By December 1, 2011, the lead organization shall, consistent with the federal health insurance portability and accountability act, develop processes, guidelines, and standards that address:
(1) Identification and prioritization of high value health data from health data providers. High value health data include:
- (a) Prescriptions;
- (b) Immunization records;
- (c) Laboratory results;
- (d) Allergies; and
- (e) Diagnostic imaging;
- (2) Processes to request, submit, and receive data;
(3) Data security, including:
- (a) Storage, access, encryption, and password protection;
- (b) Secure methods for accepting and responding to requests for data;
- (c) Handling unauthorized access to or disclosure of individually identifiable patient health information, including penalties for unauthorized disclosure; and
(d) Authentication of individuals, including patients and providers, when requesting access to health information, and maintenance of a permanent audit trail of such requests, including:
- (i) Identification of the party making the request;
- (ii) The data elements reported; and
- (iii) Transaction dates;
- (4) Materials written in plain language that explain the exchange of health information and how patients can effectively manage such information, including the use of online tools for that purpose;
- (5) Materials for health care providers that explain the exchange of health information and the secure management of such information.
[ 2009 c 300 s 4.]
Notes:
Findings—2009 c 300: See note following RCW 41.05.036.