1. Introduction and Overview of Policies and Procedures

20120831 - MMPA Release 1

Outline of

Policies and Procedures

For

Health Information Exchange Organization

1.  Introduction and Overview of Policies and Procedures

1.1  Description of Health Information Exchange Organization (“HIO”)

1.2  Description of Policies and Procedures document (including scope, and other policies and procedures that may apply) (§§ 1.5.17, 15.3)

1.3  Development of Policies and Procedures; How Policies and Procedures May Change (§§ 2.1.1, 2.1.3)

2.  System and Services

2.1  System (§ 1.5.18)

2.1.1  Description

2.1.2  Functionality

2.1.3  Service Standards

2.1.4  Standards for Use

2.2  Services (§ 1.4)

2.2.1  Description

2.2.2  Communications among Participants and HIO

2.2.3  Standards for Use

2.3  Additional Services (§ 1.5.1)

2.4  Other Activities (§ 11.9)

2.5  Maintenance of System and Services (§ 11.4)

2.6  Ownership Rights in System and Services (§§ 6.1.2, 7.1.2)

2.7  Permitted Purposes for Use of System and Services (§ 6.2)

2.8  Prohibited Uses of System and Services (§ 6.3)

3.  Participants

3.1  Participant Types (§ 2.2.3)

3.2  Applications for Participation (§§ 2.2.4, 11.2)

3.3  Monitoring Participants (§ 11.3)

3.4  Transparency and Oversight (§§ 17.1, 17.2)

3.5  Enforcement and Accountability (§ 17.3)

4.  Authorized Users

4.1  Required Information for Authorized Users (§ 4.1)

4.2  Training (§§ 4.2, 11.5)

4.3  Support (§ 11.6)

5.  Security of Patient Data

5.1  Standards (§ 9.1)

5.2  Measures Provided by HIO

5.3  Measures Provided by Participant (§5.3)

5.4  Reporting of Breaches and Security Incidents (§ 9.2)

6.  Privacy of Patient Data

6.1  Consent and/or Authorization Requirements

6.2  Permitted Uses of Patient Data (§ 6.6)

6.2.1  Use by HIO

6.2.2  Use by Data Recipients

6.3  Prohibited Uses of Patient Data (§§ 6.6, 7.5.1)

6.3.1  Use by HIO

6.3.2  Use by Data Recipients

6.4  Limitations on Disclosure of Patient Data (§ 7.6.1)

6.5  Required Disclosures by HIO

7.  Exchange of Patient Data

7.1  Data Provided by Data Providers (§ 7.2)

7.2  Measures to Assure Accuracy of Data (§ 7.3)

8.  Technology

8.1  Associated Technology

8.2  Participant’s Required Hardware and Software (§5.4)

9.  HIO Operations

9.1  HIO’s Privacy and Security Standards

9.1.1  Policies and Procedures

9.1.2  Technical, Administrative and Physical Safeguards

9.1.3  Reporting of Breaches and Security Incidents

9.2  Audits and Reports (§ 11.7)

10.  Fees

10.1  Fee Schedule (§ 13.2)

10.2  Miscellaneous Charges (§ 13.4)

11.  Insurance (§ 16.1)

11.1  HIO’s Insurance

11.2  Participant’s Insurance

3