NC HIEA October 2023 Update

New Legislation Impacts Chiropractors' Connections, Best Practices for Data Security, Understanding the Minor Opt-Out Process

Author: Jessica Hagins

Legislative Changes Impact Who Is Required to Connect to NC HealthConnex

The North Carolina Regulatory Reform Act became law (N.C.S.L. § 2023-137) in early October 2023. This law contains updates pertaining to the N.C. Health Information Exchange Authority, which oversees and manages the state-designated health information exchange, NC HealthConnex.

The new law has expanded the list of providers who are no longer required to connect to NC HealthConnex to include chiropractors.

The HIE Act (N.C.G.S. § 90-414.4) requires that those providers who receive state funds, such as Medicaid and the State Health Plan, for the provision of health care services must initiate a connection to send data to NC HealthConnex. Previously, certain provider types were exempted from the mandatory requirement to connect and send data by N.C.S.L. § 2019-23.

The following is an expanded list of provider types that have the option to connect on a voluntary basis:

  1. Community-based long-term services and supports providers, including personal care services, private duty nursing, home health, and hospice care providers.
  2. Intellectual and developmental disability services and supports providers, such as day supports and supported living providers.
  3. Community Alternatives Program waiver services (including CAP/DA, CAP/C, and Innovations) providers.
  4. Eye and vision services providers.
  5. Speech, language, and hearing services providers.
  6. Occupational and physical therapy providers.
  7. Durable medical equipment providers.
  8. Nonemergency medical transportation service providers.
  9. Ambulance (emergency medical transportation service) providers.
  10. Local education agencies and school-based health providers.
  11. Chiropractors licensed under Article 8 of this Chapter.

If you are no longer required to connect but submitted a Submission Only Agreement:

  • The NC HIEA will reach out to you about terminating or replacing your agreement soon.
  • If your organization would like to voluntarily participate in NC HealthConnex in order to view patient records or utilize the NC HealthConnex value‐added features, your organization can complete a Full Participation Agreement, which is available at nchealthconnex.gov.

If you are no longer required to connect but have already submitted a Full Participation Agreement:

  • You have the option to continue your relationship as an NC HealthConnex participant. No action is necessary at this time if you plan to remain a full participant of NC HealthConnex.
  • If you do not want to submit data to NC HealthConnex or access patient data, please send an email to HIEA@nc.gov to terminate your agreement or request that it not be processed. This will end your relationship with the NC HIEA and NC HealthConnex.
  • As a reminder, anyone with a Full Participation Agreement has access to our Suite of Services, regardless of your organization's connection status.

For more information about the benefits of participating in NC HealthConnex, visit our website or sign up for the next How to Connect Call that is hosted the last Monday of each month at noon.

Providers with questions may contact the NC HIEA at 919-754-6912 or hiea@nc.gov or see the FAQ section regarding connection exemptions for chiropractors on our website.

 

Cybersecurity Awareness Month Highlights Importance of Security for Health Care Professionals

October is Cybersecurity Awareness Month, an annual initiative that promotes the importance of good online security practices and the need for appropriate cyber defense tactics. 

The N.C. Department of Information Technology, along with other state, local and federal agencies, works to protect the state’s government IT systems and data against cyberthreats. 

The NC HIEA maintains a high standard of privacy and security for the exchange of protected health information (PHI) over NC HealthConnex. You can read more about our privacy and security policies on our website.

The theme of this year’s cybersecurity observance is “Secure Our World,” with a focus on four simple ways to be safe. 

  • Recognize and report phishing. Avoid clicking links or opening attachments in suspicious messages. If there is any doubt, check with the sender first. You can see if a North Carolina state government website, such as the NC HIEA’s site, is legitimate by looking for the “s” after “http” in the website address and “nc.gov” as the domain. An email from the NC HIEA will also have the nc.gov extension.
  1. A screenshot of two people

Description automatically generated with low confidence
  • Use strong passwords and a password manager. All passwords should be long, complex and unique. Never reuse passwords; use password managers to generate and store strong passwords. Make sure you have a strong password to login to the Provider Clinical Portal. You can reset your password by contacting the SAS help desk at HIESupport@sas.com or 919-531-2700 or by following this password reset link.
  • Turn on MFA (multi-factor authentication). It requires you to enter more information than just a password, such as a text code or fingerprint. Your EHR may have MFA setup before you login. If you have access to public health dashboards, such as the NC Stroke Registry, by using your NCID, you may use MFA by sending a code to your phone through a call or text message.
  • Update software. Make sure your devices are running the latest version of operating systems, software and web browsers.

Follow NCDIT’s cybersecurity tips and best practices on social media using #SecureOurWorld and #CyberSecureNC. More information about online safety is posted at it.nc.gov/CyberSecureNC.

 

Understanding and Educating Patients on the Minor Opt-Out Process

October is National Children’s Health Month. The NC HIEA is proud to help pediatric health care providers with access to a complete picture of their patients’ health.

Under North Carolina law (N.C.G.S. § 90-21.5), if a patient is under 18, they may receive medical services for prevention, diagnosis and treatment of certain conditions without requiring permission from a parent or guardian. These include certain contagious diseases, venereal diseases or STDs, family planning/pregnancy, emotional issues and drug or alcohol use.

To allow a minor to exercise their right to protect these services from being shared among providers, the NC HIEA, in collaboration with our vendor partner SAS Institute, NC Department of Health and Human Services and the local health department pilot participants, have developed a Minor Opt-Out process.

Importantly, the Minor Opt-Out Process is encounter-based. That means each time a minor patient seeks to exercise their opt-out right for treatment records related to care provided under N.C. Gen. Stat. § 90-21.5, they must complete the Minor Opt-Out Form.

To participate, the health care provider’s facility must first enroll in the NC HealthConnex Minor Opt-Out solution by emailing the NC HIEA at hiea@nc.gov. After the implementation has been tested and approved, a provider can begin assisting their minor patients with completing the appropriate form or forms and submit them on the patient’s behalf.

Keep in mind the following about submitting Minor Opt-Out forms:

  • Obtaining a Minor Opt-Out form from the minor patient during their visit does not require permission from a parent or guardian.
  • The Minor Opt-Out solution is for a date-specific encounter only and only applicable when a confidential treatment is provided, such as for some contagious diseases, family planning/pregnancy, emotional issues, and drug or alcohol use.
  • The provider should send the patient’s Minor Opt-Out form to the NC HIEA via Direct Secure Messaging (DSM) within two days of the encounter. Minor data will be withheld from NC HealthConnex for six calendar days in order to account for processing time in receipt of the Minor Opt-Out form. 
  • If the completed Minor Opt-Out form is received via DSM during the six-day window, no data associated with that encounter will be sent to the health information exchange platform. If the provider does not timely relay the Minor Opt-Out form to the NC HIEA via DSM, then the minor’s data from that encounter will be released in the health information exchange platform and be viewable upon a patient search.
  • North Carolina law requires providers to notify their parent or legal guardian if they determine information is essential to their well-being.
  • Once a patient turns 18, they may exercise their statutory right to opt out of NC HealthConnex using the Standard Opt-Out form.

If you have any questions or would like to enroll in the Minor Opt-Out solution, contact the NC HIEA at hiea@nc.gov. You can read more details on our website.

 

Employee Spotlight

Debbie Knight

Grant Administrator

Debbie joined the NC HIEA team in August 2023 as the grant administrator. She provides administrative support to the team and researches and administers grants. She also acts as the main liaison for the NC HIEA Advisory Board.

Debbie previously worked for the City of Raleigh for over 30 years and retired from that position. Her last 10 years there she served as the grant administrator for the Raleigh Fire Department. She lives in Wendell with her dog and seven cats and has three children and two grandchildren. In her free time, she likes to enjoy time with friends and family at Carolina Beach.

 

 

 

 

Connex Kudos:

“The NC Division State Operated Healthcare Facilities Central Regional Hospital Electronic Health Record Team has been working closely with many representatives from the NC HIEA and their SAS partners since 2018. In those five years, they have been excellent development and support partners. Whether the activity is development, testing, quality assurance, patient record matching or bi-directional interface support, we consistently find every representative of the NC HIEA to be very responsive, consummate professionals and a pleasure to work with!”

            - Marci Keiser, EHR Program Director;  Matthew M. King, Chief Medical Information Officer

 

Upcoming Events:

  • Teletown Hall: Quarter 4 – Wednesday, November 15, 2023 – 12 p.m. to 1 p.m. Register here.
  • How to Connect Call – Monday, November 27, 2023 – 12 p.m. to 1 p.m. Register here.
  • Advisory Board Meeting – Thursday, December 7, 2023 – 2 p.m. to 5 p.m. Register here.
  • Office Hours Webinar – Wednesday, December 13, 2023 – 12 p.m. to 1 p.m. Register here.

 

 

In The News:

How a Behavioral Health Center Uses HIE to Drive Patient-Centered Care – Connecting to an HIE has helped a behavioral health center in Connecticut drive patient-centered care through real-time alerts and streamlined data access.

Whole Person Care and Data Interoperability Drivers – Social determinants of health contribute disproportionate risks for disease, hospital readmissions and lack of access to quality health care among vulnerable populations, including those on Medicare.

FDA Launches New Digital Health Advisory Committee – The agency seeks to draw on outside expertise to "ensure we appropriately apply our regulatory authority in a way that protects patient health while continuing to support innovation," says the director of its Center for Devices and Radiological Health.

Lessons Learned from a Hospital’s Closure Due to Ransomware Attack – Rural health care systems already face budgeting and staffing concerns. Cybersecurity is a major area where they need stronger support.

Recovering from a Cybersecurity Attack and Protecting the Future in Small, Rural Health Organizations – Small and rural health care providers, which often cannot afford the expansive information technology (IT) teams of larger facilities, are especially vulnerable to cybersecurity attacks.

Read more cybersecurity news and tips in the N.C. Department of Information Technology's Enterprise Security and Risk Management Office's August Cybersecurity newsletter.

Find more cybersecurity and risk management resources from the N.C. Department of Information Technology.