P&S Resources

Minnesota e-Health Privacy & Security

Request for Information (RFI): Patient Impact and Costs Associated with the Consent Requirements under the Minnesota Health Records Act (MHRA)

Responses Due October 24, 2016

The Minnesota Department of Health (MDH) by legislative mandate seeks public input on both patient impact and costs associated with requirements related to patient consent for release of health records for the purposes of treatment, payment, and health care operations, as required in section 144.293, subdivision 2 (Minnesota Session Laws 2016, Regular Session, Chapter 189, Article 20, Section 5).

The complete RFI and instructions for responding:
Request for Information on Impact and Costs Associated with the Consent Requirements under the Minnesota Health Records Act (DOCX)

Individuals, health care providers, payers and related organizations are encouraged to respond. For questions, please email mn.ehealth@state.mn.us.

Privacy and Security Resources for Minnesota Health Care Providers

The Minnesota Health Records Access Study (2013) identified gaps and opportunities for providing resources and guidance to health and health care providers to aid in implementing more robust privacy and security programs throughout the state.

In 2014, the Minnesota Department of Health (MDH), in consultation with the Minnesota e-Health Advisory Committee, convened the Minnesota e-Health Privacy and Security Workgroup to provide expert analysis and opinions on materials and resources that may be used to enhance privacy and security programs throughout the state. The work is ongoing, and current resources are available at the links below.

Minnesota Standard Consent Form to Release Health Information (PDF)
A standard patient consent form for a person to release their health information.

Minnesota Model Notice of Privacy Practices (NPP) (PDF)
(Adapted for Minnesota from U.S. Department of Health and Human Services Model NPP)

Summary of Proactive Monitoring Procedures for Secure Individual Identifiable Health Information (PDF)

Security Risk Analysis Tip Sheet (PDF)

HIPAA, Minnesota’s Health Records Act, and Psychotherapy Notes (PDF)


Other Minnesota Activities and Resources

Privacy and Security Workgroup
Website of the Privacy and Security Workgroup of the Minnesota e-Health Initiative.

Minnesota Health Records Act
Minnesota law governing health records information, Minnesota Statutes 144.291 through 144.298

Upper Midwest HIE Interstate Patient Consent Tools
The Upper Midwest HIE (UM HIE) State Health Policy Consortium has developed a set of tools for health care providers designed to ease the exchange of patient health information, with consent, across state borders specifically for Minnesota, North Dakota, South Dakota, Wisconsin and Illinois.

The Minnesota Commissioner of Health has endorsed these new tools and encourages health care providers to use the UM HIE Common Consent Form.

Visit the UM HIE webpage to access the tools and read more about the Commissioner's endorsement.

Minnesota Documents Related to Federal Privacy & Security Activities

National Resources

ARRA Title XIII: HITECH Act, Subtitle D – Privacy (PDF)
Full text of privacy provisions included in the HITECH Act.

HHS Interim Final Rule and Request for Comment on Breach Notification of Unsecured Protected Health Information (PDF)
Full text of the U.S. Department of Health and Human Services health information breach notification interim final rule for HIPAA covered entities.

FTC Interim Final Rule on Health Breach Notification (PDF)
Full text of Federal Trade Commission’s health information breach notification rule for non-HIPAA covered entities.

HHS Interim Final Rule Enforcement (PDF)
Full text of HHS amending sections within HIPAA related to the authority of the Secretary of the HHS (the Secretary) to impose civil money penalties.

HHS Proposed Rule Genetic Information Nondiscrimination Act of 2008 (GINA) (PDF)
Full text of HHS proposed rule to modify certain provisions HIPAA related to genetic information.

Statement of Organization, Functions, and Delegations of Authority (PDF)
Full text of HHS statement of delegated authority for HIPAA security rule from the Centers for Medicare & Medicaid Services (CMS) to the Director, Office for Civil Rights (OCR).

Updated Friday, October 14, 2016 at 12:23PM