1. Access to reports and records. The Department of Health and Human Services must be given access to all confidential reports and records filed by physicians, hospitals or other private or public sector organizations, with all departments, agencies, commissions or boards of the State for the purpose of conducting investigations or evaluating the completeness or quality of data submitted to the department's disease surveillance programs. The department shall follow the data confidentiality requirements of the departments, agencies, commissions or boards of the State providing this information.
Upon notification by the Department of Health and Human Services, physicians or hospitals shall provide to the department any further information requested for the purpose of conducting investigations or evaluating the completeness or quality of data submitted to the department's disease surveillance programs.
[ 1989, c. 844, §2 (NEW); 2003, c. 689, Pt. B, §6 (REV) .]
2. Limited immunity. A physician, hospital, or employee of a physician or hospital is not liable for any civil damages as a result of the department's use of information gathered under this section. This immunity is limited to legitimate activities pursued in good faith under this section.
[ 1989, c. 844, §2 (NEW) .]
3. Adoption of rules. The department shall adopt rules governing the conditions under which and purposes for which the department may use identifying information under this section. The rules must ensure that:
A. Identifying information is used only to gain access to medical records and other medical information pertaining to an investigation designed to accomplish public health research of substantial public importance; [1989, c. 844, §2 (NEW).]
B. Medical information about an identified patient is not sought from any person without the consent of that patient except when the information sought pertains solely to verification or comparison of health data that the department is otherwise authorized by law to collect and the department finds that confidentiality can be adequately protected without patient consent; [1989, c. 844, §2 (NEW).]
C. Those persons conducting the investigation do not disclose medical information about an identified patient to any other person except a health care practitioner responsible for treating the patient; [1989, c. 844, §2 (NEW).]
D. Those persons gaining access to medical information about an identified patient use that information to the minimum extent necessary to accomplish the purposes of the investigation; [1989, c. 844, §2 (NEW).]
E. The protocol for any investigation is designed to preserve the confidentiality of all medical information that can be associated with identified patients, to specify the manner in which contact is made with patients, and to maintain public confidence in the protection of confidential information; [1989, c. 844, §2 (NEW).]
F. An advisory body, independent from the department, is established and charged with responsibility for approving the protocol of the investigation, overseeing the conduct of the investigation to assure consistency with the protocol and the department's rules, and assessing both the scientific validity of the investigation and its effects upon patients; [1989, c. 844, §2 (NEW).]
G. The department does not seek information under this section if the proposed identification of or contact with patients or health care practitioners would diminish the confidentiality of medical information or the public's confidence in the protection of that information in a manner that outweighs the expected benefit to the public of the proposed investigation; and [1989, c. 844, §2 (NEW).]
H. Whenever a physician or hospital furnishes patient information requested by the department in accordance with this section, the department reimburses the physician or hospital for the reasonable costs incurred in providing the information. [1989, c. 844, §2 (NEW).]
[ 1989, c. 844, §2 (NEW) .]
1989, c. 844, §2 (NEW). 2003, c. 689, §B6 (REV).