101 CMR, § 20.11 - Statewide Event Notification Service Framework
(1)
General. The
statewide event notification service framework is a HIway-facilitated service
composed of EOHHS-certified ENS vendors. Certified ENS vendors must:
(a) collect ADT feeds from required
submitters;
(b) reflect ADT feeds
to all other certified ENS vendors;
(c) conduct a patient matching process with
the ADT feeds; and
(d) produce
notifications to their respective ENS subscribers in a secure method that
protects patient privacy in accordance with applicable state and federal
law.
(2)
ENS
Certification Process. EOHHS sets reasonable objective criteria,
including applicable privacy and security standards for certified ENS vendors.
The certification will be for a term as specified in the certification process
but in no event for more than three years, at which time the term may be
renewed upon successful recertification.
(3)
Reflect ADTs. A
certified ENS vendor must reflect ADTs to all other certified ENS vendors for
the purposes of treatment or care coordination by ENS recipients.
(a) Certified ENS vendors must match all
inbound reflected ADTs using their patient matching process to determine
positive or negative matches.
(b)
All inbound reflected ADTs that achieve a positive result in the patient
matching process must be routed to the appropriate ENS recipients in accordance
with the contract between the ENS vendor and ENS recipient.
(c) All inbound reflected ADTs that achieve a
negative result in the patient matching process must be destroyed in accordance
with the requirements of the certification process; however, a record of the
transaction must be kept, as required, to meet minimal audit standards and
retention periods for audit purposes consistent with
45 CFR §
164.312(b). Certified ENS
vendors must keep a log of inbound reflected ADTs in auditable
information.
(4)
Data Security. Data shall be transmitted and held in
accordance with industry-accepted practices, which at a minimum shall include
the Health Insurance Portability and Accountability Act (HIPAA) Rules, and any
other requirements EOHHS may deem necessary for certification.
(5)
Audit Rights.
EOHHS retains the right to conduct data integrity, privacy, and security audits
of certified ENS vendors to comply with the framework of
101 CMR 20.12. EOHHS, upon
finding unauthorized access or disclosure of data, may suspend the
certification until corrective action is taken, and/or rescind the
certification.
Notes
State regulations are updated quarterly; we currently have two versions available. Below is a comparison between our most recent version and the prior quarterly release. More comparison features will be added as we have more versions to compare.
No prior version found.