Consent Management Application (CMA)
Getting set up with updated Patient Opt-Out of Maryland HIEs using the CMA
Quick Navigation
Explore Topics
Other Resources
Background
Maryland Law, Chapter 798, Health Information Exchanges – Electronic Health Information – Sharing and Disclosure (2021), requires CRISP, the State-Designated Health Information Exchange (HIE), to develop and maintain a Consent Management Application (CMA). The CMA allows patients to opt out of or opt in to having their electronic health information shared or disclosed by HIEs operating in the state of Maryland, consistent with regulations adopted by the Maryland Health Care Commission (MHCC), COMAR 10.25.18.03D. HIEs registered with MHCC are required to establish bidirectional connectivity with the CMA by April 2027.
CMA Integration & Technical Guidance
CRISP commenced a planning phase for the CMA in the fall of 2025. HIEs were offered an opportunity to review and comment on iterations of the CMA technical documentation and specifications. Based on feedback received, two CMA integration options are available:
- Option 1: RESTful FHIR API
- Option 2: Daily Data File (SFTP)
Connection Agreement
CRISP is requiring HIEs to enter into a CMA Connection Agreement with CRISP before the integration process is complete.
Implementation
HIEs are encouraged to schedule a time to test integration with the CMA by May 1, 2026. CRISP will report monthly to MHCC on HIEs’ testing status and the completion of integration with the CMA.
CMA Connectivity Status
To schedule a testing dates and other questions regarding integration with the CMA, contact Meg LaMar (Megan.Lamar@crisphealth.org).
