H.F. 2623 Section 1. Section 135D.2, Code 2024, is amended to read as 1 follows: 2 135D.2 Definitions. 3 As used in this chapter , unless the context otherwise 4 requires: 5 1. “Board of directors” or “board” means the entity that 6 governs and administers the Iowa health information network. 7 2. 1. “Care coordination” means the management of all 8 aspects of a patient’s care to improve health care quality. 9 2. “Community information exchange” means an ecosystem 10 comprised of multidisciplinary network participants that 11 use standardized technical language, a resource database, 12 and an integrated technology platform to deliver enhanced 13 community care planning using care planning tools that enable 14 participants to integrate data from multiple sources and make 15 bidirectional referrals to create a shared longitudinal record. 16 3. “Department” means the department of health and human 17 services. 18 4. “Designated entity” means the nonprofit corporation 19 designated by the department through a competitive process as 20 the entity responsible for administering and governing the Iowa 21 health information network. 22 5. “Exchange” means the authorized electronic sharing of 23 health information and data between health care professionals, 24 payors, consumers, public health agencies, the designated 25 entity, the department, and other authorized participants 26 utilizing the Iowa health information network and Iowa health 27 information network services. 28 6. “Federally qualified health center” means a health care 29 entity that receives grant funding under section 330 of the 30 federal Public Health Service Act, Pub. L. No. 78-410. 31 7. “Governing board” means the board of directors that 32 governs and administers the designated entity. 33 6. 8. “Health care professional” means a person who is 34 licensed, certified, or otherwise authorized or permitted by 35 -1- LSB 5482HV (4) 90 pf/ko 1/ 18

H.F. 2623 the law of this state to administer health care in the ordinary 1 course of business or in the practice of a profession. 2 9. “Health data utility” means a locally governed, 3 statewide, multifaceted resource that provides services for the 4 interchange of health data within the health care and public 5 health ecosystems for the purpose of advancing health care 6 and improving public health outcomes. A “health data utility” 7 combines, enhances, and exchanges electronic health data across 8 care and service settings for treatment, care coordination, 9 quality improvement, and public and community health purposes, 10 in accordance with applicable state and federal laws protecting 11 patient privacy. 12 7. 10. “Health information” means health information as 13 defined in 45 C.F.R. §160.103 that is created or received by an 14 authorized a participant. 15 11. “Health information exchange” means participants 16 contributing to the sharing and movement of health information 17 electronically across participants within a state, region, 18 community, or health care delivery system. 19 12. “Health information network” means participants in the 20 health information exchange in the aggregate. 21 8. 13. “Health information technology” means the 22 application of information processing, involving both computer 23 hardware and software, that deals with the storage, retrieval, 24 sharing, and use of health care information, data, and 25 knowledge for communication, decision making, quality, safety, 26 and efficiency of clinical practice, and may include but is not 27 limited to: 28 a. An electronic health record that electronically compiles 29 and maintains health information that may be derived from 30 multiple sources about the health status of an individual and 31 may include a core subset of each care delivery organization’s 32 electronic medical record such as a continuity of care record 33 or a continuity of care document, computerized physician order 34 entry, electronic prescribing, or clinical decision support. 35 -2- LSB 5482HV (4) 90 pf/ko 2/ 18

H.F. 2623 b. A personal health record through which an individual and 1 any other person authorized by the individual can maintain and 2 manage the individual’s health information. 3 c. An electronic medical record that is used by health care 4 professionals to electronically document, monitor, and manage 5 health care delivery within a care delivery organization, is 6 the legal record of the patient’s encounter with the care 7 delivery organization, and is owned by the care delivery 8 organization. 9 d. A computerized provider health care professional 10 order entry function that permits the electronic ordering of 11 diagnostic and treatment services, including prescription 12 drugs. 13 e. A decision support function to assist physicians and 14 other health care providers professionals in making clinical 15 decisions by providing electronic alerts and reminders to 16 improve compliance with best practices, promote regular 17 screenings and other preventive practices, and facilitate 18 diagnosis and treatments treatment . 19 f. Tools to allow for the collection, analysis, and 20 reporting of information or data on adverse events, the quality 21 and efficiency of care, patient satisfaction, and other health 22 care-related performance measures. 23 9. 14. “Health Insurance Portability and Accountability 24 Act” or “HIPAA” means the federal Health Insurance Portability 25 and Accountability Act of 1996, Pub. L. No. 104-191, including 26 amendments thereto and regulations promulgated thereunder. 27 10. 15. “Hospital” means a licensed hospital as defined in 28 section 135B.1 . 29 11. 16. “Interoperability” means the ability of two or more 30 systems or components to exchange information or data in an 31 accurate, effective, secure, and consistent manner and to use 32 the information or data that has been exchanged and includes 33 but is not limited to: 34 a. The capacity to connect to a network for the purpose of 35 -3- LSB 5482HV (4) 90 pf/ko 3/ 18

H.F. 2623 exchanging information or data with other users. 1 b. The ability of a connected , authenticated user 2 participant to demonstrate appropriate permissions to 3 participate in the instant transaction over the network. 4 c. The capacity of a connected , authenticated user 5 participant to access, transmit, receive, and exchange usable 6 information with other users participants . 7 12. 17. “Iowa health information network” or “network” means 8 the statewide health information technology network that is the 9 sole statewide health information network for Iowa pursuant to 10 this chapter . 11 13. 18. “Medicaid program” means the medical assistance 12 program as defined in section 249A.2 . 13 19. “Nursing facility” means a licensed nursing facility as 14 defined in section 135C.1. 15 14. 20. “Participant” means an authorized health care 16 professional, payor, patient, health care organization, public 17 health agency, or the department entity described in section 18 135D.4, subsection 4, paragraph “d” , that has agreed entered 19 into an agreement to authorize, submit, access, or disclose 20 health information and data through the Iowa health information 21 network in accordance with this chapter and all applicable 22 laws, rules, agreements, policies, and standards. 23 15. 21. “Patient” means a person who has received or is 24 receiving health services from a health care professional. 25 16. 22. “Payor” means a person who makes payments for 26 health services, including but not limited to an insurance 27 company, self-insured employer, government program, individual, 28 or other purchaser that makes such payments. 29 23. “Payor information exchange” means a large-scale 30 database that systematically collects health care claims data 31 from a variety of payor sources, including claims from health 32 care professionals. 33 24. “Pharmacy” means a pharmacy as defined in section 34 155A.3. 35 -4- LSB 5482HV (4) 90 pf/ko 4/ 18

H.F. 2623 25. “Pharmacy information exchange” means the participants 1 contributing to the sharing and movement of dispensed pharmacy 2 information electronically across participants within a state, 3 region, community, or health care delivery system. 4 17. 26. “Protected health information” means protected 5 health information as defined in 45 C.F.R. §160.103 that is 6 created or received by an authorized a participant. 7 18. 27. “Public health activities” means actions taken by 8 a participant in its the participant’s capacity as a public 9 health authority under the Health Insurance Portability and 10 Accountability Act or as required or permitted by other federal 11 or state law. 12 19. 28. “Public health agency” means an entity that is 13 governed by or contractually responsible to a local board of 14 health or the department to provide services focused on the 15 health status of population groups and their the population 16 groups’ environments. 17 20. 29. “Record locator service” means the functionality of 18 the Iowa health information network that queries data sources 19 to locate and identify potential patient records. 20 30. “Rehabilitative services” means the same as defined in 21 section 135C.1. 22 31. “Social care” means any care, service, good, or supply 23 related to an individual’s social needs. “Social care” 24 includes but is not limited to support and assistance for an 25 individual’s food stability and nutritional needs, housing, 26 transportation, economic stability, employment, education 27 access and quality, child care and family relationship needs, 28 and environmental and physical safety. 29 32. “Social care referral system” means a system that shares 30 an individual’s social care information for the purpose of 31 referrals among health care entities, public health agencies, 32 and community-based organizations. “Social care referral 33 system” includes but is not limited to a network, software, or 34 technology platform. 35 -5- LSB 5482HV (4) 90 pf/ko 5/ 18

H.F. 2623 Sec. 2. Section 135D.3, subsection 1, paragraph c, Code 1 2024, is amended to read as follows: 2 c. A health information network involves the secure 3 electronic sharing of health information across the boundaries 4 of individual practice and institutional health settings and 5 with consumers. The broad use of health information technology 6 and a health information network should improve improves health 7 care quality and the overall health of the population, increase 8 increases efficiencies in administrative health care, reduce 9 reduces unnecessary health care costs, and help helps prevent 10 medical errors. 11 Sec. 3. Section 135D.4, Code 2024, is amended to read as 12 follows: 13 135D.4 Iowa health information network —— principles 14 —— technical infrastructure requirements —— function as 15 state-designated health data utility . 16 1. The Iowa health information network shall be 17 administered and governed by a designated entity using, at a 18 minimum, the following principles: 19 a. Be patient-centered and market-driven. 20 b. Comply with established national standards. 21 c. Protect the privacy of consumers and the security and 22 confidentiality of all health information. 23 d. Promote interoperability. 24 e. Increase the accuracy, completeness, and uniformity of 25 data. 26 f. Preserve the choice of the patient to have the patient’s 27 health information available through the record locator 28 service. 29 g. Provide education to the general public and provider 30 communities on the value and benefits of health information 31 technology. 32 2. Widespread adoption of health information technology is 33 critical to a successful Iowa health information network and is 34 best achieved when all of the following occur: 35 -6- LSB 5482HV (4) 90 pf/ko 6/ 18

H.F. 2623 a. The network, through the designated entity complying 1 with chapter 504 and reporting as required under this chapter , 2 operates in an entrepreneurial and businesslike manner in which 3 it is accountable to all participants utilizing the network’s 4 products and services. 5 b. The network provides a variety of services from which to 6 choose in order to best fit the needs of the user participant . 7 c. The network is financed by all who benefit from the 8 improved quality, efficiency, savings, and other benefits that 9 result from use of health information technology. 10 d. The network is operated with integrity and freedom from 11 political influence. 12 3. The Iowa health information network technical 13 infrastructure shall provide a mechanism for all of the 14 following: 15 a. The facilitation and support of the secure electronic 16 exchange of health information between participants. 17 b. Participants The opportunity for the participants 18 without an electronic health records system to access health 19 information from the Iowa health information network. 20 4. a. Beginning July 1, 2024, the Iowa health information 21 network shall function as the state-designated health data 22 utility or state-designated HDU, operated and governed by the 23 designated entity. The state-designated HDU shall operate as a 24 public-private partnership to facilitate the secure electronic 25 sharing of health information and data across a variety of 26 settings including health care delivery settings, payors, 27 social care entities, and consumers. 28 (1) The state-designated HDU is designed to achieve better 29 health care outcomes, improve the overall health and well-being 30 of the people of the state, and reduce the cost of health 31 care by creating a more seamless, transparent, and modernized 32 approach to the sharing of health information and data. 33 (2) Utilization of health information and data requires 34 appropriate governance and policy leadership. The 35 -7- LSB 5482HV (4) 90 pf/ko 7/ 18

H.F. 2623 state-designated HDU provides clear data governance, privacy, 1 and security policies to facilitate the sharing of health 2 information and data, ensuring that the health information and 3 data follow the patient and improve the health of all citizens 4 of the state. 5 (3) Health care professionals and entities have been 6 subject to HIPAA since 1996, and HIPAA has driven initial 7 efforts to develop a culture and infrastructure of health 8 information governance. As holders of personal information, 9 state agencies have a responsibility to demonstrate to the 10 public the state’s commitment to respecting personal privacy. 11 (4) Health care entities have a duty to share health 12 information and data, in accordance with applicable law, with 13 other health care entities to ensure that optimal patient 14 and population health is achieved. To further demonstrate 15 the commitment to privacy, the state-designated HDU provides 16 opt-out policies and procedures to allow patients to opt out of 17 health information and data sharing. 18 b. The purposes of the state-designated HDU include all of 19 the following: 20 (1) The transmittal, collection, aggregation, and analysis 21 of clinical information, public health data, and health 22 administrative and operations data to assist the department, 23 local health departments, health care professionals, patients, 24 policymakers, and the governing board in understanding the 25 population health of Iowa. 26 (2) The enhancement and acceleration of the 27 interoperability of health information and data throughout the 28 state, ensuring compliance with all applicable privacy and 29 security laws and regulations. 30 (3) The empowerment of patients in accessing and directing 31 their health information and data, health care costs, and 32 overall health to improve quality of life in the state. 33 c. The state-designated HDU shall provide health information 34 and data, in accordance with applicable law, to patients and 35 -8- LSB 5482HV (4) 90 pf/ko 8/ 18

H.F. 2623 organizations involved in the treatment and care coordination 1 of patients, and shall support the health goals of the 2 community and the state. The state-designated HDU shall be 3 comprised of all of the following data sources: 4 (1) A health information exchange. The governing board 5 shall adopt health care information interoperability standards 6 for the health information exchange. The minimum standard of 7 sharing shall be the most recently approved version of the 8 United States core data of interoperability. The minimum 9 standard of sharing may be enhanced by the governing board. 10 (2) A pharmacy information exchange. 11 (a) Unless otherwise prohibited by state or federal law, 12 each licensed pharmacy that dispenses prescription drugs to 13 patients in the state shall provide all dispensed prescription 14 information to the state-designated HDU in compliance with all 15 applicable state and federal rules. 16 (b) The governing board shall adopt interoperability 17 standards, data elements, and terminologies necessary to 18 provide data in as close to real time as possible to facilitate 19 data exchange. 20 (3) A payor information exchange. The governing board shall 21 adopt the interoperability standards for claims data sharing by 22 all payors required to share data. 23 (4) A community information exchange. The governing board 24 shall adopt the interoperability standards for data sharing by 25 social care entities specified by the governing board. 26 d. (1) By December 31, 2024, all hospitals, critical access 27 hospitals, general acute care hospitals, and rehabilitative 28 hospitals in the state shall be participants with the 29 state-designated HDU, and shall share all data in accordance 30 with standards, policies, and procedures adopted by the 31 governing board pursuant to this chapter. 32 (2) By December 31, 2025, all provider clinics, ambulatory 33 surgical centers, mental health and substance use treatment 34 centers, psychiatric or mental hospitals, facilities providing 35 -9- LSB 5482HV (4) 90 pf/ko 9/ 18

H.F. 2623 rehabilitative services, imaging centers, laboratories, 1 federally qualified health centers, and payors in the state 2 shall be participants with the state-designated HDU, and shall 3 share all data in accordance with standards, policies, and 4 procedures adopted by the governing board pursuant to this 5 chapter. 6 (3) By December 31, 2025, all health clinics, public 7 health clinics, urgent care facilities, nursing facilities, 8 and pharmacies shall be participants with the state-designated 9 HDU, and shall share all data in accordance with policies and 10 procedures adopted by the governing board pursuant to this 11 chapter. 12 (4) By December 31, 2028, all entities utilizing digital 13 technology for the purposes of social care referral and 14 care coordination in the state, including but not limited to 15 community-based organizations, shall be participants with the 16 state-designated HDU, and shall share data in accordance with 17 federal interoperability guidance and policies adopted by the 18 governing board pursuant to this chapter. 19 e. Any entity specified in paragraph “d” that does not own 20 or has not contracted for an electronic records management 21 system or service on or before July 1, 2024, shall not be 22 required to purchase or contract for an electronic records 23 management system or service in order to comply with paragraph 24 “d” . 25 f. Paragraph “d” shall not apply to any of the following: 26 (1) A facility or institution controlled, managed, 27 directed, or operated under the jurisdiction of the department 28 of health and human services, including the state mental health 29 institutes. 30 (2) Medicaid fee-for-service programs under the Medicaid 31 program. 32 4. 5. Nothing in this chapter shall be interpreted to 33 impede or preclude the formation and operation of regional, 34 population-specific, or local health information networks 35 -10- LSB 5482HV (4) 90 pf/ko 10/ 18

H.F. 2623 or the participation of such networks in the Iowa health 1 information network. 2 6. The Iowa health information network shall not constitute 3 a health benefit network or a health insurance network. 4 Sec. 4. Section 135D.5, Code 2024, is amended to read as 5 follows: 6 135D.5 Designated entity —— selection, administration , and 7 governance. 8 1. The Iowa health information network shall be 9 administered and governed by a designated entity selected by 10 the department through a competitive process. The designated 11 entity shall be established as a nonprofit corporation 12 organized under chapter 504 . Unless otherwise provided in 13 this chapter , the corporation is subject to the provisions of 14 chapter 504 . The designated entity shall be established for 15 the purpose of administering and governing the statewide Iowa 16 health information network. 17 2. The designated entity shall collaborate with the 18 department, but the designated entity shall not be considered, 19 in whole or in part, an agency, department, or administrative 20 unit of the state. 21 a. The designated entity shall not be required to comply 22 with any requirements that apply to a state agency, department, 23 or administrative unit and shall not exercise any sovereign 24 power of the state. 25 b. The designated entity does not have authority to pledge 26 the credit of the state. The assets and liabilities of 27 the designated entity shall be separate from the assets and 28 liabilities of the state and the state shall not be liable 29 for the debts or obligations of the designated entity. All 30 debts and obligations of the designated entity shall be payable 31 solely from the designated entity’s funds. The state shall 32 not guarantee any obligation of or have any obligation to the 33 designated entity. 34 3. The articles of incorporation of the designated entity 35 -11- LSB 5482HV (4) 90 pf/ko 11/ 18

H.F. 2623 shall provide for its the designated entity’s governance and 1 its efficient management. In providing for its the designated 2 entity’s governance, the articles of incorporation of the 3 designated entity shall address the following: 4 a. A governing board of directors to govern the designated 5 entity. 6 b. The appointment of a chief executive officer by the 7 governing board to manage the designated entity’s daily 8 operations. 9 c. The delegation of such powers and responsibilities to the 10 chief executive officer as may be necessary for the designated 11 entity’s efficient operation. 12 d. The employment of personnel necessary for the efficient 13 performance of the duties assigned to the designated entity. 14 All such personnel shall be considered employees of a private, 15 nonprofit corporation and shall be exempt from the personnel 16 requirements imposed on state agencies, departments, and 17 administrative units. 18 e. The financial operations of the designated entity 19 including the authority to receive and expend funds from public 20 and private sources and to use its property, money, or other 21 resources for the purpose of the designated entity. 22 Sec. 5. Section 135D.6, Code 2024, is amended to read as 23 follows: 24 135D.6 Board of directors Governing board —— composition —— 25 duties. 26 1. The designated entity shall be administered by a 27 governing board of directors . 28 2. A single industry shall not be disproportionately 29 represented as voting members of the governing board. The 30 governing board shall include at least one member who is a 31 consumer of health services and a majority of the voting 32 members of the governing board shall be representative of 33 participants in the Iowa health information network. The 34 director of health and human services or the director’s 35 -12- LSB 5482HV (4) 90 pf/ko 12/ 18

H.F. 2623 designee and the director of the Medicaid program or the 1 director’s designee shall act as voting members of the 2 governing board. The commissioner of insurance shall act 3 as an ex officio, nonvoting member of the governing board. 4 Individuals serving in an ex officio, nonvoting capacity shall 5 not be included in the total number of individuals authorized 6 as members of the governing board. 7 3. The governing board of directors shall do all of the 8 following: 9 a. Ensure that the designated entity enters into contracts 10 with each state agency necessary for state reporting 11 requirements. 12 b. Develop, implement, and enforce the following: 13 (1) A single patient identifier or alternative mechanism 14 to share secure patient health information and data that is 15 utilized by all health care professionals. 16 (2) Standards, requirements, policies, and procedures for 17 access to, use, secondary use, privacy, and security of health 18 information and data, including clinical information, exchanged 19 through the Iowa health information network, consistent with 20 applicable federal and state standards and laws. 21 c. Direct a public and private collaborative effort to 22 promote the adoption and use of health information technology 23 in the state to improve health care quality, increase patient 24 safety, reduce health care costs, enhance public health, 25 and empower individuals and health care professionals with 26 comprehensive, real-time medical information to provide 27 continuity of care and make the best health care decisions. 28 d. Educate the public and the health care sector about 29 the value of health information technology in improving 30 patient care, and methods to promote increased support and 31 collaboration of state and local public health agencies, 32 health care professionals, and consumers in health information 33 technology initiatives. 34 e. Work to align interstate and intrastate interoperability 35 -13- LSB 5482HV (4) 90 pf/ko 13/ 18

H.F. 2623 standards in accordance with national health information 1 exchange standards. 2 f. Provide an annual budget and fiscal report for the Iowa 3 health information network to the governor, the department 4 of health and human services , the department of management, 5 the chairs and ranking members of the legislative government 6 oversight standing committees, and the legislative services 7 agency. The report shall also include information about the 8 services provided through the network and information on the 9 participant usage of the network. 10 g. Ensure any health information and data within the Iowa 11 health information network is shared and accessed according to 12 all applicable state and federal laws and standards, including 13 HIPAA, to uphold the privacy and security of a patient’s 14 protected health information. 15 Sec. 6. Section 135D.7, Code 2024, is amended to read as 16 follows: 17 135D.7 Legal and policy —— liability —— confidentiality. 18 1. The governing board shall implement industry-accepted 19 security standards, policies, and procedures to protect the 20 transmission and receipt of protected health information and 21 data exchanged through the Iowa health information network, 22 which shall, at a minimum, comply with HIPAA and shall include 23 all of the following: 24 a. A secure and traceable electronic audit system to 25 document and monitor the sender and recipient of health 26 information exchanged through the Iowa health information 27 network. 28 b. A required standard participation agreement which 29 defines the minimum privacy and security obligations of all 30 participants using the Iowa health information network and 31 services available through the Iowa health information network. 32 c. The opportunity for a patient to decline exchange of the 33 patient’s health information or data through the record locator 34 service of the Iowa health information network. 35 -14- LSB 5482HV (4) 90 pf/ko 14/ 18

H.F. 2623 (1) A patient shall not be denied care or treatment for 1 declining to exchange the patient’s health information or data , 2 in whole or in part, through the network. 3 (2) The governing board shall provide the means and process 4 by which a patient may decline participation. The means and 5 process utilized shall minimize the burden on patients and 6 health care professionals. 7 (3) Unless otherwise authorized by law or rule, a patient’s 8 decision to decline participation means that none of the 9 patient’s health information or data shall be accessible 10 through the record locator service function of the Iowa health 11 information network. A patient’s decision to decline having 12 health information or data shared through the record locator 13 service function shall not limit a health care professional 14 with whom the patient has or is considering a treatment 15 relationship from sharing health information concerning the 16 patient through the secure messaging function of the Iowa 17 health information network. 18 (4) A patient who declines participation in the Iowa health 19 information network may later decide to have the patient’s 20 health information or data shared through the network. A 21 patient who is participating in the network may later decline 22 participation in the network. 23 2. A participant shall not be compelled by subpoena, court 24 order, or other process of law to access health information or 25 data through the Iowa health information network in order to 26 gather records or information not created by the participant. 27 3. A participant exchanging health information and data 28 through the Iowa health information network shall grant to 29 other participants of the network a nonexclusive license to 30 retrieve and use that health information or data in accordance 31 with applicable state and federal laws, and the policies and 32 standards established by the governing board. 33 4. A health care professional who relies reasonably and 34 in good faith upon any health information or data provided 35 -15- LSB 5482HV (4) 90 pf/ko 15/ 18

H.F. 2623 through the Iowa health information network in the treatment of 1 a patient who is the subject of the health information or data 2 shall be immune from criminal or civil liability arising from 3 the damages caused by such reasonable, good-faith reliance. 4 Such immunity shall not apply to acts or omissions constituting 5 negligence, recklessness, or intentional misconduct. 6 5. A participant who has disclosed health information or 7 data through the Iowa health information network in compliance 8 with applicable law and the standards, requirements, policies, 9 procedures, and agreements of the Iowa health information 10 network shall not be subject to criminal or civil liability 11 for the use or disclosure of the health information or data by 12 another participant. 13 6. The following records shall be confidential records 14 pursuant to chapter 22 , unless otherwise ordered by a court or 15 consented to by the patient or by a person duly authorized to 16 release such information: 17 a. The health information contained in, stored in, submitted 18 to, transferred or exchanged by, or released from the Iowa 19 health information network. 20 b. Any health information or data in the possession of the 21 governing board due to its administration and governance of the 22 Iowa health information network. 23 7. Unless otherwise provided in this chapter , when 24 sharing health information or data through the Iowa health 25 information network or through a private health information 26 network maintained in this state that complies with the privacy 27 and security requirements of this chapter for the purposes 28 of patient treatment, payment or health care operations, 29 as such terms are defined in HIPAA, or for the purposes of 30 public health activities or care coordination, a participant 31 authorized by the designated entity to use the record locator 32 service is exempt from any other state law that is more 33 restrictive than HIPAA that would otherwise prevent or hinder 34 the exchange of patient information or data by the participant. 35 -16- LSB 5482HV (4) 90 pf/ko 16/ 18

H.F. 2623 8. A patient aggrieved or adversely affected by the 1 designated entity’s failure to comply with subsection 1, 2 paragraph “c” , may bring a civil action for equitable relief as 3 the court deems appropriate. 4 Sec. 7. NEW SECTION . 135D.8 Funding. 5 The department may expend funds appropriated to or received 6 by the department for the purposes of this chapter to carry out 7 the requirements of this chapter. 8 EXPLANATION 9 The inclusion of this explanation does not constitute agreement with 10 the explanation’s substance by the members of the general assembly. 11 This bill relates to the Iowa health information network 12 (IHIN) under Code chapter 135D (Iowa health information 13 network) and the functioning of the IHIN as a state-designated 14 health data utility (state-designated HDU). 15 The bill includes definitions used in the bill. 16 The bill requires the designated entity to administer 17 and govern the IHIN and thereby, also operate and govern the 18 state-designated HDU for the state. “Health data utility” is 19 defined under the bill as a locally governed, multifaceted 20 resource that provides services for the interchange of health 21 data within the health care and public health ecosystems for 22 the purpose of advancing health care and improving public 23 health outcomes. A “health data utility” combines, enhances, 24 and exchanges electronic health data across care and service 25 settings for treatment, care coordination, quality improvement, 26 and public and community health purposes, in accordance with 27 applicable state and federal laws protecting patient privacy. 28 The bill provides the principles, purposes, and composition 29 requirements for the state-designated HDU, including that the 30 state-designated HDU include information and data from a health 31 information exchange, a pharmacy information exchange, a payor 32 information exchange, and a community information exchange. 33 The bill requires certain entities to participate with the 34 state-designated HDU by specified dates. 35 -17- LSB 5482HV (4) 90 pf/ko 17/ 18