BILL ANALYSIS Ó AB 1129 Page 1 Date of Hearing: April 21, 2015 ASSEMBLY COMMITTEE ON PRIVACY AND CONSUMER PROTECTION Mike Gatto, Chair AB 1129 (Burke) - As Amended April 6, 2015 SUBJECT: Emergency medical services: data and information system SUMMARY: Sets standards for the electronic patient record systems that emergency medical services (EMS) providers in California use. Specifically, this bill: 1)Requires EMS providers to use electronic patient record systems that: a) Meet California Emergency Medical Services Information System (CEMSIS) data standards; and b) Can be integrated with a Local Emergency Medical Services Agency (LEMSA), so that the LEMSA can collect data from the EMS provider. 2)Prohibits a LEMSA from mandating an EMS provider use a specific system (i.e., specific software or hardware) to collect and share electronic patient records with the LEMSA. AB 1129 Page 2 EXISTING LAW: 1)Authorizes counties to develop an EMS program and designate a LEMSA responsible for planning and implementing an EMS system and authorizes LEMSAs to plan, implement and oversee day-to-day EMS. (Health and Safety Code (HSC) Section 1797.200, et seq.) 2)Establishes the state Emergency Medical Services Authority (EMSA), which is responsible for the coordination and integration of all state activities concerning EMS, including establishing the minimum standards for the policies and procedures necessary for medical control of the EMS system. (HSC 1797.100, et seq.) 3)Requires EMSA, utilizing local and regional information, to asses each EMS area or LEMSA service area to determine the need for additional EMS services, coordination of EMS services, and the effectiveness of EMS services. (HSC 1797.102) 4)Prohibits, under the State Confidentiality of Medical Information Act (CMIA), providers of health care, health care service plans, or contractors, as defined, from sharing medical information without the patient's written authorization, subject to exceptions, including among others, certain research. (Civil Code Section 56, et seq.) 5)Protects, under the federal Health Insurance Portability and Accountability Act (HIPAA), the privacy of patients' health information and generally provides that a covered entity, as defined (health plan, health care provider, and health care clearing house), may not use or disclose "protected," i.e., individually identifiable, health information except as specified or as authorized by the patient in writing. (45 AB 1129 Page 3 Code of Federal Regulations Section 160, et seq.) FISCAL EFFECT: None. This bill has been keyed non-fiscal by the Legislative Counsel. COMMENTS: 1)Purpose of this bill . This bill is intended to help ensure that LEMSAs can collect data from and oversee EMS providers by requiring them to use electronic data collection and sharing systems that are compliant with that CEMSIS and NEMSIS. While the bill sets data system standards for EMS providers, it specifically prohibits LEMSAs from requiring EMS providers to use a specific data system, so that EMS providers are not inadvertently forced to maintain two or more separate data systems - one for each of the LEMSAs the EMS provider serves. This bill is sponsored by the California Ambulance Association. 2)Author's statement . According to the author, "A key requirement for any electronic patient record is compatibility with CEMSIS and NEMSIS standards to ensure that both the state and federal authorities can track EMS trends accurately. There are currently 60 different software packages that are NEMSIS compliant. Over 90% of California's EMS providers already have a NEMSIS compatible data system in place. In many areas, EMS providers can choose the electronic patient record software that best meets their needs and budget, so long as it is NEMSIS compatible." "However, without guidelines in law, LEMSAs are able to require EMSs in their jurisdiction to purchase specific software or hardware for electronic patient records and data AB 1129 Page 4 collection. While that may be acceptable for EMS providers that only serve a single LEMSA, for providers, like air ambulance providers, that cover multiple LEMSAs specific LEMSA requirements for software and or hardware can be an unnecessary and costly burden." 3)EMSA, NEMSIS, and CEMSIS . Prior to 1980, California did not have a central state agency responsible for coordinating EMS services (ambulance, fire, emergency helicopter services) statewide. The Legislature established EMSA as a lead agency to oversee emergency and disaster medical services throughout California. EMSA is one of thirteen departments within California's Health and Human Services Agency. EMSAS provides leadership and direction to California's 33 LEMSAs that provide EMS for California's 58 counties. One of EMSA's goals is to ensure that data systems in EMS are positioned for the electronic capture of data and transmission to the hospital in real time. Specifically, EMSA's responsibilities for data collection include the development and maintenance of an aggregated statewide pre-hospital database, the establishment and maintenance of core measure data set for California emergency services, and the provision of guidance and technical assistance to LEMSAs for the development and improvement of local EMS data collection systems. According to the EMSA website, CEMSIS is a demonstration project for improving EMS data analysis across California. CEMSIS offers a secure, centralized data system for collecting data about individual EMS requests, patients treated at hospitals, and EMS provider organizations. When LEMSAs send data to CEMSIS, they gain access to digital tools for running comprehensive reports on their own data at no cost. However, participation in CEMSIS is voluntary, and currently less than half - 14 of 33 - LEMSAs submit data to CEMSIS. According to EMSA, the authority for the creation of CEMSIS stems from the AB 1129 Page 5 general statutory authority granted to EMSA to "asses each...LEMSA service area to determine the need for additional EMS services, coordination of EMS services, and the effectiveness of EMS services." (HCS 1797.102) NEMSIS was formed in 2001 by the National Association of State EMS Directors, in conjunction with the National Highway Traffic Safety Administration and the Trauma/EMS Systems program of the Health Resources and Services Administration's Maternal Child Health Bureau, in order to develop a national EMS database. NEMSIS is the national repository that will be used to potentially store EMS data from every state in the nation, and was developed to help states collect more standardized elements to allow submission to the national database. In order to improve local data quality and prepare California EMS providers for the new federal health information exchange, EMSA recently adopted a new data standard known as NEMSIS Version 3, which provides a set of tools that EMS professionals can use to integrate EMS patient care data with electronic medical records at hospitals, leading to better patient outcomes and a smarter system of care. 4)Medical privacy . In California, the CMIA prohibits a provider of health care, health plan, or contractor from disclosing medical information regarding a patient or an enrollee or subscriber without first obtaining an authorization, unless the disclosure is permitted by law. Under federal law, HIPAA requires the protection and confidential handling of protected health information. HIPAA provides federal protections for personal health information held by covered entities and gives patients an array of rights with respect to that information. Disclosure of personal health information is permitted when needed for patient care and other important purposes. On the other hand, HIPAA specifies a series of administrative, physical, and technical safeguards for covered entities to use to assure the confidentiality, integrity, and availability of electronic data. AB 1129 Page 6 The American Civil Liberties Union (ACLU), Electronic Frontier Foundation, and the Consumer Federation of California have opposed prior legislation, AB 1621 (Lowenthal) of 2014, on the grounds that EMSA and CEMSIS may not be entities covered under CMIA or HIPAA. 5)Comments and questions for the Committee . As local EMS providers adopt systems that meet CEMSIS and NEMSIS standards, the state will be able to collect more comprehensive data about EMS care provided to patients throughout California. With 100% participation, EMSA estimates CEMSIS will receive more than three million EMS events every year. EMSA plans to use the data to develop and coordinate high quality emergency medical care in California through activities such as health care quality programs that monitor patient care outcomes, agency collaboration across jurisdictional boundaries, and public health surveillance. While improving the quality of emergency care in California through statewide reporting of EMS patient data is a worthy goal, policymakers should also have the objective of ensuring the data held in statewide databases is protected - both under current privacy laws and also against cyber security breaches. The author and the Committee may wish to consider whether legislation is needed to require EMSA to assess and address the privacy and data security issues associated with maintaining a comprehensive database of all EMS transactions in the state, such as: the extent to which CEMSIS data is protected under current medical privacy laws, data retention standards, and limits on sharing personally identifiable information. 6)Arguments in support . The California Ambulance Association states in support of AB 1129, "EMS data collection practices are inconsistent with and contrary to the goal of NEMSIS, which is the setting of a standard for the exchange of health AB 1129 Page 7 care information among different providers and agencies. It is not meant, nor necessary, to mandate particular software to meet the NEMSIS standards." The Los Angeles County Ambulance Association writes, "Mandating specific software creates the need for duplicative systems because many providers serve multiple counties throughout the state." According to AmbuServe, "A goal of federal healthcare reform is to hold costs down? If each LEMSA has a different software requirement for sharing healthcare information, an EMS or other health care provider would essentially have to run duplicate systems, all at great cost to the private sector." 7)Arguments in opposition . The Emergency Medical Services Administrators Association of California (EMSAAC) and the EMS Medical Directors Association of California (EMDAC) state in opposition to this bill that, "EMSAAC and EMDAC are generally supportive of the concept of expanding the use of electronic emergency medical services data; however, we are ]opposed to AB 1129's prohibition that?LEMSAs?may not adopt a single system-wide patient care record system?While it is not common for a LEMSA to mandate a single system-wide patient care record system, such an approach may clearly be in the best interest of patients in order to assure the transfer and continuity of patient care data from and to prehospital providers, receiving hospitals, and specialty care centers." The California Right to Life Committee, Inc. opposed this bill on the basis this bill "could eventually include the data on a statewide Physicians' Orders for Life Sustaining Treatment Registry (POLST) and other similar end of life registries. CRLC is opposed to the POLST type form of end of life decision AB 1129 Page 8 making in which medical or non-medical personnel complete a form and the patient does not have to sign or verify its statements?The person's name on such a registry or data base could negate the patient's true choices for end of life treatment." 8)Author's amendment . The author would like to accept the following minor amendment to address the concerns expressed by some opponents: On Page 6, line 2, strike out "is compliant" and insert: exports data in a format that is compatible 9)Prior legislation . AB 1621 (Lowenthal) of 2014 would have required the EMSA to adopt a single statewide standard for the collection of information regarding pre-hospital care for its CEMSIS. Would have required EMSA to develop standards for electronic patient care records systems used LEMSAs and local pre-hospital EMS providers to ensure compatibility with CEMSIS, and required local EMS agencies to submit patient information to EMSA utilizing the single statewide standard in a timely manner. AB 1621 was held on the Senate Appropriations Committee suspense file. AB 1975 (R. Hernández) of 2014 would require LEMSAs to contract with the American College of Surgeons every five years to conduct a comprehensive assessment of their regional trauma system. AB 1975 was held on the Assembly Appropriations Committee suspense file. SB 535 (Nielsen), of 2013 would have increased the membership AB 1129 Page 9 of the EMS Commission from 18 to 20 members, and required the additional members to be an air ambulance representative appointed by the Senate Committee on Rules, and representative appointed by the Speaker of the Assembly from a public agency that provides air rescue and transport. SB 535 was vetoed by the Governor. 10)Double-referral . This bill was double-referred to the Assembly Health Committee where it was heard on April 14, 2015, and passed on a 16-0 vote. REGISTERED SUPPORT / OPPOSITION: Support California Ambulance Association (CAA) AmbuServe Ambulance Los Angeles County Ambulance Association, Inc. Care Ambulance Service Shoreline Ambulance Emergency Ambulance Service AB 1129 Page 10 Opposition California Right to Life Committee, Inc. EMS Medical Directors Association of California (EMDAC) Emergency Medical Services Administrators Association of California Analysis Prepared by:Jennie Bretschneider / P. & C.P. / (916) 319-2200