Patient Privacy & Awareness

Patient Privacy & Awareness

Privacy and security is the foundation of a trusted health information exchange (HIE) and educating patients on their rights related to how CRISP shares protected health information is critically important. At CRISP, we follow all State, District, and Federal laws to protect patient privacy and consider the privacy and security protections outlined by the law to be minimum standards. In-fact, many of our policies go above and beyond what is required by law.

Patients need to understand they have options for how their data is used and that they can choose to opt-out of certain CRISP services, which will prevent providers from accessing their protected health information. Opt-out options are available for all clinical data shared through CRISP services but in accordance with the law, public health reporting and Controlled Dangerous Substances information, as part of the Maryland Prescription Drug Monitoring Program (PDMP), are always available to designated personnel.

CRISP Participation Requirement

Notice of Privacy Practices Update

Each organization is required to update their Notice of Privacy Practices to reflect participation with CRISP. Below is sample language for consideration:

We have chosen to participate in the Chesapeake Regional Information System for our Patients (CRISP), a regional health information exchange serving Maryland and D.C. As permitted by law, your health information will be shared with this exchange in order to provide faster access, better coordination of care and assist providers and public health officials in making more informed decisions.

You may “opt-out” and disable access to your health information available through CRISP by calling 1-833-580-4646 or completing and submitting an Opt-Out form to CRISP by mail, fax or through their website at www.crisphealth.org. Public health reporting and Controlled Dangerous Substances information, as part of the Maryland Prescription Drug Monitoring Program (PDMP), will still be available to providers.

CRISP Participation Privacy Awareness

Best Practices

As a participant of CRISP, you have agreed to educate patients on their rights to share information through CRISP. Below is a review of the Patient and Privacy Awareness Best Practices that should be implemented prior to using CRISP services.

Update your organization’s Notice of Privacy Practices (NPP) document and email support@crisphealth.org, fax to CRISP at 443-817-9587, or email your CRISP outreach representative prior to utilizing the HIE services.

• Provide updated NPP to all patients annually.
• Place Connected to CRISP poster in reception area.
• Place patient education materials in reception area.
• Make opt-out forms available to patients.

Educate staff on CRISP services and patient request protocols for additional information Notify patients of their right to opt-out prior to reviewing their data in CRISP, or if you are following up on a recent hospitalization based on a ENS notification Create an internal policy to hold your organizations users responsible for misuse of data available in CRISP.

Patient Education

All participant intake points will be required to make materials available to patients about CRISP and their option to opt-out of CRISP services (these should be in plain view for patient but don’t need to be given to each patient individually). Opting out of CRISP will apply to all services except the Prescription Drug Monitoring Program and Public Health reporting in accordance with state law.

After signing up with CRISP, your organization will receive the following materials:

• Connected to CRISP
• Patient opt-out forms
• Patient Guide to HIE informational flyer (notify CRISP if you need a language other than English).