Hawaii 2025 Regular Session

Hawaii House Bill HR194 Compare Versions

Only one version of the bill is available at this time.

Old	New	Differences
1	1	HOUSE OF REPRESENTATIVES H.R. NO. 194 THIRTY-THIRD LEGISLATURE, 2025 STATE OF HAWAII HOUSE RESOLUTION strongly supporting and recommending the implementation of the revised 2025 hawaii patient bill of rights.
2	2
3	3	HOUSE OF REPRESENTATIVES H.R. NO. 194
4	4	THIRTY-THIRD LEGISLATURE, 2025
5	5	STATE OF HAWAII
6	6
7	7	HOUSE OF REPRESENTATIVES
8	8
9	9	H.R. NO.
10	10
11	11	194
12	12
13	13	THIRTY-THIRD LEGISLATURE, 2025
14	14
15	15
16	16
17	17	STATE OF HAWAII
18	18
19	19
20	20
21	21
22	22
23	23
24	24
25	25
26	26
27	27
28	28
29	29	HOUSE RESOLUTION
30	30
31	31
32	32
33	33
34	34
35	35	strongly supporting and recommending the implementation of the revised 2025 hawaii patient bill of rights.
36	36
37	37
38	38
39	39
40	40
41	41
42	42
43	43	WHEREAS, Hawaii pioneered employer-supported health insurance through the Prepaid Health Care Act of 1974; however, the State continues to face severe physician, nurse, and dentist shortages, with over thirty-five percent of the population residing in federally designated Health Professional Shortage Areas--the highest percentage in the nation; and WHEREAS, the University of Hawaii Health Research Center found that forty-two percent of surveyed physicians reported patient harm or serious adverse events attributable to prior authorization delays or denials, emphasizing a need for streamlined insurance processes; and WHEREAS, recent increases in claims denials, particularly those driven by automated or artificial intelligence (AI)-based systems, underscore the necessity for greater transparency, specialist review, and patient-friendly appeals mechanisms; and WHEREAS, the original Hawaii Patient Bill of Rights, enacted over twenty-five years ago, now requires substantial updates to address modern challenges, such as AI-driven denials, telehealth accessibility, data-offshoring risks, and persistent network inadequacies on the neighbor islands and in rural areas; and WHEREAS, patients, health care providers, and cybersecurity experts cite the need for robust data protection measures that accommodate legitimate offshoring services while maintaining Health Insurance Portability and Accountability Act-equivalent safeguards, timely breach notifications, and strong enforcement; and WHEREAS, the Insurance Commissioner's office needs expanded authority, resources, and reporting mechanisms to effectively audit, investigate, and sanction noncompliant insurers or billing entities, ensuring consistent and accountable enforcement of patients' rights; and WHEREAS, the Revised 2025 Hawaii Patient Bill of Rights is an essential modernization step that prioritizes patient autonomy, transparent healthcare, timely access, robust data protection, AI accountability, and real enforcement--all while recognizing the practical realities of insurers, providers, and patients in a rapidly evolving healthcare landscape; now, therefore, BE IT RESOLVED by the House of Representatives of the Thirty-third Legislature of the State of Hawaii, Regular Session of 2025, that this body strongly supports and recommends the implementation of the following Revised 2025 Hawaii Patient Bill of Rights: Foreword and Definitions 1. Purpose: This Bill of Rights modernizes patient protections to address AI-based coverage decisions, data security risks, and ongoing provider shortages in Hawaii. 2. Definitions: o AI or Automated Decision System: Any algorithmic or software-based platform that can autonomously generate or recommend coverage determinations without direct human supervision. o HIPAA-equivalent Security: A standard of data protection meeting or exceeding requirements set forth in 45 C.F.R. Parts 160 and 164 (HIPAA Privacy and Security Rules). o Urgent vs. Non-Urgent: Urgent requests are those where delays could seriously jeopardize a patient's health, life, or overall well-being; non-urgent requests include all other prior authorizations not qualifying as urgent. 1. Clear Information Patients must receive clear, written (and, if necessary, translated) explanations from their health insurance plan regarding covered and non-covered services, presented at a reading level understandable to the average enrollee. 2. Provider Directory All insurers must maintain and publicly post an up-to-date, accurate, and easily accessible directory of in-network providers, updated at least quarterly, listing each provider's specialty, languages spoken, telehealth availability, and current patient capacity. 3. Specialist Referrals All patients must be able to obtain timely specialist referrals without undue administrative barriers or delays. Insurers shall clearly communicate referral steps and expedite such referrals in urgent or complex cases. 4. Emergency Care No insurer may deny coverage for legitimate emergency services based on retrospective review. If a patient believes in good faith that their life or health is endangered, they have the right to seek immediate emergency care without facing post-service coverage denials. 5. Explanation of Illness, Options, and Patient Autonomy 5.1 Right to Understand Care: Patients are entitled to a clear explanation of their diagnosis, treatment options (including the option to decline treatment), and potential outcomes or risks from their healthcare provider, ensuring fully informed consent. 5.2 Right to Accept or Decline Treatment: Every mentally competent patient (or as decided by their legal health care proxy) has the right to accept, receive, reject, or discontinue any legal medical care, treatment, or prescribed medication from any legally licensed medical provider, and the right to not have that decision denied, prevented, restricted, or impeded by other persons. 6. Appeals and External Review 6.1 Notice and Forms: Whenever coverage is denied, insurers must provide a universal external review request form and a step-by-step guide (in print or digital form) explaining how to appeal. 6.2 Online FAQ and Hotline: Insurers shall maintain an online FAQ regarding appeals, alongside a toll-free hotline to assist patients. 6.3 Enforcement: The Insurance Commissioner may impose financial penalties or other administrative measures on insurers failing to publicize or comply with state and federal appeals requirements. 7. Network Adequacy, Telehealth, and Rural Access 7.1 Coverage in Shortage Areas: Patients in federally designated Health Professional Shortage Areas must have timely access to primary and specialty care. 7.2 Reporting Requirements: Insurers shall submit quarterly reports detailing provider-to-patient ratios, average wait times, and referral outcomesdisaggregated by region or island. 7.3 Telehealth Provisions: Telehealth services, if legally permissible within a provider's scope of practice, shall be covered at parity with in-person services to mitigate access barriers. 7.4. Prohibition of Burdensome Prior Authorization: Prior authorization procedures in shortage areas must not unduly limit provider productivity or delay critical patient care. 8. Transparent and Timely Prior Authorization 8.1 Turnaround Times: o Urgent Requests: One business day for a decision. o Non-Urgent Requests: Three business days for a decision. 8.2 AI Oversight: o If AI or an automated decision system initiates a denial, that denial must be reviewed and co-signed by a board-certified specialist in the relevant field before being finalized. o Patients and providers shall be notified in writing when AI is used at any stage of the coverage determination. 8.3 Data Tracking: Insurers must compile and submit monthly data on prior authorization approval/denial rates, average processing times, and the percentage of AI-based denials overturned on appeal. 9. Data Protection and Privacy 9.1 HIPAA-equivalent Safeguards: All accredited health plans or billing entities, whether located onshore or offshore, must uphold HIPAA-level security measures when storing or transmitting personally identifiable patient data (including Social Security numbers, medical ID numbers, etc.). 9.2 Offshoring Accountability: o Prior to offshoring data, an entity must file an attestation with the Insurance Commissioner confirming that any overseas subcontractors adhere to encryption, breach notification, audit logging, and confidentiality protocols. o Entities shall undergo random audits or produce security certifications upon request. 9.3 Breach Notification and Penalties: In the event of a suspected or actual data breach, the entity must notify affected patients and the Insurance Commissioner within 72 hours, implementing a corrective action plan. Repeated or willful violations may result in fines, revocation of accreditation, or other sanctions. 10. Enforcement and Oversight 10.1 Authority of the Insurance Commissioner: o Empowered to audit, investigate, and enforce all provisions of this Bill of Rights. o May impose fines, clawbacks, revocation of accreditation, and other appropriate remedies for noncompliance. 10.2 Annual Public Report: o The Insurance Commissioner shall publish an annual report detailing enforcement actions, complaint data, AI usage rates, denial statistics, and any data breaches or security infractions. o The report shall include trend analyses (e.g., median time-to-decision for prior authorizations, telehealth adoption rates, network adequacy improvements). 10.3 Multidisciplinary Advisory Group: o Composed of physicians, cybersecurity experts, patient advocates, telehealth specialists, and others. o Convenes periodically to review compliance, recommend updates, and study emerging issues (e.g., advanced AI, new data-security threats). 11. Anti-Retaliation and Support for Providers 11.1 Anti-Retaliation: Insurers, health plans, or affiliated entities shall not retaliate against providers (e.g., network exclusion or contract termination) for filing formal complaints, submitting testimony, or participating in external reviews concerning the insurer's compliance with this Bill of Rights. 11.2 Technical Assistance: The Insurance Commissioner, in collaboration with the Department of Health, shall explore or establish technical support programs to help smaller or rural practices adopt secure data systems, comply with prior authorization reporting, and integrate telehealth services effectively. 12. Phased Implementation 12.1 Immediate Effect: Provisions related to patient communications (Items 1 to 6), emergency care, and urgent prior authorizations (Item 8.1) shall take effect immediately upon enactment. 12.2 Data Offshoring and AI Protocols: Insurers may have six to twelve months from the date of enactment to fully implement or certify AI oversight processes and offshore data security compliance (excluding Social Security numbers and medical ID numbers, which must be protected immediately). 12.3 Follow-up Review: Within one year of implementation, the Insurance Commissioner shall submit a progress report to the Legislature with recommendations for any further legislative refinements.; and BE IT FURTHER RESOLVED that all insurers, health care providers, and billing entities are strongly encouraged to begin voluntary compliance with these updated patient protections prior to any mandatory deadlines in order to foster a collaborative and smooth transition; and BE IT FURTHER RESOLVED that ongoing stakeholder input will be sought to address outstanding issues, such as payment parity, facility fees, and self-insured plan coverage, which may require additional state or federal action; and BE IT FURTHER RESOLVED that certified copies of this Resolution be transmitted to the Governor, Director of Health, Director of Commerce and Consumer Affairs, and Insurance Commissioner. OFFERED BY: _____________________________
44	44
45	45	WHEREAS, Hawaii pioneered employer-supported health insurance through the Prepaid Health Care Act of 1974; however, the State continues to face severe physician, nurse, and dentist shortages, with over thirty-five percent of the population residing in federally designated Health Professional Shortage Areas--the highest percentage in the nation; and
46	46
47	47
48	48
49	49	WHEREAS, the University of Hawaii Health Research Center found that forty-two percent of surveyed physicians reported patient harm or serious adverse events attributable to prior authorization delays or denials, emphasizing a need for streamlined insurance processes; and
50	50
51	51
52	52
53	53	WHEREAS, recent increases in claims denials, particularly those driven by automated or artificial intelligence (AI)-based systems, underscore the necessity for greater transparency, specialist review, and patient-friendly appeals mechanisms; and
54	54
55	55
56	56
57	57	WHEREAS, the original Hawaii Patient Bill of Rights, enacted over twenty-five years ago, now requires substantial updates to address modern challenges, such as AI-driven denials, telehealth accessibility, data-offshoring risks, and persistent network inadequacies on the neighbor islands and in rural areas; and
58	58
59	59
60	60
61	61	WHEREAS, patients, health care providers, and cybersecurity experts cite the need for robust data protection measures that accommodate legitimate offshoring services while maintaining Health Insurance Portability and Accountability Act-equivalent safeguards, timely breach notifications, and strong enforcement; and
62	62
63	63
64	64
65	65	WHEREAS, the Insurance Commissioner's office needs expanded authority, resources, and reporting mechanisms to effectively audit, investigate, and sanction noncompliant insurers or billing entities, ensuring consistent and accountable enforcement of patients' rights; and
66	66
67	67
68	68
69	69	WHEREAS, the Revised 2025 Hawaii Patient Bill of Rights is an essential modernization step that prioritizes patient autonomy, transparent healthcare, timely access, robust data protection, AI accountability, and real enforcement--all while recognizing the practical realities of insurers, providers, and patients in a rapidly evolving healthcare landscape; now, therefore,
70	70
71	71
72	72
73	73	BE IT RESOLVED by the House of Representatives of the Thirty-third Legislature of the State of Hawaii, Regular Session of 2025, that this body strongly supports and recommends the implementation of the following Revised 2025 Hawaii Patient Bill of Rights:
74	74
75	75
76	76
77	77	Foreword and Definitions
78	78
79	79
80	80
81	81	1. Purpose: This Bill of Rights modernizes patient protections to address AI-based coverage decisions, data security risks, and ongoing provider shortages in Hawaii.
82	82
83	83
84	84
85	85	2. Definitions:
86	86
87	87
88	88
89	89	o AI or Automated Decision System: Any algorithmic or software-based platform that can autonomously generate or recommend coverage determinations without direct human supervision.
90	90
91	91	o HIPAA-equivalent Security: A standard of data protection meeting or exceeding requirements set forth in 45 C.F.R. Parts 160 and 164 (HIPAA Privacy and Security Rules).
92	92
93	93	o Urgent vs. Non-Urgent: Urgent requests are those where delays could seriously jeopardize a patient's health, life, or overall well-being; non-urgent requests include all other prior authorizations not qualifying as urgent.
94	94
95	95
96	96
97	97
98	98
99	99
100	100
101	101	1. Clear Information
102	102
103	103
104	104
105	105	Patients must receive clear, written (and, if necessary, translated) explanations from their health insurance plan regarding covered and non-covered services, presented at a reading level understandable to the average enrollee.
106	106
107	107
108	108
109	109
110	110
111	111
112	112
113	113	2. Provider Directory
114	114
115	115
116	116
117	117	All insurers must maintain and publicly post an up-to-date, accurate, and easily accessible directory of in-network providers, updated at least quarterly, listing each provider's specialty, languages spoken, telehealth availability, and current patient capacity.
118	118
119	119
120	120
121	121
122	122
123	123
124	124
125	125	3. Specialist Referrals
126	126
127	127
128	128
129	129	All patients must be able to obtain timely specialist referrals without undue administrative barriers or delays. Insurers shall clearly communicate referral steps and expedite such referrals in urgent or complex cases.
130	130
131	131
132	132
133	133
134	134
135	135
136	136
137	137	4. Emergency Care
138	138
139	139
140	140
141	141	No insurer may deny coverage for legitimate emergency services based on retrospective review. If a patient believes in good faith that their life or health is endangered, they have the right to seek immediate emergency care without facing post-service coverage denials.
142	142
143	143
144	144
145	145
146	146
147	147
148	148
149	149	5. Explanation of Illness, Options, and Patient Autonomy
150	150
151	151
152	152
153	153	5.1 Right to Understand Care: Patients are entitled to a clear explanation of their diagnosis, treatment options (including the option to decline treatment), and potential outcomes or risks from their healthcare provider, ensuring fully informed consent.
154	154
155	155
156	156
157	157	5.2 Right to Accept or Decline Treatment: Every mentally competent patient (or as decided by their legal health care proxy) has the right to accept, receive, reject, or discontinue any legal medical care, treatment, or prescribed medication from any legally licensed medical provider, and the right to not have that decision denied, prevented, restricted, or impeded by other persons.
158	158
159	159
160	160
161	161
162	162
163	163
164	164
165	165	6. Appeals and External Review
166	166
167	167
168	168
169	169	6.1 Notice and Forms: Whenever coverage is denied, insurers must provide a universal external review request form and a step-by-step guide (in print or digital form) explaining how to appeal.
170	170
171	171
172	172
173	173	6.2 Online FAQ and Hotline: Insurers shall maintain an online FAQ regarding appeals, alongside a toll-free hotline to assist patients.
174	174
175	175
176	176
177	177	6.3 Enforcement: The Insurance Commissioner may impose financial penalties or other administrative measures on insurers failing to publicize or comply with state and federal appeals requirements.
178	178
179	179
180	180
181	181
182	182
183	183
184	184
185	185	7. Network Adequacy, Telehealth, and Rural Access
186	186
187	187
188	188
189	189	7.1 Coverage in Shortage Areas: Patients in federally designated Health Professional Shortage Areas must have timely access to primary and specialty care.
190	190
191	191
192	192
193	193	7.2 Reporting Requirements: Insurers shall submit quarterly reports detailing provider-to-patient ratios, average wait times, and referral outcomesdisaggregated by region or island.
194	194
195	195
196	196
197	197	7.3 Telehealth Provisions: Telehealth services, if legally permissible within a provider's scope of practice, shall be covered at parity with in-person services to mitigate access barriers.
198	198
199	199
200	200
201	201	7.4. Prohibition of Burdensome Prior Authorization: Prior authorization procedures in shortage areas must not unduly limit provider productivity or delay critical patient care.
202	202
203	203
204	204
205	205
206	206
207	207
208	208
209	209	8. Transparent and Timely Prior Authorization
210	210
211	211
212	212
213	213	8.1 Turnaround Times:
214	214
215	215
216	216
217	217	o Urgent Requests: One business day for a decision.
218	218
219	219	o Non-Urgent Requests: Three business days for a decision.
220	220
221	221
222	222
223	223	8.2 AI Oversight:
224	224
225	225
226	226
227	227	o If AI or an automated decision system initiates a denial, that denial must be reviewed and co-signed by a board-certified specialist in the relevant field before being finalized.
228	228
229	229	o Patients and providers shall be notified in writing when AI is used at any stage of the coverage determination.
230	230
231	231
232	232
233	233	8.3 Data Tracking: Insurers must compile and submit monthly data on prior authorization approval/denial rates, average processing times, and the percentage of AI-based denials overturned on appeal.
234	234
235	235
236	236
237	237
238	238
239	239
240	240
241	241	9. Data Protection and Privacy
242	242
243	243
244	244
245	245	9.1 HIPAA-equivalent Safeguards: All accredited health plans or billing entities, whether located onshore or offshore, must uphold HIPAA-level security measures when storing or transmitting personally identifiable patient data (including Social Security numbers, medical ID numbers, etc.).
246	246
247	247
248	248
249	249	9.2 Offshoring Accountability:
250	250
251	251	o Prior to offshoring data, an entity must file an attestation with the Insurance Commissioner confirming that any overseas subcontractors adhere to encryption, breach notification, audit logging, and confidentiality protocols.
252	252
253	253	o Entities shall undergo random audits or produce security certifications upon request.
254	254
255	255
256	256
257	257	9.3 Breach Notification and Penalties: In the event of a suspected or actual data breach, the entity must notify affected patients and the Insurance Commissioner within 72 hours, implementing a corrective action plan. Repeated or willful violations may result in fines, revocation of accreditation, or other sanctions.
258	258
259	259
260	260
261	261
262	262
263	263
264	264
265	265	10. Enforcement and Oversight
266	266
267	267
268	268
269	269	10.1 Authority of the Insurance Commissioner:
270	270
271	271	o Empowered to audit, investigate, and enforce all provisions of this Bill of Rights.
272	272
273	273	o May impose fines, clawbacks, revocation of accreditation, and other appropriate remedies for noncompliance.
274	274
275	275
276	276
277	277	10.2 Annual Public Report:
278	278
279	279	o The Insurance Commissioner shall publish an annual report detailing enforcement actions, complaint data, AI usage rates, denial statistics, and any data breaches or security infractions.
280	280
281	281	o The report shall include trend analyses (e.g., median time-to-decision for prior authorizations, telehealth adoption rates, network adequacy improvements).
282	282
283	283
284	284
285	285	10.3 Multidisciplinary Advisory Group:
286	286
287	287	o Composed of physicians, cybersecurity experts, patient advocates, telehealth specialists, and others.
288	288
289	289	o Convenes periodically to review compliance, recommend updates, and study emerging issues (e.g., advanced AI, new data-security threats).
290	290
291	291
292	292
293	293
294	294
295	295
296	296
297	297	11. Anti-Retaliation and Support for Providers
298	298
299	299
300	300
301	301	11.1 Anti-Retaliation: Insurers, health plans, or affiliated entities shall not retaliate against providers (e.g., network exclusion or contract termination) for filing formal complaints, submitting testimony, or participating in external reviews concerning the insurer's compliance with this Bill of Rights.
302	302
303	303
304	304
305	305	11.2 Technical Assistance: The Insurance Commissioner, in collaboration with the Department of Health, shall explore or establish technical support programs to help smaller or rural practices adopt secure data systems, comply with prior authorization reporting, and integrate telehealth services effectively.
306	306
307	307
308	308
309	309
310	310
311	311
312	312
313	313	12. Phased Implementation
314	314
315	315
316	316
317	317	12.1 Immediate Effect: Provisions related to patient communications (Items 1 to 6), emergency care, and urgent prior authorizations (Item 8.1) shall take effect immediately upon enactment.
318	318
319	319
320	320
321	321	12.2 Data Offshoring and AI Protocols: Insurers may have six to twelve months from the date of enactment to fully implement or certify AI oversight processes and offshore data security compliance (excluding Social Security numbers and medical ID numbers, which must be protected immediately).
322	322
323	323
324	324
325	325	12.3 Follow-up Review: Within one year of implementation, the Insurance Commissioner shall submit a progress report to the Legislature with recommendations for any further legislative refinements.; and
326	326
327	327
328	328
329	329	BE IT FURTHER RESOLVED that all insurers, health care providers, and billing entities are strongly encouraged to begin voluntary compliance with these updated patient protections prior to any mandatory deadlines in order to foster a collaborative and smooth transition; and
330	330
331	331
332	332
333	333	BE IT FURTHER RESOLVED that ongoing stakeholder input will be sought to address outstanding issues, such as payment parity, facility fees, and self-insured plan coverage, which may require additional state or federal action; and
334	334
335	335
336	336
337	337	BE IT FURTHER RESOLVED that certified copies of this Resolution be transmitted to the Governor, Director of Health, Director of Commerce and Consumer Affairs, and Insurance Commissioner.
338	338
339	339
340	340
341	341
342	342
343	343
344	344
345	345	OFFERED BY: _____________________________
346	346
347	347
348	348
349	349	OFFERED BY:
350	350
351	351	_____________________________
352	352
353	353
354	354
355	355
356	356
357	357
358	358
359	359	Report Title: Revised 2025 Hawaii Patient Bill of Rights
360	360
361	361	Report Title:
362	362
363	363	Revised 2025 Hawaii Patient Bill of Rights