Statutes, codes, and regulations
Maryland Administrative code
Title 10 - MARYLAND DEPARTMENT OF HEALTHPart 4Subtitle 25 - MARYLAND HEALTH CARE COMMISSION
Chapter 10.25.18 - Health Information Exchanges: Privacy and Security of Protected Health Information
Section 10.25.18.11 - [Effective until 7/7/2024] Requirements for Accessing, Using, or Disclosing of Data Through an HIE in an Emergency

Md. Code Regs. 10.25.18.11

Download
PDF
Current through Register Vol. 51, No. 12, June 14, 2024
Section 10.25.18.11 - [Effective until 7/7/2024] Requirements for Accessing, Using, or Disclosing of Data Through an HIE in an Emergency
A. An HIE shall develop and implement emergency access policies and procedures that satisfy the following requirements:
(1) The policies and procedures shall be included in the HIE's health care consumer education materials required by Regulation .03B(1) of this chapter; and
(2) Clearly communicate the following:
(a) The extent to which the HIE has the capability to disclose the patient's information in an emergency and how this compares to disclosure for routine access; and
(b) The circumstances under which the HIE would disclose the patient's information in an emergency, including how opting in or out of participation would impact access to the patient's information during an emergency.
B. If an HIE's emergency access policy allows the disclosure of information during an emergency, the HIE shall:
(1) Only disclose information to the requesting health care provider if the following conditions are met:
(a) The requesting health care provider:
(i) Advises the HIE that it is the health care provider's professional opinion that an emergency exists; and
(ii) Attests that all conditions of the participating organization's policy have been met;
(b) The patient's condition preclude the participating organization from obtaining the consent of the health care consumer;
(c) Information available through the HIE may be relevant to the treatment needed by the patient in the specific emergency;
(d) The participating organization has an established policy that describes the requirements and attestation process for emergency access; and
(e) Disclosure of information available through the HIE is not in violation of applicable federal and State laws and regulations related to sensitive health information.
(2) Establish technical procedures for documenting an attestation by the requesting health care provider that the conditions in §B(1) of this regulation, were met prior to accessing information through the HIE;
(3) Review the emergency access logs at least monthly, in coordination with the participating organization, to identify any unusual finding;
(4) Take action in accordance with Regulation .06 of this chapter, in the event the emergency access log reveals an unusual finding;
(5) Maintain an audit trail of user emergency access logs in accordance with Regulation .06A(8) of this chapter; and
(6) Require a participating organization to:
(a) Access only the minimum necessary information needed to care for the patient during the emergency encounter;
(b) Discontinue querying of the patient's record upon the completion of the emergency encounter;
(c) Allow emergency access only to authorized users with the appropriate access designation consistent with the policy of the participating organization; and
(d) Notify the health care consumer, as soon as reasonably possible, and no later than ten business days from the initial access, when the HIE has granted access to the health care consumer's information during an emergency.

Md. Code Regs. 10.25.18.11

Regulation .11 adopted effective 43:12 Md. R. 666, eff. 6/20/2016; amended effective 45:16 Md. R. 775, eff. 8/13/2018; amended effective 51:3 Md. R. 152, eff. 1/9/2024, exp. 7/7/2024 (Emergency).