Md. Code Regs. 10.25.07.05

Current through Register Vol. 51, No. 12, June 14, 2024

Section 10.25.07.05 - [Effective 7/9/2024] Standards for Certification

A. In order to obtain certification, an applicant shall:

(1) Provide evidence that the applicant is accredited or certified by a qualified accreditation or certification organization; and

(2) Meet the following standards for certification:

(a) Demonstrate compliance with the HIPAA privacy standards set forth in 45 CFR Parts 160 and 164;

(b) Demonstrate compliance with HIPAA security standards set forth in 45 CFR Parts 160, 162, and 164;

(c) Provide an attestation signed by an officer of the applicant that the applicant restricts disclosure of legally protected health information as required by Health-General Article, §4-302.5, Annotated Code of Maryland;

(d) Provide evidence of ability to measure technical performance and manage future capacity demands;

(e) Provide evidence of initial and ongoing employee training in HIPAA privacy and security requirements and customer communication procedures; and

(f) Provide additional information requested by the Commission as necessary to determine the applicant's compliance with the standards for certification.

B. The Commission shall issue certification to an applicant that has met all the requirements of §§A and B of this regulation.

Md. Code Regs. 10.25.07.05

Regulation .05 amended effective April 15, 2002 (29:7 Md. R. 620)
Regulations .05 adopted effective March 24, 2008 (35:6 Md. R. 698)
Regulation .05A amended effective December 15, 2008 (35:25 Md. R. 2150); amended effective 51:3 Md. R. 152, eff. 1/11/2024, exp. 7/9/2024(Emergency); amended effective 51:9 Md. R. 440, eff. 5/13/2024.