AN ACT Relating to public records; and amending RCW 70.02.010, 70.02.020, 70.02.030, 70.02.050, 70.02.060, and 70.02.080.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

Sec. 1. RCW 70.02.010 and 1991 c 335 s 102 are each amended to read as follows:

As used in this chapter, unless the context otherwise requires:

(1) "Audit" means an assessment, evaluation, determination, or investigation of a health care provider by a person not employed by or affiliated with the provider to determine compliance with:

(a) Statutory, regulatory, fiscal, medical, or scientific standards;

(b) A private or public program of payments to a health care provider; or

(2) "Directory information" means information disclosing the presence, and for the purpose of identification, the name, residence, sex, and the general health condition of a particular patient who is a patient in a health care facility or who is currently receiving emergency health care in a health care facility.

(3) "General health condition" means the patient's health status described in terms of "critical," "poor," "fair," "good," "excellent," or terms denoting similar conditions.

(4) "Health care" means any care, service, or procedure provided by a health care provider:

(a) To diagnose, treat, or maintain a patient's physical or mental condition; or

(b) That affects the structure or any function of the human body.

(5) "Health care facility" means a hospital, clinic, nursing home, laboratory, office, or similar place where a health care provider provides health care to patients.

(6) "Health care information" means any information, whether oral or recorded in any form or medium, that identifies or can readily be associated with the identity of a patient and directly relates to the patient's health care. The term includes any record of disclosures of health care information.

(7) "Health care provider" means a person who is licensed, certified, registered, or otherwise authorized by the law of this state to provide health care in the ordinary course of business or practice of a profession.

(8) "Institutional review board" means any board, committee, or other group formally designated by an institution, or authorized under federal or state law, to review, approve the initiation of, or conduct periodic review of research programs to assure the protection of the rights and welfare of human research subjects.

(9) "Maintain," as related to health care information, means to hold, possess, preserve, retain, store, or control that information.

(10) "Patient" means an individual who receives or has received health care. The term includes a deceased individual who has received health care.

(11) "Person" means an individual, corporation, business trust, estate, trust, partnership, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity.

(12) "Reasonable fee" means the charges for duplicating or searching the record specified in RCW 36.18.020 (8) or (16), respectively, but shall not exceed the health care provider's actual cost. However, where editing of records by a health care provider is required by statute and is done by the provider personally, the fee may be the usual and customary charge for a basic office visit.

(13) "Third-party payor" means an entity regulated under Title 48 RCW authorized to transact business in this state or other jurisdiction, including a health care service contractor, and health maintenance organization; or an employee welfare benefit plan; or a state or federal health benefit program.

Sec. 2. RCW 70.02.020 and 1991 c 335 s 201 are each amended to read as follows:

Except as authorized in RCW 70.02.050, a health care provider, an individual who assists a health care provider in the delivery of health care, or an agent and employee of a health care provider may not disclose health care information about a patient to any other person without the patient's written authorization. A disclosure made under a patient's written authorization must conform to the authorization.

Health care providers or facilities shall chart all disclosures, except to third-party ((~~health care~~)) payors, of health care information, such chartings to become part of the health care information.

Sec. 3. RCW 70.02.030 and 1991 c 335 s 202 are each amended to read as follows:

(1) A patient may authorize a health care provider to disclose the patient's health care information. A health care provider shall honor an authorization and, if requested, provide a copy of the recorded health care information unless the health care provider denies the patient access to health care information under RCW 70.02.090.

(2) A health care provider may charge a reasonable fee((~~, not to exceed the health care provider's actual cost~~)) for providing the health care information((,)) and is not required to honor an authorization until the fee is paid.

(3) To be valid, a disclosure authorization to a health care provider shall:

(a) Be in writing, dated, and signed by the patient;

(b) Identify the nature of the information to be disclosed;

(d) Except for third-party payors, identify the provider who is to make the disclosure; and

(e) Identify the patient.

(4) Except as provided by this chapter, the signing of an authorization by a patient is not a waiver of any rights a patient has under other statutes, the rules of evidence, or common law.

(5) A health care provider shall retain each authorization or revocation in conjunction with any health care information from which disclosures are made. This requirement shall not apply to disclosures to third-party ((~~health care~~)) payors.

(6) Except for authorizations to provide information to third-party ((~~health care~~)) payors, an authorization may not permit the release of health care information relating to future health care that the patient receives more than ninety days after the authorization was signed. Patients shall be advised of the period of validity of their authorization on the disclosure authorization form. If the authorization does not contain an expiration date, it expires ninety days after it is signed.

(((7) Except for authorizations to provide information to third-party health payors, an authorization in effect on July 28, 1991, remains valid for six months after July 28, 1991, unless an earlier date is specified or it is revoked under RCW 70.02.040. Health care information disclosed under such an authorization is otherwise subject to this chapter. An authorization written after July 28, 1991, becomes invalid after the expiration date contained in the authorization, which may not exceed ninety days. If the authorization does not contain an expiration date, it expires ninety days after it is signed.))

Sec. 4. RCW 70.02.050 and 1991 c 335 s 204 are each amended to read as follows:

(1) A health care provider may disclose health care information about a patient without the patient's authorization to the extent a recipient needs to know the information, if the disclosure is:

(a) To a person who the provider reasonably believes is providing health care to the patient;

(b) To any other person who requires health care information for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, or actuarial services to the health care provider; or for assisting the health care provider in the delivery of health care and the health care provider reasonably believes that the person:

(i) Will not use or disclose the health care information for any other purpose; and

(ii) Will take appropriate steps to protect the health care information;

(c) To any other health care provider reasonably believed to have previously provided health care to the patient, to the extent necessary to provide health care to the patient, unless the patient has instructed the health care provider in writing not to make the disclosure;

(d) To any person if the health care provider reasonably believes that disclosure will avoid or minimize an imminent danger to the health or safety of the patient or any other individual, however there is no obligation under this chapter on the part of the provider to so disclose;

(e) Oral, and made to immediate family members of the patient, or any other individual with whom the patient is known to have a close personal relationship, if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider in writing not to make the disclosure;

(f) To a health care provider who is the successor in interest to the health care provider maintaining the health care information;

(g) For use in a research project that an institutional review board has determined:

(i) Is of sufficient importance to outweigh the intrusion into the privacy of the patient that would result from the disclosure;

(ii) Is impracticable without the use or disclosure of the health care information in individually identifiable form;

(iii) Contains reasonable safeguards to protect the information from redisclosure;

(iv) Contains reasonable safeguards to protect against identifying, directly or indirectly, any patient in any report of the research project; and

(v) Contains procedures to remove or destroy at the earliest opportunity, consistent with the purposes of the project, information that would enable the patient to be identified, unless an institutional review board authorizes retention of identifying information for purposes of another research project;

(h) To a person who obtains information for purposes of an audit, if that person agrees in writing to:

(i) Remove or destroy, at the earliest opportunity consistent with the purpose of the audit, information that would enable the patient to be identified; and

(ii) Not to disclose the information further, except to accomplish the audit or report unlawful or improper conduct involving fraud in payment for health care by a health care provider or patient, or other unlawful conduct by the health care provider;

(i) To an official of a penal or other custodial institution in which the patient is detained;

(j) To provide directory information, unless the patient has instructed the health care provider not to make the disclosure;

(k) To provide, in cases of public record, name, residence, sex, age, occupation, condition, diagnosis or extent and location of injuries as determined by a physician, and whether the patient was conscious when admitted.

(2) A health care provider shall disclose health care information about a patient without the patient's authorization if the disclosure is:

(a) To federal, state, or local public health authorities, to the extent the health care provider is required by law to report health care information; when needed to determine compliance with state or federal licensure, certification or registration rules or laws; or when needed to protect the public health;

(b) To federal, state, or local law enforcement authorities to the extent the health care provider is required by law;

(3) All state or local agencies obtaining patient health care information pursuant to this section shall adopt rules establishing their record acquisition, retention, and security policies that are consistent with this chapter.

Sec. 5. RCW 70.02.060 and 1991 c 335 s 205 are each amended to read as follows:

(1) Before service of a discovery request or compulsory process on a health care provider for health care information, an attorney shall provide advance notice to the health care provider and the patient or the patient's attorney involved through service of process or first class mail, indicating the health care provider from whom the information is sought, what health care information is sought, and the date by which a protective order must be obtained to prevent the health care provider from complying. Such date shall give the patient and the health care provider adequate time to seek a protective order, but in no event be less than fourteen days since the date of service or delivery to the patient and the health care provider of the foregoing. Thereafter the request for discovery or compulsory process shall be served on the health care provider.

(2) Without the written consent of the patient, the health care provider may not disclose the health care information sought under subsection (1) of this section if the requestor has not complied with the requirements of subsection (1) of this section. In the absence of a protective order issued by a court of competent jurisdiction forbidding compliance, the health care provider shall disclose the information in accordance with this chapter. In the case of compliance, the request for discovery or compulsory process shall be made a part of the patient record.

(3) Production of health care information under this section, in and of itself, does not constitute a waiver of any privilege, objection, or defense existing under other law or rule of evidence or procedure.

(4) The health care provider may charge a reasonable fee for providing the health care information.

Sec. 6. RCW 70.02.080 and 1991 c 335 s 301 are each amended to read as follows:

(1) Upon receipt of a written request from a patient to examine or copy all or part of the patient's recorded health care information, a health care provider, as promptly as required under the circumstances, but no later than fifteen working days after receiving the request shall:

(a) Make the information available for examination during regular business hours and provide a copy, if requested, to the patient;

(b) Inform the patient if the information does not exist or cannot be found;

(c) If the health care provider does not maintain a record of the information, inform the patient and provide the name and address, if known, of the health care provider who maintains the record;

(d) If the information is in use or unusual circumstances have delayed handling the request, inform the patient and specify in writing the reasons for the delay and the earliest date, not later than twenty-one working days after receiving the request, when the information will be available for examination or copying or when the request will be otherwise disposed of; or

(e) Deny the request, in whole or in part, under RCW 70.02.090 and inform the patient.

(2) Upon request, the health care provider shall provide an explanation of any code or abbreviation used in the health care information. If a record of the particular health care information requested is not maintained by the health care provider in the requested form, the health care provider is not required to create a new record or reformulate an existing record to make the health care information available in the requested form. The health care provider may charge a reasonable fee((~~, not to exceed the health care provider's actual cost,~~)) for providing the health care information and is not required to permit examination or copying until the fee is paid.