Delaware Administrative Code
Title 1 - Authorities, Boards and Commissions
100 - Delaware Health Information Network
102 - Delaware Health Information Network Regulations on Use of Clinical Data for Approved Analytic Purposes
Section 102-3.0 - General Data Access Provisions

Universal Citation: 1 DE Admin Code 102-3.0

Current through Register Vol. 28, No. 3, September 1, 2024

3.1 Available Clinical Data may be released to a person or organization for purposes of:

3.1.1 Facilitating data-driven, evidence-based improvements in access to and quality of health care;

3.1.2 Improving the health of Delawareans generally;

3.1.3 Lowering the growth in per-capita health care costs; or

3.1.4 Providing enhanced provider experience that promotes patient engagement.

3.2 Unless otherwise provided for in this regulation, requests for access to Available Clinical Data or for analytic services based thereupon shall require completion of a written Data access application, in a form to be published by DHIN on its website, that describes the intended purpose and use of the data, the justification for the data request, and the security and privacy measures that will be used to safeguard the data and prevent unauthorized access to or use of the data. DHIN may require such additional information from a data requestor as DHIN determines, in its discretion, is required to evaluate any particular request. Exceptions to this rule include:

3.2.1 Requests by a Data Sending Organization for access to its own data or for analytic services based upon its own data shall not require Committee review or approval.

3.2.2 The Committee, at a duly noticed public meeting, may authorize additional exceptions to this rule, provided such exceptions are consistent with the requirements of the Act, HIPAA, and relevant Delaware law. Any such exceptions shall be identified publicly on DHIN's website.

3.3 If authorized by the Committee or the Board, de-identified data or the analytic evaluation thereof may be released to applying parties or the public without obtaining full Board or Committee review.

3.3.1 Release of such de-identified data shall be pursuant to such terms and conditions as are established by the Committee or the Board.

3.3.2 Release of such de-identified data shall only be permitted if the purposes for such release are consistent with the purposes for release of data set forth in the Act and this regulation.

3.4 Requests for limited data sets or identified data, or for analytic services based upon such data, must be reviewed by the Committee to determine whether the request complies with the purposes of the Act and this regulation.

3.5 DHIN shall not provide identified data to any requesting party without first obtaining or being provided with written consent from the patient authorizing such disclosure. Such consent must be in a form consistent with HIPAA and must explicitly authorize DHIN or health information exchanges generally to release identified data to the requesting party.

Disclaimer: These regulations may not be the most recent version. Delaware may have more current or accurate information. We make no warranties or guarantees about the accuracy, completeness, or adequacy of the information contained on this site or the information linked to on the state site. Please check official sources.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.