The bill amends Section 5-37.3-4 of the "Confidentiality of Health Care Communications and Information Act" to strengthen the protections for the release of a patient's confidential healthcare information. It establishes that such information cannot be disclosed without the written consent of the patient or their authorized representative, with specific exceptions outlined in the bill. Notably, it prohibits managed care entities from sharing identifiable personal information unless necessary for statistical purposes. The bill also introduces penalties for violations, including fines and imprisonment, and declares any contracts that attempt to waive these provisions as null and void. Additionally, it expands the list of exceptions where consent is not required, allowing healthcare providers to report allegations of abuse or neglect to the Department of Behavioral Healthcare, Developmental Disabilities, and Hospitals (BHDDH) and to disclose information in response to law enforcement requests under certain conditions.

Furthermore, the bill grants BHDDH staff the authority to demand records from healthcare facilities during investigations of abuse or rights violations, requiring immediate compliance upon written demand. It outlines procedures for non-compliance, allowing BHDDH to petition the superior court for access to records. The bill also designates BHDDH as a health oversight agency and specifies security procedures for third parties handling confidential healthcare information, including limiting access and ensuring employees are informed about confidentiality obligations. Consent forms for the release of information must include specific content, and the bill clarifies that confidential information cannot be shared without additional written consent. The bill does not indicate any deletions from current law and is set to take effect immediately upon passage.

Statutes affected:
5500: 5-37.3-4