FINAL BILL REPORT
ESHB 1679
This analysis was prepared by non-partisan legislative staff for the use of legislative members in their deliberations. This analysis is not a part of the legislation nor does it constitute a statement of legislative intent. |
C 200 L 13
Synopsis as Enacted
Brief Description: Regarding the disclosure of health care information.
Sponsors: House Committee on Health Care & Wellness (originally sponsored by Representatives Cody, Jinkins and Ryu).
House Committee on Health Care & Wellness
Senate Committee on Health Care
Background:
The Health Insurance Portability and Accountability Act of 1996 (HIPAA) establishes nationwide standards for the use, disclosure, storage, and transfer of protected health information. Entities covered by HIPAA must have a patient's authorization to use or disclose health care information unless there is a specified exception. Some exceptions pertain to disclosures for treatment, payment, and health care operations; public health activities; judicial proceedings; law enforcement purposes; and research purposes. The HIPAA allows a state to establish standards that are more stringent than its provisions.
In Washington, the Uniform Health Care Information Act (UHCIA) governs the disclosure of health care information by health care providers and their agents or employees. The UHCIA provides that a health care provider may not disclose health care information about a patient unless there is a statutory exception or a written authorization by the patient. Some exceptions include disclosures for the provision of health care; quality improvement, legal, actuarial, and administrative services; research purposes; directory information; public health and law enforcement activities as required by law; and judicial proceedings.
Washington has heightened protections for information related to mental health, human immunodeficiency virus (HIV), and sexually transmitted disease (STD). For mental health information, the fact of admission and all information and records compiled in the course of providing services to patients at public or private mental health agencies is confidential. With respect to HIV and STD information, it is prohibited to disclose the identity of a person who has considered or requested a test for an STD; the identity of the subject of an HIV antibody test or test for any other STD; the results of those tests; and information regarding the diagnosis of or treatment for HIV infection and for any other confirmed STD. Both the protections related to mental health, HIV, and STD information have several exceptions to allow the disclosure of the information without the patient's authorization or consent.
Summary:
The term "information and records related to mental health services" (mental health information) is codified under the UHCIA with predominantly the same meaning as related terms in the mental health statutes. For mental health information maintained by a hospital or health care provider that participates with a hospital in an organized health care arrangement, the term is specifically limited to that information regarding services provided by a mental health professional or hospital-operated community mental health program. The term "information and records related to sexually transmitted diseases" (STD information) is defined, similar to the standard in the STD statute, as health care information related to the identity of a person who is the subject of an HIV or other STD test, any results of such tests, and any information regarding the diagnosis or treatment of an STD. Both definitions expressly state that they are a type of "health care information."
Statutory provisions related to the disclosure of mental health information, including children's mental health information, and STD information are consolidated into the UHCIA. The heightened standards of privacy for those types of information are maintained.
Health care providers and their employees and contractors are prohibited from using or disclosing health care information for marketing or fundraising purposes, unless it is permitted by federal law, or selling health care information to a third party, unless the information is either in a de-identified and aggregated form or for specified purposes.
Entities that receive health care information for health care education or to provide services to a health care provider, such as planning, quality assurance, legal, or financial activities, are subject to the same disclosure requirements as the health care provider for which the entity is working. If a health care provider learns that an entity has violated this responsibility, the health care provider must terminate the contract with the entity unless reasonable steps to correct the situation were taken or the violating activity has been discontinued.
General Mental Health Information.
Patient mental health information disclosure standards are maintained as they have been in the mental health chapters, except in some cases in which a standard for disclosure without authorization is changed or a new type of disclosure without authorization is established. These include:
Mental health information may be disclosed to a person who is providing health care to the patient, as provided under the UHCIA.
The permitted disclosure of mental health records for management or financial audits is changed to the UHCIA standard that allows disclosure to a person for health care education; planning; quality assurance; peer review; administrative, legal, financial, or actuarial purposes; or for assisting a health care provider or facility in the delivery of health care.
The permitted disclosure of (1) mental health information for evaluation or research subject to the Department of Social and Health Services (DSHS) adopting related rules and the researcher signing an oath of confidentiality; and (2) mental health records for purposes of research are both changed to the UHCIA standard allowing disclosures for use in a research project approved by an institutional review board.
Mental health information may be disclosed to an official of a penal or other custodial institution in which the patient is detained.
The permitted disclosure of (1) mental health information for a recipient of the information to make a claim for aid, insurance, or Medicaid; and (2) mental health treatment records to the DSHS, regional support network directors, or qualified staff when needed for billing and collection purposes are both changed to allow disclosures for payment, including making a claim for aid, insurance, or medical assistance.
The permitted disclosure of mental health information to the Department of Health for determining compliance with licensing standards is expanded to the UHCIA standard that requires that the information be provided to federal, state, or local public health authorities as required by law to determine compliance with credentialing laws or to protect public health.
Mental health information must be disclosed to county coroners and medical examiners for death investigations.
Mental health information must be disclosed to an organ procurement organization for the purpose of determining the medical suitability of a body part.
Mental health information must be disclosed to a person subject to the jurisdiction of the federal Food and Drug Administration as it relates to quality, safety, or effectiveness of a regulated product.
In cases in which there is not a specific exception to the privacy standard, the subject of the mental health information may allow disclosure pursuant to the written authorization requirements of the UHCIA, as opposed to the undefined "release" and "written informed consent" requirements of the mental health statutes.
General STD Information.
Patient STD information disclosure standards are maintained as they have been in the STD chapter, except that information and records related to STDs may be disclosed for use in a research project approved by an institutional review board. Information and records related to STDs must be disclosed to a coroner or medical examiner or an organ procurement organization regardless of the patient's authorization. Information and records related to STDs must also be disclosed to a person subject to the jurisdiction of the federal Food and Drug Administration as it relates to quality, safety, or effectiveness of a regulated product. In addition, it is clarified that the information and records related to STDs must be disclosed to federal, state, and local public health authorities as required by law, to determine compliance with regulatory laws, or to protect the public health.
In cases in which there is not a specific exception to the privacy standard, the subject of the STD information may allow disclosure pursuant to the written authorization requirements of the UHCIA, as opposed to the undefined "release" requirement of the STD statutes.
Votes on Final Passage:
House | 87 | 10 | |
Senate | 47 | 1 | (Senate amended) |
House | 88 | 7 | (House concurred) |
Effective: | May 10, 2013 (Section 5) |
July 1, 2014 |