Site Map Icon
RSS Feed icon
December 14, 2017

Board of Directors

Sammy Fox - President  president3523@gmail.com

James Witt - Vice President  jamesjwitt@gmail.com

Erik Baskin - Secretary  erikbaskin@charter.net

Eric Lokkart - Treasurer  3523treasurer@gmail.com

Jody Larson - Sergeant at Arms  jnjlarson@charter.net

Armondo Gutierrez - Director  agutierrez@slocityfirefighters.org

Alec Flatos - Director  flatos@me.com

John MacDonald - Director  jmacboys@gmail.com

Matt Polkow - Director mpolkow@gmail.com

Medical Records Confidentiality
Posted On: May 15, 2006

The Medical Records Confidentiality Act Of 1995
From the 'Lectric Law Library's stacks
The Medical Records
Confidentiality Act of 1995




Line
[Full Act Below]

STATEMENTS ON INTRODUCED BILLS AND JOINT RESOLUTIONS (Senate - October
24, 1995)

Mr. BENNETT. Mr. President, today I am introducing the Medical Records
Confidentiality Act of 1995. This legislation is one of the many small
steps that are needed to reform our health care system. I am pleased
that a number of my Republican and Democratic colleagues have joined me
in cosponsoring this legislation.

 I can think of few other areas in our lives that are more personal and
private than is our medical history. Each of us has a relationship with
our doctors, nurses, pharmacists, and other health care professionals
that is unique and privileged. They may know things about us that we
choose not to tell our spouses, children, siblings, parents, or our
closest friends. While our medical records may contain nothing out of
the ordinary, to us these records should be strictly personal.

 1360  aims, first, to provide Americans with greater control over their
medical records in terms of confidentiality, access, and security, and
second, to provide the health care system with a Federal standard for
handling identifiable health information.

 Most Americans believe their medical records are protected in terms of
confidentiality under Federal law. Most Americans are mistaken.
Protecting the confidentiality of our medical records is an expectation
that is yet to be guaranteed as a right. This legislation is an
opportunity for Congress to act in a bipartisan manner to resolve an
important problem within our health care system. Today over 80 percent
of our medical records are paper based; however, in the not too distant
future all of our medical records will be electronic based.

 In my opinion and in the opinion of a number of outside groups such as
the Center for Democracy and Technology, American Health Information
Management Association, International Business Machines Corporation,
Blue Cross and Blue Shield Association, and the American Hospital
Association, it is time to put into place the safeguards and security
measures needed to protect the integrity and confidentiality of our
medical records.

 Patients should be assured that the treatment they receive is a matter
between themselves and their doctor, regardless if it's  a yearly
physical, psychiatric evaluation, plastic surgery, or cancer treatment.
The majority of patients agree that treatment and billing are the two
appropriate uses of medical records. This legislation provides patients
the right to limit disclosure of medical records for purposes other than
treatment and billing and requires separate authorization forms for
treatment, billing and other kinds of disclosures. It also requires
providers to keep a record of those to whom they disclose information.

 In the hospital, most patients are unaware that their records are
accessible to almost any health care provider walking into their room or
almost any hospital employee with a computer who can gain access to the
hospital's  computer system. There are a number of doctors and nurses
who refuse to be treated in the hospital where they practice medicine
because they know that with a stroke of a keyboard their colleagues will
know why they are in the hospital and know they are being treated.

 One of the most important issues this legislation addresses is that of
access to personal medical records. It is difficult for most of us to
understand that in many instances individuals may have great difficulty
gaining access to their own medical records. There are no Federal laws
regarding access to medical records and only a few States allow patients
the right to review and copy their medical records. In many instances,
if the medical record is incorrect the patient never has the opportunity
to address those errors. This legislation would allow individuals not
only access to their records but also the opportunity to address any
errors.

 This legislation will enable organizations and entities involved in
providing health care, or who act as contractors or agents to providers,
to abide by one standard for confidentiality. Our health care system
grows more complex and sophisticated with each year. Having one standard
will simplify the business of health care, reduce the cost of complying
with 50 state standards and allow the continuation of research that will
improve the efficiency of our health care system.


MEDICAL RECORDS PRIVACY ACT OF 1995

IN THE SENATE OF THE UNITED STATES

October 24, 1995

 Mr. BENNETT (for himself, Mr. DOLE, Mr. LEAHY, Mrs. KASSEBAUM, Mr.
KENNEDY, Mr. FRIST, Mr. SIMON, Mr. HATCH, Mr. GREGG, Mr. STEVENS, Mr.
JEFFORDS, Mr. KOHL, Mr. DASCHLE, and Mr. FEINGOLD)
introduced the following bill; which was read twice and referred to the
Committee on Labor and Human Resources
=======

A BILL
To ensure personal privacy with respect to medical records and health
care-related information, and for other purposes.

Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

(a) SHORT TITLE. This Act may be cited as the "MEDICAL RECORDS
CONFIDENTIALITY Act of 1995".

(b) TABLE OF CONTENTS. The table of contents for this Act is as
follows:

SEC. 1. Short title; table of contents.
SEC. 2. Purpose.
SEC. 3. Definitions.

TITLE I INDIVIDUAL'S RIGHTS

SUBTITLE A  REVIEW OF PROTECTED HEALTH INFORMATION BY SUBJECTS OF THE
          INFORMATION
SEC. 101. Inspection and copying of protected health information.
SEC. 102. Correction or amendment of protected health information.
SEC. 103. Notice of information practices.

SUBTITLE B  ESTABLISHMENT OF SAFEGUARDS
SEC. 111. Establishment of safeguards.
SEC. 112. Accounting for disclosures.

TITLE II RESTRICTIONS ON USE AND DISCLOSURE
SEC. 201. General rules regarding use and disclosure.
SEC. 202. Authorizations for disclosure of protected health information
          for treatment or payment.
SEC. 203. Authorizations for disclosure of protected health information,
          other than for treatment or payment.
SEC. 204. Health information services.
SEC. 205. Next of kin and directory information.
SEC. 206. Emergency circumstances.
SEC. 207. Oversight.
SEC. 208. Public health.
SEC. 209. Health research.
SEC. 210. Judicial and administrative purposes.
SEC. 211. Non-law enforcement subpoenas.
SEC. 212. Law enforcement.
SEC. 213. Standards for electronic disclosures.

TITLE III SANCTIONS

SUBTITLE A CIVIL SANCTIONS
SEC. 301. Civil penalty.
SEC. 302. Civil action.

SUBTITLE B CRIMINAL SANCTIONS
SEC. 311. Wrongful disclosure of protected health information.

TITLE IV MISCELLANEOUS
SEC. 401. Relationship to other laws.
SEC. 402. No liability for permissible disclosures.
SEC. 403. Effective date.


SEC. 2. PURPOSE.

The purpose of this Act is to

    (1) establish strong and effective mechanisms to protect the privacy
of persons with respect to personally identifiable health care
information that is created or maintained as part of health treatment,
diagnosis, enrollment, payment, testing, or research processes;

    (2) promote the efficiency and security of the health information
infrastructure so that members of the health care community may more
effectively exchange and transfer health information in a manner that
will ensure the confidentiality of personally identifiable health
information; and

    (3) establish strong and effective remedies for violations of this
Act.

SEC. 3. DEFINITIONS.

As used in this Act:

    (1) CERTIFIED HEALTH INFORMATION SERVICE. The term "certified health
information service" means a health information service that receives
personally identifiable health information for the purpose of creating
nonidentifiable health information and has been certified by the
Secretary pursuant to section 204(b).

    (2) CERTIFIED INSTITUTIONAL REVIEW BOARD. The term "certified
institutional review board" means an institutional review board that has
been certified by the Secretary pursuant to section 209(d).

    (3) DISCLOSE. The term "disclose" means to release, transfer, or
otherwise divulge protected health information to any person other than
the individual who is the subject of such information.

    (4) HEALTH CARE. The term "health care" means
        (A)(i) preventive, diagnostic, therapeutic, rehabilitative,
maintenance, or palliative care, counseling, service, or procedure
            (I) with respect to the physical or mental condition of an
individual; or
            (II) affecting the structure or function of the human body
or any part of the human body; or
        (ii) any sale or dispensing of a drug, device, equipment, or
other item to an individual, or for the use of an individual, pursuant
to a prescription.

    (5) HEALTH CARE PROVIDER. The term "health care provider" means a
person who, with respect to a specific item of protected health
information, receives, creates, uses, maintains, or discloses the
information while acting in whole or in part in the capacity of
        (A) a person who is licensed, certified, registered, or
otherwise authorized by law to provide an item or service that
constitutes health care, in the ordinary course of business or practice
of a profession;
        (B) a Federal or State program that directly provides items or
services that constitute health care to beneficiaries; or
        (C) an officer or employee of a person described in subparagraph
(A) or (B).

    (6) HEALTH INFORMATION SERVICE. The term "health information
service" means a person that
        (A) uses protected health information to provide services to
health information trustees for purposes authorized under the Act;
        (B) facilitates the transfer and exchange of protected health
information between health information trustees; c processes protected
health information into standard format for transfer and exchanges
between health information trustees;
        (D) facilitates authorized access to protected health
information; or
        (E) transforms protected health information into nonidentifiable
health information.

    (7) HEALTH INFORMATION TRUSTEE.
        (A) IN GENERAL. The term "health information trustee" means
            (i) a health care provider, health plan, health oversight
agency, health researcher, public health authority, employer, insurer,
school or university, or health information service insofar as it
creates, receives, obtains, maintains, uses, or transmits protected
health information;
            (ii) any person who obtains protected health information
under sections 206, 207, 208, 209, 210, 211, or 212; or
            (iii) any employee, agent, or contractor of a person covered
under clause (i) or (ii) insofar as such employee, agent, or contractor
creates, receives, obtains, maintains, uses, or transmits protected
health information.
        (B) DUTIES AND RESPONSIBILITIES. The duties and responsibilities
of a health information trustee shall be negotiated between the trustee
and any agent or contractor of the trustee.

    (8) HEALTH OVERSIGHT AGENCY. The term "health oversight agency"
means a person who
        (A) performs or oversees the performance of an assessment,
evaluation, determination, or investigation relating to the licensing,
accreditation, or certification of health care providers; or
        (B)(i) performs or oversees the performance of an assessment,
evaluation, determination, investigation, or prosecution relating to
compliance with legal, fiscal, medical, or scientific standards relating
to
            (I) the delivery of or payment for, health care, health
services or equipment, or health research; or
            (II) health care fraud or fraudulent claims regarding health
care, health services or equipment, or related activities and items; and
        (ii) is a public agency, acting on behalf of a public agency,
acting pursuant to a requirement of a public agency, or carrying out
activities under a Federal or State law governing the assessment,
evaluation, determination, investigation, or prosecution described in
clause (i).

    (9) HEALTH PLAN. The term "health plan" means any health insurance
plan, including any hospital or medical service plan, dental or other
health service plan or health maintenance organization plan, or other
program providing health benefits, whether or not funded through the
purchase of insurance.

    (10) HEALTH RESEARCHER. The term "health researcher" means a person
who, with respect to a specific item of protected health information,
receives the information
        (A) pursuant to section 209 (relating to health research); or
        (B) while acting in whole or in part in the capacity of an
officer or employee of a person described in subparagraph (A).

    (11) INDIVIDUAL REPRESENTATIVE. The term "individual representative"
means any individual legally empowered to make decisions concerning the
provision of health care to an individual (where the individual lacks
the legal capacity under State law to make such decisions) or the
administrator or executor of the estate of a deceased individual.

    (12) LAW ENFORCEMENT INQUIRY. The term "law enforcement inquiry"
means a lawful investigation or official proceeding inquiring into a
violation of, or failure to comply with, any criminal or civil statute
or any regulation, rule, or order issued pursuant to such a statute.

    (13) PERSON. The term "person" means a government, governmental
subdivision, agency or authority; corporation; company; association;
firm; partnership; society; estate; trust; joint venture; individual;
individual representative; and any other legal entity.

    (14) PROTECTED HEALTH INFORMATION. The term "protected health
information" means any information, including demographic information
collected from an individual, whether oral or recorded in any form or
medium, that

        (A) is created or received by a health information trustee; and
        (B)(i) relates to the past, present, or future physical or
mental health or condition of an individual, the provision of health
care to an individual, or the past, present, or future payment for the
provision of health care to an individual; and
          (ii)(I) identifies an individual; or
          (II) with respect to which there is a reasonable basis to
believe that the information can be used to identify an individual.

    (15) PUBLIC HEALTH AUTHORITY. The term "public health authority"
means an authority or instrumentality of the United States, a State, or
a political subdivision of a State that is

        (A) responsible for public health matters; and
        (B) engaged in such activities as injury reporting, public
health, surveillance, and public health investigation or intervention.

    (16) SECRETARY. The term "Secretary" means the Secretary of Health
and Human Services.

    (17) STATE. The term "State" includes the District of Columbia,
Puerto Rico, the Virgin Islands, Guam, American Samoa, and the Northern
Mariana Islands.

    (18) WRITING. The term "writing" means writing in either a paper-
based or computer-based form, including electronic signatures.


TITLE I INDIVIDUAL'S RIGHTS

SUBTITLE A  REVIEW OF PROTECTED HEALTH INFORMATION BY SUBJECTS OF THE
INFORMATION

SEC. 101. INSPECTION AND COPYING OF PROTECTED HEALTH INFORMATION.

(a) IN GENERAL. Except as provided in subsection (b), a health
information trustee shall permit an individual who is the subject of
protected health information or the individual's designee, to inspect
and copy protected health information concerning the individual,
including records created under section 102 that the trustee maintains.
A health information trustee may require an individual to reimburse the
trustee for the cost of such inspection and copying.

(b) EXCEPTIONS. A health information trustee is not required by this
section to permit inspection or copying of protected health information
if any of the following conditions are met:

    (1) ENDANGERMENT TO LIFE OR SAFETY. The trustee determines that
disclosure of the information could reasonably be expected to endanger
the life or physical safety of any individual.

    (2) CONFIDENTIAL SOURCE. The information identifies or could
reasonably lead to the identification of a person who provided
information under a promise of confidentiality to a health care provider
concerning the individual who is the subject of the information.

    (3) ADMINISTRATIVE PURPOSES. The information
        (A) is used by the trustee solely for administrative purposes
and not in the provision of health care or the administration of
benefits to the individual who is the subject of the information; and
        (B) has not been disclosed by the health information trustee to
any other person.

(c) INSPECTION AND COPYING OF SEGREGABLE PORTION. A health information
trustee shall permit inspection and copying under subsection (a) of any
reasonably segregable portion of a record after deletion of any portion
that is exempt under subsection (b).

(d) DEADLINE. A health information trustee shall comply with or deny
(with a statement of the reasons for such denial) a request for
inspection or copying of protected health information under this section
within the 30-day period beginning on the date on which the trustee
receives the request.

SEC. 102. CORRECTION OR AMENDMENT OF PROTECTED HEALTH INFORMATION.

(a) IN GENERAL. A health information trustee shall within the 45-day
period beginning on the date on which the trustee receives from an
individual a written request to correct or amend information-

    (1) make the correction or amendment requested;
    (2) inform the individual of the correction or amendment that has
been made; and
    (3) make reasonable efforts to inform any person who is identified
by the individual, who is not an officer, employer, or agent of the
trustee, and to whom the uncorrected or unamended portion of the
information was previously disclosed, of the correction or amendment
that has been made.

(b) REFUSAL TO CORRECT OR AMEND. If the health information trustee
refuses to make the correction or amendment, the trustee shall inform
the individual of

    (1) the reasons for the refusal to make the correction or amendment;
    (2) any procedures for further review of the refusal; and
    (3) the individual's right to file with the trustee a concise
statement setting forth the requested correction or amendment and the
individual's reasons for disagreeing with the refusal.

(c) STATEMENT OF DISAGREEMENT. After an individual has filed a statement
of disagreement under subsection (b)(3), the health information trustee
in any subsequent disclosure of the disputed portion of the information
    (1) shall include a copy of the individual's statement; and
    (2) may include a concise statement of the reasons for not making
the requested correction or amendment.

(d) RULE OF CONSTRUCTION. This section shall not be construed to require
a health information trustee to conduct a formal, informal, or other
hearing or proceeding concerning a request for a correction or amendment
to protected health information.

(e) CORRECTION. For purposes of subsection (a), a correction is deemed
to have been made to protected health information when information that
has been disputed by an individual has been corrected, clearly marked as
incorrect, or supplemented by correct information.

SEC. 103. NOTICE OF INFORMATION PRACTICES.

(a) PREPARATION OF WRITTEN NOTICE. A health information trustee other
than a health information service shall provide, in a clear and
conspicuous manner, written notice of the trustee's information
practices, including a description of the trustee's health information
practices, including notice of individual rights with respect to
protected health information.

(b) MODEL NOTICE. The Secretary, after notice and opportunity for public
comment, shall develop and disseminate model notices of information
practices for use under this section.

SUBTITLE B ESTABLISHMENT OF SAFEGUARDS
SEC. 111. ESTABLISHMENT OF SAFEGUARDS.

(a) IN GENERAL. A health information trustee shall establish and
maintain appropriate administrative, technical, and physical safeguards
to ensure the confidentiality, security, accuracy, and integrity of
protected health information created, received, obtained, maintained,
used or transmitted by the trustee.

(b) REGULATIONS.
    (1) PROMULGATION.
        (A) IN GENERAL. In promulgating regulations under this Act, the
Secretary shall follow the procedures authorized under sections 581
through 590 of title 5, United States Code.

        (B) ADVISORY GROUP.
            (i) DETERMINATION BY THE SECRETARY. If the Secretary
determines that a negotiated rulemaking committee shall not be
established as permitted by section 583 of title 5, United States Code,
the Secretary shall appoint and consult with an advisory group of
knowledgeable individuals.
            (ii) MEMBERSHIP. The advisory group shall consist of at
least 7 but no more than 12 individuals including representatives of
            (I) health care professionals and health care entities;
            (II) health care consumers;
            (III) third party payors/administrators; and
            (IV) privacy advocates.
            (iii) RESPONSIBILITIES. The advisory group shall review all
proposed rules and regulations and submit recommendations to the
Secretary. The advisory group shall also assist the Secretary in
establishing the standards for compliance with rules and regulations, in
developing an annual report to the Congress on the status of the
requirements set forth in this Act, their cost impact, and any
recommendations for modifications in order to ensure efficient and
confidential electronic data interchange of individually identifiable
health care information.

    (2) CONSULTATION. The Secretary may promulgate regulations in
consultation with privacy, industry, and consumer groups.

SEC. 112. ACCOUNTING FOR DISCLOSURES.

(a) IN GENERAL. A health information trustee shall create and maintain,
with respect to any protected health information disclosure that is not
related to treatment, a record of the disclosure in accordance with
regulations issued by the Secretary.

(b) RECORD OF DISCLOSURE PART OF PROTECTED HEALTH INFORMATION.  A record
created and maintained under subsection (a) shall be maintained as
protected health information for not less than 7 years.


TITLE II RESTRICTIONS ON USE AND DISCLOSURE
SEC. 201. GENERAL RULES REGARDING USE AND DISCLOSURE.

(a) GENERAL RULE. A health information trustee may not disclose
protected health information except as authorized under this title.

(b) SCOPE OF DISCLOSURE.
    (1) COMPATIBILITY TO PURPOSE. Protected health information may not
be used or disclosed to any person unless the use or disclosure is
compatible with and related to the purposes for which the information
was obtained.
    (2) LIMITATION ON INFORMATION. Every disclosure of protected health
information by a health information trustee shall be limited to the
minimum amount of information necessary to accomplish the purpose for
which the information is disclosed.

(c) NO GENERAL REQUIREMENT TO DISCLOSE. Nothing in this title that
permits a disclosure of health information shall be construed to require
such disclosure.

(d) IDENTIFICATION OF DISCLOSED INFORMATION AS PROTECTED
INFORMATION. Except as provided in this title, a health information
trustee may not disclose protected health information unless such
information is clearly identified as protected health information that
is subject to this title.

(e) INFORMATION IN WHICH PROVIDERS ARE IDENTIFIED. The Secretary shall
issue regulations protecting information identifying providers in order
to promote the availability of health care services.

SEC. 202. AUTHORIZATIONS FOR DISCLOSURE OF PROTECTED HEALTH INFORMATION
FOR TREATMENT OR PAYMENT.

(a) WRITTEN AUTHORIZATIONS. A health information trustee may disclose
protected health information for purposes of treatment or payment
pursuant to an authorization executed by the individual who is the
subject of the information (or a person acting for the individual
pursuant to State law) if each of the following requirements is met:

    (1) WRITING. The authorization is in writing or electronically
authenticated, signed by the individual who is the subject of the
information, and dated.

    (2) SEPARATE FORM. Separate forms authorizing disclosures for
treatment and payment processes are provided to the individual.
    (3) INFORMATION DESCRIBED. The information to be disclosed is
specified, or is described in the authorization.

    (4) TRUSTEE DESCRIBED. The trustee who is authorized to disclose
such information is specifically identified, or is described in the
authorization.

    (5) RECIPIENT DESCRIBED. The person to whom the information is to be
disclosed is specifically identified, or is described in the
authorization.

    (6) RIGHT TO REVOKE OR AMEND. The authorization contains an
acknowledgement that the individual who is the subject of the
information has the right to revoke or amend the authorization.

    (7) STATEMENT OF INTENDED DISCLOSURES. The authorization contains an
acknowledgment that the individual who is the subject of the information
has read a statement of the disclosures that the person who receives the
protected health information intends to make.

    (8) INFORMATION RESTRICTED. The authorization includes a proviso
that the information will be disclosed solely for a purpose that is
compatible with and related to the purposes for which the information
was collected or received by the trustee.

    (9) EXPIRATION DATE SPECIFIED. The authorization specifies a date or
event at which the authorization expires.

(b) REVOCATION OR AMENDMENT OF AUTHORIZATION.
    (1) IN GENERAL. The authorization contains an acknowledgment that
the individual may in writing revoke or amend an authorization described
in subsection (a), at any time, except that with respect to disclosure
of protected health information to permit validation of expenditures for
health care that has previously been authorized the authorization may
not be revoked.
    (2) NOTICE OF REVOCATION. A health information trustee who discloses
protected health information pursuant to an authorization described in
subsection (a) that has been revoked shall not be subject to any
liability or penalty under this Act if the trustee had no actual or
constructive notice of the revocation.

(c) MODEL AUTHORIZATIONS. The Secretary, after notice and opportunity
for public comment, shall develop and disseminate model written
authorizations of the type described in subsection (a) and model
statements of intended disclosures of the type described in subsection
(a)(6).

(d) COPY. A health information trustee who discloses protected health
information pursuant to an authorization under this section shall
maintain a copy of the authorization.

SEC. 203. AUTHORIZATIONS FOR DISCLOSURE OF PROTECTED HEALTH INFORMATION,
OTHER THAN FOR TREATMENT OR PAYMENT.

(a) WRITTEN AUTHORIZATIONS. A health information trustee may disclose
protected health information pursuant to an authorization executed by
the individual who is the subject of the information if the following
conditions are met:
    (1) GENERAL REQUIREMENTS. The requirements of section 202(a) (1)
through (6) are met.
    (2) STATEMENT OF INTENDED DISCLOSURES. The statement of intended
disclosure shall be in writing, on a form that is separate from the
authorization for disclosure, and shall be received by the individual
authorizing the disclosure on or before the date the authorization is
executed.
    (3) AUTHORIZATION NOT REQUESTED IN CONNECTION WITH PROVISION OF
HEALTH CARE. The authorization is not requested on a day on which the
trustee provides health care to the individual requested to provide the
authorization.
    (4) EXPIRATION DATE SPECIFIED. The authorization specifies a date or
event upon which the authorization expires, which shall not exceed 1
year from the date of the execution of the authorization.

(b) LIMITATION ON AUTHORIZATIONS. A health information trustee may not
condition delivery of treatment or payment for services on the receipt
of an authorization described in subsection (a).

(c) REVOCATION OR AMENDMENT OF AUTHORIZATION.
    (1) IN GENERAL. An individual may in writing revoke or amend an
authorization described in subsection (a).
    (2) NOTICE OF REVOCATION. A health information trustee who discloses
protected health information pursuant to an authorization that has been
revoked shall not be subject to any liability or penalty under this
title if the trustee had no actual or constructive notice of the
revocation.

(d) MODEL AUTHORIZATIONS. The Secretary, after notice and opportunity
for public comment, shall develop and disseminate model written
authorizations of the type described in subsection (a) and model
statements of the intended disclosures of the type described in
subsection (a)(2).

(e) AUTHORIZATION NOT REQUIRED. This section does not apply to sections
204, 205, 206, 207, 208, 209, 210, 211, and 212.

SEC. 204. CREATION OF NONIDENTIFIABLE INFORMATION.

(a) CREATION OF NONIDENTIFIABLE INFORMATION. A health information
trustee may disclose protected health information to a certified health
information service for the purpose of creating nonidentifiable health
information.

(b) CERTIFICATION OF HEALTH INFORMATION SERVICES.
    (1) REGULATIONS. The Secretary, after notice and opportunity for
public comment, shall issue regulations establishing certification
requirements for health information services under this title. Such
regulations shall include requirements that the health information
service establish and maintain appropriate administrative, technical,
and physical safeguards to ensure the confidentiality, security,
accuracy, and integrity of protected health information.
    (2) CERTIFICATION. The Secretary shall certify a health information
service that meets the certification requirements established by the
Secretary under paragraph (1).

SEC. 205. NEXT OF KIN AND DIRECTORY INFORMATION.

(a) NEXT OF KIN. A health care provider, or a person who receives
protected health information under section 206, may disclose protected
health information regarding an individual to the individual's next of
kin, to an individual representative of the individual, or to an
individual with whom that individual has a significant personal
relationship if

    (1) the individual who is the subject of the information
        (A) has been notified of the individual's right to object and
has not objected to the disclosure;
        (B) is not competent to be notified about the right to object;
or
        (C) exigent circumstances exist such that it would not be
practicable to notify the individual of the right to object; and

    (2) the information disclosed relates to health care currently being
provided to that individual.

(b) DIRECTORY INFORMATION.
    (1) DISCLOSURE. Except as provided in paragraph (2), a health
information trustee may disclose the information described in
subparagraph (B) to any person if

        (A) the individual who is the subject of the information
            (i) has been notified of the individual's right to object
and has not objected to the disclosure;
            (ii) is not competent to be notified about the right to
object; or
            (iii) exigent circumstances exist such that it would not be
practicable to notify the individual of the right to object; and

        (B) the information consists only of 1 or more of the following
items:
            (i) the name of the individual who is the subject of the
information;
            (ii) the general health status of the individual, described
as critical, poor, fair, stable, or satisfactory or in terms denoting
similar conditions; and
            (iii) the location of the individual on premises controlled
by a provider.

    (2) EXCEPTION. If disclosure of the location of the individual
reveals specific information about the physical or mental condition of
the individual, the individual must expressly authorize such disclosure.

(c) DECEASED INDIVIDUAL.
    (1) IDENTIFICATION. A health information trustee may disclose
protected health information if necessary to assist in the
identification of a deceased individual.
    (2) REGULATIONS. The Secretary shall develop and establish through
regulation a procedure for obtaining protected health information
relating to a deceased individual when there is no individual
representative for such individual.

SEC. 206. EMERGENCY CIRCUMSTANCES.
Any person who receives protected health information under this title
may disclose protected health information in emergency circumstances
when necessary to protect the health or safety of an individual from
serious, imminent harm.

SEC. 207. OVERSIGHT.

(a) IN GENERAL. A health information trustee may disclose protected
health information to a health oversight agency for an oversight
function authorized by law.

(b) USE IN ACTION AGAINST INDIVIDUALS. Protected health information
about an individual that is disclosed under this section may not be used
in, or disclosed to any person for use in, an administrative, civil, or
criminal action or investigation directed against the individual unless
the action or investigation arises out of and is directly related to
    (1) receipt of health care or payment for health care; or
    (2) an action involving a fraudulent claim related to health.

SEC. 208. PUBLIC HEALTH.

A health care provider, health plan, health researcher, public health
authority, employer, insurer, school or university, or certified health
information network service, or person who receives protected health
information under section 206, may disclose protected health information
to a public health authority or other person authorized by law for use
in a legally authorized
    (1) disease or injury report;
    (2) public health surveillance; or
    (3) public health investigation or intervention.

SEC. 209. HEALTH RESEARCH.

(a) IN GENERAL. A health information trustee may disclose protected
health information to a health researcher if a certified institutional
review board determines that the research project engaged in by the
health researcher
    (1) requires use of the protected health information for the
effectiveness of the project; and
    (2) is of sufficient importance to outweigh the intrusion into the
privacy of the individual who is the subject of the information that
would result from the disclosure.

(b) OBLIGATIONS OF RECIPIENT. A person who receives protected health
information pursuant to subsection (a)--
    (1) shall remove or destroy, at the earliest opportunity consistent
with the purposes of the project, information that would enable an
individual to be identified, unless
        (A) a certified institutional review board has determined that
there is a health or research justification for retention of such
identifiers; and
        (B) there is an adequate plan to protect the identifiers from
disclosure that is inconsistent with this section; and
    (2) shall use protected health information solely for purposes of
the health research project for which disclosure was authorized by a
certified institutional review board under subsection (a).

(c) SPECIAL RULE FOR RESEARCHERS OTHER THAN ACADEMIC CENTERS OR HEALTH
CARE FACILITIES. If a health researcher is not located in an academic
center, a health care facility or public health agency, the
determinations required by a certified institutional review board shall
be approved by the Secretary before the determination is issued.

(d) CERTIFICATION OF INSTITUTIONAL REVIEW BOARDS.
    (1) REGULATIONS. The Secretary, after notice and opportunity for
public comment, shall issue regulations establishing certification
requirements for institutional review boards under this title. Such
regulations shall be based on regulations issued under section 491(a) of
the Public Health Service Act. The regulations shall ensure that
institutional review boards certified under this paragraph have the
qualifications to assess and protect the confidentiality of research
subjects.
    (2) CERTIFICATION. The Secretary shall certify an institutional
review board that meets the certification requirements established by
the Secretary under paragraph (1).

SEC. 210. JUDICIAL AND ADMINISTRATIVE PURPOSES.

(a) IN GENERAL. A health care provider, health plan, health oversight
agency, employer, school, university, insurer, or person who receives
protected health information under section 206, may disclose protected
health information

    (1) pursuant to the Federal Rules of Civil Procedure, the Federal
Rules of Criminal Procedure, or comparable rules of other courts or
administrative agencies, in connection with litigation or proceedings to
which the individual who is the subject of the information is a party
and in which the individual has placed his or her physical or mental
condition at issue;
    (2) to a court, and to others ordered by the court, if the protected
health information is developed in response to a court- ordered physical
or mental examination; or
    (3) pursuant to a law requiring the reporting of specific medical
information to law enforcement authorities.

(b) OBLIGATIONS OF RECIPIENT. A person seeking protected health
information pursuant to subsection (a)--

    (1) shall notify the individual or the individual's attorney of the
request for the information;
    (2) shall provide the health information trustee with a signed
document attesting
        (A) that the individual has placed his or her physical or mental
condition at issue in litigation or proceedings in which the individual
is a party; and
        (B) the date on which the individual or the individual's
attorney was notified under paragraph (1); and
    (3) shall not accept any requested protected health information from
the trustee until the termination of the 10-day period beginning on the
date notice was given under paragraph (1).

SEC. 211. NON-LAW ENFORCEMENT SUBPOENAS.

(a) IN GENERAL. A health care provider, health plan, health oversight
agency, employer, insurer, school or university, or person who receives
protected health information under section 206, may disclose protected
health information under this section if the disclosure is pursuant to a
subpoena issued on behalf of a party who has complied with the access
provisions of subsection (b).

(b) ACCESS PROCEDURES. A person may not obtain protected health
information about an individual pursuant to a subpoena unless-

    (1) a copy of the subpoena together with a notice of the
individual's right to challenge the subpoena in accordance with
subsection c, has been served upon the individual on or before the date
of return of the subpoena; and
    (2)(A) 15 days have passed since the date of service on the
individual, and within that time period the individual has not indicated
a challenge in accordance with subsection c(1); or
    (B) disclosure is ordered by a court under subsection (c)(2).

(c) CHALLENGE PROCEDURES.
    (1) MOTION TO QUASH SUBPOENA. After service of a copy of the
subpoena seeking protected health information under subsection (b), the
individual who is the subject of the protected health information may
file in any court of competent jurisdiction a motion to quash the
subpoena.

    (2) STANDARD FOR DECISION.
        (A) IN GENERAL. The court shall grant a motion under paragraph
(1) unless the respondent demonstrates that
            (i) there is reasonable ground to believe the information is
relevant to a lawsuit or other judicial or administrative proceeding;
and
            (ii) the need of the respondent for the information
outweighs the privacy interest of the individual.
        (B) CRITERIA FOR DECISION. In determining whether the need of
the respondent for the information outweighs the privacy interest of the
individual, the court shall consider-
            (i) the particular purpose for which the information was
collected;
            (ii) the degree to which disclosure of the information would
embarrass, injure, or invade the privacy of the individual;
            (iii) the effect of the disclosure on the individual's
future health care;
            (iv) the importance of the information to the lawsuit or
proceeding; and
            (v) any other relevant factor.

    (3) ATTORNEY'S FEES. In the case of a motion brought under paragraph
(1) in which the individual has substantially prevailed, the court may
assess against the respondent a reasonable attorney's fee and other
litigation costs and expenses (including expert fees) reasonably
incurred.

SEC. 212. LAW ENFORCEMENT.

(a) GOVERNMENT SUBPOENAS AND WARRANTS.

    (1) IN GENERAL. A health information trustee shall disclose
protected health information under this section if the disclosure is
pursuant to
        (A) a subpoena issued under the authority of a grand jury; or
        (B) an administrative subpoena or summons or a judicial subpoena
or warrant, which meets the conditions of paragraph (2).

    (2) PROBABLE CAUSE REQUIREMENT. A government authority may not
obtain protected health information about an individual under paragraph
(1) for use in a law enforcement inquiry unless there is probable cause
to believe that the information is relevant to a legitimate law
enforcement inquiry being conducted by the government authority.

    (3) WARRANTS. A government authority that obtains protected health
information about an individual pursuant to a warrant shall, not later
than 30 days after the date the warrant was executed, serve the
individual with, or mail to the last known address of the individual, a
notice that protected health information about the individual was
obtained, together with a notice of the individual's right to challenge
the warrant.

    (4) SUBPOENA OR SUMMONS. Except as provided in paragraph (5), a
government authority may not obtain protected health information about
an individual pursuant to a subpoena or summons unless a copy of the
subpoena or summons has been served on the individual, if the identity
of the individual is known, on or before the date of the return of the
subpoena or summons, together with notice of the individual's right to
challenge the subpoena or summons. If the identity of the individual is
not known at the time the subpoena or summons is served, the individual
shall be served not later than 30 days thereafter, with notice that
protected health information about the individual was obtained together
with notice of the individual's right to challenge the subpoena or
summons.

    (5) APPLICATION FOR DELAY.
        (A) IN GENERAL. A government authority may apply ex parte and
under seal to an appropriate court to delay (for an initial period of
not longer than 90 days) service of the notice regarding execution of
the warrant as required under paragraph (3) or a copy of the subpoena as
required under paragraph (4). The government authority may apply to the
court for extensions of the delay.
        (B) EX PARTE ORDER. The court shall enter an ex parte order
delaying or extending the delay of notice, an order prohibiting the
disclosure of the request for, or the disclosure of, the protected
health information, and an order requiring the disclosure of the
protected health information if the court finds that
            (i) the inquiry being conducted is within the lawful
jurisdiction of the government authority seeking the protected health
information;
            (ii) there is probable cause to believe that the protected
health information being sought is relevant to a legitimate law
enforcement inquiry;
            (iii) the government authority's need for the information
outweighs the privacy interest of the individual who is the subject of
the information; and
            (iv) there is reasonable ground to believe that receipt of
notice by the individual will result in
                (I) endangering the life or physical safety of any
individual;
                (II) flight from prosecution;
                (III) destruction of or tampering with evidence or the
information being sought;
                (IV) intimidation of potential witnesses; or
                (V) disclosure of the existence or nature of a
confidential law enforcement investigation or grand jury investigation
that is likely to seriously jeopardize such investigation.

    (6) INFORMATION IN RESPONSE TO LAW ENFORCEMENT INQUIRY.  Protected
health information about an individual that is disclosed under this
section may not be used in, or disclosed to any person for use in any
administrative, civil or criminal action or investigation directed
against the individual unless the action or investigation arises out of
or is directly related to the law enforcement inquiry for which the
information was obtained.

(b) CHALLENGE PROCEDURES FOR LAW ENFORCEMENT WARRANTS, SUBPOENAS, AND
SUMMONSES.

    (1) MOTION TO QUASH. Within 15 days after the date of service of a
notice of execution of a warrant or a copy of a subpoena or summons, of
a government authority seeking protected health information about an
individual under subsection (a), the individual may file a motion to
quash.
    (2) STANDARD FOR DECISION. The court shall grant a motion under
paragraph (1) unless the government demonstrates there is probable cause
to believe the protected health information is relevant to a legitimate
law enforcement inquiry being conducted by the government authority and
the government authority's need for the information outweighs the
privacy interest of the individual.
    (3) ATTORNEY'S FEES. In the case of a motion brought under paragraph
(1) in which the individual has substantially prevailed, the court may
assess against the government authority reasonable attorney's fees and
other litigation costs (including expert fees) reasonably incurred.
    (4) NO INTERLOCUTORY APPEAL. A ruling denying a motion to quash
under this section shall not be deemed to be a final order, and no
interlocutory appeal may be taken therefrom by the individual.

(c) EXCEPTIONS. A health information trustee may disclose protected
health information to a law enforcement agency if the information is
requested for use
    (1) in an investigation or prosecution of a health information
trustee;
    (2) in the identification of a victim or witness in a law
enforcement inquiry; or
    (3) in connection with the investigation of criminal activity
committed against the trustee or on premises controlled by the trustee.

SEC. 213. STANDARDS FOR ELECTRONIC DISCLOSURES.
The Secretary shall promulgate standards for disclosing, authorizing and
authenticating protected health information in electronic form in
accordance with this title.


TITLE III SANCTIONS
SUBTITLE A CIVIL SANCTIONS

SEC. 301. CIVIL PENALTY.

(a) VIOLATION. Any health information trustee who the Secretary
determines has substantially and materially failed to comply with this
Act shall be subject, in addition to any other penalties that may be
prescribed by law, to
    (1) a civil penalty of not more than $10,000 for each such
violation, but not to exceed $50,000 in the aggregate for multiple
violations; and
    (2) a civil penalty of not more than $250,000 or exclusion from
participation in medicare and medicaid, or any other federally funded
health care programs, if the Secretary finds that such violations have
occurred with such frequency as to constitute a general business
practice.

(b) PROCEDURES FOR IMPOSITION OF PENALTIES. Section 1128A of the Social
Security Act, other than subsections (a) and (b) and the second sentence
of subsection (f) of that section, shall apply to the imposition of a
civil, monetary, or exclusionary penalty under this section in the same
manner as such provisions apply with respect to the imposition of a
penalty under section 1128A of such Act.

SEC. 302. CIVIL ACTION.

(a) IN GENERAL. An individual who is aggrieved by conduct in violation
of this title may bring a civil action to recover
    (1) such preliminary and equitable relief as the court determines to
be appropriate;
    (2) the greater of actual damages or liquidated damages of $5,000;
and
    (3) punitive damages.

(b) ATTORNEY'S FEES. In the case of a civil action brought under
subsection (a) in which the individual has substantially prevailed, the
court may assess against the respondent a reasonable attorney's fee and
other litigation costs and expenses (including expert fees) reasonably
incurred.

(c) LIMITATION. No action may be commenced under this section more than
3 years after the date on which the violation was or should reasonably
have been discovered.

SUBTITLE B CRIMINAL SANCTIONS
SEC. 311. WRONGFUL DISCLOSURE OF PROTECTED HEALTH INFORMATION.

(a) OFFENSE. A person who knowingly
    (1) obtains protected health information relating to an individual
in violation of this title; or
    (2) discloses protected health information to another person in
violation of this title, shall be punished as provided in subsection
(b).

(b) PENALTIES. A person described in subsection (a) shall
    (1) be fined not more than $50,000, imprisoned not more than 1 year,
or both;
    (2) if the offense is committed under false pretenses, be fined not
more than $250,000, imprisoned not more than 5 years, excluded from
participation in medicare and medicaid, or any other federally funded
health care programs, or any combination of such penalties; and
    (3) if the offense is committed with intent to sell, transfer, or
use protected health information for commercial advantage, personal
gain, or malicious harm, be fined not more than $500,000, imprisoned not
more than 10 years, excluded from participation in medicare and
medicaid, or any other federally funded health care programs, or any
combination of such penalties.


TITLE IV MISCELLANEOUS
SEC. 401. RELATIONSHIP TO OTHER LAWS.

(a) STATE LAW. Except as provided in subsections (b), c, and (d), this
Act preempts State law.

(b) PRIVILEGES. Nothing in this title shall be construed to preempt or
modify State common or statutory law to the extent such law concerns a
privilege of a witness or person in a court of the State. This title
shall not be construed to supersede or modify Federal common or
statutory law to the extent such law concerns a privilege of a witness
or person in a court of the United States. Authorizations pursuant to
sections 202 and 203 shall not be construed as a waiver of any such
privilege.

(c) CERTAIN DUTIES UNDER STATE OR FEDERAL LAW. Nothing in this title
shall be construed to preempt, supersede, or modify the operation of

    (1) any law that provides for the reporting of vital statistics such
as birth or death information;
    (2) any law requiring the reporting of abuse or neglect information
about any individual;
    (3) any State law relating to public or mental health that prevents
or otherwise restricts disclosure of protected health information
otherwise allowed under this title;
    (4) any law that governs a minor's rights to access protected health
information;
    (5) subpart II of part E of title XXVI of the Public Health Service
Act (relating to notifications of emergency response employees of
possible exposure to infectious diseases);
    (6) any Federal law or regulation governing confidentiality of
alcohol and drug patient records;
    (7) the Americans With Disabilities Act of 1990; or
    (8) any Federal or State statute that establishes a privilege for
records used in health professional peer review activities.

SEC. 402. NO LIABILITY FOR PERMISSIBLE DISCLOSURES.
A health information trustee who makes a disclosure of protected health
information about an individual that is permitted by this title shall
not be liable to the individual for such disclosure under common law.

SEC. 403. EFFECTIVE DATE.

(a) EFFECTIVE DATE. This Act shall take effect 12 months after the date
of enactment of this Act.

(b) REGULATIONS. The Secretary shall promulgate regulations implementing
this Act not later than 6 months after the date of enactment of this Act.

-----
Brought to you by - The 'Lectric Law Library
The Net's Finest Legal Resource For Legal Pros & Laypeople Alike.
http://www.lectlaw.com
Line
We've lots of related information, so wander around & explore. A few places to start are:

The Library Rotunda Our Central Hub, Directory and Index... plus Lots More
The Reference Room Dozens of Topic Areas & the Net's Best Law Dictionary
The Lay People's Lounge
The Business Peoples's Lounge
The Legal Professional's Lounge

Search by
Google
Web Search Search the Library

Please see our   GoldCard Program Info   and/or   Ralf's Tour   about help with your
'Where/How can I find' & Legal Resource Questions. Sorry, we're unable to assist non-members.
Download:


Member Login
Username:

Password:


Not registered yet?
Click Here to sign-up

Forgot Your Login?
<< December 2017 >>
S M T W T F S
1 2
3 4 5 6 7 8 9
10 11 12 13 14 15 16
17 18 19 20 21 22 23
24 25 26 27 28 29 30
31
Follow Us!
Facebook icon Twitter icon
San Luis Obispo City Firefighters Local 3523
Copyright © 2017, All Rights Reserved.
Powered By UnionActive™

70924 hits since Apr 01, 2013
Visit Unions-America.com!

Top of Page image