Table 2.
Legal themes reflected in HIE literature and associated assessment questions
| Legal theme | Coding question |
|---|---|
| Governance | Does the law authorize implementation of a statewide HIE? |
| Who retains control over the statewide HIE’s operations? | |
| Participation Incentives and Mandates | Does the law incentivize HIE participation (excluding funds to be spent solely on HIE creation or implementation)? |
| Does the law provide immunity from liability for the HIE/health information organization or its participants? | |
| Does the law mandate that any providers must access or contribute to HIE data? | |
| Funding and Sustainability | Does the law address HIE funding? |
| Does the law specify funding sources to cover initial HIE implementation costs? | |
| Does the law specify funding sources for long-term operability? | |
| HIE Participation and Use | Does the law authorize state and local health authorities to access the HIE? |
| Does the law authorize any other state agency or entity (other than public health) to access the HIE? | |
| Does the law authorize medical labs to convey medical test results through HIE? | |
| Does the law authorize pharmacists and pharmacies to access the HIE (eg, for the purposes of filling prescription drug orders and documenting other pharmaceutical care)? | |
| Does the law authorize educational or other research institutions to access HIE data through an HIE portal or user interface (excluding research requiring express consent for the use of an individual’s information)? | |
| Does the law authorize payers to access HIE data? | |
| Patient Engagement | Are patients authorized to access their HIE data electronically through a portal or user interface (ie, excluding access to e-mailed, faxed, or mailed copies of their records)? |
| Does the law include provisions that address public transparency of HIE activities, including but not limited to public participation in HIE policy and public disclosures of policies, operations, and activities? | |
| Privacy | Does the law require privacy protections for HIE (excluding direct reference to state or federal privacy laws)? |
| Is patient consent required for disclosure of patient data in the HIE? | |
| Confidentiality | Are there express duties for providers or other HIE users to protect patient data from unauthorized access/disclosure? |
| Security | Does the law address administrative, technical, or physical safeguards to secure HIE data (excluding direct references to state or federal laws)? |