The bill amends the Patient Records Privacy Act to enhance privacy protections for sensitive health information, particularly concerning reproductive health care, gender-affirming health care, and mental health care. It requires health information exchanges and electronic patient record systems to segregate this sensitive information and limits access to individuals with written authorization. The bill also establishes protocols for notifying individuals about inquiries regarding their segregated health care information and prohibits the release of abortion-related patient records in response to conflicting subpoenas from other states. Additionally, it updates terminology by replacing "electronic medical" with "electronic patient" and repeals the requirement for reporting induced abortions, thereby strengthening confidentiality and individual control over health records.

Furthermore, the bill clarifies that the Patient Records Privacy Act does not apply to certain types of insurers, such as property and casualty insurers and life insurers, ensuring they are excluded from its provisions. It introduces enforcement measures for violations of the Act, including penalties for health information exchanges or electronic patient record systems that fail to comply, and allows individuals to seek damages in court. The bill also empowers the attorney general or district attorneys to initiate civil actions for violations and sets an effective date of July 1, 2025, for its provisions.

Statutes affected:
introduced version: 24-14B-1, 24-14B-2, 24-14B-3, 24-14B-6, 24-14B-7, 24-14B-8, 24-14B-9, 24-14-18