Md. Code Regs. 10.25.07.09
Current through Register Vol. 51, No. 10, May 17, 2024
Section 10.25.07.09 - [Effective 7/9/2024] Withdrawal of Certification and Other PenaltiesA. The Commission may withdraw certification from an MHCC-certified EHN if the Commission finds that: (1) The MHCC-certified EHN fails to meet the certification standards set forth in Regulation .05 of this chapter;(2) A principal or owner of the MHCC-certified EHN, or the entity itself, is convicted of, or pleads guilty or nolo contendere to, a crime related to the operation of the EHN or to a crime involving financial improprieties;(3) A principal or owner of the MHCC-certified EHN, or the entity itself, is notified by a qualified accreditation or certification organization or the Commission of a violation of HIPAA privacy or security standards and fails to take action to remedy the violation within the period of time specified by a qualified accreditation or certification organization or by the Commission;(4) The MHCC-certified EHN disclosed legally protected health information in violation of Health-General Article, §4-302.5, Annotated Code of Maryland; or(5) The MHCC-certified EHN violated a provision of COMAR 10.25.18.B. An MHCC-certified EHN shall report on compliance progress to the Commission, as follows: (1) By January 8, 2024, an MHCC-certified EHN shall submit to the Commission:(a) An affirmation that to the extent required by Health-General Article, §4-302.5, Annotated Code of Maryland, it: (i) Possesses the technological capability to filter and restrict from disclosure legally protected health information;(ii) Is parsing restricted codes and conveying all other information in the health record that is not prohibited by law to exchange; and(iii) Possesses the technological capacity to allow a consumer to request and consent to the exchange of legally protected health information to a specific treating provider; or(b) An implementation plan that includes: (i) An affirmation that, despite its best efforts, the MHCC-certified EHN lacks the technological capability to fully comply with HealthGeneral Article, §4-302.5, Annotated Code of Maryland, as of January 8, 2024, including a detailed explanation of the EHN's limitations;(ii) A detailed description of the steps the MHCC-certified EHN is taking to ensure compliance with Health-General Article, §4-302.5, Annotated Code of Maryland, by June 1, 2024;(iii) A timeline to implement Health-General Article, §4-302.5, Annotated Code of Maryland, by June 1, 2024; and(iv) A description of the extent legally protected health information and other health information will be restricted by the MHCC-certified EHN during the implementation of its plan.(2) If a MHCC-certified EHN submits an implementation plan in accordance with §B(1) of this regulation, the EHN shall:(a) Provide a status report to the Commission by April 1, 2024, detailing the progress the MHCC-certified EHN has made under its implementation plan; and(b) Submit validation to the Commission by June 1, 2024, that it possesses the technological capability to filter and restrict from disclosure legally protected health information to the extent required by law.C. Beginning June 1, 2024, a person who knowingly violates Health-General Article, §4-302.5, Annotated Code of Maryland, shall be guilty of a misdemeanor and on conviction is subject to a fine not to exceed $10,000 per day based on: (1) The extent of actual or potential public harm caused by the violation;(2) The cost of investigating the violation; and(3) The person's prior record of compliance.Md. Code Regs. 10.25.07.09
Regulations .09 adopted effective March 24, 2008 (35:6 Md. R. 698)
Regulation .09C amended effective December 15, 2008 (35:25 Md. R. 2150); amended effective 51:3 Md. R. 152, eff. 1/11/2024, exp. 7/9/2024(Emergency); amended effective 51:9 Md. R. 440, eff. 5/13/2024.