MHNConnect Policies and Procedures
Note: Capitalized terms have the meanings set forth in the Definitions Section.
A. MHN and the MHNConnect Portal
Medical Home Network (“MHN”) operates the MHNConnect Portal (the “MHNConnect Portal” or “MHNConnect”) as a Business Associate on behalf of one or more Covered Entities or upstream Business Associates.
B. Clinical Decisions
The MHNConnect Portal is a tool by which to (i) collect and aggregate Data received on behalf of Covered Entities from Portal Participants and other Data Suppliers and (ii) make Data available for Portal Participants and their Authorized Users for Permitted Purposes.
The MHNConnect Portal is not intended to, and cannot, provide a medical record or a complete medical history of any patient. However, all Portal Participants should consider the extent to which information in MHNConnect may qualify as part the Portal Participants’ Legal Health Record or Designated Record Set. For additional information on how to make this determination, please see Appendix 1.
MHNConnect is not intended to, and cannot, make clinical or other decisions. The MHNConnect Portal is not a substitute for Authorized Users’ consultation with patients and other health care providers or for Authorized Users’ exercise of their professional judgment.
C. Portal Participants
Portal Participants may access and use, and may authorize appropriate individuals to access and use, the MHNConnect Portal in accordance with their Portal Participation Agreement and these MHNConnect Policies and Procedures.
Portal Participants are responsible for ensuring that their Authorized Users learn and comply with the MHNConnect Policies and Procedures in accessing and using the MHNConnect Portal.
D. Data Access
Each Portal Participant and each of their Authorized Users will access Data available through the MHNConnect Portal only for Permitted Purposes, as allowed by the Portal Participation Agreement, the MHNConnect Policies and Procedures, HIPAA-HITECH and other applicable laws.
E. Data Protection
Each Portal Participant, each Authorized User and MHN will maintain the privacy and security of Data available through MHNConnect in accordance with the requirements and specifications of the applicable Portal Participation Agreement, the MHNConnect Policies and Procedures, HIPAA-HITECH and other applicable laws.
F. Data Content
MHNConnect contains Protected Health Information, as well as software code, intellectual property and other content licensed from third parties. Data stored by and available through MHNConnect will exclude information with respect to substance abuse, and other sensitive conditions subject to additional privacy protections to the extent required by law, the applicable Portal Participation Agreement, and individual consent documentation.
G. Content Ownership
All rights, title and interest in and to MHNConnect, including the content and all intellectual property rights, including all copyright, trademark, patent and trade secret rights therein (the “Content”) shall remain with MHN and/or MHN’s licensees, licensors and vendors; no ownership interest is transferred to Portal Participants, Authorized Users, or any other entity by virtue of making the Content available in the MHNConnect Portal.
H. MHNConnect Policies and Procedures
MHN adopts these MHNConnect Policies and the following MHNConnect Procedures to govern (i) the furnishing of Data to MHNConnect by Portal Participants and other Data Suppliers and (ii) the access to and use of MHNConnect by Portal Participants and their Authorized Users.
By using MHNConnect, you agree to comply with the policies and procedures set forth herein. We may change these policies and procedures from time to time as MHN deems necessary or appropriate for the compliant operation of the MHNConnect Portal. MHN will provide Portal Participants appropriate notice of changes in the MHNConnect Policies and Procedures, and such changes will be posted on the MHNConnect Portal. It is your responsibility to review these policies and procedures, and by continuing to use MHNConnect, you consent to any changes to our policies and procedures.
Note: Capitalized terms have the meanings set forth in the Definitions Section.
2. MHNConnect Features and Functionalities.
MHNConnect allows Portal Participants and their Authorized Users to gain access to the following functionalities through a single sign-on, web-based application.
Each organization must confirm that Sites meet the software and hardware requirements to enable Authorized Users to access and use the MHNConnect Portal. The software and hardware requirements are attached as Appendix 2.
—Used the MHNConnect Portal for an unlawful purpose or activity;
—Used the MHNConnect Portal to infringe or facilitate the infringement of any copyright, patent or other intellectual property right;
—Violated the MHNConnect Policies and Procedures;
—Used the MHNConnect Portal in a manner causing or creating a material risk of harm to the MHNConnect Portal, MHN or its subcontractors, a Portal Participant, another Authorized User, an individual or any other third party;
—Provided materially false information for purposes of being authenticated, authorized or identified as an Authorized User;
—Been charged with, convicted of or disciplined for committing identity theft or violating any information privacy or information security law; or
—Been excluded from participation in Medicaid, Medicare or any other government health program.
MHN will notify the Authorized Site Manager and carbon copy executive leadership in writing of the termination resulting from abuse of the Authorized User’s access to and use of the MHNConnect Portal prior to effecting the termination. The written notice will specify the terms of and the reason for the termination.The following capitalized terms used in the MHNConnect Policies and Procedures have these meanings:
Account Manager(s) collectively designated the "MHNConnect Support Team," means an individual, or group of MHN employees, designated by MHN who (i) manages set-up of and onsite training for Portal Participants, their Authorized Account Managers and Authorized Users, (ii) organizes and participates in clinical implementation planning and meetings, and (iii) provides Level 2 Support (pursuant to Article II, Section 8.2 of the MHNConnect Procedures) to Authorized Site Managers and Authorized Users.
Ancillary Provider means any provider of therapeutic, diagnostic or custodial services, including but not limited to: clinical laboratories, diagnostic laboratories, pharmacies, renal dialysis facilities, skilled nursing facilities, long-term care facilities, home health agencies, and physical, speech and occupational therapists.
Authorized Device means a device that has been approved by the authorizing Portal Participant for use by the Portal Participant’s Authorized Users to access and use the MHNConnect Portal.
Authorized Site Manager means the Authorized User, designated by a Portal Participant’s leadership, who has the following responsibilities for a designated Site: (i) managing the clinical staff implementation team and activities; (ii) participating in clinical implementation planning and meetings; and (iii) identifying, assigning, training and providing Level 1 Support (as described in Article II, Section 8.1 of the MHNConnect Procedures) to the Authorized Users at the Site.
Authorized User means an individual identified, authenticated and authorized by a Portal Participant to access and use the MHNConnect Portal for a Permitted Purpose in accordance with the User Access Level assigned to that Authorized User. “Authorized User” may include a Portal Participant’s employee, workforce member, or a credentialed member of Portal Participant’s medical staff.
Business Associate has the meaning ascribed to that term by 45 C.F.R. § 160.103.
Care Management Entity offers a centralized vehicle for coordinating the full array of needs for children, adolescents and adults with complex health or behavioral health issues.
Covered Entity has the meaning ascribed to that term by 45 C.F.R. § 160.103.
Data means information, including Protected Health Information furnished by a Data Supplier to MHNConnect for a Permitted Purpose.
Data Recipient means a Portal Participant and the Authorized Users of a Portal Participant that may access Data through the MHNConnect Portal for a Permitted Purpose.
Data Supplier is a Portal Participant, the Authorized Users of a Portal Participant, or a vendor acting on behalf of a Portal Participant that furnishes Data for the MHNConnect Portal for a Permitted Purpose.
Federally Qualified Health Center or FQHC means a health center that meets the requirements of 89 IL Admin Code 140.461(d).
Health Care Provider has the meaning ascribed to that term by 45 C.F.R. § 160.103.
Health Plan has the meaning ascribed to that term by 45 C.F.R. § 160.103.
HIPAA-HITECH means the Health Insurance Portability and Accountability Act of 1996, as amended, including the federal privacy regulations and security regulations promulgated pursuant to the Act and codified at 45 C.F.R. parts 160 and 164 and the Health Information Technology for Economic and Clinical Health Act provisions of Title XIII of the American Recovery and Reinvestment Act of 2009, Pub. Law No. 111-5 and its implementing regulations at 45 C.F.R. parts 160 and 164, as amended at 78 Fed. Reg. 5566
(Jan. 25, 2013).
Hospital Connect User means an Authorized User with rights to access Data relating to individuals receiving treatment services at a Portal Participant hospital.
Medical Home refers to a Portal Participant that is also the Primary Care Health Care Provider designated by the Health Plan or selected by the individual to direct the delivery of effective, coordinated health care services for an individual. Some Medical Homes are FQHCs.
Multi-Factor Authentication (MFA) is a security system that requires more than one method of authentication from independent categories of credentials to verify the user’s identity for a login or other transaction.
Clinic Connect User means a primary care Authorized User with rights to access Data relating only to individuals assigned to a specific Medical Home.
Permitted Purpose is a purpose consistent with 45 C.F.R. § 164.506 and means (i) treatment (as defined by 45 C.F.R. § 164.501) of an individual, or (ii) the health care operations of care coordination, case management or population-based activities to improve health or reduce health care costs (as specified in 45 C.F.R. § 164.501 (health care operations ¶ 1)) with respect to individuals.
Portal Participant refers to a Health Plan, Health Care Provider (or a third party vendor acting on behalf of a Health Plan or Health Care Provider) that has entered into a contractual agreement with MHN (a "Portal Participation Agreement") regarding the terms and conditions for using the MHNConnect Portal.
Primary Care Health Care Provider or PCP means a Health Care Provider, who within the provider's scope of practice and in accordance with State certification requirements or State licensure requirements, is responsible for providing all preventive and primary care services to assigned patients. PCPs include FQHCs.
Protected Health Information or PHI has the meaning ascribed to that term by 45 C.F.R. § 160.103 and is PHI that MHN receives, stores and transmits for or on behalf of one or more Covered Entities. “Protected Health Information” or "PHI" shall also include PHI maintained in electronic media, or "ePHI".
Referral means a process used by Health Care Providers to arrange or communicate information regarding health care services provided or to be provided to an individual.
Site means a health care facility, hospital, clinic or office operated by a Portal Participant Health Care Provider to deliver health care services to individuals.
User Access Level refers to the permissions granted to an Authorized User to access and use various features and functionalities of the MHNConnect Portal. User Access Levels are determined by a variety of factors, including (a) the type of health care services delivered by the Portal Participant, and (b) the access authorized by the Portal Participant’s CEO or Authorized Site Manager in accordance with these MHNConnect P&Ps, and HIPAA-HITECH. User Access Levels are verified and implemented by an Account Manager.
Set and the Legal Health Record What is the difference between the designated record set and the legal health record?
Legal Health Record: In the simplest terms, the legal health record contains information about an individual used by providers to make decisions about treatment, to document treatment and services provided to that individual, and as support for reimbursement requests related to the treatment and services.
Designated Record Set: The designated record set is defined by HIPAA. The designated record set includes the legal health record plus:
Records include any item, collection, or grouping of information that includes PHI.
The legal health record is the provider’s official business record related to its treatment of a patient. It is the record that a provider would produce in response to a subpoena.
A designated record set is used primarily by covered entities or their business associates to respond to an individual’s request for access to or amendment of their PHI under HIPAA.
Parts of a legal health record or a designated record set may be found in multiple locations. It would not be unusual for these records to be located on more than one of a provider or health plan’s systems or in both paper and electronic form. In addition, a business associate (like Medical Home Network) may hold certain parts of a designated record set or legal health record.
Organizations must determine all locations in which they keep parts of a legal health record and define the legal health record in a policy. Both providers and their business associates must determine what information each has that would be part of a designated record set or legal health record.
How do I know what information belongs in a designated record set or a legal health record?
The legal health record is a subset of the designated record set. Legal health records generally only include information a provider used in making health care decisions (treatment, services).
The designated record set includes all items that are part of the legal health record plus any information related to or used for claims payment and adjudication, or enrollment and coverage decisions regarding individuals.
Clinical records (history and physical, orders, lab reports (including from external or contract labs), assessments, consents and authorizations, and other kinds of clinical records as well as source clinical data (x-rays, images, fetal strips) are part of the legal health record. The legal health record may also include eligibility determinations and claims related information if that information is used to make decisions about, or to provide treatment or services. In addition, clinical support decision tools (like ADT alerts) may be part of the legal health record if they are relied by a provider to make medical treatment or service decisions.
External medical records of another provider’s treatment of an individual, or an individual’s personal health record (PHR) are not part of the legal health record unless the provider uses the information in the external record or PHR to make treatment or service decisions. However, external medical records are part of the designated record set.
Audit information, committee minutes, peer review data, research data, birth and death registers quality assurance, statistical data, eta data, and other similar information are not part of either the legal health record or the designated record set. Business associate records that are duplicates of covered entity records are not part of the designated record set.
Technical Requirements for PCs, Tablets and Mobile Devices:
Minimum Recommended PC Configurations | ||
---|---|---|
| Desktop | Laptop |
Clock rate | 1.0 GHz or faster | 2.0 GHz or faster |
RAM | at least 2 GB | at least 4 GB |
Hard disk | at least 100 GB | at least 120 GB |
Graphics Card | On board or Discrete | On board or Discrete |
OS | Windows 7 (or better) | Windows 7 (or better) |
Ethernet Cards | 10/100/1000 Mbps Ethernet | 10/100/1000 Mbps Ethernet |
Wireless Cards | Optional | 802.11g/b/n Wireless, WPA2/802.11x Compatible |
Minimum Recommended Macintosh Configurations | ||
---|---|---|
| Desktop | Laptop |
Model | iMac, Mac Pro, or Mac mini | MacBook, MacBook Pro, or MacBook Air |
Processor | Intel Core 2 or better | Intel Core i5 or better |
RAM | at least 2 GB | at least 4 GB |
Hard disk | at least 100 GB | at least 120 GB |
Op Sys | Mac OSX 10.8 (High Sierra) or higher | Mac OSX 10.13 (High Sierra) or higher |
Ethernet | 10/100/1000 Mbps Ethernet | 10/100/1000 Mbps Ethernet |
Wireless | Airport card, or any 802.11b/g/n compatible wireless card, WPA2/802.11x compatible (Optional) | Airport card, or any 802.11b/g/n compatible wireless card, WPA2/802.11x compatible |
Supported Desktop browser version by type: