Laws & Rules Impacting e-Health

Minnesota legislation (Minnesota Statutes 62J.495 Subd. 3) requires that all health care providers in the state implement an interoperable electronic EHR system by January 1, 2015. The legislation was updated in 2015 to exempt individual health care providers in a solo, private practice, and those who do not accept reimbursement from a group purchaser.

Additional e-health components in 62J.495 include the Minnesota e-Health Initiative (62J.495 Subd. 2), coordination with national activities (62J.495 Subd. 4), and e-health assessment activities (62J.495 Subd. 5)

Resource: Minnesota Interoperable Electronic Health Record Requirements

Minnesota legislation (Minnesota Statutes 62J.497) requires prescribers, pharmacists and pharmacies, and pharmacy benefit managers to be e-prescribing by January 1, 2011. The legislation was updated in 2016 to remove the exemption for clinics with two or fewer practicing physicians.

The Minnesota Department of Health is required by Minnesota legislation (Minnesota Statutes 62J.498, through 62J.4982) to establish an oversight process that will protect the public interest on matters pertaining to health information exchange.

Resource: Minnesota HIE Oversight

Minnesota legislation (Minnesota Statutes 144.291 through 144.298) governing health records information.

Resource: Minnesota e-Health Privacy & Security

The Health Care Administrative Simplification Act (Minnesota Statute 62J.536) was enacted to achieve greater standardization and electronic exchange of health care administrative transactions, to reduce administrative costs and burden.

Resource: Health Care Administrative Simplification

The Minnesota Government Data Practices Act (MGDPA) (Minnesota Statute 13) controls how government data are collected, created, stored (maintained), used and released (disseminated). The MGDPA sets out certain requirements relating to the right of the public to access government data and the rights of individuals who are the subjects of government data.

Resource: Minnesota e-Health Privacy & Security

Resource: Foundations in Privacy Toolkit

Minor Consent (Minnesota Statutes 144.341 through 144.347) guarantees minors the right to confidential health care services, without parental consent, in certain situations:

• A minor who is or has been married, or borne a child;
• Reproductive care, contraceptives, sexually transmitted diseases, alcohol and drug abuse;
• Mental health care if over 16;
• Emergencies;
• Hepatitis B vaccinations; and
• Abortions, in limited situations.

Resource: Minnesota e-Health Privacy & Security

The Health Insurance Portability and Accountability Act of 1996 (HIPAA), Public Law 104-191, was enacted to improve portability and continuity of health insurance coverage in the group and individual markets, to combat waste, fraud, and abuse in health insurance and health care delivery, to promote the use of medical savings accounts, to improve access to long-term care services and coverage, to simplify the administration of health insurance, and for other purposes. The HIPAA Administrative Simplification Regulations (45 CFR parts 160, 162, and 164), also known as the Privacy and Security Rules, provide federal guidance on the Act’s implementation.

The Health Insurance Portability and Accountability Act (HIPAA) of 1996 protects health insurance coverage for workers and their families when they change or lose their jobs, requires the establishment of national standards for electronic health care transactions, and requires establishment of national identifiers for providers, health insurance plans, and employers.

The HHS Office for Civil Rights administers the HIPAA Privacy and Security Rules. The HIPAA Privacy Rule describes what information is protected and how protected information can be used and disclosed. The HIPAA Security Rule describes who is covered by the HIPAA privacy protections and what safeguards must be in place to ensure appropriate protection of electronic protected health information.

The Centers for Medicare & Medicaid Services administer and enforce the HIPAA Other Administrative Simplification Rules, including the Transactions and Codes Set Standards, Employer Identification Number (EIN), and National Provider Identifier Standard (NPI). The HIPAA Enforcement Rule provides standards for the enforcement of all the Administrative Simplification Rules.

42 CFR Part 2

42 Code Federal Regulations Part 2 regulates and facilitates information exchange within new health care models while addressing the privacy concerns of patients seeking treatment for a substance use disorder.

Resource: Health Information Privacy (U.S. Department of Health and Human Services)

The Office of the National Coordinator for Health Information Technology has resources related to the following federal health IT legislation listed below at Health IT Legislation.

• ONC’s Cures Act Final Rule  
• Federal Register: 21st Century Cures Act: Interoperability, Information Blocking, and the ONC Health IT Certification Program
  ONC’s Cures Act Final Rule supports seamless and secure access, exchange, and use of electronic health information. 
• Health Data, Technology, and Interoperability: Certification Program Updates, Algorithm Transparency, and Information Sharing (HTI-1) Final Rule 
  ONC's HTI-1 final rule implements provisions of the 21st Century Cures Act and makes updates to the ONC Health IT Certification Program (Certification Program) with new and updated standards, implementation specifications, and certification criteria. Provisions in the HTI-1 final rule advance interoperability, improve transparency, and support the access, exchange, and use of electronic health information.

• Federal Register: Requirements Related to Surprise Billing
• The No Surprises Act: New Protections from Surprise Billing 
  Minnesota specific information.