House File 381 - Enrolled
HOUSE FILE
BY COMMITTEE ON HUMAN
RESOURCES
(SUCCESSOR TO HSB 100)
\5
A BILL FOR
\1
House File 381
AN ACT
RELATING TO THE IOWA HEALTH INFORMATION NETWORK, AND INCLUDING
EFFECTIVE DATE PROVISIONS.
BE IT ENACTED BY THE GENERAL ASSEMBLY OF THE STATE OF IOWA:
DIVISION I
IOWA HEALTH INFORMATION NETWORK == FUTURE ADMINISTRATION BY
DESIGNATED ENTITY
Section 1. NEW SECTION. 135D.1 Short title.
This chapter shall be known and may be cited as the "Iowa
Health Information Network Act".
Sec. 2. NEW SECTION. 135D.2 Definitions.
As used in this chapter, unless the context otherwise
requires:
1. "Board of directors" or "board" means the entity that
governs and administers the Iowa health information network.
2. "Care coordination" means the management of all aspects
of a patient's care to improve health care quality.
3. "Department" means the department of public health.
4. "Designated entity" means the nonprofit corporation
designated by the department through a competitive process as
the entity responsible for administering and governing the Iowa
health information network.
5. "Exchange" means the authorized electronic sharing of
health information between health care professionals, payors,
consumers, public health agencies, the designated entity, the
department, and other authorized participants utilizing the
Iowa health information network and Iowa health information
network services.
6. "Health care professional" means a person who is
licensed, certified, or otherwise authorized or permitted by
the law of this state to administer health care in the ordinary
course of business or in the practice of a profession.
7. "Health information" means health information as defined
in 45 C.F.R. {160.103 that is created or received by an
authorized participant.
8. "Health information technology" means the application
of information processing, involving both computer hardware
and software, that deals with the storage, retrieval, sharing,
and use of health care information, data, and knowledge for
communication, decision making, quality, safety, and efficiency
of clinical practice, and may include but is not limited to:
a. An electronic health record that electronically compiles
and maintains health information that may be derived from
multiple sources about the health status of an individual and
may include a core subset of each care delivery organization's
electronic medical record such as a continuity of care record
or a continuity of care document, computerized physician order
entry, electronic prescribing, or clinical decision support.
b. A personal health record through which an individual and
any other person authorized by the individual can maintain and
manage the individual's health information.
c. An electronic medical record that is used by health care
professionals to electronically document, monitor, and manage
health care delivery within a care delivery organization, is
the legal record of the patient's encounter with the care
delivery organization, and is owned by the care delivery
organization.
d. A computerized provider order entry function that permits
the electronic ordering of diagnostic and treatment services,
including prescription drugs.
e. A decision support function to assist physicians and
other health care providers in making clinical decisions by
providing electronic alerts and reminders to improve compliance
with best practices, promote regular screenings and other
preventive practices, and facilitate diagnosis and treatments.
f. Tools to allow for the collection, analysis, and
reporting of information or data on adverse events, the quality
and efficiency of care, patient satisfaction, and other health
care=related performance measures.
9. "Health Insurance Portability and Accountability Act"
or "HIPAA" means the federal Health Insurance Portability and
Accountability Act of 1996, Pub. L. No. 104=191, including
amendments thereto and regulations promulgated thereunder.
10. "Hospital" means a licensed hospital as defined in
section 135B.1.
11. "Interoperability" means the ability of two or more
systems or components to exchange information or data in an
accurate, effective, secure, and consistent manner and to use
the information or data that has been exchanged and includes
but is not limited to:
a. The capacity to connect to a network for the purpose of
exchanging information or data with other users.
b. The ability of a connected, authenticated user to
demonstrate appropriate permissions to participate in the
instant transaction over the network.
c. The capacity of a connected, authenticated user to
access, transmit, receive, and exchange usable information with
other users.
12. "Iowa health information network" or "network" means the
statewide health information technology network that is the
sole statewide network for Iowa pursuant to this chapter.
13. "Iowa Medicaid enterprise" means the centralized
medical assistance program infrastructure, based on a business
enterprise model, and designed to foster collaboration among
all program stakeholders by focusing on quality, integrity, and
consistency.
14. "Participant" means an authorized health care
professional, payor, patient, health care organization, public
health agency, or the department that has agreed to authorize,
submit, access, or disclose health information through the Iowa
health information network in accordance with this chapter
and all applicable laws, rules, agreements, policies, and
standards.
15. "Patient" means a person who has received or is
receiving health services from a health care professional.
16. "Payor" means a person who makes payments for health
services, including but not limited to an insurance company,
self=insured employer, government program, individual, or other
purchaser that makes such payments.
17. "Protected health information" means protected health
information as defined in 45 C.F.R. {160.103 that is created or
received by an authorized participant.
18. "Public health activities" means actions taken by a
participant in its capacity as a public health authority under
the Health Insurance Portability and Accountability Act or as
required or permitted by other federal or state law.
19. "Public health agency" means an entity that is governed
by or contractually responsible to a local board of health or
the department to provide services focused on the health status
of population groups and their environments.
20. "Record locator service" means the functionality of the
Iowa health information network that queries data sources to
locate and identify potential patient records.
Sec. 3. NEW SECTION. 135D.3 Iowa health information network
== findings and intent.
1. The general assembly finds all of the following:
a. Technology used to support health care=related functions
is known as health information technology. Health information
technology provides a mechanism to transform the delivery of
health and medical care in Iowa and across the nation.
b. Health information technology is rapidly evolving to
contribute to the goals of improving the experience of care,
improving the health of populations, and reducing per capita
costs of health care.
c. A health information network involves the secure
electronic sharing of health information across the boundaries
of individual practice and institutional health settings and
with consumers. The broad use of health information technology
and a health information network should improve health care
quality and the overall health of the population, increase
efficiencies in administrative health care, reduce unnecessary
health care costs, and help prevent medical errors.
d. All health information technology efforts shall endeavor
to represent the interests and meet the needs of consumers and
the health care sector, protect the privacy of individuals
and the confidentiality of individuals' information, promote
best practices, and make information easily accessible to
the members of the patient=centered care coordination team,
including but not limited to patients, providers, and payors.
2. It is the intent of the general assembly that the Iowa
health information network shall not constitute a health
benefit network or a health insurance network.
Sec. 4. NEW SECTION. 135D.4 Iowa health information network
== principles == technical infrastructure requirements.
1. The Iowa health information network shall be
administered and governed by a designated entity using, at a
minimum, the following principles:
a. Be patient=centered and market=driven.
b. Comply with established national standards.
c. Protect the privacy of consumers and the security and
confidentiality of all health information.
d. Promote interoperability.
e. Increase the accuracy, completeness, and uniformity of
data.
f. Preserve the choice of the patient to have the patient's
health information available through the record locator
service.
g. Provide education to the general public and provider
communities on the value and benefits of health information
technology.
2. Widespread adoption of health information technology is
critical to a successful Iowa health information network and is
best achieved when all of the following occur:
a. The network, through the designated entity complying
with chapter 504 and reporting as required under this chapter,
operates in an entrepreneurial and businesslike manner in which
it is accountable to all participants utilizing the network's
products and services.
b. The network provides a variety of services from which to
choose in order to best fit the needs of the user.
c. The network is financed by all who benefit from the
improved quality, efficiency, savings, and other benefits that
result from use of health information technology.
d. The network is operated with integrity and freedom from
political influence.
3. The Iowa health information network technical
infrastructure shall provide a mechanism for all of the
following:
a. The facilitation and support of the secure electronic
exchange of health information between participants.
b. Participants without an electronic health records system
to access health information from the Iowa health information
network.
4. Nothing in this chapter shall be interpreted to
impede or preclude the formation and operation of regional,
population=specific, or local health information networks
or the participation of such networks in the Iowa health
information network.
Sec. 5. NEW SECTION. 135D.5 Designated entity ==
administration and governance.
1. The Iowa health information network shall be
administered and governed by a designated entity selected by
the department through a competitive process. The designated
entity shall be established as a nonprofit corporation
organized under chapter 504. Unless otherwise provided in
this chapter, the corporation is subject to the provisions of
chapter 504. The designated entity shall be established for
the purpose of administering and governing the statewide Iowa
health information network.
2. The designated entity shall collaborate with the
department, but the designated entity shall not be considered,
in whole or in part, an agency, department, or administrative
unit of the state.
a. The designated entity shall not be required to comply
with any requirements that apply to a state agency, department,
or administrative unit and shall not exercise any sovereign
power of the state.
b. The designated entity does not have authority to pledge
the credit of the state. The assets and liabilities of
the designated entity shall be separate from the assets and
liabilities of the state and the state shall not be liable
for the debts or obligations of the designated entity. All
debts and obligations of the designated entity shall be payable
solely from the designated entity's funds. The state shall
not guarantee any obligation of or have any obligation to the
designated entity.
3. The articles of incorporation of the designated entity
shall provide for its governance and its efficient management.
In providing for its governance, the articles of the designated
entity shall address the following:
a. A board of directors to govern the designated entity.
b. The appointment of a chief executive officer by the board
to manage the designated entity's daily operations.
c. The delegation of such powers and responsibilities to the
chief executive officer as may be necessary for the designated
entity's efficient operation.
d. The employment of personnel necessary for the efficient
performance of the duties assigned to the designated entity.
All such personnel shall be considered employees of a private,
nonprofit corporation and shall be exempt from the personnel
requirements imposed on state agencies, departments, and
administrative units.
e. The financial operations of the designated entity
including the authority to receive and expend funds from public
and private sources and to use its property, money, or other
resources for the purpose of the designated entity.
Sec. 6. NEW SECTION. 135D.6 Board of directors ==
composition == duties.
1. The designated entity shall be administered by a board
of directors.
2. A single industry shall not be disproportionately
represented as voting members of the board. The board shall
include at least one member who is a consumer of health
services and a majority of the voting members of the board
shall be representative of participants in the Iowa health
information network. The director of public health or the
director's designee and the director of the Iowa Medicaid
enterprise or the director's designee shall act as voting
members of the board. The commissioner of insurance shall act
as an ex officio, nonvoting member of the board. Individuals
serving in an ex officio, nonvoting capacity shall not be
included in the total number of individuals authorized as
members of the board.
3. The board of directors shall do all of the following:
a. Ensure that the designated entity enters into contracts
with each state agency necessary for state reporting
requirements.
b. Develop, implement, and enforce the following:
(1) A single patient identifier or alternative mechanism to
share secure patient information that is utilized by all health
care professionals.
(2) Standards, requirements, policies, and procedures for
access to, use, secondary use, privacy, and security of health
information exchanged through the Iowa health information
network, consistent with applicable federal and state standards
and laws.
c. Direct a public and private collaborative effort to
promote the adoption and use of health information technology
in the state to improve health care quality, increase patient
safety, reduce health care costs, enhance public health,
and empower individuals and health care professionals with
comprehensive, real=time medical information to provide
continuity of care and make the best health care decisions.
d. Educate the public and the health care sector about
the value of health information technology in improving
patient care, and methods to promote increased support and
collaboration of state and local public health agencies,
health care professionals, and consumers in health information
technology initiatives.
e. Work to align interstate and intrastate interoperability
standards in accordance with national health information
exchange standards.
f. Provide an annual budget and fiscal report for the Iowa
health information network to the governor, the department
of public health, the department of management, the chairs
and ranking members of the legislative government oversight
standing committees, and the legislative services agency.
The report shall also include information about the services
provided through the network and information on the participant
usage of the network.
Sec. 7. NEW SECTION. 135D.7 Legal and policy == liability
== confidentiality.
1. The board shall implement industry=accepted security
standards, policies, and procedures to protect the transmission
and receipt of protected health information exchanged through
the Iowa health information network, which shall, at a minimum,
comply with HIPAA and shall include all of the following:
a. A secure and traceable electronic audit system to
document and monitor the sender and recipient of health
information exchanged through the Iowa health information
network.
b. A required standard participation agreement which
defines the minimum privacy and security obligations of all
participants using the Iowa health information network and
services available through the Iowa health information network.
c. The opportunity for a patient to decline exchange of the
patient's health information through the record locator service
of the Iowa health information network.
(1) A patient shall not be denied care or treatment for
declining to exchange the patient's health information, in
whole or in part, through the network.
(2) The board shall provide the means and process by which
a patient may decline participation. The means and process
utilized shall minimize the burden on patients and health care
professionals.
(3) Unless otherwise authorized by law or rule, a patient's
decision to decline participation means that none of the
patient's health information shall be accessible through the
record locator service function of the Iowa health information
network. A patient's decision to decline having health
information shared through the record locator service function
shall not limit a health care professional with whom the
patient has or is considering a treatment relationship from
sharing health information concerning the patient through
the secure messaging function of the Iowa health information
network.
(4) A patient who declines participation in the Iowa health
information network may later decide to have health information
shared through the network. A patient who is participating in
the network may later decline participation in the network.
2. A participant shall not be compelled by subpoena, court
order, or other process of law to access health information
through the Iowa health information network in order to gather
records or information not created by the participant.
3. A participant exchanging health information and data
through the Iowa health information network shall grant to
other participants of the network a nonexclusive license to
retrieve and use that information in accordance with applicable
state and federal laws, and the policies and standards
established by the board.
4. A health care professional who relies reasonably and
in good faith upon any health information provided through
the Iowa health information network in treatment of a patient
who is the subject of the health information shall be immune
from criminal or civil liability arising from the damages
caused by such reasonable, good=faith reliance. Such immunity
shall not apply to acts or omissions constituting negligence,
recklessness, or intentional misconduct.
5. A participant who has disclosed health information
through the Iowa health information network in compliance with
applicable law and the standards, requirements, policies,
procedures, and agreements of the network shall not be subject
to criminal or civil liability for the use or disclosure of the
health information by another participant.
6. The following records shall be confidential records
pursuant to chapter 22, unless otherwise ordered by a court or
consented to by the patient or by a person duly authorized to
release such information:
a. The health information contained in, stored in, submitted
to, transferred or exchanged by, or released from the Iowa
health information network.
b. Any health information in the possession of the board due
to its administration of the Iowa health information network.
7. Unless otherwise provided in this chapter, when sharing
health information through the Iowa health information network
or a private health information network maintained in this
state that complies with the privacy and security requirements
of this chapter for the purposes of patient treatment, payment
or health care operations, as such terms are defined in
HIPAA, or for the purposes of public health activities or
care coordination, a participant authorized by the designated
entity to use the record locator service is exempt from any
other state law that is more restrictive than HIPAA that would
otherwise prevent or hinder the exchange of patient information
by the participant.
8. A patient aggrieved or adversely affected by the
designated entity's failure to comply with subsection 1,
paragraph "c", may bring a civil action for equitable relief as
the court deems appropriate.
Sec. 8. REPEAL. Sections 135.154, 135.155, 135.155A,
135.156, 135.156A, 135.156B, 135.156C, 135.156D, 135.156E,
and 135.156F, are repealed upon the assumption of the
administration and governance, including but not limited to the
assumption of the assets and liabilities, of the Iowa health
information network by the designated entity. The department
of public health shall notify the Code editor of the date of
such assumption by the designated entity.
Sec. 9. EFFECTIVE DATES. This division of this Act
takes effect upon the assumption of the administration and
governance, including but not limited to the assumption of the
assets and liabilities, of the Iowa health information network
by the designated entity. The department of public health
shall notify the Code editor of the date of such assumption by
the designated entity.
DIVISION II
SELECTION OF DESIGNATED ENTITY
AND TRANSITION PROVISIONS
Sec. 10. Section 135.154, Code 2015, is amended by adding
the following new subsections:
NEW SUBSECTION. 3A. "Care coordination" means the
management of all aspects of a patient's care to improve health
care quality.
NEW SUBSECTION. 19A. "Public health activities" means
actions taken by a participant in its capacity as a public
health authority under the Health Insurance Portability and
Accountability Act or as required or permitted by other federal
or state law.
NEW SUBSECTION. 23. "Record locator service" means the
functionality of the Iowa health information network that
queries data sources to locate and identify potential patient
records.
Sec. 11. Section 135.155, subsection 2, Code 2015, is
amended by adding the following new paragraph:
NEW PARAGRAPH. f. Preserve the choice of the patient to
have the patient's health information available through the
record locator service.
Sec. 12. Section 135.156E, subsections 2 and 13, Code 2015,
are amended to read as follows:
2. A patient shall have the opportunity to decline exchange
of the patient's health information through the record locator
service of the Iowa health information network. A patient
shall not be denied care or treatment for declining to exchange
the patient's health information, in whole or in part, through
the record locator service of the Iowa health information
network. The board shall provide by rule the means and process
by which patients may decline participation. The means and
process utilized under the rules shall minimize the burden on
patients and health care professionals.
13. Unless otherwise provided in this division, when
using sharing health information through the Iowa health
information network or a private health information network
maintained in this state that complies with the privacy and
security requirements of this chapter for the purposes of
patient treatment, payment, or health care operations, as
such terms are defined in the Health Insurance Portability
and Accountability Act, or for the purposes of public health
activities or care coordination, a health care professional
or a hospital participant authorized to use the record
locator service is exempt from any other state law that is
more restrictive than the Health Insurance Portability and
Accountability Act that would otherwise prevent or hinder the
exchange of patient information by the patient's health care
professional or hospital such participant.
Sec. 13. SELECTION OF A DESIGNATED ENTITY. The department
of public health shall utilize a competitive process to select
a designated entity to administer and govern the Iowa health
information network.
Sec. 14. CONTINUATION OF PARTICIPATION AGREEMENTS. If
the department of public health selects a designated entity
pursuant to this division of this Act, the designated entity
shall continue any agreement between an authorized participant
and the Iowa health information network existing upon the
transition of the assumption of the administration and
governance, including but not limited to the assumption of
the assets and liabilities of the Iowa health information
network by the designated entity, under the same terms through
completion of the original agreement period.
Sec. 15. IOWA HEALTH INFORMATION NETWORK FUND. If the
department of public health selects a designated entity
pursuant to this division of this Act, any moneys remaining
in the Iowa health information network fund established
pursuant to section 135.156C, Code 2015, that are obligated or
encumbered for expenses related to the Iowa health information
network prior to the assumption of the administration and
governance, including but not limited to the assumption of the
assets and liabilities, of the Iowa health information network
by the designated entity, shall be retained by the department.
The remainder of the moneys in the fund shall be transferred to
the designated entity upon the assumption of the administration
and governance of the Iowa health information network.
Sec. 16. TRANSFER OF ASSETS AND LIABILITIES AND
ADMINISTRATIVE RESPONSIBILITIES TO THE DESIGNATED ENTITY. If
the department of public health selects a designated entity
pursuant to this division of this Act, the department shall
continue to provide administrative support to the Iowa health
information network as provided in section 135.156, Code
2015, until such time as the designated entity assumes such
responsibilities. Upon selection of the designated entity, the
assets and liabilities of the Iowa health information network
shall be transferred to the designated entity.
Sec. 17. EFFECTIVE UPON ENACTMENT. This division of this
Act, being deemed of immediate importance, takes effect upon
enactment.
KRAIG PAULSEN
Speaker of the House
PAM JOCHUM
President of the Senate
I hereby certify that this bill originated in the House and
is known as House File 381, Eighty=sixth General Assembly.
CARMINE BOAL
Chief Clerk of the House
Approved , 2015
TERRY E. BRANSTAD
Governor
-1-