The commissioner shall require a health information organization to apply for a certificate of authority under this section. An applicant may continue to operate until the commissioner acts on the application. If the application is denied, the applicant is considered a health information exchange service provider whose certificate of authority has been revoked under section 62J.4982, subdivision 2, paragraph (d).
(a) A health information organization must obtain a certificate of authority from the commissioner and demonstrate compliance with the criteria in paragraph (c).
(b) Notwithstanding any law to the contrary, an organization may apply for a certificate of authority to establish and operate a health information organization under this section. No person shall establish or operate a health information organization in this state, nor sell or offer to sell, or solicit offers to purchase or receive advance or periodic consideration in conjunction with a health information organization or health information contract unless the organization has a certificate of authority under this section.
(c) In issuing the certificate of authority, the commissioner shall determine whether the applicant for the certificate of authority has demonstrated that the applicant meets the following minimum criteria:
(1) the entity is a legally established organization;
(2) appropriate insurance, including liability insurance, for the operation of the health information organization is in place and sufficient to protect the interest of the public and participating entities;
(3) strategic and operational plans address governance, technical infrastructure, legal and policy issues, finance, and business operations in regard to how the organization will expand to support providers in achieving health information exchange goals over time;
(4) the entity addresses the parameters to be used with participating entities and other health information exchange service providers for clinical transactions, compliance with Minnesota law, and interstate health information exchange trust agreements;
(5) the entity's board of directors or equivalent governing body is composed of members that broadly represent the health information organization's participating entities and consumers;
(6) the entity maintains a professional staff responsible to the board of directors or equivalent governing body with the capacity to ensure accountability to the organization's mission;
(7) the organization is compliant with national certification and accreditation programs designated by the commissioner;
(8) the entity maintains the capability to query for patient information based on national standards. The query capability may utilize a master patient index, clinical data repository, or record locator service as defined in section 144.291, subdivision 2, paragraph (j). The entity must be compliant with the requirements of section 144.293, subdivision 8, when conducting clinical transactions;
(9) the organization demonstrates interoperability with all other state-certified health information organizations using nationally recognized standards;
(10) the organization demonstrates compliance with all privacy and security requirements required by state and federal law; and
(11) the organization uses financial policies and procedures consistent with generally accepted accounting principles and has an independent audit of the organization's financials on an annual basis.
(d) Health information organizations that have obtained a certificate of authority must:
(1) meet the requirements established for connecting to the National eHealth Exchange;
(2) annually submit strategic and operational plans for review by the commissioner that address:
(i) progress in achieving objectives included in previously submitted strategic and operational plans across the following domains: business and technical operations, technical infrastructure, legal and policy issues, finance, and organizational governance;
(ii) plans for ensuring the necessary capacity to support clinical transactions;
(iii) approach for attaining financial sustainability, including public and private financing strategies, and rate structures;
(iv) rates of adoption, utilization, and transaction volume, and mechanisms to support health information exchange; and
(v) an explanation of methods employed to address the needs of community clinics, critical access hospitals, and free clinics in accessing health information exchange services;
(3) enter into reciprocal agreements with all other state-certified health information organizations to enable access to patient data, and for the transmission and receipt of clinical transactions. Reciprocal agreements must meet the requirements in subdivision 5;
(4) participate in statewide shared health information exchange services as defined by the commissioner to support interoperability; and
(5) comply with additional requirements for the certification or recertification of health information organizations that may be established by the commissioner.
(a) Each application for a certificate of authority shall be in a form prescribed by the commissioner and verified by an officer or authorized representative of the applicant. Each application shall include the following in addition to information described in the criteria in subdivision 3:
(1) a copy of the basic organizational document, if any, of the applicant and of each major participating entity, such as the articles of incorporation, or other applicable documents, and all amendments to it;
(2) a list of the names, addresses, and official positions of the following:
(i) all members of the board of directors or equivalent governing body, and the principal officers and, if applicable, shareholders of the applicant organization; and
(ii) all members of the board of directors or equivalent governing body, and the principal officers of each major participating entity and, if applicable, each shareholder beneficially owning more than ten percent of any voting stock of the major participating entity;
(3) the name and address of each participating entity and the agreed-upon duration of each contract or agreement if applicable;
(4) a copy of each standard agreement or contract intended to bind the participating entities and the health information organization. Contractual provisions shall be consistent with the purposes of this section, in regard to the services to be performed under the standard agreement or contract, the manner in which payment for services is determined, the nature and extent of responsibilities to be retained by the health information organization, and contractual termination provisions;
(5) a statement generally describing the health information organization, its health information exchange contracts, facilities, and personnel, including a statement describing the manner in which the applicant proposes to provide participants with comprehensive health information exchange services;
(6) a statement reasonably describing the geographic area or areas to be served and the type or types of participants to be served;
(7) a description of the complaint procedures to be used as required under this section;
(8) a description of the mechanism by which participating entities will have an opportunity to participate in matters of policy and operation;
(9) a copy of any pertinent agreements between the health information organization and insurers, including liability insurers, demonstrating coverage is in place;
(10) a copy of the conflict of interest policy that applies to all members of the board of directors or equivalent governing body and the principal officers of the health information organization; and
(11) other information as the commissioner may reasonably require to be provided.
(b) Within 45 days after the receipt of the application for a certificate of authority, the commissioner shall determine whether or not the application submitted meets the requirements for completion in paragraph (a), and notify the applicant of any further information required for the application to be processed.
(c) Within 90 days after the receipt of a complete application for a certificate of authority, the commissioner shall issue a certificate of authority to the applicant if the commissioner determines that the applicant meets the minimum criteria requirements of subdivision 3. If the commissioner determines that the applicant is not qualified, the commissioner shall notify the applicant and specify the reasons for disqualification.
(d) Upon being granted a certificate of authority to operate as a state-certified health information organization, the organization must operate in compliance with the provisions of this section. Noncompliance may result in the imposition of a fine or the suspension or revocation of the certificate of authority according to section 62J.4982.
(a) Reciprocal agreements between two health information organizations must include a fair and equitable model for charges between the entities that:
(1) does not impede the secure transmission of clinical transactions;
(2) does not charge a fee for the exchange of transactions transmitted according to nationally recognized standards where no additional value-added service is rendered to the sending or receiving health information organization either directly or on behalf of the client;
(3) is consistent with fair market value and proportionately reflects the value-added services accessed as a result of the agreement; and
(4) prevents health care stakeholders from being charged multiple times for the same service.
(b) Reciprocal agreements must include comparable quality of service standards that ensure equitable levels of services.
(c) Reciprocal agreements are subject to review and approval by the commissioner.
(d) Nothing in this section precludes a state-certified health information organization from entering into contractual agreements for the provision of value-added services.
Official Publication of the State of Minnesota
Revisor of Statutes