The bill amends the Patient Records Privacy Act to enhance privacy protections for sensitive health care information, particularly concerning reproductive health care, gender-affirming health care, and mental health care. It requires health information exchanges and electronic patient record systems to segregate this sensitive information and limits access to individuals with written authorization. The bill also establishes protocols for notifying individuals about inquiries regarding their segregated health care information and prohibits the release of abortion-related patient records in response to conflicting subpoenas from other states. Additionally, it updates terminology by replacing "electronic medical records" with "electronic patient records" and repeals the requirement for reporting induced abortions, further emphasizing patient privacy.

Furthermore, the bill clarifies that the Patient Records Privacy Act does not apply to certain types of insurers, such as property and casualty insurers and life insurers, ensuring they are excluded from the Act's provisions. It introduces enforcement measures for violations, including penalties for health information exchanges and allows individuals to seek damages in court if their rights are violated. The attorney general and district attorneys are empowered to initiate civil actions for suspected violations. The bill also repeals a previous section of the law and sets an effective date of July 1, 2025, for its provisions.

Statutes affected:
introduced version: 24-14B-1, 24-14B-2, 24-14B-3, 24-14B-6, 24-14B-7, 24-14B-8, 24-14B-9, 24-14-18