Mass. Gen. Laws ch. 118I § 11

Current through Chapters 1 to 249 and Chapters 253 to 255 of the 2024 Legislative Session
Section 118I:11 - Requirements for approved plans

Any plan approved by the executive office and council or the e-Health institute, including every grantee and implementing organization that receives monies funded in whole or in part from the e-Health Institute Fund established in section 6E of chapter 40J or the Massachusetts Health Information Exchange Fund established under section 10, shall:

(1) establish a mechanism to allow patients to opt-in to the health information exchange and to opt-out at any time;
(2) maintain identifiable health information in physically and technologically secure environments by means including, but not limited to: prohibiting the storage or transfer of unencrypted and non-password protected identifiable health information on portable data storage devices; requiring data encryption, unique alpha-numerical identifiers and password protection; and other methods to prevent unauthorized access to identifiable health information;
(3) provide patients the option of, upon request to a provider, obtaining a list of individuals and entities that have accessed their identifiable health information from that provider;
(4) develop and distribute to authorized users of the health information exchange and to prospective exchange participants, written guidelines addressing privacy, confidentiality and security of health information and inform individuals: the information available through the exchange, who may access their information and the purposes for which their information may be accessed; and
(5) ensure compliance with all state and federal privacy requirements, including those imposed by the Health Insurance Portability and Accountability Act of 1996, P.L. 104-191, the American Recovery and Reinvestment Act of 2009, P.L. 111-5, 42 C.F.R. §§ 2.11 et seq. and 45 C.F.R.§§ 160, 162 and 164.

Mass. Gen. Laws ch. 118I, § 11

Added by Acts 2012, c. 224,§ 134, eff. 11/4/2012.