General FAQs About NC HealthConnex What is a health information exchange? A health information exchange is a secure electronic network that gives authorized health care providers the ability to access and share patient information across a statewide information network. It improves health care quality, enhances patient safety, improves health outcomes and reduces overall health care costs by making health information available to participating health care providers. What is the N.C. Health Information Exchange Authority? The North Carolina General Assembly created the N.C. Health Information Exchange Authority to oversee and administer the state-designated health information exchange (NCGS § 90-414.7). NC HIEA receives input and advice from its Advisory Board, which consists of patients, hospital personnel, physicians, technology experts, public health officials and other key stakeholders to continuously improve the health information exchange network, now called NC HealthConnex, and to move toward more efficient and effective care. What is NC HealthConnex? NC HealthConnex is a secure electronic network that facilitates conversations between health care providers, allowing them to access and share health-related information across the state. Created by the North Carolina General Assembly (NCGS § 90-414.1 et seq.), NC HealthConnex is the state-designated health information exchange. It is managed by the N.C. Health Information Exchange Authority, housed within the N.C. Department of Information Technology. What is the HIE Act and the state’s requirements for connectivity? The Statewide Health Information Exchange Act is found in Article 29B of Chapter 90 of North Carolina's general statutes. It established the N.C. Health Information Exchange Authority within the N.C. Department of Information Technology in 2015. The purpose of the HIE Act is to improve the quality of health care delivery within the state by facilitating and regulating the use of a voluntary, statewide health information exchange network for the secure electronic transmission of individually identifiable health information among health care providers, health plans and health care clearinghouses in a manner consistent with the Health Insurance Portability and Accountability Act, Privacy Rule and Security Rule, 45 C.F.R. §§ 160, 164. What is the purpose of the HIE Act’s requirement to submit patient clinical and demographic data? The North Carolina General Assembly enacted the Medicaid Transformation Act in 2015 to transition the state's Medicaid program from a fee-for-service model into a value-based managed care model (N.C. Session Law 2015-245). Value-based managed care requires that program administrators be given access to patients’ clinical information in addition to medical claims data to align payments to patient outcomes, coordinate care across disparate provider settings and reduce duplication of services across the health care continuum (N.C. Session Law 2015-245). Seeing an opportunity to expand the utility of the state's Health Information Exchange Network and to support the rollout of Medicaid transformation, the General Assembly included a requirement in the HIE Act that all Medicaid providers and all other entities that receive state funds for the provision of health services, including local management entities and managed care organizations, submit demographic and clinical information pertaining to services rendered to Medicaid and other state-funded health care program beneficiaries and paid for with Medicaid or other state health care funds to the network by February 1 or June 1, 2018 (N.C. Session Law 2015-241 Sections 12A.5.(a)-(d)). The HIE Act has since been updated to amend the deadlines, clarify which entities must submit data to NC HealthConnex and specify what type of data, clinical or claims, is required to be submitted (N.C. Session Law 2017-57 Section 11A.5.(a) through (i); N.C. Session Law 2018-41 Section 9(a)). In sum, the HIE Act provides for the mandated submission of clinical and demographic data from health care providers, but it also allows for the voluntary exchange of patient data if providers choose to send clinical and demographic data pertaining to services paid for with non-state funds. Who is required to connect to NC HealthConnex? All health care providers who receive state funds (e.g., Medicaid, NC Health Choice and State Health Plan) for the provision of health care services must connect to NC HealthConnex to continue to receive payments for services provided, with the exception of voluntary provider groups outlined in House Bill 70 (N.C. Session Law 2019-23). In response to the COVID-19 pandemic, the COVID-19 Recovery Act (NCSL 2020-3) extended the deadlines for certain provider groups. Specifically: Hospitals, physicians, physician assistants and nurse practitioners who provide Medicaid services and who have an electronic health record system should have connected by June 1, 2018. Providers in this group who have received an extension will have until October 1, 2021, to connect and submit data. All other health care providers who receive state funds for the provision of health care services have until October 1, 2021, to connect and submit data. Local management entities/managed care organizations are required to submit encounter and claims data by October 1, 2021. Ambulatory surgical centers, dentists, licensed physicians whose primary area of practice is psychiatry, and the State Laboratory of Public Health operated by the Department of Health and Human Services must submit demographic and clinical data by June 1, 2021. Pharmacies and state health care facilities operating under the jurisdiction of the secretary of the N.C. Department of Health and Human Services must submit claims data by June 1, 2021. Providers who do not receive state funding for the provision of health care services may also connect to the N.C. Health Information Exchange Authority on a voluntary basis to support whole-person care. Additionally, NCSL 2019-23 provides that some providers are no longer required to connect to the health information exchange but may do so on a voluntary basis. For a complete list of voluntary providers, see section 90-414.4 (e). How does a health care provider connect to NC HealthConnex? The first step is to review and sign the participation agreement, which is the contract that governs the data sharing between the health care provider and the N.C. Health Information Exchange Authority. This agreement can be found on our website with instructions for completion. For more information, visit our How to Connect page. Interested providers may also join a monthly “How to Connect Call” scheduled for noon on the last Monday of each month. The second step is to have the required technology in place. The NC HIEA participation agreement requires that electronic health records be minimally capable of sending HL7 messages, version 2 and higher. EHR products that are ONC-certified for meaningful use for Centers for Medicare & Medicaid Services Incentive Programs can usually connect more easily to NC HealthConnex. NC HIEA has also created technology specification and data targets. This document can also be used to ensure that your EHR vendor can meet our technology standards. Providers who are planning to install and use an electronic health record system (EHR/EMR) in their practice should expect the process to last on average 12 to 18 months, as follows: Six to nine months for procurement Three to six months for implementation and training Three to four months for onboarding to NC HealthConnex How does a health care provider meet the "connected" requirement? A health care provider is considered “connected” when its clinical and demographic information pertaining to services paid for by Medicaid and other state health care funds are sent daily to NC HealthConnex. This transmission of information may be through a direct connection to NC HealthConnex or through an indirect connection, such as through another heath information exchange, electronic health records vendor or a similar affiliate. Participation agreements must provide details of indirect connections through other entities, such as Mission Health’s heath information exchange. Does HIPAA allow health care providers to submit data beyond the state’s requirements in the HIE Act? The Health Insurance Portability and Accountability Act and the U.S. Department of Health and Human Services contemplate such exchange of health information. Health care providers and other covered entities are permitted to voluntarily share patient data with business associates, including health information organizations such as NC HealthConnex. See the definition of “business associate” in 45 C.F.R. § 160.103, which includes health information organizations; also see 45 C.F.R. § 164.502(a);(e)(1). HIPAA also recognizes that the disclosure of protected health information may be required by law and does not limit what amount of data should be exchanged in that circumstance (45 C.F.R. § 164.512 and 164.502(b)(2)(v)). In addition, if disclosure of protected health information is required by law, providers do not have to seek authorization from the patient before making such a disclosure (45 C.F.R. § 164.512). Furthermore, covered entities may seek but are not required to obtain patient consent for disclosures made for the purposes of treatment, payment and health care operations unless an exception applies (45 C.F.R. § 164.506).