AN ACT CONCERNING THE BIDIRECTIONAL EXCHANGE OF PATIENT ELECTRONIC HEALTH RECORDS.

Be it enacted by the Senate and House of Representatives in General Assembly convened:

Section 1. Section 19a-904c of the general statutes is repealed and the following is substituted in lieu thereof (Effective October 1, 2017):

(a) For purposes of this section:

(1) "Affiliated provider" has the same meaning as provided in section 19a-508c;

[(1)] (2) "Electronic health record" means any computerized, digital or other electronic record of individual health-related information that is created, held, managed or consulted by a health care provider and may include, but need not be limited to, continuity of care documents, admission, discharge [summaries] or transfer records, and other information or data relating to [patient] a patient's medical history or treatment, including, but not limited to, demographics, [medical history,] medication, allergies, immunizations, laboratory test results, radiology or other diagnostic images, vital signs and statistics;

[(2)] (3) "Electronic health record system" means a computer-based information system that is used to create, collect, store, manipulate, share, exchange or make available electronic health records for the purpose of the delivery of patient care;

[(3)] (4) "Health care provider" means any individual, corporation, facility or institution licensed by the state to provide health care services; [and]

(5) "Hospital" has the same meaning as in section 19a-490d; and

[(4)] (6) "Secure exchange" means the exchange of patient electronic health records between a hospital and a health care provider in a manner that complies with all state and federal privacy requirements, including, but not limited to, the Health Insurance Portability and Accountability Act of 1996 (P.L. 104-191) (HIPAA), as amended from time to time.

(b) Electronic health records shall, to the fullest extent practicable (1) follow the patient, (2) be accessible to the patient, and (3) be shared and exchanged with any health care provider of the patient's choice in a timely manner.

[(b)] (c) Each hospital licensed under chapter 368v shall, to the fullest extent practicable, use its electronic health records system to enable bidirectional connectivity and provide for the secure exchange of patient electronic health records between the hospital and any other health care provider who (1) maintains an electronic health records system capable of exchanging such records, and (2) provides health care services to a patient whose records are the subject of the exchange. The requirements of this section apply to at least the following: (A) Laboratory and diagnostic tests; (B) radiological and other diagnostic imaging; (C) continuity of care documents; and (D) admission, discharge or transfer notifications and documents. In order to enable bidirectional connectivity and ensure the secure exchange of patient electronic health records, a hospital shall accept from and send to the health care provider the patient's electronic health records in accordance with the provisions of this subsection.

[(c)] (d) Each hospital shall implement the use of any hardware, software, bandwidth or program functions or settings already purchased or available to it to support the secure exchange of electronic health records and information as described in subsection [(b)] (c) of this section.

[(d)] (e) Nothing in this section shall be construed as requiring a hospital to pay for any new or additional information technology, equipment, hardware or software, including interfaces, where such additional items are necessary to enable such exchange.

(f) Upon the request of a patient or the patient's health care provider to send or receive an electronic health record as provided in subsection (b) of this section, a hospital shall promptly comply with such request, provided the transfer or receipt constitutes a secure exchange and does not violate any state or federal law or regulation. If the hospital has reason to believe that the exchange would (1) violate a state or federal law or regulation, or (2) constitute an identifiable and legitimate security or privacy risk, the hospital shall promptly notify the health care provider or patient, as the case may be, and identify the basis for such belief.

(g) Each hospital licensed under chapter 368v shall (1) enable the use of its electronic health records system for patient referrals to both affiliated and unaffiliated providers on an equal basis and in a manner that is no more or less burdensome for the referring provider or patient, and (2) upon the request of any patient or the patient's health care provider, promptly effectuate such referral.

[(e)] (h) The failure of a hospital to take all reasonable steps to comply with this section shall constitute evidence of health information blocking pursuant to section 19a-904d.

[(f)] (i) A hospital that connects to, and actively participates in, the State-wide Health Information Exchange, established pursuant to section 17b-59d shall be deemed to have satisfied the requirements of this section.

(j) On or before March 1, 2018, and annually thereafter, each hospital licensed under chapter 368v shall report to the Office of Health Care Access and the Attorney General, in the form and manner prescribed jointly by said offices after consultation with stakeholders, regarding the hospital's electronic health records systems and health information exchange activities for the previous calendar year. Such report shall include, but need not be limited to, the following information:

(1) A description of the hospital's electronic health records system, including the manufacturer, year of installation and certification of such system pursuant to the federal certified electronic health record system;

(2) A description of the number and nature of the health records maintained in such system and the number of individual patients represented in such records;

(3) The number and nature of the electronic health messages and records sent and received, including, but not limited to (A) admission, discharge and transfer messages, (B) continuity of care documents, (C) laboratory test records, (D) pathology records, (E) radiological or diagnostic images, and (F) patient referrals. For each category of messages and records, the report shall also identify the number of health messages and records sent to affiliated providers and unaffiliated providers and the number of health messages and records received from affiliated providers and unaffiliated providers.

Nothing in this subsection shall be construed as requiring the release of protected health information or patient identifying information in violation of the federal Health Insurance Portability and Accountability Act of 1996, as amended from time to time.

Statement of Legislative Commissioners:

In Section 1(a), the definition of "Health system" was removed as the term is not used in the bill and the remaining definitions were renumbered accordingly for accuracy.