SENATE HEALTH COMMITTEE

STATEMENT TO

SENATE, No. 42

with committee amendments

STATE OF NEW JERSEY

DATED: JUNE 20, 1996

      The Senate Health Committee reports favorably Senate Bill No. 42 with committee amendments.

      As amended by committee, this bill establishes uniform health care information record confidentiality, security and access requirements for all health care patients in New Jersey, whether they are receiving services in a licensed health care facility or from a health care provider regulated under Title 45 of the Revised Statutes. The bill also establishes civil and criminal penalties for violations of these requirements.

      The bill requires that health care facilities and providers implement a written confidentiality policy which includes procedures to ensure the security of their health care information records during storage, processing or transmission, either in electronic or other form. The bill provides that the content of a patient health care information record may be disclosed with the prior written authorization of the patient or his representative only if the authorization is provided on a form and in a manner approved by the Commissioner of Health, in consultation with the Commissioner of Insurance and the Director of the Division of Consumer Affairs, and the purpose and period of time for which disclosure is authorized is clearly stated on the form.

      The bill also provides that if a patient's or patient representative's prior written authorization for disclosure of health care information is not obtained, information contained in the record shall be disclosed only under the following conditions:

      ∙    To the patient or the patient representative;

      ∙    To a health care provider who is providing health care to the patient, except as limited or prohibited by the patient;

      ∙    To a member of the patient's immediate family, or to another person with whom the patient is known to have a close personal relationship, in accordance with good medical or other professional practice, except as limited or prohibited by the patient;

      ∙    To any person in order to avoid or minimize imminent danger to the health or safety of the patient or any other person, or to alleviate emergency circumstances affecting the health or safety of any person;

      ∙    To federal, State or local government authorities, as required by law;

      ∙    To qualified personnel for the purpose of conducting scientific research;

       ∙    To qualified personnel for the purpose of conducting management audits, financial audits or program evaluation;

       ∙    To qualified personnel involved in medical education or in the patient's diagnosis and treatment;

       ∙    To federal, State or local government entities, including grand juries, conducting a criminal investigation or carrying out their civil or administrative duties as authorized by law;

        ∙   As permitted by Department of Health rules and regulations; or

       ∙    In all other instances authorized by State or federal law.

      The bill requires that, except in the case of a disclosure of patient information to a federal, State or local government entity, the health care facility or provider shall maintain in the patient record information about any disclosure from the patient record.

      The bill provides, however, that no provision therein shall be construed to permit the disclosure of a record to a person, agency or other entity to whom disclosure is otherwise prohibited under State or federal law.

      The bill also stipulates that a patient or patient representative has the right to:

      ∙    have access to health care information concerning the patient;

      ∙    receive a copy of health care information from the patient’s record upon payment of a reasonable charge;

      ∙    have a notation made in the patient's record which reflects any amendment to, or correction of, the information in the record; and

      ∙    revoke at any time the patient's or patient representative's authorization for disclosure of health care information in the record, unless the disclosure is required to effectuate payment for health care that has been provided, or other substantial action has been taken in reliance on that authorization.

      The bill permits a patient's health care information record to be disclosed by a court order based upon good cause, after weighing the public interest and need for disclosure against the injury to: the patient, the health care provider-patient relationship, the services offered by the health care facility or provider, and State or federal law governing patient health care information confidentiality.

      In addition, the bill requires that health care information disclosed pursuant to its provisions be held confidential by the recipient of the record and not be released by the recipient unless the conditions of this bill are met.

      The bill also specifies those persons who may provide authorization for the disclosure of the record of a patient who is deceased or legally incompetent, or a minor.

      With regard to penalties for noncompliance, the bill provides as follows:

      ∙    If a health care facility or provider, or an employee thereof, or a recipient of a patient's record, fails to comply with the provisions of the bill, a patient or other person whose rights are violated may apply to a court of competent jurisdiction for appropriate equitable relief, which may include actual damages and reasonable attorney's fees and court costs.

      ∙    A person who, under false or fraudulent pretenses, requests or obtains health care information from a health care facility or provider, or an employee thereof, or requests or obtains a patient's authorization for disclosure of that information, is guilty of a fourth degree crime (punishable by a fine of up to $7,500, or imprisonment for up to 18 months, or both).

       ∙    A person who, under false or fraudulent pretenses, requests or obtains health care information from a health care facility or provider, or an employee thereof, and knowingly uses, sells or transfers that information for remuneration, profit or monetary gain, or a person who unlawfully takes health care information from a health care facility or provider, or an employee thereof, and knowingly uses, sells or transfers that information for remuneration, profit or monetary gain, is guilty of a second degree crime if the amount involved is $75,000 or more, a third degree crime if the amount involved exceeds $500 but is less than $75,000, and a fourth degree crime if the amount involved exceeds $200 but is less than $500.

      The bill stipulates that no provision therein shall be construed to limit a person's immunity from civil liability in accordance with the provisions of any law, including section 1 of P.L.1983, c.248 (C.45:9-19.1), which protects "whistle blowers" who report physician misconduct to the State Board of Medical Examiners; section 21 of P.L.1985, c.179 (C.17:23A-21), the insurance information practices law; and P.L.1972, c.45 (C.59:1-1 et seq.), the "New Jersey Tort Claims Act."

      This bill is part of a legislative package designed to effectuate the recommendations of the Healthcare Information Networks and Technologies (HINT) report to the Legislature under the joint auspices of Thomas Edison State College and the New Jersey Institute of Technology.

      The committee amended the bill to:

∙    State that criminal and civil regulatory agencies and the courts need to maintain their current level of access to health care information in order to carry our their statutory responsibilities;

∙    Add that patient authorization forms shall be approved by the Commissioner of Health, in consultation with the Commissioner of Insurance and the Director of the Division of Consumer Affairs;

∙    Broaden conditions under which patient records can be disclosed to government agencies, without patient authorization, to include federal, State or local government entities, rather than only specific departments of State government;

∙    Delete the limitation that disclosure of records would be permitted by regulation adopted by the Commissioner of Health "for the purposes of disease prevention and control;"

∙    Exempt disclosures to government agencies from the requirement to maintain as part of a medical record information about any disclosures made from that record;

∙    Delete limitations governing a court's granting of authorization to disclose medical records for law enforcement purposes;

∙    Clarify under the penalty sections that a person is guilty if the person "knowingly," rather than "intentionally," uses, sells or transfers information for profit, and provide that the severity of the penalty (second, third or fourth degree crime) will be determined by the amount of money involved in the crime;

∙    Add under the immunity sections reference to other State statutes; and

∙    Change the effective date from immediately to 180 days after enactment.

      Other committee amendments are technical and clarify the language in the bill.