Subdivision 1.Authority to require organizations to apply.

The commissioner shall require an entity providing health information exchange services to apply for a certificate of authority under this section. An applicant may continue to operate until the commissioner acts on the application. If the application is denied, the applicant is considered a health information organization whose certificate of authority has been revoked under section 62J.4982, subdivision 2, paragraph (d).

Subd. 2.Certificate of authority for health data intermediaries.

(a) A health data intermediary that provides health information exchange services for the transmission of one or more clinical transactions necessary for hospitals, providers, or eligible professionals to achieve meaningful use must be registered with the state and comply with requirements established in this section.

(b) Notwithstanding any law to the contrary, any corporation organized to do so may apply to the commissioner for a certificate of authority to establish and operate as a health data intermediary in compliance with this section. No person shall establish or operate a health data intermediary in this state, nor sell or offer to sell, or solicit offers to purchase or receive advance or periodic consideration in conjunction with a health data intermediary contract unless the organization has a certificate of authority or has an application under active consideration under this section.

(c) In issuing the certificate of authority, the commissioner shall determine whether the applicant for the certificate of authority has demonstrated that the applicant meets the following minimum criteria:

(1) interoperate with at least one state-certified health information organization;

(2) provide an option for Minnesota entities to connect to their services through at least one state-certified health information organization;

(3) have a record locator service as defined in section 144.291, subdivision 2, paragraph (i), that is compliant with the requirements of section 144.293, subdivision 8, when conducting meaningful use transactions; and

(4) hold reciprocal agreements with at least one state-certified health information organization to enable access to record locator services to find patient data, and for the transmission and receipt of meaningful use transactions consistent with the format and content required by national standards established by Centers for Medicare and Medicaid Services. Reciprocal agreements must meet the requirements established in subdivision 5.

Subd. 3.Certificate of authority for health information organizations.

(a) A health information organization that provides all electronic capabilities for the transmission of clinical transactions necessary for meaningful use of electronic health records must obtain a certificate of authority from the commissioner and demonstrate compliance with the criteria in paragraph (c).

(b) Notwithstanding any law to the contrary, a nonprofit corporation organized to do so may apply for a certificate of authority to establish and operate a health information organization under this section. No person shall establish or operate a health information organization in this state, nor sell or offer to sell, or solicit offers to purchase or receive advance or periodic consideration in conjunction with a health information organization or health information contract unless the organization has a certificate of authority under this section.

(c) In issuing the certificate of authority, the commissioner shall determine whether the applicant for the certificate of authority has demonstrated that the applicant meets the following minimum criteria:

(1) the entity is a legally established, nonprofit organization;

(2) appropriate insurance, including liability insurance, for the operation of the health information organization is in place and sufficient to protect the interest of the public and participating entities;

(3) strategic and operational plans clearly address how the organization will expand technical capacity of the health information organization to support providers in achieving meaningful use of electronic health records over time;

(4) the entity addresses the parameters to be used with participating entities and other health information organizations for meaningful use transactions, compliance with Minnesota law, and interstate health information exchange in trust agreements;

(5) the entity's board of directors is composed of members that broadly represent the health information organization's participating entities and consumers;

(6) the entity maintains a professional staff responsible to the board of directors with the capacity to ensure accountability to the organization's mission;

(7) the organization is compliant with criteria established under the Health Information Exchange Accreditation Program of the Electronic Healthcare Network Accreditation Commission (EHNAC) or equivalent criteria established by the commissioner;

(8) the entity maintains a record locator service as defined in section 144.291, subdivision 2, paragraph (i), that is compliant with the requirements of section 144.293, subdivision 8, when conducting meaningful use transactions;

(9) the organization demonstrates interoperability with all other state-certified health information organizations using nationally recognized standards;

(10) the organization demonstrates compliance with all privacy and security requirements required by state and federal law; and

(11) the organization uses financial policies and procedures consistent with generally accepted accounting principles and has an independent audit of the organization's financials on an annual basis.

(d) Health information organizations that have obtained a certificate of authority must:

(1) meet the requirements established for connecting to the Nationwide Health Information Network (NHIN) within the federally mandated timeline or within a time frame established by the commissioner and published in the State Register. If the state timeline for implementation varies from the federal timeline, the State Register notice shall include an explanation for the variation;

(2) annually submit strategic and operational plans for review by the commissioner that address:

(i) increasing adoption rates to include a sufficient number of participating entities to achieve financial sustainability; and

(ii) progress in achieving objectives included in previously submitted strategic and operational plans across the following domains: business and technical operations, technical infrastructure, legal and policy issues, finance, and organizational governance;

(3) develop and maintain a business plan that addresses:

(i) plans for ensuring the necessary capacity to support meaningful use transactions;

(ii) approach for attaining financial sustainability, including public and private financing strategies, and rate structures;

(iii) rates of adoption, utilization, and transaction volume, and mechanisms to support health information exchange; and

(iv) an explanation of methods employed to address the needs of community clinics, critical access hospitals, and free clinics in accessing health information exchange services;

(4) annually submit a rate plan to the commissioner outlining fee structures for health information exchange services for approval by the commissioner. The commissioner shall approve the rate plan if it:

(i) distributes costs equitably among users of health information services;

(ii) provides predictable costs for participating entities;

(iii) covers all costs associated with conducting the full range of meaningful use clinical transactions, including access to health information retrieved through other state-certified health information exchange service providers; and

(iv) provides for a predictable revenue stream for the health information organization and generates sufficient resources to maintain operating costs and develop technical infrastructure necessary to serve the public interest;

(5) enter into reciprocal agreements with all other state-certified health information organizations to enable access to record locator services to find patient data, and transmission and receipt of meaningful use transactions consistent with the format and content required by national standards established by Centers for Medicare and Medicaid Services. Reciprocal agreements must meet the requirements in subdivision 5; and

(6) comply with additional requirements for the certification or recertification of health information organizations that may be established by the commissioner.

Subd. 4.Application for certificate of authority for health information exchange service providers.

(a) Each application for a certificate of authority shall be in a form prescribed by the commissioner and verified by an officer or authorized representative of the applicant. Each application shall include the following:

(1) a copy of the basic organizational document, if any, of the applicant and of each major participating entity, such as the articles of incorporation, or other applicable documents, and all amendments to it;

(2) a list of the names, addresses, and official positions of the following:

(i) all members of the board of directors, and the principal officers and, if applicable, shareholders of the applicant organization; and

(ii) all members of the board of directors, and the principal officers of each major participating entity and, if applicable, each shareholder beneficially owning more than ten percent of any voting stock of the major participating entity;

(3) the name and address of each participating entity and the agreed-upon duration of each contract or agreement if applicable;

(4) a copy of each standard agreement or contract intended to bind the participating entities and the health information organization. Contractual provisions shall be consistent with the purposes of this section, in regard to the services to be performed under the standard agreement or contract, the manner in which payment for services is determined, the nature and extent of responsibilities to be retained by the health information organization, and contractual termination provisions;

(5) a copy of each contract intended to bind major participating entities and the health information organization. Contract information filed with the commissioner under this section shall be nonpublic as defined in section 13.02, subdivision 9;

(6) a statement generally describing the health information organization, its health information exchange contracts, facilities, and personnel, including a statement describing the manner in which the applicant proposes to provide participants with comprehensive health information exchange services;

(7) financial statements showing the applicant's assets, liabilities, and sources of financial support, including a copy of the applicant's most recent certified financial statement;

(8) strategic and operational plans that specifically address how the organization will expand technical capacity of the health information organization to support providers in achieving meaningful use of electronic health records over time, a description of the proposed method of marketing the services, a schedule of proposed charges, and a financial plan that includes a three-year projection of the expenses and income and other sources of future capital;

(9) a statement reasonably describing the geographic area or areas to be served and the type or types of participants to be served;

(10) a description of the complaint procedures to be used as required under this section;

(11) a description of the mechanism by which participating entities will have an opportunity to participate in matters of policy and operation;

(12) a copy of any pertinent agreements between the health information organization and insurers, including liability insurers, demonstrating coverage is in place;

(13) a copy of the conflict of interest policy that applies to all members of the board of directors and the principal officers of the health information organization; and

(14) other information as the commissioner may reasonably require to be provided.

(b) Within 30 days after the receipt of the application for a certificate of authority, the commissioner shall determine whether or not the application submitted meets the requirements for completion in paragraph (a), and notify the applicant of any further information required for the application to be processed.

(c) Within 90 days after the receipt of a complete application for a certificate of authority, the commissioner shall issue a certificate of authority to the applicant if the commissioner determines that the applicant meets the minimum criteria requirements of subdivision 2 for health data intermediaries or subdivision 3 for health information organizations. If the commissioner determines that the applicant is not qualified, the commissioner shall notify the applicant and specify the reasons for disqualification.

(d) Upon being granted a certificate of authority to operate as a health information organization, the organization must operate in compliance with the provisions of this section. Noncompliance may result in the imposition of a fine or the suspension or revocation of the certificate of authority according to section 62J.4982.

Subd. 5.Reciprocal agreements between health information exchange entities.

(a) Reciprocal agreements between two health information organizations or between a health information organization and a health data intermediary must include a fair and equitable model for charges between the entities that:

(1) does not impede the secure transmission of transactions necessary to achieve meaningful use;

(2) does not charge a fee for the exchange of meaningful use transactions transmitted according to nationally recognized standards where no additional value-added service is rendered to the sending or receiving health information organization or health data intermediary either directly or on behalf of the client;

(3) is consistent with fair market value and proportionately reflects the value-added services accessed as a result of the agreement; and

(4) prevents health care stakeholders from being charged multiple times for the same service.

(b) Reciprocal agreements must include comparable quality of service standards that ensure equitable levels of services.

(c) Reciprocal agreements are subject to review and approval by the commissioner.

(d) Nothing in this section precludes a state-certified health information organization or state-certified health data intermediary from entering into contractual agreements for the provision of value-added services beyond meaningful use.

(e) The commissioner of human services or health, when providing access to data or services through a certified health information organization, must offer the same data or services directly through any certified health information organization at the same pricing, if the health information organization pays for all connection costs to the state data or service. For all external connectivity to the respective agencies through existing or future information exchange implementations, the respective agency shall establish the required connectivity methods as well as protocol standards to be utilized.

Subd. 6.State participation in health information exchange.

A state agency that connects to a health information exchange service provider for the purpose of exchanging meaningful use transactions must ensure that the contracted health information exchange service provider has reciprocal agreements in place as required by this section. The reciprocal agreements must provide equal access to information supplied by the agency as necessary for meaningful use by the participating entities of the other health information service providers.