Regulatory Requirements
DHIN Regulations
To fulfill the requirements of its enabling legislation (Title 16, Chapter 103 of the Delaware Code), DHIN has published regulations on a number of topics. These regulations set forth, among other things, requirements associated with submitting data to and accessing data from DHIN:
- DHIN Regulations on Participation and Use of Data
- DHIN Regulations on Use of Clinical Data for Approved Analytic Purposes
Delaware Health Care Claims Database Regulations
In addition to the services it performs with respect to clinical data, DHIN also hosts the Delaware Health Care Claims Database (HCCD). In enabling the HCCD, the State of Delaware required certain insurance companies providing services in Delaware and to Delaware residents to submit claims information to DHIN’s HCCD to be used to improve the quality and decrease the cost of care in the State of Delaware. In addition to the enabling legislation (Title 16, Chapter 103, Subchapter II of the Delaware Code), the submission of data to DHIN for use in the HCCD and the use of data from the HCCD is governed by regulations:
- Delaware Health Care Claims Database Data Collection Regulation
- Delaware Health Care Claims Database Data Access Regulation
Update: State of Maryland – Reproductive Health Services (2/9/24)
In December, Delaware Health Information Network (DHIN) provided notification of a Maryland law restricting health information exchanges (HIEs) operating within Maryland from providing access to Maryland data associated with abortion and abortion-related care to their participants without explicit patient consent. [See post below.]
That law required the Maryland Department of Health and Maryland Health Care Commission to publish regulations providing further information to HIEs and the public about what data would be subject to this heightened consent requirement and how HIEs should be expected to implement these restrictions over time.
On January 12th, those draft regulations were published in the Maryland Register and are available at: https://dsd.maryland.gov/MDRIssues/5101/Assembled.aspx.
In general, the regulations require HIEs – including DHIN – to block access to certain reproductive health data that was generated at a Maryland location on or after May 31, 2022 and to prevent such information from being disseminated through DHIN’s standard distribution channels on a going forward basis.The Maryland Department of Health published a code set in the same Register, specifying the data subject to the regulations.
In addition to providing the specific codes to be blocked, the draft regulations also required HIEs that, like DHIN, were not presently blocking data associated with the newly-published code sets to submit to the Maryland Health Care Commission, on or before January 29, 2024, an implementation plan describing the HIE’s efforts to develop the technology needed to block the requested information and providing a timeline for completion.
DHIN provided the Maryland Health Care Commission with its implementation plan on January 29, 2024. Among other things, that implementation plan confirms that DHIN is currently developing the technology needed to implement the new regulations and expects to have code fully tested and fully deployed in its systems on or before:
- April 5th (for the portion of the project blocking restricted data received on or after May 31, 2022 from view in the Community Health Record)
- April 15th (blocking Maryland location HL7 messages containing the restricted codes from continuing to DHIN’s downstream distribution channels)
- May 2nd (for blocking restricted data received in Maryland location CCDs from continuing to DHIN’s downstream distribution channels)
DHIN has made significant efforts to meet the new requirements of Maryland law and will continue to work to ensure compliance in all jurisdictions in which DHIN operates. That includes continued work with DHIN’s vendors and internal technical teams to meet the evolving requirements and guidance issued by the State of Maryland, most recently contained in a January 26, 2024 technical guidance document.
While DHIN’s implementation plan is ongoing, access to DHIN’s health data and services will continue to be limited to healthcare providers and other individuals with legal rights of access to data under HIPAA and DHIN’s enabling legislation.
DHIN retains its existing HITRUST certifications, and Delaware law prohibits entities from obtaining access to health information in DHIN’s possession through use of the subpoena power. Based on review of historic data fields from Maryland locations, DHIN expects there to be a minimal amount of data that would otherwise be subject to the Maryland regulatory restrictions that will flow through DHIN’s systems during the period of time in which DHIN’s code sets are being developed and updated.
For more information about the restrictions on access and DHIN’s registration, please contact the Maryland Health Care Commission. DHIN will continue to communicate, as needed, with data sending organizations, customers and users through email notices, also posted here.
If you have any questions about this requirement or DHIN’s implementation plan generally, please reach out to (302) 678-0220 and ask to be connected with External Affairs or Legal.
State of Maryland – Reproductive Health Services – Protected Information (effective 12/1/23)
In its most recent legislative session, the State of Maryland enacted a law restricting health information exchanges (HIEs) operating within Maryland from providing access to data associated with abortion and abortion-related care to their participants without explicit patient consent. The specific procedure, drug and associated codes that will be blocked from distribution are currently not defined, but are expected to be published in emergency regulations during the month of December.
As an HIE registered to do business in Maryland, Delaware Health Information Network (DHIN) is required to comply with these regulations and is in the process of deploying the code needed to ensure that Maryland restrictions on data distribution are followed.
Clinical data associated with the following reproductive health services provided at a location in the state of Maryland will be blocked from view in the Community Health Record and not delivered through DHIN’s Results Delivery, ENS or Clinical Gateway services:
- Mifepristone data, or the diagnosis, procedure, medication and related codes for abortion care and other sensitive reproductive health procedures identified by the State of Maryland’s Department of Health.
The most recent draft of the applicable codes that was provided to DHIN is available here. As advised by the Maryland Health Care Commission, DHIN expects the Maryland Department of Health to publish emergency regulations in December that may amend the applicable codes. DHIN will continue to monitor the regulations published by the State of Maryland and work promptly to implement the requirements.
DHIN has begun implementing these protections on new data received by DHIN and expects to complete the restrictions on distribution in the coming weeks. DHIN is also working on the expected requirement to block historical data provided to DHIN after May 31, 2022 and expects to have that data suppressed in the Community Health Record in early 2024.
DHIN is working with our partners to modify our consent tool to apply to this specific type of data and permit patients to choose to share this important reproductive health information with the providers and others involved in their care. Further details will be provided early in 2024.
For information about the restrictions on access and DHIN’s registration, please contact the Maryland Health Care Commission. DHIN expects the emergency regulations from the State of Maryland to be published this month and encourages any interested parties to take advantage of their right to review and comment on those regulations.
Additional information about these regulations will be available here within a reasonable time period after the regulations are published.
Prior Authorization Reporting
In an effort to improve transparency in the pre-authorization approval and decline rates by health plans, Delaware law (Title 18, Subchapter V of the Delaware Code) now requires the submission of prior authorization data to Delaware Health Information Network (DHIN) at least twice a year.
Health insurers, health benefit plans and health service corporations are required to report to DHIN de-identified statistics regarding pre-authorization approvals, denials and appeals in the specified format [linked below] by January 31st and July 31st of each calendar year.
Q&A from conference call with DHIN and the Department of Insurance (1/31/18)
Pre-authorization reporting requirements and reporting spreadsheet