SENATE DOCKET, NO. 452        FILED ON: 1/13/2009

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 200

 

The Commonwealth of Massachusetts

_________________

PRESENTED BY:

Marc R. Pacheco

_________________

To the Honorable Senate and House of Representatives of the Commonwealth of Massachusetts in General
Court assembled:

The undersigned legislators and/or citizens respectfully petition for the adoption of the accompanying bill:

An Act To Clarify and Enhance Privacy Protections for Electronic Health Records..

_______________

PETITION OF:

 

Name:

District/Address:

Marc R. Pacheco

First Plymouth and Bristol

Byron Rushing

9th Suffolk

Harriette L. Chandler

First Worcester

Kay Khan

11th Middlesex

Susan C. Tucker

Second Essex and Middlesex

James B. Eldridge

Middlesex and Worcester

Anthony D. Galluccio

Middlesex and Suffolk

Sonia Chang-Díaz

Second Suffolk

Geraldo Alicea

6th Worcester

Gale D. Candaras

First Hampden and Hampshire


SENATE DOCKET, NO. 452        FILED ON: 1/13/2009

SENATE  .  .  .  .  .  .  .  .  .  .  .  .  .  .  No. 200

By Mr. Pacheco, a petition (accompanied by bill, Senate, No. 200) of Marc R. Pacheco, Byron Rushing, Harriette L. Chandler, Kay Khan and other members of the General Court for legislation to clarify and enhance privacy protections for electronic health records.  Economic Development and Emerging Technologies.

 

The Commonwealth of Massachusetts

 

_______________

In the Year Two Thousand Nine

_______________

 

An Act To Clarify and Enhance Privacy Protections for Electronic Health Records..

 

Be it enacted by the Senate and House of Representatives in General Court assembled, and by the authority of the same, as follows:
 

SECTION 1. The third paragraph of subsection (d) of section 6D of chapter 40J of the General Laws is hereby amended by striking clause (v) and inserting in place thereof the following clause:—

(v) give patients the option of allowing only designated health care providers to disseminate their individually identifiable health information to any statewide interoperable electronic health records network or statewide health information exchange;

SECTION 2. Section 6F of chapter 40J of the General Laws is hereby amended by striking the first paragraph and inserting in place thereof the following paragraph:—

Any plan for a statewide interoperable electronic health records network or statewide health information exchange approved by the health information technology council and every grantee and implementing organization that receives monies for the adoption of health information technology from the E-Health Institute Fund or pursuant to this chapter shall:

SECTION 3. Said section 6F of chapter 40J of the General Laws, as appearing in section 4 of chapter 305 of the acts of 2008, is hereby further amended by inserting after the word “accessed”, in line 396, the following words:— ; and (5) require every grantee and implementing organization funded in whole or in part by the E-Health Institute Fund to conduct privacy and security audits of any and all interoperable electronic health records networks, health information exchanges, and participating entities that maintain electronic health records for potential and actual privacy and security breaches by July 1 of each year.  Each grantee and implementing organization shall report the results of the annual audit to the health information technology council by July 1.  The council shall report within 30 days to the Attorney General any audit result that indicates a violation of the rules and regulations adopted by the health information technology council or Department of Public Health pursuant to this chapter.