Alaska State Legislature

Home
Bill & Laws
Bills
HB 415 Detail
FullText

txt

HB 415: "An Act relating to health care information, including privacy protection for health care information; and providing for an effective date."

00HOUSE BILL NO. 415 01 "An Act relating to health care information, including privacy protection for 02 health care information; and providing for an effective date." 03 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 04 * Section 1. LEGISLATIVE FINDINGS. (a) The legislature finds that health information 05 is personal and sensitive information that, if inaccurately collected or documented or 06 improperly used or released may cause significant harm to a patient's interests in privacy and 07 health care. The legislature also finds that the benefits of electronic health information include 08 (1) facilitating timely, authorized communications of more complete health 09 information than is now available through paper-based systems; 10 (2) improving the accuracy, integrity, and security of health information; 11 (3) providing access to medical knowledge bases; 12 (4) enhancing efficiencies of health care; and 13 (5) facilitating health care research and health care quality improvement. 14 (b) Based on the findings in (a) of this section, the legislature declares that it is in the

01 public interest to establish legislative policies and guidelines to ensure that health information 02 is 03 (1) secure, private, accurate, and reliable; 04 (2) properly disclosed or modified; and 05 (3) accessible only to those with a legitimate need for the information. 06 (c) The legislature further finds and declares that certain types of information, such 07 as information about HIV infection, AIDS, mental health, or substance abuse, are so highly 08 sensitive that more strict requirements for disclosure are needed. 09 * Sec. 2. AS 18.23 is amended by adding new sections to read: 10 Article 4. Collection and Release of Health Care Information. 11 Sec. 18.23.200. Patient's examination and copying of health information. 12 (a) Except as provided in (b) of this section, upon a written request from a patient to 13 examine or copy the patient's medical record, a custodian who is a provider or facility 14 shall, within a reasonable time after receiving the request, at the custodian's option, 15 make the patient's medical record available for examination during regular business 16 hours or provide a copy to the patient. 17 (b) If, in the professional judgment of the provider, it would be injurious to 18 the mental or physical health of the patient who is the subject of the health information 19 or would violate of the provider's professional ethical responsibilities to disclose 20 certain identifying health information to the patient, the provider is not required to 21 provide the information to the patient, but shall, upon written request of the patient, 22 disclose the information to another provider designated by the patient. 23 (c) A patient does not have a right of access to health information compiled 24 and used by a custodian solely for purposes of audit, peer review, or other 25 administrative functions, to information protected by an evidentiary privilege of a 26 person other than the patient, or to information collected about the patient for or during 27 a clinical trial monitored by an institutional review board when the trial is not 28 complete. 29  Sec. 18.23.210. Request for amendment of records. (a) A patient or 30 provider treating a patient may request that a facility or provider amend identifying 31 health information in a patient's medical record maintained by the provider or facility.

01 (b) Upon a request for an amendment under (a) of this section, the custodian 02 shall either amend the record or inform the patient or provider in writing of the reasons 03 for refusal to amend the medical record. If the custodian refuses to amend the record, 04 the patient or provider is entitled to add a statement about the disagreement to the 05 disputed identifying health information. 06 (c) When amending a record, the custodian shall add the amending information 07 to the patient's identifying health information without affecting the original information 08 and shall sign and date the amendment. 09 Sec. 18.23.220. Health information confidentiality; public records. (a) A 10 custodian shall maintain as confidential identifying health information. Disclosures of 11 identifying health information may be made only as authorized by AS 18.23.200 - 12 18.23.390. 13 (b) Unless otherwise provided by law and this section, identifying health 14 information is not a public record. 15 (c) A recipient of identifying health information may not use or redisclose 16 identifying health information except for the purpose and authority under which the 17 disclosure was made. 18 (d) A custodian's employees, agents, and contractors are subject to 19 AS 18.23.200 - 18.23.390 to the same extent as the custodian. 20 (e) A person may not use health information that is not identifying health 21 information for the purpose of identifying an individual patient unless the person is 22 authorized under AS 18.23.200 - 18.23.390 to receive disclosures of the information 23 as identifying health information. 24 (f) A person may not use health information that is not identifying provider 25 information for the purpose of identifying an individual provider unless the person is 26 authorized under AS 18.23.200 - 18.23.390 to receive disclosures of the information 27 as identifying provider information. 28 (g) The records established under AS 18.23.260(a)(4) may only be disclosed 29 as follows: 30 (1) to a patient, subject to AS 18.23.200(c); 31 (2) to a custodian except for records recording peer review functions

01 and investigations of a custodian; 02 (3) to health oversight agencies to the extent that the records relate to 03 the performance of an authorized audit function; 04 (4) by court order AS 18.23.250(a)(4). 05 (h) All disclosures of identifying health information shall be limited only to 06 information that the disclosing party reasonably believes is necessary to accomplish 07 the purpose of the disclosure, except to the extent that disclosure is authorized by a 08 patient or under AS 18.23.250(a)(4). 09  Sec. 18.23.230. Authorization to disclose health information. (a) Except 10 for disclosures otherwise authorized by AS 18.23.200 - 18.23.390, a custodian may 11 disclose a patient's identifying health information only with authorization of the 12 patient. 13 (b) A custodian shall retain a patient's authorization to disclose identifying 14 health information with the patient's health information. A patient's authorization, to 15 be valid, must include 16 (1) the patient's identity; 17 (2) a dated written or electronic signature of the patient; 18 (3) a description of the health information to be disclosed; 19 (4) the name or title of a person, or the description of a group of 20 persons, and the physical or electronic address of the person to whom the information 21 is to be disclosed or a description of the class of persons to whom the information is 22 to be disclosed; and 23 (5) the purpose of the disclosure. 24 (c) A patient's authorization to disclose identifying health information may 25 also include 26 (1) a limitation on the scope of disclosure that may be made by the 27 recipient in carrying out the authorized purpose for which the disclosure is requested; 28 (2) an acknowledgment from the patient that the patient understands 29 that the authorization is valid for the time period stated unless revoked; or 30 (3) other information believed by the custodian to be needed to 31 facilitate the authorization or to inform the patient as to the patient's rights with

01 respect to the authorization. 02 (d) A patient may revoke or amend an authorization at any time except to the 03 extent that the custodian has acted in reliance on the authorization. 04 (e) An authorization under (b) of this section is effective for the time specified 05 by the patient in the authorization. If no time is specified, an authorization shall 06 remain effective for one year. 07 Sec. 18.23.240. Disclosures and uses of health information. (a) When a 08 disclosure authorized under this section may be reasonably accomplished by disclosing 09 nonidentifying health information rather than identifying health information, a 10 custodian shall disclose only nonidentifying health information. 11 (b) A custodian shall disclose identifying health information to federal, state, 12 or local law enforcement authorities or to federal or state authorities and other law 13 enforcement authorities, as otherwise required by law, only as provided in 14 AS 18.23.250. 15 (c) A custodian may disclose identifying health information about a patient 16 without the patient's authorization if the disclosure is 17 (1) to a provider currently providing authorized health care to a patient 18 or to a referring provider who continues to provide authorized health care to a patient 19 if the information is necessary to provide health care to the patient and the patient does 20 not object to the disclosure; 21 (2) to another provider in the same group practice or provider network, 22 or to a custodian under contract with the group practice or provider network, for the 23 purpose of providing patient health care within the practice or network; 24 (3) to a provider with a need for information to treat a condition that 25 poses an immediate threat to a patient's health; 26 (4) to a member of a patient's immediate family, a legal guardian of 27 a patient, or to a person with whom the patient is known to have a close personal 28 relationship, when the attending provider reasonably believes that notification is 29 necessary to avoid serious jeopardy to the health of a patient and the patient lacks the 30 capacity to authorize the disclosure; 31 (5) necessary because, in a provider's opinion, a person is in serious

01 and imminent danger or a person is likely to commit a violent felony or a violent 02 misdemeanor; this paragraph does not impose a duty on the provider to disclose health 03 information; 04 (6) to a custodian that originally disclosed the information to verify the 05 accuracy of the information; 06 (7) to a health oversight agency performing authorized audit functions; 07 (8) to perform internal audit functions within a custodian's 08 organization; 09 (9) to agents, employees, and contractors of a custodian for the purpose 10 of providing health care to a patient or performing administrative services for or on 11 behalf of a custodian; 12 (10) if not prohibited by federal or state law, to a health researcher for 13 health research; 14 (11) to a provider to confirm a past method or outcome of a course of 15 treatment performed by the provider; 16 (12) to a successor in interest of a custodian that is or was a provider, 17 facility, or payer for the patient whose information is being disclosed; 18 (13) to a group policyholder when reasonably necessary to conduct an 19 audit of a payer's or provider's operation or service; and 20 (14) directory information, unless the patient has instructed the 21 custodian not to make the disclosure, or unless the disclosure of the location of the 22 patient would reveal that the patient may be receiving mental health or substance abuse 23 treatment and the patient has not consented to the disclosure. 24 Sec. 18.23.250. Subpoenas, search warrants, requests for discovery, and 25 court orders. (a) A patient's medical record or other health information shall be 26 disclosed by a custodian in accordance with a civil, criminal, or administrative 27 subpoena, search warrant, or request for discovery in a federal or state judicial or 28 administrative investigation or proceeding only if 29 (1) the patient has authorized the disclosure in writing; 30 (2) the patient is deceased and the disclosure is authorized in writing 31 by the executor or administrator of the patient's estate, or, if the estate is

01 unadministered, by the next of kin; 02 (3) the information disclosed is to be used in the patient's involuntary 03 commitment, adjudication of incompetency, or guardianship proceeding; or 04 (4) a federal or state court or an administrative agency having subpoena 05 power, and having jurisdiction of a matter relating to a patient, orders the disclosure 06 after finding that the disclosure is necessary for the proper administration of justice. 07 (b) The provisions of the Alaska Rules of Civil Procedure apply to all 08 identifying health information disclosed under (a) of this section as if the information 09 were hospital medical records. If authorization is refused or not obtainable, a court 10 order requiring disclosure is necessary before the disclosed identifying health 11 information may be used in a deposition or at trial. 12 (c) This section may not be construed to waive the privilege between a patient 13 and a provider or, unless a patient's authorization or a court order is obtained, to 14 require any communications that are privileged under law to be disclosed. 15 Sec. 18.23.260. Responsibilities of custodians as to disclosures. (a) 16 Custodians shall adopt and implement technical, contractual, and physical policies and 17 safeguards to carry out the requirements of AS 18.23.200 - 18.23.390 and shall 18 undertake to carry out policies and safeguards to protect the confidentiality, security, 19 accuracy, and integrity of health information maintained, used, or disclosed by the 20 custodian. These policies and safeguards must include 21 (1) providing for internal disciplinary or corrective measures for 22 violations of the custodian's policy for implementing the requirements of 23 AS 18.23.200 - 18.23.390; 24 (2) requiring a signed statement by each employee, agent, or contractor 25 having access to identifying health information that acknowledges the receipt of and 26 understanding of the policies adopted by the custodian; 27 (3) providing periodic training of employees, agents, and contractors 28 having access to identifying health information as to their obligations and liabilities 29 under AS 18.23.200 - 18.23.390; 30 (4) except as provided in (b) of this section, maintaining a record of 31 the creation, revision, or disclosure of identifying health information that contains

01 (A) the name, address, and institutional affiliation, if any, of the 02 person to whom the information was disclosed, or by whom the information 03 was created or revised; 04 (B) the date and purpose of the action; 05 (C) a description of or reference to the information; and 06 (D) a description of the legal authority for the creation, revision, 07 or disclosure; and 08 (5) limiting, to the extent practicable, the disclosure to that information 09 that is legitimately needed to be known in order to perform authorized functions. 10 (b) A custodian need not maintain a record of a disclosure if the disclosure is 11 (1) made under AS 18.23.240(c)(1) or (2), unless the disclosure was 12 accomplished through an electronic information system; or 13 (2) an oral disclosure to a patient, authorized by a patient, that includes 14 a disclosure as described in AS 18.23.240(c)(4). 15 Sec. 18.23.270. Master person index. (a) A custodian may maintain or 16 participate in and use, directly or through a contractor, a master person index. A 17 custodian using a master person index shall disclose or permit access to the index only 18 to a custodian who has entered into a written agreement requiring protection of 19 confidentiality of health information as required in AS 18.23.200 - 18.23.390 with the 20 disclosing custodian. A master person index may use a unique identifier to identify 21 patients and custodians. 22 (b) Notwithstanding (a) of this section, the existence of the following medical 23 records may not be disclosed in a master person index unless the requesting party has 24 authority under state or federal law to receive a disclosure of the information: 25 (1) information that is confidential under AS 47.30.845 or 26 AS 47.37.210; 27 (2) information and records regulated by AS 18.15; and 28 (3) identifying health information that is otherwise maintained by a 29 health care provider or health care facility and is identified by the provider as being 30 related to a patient's evaluation, diagnosis, or treatment of HIV infection, AIDS, 31 communicable disease, substance abuse, or mental health condition.

01 (c) Access to an entry in a master person index indicating the existence of 02 identifying health information may not be permitted except to the extent that the 03 disclosure of the information sought is authorized under AS 18.23.230 - 18.23.250. 04 Sec. 18.23.280. Electronic and other medical records. Notwithstanding any 05 other state law, if a custodian maintains and preserves health information or signatures 06 using electronic, optical, or other technology and media, a custodian is not required to 07 maintain a separate paper copy of the health information or signatures. However, if 08 a person receiving a disclosure requests the disclosure be in a paper form, the 09 custodian may not refuse to provide the requested information in a paper form unless 10 another medium is required by state or federal law. 11 Sec. 18.23.290. Authentication of persons and information; electronic 12 signatures. (a) Notwithstanding any other state law, written signatures, electronic 13 signatures, and other authentication techniques recognized as having comparable or 14 superior reliability to electronic signatures shall be acceptable as a legally binding 15 signature and for identification of an individual, of an entity, or of health information 16 associated with an individual or entity. 17 (b) Individuals authorized by a custodian to authenticate health information 18 using an authentication technique requiring a secure code shall sign an agreement with 19 the custodian to the effect that only the individual will use or permit access to the code 20 assigned to the individual. 21  Sec. 18.23.300. Limitation on liability. Notwithstanding any other provision 22 of AS 18.23.200 - 18.23.390, a custodian or an employee, an agent, or a contractor of 23 a custodian is not liable for actions authorized to be taken under AS 18.23.200 - 24 18.23.390 when the custodian, or employee, agent, or contractor of the custodian 25 (1) acted in good faith and in reliance upon health information 26 disclosed consistent with AS 18.23.200 - 18.23.390; 27 (2) disclosed health information in good faith and in reliance upon a 28 request for disclosure when the request identified a purpose for which disclosure is 29 authorized under AS 18.23.200 - 18.23.390; 30 (3) disclosed health information as authorized by AS 18.23.200 - 31 18.23.390, and the transmission of the information was interrupted, or an error in the

01 transmission otherwise was caused, by a common carrier or enhanced service provider 02 while facilitating the disclosure; 03 (4) acted in good faith and in reliance upon recommendations, 04 guidelines, or specifications implemented by the custodian that address the subject 05 matter of AS 18.23.200 - 18.23.390 and that are designed to protect patients from the 06 damages complained of, in whole or in part, if the recommendations, guidelines, or 07 specifications are 08 (A) adopted by the United States Secretary of Health and 09 Human Services; or 10 (B) to the extent not preempted by or inconsistent with 11 recommendations, guidelines, or specifications authorized by (A) of this 12 paragraph, recommendations, guidelines, or specifications recommended as 13 model standards or specifications by 14 (i) the National Committee on Vital and Health 15 Statistics; 16 (ii) the National Uniform Billing Committee; 17 (iii) the National Uniform Claim Committee; 18 (iv) the Workgroup for Electronic Data Interchange; or 19 (v) other public purpose organization created under 20 Section 501(c) of the Internal Revenue Code and certified by executive 21 order of the governor as having the technical capability and breadth of 22 representation in the health care community to address the subject 23 matter of AS 18.23.200 - 18.23.390 in the public interest; or 24 (5) disclosed identifying health information in good faith reliance on 25 an authorization under AS 18.23.230 or 18.23.250(a)(1) or (2). 26  Sec. 18.23.310. Civil remedies. (a) Subject to AS 18.23.300 and laws 27 relating to the award of punitive damages, a custodian or an employee, an agent, or 28 a contractor of a custodian is subject to civil liability for damages incurred by a person 29 with respect to the patient's identifying health information to the extent that the 30 damages arise out of the intentional or negligent act or omission of a custodian in 31 violation of the requirements of AS 18.23.200 - 18.23.390.

01 (b) If a patient believes that a custodian or an employee, an agent, or a 02 contractor of a custodian has failed to comply with its obligations under 03 AS 18.23.200 - 18.23.390 with respect to the patient's identifying health information, 04 a patient may apply to a court for appropriate equitable relief. 05 (c) An agreement purporting to limit the liability arising from violations of 06 AS 18.23.200 - 18.23.390, other than within a settlement agreement, is void. 07  Sec. 18.23.320. Conflicting laws. (a) AS 18.23.200 - 18.23.390 do not 08 restrict a custodian from complying with obligations imposed by federal health care 09 payment programs or federal laws or regulations. Except as provided in (b) of this 10 section, to the extent the provisions of AS 18.23.200 - 18.23.390 conflict with other 11 state laws, the provisions of AS 18.23.200 - 18.23.390 shall control unless the other 12 state law specifically states that it is an exception to a specific provision of 13 AS 18.23.200 - 18.23.390. 14 (b) Notwithstanding (a) of this section, if AS 18.23.200 - 18.23.390 conflict 15 with another state statute governing the nondisclosure of identifying health information 16 held by a health oversight agency for the purposes of peer review, professional review, 17 or other professional disciplinary or corrective action, the other statute shall control. 18 (c) AS 18.23.200, 18.23.210, 18.23.260(a)(4), and 18.23.310 do not apply to 19 disclosures of identifying health information regulated by AS 21. Health information 20 regulated by AS 21 may also be disclosed as permitted by AS 21 or AS 18.23.230 and 21 18.23.240(b) and (c). 22 (d) AS 18.23.200 and 18.23.240(c) do not apply to disclosures of identifying 23 health information regulated by AS 47.30 or AS 47.37. 24 (e) AS 18.23.240(c) does not apply to disclosures of identifying health 25 information regulated by AS 18.15 when a custodian is acting under that section. 26 (f) AS 18.23.200 - 18.23.390 do not apply to a telecommunications common 27 carrier and an enhanced service provider if they are certified or subject to regulation 28 (1) under AS 42.05; or 29 (2) by the Federal Communications Commission under federal law. 30 (f) Except as provided in AS 18.23.220(c) and (f), AS 18.23.200 - 18.23.390 31 do not regulate the disclosure of health information that is not identifying health

01 information. 02 Sec. 18.23.330. Trade secrets. Except as otherwise required by law, 03 AS 18.23.200 - 18.23.390 do not require the disclosure of trade secrets or other 04 commercial information. 05  Sec. 18.23.390. Definitions. In AS 18.23.200 - 18.23.390, 06 (1) "audit" means an assessment, evaluation, determination, 07 investigation, or prosecution of a custodian, provider, or facility to determine, evaluate, 08 or monitor practices concerning the applicability of or compliance with 09 (A) legal, fiscal, quality assurance, quality control, risk 10 management, utilization review, or scientific standards or practices, or aspects 11 of performance relating to 12 (i) the delivery of or payment for health care or health 13 care services or equipment; 14 (ii) health care fraud or fraudulent claims regarding 15 health care, health care services or equipment, or related activities and 16 items; 17 (iii) security of health information; and 18 (iv) coordination of services among providers or 19 facilities or planning for future services; or 20 (B) requirements for licensing and professional discipline, 21 accreditation, credentialing, or certification, including peer review; 22 (2) "custodian" means a person operating in a business, professional, 23 or governmental capacity that collects, creates, receives, obtains, maintains, uses, 24 analyzes, or transmits identifying health information, including a college, employer, 25 facility, payer, health oversight agency, health researcher, penal institution, provider, 26 public health authority, school, state agency, third-party administrator, or university; 27 (3) "directory information" means the following information concerning 28 a patient who is an inpatient or outpatient or who is currently receiving emergency 29 health care in a health care facility: 30 (A) the presence of the patient at the facility, including room, 31 bed number, or telephone number;

01 (B) date of admission; and 02 (C) the patient's health status whether "critical," "poor," "fair," 03 "good," "excellent," or a term denoting a similar condition; 04 (4) "electronic signatures" means digital or electronic signatures in 05 conformity with applicable provisions of the Uniform Commercial Code recommended 06 by the National Conference of Commissioners on Uniform State Laws and the 07 American Law Institute, electronic information and digital signature guidelines 08 established by the organizations set out in AS 18.23.300(4), the digital signature 09 guidelines recommended by the American Bar Association Science and Technology 10 Committee Section, Committee on Information Security, or other electronic signature 11 guidelines authorized by federal or state law. 12 (5) "facility" means a place where health care is regularly provided to 13 two or more persons by a provider; 14 (6) "health care" means 15 (A) preventive, diagnostic, therapeutic, rehabilitative, 16 maintenance, investigational, experimental, cosmetic, reconstructive, or 17 palliative care, including assistance with disease or symptom management and 18 maintenance, counseling, a service, a laboratory test, or a procedure 19 (i) with respect to the physical or mental condition of a 20 patient; or 21 (ii) affecting the structure or function of the human body 22 or a part of the human body, including the banking of blood, sperm, 23 ova, organs, or other tissue; 24 (B) the sale or dispensing of a drug, a device, durable or 25 disposable goods or equipment, or other health care related item to a patient, 26 or for the use of a patient in accordance with a prescription, for a purpose 27 specified in (A) of this paragraph;. 28 (7) "health information" means data, information, or orders, including 29 advance directives, documents granting anatomical gifts, biological samples from the 30 human body from which information can be drawn, films, videotapes, consent forms, 31 genetic sequences, digitized images, sound recordings, and demographic information

01 recorded or stored in any form that 02 (A) relates to a specific patient's past, present, or future health 03 care or condition, including the patient's individual cells and their components 04 or personal and family medical history; 05 (B) was created or obtained by a custodian in connection with 06 health care diagnosis, treatment, screening, counseling, intake, or discharge of 07 a patient or related to the application for, or enrollment of, a patient in a 08 reimbursement plan, or for insurance use; or 09 (C) was obtained by or from a provider, a facility, a patient, a 10 member of the patient's family, or another person about a patient and in 11 connection with a patient's health care; 12 (8) "health oversight agency" means a public agency or other person 13 that receives a disclosure of, uses, maintains, or discloses health information while 14 acting in the capacity of a person authorized by law or recognized by a governmental 15 agency to perform or oversee the performance of an audit; 16 (9) "health research" means scientific, actuarial, survey, or statistical 17 research based on health information, including clinical investigations governed by the 18 Code of Federal Regulations, Chapter I of Title 21; "health research" does not include 19 disclosure of health information for purposes of providing health care, peer review, 20 audit functions, or reporting to state and federal authorities; 21 (10) "identifying health information" means a collection of health 22 information that includes the name, address, social security number, unique identifier 23 established by state or federal law, likenesses, or other information that readily 24 identifies a patient's personal identity, could be used or manipulated to identify a 25 patient by a foreseeable method, or could be linked or matched by a foreseeable 26 method to other information in order to identify a patient; "identifying health 27 information" includes information stored in a master person index authorized by 28 AS 18.23.270; "health information" may not be considered identifying health 29 information solely based on the inclusion in a collection of health information of a 30 code assigned to a patient by a custodian if that code does not consist of or contain 31 symbols that could be used to readily identify a patient with reasonable accuracy and

01 speed from sources external to the custodian; 02 (11) "identifying provider information" means a collection of health 03 information that includes the name, address, social security number, medical billing 04 number, employer identification number, likenesses, or other information by which the 05 identity of a health care provider can readily be determined with reasonable accuracy 06 and speed, either directly or by reference to other publicly available information; the 07 term does not include a unique identification code assigned to a provider by a 08 custodian and used and disclosed only internally to the custodian if that code does not 09 consist of or contain symbols that could be used to readily identify a health care 10 provider with reasonable accuracy and speed from sources external to the custodian; 11 (12) "master person index" means an index indicating the existence of 12 medical records of patients held by a custodian and other information to facilitate the 13 request for the information under circumstances permitted by AS 18.23.200 - 14 18.23.390; 15 (13) "medical record" means identifying health information that is 16 maintained in a health information collection, storage, and retrieval system of the 17 custodian in the usual course of health care in accordance with applicable standards 18 of practice; 19 (14) "patient" means an individual who is requesting, receives, or has 20 received health care; references to the term "patient" in AS 18.23.200 - 18.23.390 shall 21 include other persons legally empowered to authorize the disclosure of a patient's 22 identifying health information to the extent necessary to carry out the terms or 23 purposes of the individual's grant of authority; 24 (15) "payer" means a person acting in a business capacity who 25 undertakes to furnish health insurance, disability insurance, life insurance, workers' 26 compensation insurance, or otherwise to pay for all or some of health care services 27 rendered to the patient; 28 (16) "person" means an individual, a government, a governmental 29 subdivision, an agency or authority, an association, a corporation, a firm, a limited 30 liability company, a partnership, a society, an estate, a trust, a joint venture, or other 31 legal entity;

01 (17) "provider" means 02 (A) a person licensed, certified, registered, or otherwise 03 authorized by state or federal law to provide health care in the ordinary course 04 of business or practice of a profession; 05 (B) a state or federal program that directly provides health care; 06 or 07 (C) a student training to provide health care acting under the 08 supervision of a provider described in (A) of this paragraph. 09 * Sec. 3. AS 18.20.085(d) is amended to read: 10 (d) This section is subject to AS 18.23.280 [AS 18.23.100]. 11 * Sec. 4. AS 18.23.005 and 18.23.100 are repealed. 12 * Sec. 5. REVISOR'S INSTRUCTION. Wherever in the Alaska Statutes the spanned 13 reference of "AS 18.23.005 - 18.23.070" appears, it shall be read as "AS 18.23.010 - 14 18.23.070." The revisor of statutes shall implement this section under the authority of 15 AS 01.05.031. 16 * Sec. 6. This Act takes effect July 1, 1999.