(a) Each electronic data intermediary shall file an application for approval of its system with the commission on a form prescribed by the department. The form shall include but not be limited to the following information:
(1) the name and address of the applicant; and(2) the business status of the applicant (sole proprietorship, partnership, corporation, limited liability company, etc.); and (3) a description of the type of electronic data intermediary system to be used that describes:
- (A) the security safeguards;
- (B) the retention and retrieval capabilities of the system; and(C) the safeguards designed to protect patient confidentiality.
- (b) The commission, in its discretion, may require the applicant to provide a protocol that describes in detail the applicant's intended plan of operation. No applicant may change its protocol without review by the commission and approval by the department.
- (c) The department shall approve any application filed by electronic data intermediaries that the commission has reviewed and accepted as being in compliance with the provisions of sections 20-614-3 though 20-614-6, inclusive, of the Regulations of Connecticut State Agencies.
(Adopted effective August 30, 2005)