CHAPTER 318

HB 542 – FINAL VERSION

24Mar2009… 0697h

2009 SESSION

09-0467

01/10

HOUSE BILL 542

AN ACT relative to a health information exchange.

SPONSORS: Rep. T. Russell, Rock 13; Rep. Bridgham, Carr 2; Rep. Rosenwald, Hills 22; Rep. E. Merrick, Coos 2; Rep. Kurk, Hills 7; Sen. Fuller Clark, Dist 24

COMMITTEE: Health, Human Services and Elderly Affairs

ANALYSIS

This bill establishes procedures for access to health care information that is in the possession of health care providers and business associates of the health care providers by a health information exchange. Under this bill, a health care provider or a business associate of the health care provider may only disclose certain health care information if an individual so requests.

- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -

Explanation: Matter added to current law appears in bold italics.

Matter removed from current law appears [in brackets and struckthrough.]

Matter which is either (a) all new or (b) repealed and reenacted appears in regular type.

24Mar2009… 0697h

09-0467

01/10

STATE OF NEW HAMPSHIRE

In the Year of Our Lord Two Thousand Nine

AN ACT relative to a health information exchange.

Be it Enacted by the Senate and House of Representatives in General Court convened:

318:1 Patient Information. Amend the chapter heading of RSA 332-I to read as follows:

MEDICAL RECORDS AND PATIENT INFORMATION

318:2 Medical Records and Patient Information. Amend the section heading of RSA 332-I:1 to read as follows:

332-I:1 Medical Records; Definitions.

318:3 Definitions Added. RSA 332-I:1, II is repealed and reenacted to read as follows:

II. In this chapter:

(a) The following terms have the same meaning as given in the regulations under sections 262 and 264 of the Health Insurance Portability and Accountability Act of 1996 (HIPAA):

(1) Business associate;

(2) Disclosure; and

(3) Protected health information.

(b) “Health care provider” means any person, corporation, facility, or institution either licensed by this state or otherwise lawfully providing health care services, including, but not limited to, a physician, hospital, office, clinic, health center or other health care facility, dentist, nurse, optometrist, pharmacist, podiatrist, physical therapist, or mental health professional, and any officer, employee, or agent of such provider acting in the course and scope of employment or agency related to or supportive of health care services.

(c) “Health information exchange” means an entity established for the primary purpose of enabling and overseeing the exchange of protected health information for clinical decision-making purposes. The entity may operate on a regional, statewide, or multi-state basis. The entity may be developed by multiple stakeholders, including, but not limited to, the department of health and human services, a non-profit entity, or a for-profit entity. For the purpose of this chapter, “health information exchange” does not include entities solely owned and operated by health care providers, integrated delivery systems, or pharmacy exchanges.

318:4 New Section; Disclosure of Protected Health Information. Amend RSA 332-I by inserting after section 2 the following new section:

332-I:3 Use and Disclosure of Protected Health Information; Health Information Exchange.

I. Except as provided in paragraph VI, a health care provider or a business associate of a health care provider may disclose an individual’s protected health information and information about the location of the individual’s medical records to a health information exchange. Only a health care provider, for purposes of treatment, may have access to protected health information in a health information exchange.

II. A health information exchange shall adhere to the protected health information requirements for health care providers in state and federal law.

III. A health information exchange shall maintain an audit log of health care providers who access protected health information, including:

(a) The identity of the health care provider accessing the information;

(b) The identity of the individual whose protected health information was accessed by the health care provider;

(c) The date the protected health information was accessed; and

(d) The area of the record that was accessed.

IV. A health information exchange shall be certified, when federal certification standards are established, to be in compliance with nationally accepted interoperability standards and practices.

V. No person shall require a health care provider to participate in a health information exchange as a condition of payment or participation.

VI. An individual shall be given an opportunity to opt out of sharing his or her name and address and his or her protected health care information through a health information exchange.

318:5 Applicability; Certification. RSA 332-I:3, IV as inserted by section 4 of this act shall take effect upon the date when federal certification standards are established for a health information exchange and the commissioner of the department of health and human services so notifies the secretary of state and the director of legislative services.

318:6 Effective Date.

I. RSA 332-I:3, IV as inserted by section 4 of this act shall take effect as provided in section 5 of this act.

II. The remainder of this act shall take effect January 1, 2010.

Approved: August 7, 2009

Effective Date: I. RSA 332-I:3, IV as inserted by section 4 shall take effect as provided in section 5.

II. Remainder shall take effect January 1, 2010.