Proposed Regulations
NEW YORK STATE DEPARTMENT OF HEALTH
Return to Public Health Forum



Proposed Rule Making:
Addition of Part 300 to Title 10 NYCRR (Statewide Health Information Network for New York (SHIN-NY))

Publication Date: 09/03/2014Comment Period Expiration: 10/20/2014
Proposed Text and Statements:

SUMMARY OF EXPRESS TERMS

Public Health Law 206(18-a)(d) gives the Department broad authority to promulgate regulations, consistent with federal law and policies, that govern the Statewide Health Information Network for New York (SHIN-NY).
This regulation codifies certain requirements that have already been incorporated into grant contracts between the Department and grantees under Phases 1, 5, 10, 17 and 22 of the Health Care Efficiency and Affordability Law for New Yorkers (HEAL NY) Capital Grant Program. Under HEAL NY, the Department has provided over $400 million for health information technology (“health IT”) projects. Grantees include: a Not-for-Profit corporation called New York eHealth Collaborative, Inc. (“NYeC”), which is currently New York’s State-designated entity to promote health IT; and a number of Regional Health Information Organizations (RHIOs), which facilitate interoperability among the disparate electronic health record systems that contain patient information.
Under this regulation, certain policies that have already been incorporated into the HEAL NY grant contracts will continue to be updated under a statewide collaboration process that results in SHIN-NY Policy Standards. An organization such as NYeC will be the State designated entity. Existing RHIOs and other such health information exchange organizations may apply to become qualified health IT entities (QEs). To become a QE and to maintain that designation, an organization must adhere to policies, such as the SHIN-NY Policy Standards, that enable widespread interoperability among disparate health information systems, including electronic health records, personal health records and public health information systems, while protecting privacy and security.
This regulation makes clear that, consistent with 42 USC 17938, QEs may make it possible, without patient authorization, to make patient information available among disparate health care providers so long as the QEs enter into and adhere to participation agreements with their participants that comply with federal requirements under HIPAA and 42 CFR Part 2 for business associates and qualified service organizations. This regulation creates a general rule that a written authorization is required to access patient information made available through the QEs. When an emergency condition exists, however, and a health care provider is authorized to provide treatment without the consent of the patient, the health care providers may also “break the glass” and access information as needed to provide such treatment. This regulation incorporates legal requirements related to disclosure of patient information without consent, as well as laws that specifically authorize disclosure of patient information for health care purposes, including public health and health oversight purposes, without the type of written, signed authorization that contains all of the elements that would be required for a health care provider to get permission to disclose patient information to a third party for purposes other than health care.
This regulation establishes the structure for the SHIN-NY after the HEAL NY program winds down and the State loses the ability to enforce requirements solely through grant contracts. The Department will continue to partner with a state designated entity, whose functions are set out. In order to participate in the SHIN-NY, health information exchange organizations will need to be certified under a QE certification process and satisfy certification requirements on an ongoing basis under the procedures established by this regulation.


Pursuant to the authority vested in the Commissioner of Health and the Public Health and Health Planning Council by sections 201, 206(1) and (18-a)(d), 2800, 2803, 2816, 3600, 3612, 4000, 4010, 4400, 4403, 4700 and 4712 of the Public Health Law, a new Part 300 of Title 10 (Health) of the Official Compilation of Codes, Rules and Regulations of the State of New York is added to be effective upon publication of a Notice of Adoption in the New York State Register, to read as follows:

Part 300
Statewide Health Information Network for New York (SHIN-NY)
Sec.
300.1 Definitions
300.2 Contract with state designated entity.
300.3 Statewide collaboration process and SHIN-NY Policy Standards.
300.4 Qualified health IT entities (QEs).
300.5 Sharing of patient information.
300.6 Patient rights.
300.7 Contracts between state designated entity and QEs.
300.8 Participation of health care facilities.
300.9 Financing of SHIN-NY.

300.1 Definitions. For the purposes of this Part, these terms shall have the following meanings:
(a) “Statewide Health Information Network for New York” or “SHIN-NY” means a set of agreements (and the transactions, relations and data that are created by and through such set of agreements) between the department, the state designated entity, QEs and QE Participants to make possible the exchange of clinical information among QE Participants for authorized purposes to improve the quality, coordination and efficiency of patient care, reduce medical errors and carry out public health and health oversight activities, while protecting privacy and security. Pursuant to such agreements, the state designated entity, the QEs and the QE Participants agree to be bound by policy and technical requirements in SHIN-NY policy standards that has been created through the statewide collaboration process.
(b) “SHIN-NY stakeholders” means the department, the state designated entity, the QEs, the QE Participants, health care providers, health plans, State and local health departments and health care consumers.
(c) “Commissioner” means the New York State Commissioner of Health.
(d) “Department” means the New York State Department of Health.
(e) “State designated entity” means the single entity that:
(1) Has been designated by the Governor as eligible to receive from the federal government grants to promote health information technology and conforms to federal requirements to receive such awards, or that has been certified by the Commissioner as meeting the requirements of this Part;
(2) Is a not-for-profit entity that includes on its board of directors representation from a broad range of SHIN-NY stakeholders;
(3) Demonstrates that its principal purpose is to serve the people of the State of New York by using, creating and obtaining information technology to create and maintain the SHIN-NY; and
(4) Adopts nondiscrimination and conflict of interest policies that demonstrate a commitment to open, fair, and nondiscriminatory participation by SHIN-
NY stakeholders.

(f) “Qualified health IT entity” or “QE” means a not-for-profit entity that has been certified as a QE under section 300.4 of this Part and has executed a contract with the state designated entity under section 300.7 of this Part, pursuant to which it has agreed to be bound by SHIN-NY policy standards.
(g) “QE Participant” means any health care provider, health plan, State or local health department, or other type of person or entity authorized to be a QE Participant under the SHIN-NY policy standards that has executed a participation agreement with a QE, pursuant to which it has agreed to participate in the SHIN-NY and be bound by SHIN-NY policy standards.
(h) “Health care provider” means a health care facility as defined in paragraph (c) of subdivision one of section 18 of the Public Health Law or a private practice of one or more health care practitioners licensed under Title 8 of the Education Law or otherwise authorized to practice in New York State.
(i) “Statewide collaboration process” means an open, transparent process to which multiple SHIN-NY stakeholders contribute, and that is administered by the state designated entity for the development of SHIN-NY policy standards as provided in section 300.3 of this Part.
(j) “SHIN-NY policy standards” means the set of policies and procedures, including technical standards and SHIN-NY services and products, that are developed through the statewide collaboration process and adopted by the department as provided in section 300.3 of this Part, including the SHIN-NY policy standards incorporated by reference in subdivision (c) of that section. Any reference to “Statewide Policy Guidance” in SHIN-NY documents executed prior to the effective date of this regulation are deemed to refer to the SHIN-NY policy standards.
(k) “Patient information” means health information that is created or received by a QE Participant and relates to the past, present, or future physical or mental health or condition of an individual or the provision of health care to an individual, and that identifies the individual or with respect to which there is a reasonable basis to believe the information can be used to identify the individual.
(l) “Minor consent patient information” means patient information relating to medical treatment of a patient under 18 years of age for which the patient provided his or her own consent as permitted by law, without a parent’s or guardian’s permission.
(m) “Dial Tone Services / Service Requirements” means the technical services that a Qualified Entity is required to provide, as described in “Qualified Entity (QE) Dial Tone Service Requirements.”
(n) “SHIN-NY certified application” means application software that has been approved by the department after demonstrating, through a certification process, the ability to interface with the SHIN-NY as permitted by this Part. To become certified through the certification process, the application software shall be tested to ensure that it meets established technical standards, including standards for privacy and security, restrictions on access, protection against malicious software, data encryption and user authentication. SHIN-NY certified application includes application software that makes it possible for patients to access their own personal health records.

300.2 Contract with state designated entity. The department shall enter into a contract with the state designated entity that shall govern the relationship between the department and the state designated entity and set minimum standards for the relationship between the state designated entity and QEs, including, but not limited to:
(a) Obligations of the state designated entity. The contract shall provide that the state designated entity shall:
(1) Oversee the implementation and ongoing operation of the SHIN-NY.
(2) Administer the statewide collaboration process, facilitate the development, regular review and updating of SHIN-NY policy standards, and periodically propose SHIN-NY policy standards for adoption by the department pursuant to section 300.3 of this Part.
(3) Develop and implement the process by which organizations become certified and recertified as QEs under section 300.4 of this Part.
(4) Provide explicit protections for patient rights enumerated in section 300.6 of this Part.
(5) Contract with the QEs pursuant to section 300.7 of this Part, to ensure compliance with applicable SHIN-NY policy standards.
(6) Produce and make available to consumers and health care providers outreach and education materials related to the SHIN-NY to promote and increase adoption of interoperable electronic health record technology. As appropriate, collaborate with QEs to develop the materials.
(7) Working with the QEs, develop and disseminate best practices for outreach to health care providers to facilitate the adoption of electronic health records and enrollment of health care providers as QE Participants, and provide assistance upon request to QEs with such outreach, adoption and enrollment efforts.
(8) Provide regular opportunities for public attendance, comments and feedback at meetings of its board of directors, and publish minutes of meetings.
(9) Perform regular audits, either directly or through contract, of QE functions and activities as necessary to ensure ongoing data quality, security, confidentiality and integrity of the SHIN-NY.
(10) Provide such technical services, either directly or through contract, that the state may deem necessary to ensure the ongoing data quality, security, confidentiality and integrity of the SHIN-NY.
(11) Report to the department on a regular basis concerning the quality, security and integrity of the SHIN-NY.
(12) Enforce contracts with QEs, including provisions allowing the suspension of a QE’s access to or use of the SHIN-NY to the extent that the state designated entity reasonably determines that the QE is the cause of any event that creates an immediate threat of, or is likely to cause, irreparable harm to the SHIN-NY or any person accessing or using the SHIN-NY or any person whose information is accessed or transmitted through the
SHIN-NY.
(13) Submit to audits and ongoing monitoring, as determined by the department.
(14) Perform such other roles and responsibilities as may be required of the state designated entity by applicable law, the SHIN-NY policy standards or the department.
(b) Obligations of the QEs. The contract shall provide that the state designated entity executes contracts with QEs as provided in section 300.7 of this Part.


300.3 Statewide collaboration process and SHIN-NY policy standards.
(a) Statewide collaboration process. The state designated entity shall develop and propose SHIN-NY policy standards in accordance with the statewide collaboration process in this subdivision as set forth below, and as further specified in the contract between the department and the state designated entity.
(1) Workgroups, forums and committees established and facilitated by the state designated entity may develop and approve recommendations on SHIN-NY policies, technical standards and SHIN-NY services and products.
(2) Such recommendations may be submitted for approval to the board of directors of the state designated entity, which may formally propose SHIN-NY policy standards.
(3) Proposed SHIN-NY policy standards shall be submitted to the department by the state designated entity on a periodic basis, but in no event less than annually.
(4) The department may accept or reject proposed SHIN-NY policy standards at its sole discretion.
(5) Upon approving SHIN-NY policy standards, the department shall take such action as appropriate to incorporate it by reference into this section.
(b) Minimum contents of SHIN-NY policy standards. SHIN-NY policy standards, as defined in subdivision (j) of section 300.l of this Part, shall include, but not be limited to, policies and procedures on privacy and security, monitoring and enforcement, dial tone service requirements, member facing service requirements, organizational characteristics and QE certification. SHIN-NY policy standards shall include explicit protections for the patient rights enumerated in section 300.6 of this Part.
(c) SHIN-NY policy standards incorporated by reference into this section. QEs, QE Participants and the state designated entity shall comply with the following current existing and as periodically updated, SHIN-NY policy standards, published on the website of New York eHealth Collaborative, Inc., which shall be posted on the websites of the state designated entity and the department and is available for public inspection and copying at the department’s records access office, Corning Tower, Empire State Plaza, Albany, NY 12237:
(1) “Privacy and Security Policies and Procedures for Qualified Entities and their Participants in New York State,” Version 3.1, June 2014.
(2) “Oversight & Enforcement Policies and Procedures for QEs,” Version 1.2, June 2014.
(3) “Qualified Entity (QE) Minimum Technical Requirements,” Version 1.2, June 2014.
(4) “Qualified Entity (QE) Member Facing Services Requirements,” Version 1.2, June 2014.
(5) “Qualified Entity (QE) Organizational Characteristics Requirements,” Version 1.2, June 2014.
http://www.health.ny.gov/technology/regulations/shin-ny/

300.4 Qualified health IT entities (QEs).

(1) The QE will support and advance the use of health IT in the public interest and attests to having a board of directors and officers with such character, experience, competence and standing as to give reasonable assurance of its abilities in this respect;
(2) The QE has organizational characteristics as described in “Qualified Entity (QE) Organizational Characteristics Requirements,” as incorporated by reference in paragraph (5) of subdivision (c) of section 300.3 of this Part.
(3) The QE has the capability and infrastructure to operationalize all SHIN-NY requirements including dial-tone services, policies and practices for exchange of data, system performance, member-facing services, business plans, audit procedures and participation in SHIN-NY policy standards development;
(4) The QE has privacy and security policies in place that comply with statewide policies regarding: patient consent for access to health information; the authorization and authentication of users in order to access the system; patient engagement; and the processes to be undertaken relating to audit of system use notification and remedies for breaches of health information and sanctions for any SHIN-NY policy standards violations, consistent with current laws and regulations;
(5) The QE will comply with the SHIN-NY policy standards and will require its QE Participants to do so as well;
(6) The QE will be each QE Participant’s “business associate” as defined in 42 USC 17921 or, if a QE Participant is not a “covered entity” thereunder, the QE will enter into a written agreement with the QE Participant comparable to the agreement the QE is required to enter into with covered entities.
(7) The QE will contribute to the overall development of the SHIN-NY that includes participation as defined in the SHIN-NY policy standards.
(b) The department shall periodically require QEs to demonstrate continued compliance with certification standards through a process of self-audit and re-certification by the department or a certification body designated by the department.
(c) The department shall establish procedures for monitoring and enforcement through periodic audits of QEs and other activities to ensure ongoing compliance with criteria, financial requirements and standards.

300.5 Sharing of Patient Information.
(a) General standard. Pursuant to the contract between the department and the state designated entity, contracts between the department and QEs, contracts between the state-designated entity and QEs, and participation agreements between the QEs and QE Participants, QE Participants shall exchange patient information with other QE Participants solely for authorized purposes consistent with the SHIN-NY policy standards. The standards for such exchange shall be consistent with applicable SHIN-NY policy standards identified in subdivision (c) of section 300.3 of this Part. Individuals who work for the QE are personnel under contract with the QE Participant under subdivision six of section 18 of the Public Health Law, and a QE Participant may disclose patient information necessary in light of the reason for disclosure without a written authorization from the patient of the QE Participant. Except as set forth in subdivision (b)(2) or (c) of this section, a QE shall only allow access to patient information by other QE Participants with the written authorization of:
(1) the patient; or
(2) when the patient lacks capacity to consent, with the written authorization of:
(i) another qualified person under section 18 of the Public Health Law;
(ii) a person the patient has authorized to access records relating to the provision of health care under General Obligations Law Article 5, Title 15; or
(iii) a person authorized pursuant to law to consent to health care for the individual.
(b)Written authorization.
(1) In general. Written authorizations must specify to whom disclosure is authorized. Patient information may not be disclosed to entities becoming QE Participants subsequent to the execution of a written authorization unless and until such entities are specified in a new authorization. Any written authorization shall remain in effect until it is revoked in writing or explicitly superseded by a subsequent written authorization. A patient shall be entitled to revoke a written authorization in writing at any time.
(2) Minor consent patient information. A minor’s patient information other than minor consent patient information may be disclosed when authorized by the minor’s parent or legal guardian. Minor consent patient information may be disclosed to a QE Participant if the minor’s parent or legal guardian has provided authorization for the QE Participant to access the minor’s other patient information through the SHIN-NY; provided, however, if federal law or regulation requires the minor’s authorization for such disclosure, the disclosure may not be made without the minor’s authorization. Notwithstanding the foregoing, in no event may a QE Participant disclose minor consent patient information to the minor’s parent or guardian without the minor’s authorization. Minor consent patient information includes, but is not necessarily limited to patient information concerning:
(i) treatment of such patient for venereal disease or the performance of an abortion under section 17 of the Public Health Law;
(ii) the diagnosis, treatment or prescription for a sexually transmitted disease under section 2305 of the Public Health Law;
(iii) any patient who is married or is the parent of a child under section 2504 of the Public Health Law;
(iv) prenatal care for a pregnant patient under section 2504 of the Public Health Law;
(v) an HIV test under section 2781 of the Public Health Law;
(vi) mental health services under section 33.21 of the Mental Hygiene Law;
(vii) alcohol and substance abuse treatment under section 22.11 of the Mental Hygiene Law;
(viii) a legally emancipated minor; and
(ix) treatment that a minor has a Constitutional right to receive without a parent’s or guardian’s permission as determined by courts of competent jurisdiction.
(c) Access without written authorization. A QE shall, where permitted by law, allow access to patient information without written authorization when:
(1) Prior consent has already been obtained for the disclosure under subdivision 23 of section 6530 of the Education Law, and no provision of law or SHIN-NY policy standards requires a written authorization.
(2) Disclosure to the individual entity accessing the patient information is:
(i) required by law; or
(ii) authorized by law: (3) the health care provider treating the patient, a person acting at the direction of such health care provider, or other professional emergency personnel as authorized under the SHIN-NY policy standards, has documented a determination that an emergency condition exists and the patient is in immediate need of medical attention, and an attempt to secure consent would result in delay of treatment which would increase the risk to the patient’s life or health.
(4) the disclosure is allowed during a declared state disaster emergency, when the governor issues an Executive Order pursuant to executive law Section 29-a.
(d) Implementation. In conformance with SHIN-NY policy standards, QEs must have procedures and technology to be able to exchange patient information for patients of any age, consistent with all applicable state laws and regulations regarding minor consent patient information, and must have appropriate procedures and technology to allow patients to deny access to specific QE Participants. A minor’s consent or revocation of consent to access minor consent patient information must be honored.

300.6 Patient rights. The State designated entity, the QE and the QE participants shall ensure the following patient rights are afforded. In addition, SHIN-NY policy standards, the contract between the department and the state designated entity, contracts between the department and QEs, contracts between the state designated entity and QEs, and participation agreements between QEs and QE Participants shall each provide explicit protections for the following patient rights, as described in more detail in the SHIN-NY policy standards.

(a) No entities other than the department, the state designated entity, QEs or QE Participants shall have access to patient information through the SHIN-NY, except as otherwise required by law.

(b) Each patient may determine which QE Participants may access that patient’s information through the SHIN-NY and which may not, as described in “Privacy and Security Policies and Procedures for QEs and their Participants in New York State.”

(c) Each patient and/or the patient’s legally authorized representative shall have access to that patient’s own patient information, except as otherwise prohibited by law. The state designated entity and the QEs shall permit access to the patient and/or the patient’s legally authorized representative using any SHIN-NY certified application.

(d) Each patient and/or the patient’s legally authorized representative shall have access to information identifying who has obtained access to that patient’s patient information through the SHIN-NY and under what authority the disclosure was made.

(e) Each patient and/or the patient’s legally authorized representative shall have the right to revoke the access of any QE Participant to that patient’s patient information through the SHIN-NY in writing at any time.

300.7 Contracts between state designated entity and QEs.
Each QE entering into a contract with the state designated entity shall agree upon the terms and conditions governing the QE’s participation in the SHIN-NY. A QE may only disclose patient information to the state designated entity where the state designated entity is the QE’s “business associate” as defined in 42 USC 17921. Each contract shall include provisions requiring the QE to:
(a) Act as an intermediary between the state designated entity and QE Participants.

(b) Build, maintain and operate a network of QE Participants seeking to exchange information.

(c) Provide network services in accordance with the SHIN-NY policy standards.

(d) Adhere to minimum standards applicable to QEs in accordance with the certification requirements established in the SHIN-NY policy standards pursuant to section 300.4 of this Part.

(e) Organize and promote adoption, marketing and education related to the SHIN-NY.

(f) Submit to regular audits of QE functions and activities by the department and/or the state designated entity as necessary to ensure the ongoing quality, security and integrity of the SHIN-NY.

(g) Perform self-audits and report to the department and/or the state designated entity on a regular basis concerning the quality, security and integrity of the SHIN-NY, in a format determined by the department.
(h) Perform such other roles and responsibilities as may be required of the QE by applicable law or SHIN-NY policy standards.
(i) Ensure that data from QE Participants is made available through the SHIN-NY in accordance with applicable laws and regulations.
(j) Participate in the statewide collaboration process.
(k) Comply with SHIN-NY policy standards.
(l) Require the QE to enter into QE participation agreements with its participants, containing components acceptable to the department and the state designated entity, that, among other things, requires the participants to comply with SHIN-NY policy standards.
(m) Suspend or terminate its participation in the SHIN-NY under specified conditions.
(n) Carry appropriate types and amounts of insurance.
(o) Provide explicit protections for the patient rights enumerated in section 300.6 of this Part.
(p) Perform such other roles and responsibilities as may be specified by the Commissioner.

300.8 Participation of health care facilities
(a) Two years from the effective date of this regulation, health care facilities, as defined in paragraph (c) of subdivision one of section eighteen of the Public Health Law, utilizing certified electronic health record technology under the federal Health Information Technology for Economic and Clinical Health Act (HITECH) must connect to the SHIN-NY through a QE and allow private and secure bi-directional access to patient information by other QE Participants authorized by law to access such patient information. Bi-directional access means that a QE participant uploads its patient information to the QE so that it is accessible to other QE participants authorized to access the information and the QE participant has the technical capacity to access the patient information of other QE participants from the QE when authorized to do so.

(b) The requirement in subdivision (a) of this section may be waived for health care facilities that meet criteria established by the Commissioner, such as economic hardship, technological limitations that are not reasonably within control of the provider or other exceptional circumstances demonstrated by the provider to the department.


300.9 Financing of SHIN-NY.
(a) The state designated entity shall develop, in collaboration with SHIN-NY stakeholders, a sustainability plan for the SHIN-NY that shall be submitted to the department for its approval, and that:
(1) Ensures the financial soundness of the network, including maintenance of operations by QEs;
(2) Keeps the cost of statewide services as low as possible and distributed equitably among users; and
(3) Ensures that health care providers who serve medically underserved populations have access to the SHIN-NY dial-tone and member facing services regardless of the provider’s ability to pay.
(b) The state retains all legal authority to determine how public funds are distributed; provided, however, that the department may enter into an agreement under which a contractor administers the distribution of public funds to QEs utilizing a formula specified by the department.


SUMMARY OF THE REGULATORY IMPACT STATEMENT

Statutory Authority:
Public Health Law Section 206(18-a)(d) authorizes the Commissioner of Health to make rules and regulations to promote the development of a self-sufficient Statewide Health Information Network for NY (SHIN-NY) to enable widespread, non-duplicative interoperability among disparate health information systems, including electronic health records (EHRs), personal health records (PHRs) and public health information systems while protecting privacy and security. Part G of Chapter 57 of the Laws of 2006 established the “office of Health e-Links” to implement health information technology across the state.
Purpose of Regulation:
This regulation will formalize and update the current governance structure and process for operation of the SHIN-NY in order to advance health information technology adoption and use on a statewide basis for the public good.
Benefits of Regulation:
The regulation is intended to support the triple aim of improving the patient care experience (including quality and cost), improving the health of populations, and reducing the per capita cost of health care through the broad adoption of health information exchange by: : Through its agreement with DOH, the state designated entity is responsible for implementing the key components of the state strategy and business plan specified by the Department which includes:
State and Local Cost:
To date, the development of the SHIN-NY and expansion of EHR adoption has been funded through a combination of federal and state funds distributed through grant programs, as well as private contributions from participating health plans, providers and other stakeholders. Currently, over 170 hospitals and over 8200 primary care providers qualify for “meaningful use” incentives under Medicaid and Medicare. In addition, through HEAL NY funding, it is expected that over 7800 primary and specialty care providers were supported to have adopted EHRs and be connected to the SHIN-NY by the end of 2013. Over 70% of hospitals in New York State participate in RHIOs, and over 50% of Federally Qualified Health Centers (FQHCs). In order to ensure that New York continues to reap the value of its health IT investments, it is critical to identify ongoing and sustainable funding for its key HIE infrastructure – the SHIN-NY.
Investment in the operation of the SHIN-NY will also generate a substantial return through the elimination of wasted expenditures and promoting better quality health care at a lower cost. Three studies conducted in Rochester by the Health Information Technology Evaluation Collaborative (HITEC), an academic research consortium with contracts with the State Department of Health to perform evaluation activities for the HEAL NY Program identified improved quality and reduction in duplicative testing and in readmission rates for a two year study period for events in 2009-2010. Use of the Rochester RHIO by five Emergency Departments (EDs) resulted in 6 averted admissions per 100 patients who came to the ED, resulting in $9 million projected savings annually across the adult community. Extrapolating the cost savings across the state would result in an annual savings of $52 million. During the same study period, image exchange use through the Rochester RHIO within 90 days following an initial imaging procedure reduced the probability of repeat imaging by 35%. Finally, use of the Rochester RHIO after hospital discharge resulted in a 55% reduction in readmission within 30 days. These highly significant findings with important financial implications further demonstrate the value of the SHIN-NY.
An 18-month study in the Buffalo region looked at the number of multiple CT scans ordered for the same body part, for the same patient, over a six-month period. During the period 2,763 CT scans were deemed to be potentially unnecessary, duplicative tests. 90% of the potentially duplicative tests were ordered by physicians who never or infrequently access the local health information exchange. By local calculations, that amounts to a potential additional cost of $1.3 million over a six-month period for one test in one region of the state.
It is estimated that operating support for the State’s Health Information Exchange Network will require an annual commitment of approximately $70 million for technical operations, development, member services and statewide policy work.

Costs to Regulated Entities:
The proposed regulation will require that health care facilities defined in PHL Section 18, and practitioners in the private practice of medicine that utilize certified EHRs, connect to the SHIN-NY. In New York State there are 228 general hospitals, 1198 hospital extension clinics, 1239 diagnostic and treatment centers, and 635 nursing homes. There are also 139 certified home health agencies (CHHAs), 97 long term home health care programs (LTHHCP), 19 hospices and 1164 licensed home care services agencies (LHCSAs).
Average interface costs for hospitals are $75,000 while interface costs for physician practices vary but generally average $5000 – 10,000 per practice. Interface costs for other types of facilities, such as nursing homes, home care agencies and hospice would fall in between physician practices and hospitals, depending on the size and complexity. Some RHIOs have established this functionality for their participants, and therefore, there are reduced associated interface costs for their participants, which include physician practices. In other areas, health plans have absorbed the interface costs for their network providers because they see the value of having their physicians connected to the SHIN-NY. Only health care providers, regulated by the Department of Health, using certified EHR technology need to comply with these requirements. Currently, adoption of certified EHR technology for health care facilities outside of hospitals and FQHCs is low because they are not eligible to receive meaningful use incentive payments.
The regulation is being put forth as a “public good” model, that is, a certain set of baseline services, both technical and administrative, will be made available to all providers within New York State, at no charge. The basic technical services will include; patient record look-up, secure messaging, consent management, notifications and alerts, identity management and security, provider and public health clinical viewer, public health integration and results delivery.

Local Government Mandates:
The State Enterprise Health Information Exchange as part of the SHIN-NY is designed to streamline how providers interact with the many public health information systems that currently exist, to decrease reporting burdens, promote bidirectional information exchange, and advance public health priorities. Article 28 facilities operated by local governments will be required to comply with these regulations in the same manner as other Article 28 facilities. Should local health departments need to make expenditures to comply with the regulatory requirements, they have opportunities to request funding through Article 6 Local Assistance Grant Program, and possibly other sources.

Paperwork:
Entities that wish to become QEs will need to submit an application for review by DOH to determine if the criteria outlined in the regulation have been met as well as meeting other criteria as may be required under the QE certification process.
Any entity seeking certification as a QE, regardless the entity’s organizational structure, origin or type, will be subject to the full certification process. This certification process incorporates criteria that fall into four broad categories including; Organizational Characteristics, Operational Requirements, Policies and Procedures and Technical Requirements. QEs would be subject to either biennial or triennial recertification, depending on their level of scoring and would also be subject to ongoing monitoring and enforcement activities between full certifications. This all being done to ensure that patient information is made available to all providers participating in a patient’s care in a secure and confidential manner.


Duplication:
This regulation will not conflict with any state or federal rules.

Alternatives:
Because state funding for health IT infrastructure was provided through the HEAL NY program, the State Department of Health believed the best way to facilitate a standardized process for this purpose was through a formal public private partnership. Our private partner, through a contract with DOH, facilitated the statewide collaboration process of a governance and policy framework to allow health information sharing among disparate providers to improve quality, improve efficiency and reduce costs of health care on a statewide basis while ensuring the privacy and security of patient information.
Governor David A. Paterson designated the New York eHealth Collaborative as the state designated entity, and as such was able to receive federal funding for health information exchange activities. Based upon the state and federal funding, and the development of statewide policies through a statewide collaboration process, the logical next step was to develop regulations based on this framework. Since health IT is quickly evolving and the marketplace is rapidly changing with regard to new tools and services available, the implementation of regulations before now would have required amendments based on current knowledge.
While other states have different models for health information exchange, and NY considered the approaches and models used in other states through its statewide collaborative process, based on the size, complexity and diversity of New York and the resources that were available, the State Department of Health determined that the current model was the best approach. The State Department of Health shall convene and consider the recommendations of the workgroup established by Public Health Law 206(18-a)(b), and if the State Department of Health acts in a manner inconsistent with the recommendations of the workgroup, it shall provide the reasons therefor.

Federal Standards:
This rule aligns with current federal laws and regulations governing the adoption of interoperable exchange of health information and meaningful use requirements under the HITECH provisions of ARRA. State laws regarding the disclosure of personal health information to health care providers are more stringent than the federal standards for HIPAA.

Compliance Schedule:
Since RHIOs or QEs are largely operational in NYS and the majority of hospitals and federally qualified health centers are already participants, and the number of physicians practices participating continues to grow and the infrastructure for the SHIN-NY is already in development, the estimated time period needed for regulated persons or entities to achieve compliance with the rule has been staggered. One year from the time the rule becomes effective the RHIOs/Qes need to be fully compliant with the certification requirements and provide the basic technical and administrative services defined. Two years from the time the rule becomes effective health care facilities, utilizing certified health record technology must connect to the SHIN-NY through a QE and allow private and secure bi-directional access to patient information by other QE Participants authorized by law to access such patient information.


Contact Person: Katherine Ceroalo
New York State Department of Health
Bureau of House Counsel, Regulatory Affairs Unit
Corning Tower Building, Rm. 2438
Empire State Plaza
Albany, New York 12237
(518) 473-7488
(518) 473-2019 (FAX)
REGULATORY IMPACT STATEMENT

Statutory Authority:
Public Health Law 206(18-a)(d) authorizes the Commissioner to make such rules and regulations as may be necessary to implement federal policies and disburse funds as required by the American Recovery and Reinvestment Act of 2009 and to promote the development of a self-sufficient Statewide Health Information Network for New York (SHIN-NY) to enable widespread, non-duplicative interoperability among disparate health information systems, including electronic health records, personal health records, health care claims, payment and other administrative data and public health information systems, while protecting privacy and security. Such rules and regulations shall include, but not be limited to requirements for organizations covered by 42 USC 17938 or any other organizations that exchange health information through the SHIN-NY.
Meaning of “implement federal policies”
The federal government, through the Office of the National Coordinator for Health Information Technology (ONC), has been promoting and subsidizing the adoption of health IT for many years. According to the ONC-Coordinated Federal Health IT Strategic Plan: 2008-2012 (June 3, 2008), upon publication of Executive Order 13335 on April 27, 2004, President Bush set a target for the majority of Americans to have access to electronic health records (EHRs) by 2014. Under EO 13335 (3 CFR 13335), ONC is charged with directing “the nationwide implementation of interoperable health information technology in both the public and private health care sectors that will reduce medical errors, improve quality, and produce greater value for health care expenditures.”
Meaning of “disburse funds as required by the American Recovery and Reinvestment Act of 2009”
The American Recovery and Reinvestment Act (ARRA) of 2009 (P.L. 111-5) includes within it the Health Information Technology for Economic and Clinical Health (HITECH) Act (HITECH is ARRA Division A, Title XIII-Health Information Technology and ARRA Division B, Title IV-Medicare and Medicaid Health Information Technology).
Under HITECH, ONC is providing billions of dollars for: Meaning of “the development of a self-sufficient statewide health information network for New York (SHIN-NY)”
On the State level, New York is creating a Statewide Health Information Network for New York (SHIN-NY). Under the Health Care Efficiency and Affordability Law for New Yorkers (HEAL NY) Capital Grant Program (PHL 2818) Phases 1, 5, 10, 17 and 22, New York is promoting broad adoption of EHRs and other health IT tools and is subsidizing the operations of Regional Health Information Organizations (RHIOs) that facilitate health information exchange between disparate providers and health systems. The creation of the SHIN-NY and the expenditure of federal and State funds for health IT is being coordinated by DOH’s Office of Quality and Patient Safety, Division of Health Information Technology Transformation (DHITT). The Legislature established DHITT (referred to in the law as “the office of Health e-Links New York”) “to enhance the adoption of an interoperable regional health information exchange and technology infrastructure that will improve quality, reduce the cost of health care, ensure patient privacy and security, enhance public health reporting including bioterrorism surveillance and facilitate health care research in the state of New York” (L. 2006, ch. 57, Part G, 1), and the Legislature has continually appropriated money to fund the work of DHITT (again, referred to in the Chapter 54 appropriation laws as the office of Health e-Links or “health e-link”). In the 2014-2015 budget, the Legislature appropriated $55 million for the SHIN-NY (L. 2014, ch. 54).
Meaning of “organizations covered by 42 USC 17938”
Federal regulations implementing the privacy and security provisions of the Health Insurance Portability and Accountability Act (HIPAA) of 1996 are in 45 CFR Parts 160 and 164, and HITECH made a number of amendments to those federal regulations. One such amendment is a section of HITECH codified in 42 USC 17938 (“Business associate contracts required for certain entities”). Under 42 USC 17938: “Each organization, with respect to a [HIPAA-]covered entity, that provides data transmission of protected health information to such entity (or its business associate) and that requires access on a routine basis to such protected health information, such as a Health Information Exchange Organization, Regional Health Information Organization, E-prescribing Gateway, or each vendor that contracts with a covered entity to allow that covered entity to offer a personal health record to patients as part of its electronic health record, is required to enter into a written contract (or other written arrangement) described in section 164.502(e)(2) of title 45, Code of Federal Regulations and a written contract (or other arrangement) described in section 164.308(b) of such title, with such entity and shall be treated as a business associate of the covered entity for purposes of the provisions of this subtitle and subparts C and E of part 164 of title 45, Code of Federal Regulations, as such provisions are in effect as of the date of enactment of this title [enacted Feb. 17, 2009].”
Prior to the enactment of HITECH, on December 15, 2008, ONC had already published a guidance document called “The HIPAA Privacy Rule and Electronic Health Information Exchange in a Networked Environment.” That guidance made clear the federal government’s view that under HIPAA, RHIO participants may disclose health information to RHIOs without any authorization from patients provided that the RHIOs enter into appropriate “business associate” agreements with the RHIO participants. http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/; http://www.hhs.gov/ocr/privacy/hipaa/understanding/special/healthit/introduction.pdf; 45 CFR 164.502(e). 42 USC 17938 codified this guidance into law.
In 2010, the federal Substance Abuse and Mental Health Services Administration (SAMHSA) likewise issued guidance (which was supplemented on December 8, 2011) explaining that under 42 CFR Part 2, RHIO participants may disclose alcohol and substance abuse patient records to RHIOs without patient consent provided that the RHIOs enter into appropriate Qualified Service Organization agreements with the RHIO participants. http://www.samhsa.gov/healthprivacy/docs/ehr-faqs.pdf; December 8, 2011, FAQs (available upon request); 2 CFR 2.12(c)(4).
This regulation implements federal policies, including the federal polices effected by the HITECH provisions of ARRA to enable widespread interoperability among disparate health information systems, while protecting privacy and security. These regulations include the requirements for organizations such as RHIOs, which under 42 USC 17938 make it possible, without patient authorization, to exchange patient information among disparate health care providers so long as those organizations comply with federal requirements for business associates and qualified service organizations.
Public Health Law Sections 201, 206(1), 2800, 2803, 2816, 3600, 3612, 4000, 4010, 4400, 4403, 4700 and 4712 authorize the Commissioner to make such rules and regulations as may be necessary to effectuate the provisions and purposes of Public Health Law Articles 28, 36, 40, 44 and 47 and provide additional authority for the Commissioner to create and make use of the SHIN-NY.
Legislative Objectives:
This regulation will establish a formal governance structure and process for operation of the SHIN-NY in order to advance health information technology adoption and use statewide for the public good. The Department would develop and adopt policies to regulate people and entities in New York that exchange health information using the SHIN-NY, including Regional Health Information Organizations (RHIOs) and other such health IT entities.

Needs and Benefits:
This regulation facilitates the operation of a statewide interoperable health information infrastructure that will provide clinicians and consumers with access to health information in a timely, secure, efficient, and effective way.

Benefits of consistent policy implementation:
As the use of health information technology expands, the regulation will formalize a common policy framework across the entire health care system to maximize the use and benefits of the SHIN-NY. The SHIN-NY enables delivery of appropriate care at the appropriate time in a coordinated, patient-centered manner. RHIOs and QEs facilitate access to the SHIN-NY through participation agreements and technical services to connect health care providers to the network. A certification process has been established by the State Department of Health for QE designation. In order to qualify to become a QE, a set of minimum criteria must be met as outlined in the regulation as well as other criteria as may be established by a QE certification process. Consistent implementation of statewide policies through the regulatory process leads to a common approach to education and training of providers and consumers and can lead to reduction in costs and creation of efficiencies across the state. A standardized approach also mitigates the need for local or regional policies that may not conform to state standards.
The regulation will further promote adoption, usage and sustainability of health information exchange organizations and the SHIN-NY by:
In addition, HITECH established a program for incentive payments to Medicaid providers who demonstrate “meaningful use” of certified EHR technology with the ultimate goal of promoting health care quality and care coordination through state health information exchange (HIE) activities. Providers that achieve NCQA Patient Centered Medical Home designation qualify for meaningful use incentive payments. This regulation will expand access to and use of the SHIN-NY to additional segments of the broader health care system (e.g., mental health, alcohol and substance abuse and social services agencies) to improve health, improve health care and reduce costs. The Department of Health needs clear regulatory authority to apply these policies more broadly.

State and Local Cost:

To date, the development of the SHIN-NY and expansion of EHR adoption has been funded through a combination of federal and state funds distributed through grant programs, as well as private contributions from participating health plans and providers. Currently, over 170 hospitals and over 8200 primary care providers qualify for meaningful use incentives under Medicaid and Medicare. In addition, through HEAL NY funding, it is expected that over 7800 primary and specialty care providers will have adopted EHRs and be connected to the SHIN-NY by the end of 2013. Over 70% of hospitals in New York State participate in RHIOs, and over 50% of Federally Qualified Health Centers (FQHCs). In order to ensure that New York continues to reap the value of its health IT investments, it is critical to identify ongoing and sustainable funding for its key HIE infrastructure – the SHIN-NY.
Investment in the operation of the SHIN-NY will also generate a substantial return through the elimination of wasted expenditures and promoting better quality health care at a lower cost. Three studies conducted in Rochester by the Health Information Technology Evaluation Collaborative (HITEC), an academic research consortium with contracts with the State Department of Health to perform evaluation activities for the HEAL NY Program identified improved quality and reduction in duplicative testing and in readmission rates for a two year study period for events in 2009-2010. Use of the Rochester RHIO by five Emergency Departments (EDs) resulted in 6 averted admissions per 100 patients who came to the ED, resulting in $9 million projected savings annually across the adult community. Extrapolating the cost savings across the state would result in an annual savings of $52 million. During the same study period, image exchange use through the Rochester RHIO within 90 days following an initial imaging procedure reduced the probability of repeat imaging by 35%. Finally, use of the Rochester RHIO after hospital discharge resulted in a 55% reduction in readmission within 30 days. These highly significant findings with important financial implications further demonstrate the value of the SHIN-NY.
An 18-month study in the Buffalo region looked at the number of multiple CT scans ordered for the same body part, for the same patient, over a six-month period. During the period 2,763 CT scans were deemed to be potentially unnecessary, duplicative tests. 90% of the potentially duplicative tests were ordered by physicians who never or infrequently access the local health information exchange. By local calculations, that amounts to a potential additional cost of $1.3 million over a six-month period for one test in one region of the state.
Across the country, states have used similar studies to project the value of statewide HIE. Based on estimates of 85% provider and patient participation in its statewide HIE, Rhode Island forecasted an annual savings of $95 per person.1 In a similar study of fully operational statewide HIE in Maine that factored in the total operational costs, researchers projected significant, but more modest net savings of $35 per person per year.2
In addition to savings associated with reduction in unnecessary and duplicative testing, readmissions, and adverse drug events, participation in the SHIN-NY will also generate savings by minimizing the number of interfaces health care organizations need to access data. Currently, physician practices, hospitals, laboratories, public health agencies, and others must create and maintain costly and complex interfaces with every organization they wish to exchange data. In this point-to-point data exchange environment, a typical hospital with 10 interfaces can spend as much as $200,000 in one-time development fees, and $40,000 per year in maintenance fees.3 The SHIN-NY and its QEs, serving as utilities and consolidating services and interfaces, have been and will continue to reduce the per unit connectivity cost for all participants.
Finally, statewide adherence to the policies and procedures underpinning the SHIN-NY will create opportunities for common tool kits, education modules, and implementation guides that can be developed once and re-used across the state. This common framework will reduce the need for and expenses associated with the one-on-one negotiations, customized training, and costly work-arounds required to address local implementation variations in the current environment.
It is estimated that operating support for the State’s Health Information Exchange Network will require an annual commitment of approximately $70 million for technical operations, development, member services and statewide policy work. The Department wants to advance a state strategy and business plan that would make access to patient health information available to all providers, when and where it is needed. The cost of operating the SHIN-NY based on an annual budget of $70 million would be about $3.50/NY resident annually.
As part of the State’s 2014/15 budget (L. 2014, ch. 54), the SHIN-NY was appropriated $55 million via the Covered Lives Assessment (see Public Health Law 2807-t). Additionally, via an Implementation Advance Planning Document Update (IAPD-U) approved from the Centers for Medicare and Medicaid Services (CMS), matching funding for ongoing and planned health information exchange (HIE) projects and Federal Financial Participation (FFP) will provide approximately $31 million to be utilized to support the achievement of the goals and objectives established for the SHIN-NY.
While it is anticipated that State and Federal financial support will be required until the SHIN-NY reaches the critical mass of available data (estimated to be three years) to make it a tool that is critical to providing high-quality, cost effective patient care, a long term sustainability plan for the SHIN-NY is required as part of this regulation.
The state designated entity is responsible for implementing the key components of the state strategy and business plan specified by the Department which includes:
The state designated entity will also work to standardize the application programming interface (API) platform, which provides access to the SHIN-NY, and will provide new tools and products for clinicians and patients that conform to state policies. New York has a strong technology community with many resources that early stage companies can get access to in order to thrive. There is a tremendous opportunity to work with the emerging health technology industry to secure New York as the hub of health IT innovation.

Costs to Regulated Entities:
The proposed regulation will require that health care facilities defined in PHL Section 18 that utilize certified EHRs, connect to the SHIN-NY through a QE and allow private and secure bi-directional access to patient information by other QE participants authorized by law to access such patient information. In New York State there are 228 general hospitals, 1198 hospital extension clinics, 1239 diagnostic and treatment centers, and 635 nursing homes. There are also 139 certified home health agencies (CHHAs), 97 long term home health care programs (LTHHCP), 19 hospices and 1164 licensed home care services agencies (LHCSAs).
Average interface costs for hospitals are $75,000 while interface costs for physician practices vary but generally average $5000 – 10,000 per practice. Interface costs for other types of facilities, such as nursing homes, home care agencies and hospice would fall in between physician practices and hospitals, depending on the size and complexity. Some RHIOs have established this functionality for their participants, thereby reducing associated interface costs for their participants, which include physician practices. In other areas, health plans have absorbed the interface costs for their network providers because they see the value of having their physicians connected to the SHIN-NY. Only health care providers using certified EHR technology need to comply with these requirements. Currently, adoption of certified EHR technology for health care facilities outside of hospitals and FQHCs is low because they are not eligible to receive meaningful use incentive payments. This requirement, to connect a certified EHR to the SHIN-NY, may be waived for health care facilities that meet criteria established by the commissioner, such as economic hardship, technological limitations that are not reasonably in the control of the provider or other exceptional circumstances demonstrated by the provider to the department.
The Department will develop a fair process for health care providers to demonstrate that they meet waiver criteria and for the Department to give such providers a waiver or extension of time to connect to the SHIN-NY.
As described above, implemented as a “public good” model, minimum standardized baseline technical and administrative services will be made available to QE Participants, from the QE, at no charge to the participants.

Local Government Mandates:
The State Enterprise Health Information Exchange as part of the SHIN-NY is designed to streamline how providers interact with the many public health information systems that currently exist, to decrease reporting burdens, promote bidirectional information exchange, and advance public health priorities. Goals include:
The State Enterprise Health information Exchange is based on a common set of policy and technology standards that have informed the development of services to be used for bi-directional exchange of data between healthcare providers and public health entities. These standards have been developed through a Statewide Collaborative Process, which provides policy guidance on technology architecture, data transmission and privacy and security standards.4
Article 28 facilities operated by local governments will be required to comply with these regulations in the same manner as other Article 28 facilities. Should local health departments need to make expenditures to comply with the regulatory requirements, they have opportunities to request funding through Article 6 Local Assistance Grant Program, and possibly other sources.

Paperwork:
Entities that wish to become QEs will need to submit an application for review by DOH to determine if the criteria outlined in the regulation have been met as well as meeting other criteria as may be required under the QE certification process.

Duplication:
This regulation will not conflict with any state or federal rules.

Alternatives:
Because state funding for Health IT infrastructure was provided through the HEAL NY program, the State Department of Health believed the best way to facilitate a standardized process for this purpose was through a formal public private partnership. Our private partner, the New York eHealth Collaborative, through a contract with DOH, facilitated the statewide collaboration process of a governance and policy framework to allow health information sharing among disparate providers to improve quality, improve efficiency and reduce costs of health care on a statewide basis while ensuring the privacy and security of patient information.
Then Governor David A. Paterson designated the New York eHealth Collaborative as the state designated entity, and as such was able to receive federal funding for health information exchange activities. Based upon the state and federal funding, and the development of statewide policies through a statewide collaboration process, the logical next step was to develop regulations based on this framework. Since health IT is quickly evolving and the marketplace is rapidly changing with regard to new tools and services available, the implementation of regulations before now would have required amendments based on current knowledge.
To ensure full participation and stakeholder input to the proposed regulations and documents incorporated by reference, a series of summits and input opportunities were incorporated into the development process.
In January of 2013 a summit of stakeholders, which included RHIO Executive Directors, Members of RHIO Board of Directors, the Board of Directors of the New York eHealth Collaborative, representatives for NYS DOH, NYC DOHMH and other stakeholders was conducted. The goal of the session was to establish the roles and responsibilities of Qualified Entities. Subsequent to the summit, a series of workgroups were launched to further define requirements and responsibilities.
Follow-up summits were held in May and September. These summits, attended by a similar list of stakeholders and participants, were specifically held to address issues associated with Statewide Health Information Network of New York (SHIN-NY) governance, barriers to provider adoption and establishing of minimal technical service requirements.
Throughout the evolution of the regulatory package, the Policy Committee and the Business and Operations Committee of the New York eHealth Collaborative’s Board of Directors were actively engaged in recommending policies and operational requirements for the SHIN-NY. Simultaneously workgroups were convened to develop recommendations associated with member-facing services, to further define minimum technical requirements, address issues of insurance, participation agreements and indemnification.
As the various components of the regulatory package were developed, they were forwarded to and formally reviewed and approved by the NYeC Board of Directors. Items were forwarded to the Department of Health who is ultimately responsible for review, approval and implementation.
On August 29, 2013, a draft regulatory package was distributed to a broader stakeholder community with a blank “comment matrix.” This resulted in over 500 comments being received for review and disposition. DOH, working in conjunction with NYeC, reviewed all input received and incorporated as appropriate. Larger issues, such as governance, adoption and dial-tone services were taken to the larger group summit in September 2013.
On September 4, 2013 a webinar was held to review the components of the DRAFT Regulatory Package and the documents incorporated by reference and to answer questions. This was repeated on September 10, 2013. Over 150 stakeholders participated in these webinars.
Draft regulatory documents were reviewed as part of in person meetings with the Business and Operations Committee and via webinars that were open on a statewide basis to stakeholders that would be potentially affected by the regulation. While associations had the opportunity to comment throughout the process, smaller group meetings were held directly with representatives from GNYHA, HANYS, MSSNY, ACP and NYSAFP. These associations presented comments and concerns that they had solicited from their membership.
A revised DRAFT Regulatory Package was distributed on October 29, 2013 reflecting edits and addressing many concerns raised by those reviewing the documents and submitting comments.
On November 14, 2013, subsequent to a second round of comments (n=180) a third version of regulatory package was distributed. It is that version which is currently being recommended to be advanced into the SAPA process.
Participants in the development and/or review of the SHIN-NY Regulatory package include over 200 individuals and associations (who brought with them comments from their constituents).
While other states have different models for health information exchange, and NY considered the approaches and models used in other states through its statewide collaborative process, based on the size, complexity and diversity of New York and the resources that were available, the State Department of Health determined that the current model was the best approach. The State Department of Health shall convene and consider the recommendations of the workgroup established by Public Health Law 206(18-a)(b), and if the State Department of Health acts in a manner inconsistent with the recommendations of the workgroup, it shall provide the reasons therefor.

Federal Standards:
This rule aligns with current federal laws and regulations governing the adoption of interoperable exchange of health information and meaningful use requirements under the HITECH provisions of ARRA. State laws regarding the disclosure of personal health information to health care providers are more stringent than the federal standards for HIPAA.

Compliance Schedule:
Since RHIOs or QEs are largely operational in NYS and the majority of hospitals and federally qualified health centers are already participants, and the number of physician practices participating continues to grow and the infrastructure for the SHIN-NY is already in development, the estimated time period needed for regulated persons or entities to achieve compliance with the rule is two years from the time the rule becomes effective.

Contact Person: Katherine Ceroalo
New York State Department of Health
Bureau of House Counsel, Regulatory Affairs Unit
Corning Tower Building, Rm. 2438
Empire State Plaza
Albany, New York 12237
(518) 473-7488
(518) 473-2019 (FAX) 1 Boston Consulting Group. Rhode Island Quality Institute Business case for Health Information Exchange. December 5, 2009.
2 Center for Health Policy and Research. The Impact of Electronic Health Information Exchange (HIE) Services in Maine: Avoidable Service and Productivity Savings Estimates Related to HealthInfoNet Services. November 2008.
3 Delaware Health Information Network. Final Report: Delaware Health Information Network Evaluation Analysis. August 2011.
4 Policies related to interoperable health information exchange via the Statewide Health Information Network for New York (“SHIN-NY”) are available at: http://www.nyehealth.org/index.php/resources/nys-policies
REGULATORY FLEXIBILITY ANALYSIS
FOR SMALL BUSINESSES AND LOCAL GOVERNMENTS


The proposed rule will not have a substantial adverse impact on small businesses or local governments. Small businesses such as physician practices, that are not regulated by the Department, that adopt certified electronic record technology in order to qualify for meaningful use incentives, would not be required to exchange patient health information among disparate providers to facilitate care coordination and appropriate follow up. Although this exchange is encouraged, it is strictly optional for the group of practitioners. However, connection to the SHIN-NY will in fact facilitate these providers achievement of meaningful use requirements and eligibility to receive either Medicaid or Medicare Meaningful Use incentive payments. For local government agencies that report information to the state, the use of the SHIN-NY would be beneficial from an efficiency and cost perspective. Additionally, accessing the SHIN-NY to perform required local health department surveillance and case investigation activities has actually been documented to result in increased efficiency and decreased costs for the local health department.

Cure Period:

Chapter 524 of the Laws of 2011 requires agencies to include a “cure period” or other opportunity for ameliorative action to prevent the imposition of penalties on the party or parties subject to enforcement when developing a regulation or explain in the Regulatory Flexibility Analysis why one was not included. This regulation creates no new penalty or sanction. Hence, a cure period is not required.
RURAL AREA FLEXIBILITY ANALYSIS


The proposed rule will not have a direct adverse impact on rural areas. Operation of the SHIN-NY and expanded use of certified EHR technology should improve health care, increase efficiency, reduce duplicative testing and reduce overall costs for underserved populations in the state, including rural areas.

JOB IMPACT STATEMENT

The proposed rule should not have any adverse impact on jobs and employment opportunities, but in fact have the reverse effect. The development and operation of the SHIN-NY will most likely result in opportunities for the development of new applications of health IT tools and services, such as the Accelerator Program launched by the New York eHealth Collaborative to support Medicaid Health Homes, and may result in new health IT jobs in New York State. It has been estimated that the SHIN-NY, and related initiatives that use the data from the SHIN-NY has the potential to create 1,500 health technology jobs across New York State over the next five years.