|
REFERENCE TITLE: health records banks |
|
State of Arizona Senate Fiftieth Legislature First Regular Session 2011
|
|
SB 1596 |
|
|
|
Introduced by Senator Barto
|
AN ACT
Amending title 36, Arizona Revised Statutes, by adding chapter 38; relating to health records banks.
(TEXT OF BILL BEGINS ON NEXT PAGE)
Be it enacted by the Legislature of the State of Arizona:
Section 1. Title 36, Arizona Revised Statutes, is amended by adding chapter 38, to read:
CHAPTER 38
HEALTH RECORDS BANKS
ARTICLE 1. GENERAL PROVISIONS
36-3801. Health records banks; requirements; violations; classification; penalties
A. A person who wishes to operate a health records bank in this state to provide consumers with a centralized and accessible database for the consumer's health records, including lab results, must comply with minimum standards as prescribed by the department of health services. At a minimum these standards shall require a health records bank to do the following:
1. Establish for each consumer a separate, secure account that is controlled by the consumer and accessible to others only with the consumer's permission.
2. Provide a record of the consumer's account activity for at least three years.
3. Provide the consumer with electronic access to the consumer's account on a twenty-four hours a day, seven days a week basis.
4. Provide the consumer with an electronic copy of the consumer's medical records as soon as reasonably practicable and not later than twenty‑four hours after the request.
5. Allow the consumer to delegate another person to manage information in the consumer's account.
6. Allow a consumer to share information in the consumer's account with others for research purposes as directed by the consumer.
7. Promptly report security breaches as required by federal law.
8. Establish a process to promptly correct errors.
9. Indicate the sender of all information at the time the information is sent.
10. Update, amend and sequester data in each account.
11. Promptly provide each consumer who closes an account with an electronic copy of the consumer's health records.
12. Destroy data in an account within sixty days after that account is closed.
13. Retain health records account information for at least one year after the death of a consumer.
14. Comply with all applicable federal laws regarding unlawful disclosure of personal health records.
B. Information collected in a health records account is not subject to subpoena or other legal means of examination. This subsection does not affect legal access to and discovery of the original records in the possession of health care providers and health care institutions.
C. A person who wilfully discloses health records bank account information without the consumer's permission is guilty of a class 6 felony. A person who negligently discloses health records bank account information without the consumer's permission is guilty of a class 1 misdemeanor.
D. A health records bank is subject to a civil penalty of ten thousand dollars for each violation of this section.
E. A health records bank that does not comply with the standards of operation prescribed by this section is subject to a cease and desist order issued by the department of health services.
F. A health records bank is not liable for incorrect information it receives or for an improper data release caused by the consumer's failure to protect the consumer's identity.