Regulations last checked for updates: Jan 18, 2025

Title 45 - Public Welfare last revised: Jan 16, 2025
All TitlesTitle 45Chapter APart 172Subpart B - Subpart B—Qualifications for Designation
View all text of Subpart B [§ 172.200 - § 172.202]
§ 172.201 - QHIN Designation requirements.

(a) Ownership requirements. An entity must:

(1) Be a U.S. Entity;

(2) Not be under Foreign Control.

(b) Exchange requirements. An entity must, beginning at the time of application, either directly or through the experience of its parent entity:

(1) Be capable of exchanging information among more than two unaffiliated organizations;

(2) Be capable of exchanging all Required Information;

(3) Be exchanging information for at least one Exchange Purpose authorized under TEFCA;

(4) Be capable of receiving and responding to transactions from other QHINs for all Exchange Purposes authorized under TEFCA; and

(5) Be capable of initiating transactions for the Exchange Purposes authorized under TEFCA that such entity will permit its Participants and Subparticipants to use through TEFCA Exchange.

(c) Designated Network Services requirements. An entity must:

(1) Maintain the organizational infrastructure and legal authority to operate and govern its Designated Network;

(2) Maintain adequate written policies and procedures to support meaningful TEFCA Exchange and fulfill all responsibilities of a QHIN in this part;

(3) Maintain a Designated Network that can support a transaction volume that keeps pace with the demands of network users;

(4) Maintain the capacity to support secure technical connectivity and data exchange with other QHINs;

(5) Maintain an enforceable dispute resolution policy governing Participants in the Designated Network that permits Participants to reasonably, timely, and fairly adjudicate disputes that arise between each other, the QHIN, or other QHINs;

(6) Maintain an enforceable change management policy consistent with the responsibilities of a QHIN;

(7) Maintain a representative and participatory group or groups with the authority to approve processes for governing the Designated Network;

(8) Maintain privacy and security policies that permit the entity to support TEFCA Exchange;

(9) Maintain data breach response and management policies that support meaningful TEFCA Exchange; and

(10) Maintain adequate financial and personnel resources to support all its responsibilities as a QHIN, including sufficient financial reserves or insurance-based cybersecurity coverage, or a combination of both.

authority: 42 U.S.C. 300jj-11; 5 U.S.C. 552.
source: 89 FR 101810, Dec. 16, 2024, unless otherwise noted.
cite as: 45 CFR 172.201
© 2014 CustomsMobile | Disclaimer | Privacy | About