Minnesota HIE Oversight
The Minnesota Department of Health (MDH) is required by Minnesota law to establish an oversight process that will protect the public interest on matters pertaining to health information exchange (HIE). The Minnesota Commissioner of Health has been granted the authority to implement an HIE Oversight process in accordance with Minnesota Statutes § 62J.498 through 62J.4982, which was effective on July 1, 2010, and was revised effective July 1, 2021.
The HIE oversight process is intended to ensure health information organizations (HIOs) operating in Minnesota are adhering to Minnesota and nationally recognized standards and requirements. Under this law, HIOs providing HIE services in Minnesota for clinical transactions must apply for a certificate of authority to conduct business in Minnesota as an HIO. Applicants are required to participate in a public process and to respond to questions from interested stakeholders, including consumers.
The 2021 statute also includes language pertaining to other entities providing HIE services, for example, health data intermediaries (HDIs). These other entities can may be required to provide information to MDH. However, MDH is not requiring information be provided at this time.
An important part of the oversight and certification process is to ensure that any state-certified HIE service provider will comply with both the federal and Minnesota privacy laws. HIE service providers must submit information in their applications about policies and procedures related to compliance with these laws.
The Health Information Portability and Accountability Act (HIPAA), established the baseline standards for protection of patient information and health records across the country. The HITECH Act (2009) included provisions to enhance access to an individual’s own patient information and protection of patient records.
The Minnesota Health Records Act (MHRA) established additional requirements related to protecting access to patient health information including a requirement that the patients must consent to the release of their health records including for treatment purposes. Health care providers and organizations, including HIE service providers that work with patient health information, must comply with HIPAA and HITECH regulations as well as the additional MHRA requirements if they are conducting business in Minnesota.
Please refer to Minnesota e-Health Privacy & Security to see resources.
Minnesota Certified HIOs
Information on HIOs who have successfully completed the application process and been issued a Certificate of Authority to operate in Minnesota.
Minnesota HIO Application Process
Information on how to apply for a Certificate of Authority to operate as an HIO in Minnesota.