S-3606.1  _______________________________________________

 

                         SENATE BILL 6684

          _______________________________________________

 

State of Washington      56th Legislature     2000 Regular Session

 

By Senators Thibaudeau, Kline, Roach and Kohl‑Welles

 

Read first time 01/24/2000.  Referred to Committee on Health & Long‑Term Care.

Protecting the privacy of medical records.

    AN ACT Relating to the privacy of medical records; amending RCW 70.02.020, 70.02.050, and 70.02.170; and prescribing penalties.

 

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

 

    Sec. 1.  RCW 70.02.020 and 1993 c 448 s 2 are each amended to read as follows:

    Except as authorized in RCW 70.02.050, ((a health care provider, an individual who assists a health care provider in the delivery of health care, or an agent and employee of a health care provider)) no person may ((not)) disclose health care information about a patient to any other person without the patient's written authorization.  A disclosure made under a patient's written authorization must conform to the authorization.

    Health care providers or facilities shall chart all disclosures((, except to third-party payors,)) of health care information, such chartings to become part of the health care information.

 

    Sec. 2.  RCW 70.02.050 and 1998 c 158 s 1 are each amended to read as follows:

    (1) A health care provider may disclose health care information about a patient without the patient's authorization to the extent a recipient needs to know the information, if the disclosure is:

    (a) To a person who the provider reasonably believes is providing health care to the patient;

    (b) To any other person who requires health care information for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, or actuarial services to the health care provider; or for assisting the health care provider in the delivery of health care and the health care provider reasonably believes that the person:

    (i) Will not use or disclose the health care information for any other purpose; and

    (ii) Will take appropriate steps to protect the health care information;

    (c) To any other health care provider reasonably believed to have previously provided health care to the patient, to the extent necessary to provide health care to the patient, unless the patient has instructed the health care provider in writing not to make the disclosure;

    (d) To any person if the health care provider reasonably believes that disclosure will avoid or minimize an imminent danger to the health or safety of the patient or any other individual, however there is no obligation under this chapter on the part of the provider to so disclose;

    (e) Oral, and made to immediate family members of the patient, or any other individual with whom the patient is known to have a close personal relationship, if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider in writing not to make the disclosure;

    (f) To a health care provider who is the successor in interest to the health care provider maintaining the health care information;

    (g) For use in a research project that an institutional review board has determined:

    (i) Is of sufficient importance to outweigh the intrusion into the privacy of the patient that would result from the disclosure;

    (ii) Is impracticable without the use or disclosure of the health care information in individually identifiable form;

    (iii) Contains reasonable safeguards to protect the information from redisclosure;

    (iv) Contains reasonable safeguards to protect against identifying, directly or indirectly, any patient in any report of the research project; and

    (v) Contains procedures to remove or destroy at the earliest opportunity, consistent with the purposes of the project, information that would enable the patient to be identified, unless an institutional review board authorizes retention of identifying information for purposes of another research project;

    (h) To a person who obtains information for purposes of an audit, if that person agrees in writing to:

    (i) Remove or destroy, at the earliest opportunity consistent with the purpose of the audit, information that would enable the patient to be identified; and

    (ii) Not to disclose the information further, except to accomplish the audit or report unlawful or improper conduct involving fraud in payment for health care by a health care provider or patient, or other unlawful conduct by the health care provider;

    (i) To an official of a penal or other custodial institution in which the patient is detained;

    (j) To provide directory information, unless the patient has instructed the health care provider not to make the disclosure;

    (k) In the case of a hospital or health care provider to provide, in cases reported by fire, police, sheriff, or other public authority, name, ((residence,)) sex, age, occupation, ((condition, diagnosis,)) or extent and location of injuries as determined by a physician, and whether the patient was conscious when admitted.

    (2) A health care provider shall disclose health care information about a patient without the patient's authorization if the disclosure is:

    (a) To federal, state, or local public health authorities, to the extent the health care provider is required by law to report health care information((;)), or when needed to determine compliance with state or federal licensure, certification or registration rules or laws((; or when needed to protect the public health));

    (b) To federal, state, or local law enforcement authorities to the extent the health care provider is required by law;

    (c) To county coroners and medical examiners for the investigations of deaths of patients whose health care information is disclosed;

    (d) Pursuant to compulsory process in accordance with RCW 70.02.060.

    (3) All state or local agencies obtaining patient health care information pursuant to this section shall adopt rules establishing their record acquisition, retention, and security policies that are consistent with this chapter.

 

    Sec. 3.  RCW 70.02.170 and 1991 c 335 s 801 are each amended to read as follows:

    (1) A person who has complied with this chapter may maintain an action for the relief provided in this section against a ((health care provider or facility)) person who has not complied with this chapter.

    (2) The court may order the ((health care provider or other)) noncomplying person to comply with this chapter.  Such relief may include:

    (a) One thousand dollars, or actual damages, ((but shall not include consequential or incidental damages.  The court shall award)) whichever is greater, for each violation;

    (b) Reasonable attorneys' fees and all other expenses reasonably incurred to the prevailing party; and

    (c) Such other relief, including an injunction, as the court may deem appropriate.

    (3) Any action under this chapter is barred unless the action is commenced within two years after the cause of action is discovered.

    (4) A violation of this chapter shall not be deemed a violation of the consumer protection act, chapter 19.86 RCW.

    (5) Nothing in this chapter limits the right of a person to recover damages or other relief under any other applicable law.

 

                            --- END ---