FINAL BILL REPORT

SHB 1043

This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent.

C 193 L 17

Synopsis as Enacted

Brief Description: Addressing nonpublic personal health information.

Sponsors: House Committee on Health Care & Wellness (originally sponsored by Representatives Robinson, Harris, Clibborn, Riccelli, Cody, Jinkins, Tharinger, Appleton and Sawyer; by request of Insurance Commissioner).

House Committee on Health Care & Wellness

Senate Committee on Health Care

Background:

Disclosure of Public Records.

The Public Records Act (PRA) requires state and local agencies to make all public records available for public inspection and copying, unless a record falls within an exemption in the PRA or another statute that exempts or prohibits disclosure of specific information or records. To the extent required to prevent an unreasonable invasion of personal privacy interests, an agency must delete identifying details when it makes a public record available. A person's right to privacy is violated only if disclosure would be highly offensive to a reasonable person and is not of legitimate concern to the public. The PRA is liberally construed and its exemptions narrowly construed. If the PRA conflicts with any other law, the provisions of the PRA govern.

The PRA provides exemptions from disclosure for certain health care information, such as:  (1) health information obtained under specified circumstances by the Pharmacy Quality Assurance Commission, the Department of Health, and quality improvement committees; (2) claims data provided to the all-payer healthcare claims database; and (3) complaints under the Uniform Disciplinary Act. In addition, the PRA provides exemptions for certain information filed with the Insurance Commissioner under the insurance code, including confidential or privileged information provided by: (1) the National Association of Insurance Commissioners; (2) regulatory or law enforcement officials of other states and nations, the federal government, or international authorities; or (3) state agencies.

Confidentiality of Health Care Information.

The federal Health Insurance Portability and Accountability Act establishes standards for the disclosure of protected health information by covered entities (i.e,. health plans, health care clearinghouses, and certain health care providers) and their business associates. The state Uniform Health Care Information Act governs the disclosure of health care information by health care providers and their agents or employees.

Summary:

All nonpublic personal health information obtained by, disclosed to, or in the custody of the Insurance Commissioner (Commissioner) is confidential and not subject to public disclosure under the Public Records Act (PRA), regardless of the form of the information. The Commissioner may not disclose nonpublic personal health information, except in furtherance of regulatory or legal action brought as part of his or her official duties.

The Commissioner may share information with the National Association of Insurance Commissioners and regulatory and law enforcement officials of this and other states and nations, the federal government, and international authorities if the recipient agrees to maintain confidentiality. The Commissioner may receive information from these entities and must maintain the information as confidential or privileged under the laws of the jurisdiction that is the source of the information. No waiver of a claim of confidentiality or privilege occurs as a result of this authorized disclosure or sharing. The Commissioner may enter into agreements on the sharing and use of information.

The release used by consumers filing complaints with the Office of the Insurance Commissioner (Office) must include language in large font indicating that the Office may share consumers' personal health information and that the information will be shared only if it is held confidential by the recipient. At the time of filing a complaint, consumers must be provided the opportunity to opt out, indicating that their personal health information may not be shared.

"Nonpublic personal health information" means health information: (1) that identifies an individual who is the subject of the information; or (2) with respect to which there is a reasonable basis to believe the information could be used to identify an individual. "Health information" means information or data (other than age or gender), whether oral or recorded, created by or derived from a health care provider, patient, policyholder, or enrollee, that relates to: (1) an individual's past, present, or future physical, mental, or behavioral health or condition; or (2) the provision of or payment for the provision of health care to an individual. "Health care" means preventive, diagnostic, therapeutic, rehabilitative, maintenance, or palliative care services, procedures, tests, or counseling that: (1) relate to the physical, mental, or behavioral condition of an individual; (2) affect the structure or function of the human body or any part of the human body, including blood, sperm, organ, or other tissue banking; or (3) prescribe, dispense, or furnish to an individual drugs, biologicals, medical devices, or health care equipment and supplies.

Votes on Final Passage:

House

97

1

Senate

House

47

0

(Senate amended)

(House refused to concur)

Senate

49

0

(Senate receded/amended)

House

93

3

(House concurred)

Effective:

July 23, 2017