2016 -- S 2828 | |
======== | |
LC005469 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2016 | |
____________ | |
A N A C T | |
RELATING TO INSURANCE -- THE MEDICAL BILLING INNOVATION ACT OF 2016 | |
| |
Introduced By: Senator Gayle L. Goldin | |
Date Introduced: March 23, 2016 | |
Referred To: Senate Health & Human Services | |
(by request) | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Title 27 of the General Laws entitled "INSURANCE" is hereby amended |
2 | by adding thereto the following chapter: |
3 | CHAPTER 20.12 |
4 | THE MEDICAL BILLING INNOVATION ACT OF 2016 |
5 | 27-20.12-1. Short title. -- This act shall be known and may be cited as the "Medical |
6 | Billing Innovation Act of 2016". |
7 | 27-20.12-2. Purpose. -- The purpose of this chapter is to: |
8 | (1) Ensure that consumers of health care products and services have access to all |
9 | information required to make informed purchasing decisions; |
10 | (2) Protect consumers of health care products and services by ensuring that they benefit |
11 | from the rights guaranteed to consumers of other products and services, including protection from |
12 | unfair, deceptive, and abusive acts and practices as defined in 12 U.S.C. §5531 prohibiting unfair, |
13 | deceptive, or abusive acts or practices (collectively, UDAAPs); |
14 | (3) Facilitate innovation in Rhode Island by providing the foundation necessary for the |
15 | development of technologies that allow consumers greater understanding and control of their |
16 | health care related expenses; and |
17 | (4) Increase patient accountability and participation by helping patients associate |
18 | financial costs with their health care decisions. |
19 | 27-20.12-3. Definitions. -- The following terms shall have the meanings given below for |
| |
1 | purposes of this section: |
2 | (1) "Application programming interface" means a software protocol that expresses a set |
3 | of operations inputs, outputs, and underlying types, that allows a second party's software to access |
4 | a defined set of information in real time. |
5 | (2) "Certified health care information management software vendor" means any entity |
6 | which produces health care information management software and is certified pursuant to §27- |
7 | 20.12-5. |
8 | (3) "Health care facility" means an institution providing health care services or a health |
9 | care setting, including, but not limited to, hospitals and other licensed inpatient centers, |
10 | ambulatory surgical or treatment centers, skilled nursing centers, residential treatment centers, |
11 | diagnostic, laboratory and imaging centers, and rehabilitation and other therapeutic health |
12 | settings. |
13 | (4) "Health care information management software" means software that presents |
14 | information associated with health care, and in particular, information related to billing, to |
15 | consumers. |
16 | (5) "Health care professional" means a physician or other health care practitioner |
17 | licensed, accredited or certified to perform specified health care services consistent with state |
18 | law. |
19 | (6) "Health care provider" means a health care professional or a health care facility. |
20 | (7) "Health care services" means any services included in the furnishing to any individual |
21 | medical, podiatric, or dental care, or hospitalization, or incidental to the furnishing of that care or |
22 | hospitalization, or incidental to the furnishing to any person of any and all other services for the |
23 | purpose of preventing, alleviating, curing, or healing human illness, injury, or physical disability. |
24 | (8) "Health insurer" means any person, firm or corporation offering and/or insuring health |
25 | care services on a prepaid basis, including, but not limited to, a nonprofit hospital service |
26 | corporation as defined in chapter 19 of title 27, a nonprofit medical service corporation as defined |
27 | in chapter 20 of title 27, a health maintenance organization as defined in chapter 41 of title 27, or |
28 | an entity offering a policy of accident and sickness insurance. |
29 | (9) "Strong cryptography" means cryptography based on industry-tested and accepted |
30 | algorithms, along with strong key lengths (minimum 112-bits of effective key strength) and |
31 | proper key-management practices. Cryptography is a method to protect data and includes both |
32 | encryption (which is reversible) and hashing (which is not reversible, or "one way"). As of the |
33 | present time, examples of industry-tested and accepted standards and algorithms for minimum |
34 | encryption strength include AES (128 bits and higher), TDES (minimum triple-length keys), RSA |
| LC005469 - Page 2 of 5 |
1 | (2048 bits and higher), ECC (160 bits and higher), and EIGamal (2048 bits and higher). See NIST |
2 | Special Publication 800-57 Part I (http://esrc.nist.gov/publications/) for more guidance on |
3 | cryptographic key strengths and algorithms. |
4 | (10) "User" means a consumer who uses health care information management software. |
5 | (11) "Valid identification information" means social security number or tax identification |
6 | number, and date of birth or a token indicating the prior communication thereof. |
7 | 27-20.12-4. Member access through application programming interface. -- Health |
8 | insurers shall ensure that from time to time and at any time any member may request via an |
9 | application programming interface any and all information related to the member's insurance |
10 | coverage and health care, and shall via the application programming interface all requested |
11 | information, whenever the request meets the following conditions: |
12 | (1) The request includes valid identification information; |
13 | (2) The information requested is currently or ordinarily provided to members; and |
14 | (3) The request is made through a health care information management software provided |
15 | by a certified health care information management software vendor. |
16 | 27-20.12-5. Certification of health care information management software. -- (a) A |
17 | certified health care information management software vendor shall: |
18 | (1) Implement measures to validate the identity of any user submitting a request through |
19 | the application programming interface; |
20 | (2) Comply with §5-37.3-4(c), the "confidentiality of health care communications and |
21 | information act" provision governing third parties; |
22 | (3) Present a notice to users initially and upon request that: |
23 | (i) The vendor is a certified vendor of health care information management software |
24 | under §27-20.12-5; |
25 | (ii) The user may instruct the vendor to request and receive information about the user's |
26 | health care bills from health care providers and health insurers; |
27 | (iii) Any data requested by the user will exist on the vendor's secure servers in order to |
28 | provide the user with services; and |
29 | (iv) As a user of the vendor's software, the user has the right to download the user's data, |
30 | and/or to instruct the vendor to delete the user's data from the vendor's servers at any time. |
31 | (4) Utilize strong cryptography wherever protected health information, as defined by 45 |
32 | CFR 160, 103, is stored or transmitted; |
33 | (5) Maintain a publicly-available privacy policy covering users; and |
34 | (6) Not release or transfer any patient information without written consent of the patient, |
| LC005469 - Page 3 of 5 |
1 | or their authorized representative. |
2 | (b) Vendors shall annually certify in writing that they comply with subsection (a)(3) of |
3 | this section.. |
4 | (c) The office of the health insurance commissioner shall maintain a register of valid |
5 | certifications, which it shall publish on its website. |
6 | SECTION 2. This act shall take effect on June 1, 2017. |
======== | |
LC005469 | |
======== | |
| LC005469 - Page 4 of 5 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO INSURANCE -- THE MEDICAL BILLING INNOVATION ACT OF 2016 | |
*** | |
1 | This act would ensure that health care consumers have access to all information to make |
2 | informed purchasing decisions, that they benefit from rights guaranteed to consumers of other |
3 | products and services, that consumers possesses technologies to understand and control their |
4 | health care related expenses and that patients participate in the association of financial costs with |
5 | their health care decisions. |
6 | This act would take effect on June 1, 2017. |
======== | |
LC005469 | |
======== | |
| LC005469 - Page 5 of 5 |