Current through Register Vol. XLI, No. 50, December 13, 2024
Section 65-28-8 - Participating Organizations8.1. In order to request and receive a patient's protected health information through the Network's health information exchange; it is necessary to first become a participating organization. The Network may in its discretion grant participating organization status to any health care provider, licensed practitioner, public health agency, health care clearinghouse, health plan or other organization that establishes a contractual relationship in accordance with a standard participation agreement developed and approved by the Network. A participating organization may take the form of either a data user or a full service participant.8.2. During the course of its development and implementation, the Network shall establish a plan for statewide coverage that is consistent with its available resources and the readiness of prospective participating organizations to connect to the health information exchange.8.2.a. To evaluate the readiness of prospective participating organizations to connect to the Network, the Network shall prepare and publish interoperability guidelines that shall be met in order to become a participating organization.8.2.b. The Network's interoperability guidelines shall be based upon national and industry health data and security standards regarding interoperability between and among participating organizations.8.2.c. The Network's interoperability guidelines shall be designed reasonably to ensure that protected health information made available through the health information exchange is complete, accurate, and current.8.3. A full service participating organization shall enable the Network to access personal demographic information and protected health information about all of its patients, and to include these patients in the Network's master patient index, subject to each patient's right to opt-out of the health information exchange. Any data supplier approved by the Network shall likewise promptly enable the Network to access personal demographic information and protected health information.8.4. A participating organization and a data supplier shall thereafter promptly transmit to the Network any known changes to its patients' personal demographic information to maintain the accuracy of the master patient index.8.5. The Network may in its discretion grant participating organization status to health care providers or licensed practitioners that cannot comply with the Network's interoperability guidelines in order to provide the health care providers or licensed practitioners with access to the protected health information of their patients maintained by other participating organizations for a permissible purpose. These organizations shall be known as data users. Because the purpose of the Network is to improve the efficiency, quality, and integration of health care delivery, and to improve health care outcomes, such purpose is necessarily dependent upon interoperability and the sharing of data between the maximum number of participating organizations. Accordingly, the Network may impose upon any data user reasonable time limitations or conditions, or both, which require the data user to ultimately come into compliance with the Network's interoperability guidelines and become a full service participant.8.6. A participating organization shall strictly control access to the Network's health information exchange by its workforce through an organized system of approving and designating authorized users.8.7. Each participating organization and data supplier is solely responsible for identifying, classifying, segregating, and blocking the disclosure of sensitive health information contained in its designated record sets through the Network's health information exchange.8.8. A participating organization may disclose and use protected health information as part of the health information exchange only in a manner that is consistent with the following:8.8.a. HIPAA, the HIPAA privacy rules, the HIPAA security rules, the HITECH Act, and any other applicable federal law or regulation;8.8.b. Any applicable West Virginia law or legislative rule, including but not limited to, this legislative rule; and8.8.c. the Network-approved participation agreement.8.9. Each participating organization shall designate a site administrator from its workforce to be the primary point of contact with the Network, and to perform various administrative functions, including but not limited to, granting and terminating authorized user status to members of its workforce. 8.10. A participating organization shall promptly report any malfunctions, misuse, or breach involving the health information exchange to the Network, or its designee, for investigation and remediation.