H.F. _____ Section 1. Section 135D.1, Code 2024, is amended to read as 1 follows: 2 135D.1 Short title. 3 This chapter shall be known and may be cited as the “Iowa 4 Health Information Network and Health Data Utility Act” . 5 Sec. 2. Section 135D.2, Code 2024, is amended to read as 6 follows: 7 135D.2 Definitions. 8 As used in this chapter , unless the context otherwise 9 requires: 10 1. “Board of directors” or “board” means the entity that 11 governs and administers the Iowa health information network. 12 2. 1. “Care coordination” means the management of all 13 aspects of a patient’s care to improve health care quality. 14 2. “Community information exchange” means an ecosystem 15 comprised of multidisciplinary network participants that 16 use standardized technical language, a resource database, 17 and an integrated technology platform to deliver enhanced 18 community care planning using care planning tools that enable 19 participants to integrate data from multiple sources and make 20 bidirectional referrals to create a shared longitudinal record. 21 3. “Department” means the department of health and human 22 services. 23 4. “Designated entity” means the nonprofit corporation 24 designated by the department through a competitive process as 25 the entity responsible for administering and governing the Iowa 26 health information network and the state-designated health data 27 utility . 28 5. “Exchange” means the authorized electronic sharing of 29 health information and data between health care professionals, 30 payors, consumers, public health agencies, the designated 31 entity, the department, and other authorized participants 32 utilizing the Iowa health information network , and Iowa health 33 information network services , and the state-designated HDU . 34 6. “Federally qualified health center” means a health care 35 -1- LSB 5482YC (11) 90 pf/ko 1/ 17

H.F. _____ entity that receives grant funding under section 330 of the 1 federal Public Health Service Act, Pub. L. No. 78-410. 2 7. “Governing board” means the board of directors that 3 governs and administers the designated entity. 4 6. 8. “Health care professional” means a person who is 5 licensed, certified, or otherwise authorized or permitted by 6 the law of this state to administer health care in the ordinary 7 course of business or in the practice of a profession. 8 9. “Health data utility” means a locally governed, 9 statewide, multifaceted resource that provides services for the 10 interchange of health data within the health care and public 11 health ecosystems for the purpose of advancing health care 12 and improving public health outcomes. A “health data utility” 13 combines, enhances, and exchanges electronic health data across 14 care and service settings for treatment, care coordination, 15 quality improvement, and public and community health purposes, 16 in accordance with applicable state and federal laws protecting 17 patient privacy. 18 7. 10. “Health information” means health information as 19 defined in 45 C.F.R. §160.103 that is created or received by an 20 authorized a participant. 21 11. “Health information exchange” means participants 22 contributing to the sharing and movement of health information 23 electronically across participants within a state, region, 24 community, or health care delivery system. 25 12. “Health information network” means participants in the 26 health information exchange in the aggregate. 27 8. 13. “Health information technology” means the 28 application of information processing, involving both computer 29 hardware and software, that deals with the storage, retrieval, 30 sharing, and use of health care information, data, and 31 knowledge for communication, decision making, quality, safety, 32 and efficiency of clinical practice, and may include but is not 33 limited to: 34 a. An electronic health record that electronically compiles 35 -2- LSB 5482YC (11) 90 pf/ko 2/ 17

H.F. _____ and maintains health information that may be derived from 1 multiple sources about the health status of an individual , and 2 may include a core subset of each care delivery organization’s 3 electronic medical record such as a continuity of care record 4 or a continuity of care document, computerized physician order 5 entry, electronic prescribing, or clinical decision support. 6 b. A personal health record through which an individual and 7 any other person authorized by the individual can maintain and 8 manage the individual’s health information. 9 c. An electronic medical record that is used by health care 10 professionals to electronically document, monitor, and manage 11 health care delivery within a care delivery organization, is 12 the legal record of the patient’s encounter with the care 13 delivery organization, and is owned by the care delivery 14 organization. 15 d. A computerized provider health care professional 16 order entry function that permits the electronic ordering of 17 diagnostic and treatment services, including prescription 18 drugs. 19 e. A decision support function to assist physicians and 20 other health care providers professionals in making clinical 21 decisions by providing electronic alerts and reminders to 22 improve compliance with best practices, promote regular 23 screenings and other preventive practices, and facilitate 24 diagnosis and treatments treatment . 25 f. Tools to allow for the collection, analysis, and 26 reporting of information or data on adverse events, the quality 27 and efficiency of care, patient satisfaction, and other health 28 care-related performance measures. 29 9. 14. “Health Insurance Portability and Accountability 30 Act” or “HIPAA” means the federal Health Insurance Portability 31 and Accountability Act of 1996, Pub. L. No. 104-191, including 32 amendments thereto and regulations promulgated thereunder. 33 10. 15. “Hospital” means a licensed hospital as defined in 34 section 135B.1 . 35 -3- LSB 5482YC (11) 90 pf/ko 3/ 17

H.F. _____ 11. 16. “Interoperability” means the ability of two or more 1 systems or components to exchange information or data in an 2 accurate, effective, secure, and consistent manner and to use 3 the information or data that has been exchanged and includes 4 but is not limited to: 5 a. The capacity to connect to a network for the purpose of 6 exchanging information or data with other users. 7 b. The ability of a connected , authenticated user 8 participant to demonstrate appropriate permissions to 9 participate in the instant transaction over the network or the 10 state-designated HDU . 11 c. The capacity of a connected , authenticated user 12 participant to access, transmit, receive, and exchange usable 13 information with other users participants . 14 12. 17. “Iowa health information network” or “network” means 15 the statewide health information technology network that is 16 the state-designated exchange and the sole statewide health 17 information network for Iowa pursuant to this chapter . 18 13. 18. “Medicaid program” means the medical assistance 19 program as defined in section 249A.2 . 20 19. “Nursing facility” means a licensed nursing facility as 21 defined in section 135C.1. 22 14. 20. “Participant” means an authorized health care 23 professional, payor, patient, health care organization, public 24 health agency, or the department entity described in section 25 135D.4 that has agreed entered into an agreement to authorize, 26 submit, access, or disclose health information and data through 27 the Iowa health information network or the state-designated HDU 28 in accordance with this chapter and all applicable laws, rules, 29 agreements, policies, and standards. 30 15. 21. “Patient” means a person who has received or is 31 receiving health services from a health care professional. 32 16. 22. “Payor” means a person who makes payments for 33 health services, including but not limited to an insurance 34 company, self-insured employer, government program, individual, 35 -4- LSB 5482YC (11) 90 pf/ko 4/ 17

H.F. _____ or other purchaser that makes such payments. 1 23. “Payor information exchange” means a large-scale 2 database that systematically collects health care claims data 3 from a variety of payor sources, including claims from health 4 care professionals. 5 24. “Pharmacy” means a pharmacy as defined in section 6 155A.3. 7 25. “Pharmacy information exchange” means the participants 8 contributing to the sharing and movement of dispensed pharmacy 9 information electronically across participants within a state, 10 region, community, or health care delivery system. 11 17. 26. “Protected health information” means protected 12 health information as defined in 45 C.F.R. §160.103 that is 13 created or received by an authorized a participant. 14 18. 27. “Public health activities” means actions taken by 15 a participant in its the participant’s capacity as a public 16 health authority under the Health Insurance Portability and 17 Accountability Act or as required or permitted by other federal 18 or state law. 19 19. 28. “Public health agency” means an entity that is 20 governed by or contractually responsible to a local board of 21 health or the department to provide services focused on the 22 health status of population groups and their the population 23 groups’ environments. 24 20. 29. “Record locator service” means the functionality of 25 the Iowa health information network that queries data sources 26 to locate and identify potential patient records. 27 30. “Rehabilitative services” means the same as defined in 28 section 135C.1. 29 31. “Social care” means any care, service, good, or supply 30 related to an individual’s social needs. “Social care” 31 includes but is not limited to support and assistance for an 32 individual’s food stability and nutritional needs, housing, 33 transportation, economic stability, employment, education 34 access and quality, childcare and family relationship needs, 35 -5- LSB 5482YC (11) 90 pf/ko 5/ 17

H.F. _____ and environmental and physical safety. 1 32. “Social care referral system” means a system that shares 2 an individual’s social care information for the purpose of 3 referrals among health care entities, public health agencies, 4 and community-based organizations. “Social care referral 5 system” includes but is not limited to a network, software, or 6 technology platform. 7 33. “State-designated health data utility” or 8 “state-designated HDU” means the health data utility designated 9 by the state under this chapter. 10 34. “State-designated health information exchange” or 11 “state-designated exchange” means the Iowa health information 12 network. 13 Sec. 3. Section 135D.3, subsection 1, paragraph c, Code 14 2024, is amended to read as follows: 15 c. A health information network involves the secure 16 electronic sharing of health information across the boundaries 17 of individual practice and institutional health settings and 18 with consumers. The broad use of health information technology 19 and a health information network should improve improves health 20 care quality and the overall health of the population, increase 21 increases efficiencies in administrative health care, reduce 22 reduces unnecessary health care costs, and help helps prevent 23 medical errors. 24 Sec. 4. Section 135D.4, subsection 2, paragraph b, Code 25 2024, is amended to read as follows: 26 b. The network provides a variety of services from which to 27 choose in order to best fit the needs of the user participant . 28 Sec. 5. Section 135D.4, subsection 3, paragraph b, Code 29 2024, is amended to read as follows: 30 b. Participants The opportunity for participants without an 31 electronic health records system to access health information 32 from the Iowa health information network. 33 Sec. 6. NEW SECTION . 135D.4A State-designated health data 34 utility —— principles —— intent —— technical infrastructure 35 -6- LSB 5482YC (11) 90 pf/ko 6/ 17

H.F. _____ requirements. 1 1. a. A state-designated health data utility facilitates 2 the secure electronic sharing of health information and data 3 across a variety of settings including health care delivery 4 settings, payors, social care entities, and consumers. 5 b. A state-designated HDU is designed to achieve better 6 health care outcomes, improve the overall health and well-being 7 of the people of the state, and reduce the cost of health 8 care by creating a more seamless, transparent, and modernized 9 approach to the sharing of health information and data. 10 c. Utilization of health information and data requires 11 appropriate governance and policy leadership. The 12 state-designated HDU provides clear data governance, privacy, 13 and security policies to facilitate the sharing of health 14 information and data, ensuring that the health information and 15 data follow the patient and improve the health of all citizens 16 of the state. 17 d. Health care professionals and entities have been subject 18 to HIPAA since 1996, and HIPAA has driven initial efforts to 19 develop a culture and infrastructure of health information 20 governance. As holders of personal information, state agencies 21 have a responsibility to demonstrate to the public the state’s 22 commitment to respecting personal privacy. 23 e. Health care entities have a duty to share health 24 information and data, in accordance with applicable law, with 25 other health care entities to ensure that optimal patient 26 and population health is achieved. To further demonstrate 27 the commitment to privacy, the state-designated HDU provides 28 opt-out policies and procedures to allow patients to opt out of 29 health information and data sharing. 30 2. The purposes of the state-designated HDU include all of 31 the following: 32 a. The transmittal, collection, aggregation, and analysis 33 of clinical information, public health data, and health 34 administrative and operations data to assist the department, 35 -7- LSB 5482YC (11) 90 pf/ko 7/ 17

H.F. _____ local health departments, health care professionals, patients, 1 policymakers, and the governing board in understanding the 2 population health of Iowa. 3 b. The enhancement and acceleration of the interoperability 4 of health information and data throughout the state, ensuring 5 compliance with all applicable privacy and security laws and 6 regulations. 7 c. The empowerment of patients in accessing and directing 8 their health information and data, health care costs, and 9 overall health to improve quality of life in the state. 10 3. It is the intent of the general assembly that the 11 state-designated HDU shall not constitute a health benefit 12 network or a health insurance network. 13 4. A state-designated HDU is created and shall operate 14 as a public-private partnership. The state-designated HDU 15 shall provide health information and data, in accordance with 16 applicable law, to patients and organizations involved in the 17 treatment and care coordination of patients, and shall support 18 the health goals of the community and the state. 19 5. The designated entity shall administer and govern 20 the state-designated HDU. The state-designated HDU shall be 21 comprised of all of the following data sources: 22 a. A health information exchange. The governing board 23 shall adopt health care information interoperability standards 24 for the health information exchange. The minimum standard of 25 sharing shall be the most recently approved version of the 26 United States core data of interoperability. The minimum 27 standard of sharing may be enhanced by the governing board. 28 b. A pharmacy information exchange. 29 (1) Unless otherwise prohibited by state or federal law, 30 each licensed pharmacy that dispenses prescription drugs to 31 patients in the state shall provide all dispensed prescription 32 information to the state-designated HDU in compliance with all 33 applicable state and federal rules. 34 (2) The governing board shall adopt interoperability 35 -8- LSB 5482YC (11) 90 pf/ko 8/ 17

H.F. _____ standards, data elements, and terminologies necessary to 1 provide data in as close to real time as possible to facilitate 2 data exchange. 3 c. A payor information exchange. The governing board shall 4 adopt the interoperability standards for claims data sharing by 5 all payors required to share data. 6 d. A community information exchange. The governing board 7 shall adopt the interoperability standards for data sharing by 8 social care entities specified by the governing board. 9 6. By December 31, 2024, all hospitals, critical access 10 hospitals, general acute care hospitals, rehabilitative 11 hospitals, provider clinics, ambulatory surgical centers, 12 mental health and substance use treatment centers, psychiatric 13 or mental hospitals, facilities providing rehabilitative 14 services, imaging centers, laboratories, federally qualified 15 health centers, and payors in the state shall be participants 16 with the state-designated HDU, and shall share all data in 17 accordance with standards, policies, and procedures adopted by 18 the governing board pursuant to this chapter. 19 7. By March 31, 2025, all entities utilizing digital 20 technology for the purposes of social care referral and 21 care coordination in the state, including but not limited to 22 community-based organizations, shall be participants with the 23 state-designated HDU, and shall share data in accordance with 24 federal interoperability guidance and policies adopted by the 25 governing board pursuant to this chapter. 26 8. By December 31, 2025, all health clinics, public health 27 clinics, urgent care facilities, nursing facilities, and 28 pharmacies shall be participants with the state-designated 29 HDU, and shall share all data in accordance with policies and 30 procedures adopted by the governing board pursuant to this 31 chapter. 32 Sec. 7. Section 135D.5, Code 2024, is amended to read as 33 follows: 34 135D.5 Designated entity —— selection, administration , and 35 -9- LSB 5482YC (11) 90 pf/ko 9/ 17

H.F. _____ governance. 1 1. The Iowa health information network and the 2 state-designated HDU shall be administered and governed 3 by a designated entity selected by the department through 4 a competitive process. The designated entity shall be 5 established as a nonprofit corporation organized under 6 chapter 504 . Unless otherwise provided in this chapter , the 7 corporation is subject to the provisions of chapter 504 . 8 The designated entity shall be established for the purpose 9 of administering and governing the statewide Iowa health 10 information network. 11 2. The designated entity shall collaborate with the 12 department, but the designated entity shall not be considered, 13 in whole or in part, an agency, department, or administrative 14 unit of the state. 15 a. The designated entity shall not be required to comply 16 with any requirements that apply to a state agency, department, 17 or administrative unit and shall not exercise any sovereign 18 power of the state. 19 b. The designated entity does not have authority to pledge 20 the credit of the state. The assets and liabilities of 21 the designated entity shall be separate from the assets and 22 liabilities of the state and the state shall not be liable 23 for the debts or obligations of the designated entity. All 24 debts and obligations of the designated entity shall be payable 25 solely from the designated entity’s funds. The state shall 26 not guarantee any obligation of or have any obligation to the 27 designated entity. 28 3. The articles of incorporation of the designated entity 29 shall provide for its the designated entity’s governance and 30 its efficient management. In providing for its the designated 31 entity’s governance, the articles of incorporation of the 32 designated entity shall address the following: 33 a. A governing board of directors to govern the designated 34 entity. 35 -10- LSB 5482YC (11) 90 pf/ko 10/ 17

H.F. _____ b. The appointment of a chief executive officer by the 1 governing board to manage the designated entity’s daily 2 operations. 3 c. The delegation of such powers and responsibilities to the 4 chief executive officer as may be necessary for the designated 5 entity’s efficient operation. 6 d. The employment of personnel necessary for the efficient 7 performance of the duties assigned to the designated entity. 8 All such personnel shall be considered employees of a private, 9 nonprofit corporation and shall be exempt from the personnel 10 requirements imposed on state agencies, departments, and 11 administrative units. 12 e. The financial operations of the designated entity 13 including the authority to receive and expend funds from public 14 and private sources and to use its property, money, or other 15 resources for the purpose of the designated entity. 16 Sec. 8. Section 135D.6, Code 2024, is amended to read as 17 follows: 18 135D.6 Board of directors Governing board —— composition —— 19 duties. 20 1. The designated entity shall be administered by a 21 governing board of directors . 22 2. A single industry shall not be disproportionately 23 represented as voting members of the governing board. The 24 governing board shall include at least one member who is a 25 consumer of health services and a majority of the voting 26 members of the governing board shall be representative of 27 participants in the Iowa health information network and 28 the state-designated HDU . The director of health and human 29 services or the director’s designee and the director of the 30 Medicaid program or the director’s designee shall act as 31 voting members of the governing board. The commissioner of 32 insurance shall act as an ex officio, nonvoting member of 33 the governing board. Individuals serving in an ex officio, 34 nonvoting capacity shall not be included in the total number of 35 -11- LSB 5482YC (11) 90 pf/ko 11/ 17

H.F. _____ individuals authorized as members of the governing board. 1 3. The governing board of directors shall do all of the 2 following: 3 a. Ensure that the designated entity enters into contracts 4 with each state agency necessary for state reporting 5 requirements. 6 b. Develop, implement, and enforce the following: 7 (1) A single patient identifier or alternative mechanism 8 to share secure patient health information and data that is 9 utilized by all health care professionals. 10 (2) Standards, requirements, policies, and procedures 11 for access to, use, secondary use, privacy, and security of 12 health information and data, including clinical information, 13 exchanged through the Iowa health information network and the 14 state-designated HDU , consistent with applicable federal and 15 state standards and laws. 16 c. Direct a public and private collaborative effort to 17 promote the adoption and use of health information technology 18 in the state to improve health care quality, increase patient 19 safety, reduce health care costs, enhance public health, 20 and empower individuals and health care professionals with 21 comprehensive, real-time medical information to provide 22 continuity of care and make the best health care decisions. 23 d. Educate the public and the health care sector about 24 the value of health information technology in improving 25 patient care, and methods to promote increased support and 26 collaboration of state and local public health agencies, 27 health care professionals, and consumers in health information 28 technology initiatives. 29 e. Work to align interstate and intrastate interoperability 30 standards in accordance with national health information 31 exchange standards. 32 f. Provide an annual budget and fiscal report for the Iowa 33 health information network and the state-designated HDU to the 34 governor, the department of health and human services , the 35 -12- LSB 5482YC (11) 90 pf/ko 12/ 17

H.F. _____ department of management, the chairs and ranking members of the 1 legislative government oversight standing committees, and the 2 legislative services agency. The report shall also include 3 information about the services provided through the network and 4 the state-designated HDU and information on the participant 5 usage of the network and the state-designated HDU . 6 g. Ensure any health information and data within the 7 state-designated HDU is shared and accessed according to all 8 applicable state and federal laws and standards, including 9 HIPAA, to uphold the privacy and security of a patient’s 10 protected health information. 11 Sec. 9. Section 135D.7, Code 2024, is amended to read as 12 follows: 13 135D.7 Legal and policy —— liability —— confidentiality. 14 1. The governing board shall implement industry-accepted 15 security standards, policies, and procedures to protect the 16 transmission and receipt of protected health information and 17 data exchanged through the Iowa health information network and 18 the state-designated HDU , which shall, at a minimum, comply 19 with HIPAA and shall include all of the following: 20 a. A secure and traceable electronic audit system to 21 document and monitor the sender and recipient of health 22 information exchanged through the Iowa health information 23 network. 24 b. A required standard participation agreement which 25 defines the minimum privacy and security obligations of all 26 participants using the Iowa health information network or the 27 state-designated HDU, and services available through the Iowa 28 health information network and the state-designated HDU . 29 c. The opportunity for a patient to decline exchange of the 30 patient’s health information or data through the record locator 31 service of the Iowa health information network or through the 32 state-designated HDU . 33 (1) A patient shall not be denied care or treatment for 34 declining to exchange the patient’s health information or 35 -13- LSB 5482YC (11) 90 pf/ko 13/ 17

H.F. _____ data , in whole or in part, through the network or through the 1 state-designated HDU . 2 (2) The governing board shall provide the means and process 3 by which a patient may decline participation. The means and 4 process utilized shall minimize the burden on patients and 5 health care professionals. 6 (3) Unless otherwise authorized by law or rule, a patient’s 7 decision to decline participation means that none of the 8 patient’s health information or data shall be accessible 9 through the record locator service function of the Iowa health 10 information network or through the state-designated HDU . A 11 patient’s decision to decline having health information or 12 data shared through the record locator service function or 13 through the state-designated HDU shall not limit a health 14 care professional with whom the patient has or is considering 15 a treatment relationship from sharing health information 16 concerning the patient through the secure messaging function of 17 the Iowa health information network. 18 (4) A patient who declines participation in the Iowa 19 health information network or the state-designated HDU may 20 later decide to have the patient’s health information or data 21 shared through the network or through the state-designated 22 HDU . A patient who is participating in the network or the 23 state-designated HDU may later decline participation in the 24 network or the state-designated HDU . 25 2. A participant shall not be compelled by subpoena, court 26 order, or other process of law to access health information or 27 data through the Iowa health information network or through the 28 state-designated HDU in order to gather records or information 29 not created by the participant. 30 3. A participant exchanging health information and data 31 through the Iowa health information network or through the 32 state-designated HDU shall grant to other participants of the 33 network or the state-designated HDU a nonexclusive license to 34 retrieve and use that health information or data in accordance 35 -14- LSB 5482YC (11) 90 pf/ko 14/ 17

H.F. _____ with applicable state and federal laws, and the policies and 1 standards established by the governing board. 2 4. A health care professional who relies reasonably and 3 in good faith upon any health information or data provided 4 through the Iowa health information network or through the 5 state-designated HDU in the treatment of a patient who is the 6 subject of the health information or data shall be immune 7 from criminal or civil liability arising from the damages 8 caused by such reasonable, good-faith reliance. Such immunity 9 shall not apply to acts or omissions constituting negligence, 10 recklessness, or intentional misconduct. 11 5. A participant who has disclosed health information or 12 data through the Iowa health information network or through the 13 state-designated HDU in compliance with applicable law and the 14 standards, requirements, policies, procedures, and agreements 15 of the Iowa health information network or the state-designated 16 HDU shall not be subject to criminal or civil liability for the 17 use or disclosure of the health information or data by another 18 participant. 19 6. The following records shall be confidential records 20 pursuant to chapter 22 , unless otherwise ordered by a court or 21 consented to by the patient or by a person duly authorized to 22 release such information: 23 a. The health information contained in, stored in, submitted 24 to, transferred or exchanged by, or released from the Iowa 25 health information network or the state-designated HDU . 26 b. Any health information or data in the possession of the 27 governing board due to its administration and governance of the 28 Iowa health information network or the state-designated HDU . 29 7. Unless otherwise provided in this chapter , when sharing 30 health information or data through the Iowa health information 31 network or , through the state-designated HDU, or through a 32 private health information network maintained in this state 33 that complies with the privacy and security requirements of 34 this chapter for the purposes of patient treatment, payment , 35 -15- LSB 5482YC (11) 90 pf/ko 15/ 17

H.F. _____ or health care operations, as such terms are defined in 1 HIPAA, or for the purposes of public health activities or care 2 coordination, a participant authorized by the designated entity 3 to use the record locator service or the state-designated HDU 4 is exempt from any other state law that is more restrictive 5 than HIPAA that would otherwise prevent or hinder the exchange 6 of patient information or data by the participant. 7 8. A patient aggrieved or adversely affected by the 8 designated entity’s failure to comply with subsection 1, 9 paragraph “c” , may bring a civil action for equitable relief as 10 the court deems appropriate. 11 Sec. 10. NEW SECTION . 135D.8 Funding. 12 The department may expend funds appropriated to or received 13 by the department for the purposes of this chapter to carry out 14 the requirements of this chapter. 15 EXPLANATION 16 The inclusion of this explanation does not constitute agreement with 17 the explanation’s substance by the members of the general assembly. 18 This bill relates to the Iowa health information network 19 (IHIN) under Code chapter 135D (Iowa health information 20 network) and a state-designated health data utility (HDU). 21 The bill includes definitions used in the bill. 22 The bill requires the designated entity to administer and 23 govern the state-designated HDU for the state. “Health data 24 utility” is defined under the bill as a locally governed, 25 multifaceted resource that provides services for the 26 interchange of health data within the health care and public 27 health ecosystems for the purpose of advancing health care and 28 improving public health outcomes. A “health data utility” 29 combines, enhances, and exchanges electronic health data across 30 care and service settings for treatment, care coordination, 31 quality improvement, and public and community health purposes, 32 in accordance with applicable state and federal laws protecting 33 patient privacy. 34 The bill provides the principles, intent, and technical 35 -16- LSB 5482YC (11) 90 pf/ko 16/ 17

H.F. _____ infrastructure requirements for the state-designated HDU, 1 including that the state-designated HDU include data from a 2 health information exchange, a pharmacy information exchange, 3 a payor information exchange, and a community information 4 exchange. 5 The bill requires certain entities to participate in the 6 state-designated HDU by specified dates. 7 The bill provides that the department of health and human 8 services (HHS) may expend funds appropriated to or received by 9 HHS for the purposes of the bill to carry out the requirements 10 of the bill. 11 -17- LSB 5482YC (11) 90 pf/ko 17/ 17