H97 - 2015 Appropriations Act, Sec. 12A.5: Funds for Oversight and Administration of Statewide Health Information Exchange Network (SL 2015-241)

Overview: Section 12A.5 of S.L. 2015-241, as amended by Sec. 86.5 of S.L. 2015-246, creates a mechanism by which the State can establish and connect to a successor Health Information Exchange (HIE) Network for all Medicaid providers and all other entities that receive State funds for the provision of health services by June 1, 2018. In addition, this section establishes the North Carolina HIE Authority (Authority) to oversee and administer the successor HIE Network.

To accomplish these objectives, the State Chief Information Officer (CIO) must enter into a memorandum of understanding with the Secretary of the Department of Health and Human Services (DHHS) that provides the CIO with the sole authority over the HIE until both the Authority and Advisory Board to the Authority are established. Existing HIE contracts must be terminated or assigned to the Authority by February 29, 2016.

Effective October 1, 2015, this section creates a new Article 29B, (Statewide Health Information Exchange Act) in Chapter 90 of the General Statutes intended to improve the quality of health care delivery in the State by facilitating and regulating the use of a voluntary, statewide HIE network for the secure electronic transmission of individually identifiable health information among health care providers, health plans, and health care clearinghouses that is consistent with HIPAA. Despite the voluntary nature of the network, the Article requires: (i) each hospital that has an electronic health record system; (ii) each Medicaid provider; (iii) each provider that receives State funds for the provision of health services; (iv) and each local management entity/managed care organization (LME/MCO) to submit, at least twice daily by way of the HIE Network, demographic and clinical information pertaining to services rendered to Medicaid and other State-funded health care programs.

The Article articulates conditions by which State agencies and the Legislature may gain access to HIE Network data, provides that any data pertaining to services rendered to beneficiaries under the HIE Network is and remains the sole property of the State and must not allow data to be disclosed for commercial purposes or for any other purposes not otherwise provided under the provision.

This section also creates the North Carolina HIE Authority (Authority), located within the Department of Information Technology and under the direction and control of the State CIO, with broad powers and duties to oversee and administer the HIE Network. The Authority is directed to consult with the North Carolina HIE Advisory Board (Advisory Board) to set guiding principles for the development, implementation, and operation of the HIE Network. The Authority is empowered to establish fees for participation in the HIE Network.

The 11-member Advisory Board is located within the Department of Information Technology, and is tasked with providing consultation to the Authority with respect to the advancement, administration, and operation of the HIE Network and on matters pertaining to health information technology and exchange.

Covered entities (as that term is defined in the Code of Federal Regulations) that participate in the HIE Network must enter into a HIPAA compliant agreement and a written participation agreement with the Authority prior to submitting data to the HIE Network. Participating covered entities may disclose an individual's protected health information through the HIE Network to other covered entities for any purpose provided by HIPAA, unless the individual has exercised the right to opt out, which is available to the individual on a continuing basis. Covered entities that are required to submit demographic and clinical information through the successor HIE Network must not submit such information through the successor HIE Network until the Authority establishes a date for covered entities to begin submitting the information through the HIE Network or other secure electronic means.

This section establishes penalties, actions, and remedies for covered entities that disclose protected information in violation of the Article.

Also effective October 1, 2015, this section provides that, with the exception of the laws governing equal employment and compensation opportunity and privacy of State employee personnel records, the State Human Resources Act does not apply to employees of the NC HIE Authority.

Effective on the date the State CIO notifies the Revisor of Statutes that all contracts pertaining to the prior HIE Network between the State and between any third parties have been terminated or assigned to the successor HIE Network created pursuant to this section, the HIE Network established in 2011, is repealed.

Except as otherwise provided, the remainder of this section became effective July 1, 2015.