CRISP Proposes Changes to the Policies and Procedures

To date, the CRISP Policies and Procedures have been updated based on the evolution of the company. As a result, we have heard feedback that the document could be easier to understand. We have undertaken a comprehensive restructuring to make the document more cohesive and understandable for our Participants. Because of the significant restructuring, we are not providing a redline of the document. Instead, below we provide the significant changes.

  • Providing more background on CRISP and its services, including an explanation of the role of CRISP Shared Services;
  • Deleting the section on the definition of “majority,” because it is explained in the Participation Agreement;
  • Updating the section on external health information exchange (HIE) participation to (1) more accurately reflect participation in the National Networks; and (2) remove the requirement that CRISP provide notice to Participants before entering into external HIE agreements, which would be impracticable with the federal government’s plan for the Technical Exchange Framework and Common Agreement (“TEFCA”);
  • Re-drafting sections related to compliance with Information Blocking, including policies on individual access;
  • Introducing a policy for dispute resolution; and
  • Stating CRISP’s procedures for requests for data from Participants or their Business Associates.

The Policies and Procedures are otherwise substantively the same, although the headings and order may have changed.

These changes should be reviewed by both participant legal counsel and privacy and security officers.

CRISP is accepting comments on these changes for 30 days. Once comments have been reviewed, the final version of the document will be posted to the CRISP website (no later than 60 days post comment period). Please email Nichole Sweeney ( with any comments by 5 p.m. on 8/11/23. Click here to download the Draft Policies and Procedures.