AN ACT TO FACILITATE AND REGULATE THE DISCLOSURE OF PROTECTED HEALTH INFORMATION THROUGH A VOLUNTARY, STATEWIDE HEALTH INFORMATION EXCHANGE NETWORK. Summarized in Daily Bulletin 3/17/11, 3/31/11, and 6/15/11. Enacted June 27, 2011. Effective October 1, 2011.
Bill Summaries: S 375 FACILITATE STATEWIDE HEALTH INFO EXCHANGE.
Printer-friendly: Click to view
-
Summary date: Jun 30 2011 - View Summary
-
Bill S 375 (2011-2012)Summary date: Jun 15 2011 - View Summary
House committee substitute, reported in on 6/14/11, makes the following changes to the 2nd edition. (1) Adds a requirement that notice about the HIE Network must be given to patients on their initial visit. (2) Provides that the HIE act and the exemption from liability that it provides with respect to damages caused by the inaccurate or incomplete nature of network information apply not only to health care providers using HIE Network information but also to entities designated to contract with covered entities on behalf of the network to facilitate participation, termed qualified organizations. Makes a conforming change.
-
Bill S 375 (2011-2012)Summary date: Mar 31 2011 - View Summary
Senate committee substitute makes the following changes to 1st edition.
Expands the definition for covered entity to include any other facility or practitioner licensed by the state to provide health care services. Adds a definition for qualified organization meaning an entity designated by the NC health information exchange (HIE) to contract with covered entities on behalf of the NC HIE in order to facilitate the participation of those covered entities in the HIE Network.
Modifies the requirement that the NC HIE develop and enter into written participation agreements with covered entities that utilize the HIE Network to provide that instead of entering directly into participation agreements with covered entities, the NC HIE may enter into participation agreements with qualified organizations, which in turn, enter into participation agreements with covered entities. Also modifies the requirement that the NC HIE enter directly into a business associate contract with each of the covered entities participating in the HIE Network, providing instead that the NC HIE may enter into business associates contracts with qualified organizations, which in turn, enter into business associates contracts with covered entities.
Requires each covered entity electing to participate in the HIE Network to enter into a business associate contract and a written participation agreement with the NC HIE or qualified organization before disclosing or accessing any protected health information through the HIE Network.
Makes a conforming change.
-
Bill S 375 (2011-2012)Summary date: Mar 17 2011 - View Summary
Enacts new Article 29A, the North Carolina Health Information Exchange Act, to GS Chapter 90. Indicates the purpose is to improve the quality of health care delivery in NC by facilitating and regulating the use of a voluntary, statewide health information exchange network for the secure electronic transmission of individually identifiable health information, consistent with the Health Insurance Portability and Accountability Act (HIPAA).
Defines North Carolina Health Information Exchange (NC HIE) as the nonprofit corporation selected by the Governor to serve as the subrecipient of grant funds or as the state-designated entity named pursuant to federal law, as indicated. Defines HIE Network as the voluntary statewide health information exchange network overseen and administered by the NC HIE. Lists additional definitions applicable to proposed Article 29A. Requires that the NC HIE satisfy seven enumerated requirements, including the directive to develop and enter into written participation agreements with covered entities utilizing the HIE network, and the duty to comply with HIPAA. Clarifies that the NC HIE is not restricted from exercising any corporate powers in a manner not inconsistent with proposed Article 29A.
Requires that each covered entity participating in the HIE Network enter into a business associate contract and a written participation agreement with the NC HIE before disclosing or accessing any protected health information through the HIE Network. Also allows each participating covered entity to authorize its business associates to disclose or access protected health information on the entity’s behalf. Authorizes each covered entity participating in the HIE Network to disclose an individual’s protected health information (1) to other covered entities for any purpose permitted by HIPAA, unless the individual has opted out and (2) to facilitate emergency medical treatment to the individual, subject to specified limitations. Provides that any health care provider relying in good faith on information obtained through the HIE Network will not be criminally or civilly liable for damages caused by inaccurate or incomplete information.
States that each individual has the continuing right to opt out or rescind a decision to opt out, and directs the NC HIE to enforce the individual’s decision prospectively from the date the NC HIE receives notice. Prohibits a covered entity from denying treatment or benefits to an individual who opted out. Provides that the protected health information of an individual who opted out will not be disclosed to covered entities for any purpose, with the following exceptions: (1) the information may be disclosed to facilitate emergency medical treatment to the individual if specified criteria are met and (2) the information may be disclosed for public health purposes or research purposes if such disclosure is permitted by HIPAA and state law.
Clarifies that proposed Article 29A does not: (1) impair rights conferred under HIPAA, including six enumerated rights; (2) authorize disclosure of protected health information if the disclosure is restricted by federal laws or regulations; (3) restrict authorized disclosures for public health and research purposes; and (4) prohibit the NC HIE or any participating covered entity from storing electronically the protected health information of an individual who opted out, provided the information remains undisclosed and unused as required. Also clarifies that proposed Article 29A applies only to disclosures of protected health information made through the HIE Network.
Details the following possible penalties for a covered entity that discloses protected health information: (1) any civil or criminal penalty, or both, may be imposed pursuant to federal law; (2) any civil remedy under federal law; (3) disciplinary action by the relevant licensing board or regulatory agency; (4) any penalty authorized by the Identity Theft Protection Act; and (5) any other civil or administrative remedy.
Effective October 1, 2011.