(a)  There shall be established a statewide HIE under state authority to allow for the electronic mobilization of confidential healthcare information in Rhode Island. Confidential healthcare information may only be accessed, released, or transferred from the HIE in accordance with this chapter.

Ask a legal question, get an answer ASAP!
Click here to chat with a lawyer about your rights.

Terms Used In Rhode Island General Laws 5-37.7-4

  • Amendment: A proposal to alter the text of a pending bill or other measure by striking out some of it, by inserting new language, or both. Before an amendment becomes part of the measure, thelegislature must agree to it.
  • Business associate: means a business associate as defined by HIPAA. See Rhode Island General Laws 5-37.7-3
  • Confidential healthcare information: means all information relating to a patient's healthcare history, diagnosis, condition, treatment, or evaluation. See Rhode Island General Laws 5-37.7-3
  • Electronic mobilization: means the capability to move confidential health information electronically between disparate healthcare information systems while maintaining the accuracy of the information being exchanged. See Rhode Island General Laws 5-37.7-3
  • HIE: means the technical system operated, or to be operated, by the RHIO under state authority allowing for the statewide electronic mobilization of confidential healthcare information, pursuant to this chapter. See Rhode Island General Laws 5-37.7-3
  • HIPAA: means the Health Insurance Portability and Accountability Act of 1996, as amended. See Rhode Island General Laws 5-37.7-3
  • Obligation: An order placed, contract awarded, service received, or similar transaction during a given period that will require payments during the same or a future period.
  • Opt out: means the ability of a patient to choose to not have their confidential healthcare information disclosed from HIE in accordance with Rhode Island General Laws 5-37.7-3
  • Patient: means a person who receives healthcare services from a provider participant. See Rhode Island General Laws 5-37.7-3
  • Provider participant: means a pharmacy, laboratory, healthcare provider, or health plan who or that is providing healthcare services or pays for the cost of healthcare services for a patient and/or is submitting and/or accessing healthcare information through the HIE and has executed an electronic and/or written agreement regarding disclosure, access, receipt, retention, or release of confidential healthcare information from the HIE. See Rhode Island General Laws 5-37.7-3
  • RHIO: means the organization designated as the RHIO by the state to provide administrative and operational support to the HIE. See Rhode Island General Laws 5-37.7-3

(b)  The state has an interest in encouraging use of the HIE by all interested parties, including, but not limited to, healthcare providers, patients, health plans, entities submitting information to the HIE, entities obtaining information from the HIE, and the RHIO.

(c)  Except as provided in § 5-37.7-7(b), patients shall have the choice to opt out of having their confidential healthcare information disclosed from the HIE through the process defined in regulations in accordance with § 5-37.7-5.

(d)  Provider participants must continue to maintain their own medical record meeting the documentation and other standards imposed by otherwise applicable law.

(e)  The state agencies may submit to the HIE and/or receive from the HIE applicable confidential healthcare information for public health purposes.

(f)  Nothing contained herein shall have an impact on the content of, or use or disclosure of, confidential healthcare information of patients that is held in locations other than the HIE. Nothing in this chapter shall be construed to limit, change, or otherwise affect entities’ rights to exchange confidential healthcare information in accordance with other applicable laws.

(g)  The state hereby imposes on the HIE and the RHIO as a matter of state law, the obligation to maintain, and abide by the terms of, HIPAA-compliant business associate agreements, including, without limitation, the obligations to use appropriate safeguards to prevent use or disclosure of confidential healthcare information in accordance with HIPAA, other state and federal laws, and this chapter; not to use or disclose confidential healthcare information other than as permitted by HIPAA and this chapter; or to make any amendment to a confidential healthcare record that a provider participant so directs; and to respond to a request by a patient to make an amendment to the patient’s healthcare record.

History of Section.
P.L. 2008, ch. 171, § 2; P.L. 2008, ch. 466, § 2; P.L. 2016, ch. 67, § 1; P.L. 2016, ch. 71, § 1; P.L. 2021, ch. 362, § 1, effective July 12, 2021; P.L. 2021, ch. 364, § 1, effective July 12, 2021.