Code of Massachusetts Regulations
101 CMR - EXECUTIVE OFFICE FOR HEALTH AND HUMAN SERVICES
Title 101 CMR 20.00 - Health Information Exchange
Section 20.11 - Statewide Event Notification Service Framework
Current through Register 1531, September 27, 2024
(1) General. The statewide event notification service framework is a HIway-facilitated service composed of EOHHS-certified ENS vendors. Certified ENS vendors must:
(2) ENS Certification Process. EOHHS sets reasonable objective criteria, including applicable privacy and security standards for certified ENS vendors. The certification will be for a term as specified in the certification process but in no event for more than three years, at which time the term may be renewed upon successful recertification.
(3) Reflect ADTs. A certified ENS vendor must reflect ADTs to all other certified ENS vendors for the purposes of treatment or care coordination by ENS recipients.
(4) Data Security. Data shall be transmitted and held in accordance with industry-accepted practices, which at a minimum shall include the Health Insurance Portability and Accountability Act (HIPAA) Rules, and any other requirements EOHHS may deem necessary for certification.
(5) Audit Rights. EOHHS retains the right to conduct data integrity, privacy, and security audits of certified ENS vendors to comply with the framework of 101 CMR 20.12. EOHHS, upon finding unauthorized access or disclosure of data, may suspend the certification until corrective action is taken, and/or rescind the certification.