 |
ARIZONA STATE SENATE
Fifty-Fifth Legislature, First Regular Session
AMENDED
health information; disclosures; prohibition
Purpose
Permits state, county and local health departments to disclose communicable disease information to Arizona's designated health information organization (HIO).
Background
The federal Health Insurance Portability and Accountability Act (HIPAA), enacted on August 21, 1996, requires the Secretary of the U.S. Department of Health and Human Services (U.S. HHS) to publicize standards for the electronic exchange, privacy and security of health information. In 2002, the U.S. HHS developed a proposed rule governing the privacy of individually identifiable health information. The regulation, known as the privacy rule, establishes a set of national standards governing the protection of certain health information. HIPAA privacy rules address the use and disclosure of individuals’ protected health information by entities that are subject to the privacy rule as well as standards for privacy rights for individuals to understand and control how their health information is used. The privacy rule applies to health plans, health care clearinghouses and to any health care provider who transmits health information in electronic form in connection with transactions for which the Secretary of the U.S. HHS has adopted standards under HIPAA (HIPAA Privacy Rule).
Laws 2011, Chapter
268 established requirements for HIOs in Arizona, including requirements
governing the maintenance and release of medical records and health
information. An HIO is an organization that oversees and governs
the exchange of individually identifiable health information according to
nationally recognized standards. Statute requires that an HIO provide certain
rights to individuals, including the ability to: 1) opt out of the HIO;
2) request a list of individuals who have accessed the individual's health
information through the HIO; and 3) request an amendment of incorrect
individually identifiable health information available through the HIO (A.R.S.
§ 36-3802).
There is no anticipated fiscal impact to the state General Fund associated with this legislation.
Provisions
1. Specifies, with regard to the Division of Developmental Disabilities within the Department of Economic Security, that medical records, including information pertaining to mental health services and communicable diseases, and information contained within the medical records can only be disclosed as authorized by state or federal law, including HIPAA privacy standards.
2.
Permits state, county and local health departments and officers to
disclose
communicable-disease-related information to Arizona's official HIO.
3. Makes technical changes.
4. Becomes effective on the general effective date.
Amendments Adopted by Committee
1. Removes proposed language restricting a person who receives de-identified health information from using the information to identify an individual.
2. Eliminates proposed language prohibiting an HIO from disclosing individually identifiable or de-identified health information unless the disclosure complies with laws or rules related to the use of such health information for research.
Senate Action
HHS 2/18/21 DPA 7-0-1
Prepared by Senate Research
February 18, 2021
CRS/kja