SPONSOR: Sen Bennett , (introduced 10/24/95)
(AS INTRODUCED)
TABLE OF CONTENTS:
Medical Records Confidentiality Act of 1995 - Defines "health information trustee" (HIT) to mean a person or entity that creates, receives, obtains, maintains, uses, or transmits protected health information (PHI) and any employee, agent, or contractor of such a PERSON.
Title I: Individual's Rights - Subtitle A: Review of Protected Health Information by Subjects of the Information - Requires a HIT to permit an individual who is the subject of PHI to inspect and copy the information, subject to cost reimbursement and exceptions.
(Sec. 102) Provides for correction or amendment of PHI, written notice of a HIT's information practices, and development of a model NOTICE.
Subtitle B: Establishment of Safeguards - Requires a HIT to maintain: (1) administrative, technical, and physical confidentiality safeguards; and (2) for at least seven years, a record of any PHI disclosure not related to treatment.
Title II: Restrictions on Use and Disclosure - Prohibits disclosures except: (1) as allowed under this title; (2) compatible with the purposes for which the information was obtained; and (3) in the minimum amount necessary to accomplish the disclosure's purpose.
(Sec. 202) Regulates disclosure authorizations: (1) related to treatment or payment, including providing for revocation or amendment of authorization and development and dissemination of model authorizations; and (2) not related to treatment or payment.
(Sec. 204) Allows disclosure to a certified health information service for the purpose of creating nonidentifiable health information. Provides for certification.
(Sec. 205) Specifies the circumstances in which disclosure is allowed: (1) to an individual's next of kin; (2) to any other person; and (3) after death.
(Sec. 207) Allows disclosure to a health oversight agency for an oversight function authorized by law.
(Sec. 208) Allows specified entities to disclose PHI to a public health authority or other person authorized by law for use in a legally authorized disease or injury report, public health surveillance, or public health investigation or intervention.
(Sec. 209) Specifies the circumstances in which disclosure to a certified institutional review board is allowed. Provides for certification.
(Sec. 210) Allows specified entities to disclose PHI in connection with certain judicial or administrative proceedings.
(Sec. 211) Allows specified entities to disclose PHI pursuant to a subpoena if certain procedures are followed. Sets forth challenge procedures.
(Sec. 212) Regulates disclosure related to government subpoenas, warrants, and summonses.
(Sec. 213) Directs the Secretary of Health and Human Services to promulgate standards for disclosing, authorizing, and authenticating protected health information in electronic form.
Title III: Sanctions - Subtitle A: Civil Sanctions - Imposes on HITs a civil penalty for substantial and material failure to comply with this Act. Provides, if the violations have occurred with such frequency as to constitute a general business practice, for a higher civil penalty or exclusion from Medicare and Medicaid (titles XVIII and XIX of the Social Security Act) or any other federally funded health care programs.
(Sec. 302) Allows an individual aggrieved by a violation of this title to bring a civil action for preliminary and equitable relief, actual or liquidated damages, and punitive damages. Allows assessment of attorney's fees.
Subtitle B: Criminal Sanctions - Provides for criminal fines and imprisonment for violations of this title.
Title IV: Miscellaneous - Declares that: (1) this Act, subject to exceptions, preempts State law; and (2) a HIT who makes a disclosure permitted by this title shall not be liable to the individual for the disclosure under common law.
SPONSOR: Sen Bennett , (introduced 10/24/95)
A bill to ensure personal privacy with respect to medical records and health care-related information, and for other purposes.
TITLE(S)
STATUS:
COMMITTEE(S):
CO SPONSOR(S)
AMENDMENT(S)
SUBJECT(S)
FULL TEXT VERSION(S)
Compare the model legislation proposed by the American Health Information Management Association (AHIMA Model Act).
Compare the McDermott Bill H 3482
Back to The Health Law Resource Page