HB 285: "An Act relating to the electronic health information exchange system; and providing for an effective date."
00 HOUSE BILL NO. 285 01 "An Act relating to the electronic health information exchange system; and providing 02 for an effective date." 03 BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF ALASKA: 04 * Section 1. AS 18.23.300(a) is amended to read: 05 (a) The department shall establish and implement a statewide electronic health 06 information exchange system and ensure the interoperability and compliance of the 07 system with state and federal specifications and protocols for exchanging health 08 records and related data. 09 * Sec. 2. AS 18.23.300(b) is repealed and reenacted to read: 10 (b) The commissioner shall designate a qualified entity or combination of 11 qualified entities in the state to perform the tasks described in this subsection. The 12 designee must have an advisory or governing body made up of health system 13 stakeholders that include members identified under (d) of this section. The designee 14 shall
01 (1) develop a statewide program to support the system connecting 02 electronic health records to the health information exchange infrastructure, including 03 (A) support for installation and training on the use of the 04 system; 05 (B) a plan to encourage eligible participants to use electronic 06 exchange of records over a sustained period; 07 (C) support to system participants for workflow redesign and 08 quality improvement; 09 (D) a plan to provide for participation by all identified 10 stakeholders in the planning and implementation of the system; 11 (E) measures for periodic evaluation and improvement of the 12 system; 13 (F) oversight and technical assistance needed for planning and 14 implementing the system; 15 (2) submit an annual budget for the program described in (1) of this 16 subsection for approval by the designee's governing body; 17 (3) comply with state nondiscrimination and conflict of interest 18 policies; 19 (4) comply with federal and state health information privacy laws, 20 policies, and standards applicable to the exchange of individually identifiable 21 information to ensure the privacy and security of the information that is part of the 22 system; 23 (5) provide an estimate of costs of the hardware, software, services, 24 and support needed to implement and maintain the technical infrastructure of the 25 system; and 26 (6) provide cost and cost saving data associated with the development 27 and use of the system to the department. 28 * Sec. 3. AS 18.23.300(c) is amended to read: 29 (c) The department and the designee may [ENTER INTO CONTRACTS,] 30 seek and accept available public [FEDERAL] and private funds and equipment. The 31 department may enter into contracts [,] and adopt regulations necessary to carry out
01 the purposes of this section. 02 * Sec. 4. AS 18.23.300(d) is amended to read: 03 (d) The designee [UNDER (b)(1)(A) OF THIS SECTION] may be a private 04 for-profit or nonprofit entity or entities under contract with the state. The advisory or 05 governing body of the designee must include 06 (1) the commissioner; 07 (2) nine [EIGHT] other individuals, each of whom represents one of 08 the following interests: 09 (A) hospitals and nursing home facilities; 10 (B) private medical care providers; 11 (C) community-based primary care providers; 12 (D) federal health care providers; 13 (E) Alaska tribal health organizations; 14 (F) health insurers; 15 (G) health care consumers; 16 (H) employers or businesses; 17 (I) behavioral health providers; and 18 (3) a [TWO] nonvoting liaison member [MEMBERS] who shall serve 19 to enhance communication and collaboration between the designee and [BOTH] the 20 Board of Regents of the University of Alaska; and 21 (4) at least one nonvoting liaison member chosen by the governing 22 body to represent other stakeholders and community interest related to the 23 system [THE COMMISSION ESTABLISHED IN THE GOVERNOR'S OFFICE TO 24 REVIEW HEALTH CARE POLICY]. 25 * Sec. 5. AS 18.23.305 is amended to read: 26 Sec. 18.23.305. Department; duties. In carrying out its duties under 27 AS 18.23.300, the department shall 28 (1) in accordance with federal recommendations and in consultation 29 with the designee, determine the manner in which the system is developed and 30 operated; 31 (2) [PROVIDE OVERSIGHT AND TECHNICAL ASSISTANCE
01 NEEDED FOR PLANNING AND IMPLEMENTING THE SYSTEM; 02 (3) AUTHORIZE AND] facilitate applications for any [AVAILABLE 03 FEDERAL] funding available for planning and implementing the system; 04 (3) [(4) ENSURE COMPLIANCE WITH APPLICABLE FEDERAL 05 AND STATE HEALTH INFORMATION POLICIES AND STANDARDS; 06 (5) ENSURE COMPLIANCE WITH FEDERAL AND STATE LAW 07 AND STANDARDS THAT SAFEGUARD THE PRIVACY AND SECURITY OF 08 HEALTH INFORMATION; 09 (6)] ensure that the [HEALTH INFORMATION EXCHANGE] system 10 becomes self-sustaining through a combination of user fees, which may include user 11 fees charged to the department or other government entities, and other private and 12 public funding sources. 13 * Sec. 6. AS 18.23.310 is amended to read: 14 Sec. 18.23.310. Confidentiality and security of information. (a) The 15 department shall ensure the designee establishes [ESTABLISH] appropriate privacy 16 and security standards to protect the disclosure, transmission, and receipt of 17 individually identifiable information contained in the system established under 18 AS 18.23.300. The standards must 19 (1) include controls over access to and collection, organization, and 20 maintenance of records and data that protect the confidentiality of the individual who 21 is the subject of the [A HEALTH] record in accordance with applicable state and 22 federal law; 23 (2) include a secure and traceable electronic audit system for 24 identifying access points and trails; 25 (3) meet the most stringent applicable federal or state privacy law 26 governing the protection of the information contained in the system. 27 (b) A person may not release or publish individually identifying [HEALTH] 28 information from the system except for the following purposes: 29 (1) treatment of a patient who is the subject of the information; 30 (2) to facilitate payment for services received by a patient who is 31 the subject of the information;
01 (3) limited health care operations of a participant; 02 (4) public health activities; or 03 (5) uses or disclosures authorized by the individual who is the 04 subject of the information [FOR PURPOSES UNRELATED TO THE 05 TREATMENT OR BILLING OF THE PATIENT WHO IS THE SUBJECT OF THE 06 INFORMATION. USE OR DISTRIBUTION OF THE INFORMATION FOR A 07 MARKETING PURPOSE IS STRICTLY PROHIBITED]. 08 (c) The designee [DEPARTMENT] shall establish procedures for a patient 09 who is the subject of a health record contained in the system 10 (1) to opt out of the system; 11 (2) to authorize [CONSENT TO] the distribution of the patient's 12 records contained in the system, if additional authorization is necessary under 13 applicable privacy and security laws; 14 (3) to be notified of a violation of the confidentiality provisions 15 required under this section; 16 (4) on request to the designee [DEPARTMENT], to view an audit 17 report created under this section for the purpose of monitoring access to the patient's 18 records. 19 * Sec. 7. AS 18.23.325(3) is amended to read: 20 (3) "system" means the statewide electronic health information 21 exchange system established under AS 18.23.300, but does not include technical 22 infrastructure, software, or information that is owned or managed by 23 participants in the system. 24 * Sec. 8. AS 18.23.325 is amended by adding a new paragraph to read: 25 (4) "designee" means the entity or entities designated under 26 AS 18.23.300(b). 27 * Sec. 9. This Act takes effect immediately under AS 01.10.070(c).