2022 -- H 7994 | |
======== | |
LC005470 | |
======== | |
STATE OF RHODE ISLAND | |
IN GENERAL ASSEMBLY | |
JANUARY SESSION, A.D. 2022 | |
____________ | |
A N A C T | |
RELATING TO STATE AFFAIRS AND GOVERNMENT - OFFICE OF HEALTH AND | |
HUMAN SERVICES | |
| |
Introduced By: Representative Patricia A. Serpa | |
Date Introduced: March 16, 2022 | |
Referred To: House State Government & Elections | |
It is enacted by the General Assembly as follows: | |
1 | SECTION 1. Chapter 42-7.2 of the General Laws entitled "Office of Health and Human |
2 | Services" is hereby amended by adding thereto the following section: |
3 | 42-7.2-21. Closed-loop referral system privacy and security. |
4 | (a) The secretary of the executive office of health and human services (EOHHS) pursuant |
5 | to the provisions of § 42-7.2-5, and any agency or department assigned to the secretary shall upon |
6 | implementation or utilization of a closed-loop referral system ensure that the system includes at a |
7 | minimum the following privacy and security protections: |
8 | (1) All individual personally identifiable information to include health care information |
9 | shall only be included or inputted into the system upon the express consent of the individual; and |
10 | (2) Any individual's personally identifiable information and health care information may |
11 | only be accessed as permitted pursuant to § 5-37.3-4 or upon consent of the individual. Express |
12 | consent shall be obtained prior to accessing any individual's information by a person or entity to |
13 | provide services related to a referral. |
14 | (b) Any individual providing consent for inclusion of information into the system may |
15 | revoke the consent at any time. To the extent permitted under federal and state law, upon revocation |
16 | of consent, all information relative to the individual's referral for services shall be removed or |
17 | deleted from the system within seven (7) days of revocation. |
18 | (c) If any breach of a security system for a closed-loop referral system should occur, then |
| |
1 | notice of the breach shall be made pursuant to § 11-49.3-4. When practical, notice shall be provided |
2 | within forty-eight (48) hours of discovery of the breach. |
3 | (d) For purposes of this section, "closed-loop referral system" or "system" means any |
4 | system that stores an individual's personal identifiable information in a database that is shared by a |
5 | network of health care entities, public agencies, and community-based organizations for referral |
6 | purposes, which includes referrals to entities that are not covered under the Health Insurance |
7 | Portability and Accountability Act of 1996 (HIPAA). A closed-loop referral system encompasses |
8 | datasets containing personal referral information captured and stored in a database for use by public |
9 | and private entities, including community-based organizations, to provide services, update referral |
10 | activity, and close the loop on referral by updating downstream systems. |
11 | SECTION 2. This act shall take effect upon passage. |
======== | |
LC005470 | |
======== | |
| LC005470 - Page 2 of 3 |
EXPLANATION | |
BY THE LEGISLATIVE COUNCIL | |
OF | |
A N A C T | |
RELATING TO STATE AFFAIRS AND GOVERNMENT - OFFICE OF HEALTH AND | |
HUMAN SERVICES | |
*** | |
1 | This act would establish that closed-loop referral systems utilized by departments or |
2 | agencies under the executive office of health and human services shall ensure that an individual |
3 | would give consent before their personal or health care information is entered into the system. This |
4 | act would also provide that except for permitted access pursuant to § 5-37.3-4, the individual's |
5 | information would only be accessed upon consent. |
6 | This act would take effect upon passage. |
======== | |
LC005470 | |
======== | |
| LC005470 - Page 3 of 3 |