Current through the 2024 Fourth Special Session
Section 26B-8-411 - Duty to establish standards for the electronic exchange of clinical health information - Immunity(1) As used in this section:(a) "Affiliate" means an organization that directly or indirectly through one or more intermediaries controls, is controlled by, or is under common control with another organization.(b) "Clinical health information" shall be defined by the department by administrative rule adopted in accordance with Subsection (2).(c) "Electronic exchange": (i) includes: (A) the electronic transmission of clinical health data via Internet or extranet; and(B) physically moving clinical health information from one location to another using magnetic tape, disk, or compact disc media; and(ii) does not include exchange of information by telephone or fax.(d) "Health care provider" means a licensing classification that is either:(i) licensed under Title 58, Occupations and Professions, to provide health care; or(ii) licensed under Chapter 2, Part 2, Health Care Facility Licensing and Inspection.(e) "Health care system" shall include: (i) affiliated health care providers;(ii) affiliated third party payers; and(iii) other arrangement between organizations or providers as described by the department by administrative rule.(f) "Qualified network" means an entity that: (i) is a non-profit organization;(ii) is accredited by the Electronic Healthcare Network Accreditation Commission, or another national accrediting organization recognized by the department; and(iii) performs the electronic exchange of clinical health information among multiple health care providers not under common control, multiple third party payers not under common control, the department, and local health departments.(g) "Third party payer" means: (i) all insurers offering health insurance who are subject to Section 31A-22-614.5; and(ii) the state Medicaid program.(2)(a) The department shall make rules in accordance with Title 63G, Chapter 3, Utah Administrative Rulemaking Act, to: (i) define: (A) "clinical health information" subject to this section; and(B) "health system arrangements between providers or organizations" as described in Subsection (1)(e)(iii); and(ii) adopt standards for the electronic exchange of clinical health information between health care providers and third party payers that are for treatment, payment, health care operations, or public health reporting, as provided for in 45 C.F.R. Parts 160, 162, and 164, Health Insurance Reform: Security Standards.(b) The department shall coordinate its rule making authority under the provisions of this section with the rule making authority of the Insurance Department under Section 31A-22-614.5.(c) The department shall establish procedures for developing the rules adopted under this section, which ensure that the Insurance Department is given the opportunity to comment on proposed rules.(3)(a) Except as provided in Subsection (3)(e), a health care provider or third party payer in Utah is required to use the standards adopted by the department under the provisions of Subsection (2) if the health care provider or third party payer elects to engage in an electronic exchange of clinical health information with another health care provider or third party payer.(b) A health care provider or third party payer may make a disclosure of information to the department or a local health department, by electronic exchange of clinical health information, as permitted by Subsection 45 C.F.R. Sec. 164.512(b).(c) When functioning in its capacity as a health care provider or payer, the department or a local health department may make a disclosure of clinical health information by electronic exchange to another health care provider or third party payer.(d) An electronic exchange of clinical health information by a health care provider, a third party payer, the department, a local health department, or a qualified network is a disclosure for treatment, payment, or health care operations if it complies with Subsection (3)(a) or (c) and is for treatment, payment, or health care operations, as those terms are defined in 45 C.F.R. Parts 160, 162, and 164.(e) A health care provider or third party payer is not required to use the standards adopted by the department under the provisions of Subsection (2) if the health care provider or third party payer engage in the electronic exchange of clinical health information within a particular health care system.(4) Nothing in this section shall limit the number of networks eligible to engage in the electronic data interchange of clinical health information using the standards adopted by the department under Subsection (2)(a)(ii).(5)(a) The department, a local health department, a health care provider, a third party payer, or a qualified network is not subject to civil liability for a disclosure of clinical health information if the disclosure is in accordance with: (i) Subsection (3)(a); and(ii) Subsection (3)(b), (c), or (d).(b) The department, a local health department, a health care provider, a third party payer, or a qualified network that accesses or reviews clinical health information from or through the electronic exchange in accordance with the requirements in this section is not subject to civil liability for the access or review.(6) Within a qualified network, information generated or for which a disclosure is made in the electronic exchange of clinical health information is not subject to discovery, use, or receipt in evidence in any legal proceeding of any kind or character.Renumbered from § 26-1-37 and amended by Chapter 306, 2023 General Session ,§ 276, eff. 5/3/2023.Amended by Chapter 105, 2019 General Session ,§ 1, eff. 5/14/2019.Amended by Chapter 167, 2013 General Session ,§ 4, eff. 5/14/2013.Amended by Chapter 68, 2010 General Session