BILL ANALYSIS �Ó
AB 174
Page 1
Date of Hearing: May 3, 2011
ASSEMBLY COMMITTEE ON HEALTH
William W. Monning, Chair
AB 174 (Monning) - As Amended: March 21, 2011
SUBJECT : Health Information Exchange.
SUMMARY : Requires the system of electronic health records
developed through health information exchange (HIE)
demonstration projects permitted under existing law to be
implemented with the full participation of health consumers and
organizations concerned with protecting the privacy and security
of patient information in the development of policies.
Specifically, this bill :
1)Requires the system of electronic health records developed
through HIE demonstration projects authorized under existing
law to be implemented with the full participation of health
consumers and organizations concerned with protecting the
privacy and security of patient information in the development
of policies.
2)Requires the California Office of Health Information Integrity
(CalOHII) to ensure that there are opportunities for public
comment and input on the development of those policies.
3)Finds and declares the following:
a) That the primary purpose of the implementation of
electronic health records is to ensure that the system is
designed to enhance patient treatment and outcomes;
b) Patient trust is essential to patient acceptance of a
system of electronic health records, and thus establishing
patient trust is necessary in order for the system to
enhance patient treatment and outcomes; and,
c) Protection of patient privacy and security, which is
epitomized by doctor-patient confidentiality, is essential
in building patient trust.
EXISTING FEDERAL LAW prohibits, under federal regulations
implementing the federal Health Insurance Portability and
Accountability Act, a health plan, health care clearinghouse, or
a health care provider, who transmits health information in
electronic form (covered entity), from using or disclosing
�
AB 174
Page 2
protected health information, for purposes other than medical
treatment or payment, or health care operations, as defined,
without written authorization of the patient, with exceptions.
EXISTING STATE LAW :
1)Prohibits, under the Confidentiality of Medical Information
Act (CMIA), licensed or certified health care professionals,
clinics and health facilities, health plans, and contracting
entities, as defined, from disclosing or using a patient's
medical information for any purpose not necessary to provide
health care services to the patient and related administrative
functions, without first obtaining authorization from the
patient or the patient's representative, as specified, with
exceptions.
2)Provides for administrative fines and civil penalties for
persons and entities subject to the CMIA who negligently
disclose, or who knowingly and willfully obtain, disclose, or
use, medical information in violation of the CMIA, and
authorizes the Attorney General, any district attorney, any
county counsel acting pursuant to an agreement with the
district attorney, or a city attorney, to seek civil penalties
for violations.
3)Authorizes CalOHII to establish and administer demonstration
projects to evaluate potential solutions to facilitate HIE
that promote quality of care, respect the privacy and security
of personal health information, and enhance the trust of the
stakeholders.
4)Authorizes the Director of CalOHII to approve demonstration
projects to test policies and practices related to patient
consent, information, and notification, new technologies and
applications that enable the transmission of protected health
information, as specified; and implementation issues, if any,
encountered by small solo health care providers as a result of
exchanging electronic health information.
5)Requires that the selection of demonstration projects be based
on, but not limited to:
a) Areas critical to building consumer trust and confidence
in the HIE system;
b) Projects that help support the exchange of information
critical to meeting the federal meaningful use provisions,
�
AB 174
Page 3
as defined; and,
c) Areas recommended by the California HIE consumer and
industry stakeholder advisory process.
6)Requires CalOHII to engage with stakeholders to evaluate
issues identified by the demonstration projects, comment upon
proposed regulations, discuss HIE solutions, and work
collaboratively with approved demonstration project
participants to identify a set of common data elements that
will be used to collect, analyze, and measure performance.
FISCAL EFFECT : This bill has not yet been analyzed by a policy
committee.
COMMENTS :
1)PURPOSE OF THIS BILL . According to the author, AB 278
(Monning), Chapter 227, Statutes of 2010, authorized the
Director of CalOHII to approve demonstration projects for
electronic HIE. The pilot projects are being funded as part
of a $38.8 million award under the federal American Recovery
and Reinvestment Act for HIE in California. The pilot
projects will test policies and rules, and better inform the
state and health care stakeholders while they attempt to
define HIE infrastructure over the next several years. AB 278
gave CalOHII the authority to adopt regulations to ensure all
approved health information exchange service participants and
demonstration project participants follow rules, and work
within parameters, that are consistent for the exchange of
information. AB 278 also established standards for the
regulatory process and exempted CalOHII from certain
administrative rulemaking procedures. This bill is needed to
ensure consumer participation in the demonstration projects
and any associated regulations promulgated by CalOHII.
2)HIE . HIE is a term used to describe both the sharing of
health information electronically among two or more entities
and also an organization which provides services that enable
the sharing electronically of health information. According
to the California Health Information Exchange Strategy Plan,
published in 2009, California's current HIE efforts fall
broadly into two categories: a) large health systems,
affiliated providers and ancillary services implementing
integrated EHRs, and, b) community-driven efforts that aim to
ensure ubiquitous availability of data within a region or
�
AB 174
Page 4
across the State. Multiple uncoordinated HIE efforts have been
spawned over the past 15 years as largely regional
initiatives. Of these efforts only three today are exchanging
clinical data. The remaining efforts are primarily focused on
organizing, fundraising, and piloting their solutions and lack
the resources and capital to make a meaningful impact.
3)HIE DEMONSTRATION PROJECTS . According to CalOHII in a Health
Information Exchange Demonstration Projects Request for
Application document which was issued in January 2011,
demonstration project participants will be testing electronic
HIE privacy and security policies that will not only address
the feasibility of implementation and gauge the implementation
impact, but identify the need for standardization across all
participating health care entities as the participants gauge
the impact of the policies. Participation in the
demonstration projects will provide the participants with
clarification on privacy and security issues, protection and
mitigation of legal risks, and the structure to facilitate
valuable and appropriately safeguarded testing of policies
within the demonstration projects regulations. This will allow
the participants to be engaged in the most advanced electronic
exchange of health information environment in California as
the state looks to the future.
By helping to develop implementation strategies consistent with
the demonstration projects regulations, participating entities
will be contributing to inform the CalOHII and HIE
stakeholders on the critical privacy and security policy
issues, identifying new and innovative privacy and security
practices that enhance consumers trust and confidence with
electronic exchange of health information. Results from the
demonstration projects will inform the California Legislature
of the outcomes, best practices, and the need for
harmonization with federal privacy and security law.
Two pilot projects have been selected in April 2011. The San
Diego Beacon eHealth Community and the Western Health
Information Network in Los Angles. Both projects will test
privacy and security policies across a broad spectrum of
health care stakeholders. CalOHII has proposed regulations
and is in the process of reviewing comments on the
regulations.
4)SUPPORT . Proponents of this bill indicate that electronic
�
AB 174
Page 5
health records potentially provide an opportunity for improved
patient care, better communication, and greater efficiency in
the delivery of health care but electronic health records also
pose unique challenges for maintaining the privacy and
security of patient records. Proponents state that
inadvertent disclosure of a patient's medical records can have
serious consequences.
5)PREVIOUS LEGISLATION .
a) AB 278 (Monning), Chapter 227, Statutes of 2010,
authorizes CalOHII to evaluate potential solutions to
facilitate HIE that that promote quality of care, respect
the privacy and security of personal health information,
and enhance the trust of the stakeholders.
b) SB 337 (Alquist), Chapter 180, Statutes of 2009,
authorizes the California Health and Human Services Agency
to apply for federal health information technology and
exchange funding and requires selection of a
state-designated entity qualified nonprofit agency for the
purpose of submitting an application for federal health
information technology and HIE funding.
REGISTERED SUPPORT / OPPOSITION :
Support
American Civil Liberties Union
Privacy Activism
Privacy Rights Clearinghouse
The Electronic Frontier Foundation
Opposition
None on file.
Analysis Prepared by : Teri Boughton / HEALTH / (916) 319-2097