CERTIFICATION OF ENROLLMENT

ENGROSSED SUBSTITUTE SENATE BILL 6106



59th Legislature
2006 Regular Session

Passed by the Senate March 4, 2006
  YEAS 43   NAYS 0


________________________________________    
President of the Senate
Passed by the House February 28, 2006
  YEAS 97   NAYS 0


________________________________________    
Speaker of the House of Representatives


CERTIFICATE

I, Thomas Hoemann, Secretary of the Senate of the State of Washington, do hereby certify that the attached is ENGROSSED SUBSTITUTE SENATE BILL 6106 as passed by the Senate and the House of Representatives on the dates hereon set forth.


________________________________________    
Secretary
Approved 









________________________________________    
Governor of the State of Washington
FILED







Secretary of State
State of Washington


_____________________________________________ 

ENGROSSED SUBSTITUTE SENATE BILL 6106
_____________________________________________

AS AMENDED BY THE HOUSE

Passed Legislature - 2006 Regular Session
State of Washington59th Legislature2006 Regular Session

By Senate Committee on Health & Long-Term Care (originally sponsored by Senator Brandland)

READ FIRST TIME 02/01/06.   



     AN ACT Relating to disclosure of health care information for law enforcement purposes; amending RCW 70.02.010, 70.02.050, and 68.50.320; creating a new section; and declaring an emergency.

BE IT ENACTED BY THE LEGISLATURE OF THE STATE OF WASHINGTON:

NEW SECTION.  Sec. 1   The purpose of this act is to aid law enforcement in combating crime through the rapid identification of all persons who require medical treatment as a result of a criminal act and to assist in the rapid identification of human remains.

Sec. 2   RCW 70.02.010 and 2005 c 468 s 1 are each amended to read as follows:
     The definitions in this section apply throughout this chapter unless the context clearly requires otherwise.
     (1) "Audit" means an assessment, evaluation, determination, or investigation of a health care provider by a person not employed by or affiliated with the provider to determine compliance with:
     (a) Statutory, regulatory, fiscal, medical, or scientific standards;
     (b) A private or public program of payments to a health care provider; or
     (c) Requirements for licensing, accreditation, or certification.
     (2) "Directory information" means information disclosing the presence, and for the purpose of identification, the name, location within a health care facility, and the general health condition of a particular patient who is a patient in a health care facility or who is currently receiving emergency health care in a health care facility.
     (3) "Federal, state, or local law enforcement authorities" means an officer of any agency or authority in the United States, a state, a tribe, a territory, or a political subdivision of a state, a tribe, or a territory who is empowered by law to: (a) Investigate or conduct an official inquiry into a potential criminal violation of law; or (b) prosecute or otherwise conduct a criminal proceeding arising from an alleged violation of law.
     (4)
"General health condition" means the patient's health status described in terms of "critical," "poor," "fair," "good," "excellent," or terms denoting similar conditions.
     (((4))) (5) "Health care" means any care, service, or procedure provided by a health care provider:
     (a) To diagnose, treat, or maintain a patient's physical or mental condition; or
     (b) That affects the structure or any function of the human body.
     (((5))) (6) "Health care facility" means a hospital, clinic, nursing home, laboratory, office, or similar place where a health care provider provides health care to patients.
     (((6))) (7) "Health care information" means any information, whether oral or recorded in any form or medium, that identifies or can readily be associated with the identity of a patient and directly relates to the patient's health care, including a patient's deoxyribonucleic acid and identified sequence of chemical base pairs. The term includes any required accounting of disclosures of health care information.
     (((7))) (8) "Health care operations" means any of the following activities of a health care provider, health care facility, or third-party payor to the extent that the activities are related to functions that make an entity a health care provider, a health care facility, or a third-party payor:
     (a) Conducting: Quality assessment and improvement activities, including outcomes evaluation and development of clinical guidelines, if the obtaining of generalizable knowledge is not the primary purpose of any studies resulting from such activities; population-based activities relating to improving health or reducing health care costs, protocol development, case management and care coordination, contacting of health care providers and patients with information about treatment alternatives; and related functions that do not include treatment;
     (b) Reviewing the competence or qualifications of health care professionals, evaluating practitioner and provider performance and third-party payor performance, conducting training programs in which students, trainees, or practitioners in areas of health care learn under supervision to practice or improve their skills as health care providers, training of nonhealth care professionals, accreditation, certification, licensing, or credentialing activities;
     (c) Underwriting, premium rating, and other activities relating to the creation, renewal, or replacement of a contract of health insurance or health benefits, and ceding, securing, or placing a contract for reinsurance of risk relating to claims for health care, including stop-loss insurance and excess of loss insurance, if any applicable legal requirements are met;
     (d) Conducting or arranging for medical review, legal services, and auditing functions, including fraud and abuse detection and compliance programs;
     (e) Business planning and development, such as conducting cost-management and planning-related analyses related to managing and operating the health care facility or third-party payor, including formulary development and administration, development, or improvement of methods of payment or coverage policies; and
     (f) Business management and general administrative activities of the health care facility, health care provider, or third-party payor including, but not limited to:
     (i) Management activities relating to implementation of and compliance with the requirements of this chapter;
     (ii) Customer service, including the provision of data analyses for policy holders, plan sponsors, or other customers, provided that health care information is not disclosed to such policy holder, plan sponsor, or customer;
     (iii) Resolution of internal grievances;
     (iv) The sale, transfer, merger, or consolidation of all or part of a health care provider, health care facility, or third-party payor with another health care provider, health care facility, or third-party payor or an entity that following such activity will become a health care provider, health care facility, or third-party payor, and due diligence related to such activity; and
     (v) Consistent with applicable legal requirements, creating deidentified health care information or a limited dataset and fund-raising for the benefit of the health care provider, health care facility, or third-party payor.
     (((8))) (9) "Health care provider" means a person who is licensed, certified, registered, or otherwise authorized by the law of this state to provide health care in the ordinary course of business or practice of a profession.
     (((9))) (10) "Institutional review board" means any board, committee, or other group formally designated by an institution, or authorized under federal or state law, to review, approve the initiation of, or conduct periodic review of research programs to assure the protection of the rights and welfare of human research subjects.
     (((10))) (11) "Maintain," as related to health care information, means to hold, possess, preserve, retain, store, or control that information.
     (((11))) (12) "Patient" means an individual who receives or has received health care. The term includes a deceased individual who has received health care.
     (((12))) (13) "Payment" means:
     (a) The activities undertaken by:
     (i) A third-party payor to obtain premiums or to determine or fulfill its responsibility for coverage and provision of benefits by the third-party payor; or
     (ii) A health care provider, health care facility, or third-party payor, to obtain or provide reimbursement for the provision of health care; and
     (b) The activities in (a) of this subsection that relate to the patient to whom health care is provided and that include, but are not limited to:
     (i) Determinations of eligibility or coverage, including coordination of benefits or the determination of cost-sharing amounts, and adjudication or subrogation of health benefit claims;
     (ii) Risk adjusting amounts due based on enrollee health status and demographic characteristics;
     (iii) Billing, claims management, collection activities, obtaining payment under a contract for reinsurance, including stop-loss insurance and excess of loss insurance, and related health care data processing;
     (iv) Review of health care services with respect to medical necessity, coverage under a health plan, appropriateness of care, or justification of charges;
     (v) Utilization review activities, including precertification and preauthorization of services, and concurrent and retrospective review of services; and
     (vi) Disclosure to consumer reporting agencies of any of the following health care information relating to collection of premiums or reimbursement:
     (A) Name and address;
     (B) Date of birth;
     (C) Social security number;
     (D) Payment history;
     (E) Account number; and
     (F) Name and address of the health care provider, health care facility, and/or third-party payor.
     (((13))) (14) "Person" means an individual, corporation, business trust, estate, trust, partnership, association, joint venture, government, governmental subdivision or agency, or any other legal or commercial entity.
     (((14))) (15) "Reasonable fee" means the charges for duplicating or searching the record, but shall not exceed sixty-five cents per page for the first thirty pages and fifty cents per page for all other pages. In addition, a clerical fee for searching and handling may be charged not to exceed fifteen dollars. These amounts shall be adjusted biennially in accordance with changes in the consumer price index, all consumers, for Seattle-Tacoma metropolitan statistical area as determined by the secretary of health. However, where editing of records by a health care provider is required by statute and is done by the provider personally, the fee may be the usual and customary charge for a basic office visit.
     (((15))) (16) "Third-party payor" means an insurer regulated under Title 48 RCW authorized to transact business in this state or other jurisdiction, including a health care service contractor, and health maintenance organization; or an employee welfare benefit plan; or a state or federal health benefit program.
     (((16))) (17) "Treatment" means the provision, coordination, or management of health care and related services by one or more health care providers or health care facilities, including the coordination or management of health care by a health care provider or health care facility with a third party; consultation between health care providers or health care facilities relating to a patient; or the referral of a patient for health care from one health care provider or health care facility to another.

Sec. 3   RCW 70.02.050 and 2005 c 468 s 4 are each amended to read as follows:
     (1) A health care provider or health care facility may disclose health care information about a patient without the patient's authorization to the extent a recipient needs to know the information, if the disclosure is:
     (a) To a person who the provider or facility reasonably believes is providing health care to the patient;
     (b) To any other person who requires health care information for health care education, or to provide planning, quality assurance, peer review, or administrative, legal, financial, actuarial services to, or other health care operations for or on behalf of the health care provider or health care facility; or for assisting the health care provider or health care facility in the delivery of health care and the health care provider or health care facility reasonably believes that the person:
     (i) Will not use or disclose the health care information for any other purpose; and
     (ii) Will take appropriate steps to protect the health care information;
     (c) To any other health care provider or health care facility reasonably believed to have previously provided health care to the patient, to the extent necessary to provide health care to the patient, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure;
     (d) To any person if the health care provider or health care facility reasonably believes that disclosure will avoid or minimize an imminent danger to the health or safety of the patient or any other individual, however there is no obligation under this chapter on the part of the provider or facility to so disclose;
     (e) To immediate family members of the patient, or any other individual with whom the patient is known to have a close personal relationship, if made in accordance with good medical or other professional practice, unless the patient has instructed the health care provider or health care facility in writing not to make the disclosure;
     (f) To a health care provider or health care facility who is the successor in interest to the health care provider or health care facility maintaining the health care information;
     (g) For use in a research project that an institutional review board has determined:
     (i) Is of sufficient importance to outweigh the intrusion into the privacy of the patient that would result from the disclosure;
     (ii) Is impracticable without the use or disclosure of the health care information in individually identifiable form;
     (iii) Contains reasonable safeguards to protect the information from redisclosure;
     (iv) Contains reasonable safeguards to protect against identifying, directly or indirectly, any patient in any report of the research project; and
     (v) Contains procedures to remove or destroy at the earliest opportunity, consistent with the purposes of the project, information that would enable the patient to be identified, unless an institutional review board authorizes retention of identifying information for purposes of another research project;
     (h) To a person who obtains information for purposes of an audit, if that person agrees in writing to:
     (i) Remove or destroy, at the earliest opportunity consistent with the purpose of the audit, information that would enable the patient to be identified; and
     (ii) Not to disclose the information further, except to accomplish the audit or report unlawful or improper conduct involving fraud in payment for health care by a health care provider or patient, or other unlawful conduct by the health care provider;
     (i) To an official of a penal or other custodial institution in which the patient is detained;
     (j) To provide directory information, unless the patient has instructed the health care provider or health care facility not to make the disclosure;
     (k) To fire, police, sheriff, or another public authority, that brought, or caused to be brought, the patient to the health care facility or health care provider if the disclosure is limited to the patient's name, residence, sex, age, occupation, condition, diagnosis, estimated or actual discharge date, or extent and location of injuries as determined by a physician, and whether the patient was conscious when admitted;
     (l) To federal, state, or local law enforcement authorities and the health care provider, health care facility, or third-party payor believes in good faith that the health care information disclosed constitutes evidence of criminal conduct that occurred on the premises of the health care provider, health care facility, or third-party payor;
     (m) To another health care provider, health care facility, or third-party payor for the health care operations of the health care provider, health care facility, or third-party payor that receives the information, if each entity has or had a relationship with the patient who is the subject of the health care information being requested, the health care information pertains to such relationship, and the disclosure is for the purposes described in RCW 70.02.010(((7))) (8) (a) and (b); or
     (n) For payment.
     (2) A health care provider shall disclose health care information about a patient without the patient's authorization if the disclosure is:
     (a) To federal, state, or local public health authorities, to the extent the health care provider is required by law to report health care information; when needed to determine compliance with state or federal licensure, certification or registration rules or laws; or when needed to protect the public health;
     (b) To federal, state, or local law enforcement authorities to the extent the health care provider is required by law;
     (c) To federal, state, or local law enforcement authorities, upon receipt of a written or oral request made to a nursing supervisor, administrator, or designated privacy official, in a case in which the patient is being treated or has been treated for a bullet wound, gunshot wound, powder burn, or other injury arising from or caused by the discharge of a firearm, or an injury caused by a knife, an ice pick, or any other sharp or pointed instrument which federal, state, or local law enforcement authorities reasonably believe to have been intentionally inflicted upon a person, or a blunt force injury that federal, state, or local law enforcement authorities reasonably believe resulted from a criminal act, the following information, if known:
     (i) The name of the patient;
     (ii) The patient's residence;
     (iii) The patient's sex;
     (iv) The patient's age;
     (v) The patient's condition;
     (vi) The patient's diagnosis, or extent and location of injuries as determined by a health care provider;
     (vii) Whether the patient was conscious when admitted;
     (viii) The name of the health care provider making the determination in (c)(v), (vi), and (vii) of this subsection;
     (ix) Whether the patient has been transferred to another facility; and
     (x) The patient's discharge time and date;
     (d)
To county coroners and medical examiners for the investigations of deaths;
     (((d))) (e) Pursuant to compulsory process in accordance with RCW 70.02.060.
     (3) All state or local agencies obtaining patient health care information pursuant to this section shall adopt rules establishing their record acquisition, retention, and security policies that are consistent with this chapter.

Sec. 4   RCW 68.50.320 and 2001 c 223 s 1 are each amended to read as follows:
     When a person reported missing has not been found within thirty days of the report, the sheriff, chief of police, county coroner or county medical examiner, or other law enforcement authority initiating and conducting the investigation for the missing person shall ask the missing person's family or next of kin to give written consent to contact the dentist or dentists of the missing person and request the person's dental records.
     The missing person's dentist or dentists shall provide diagnostic quality copies of the missing person's dental records or original dental records to the sheriff, chief of police, county coroner or county medical examiner, or other law enforcement authority, when presented with the written consent from the missing person's family or next of kin or with a statement from the sheriff, chief of police, county coroner or county medical examiner, or other law enforcement authority that the missing person's family or next of kin could not be located in the exercise of due diligence or that the missing person's family or next of kin refuse to consent to the release of the missing person's dental records and there is reason to believe that the missing person's family or next of kin may have been involved in the missing person's disappearance.
     When a person reported missing has not been found within thirty days, the sheriff, chief of police, or other law enforcement authority initiating and conducting the investigation for the missing person shall confer with the county coroner or medical examiner prior to the preparation of a missing person's report. After conferring with the coroner or medical examiner, the sheriff, chief of police, or other law enforcement authority shall submit a missing person's report and the dental records received under this section to the dental identification system of the state patrol identification, child abuse, vulnerable adult abuse, and criminal history section on forms supplied by the state patrol for such purpose.
     When a person reported missing has been found, the sheriff, chief of police, coroner or medical examiner, or other law enforcement authority shall report such information to the state patrol.
     The dental identification system shall maintain a file of information regarding persons reported to it as missing. The file shall contain the information referred to in this section and such other information as the state patrol finds relevant to assist in the location of a missing person.
     The files of the dental identification system shall, upon request, be made available to law enforcement agencies attempting to locate missing persons.

NEW SECTION.  Sec. 5   This act is necessary for the immediate preservation of the public peace, health, or safety, or support of the state government and its existing public institutions, and takes effect immediately.

--- END ---