FINAL BILL REPORT

                     SHB 1828

                                 C 335 L 91

                            Synopsis As Enacted

 

Brief Description:  Providing regulations for the disclosure of health care records.

 

By House Committee on Health Care (originally sponsored by Representative Appelwick).

 

House Committee on Health Care

Senate Committee on Health & Long-Term Care

 

Background:  Patients sometimes encounter difficulty in obtaining access to their medical or health records.  While the courts have held that the health provider is the owner and custodian of health records, patients are entitled to reasonable access to their records.

 

There is no comprehensive statutory law governing the rights and responsibilities of patients and health providers with regard to the confidentiality of patients' health records, and the conditions or situations under which those records can be disclosed.

 

Generally, patients' health records are considered confidential but the law is unclear with regard to access by third parties for research, financial audit, and other purposes, and by family members.  Over the past several decades a number of fundamental changes have increased the threat to the confidentially of health care information.  These changes include the proliferation of third party payment plans; the use of health care information for non‑health care purposes; the growing involvement of government in all aspects of health care; and the advent of computers and automated information systems.  Nationally, these developments have raised major concerns regarding the improper use of patients' health information.

 

The National Conference of Commissioners on Uniform State Laws developed the Uniform Health Care Information Act in 1984 for consideration by the states, specifying the rights and responsibilities of patients and health providers governing the confidentiality and disclosure of patient health information. 

 

Summary:  The Legislature declares that patients need access to their own health care information to help patients make informed health care decisions, and declares that this information should not be improperly disclosed to others.

 

A patient's health care information must not be disclosed by the health care provider without the patient's consent.  However, the patient's consent need not be expressly required where the information is being referred to another health provider treating the patient for health education, planning, quality assurance, peer review, actuarial, legal, financial or administrative purposes where the confidentiality is maintained; to minimize an imminent danger to the patient; for bona fide research purposes where the patient is not identified; for audit purposes; or for law enforcement purposes.  However, disclosure to family members, to previous health providers, or for routine directory information purposes cannot be made where the patient objects.

 

The health provider must disclose patient health information to public health authorities or law enforcement agencies where required by law, or in compliance with compulsory legal process to the courts.

 

Patients must request the disclosure of their health information by the health provider in writing.  The authorization is valid for up to 90 days and is revocable. The provider must make the health information available within 15 working days or notify the patient of any delay, and may charge the patient a fee not exceeding the administrative costs of producing it.

 

Providers may deny patients access to health information: when access may be injurious to the patient; when access may violate other confidences; when access could endanger the life or safety of any individual; when the information is compiled solely for administrative, litigation or quality assurance purposes; or when access is prohibited by law.

 

A patient's health care information must not be disclosed by a provider pursuant to compulsory legal process without the patient's consent, or where the patient has first had the opportunity to obtain a protective order from the court that prevents a health provider from complying with a discovery request or compulsory process to produce the health information.

 

A provider must correct the health information upon request of a patient within 10 days of the request, unless the patient is notified of a delay within 21 days and notified of the time when the record can be corrected.  If the provider refuses to make the correction, the patient has the right to insert a statement of disagreement with the information.

 

Providers must post a notice on their premises specifying the rights of access by patients to their health records pursuant to this act.

 

For violations of this act, a court may award actual, though not incidental, damages, and reasonable attorney fees and other expenses to the prevailing party.  Actions for relief must be filed within two years of the discovery of the incident.  Violations shall not be deemed violations of the Consumer Protection Act.

 

The Health Care Information Act does not modify the terms and conditions of disclosure under the state industrial insurance laws, and laws relating to juvenile justice, alcohol and drug abuse treatment, mental health, domestic relations, and sexually transmitted diseases.

 

Votes on Final Passage: 

 

House 98    0

Senate   43    2     (Senate amended)

House 94    0     (House concurred)

 

Effective:     July 28, 1991