Board of Directors, as established by the Act.

"Bylaws" means the Bylaws as approved by the Board.

"Data" means medical or other health care information of or about an individual which is transmitted or available from Data Sending Organizations for transmission to DHIN and included in DHIN's clinical data repositories. The term includes PHI.

"Data Sending Organization" means an organization that contracts with DHIN to provide Data to DHIN for use in its clinical data repositories for purposes consistent with the Act, these regulations, and the contract between DHIN and Data Sending Organization. The term does not include organizations that solely provide claims data to the Health Care Claims Database pursuant to 1 DE Admin. Code 104, or organizations that solely contract with DHIN to receive analytic services or clinical data for approved analytic use cases pursuant to 1 DE Admin. Code 102.

"Data Receiving Organization" means an organization that contracts with DHIN to receive clinical Data for use cases laid out in the Act, these regulations, and the contract between DHIN and Data Receiving Organization. The term does not include organizations that solely contract with DHIN to receive claims data or analytic services from DHIN and the Health Care Claims Database pursuant to 1 DE Admin. Code 104, or organizations that solely contract with DHIN to receive analytic services or clinical data for approved analytic use cases pursuant to 1 DE Admin. Code 102.

"HIPAA" means the Health Insurance Portability and Accountability Act of 1996 as amended and associated regulations, including the Privacy Rule (45 CFR Part 160 and Subparts A and E of Part 164) and Security Rule (45 CFR Part 160 and Subparts A and C of Part 164).

"Participant" means an organization contracted to participate in DHIN's health information ex-change services, either as a Data Sending Organization, a Data Receiving Organization, or both.

"Protected health information" or "PHI" means individually identifiable health information, as that term is defined in HIPAA.

"User" means an individual approved user of DHIN's clinical data. Each User is an employee or other agent of a Data Receiving Organization.

3.0 Data Submission Requirements

3.1 Data Sending Organizations shall comply with such data submission standards as may be required by DHIN. DHIN may adopt minimum requirements for connectivity and shall make such requirements public on its website. To the extent feasible, such standards shall conform to or incorporate national standards generally accepted in the Health IT industry. Data subject to legal disclosure restrictions beyond those identified in HIPAA should not be sent to DHIN prior to the time at which the Data Sending Organization enters into an agreement or agreements with DHIN that legally permit the disclosure of Data to DHIN and adequately identify the Data in question so as to permit any necessary sequestration or restrictions on re-disclosure.

3.2 In the course of fulfilling its statutory mandate to improve the interoperability of health care information and provide more streamlined transmission of data to appropriate individuals, DHIN has connected to a national health information exchange network. As the prompt and accurate flow of healthcare information has become more critical to providing quality care to patients, national organizations and federal regulatory agencies have implemented national standards and rules designed to facilitate the sharing of information and prohibit entities from engaging in information blocking activities that are likely to impede the fair flow of such information. In order to maintain its compliance with these legal obligations and industry standards, DHIN requires Data Sending Organizations to, at a minimum, permit DHIN to make the following uses with respect to Data sent to DHIN:

3.2.1 Treatment, payment, health care operations, and authorization-based disclosures as all of those terms are defined by HIPAA;

3.2.2 Public health activities and reporting as permitted by HIPAA and relevant Delaware law;

3.2.3 Providing individuals with access to their own information and the ability to direct that their own information be provided to third parties under such terms and conditions as may be established by DHIN;

3.2.4 Research or analytic purposes, in accordance with 1 DE Admin. Code 102 and the Act;

3.2.5 Fulfilling DHIN's legal requirements; and

3.2.6 Such other uses as are required by law.

3.3 DHIN may, if permitted by the Board and its agreements with relevant Data Sending Organizations, make additional uses of Data sent to DHIN if such uses are permitted by the Act and relevant law.

4.0 Restrictions on Use of Data by Data Receiving Organizations and Users

4.1 Data Receiving Organizations will use Data received from DHIN and will require that their Users use Data received from DHIN, consistent with the DHIN End User Data Use Agreement.

4.2 The DHIN End User Data Use Agreement shall permit the following use cases:

4.2.1 Treatment, payment, health care operations, and authorization-based disclosures as all of those terms are defined by HIPAA;

4.2.2 Public health activities and reporting as permitted by HIPAA and relevant Delaware law; and

4.2.3 To permit Data Receiving Organizations and their Users to fulfill their respective legal requirements.

4.3 DHIN may, in its sole discretion and subject to the approval of the Board, enter into contracts with Data Receiving Organizations to permit such additional use cases as are permitted by the Act, HIPAA, other relevant law and DHIN's strategic priorities.

5.0 Patient Access to Information

5.1 DHIN may provide individuals with information about them that is held by DHIN in a manner and under terms and conditions that DHIN establishes.

5.2 DHIN may, upon receipt of an appropriate authorization (as that term is defined in HIPAA) and subject to such other terms and conditions as may be established by DHIN, provide an individual's health information to such third parties as may be directed by that individual.

5.3 Individuals shall be informed of and may choose to preclude a search of their information in DHIN's clinical data repositories in accordance with any terms or conditions set forth by DHIN (to "opt out"). DHIN shall also provide a means for patients who have previously requested to opt out to re-establish the ability of Users to find their Data through search functionality. DHIN shall publish information regarding the process patients need to undertake in order to opt out and a description of what health information exchange services will be affected by the opt out on its website.

6.0 Dispute Resolution

6.1 Unless otherwise provided by the Act, any dispute that involves DHIN or its services shall be subject to dispute resolution under this section. Such disputes may involve Participants, DHIN or members of the public where there is a claim that this or other regulations or statutes were violated by any of the foregoing. A dispute may also be the result of an inquiry or request for information that is not responded to in a reasonable manner.

6.2 The Chair of the Board may appoint a number of individuals subject to approval by the Committee to serve on a Dispute Resolution Committee ("DRC"). The DRC shall be comprised of panels of no less than three or more than five members. No member may serve on a case before the DRC where that member has a conflict of interest as set forth in 29 Del.C. Chapter 58. The presiding member of the panel must be a member of the Board. The Board may promulgate rules for procedures for matters to be determined by the DRC. The DRC and the Board are authorized to grant relief to include financial penalties, suspension and termination of an entity or individual's Participation in or use of DHIN and its services.

6.3 Any party aggrieved by the decision of the DRC may seek review by filing written exceptions to the Panel's decision within ten days of the decision as would be computed in the Delaware Superior Court. The review shall be presented to the Board who may overturn the Panel's decision by a majority vote of a quorum of the Board.

6.4 An aggrieved party may seek legal review on the record only in accordance with 29 Del.C. Ch. 101, Subchapter V, and only to the extent that such legal review is not precluded by the Act or other relevant law.

2 DE Reg. 2046 (05/01/99)
25 DE Reg. 623 (12/01/21) (Final)
 
+