On March 28, 2023, the Contexture Board of Directors unanimously approved changes to the Colorado HIE Governing Principles and Policies (the “Colorado Policies”). The changes represent an essential step in bringing the Colorado Policy structure closer to the Arizona HIE Policies, particularly related to permitted uses of HIE data. As Contexture moves to unify our technical infrastructure, we will also conduct more activities to align Colorado and Arizona HIE Policies as much as possible across and adopt a single, Contexture-wide set of HIE Policies within the next twelve months. 

The most notable change is the restructuring and reframing of Colorado’s Permitted Use Policies (the “PUP”). The PUP restructure adopts industry-standard terminology, including language already used in the Arizona HIE Policies, to describe how data can be used and distributed through HIEs and other information-sharing frameworks. The shift in the Colorado Policies does not impact how our Participants can use and disclose data through the HIE, nor does it affect Contexture’s ability to audit or oversee such use of the HIE. 

Next, Contexture has deprecated policy provisions that we have incorporated into our HITRUST-certified Cybersecurity Policies and the updated PUP. The deprecated policies (“Extended Policies”) imposed additional security controls and terms and conditions applicable to a subset of HIE participant categories. These controls and terms and conditions continue to exist in Contexture’s Participant Agreements and other policies. 

Additionally, we have memorialized Patient Panel/Member File and Data Provider Organization Identifier requirements in the Colorado Policies. These requirements are not new and already exist in Contexture’s participant Agreements. The Patient Panel requirement also currently exists in our Arizona Policies. Accordingly, we do not expect them to impact current or prospective participants adversely. 

Finally, Contexture folded its No Information Blocking Policy into the Colorado Policies. The No Information Blocking Policy has been in effect since 2021, and placing it in the Colorado Policies aligns with our approach in Arizona. Further, we have added provisions supporting access to HIE data subject to and protected by the Federal substance use disorder patient records regulations at 42 CFR Part 2. The new provisions stipulate requirements for Part 2 Data access (consent-based and bona fide medical emergencies) and Data submissions from Part 2 programs. The Part 2 provisions mirror those in the Arizona HIE Policies.  

The updated Governing Principles and Policies can be found here. Please direct any questions to Contexture’s compliance director at Micah.Jones@contexture.org.