Title: An act relating to making certain provisions in the uniform health care information act consistent with the health insurance portability and accountability act privacy regulation, by addressing the period of validity of an authorization, accounting for disclosures, reporting of criminal activities, sharing quality improvement information, and modifying provisions on payment for health care, health care operations, and related definitions.

Brief Description: Modifying the uniform health care information act.

Sponsors: Senate Committee on Health & Long-Term Care (originally sponsored by Senators Keiser, Brandland, Kastama, Parlette and Benson).

Brief History:

Committee Activity: Health & Long-Term Care: 1/27/05, 2/10/05 [DPS].

Passed Senate: 3/14/05, 47-0.

Passed House: 4/05/05, 94-0 (House amended).

Passed Senate: 4/19/05, 45-0 (Senate concurred).

SENATE COMMITTEE ON HEALTH & LONG-TERM CARE

Majority Report: That Substitute Senate Bill No. 5158 be substituted therefor, and the substitute bill do pass.Signed by Senators Keiser, Chair; Thibaudeau, Vice Chair; Deccio, Ranking Minority Member; Benson, Brandland, Franklin, Kastama, Parlette and Poulsen.

Staff: Stephanie Yurcisin (786-7438)

Background: In April 2003, the Health Insurance Portability and Accountability Act (HIPAA) privacy regulation established new federal standards for disclosure of protected health information by hospitals and other covered entities. Because both state law and HIPAA govern disclosure of such information, hospitals have expressed concerns over the additional administrative burdens and the potential for the application of the different laws to result in inconsistent standards and lowered quality of care. There is hope that changing state law to reflect the HIPAA standards can improve patient care and may ease hospital administrative burdens.

Currently, a patient may only authorize disclosure of his or her information for up to 90 days. There is specific concern that this small time window creates barriers to sharing information electronically, particularly in community health networks. State law also requires an accounting of every disclosure of information, including disclosure made for health care operations and quality improvement purposes. Health care facilities, particularly hospitals, have commented that being required to account for disclosures that the patient already expects creates a significant administrative burden and does not assist patients. Patients are currently required to specifically authorize disclosures that will be made for payment purposes. Current state law does not facilitate health care providers sharing quality assurance information when only one of them benefits from the information shared.

Summary of Bill: The state's 90-day limit on the length of validity for a health care information disclosure authorization is removed. The bill brings the state law in line with the HIPAA regulations by requiring that an authorization include an expiration date or event that relates to the individual or to the purpose of the use or disclosure. A patient's authorization to disclose health care information is applicable to health care providers or health care facilities. The patient may also designate a particular class of persons to whom information may be disclosed instead of merely designating particular individuals. A patient may authorize the disclosure of health care information to a class of persons that includes researchers who have the patient's informed consent and to third-party payors if the information is only disclosed for payment purposes. A general 90-day expiration is created for an authorization of disclosure to a financial institution or an employer for purposes other than payment.

To further align state law with HIPAA, clarifying language is added to the provision that allows a health care provider or health care facility to disclose information to a law enforcement official that the provider or facility in good faith believes constitutes evidence of criminal conduct that occurred on the premises. The provider or facility may also disclose basic identifying information for a patient brought by a public authority. Additionally, providers and facilities may disclose patient information for payment purposes without receiving specific patient authorization to do so.

Required accounting for routine disclosures is changed to exempt those disclosures made for treatment, payment, and health care operations, as well as other areas where the patient would expect disclosure to be made routinely. A provider or facility is allowed to disclose information to another provider or facility for operational purposes, if each had a relationship with the patient, the information is related to the relationship, and the disclosure is for limited purposes.

Substitute Bill Compared to Original Bill: The substitute bill clarifies that an authorization for disclosure of health care information may be kept as an original or as a copy, and that disclosures to immediate family is not limited to oral disclosures.
         

Appropriation: None.

Fiscal Note: Not requested.

Committee/Commission/Task Force Created: No.

Effective Date: Ninety days after adjournment of session in which bill is passed.

Testimony For: It has been exceedingly complicated for hospitals to negotiate the intersection between state and federal privacy laws. Bringing the state laws in line with the federal laws will alleviate administrative burdens, improve the quality of care, and increase patient access to care. Getting rid of the 90-day limit on authorizations will be of particular help to patients whose providers employ electronic medical records and similar technologies.

Testimony Against: None.

Who Testified: PRO: Taya Briley, WA State Hospital Association; Richard Meeks, University of Washington Medicine; Mary Minniti, Whatcom County Pursuing Perfection & St. Joseph's Hospital; Ellen Ruben, Harborview Medical Center.