SLS 14RS-597 ORIGINAL
Page 1 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
Regular Session, 2014
SENATE BILL NO. 259
BY SENATOR JOHNS
HEALTH CARE. Provides relative to Louisiana health care consumers' right to know.
(8/1/14)
AN ACT1
To amend and reenact R.S. 40:1300.111 through 1300.114 and to enact R.S. 40:1300.1152
and 1300.116, relative to Louisiana health care consumers' right to know; to provide3
for legislative findings; to provide for powers and duties of the department; to4
provide for the Health Data Panel; to provide for the release of certain information;5
to provide for data use agreements; to provide for penalties for violations; and to6
provide for related matters.7
Be it enacted by the Legislature of Louisiana:8
Section 1. R.S. 40:1300.111 through 1300.114 are hereby amended and reenacted9
and R.S. 40:1300.115 and 1300.116 are hereby enacted to read as follows:10
§1300.111. Findings11
The legislature finds that as a result of rising health care costs, the shortage12
of health professionals and health care services in many areas of the state, and the13
concerns expressed by consumers, health care providers, third-party payers, and14
others involved with making informed decisions regarding health care services,15
treatment, and coverage, there is a need to have access to provider specific health16
care cost, quality, and outcome data on health care facilities, health care providers,17 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 2 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
and health plans as well as continued access to global patterns and trends in the1
availability, use, and charges for health care services and the associated health2
circumstances.3
The legislature further finds that as a result of the rapidly expanding4
availability and access to patient sensitive health care data, the citizens of5
Louisiana deserve protection of their patient encounter data to the greatest6
extent possible relative to health care data reporting and dissemination of7
protected health information datasets for use in research projects intended to8
improve the population health of Louisiana's citizens.9
§1300.112. Data collection; powers and duties of the Department of Health and10
Hospitals11
The Department of Health and Hospitals, in consultation with the Health Data12
Panel, shall:13
(1) Identify and define the health care cost, quality, and performance data14
elements to be reported to the Department of Health and Hospitals in accordance15
with existing national and international data standards for consumers' meaningful16
comparison of costs for specific health care services and specific quality of care17
measures between and among medical facilities, health care providers, and health18
plans.19
(2) Develop standards of accuracy, quality, timeliness, economy, and20
efficiency for the provision of data.21
(3) Identify the most practical methods to collect, transmit, and share22
required health care data as described in this Part.23
(4) Utilize, wherever practical, existing administrative data bases, and24
modalities of data collection to provide the required data.25
(5) Ensure confidentiality of patients by enforcing appropriate rules and26
regulations at least as stringent as those regulations applicable to covered entities27
promulgated under the Health Insurance Portability and Accountability Act privacy28
regulations, 42 CFR Part 164.29 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 3 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
(6) Maintain the computerized database of consumer's personal health1
information in a secure environment in compliance with federal laws ensuring2
the security of the system containing such data. In the event of a data breach3
or suspected data breach, the Department of Health and Hospitals shall within4
thirty days notify any resident of the state whose personal information was, or5
is reasonably believed to have been, acquired by an unauthorized person.6
(7) Coordinate with the Louisiana Department of Insurance on all matters of7
health plan cost, quality, and performance data to be collected from health plans8
licensed to offer health insurance coverage in Louisiana. Such data shall exclude9
premium data and information related to the development of premiums.10
(7)(8) Include appropriate risk-adjustment measures into the production of11
all health care cost, quality, and performance data issued to account for variation in12
facility size, location, and patient acuity levels.13
(8)(9) Provide the process for Internet publication of provider and health plan14
specific cost, quality, and performance data collected pursuant to this Part for access15
and use by a consumer or requesting entity.16
(9)(10) Ensure that data released pursuant to this Part shall not include any17
identifier which is listed in 45 CFR 164.514(b) as being necessary to be removed in18
order for the data to be de-identified within the meaning of 45 CFR 164.514(a).19
(10)(11) Promulgate rules and regulations, in accordance with the20
Administrative Procedure Act, to carry out the provisions of this Part.21
(11)(12) Implement the initial phase of the Internet website created pursuant22
to this Part on or before April 30, 2009.23
(12)(13) In the event that sufficient funds are not appropriated to implement24
this Part, to include the collection, storage, analysis, and dissemination of data to25
participating agencies, organizations, and the general public, the application and26
enforcement of this Part shall be suspended pending the appropriation of sufficient27
funds, and all accumulated health care data shall be stored with appropriate28
confidentiality safeguards, destroyed, or transferred to another appropriate agency29 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 4 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
or organization in accordance with state law.1
§1300.113. Health Data Panel; advisory council to the secretary of the Department2
of Health and Hospitals3
A. The Department of Health and Hospitals shall create the Health Data4
Panel. The purpose of the Health Data Panel shall be to make recommendations to5
the secretary of the Department of Health and Hospitals for the implementation of6
the requirements of this Part. The Health Data Panel shall consider the provisions set7
forth in R.S. 40:1300.112.8
B. Members of the Health Data Panel shall be appointed by the secretary and9
shall represent all interests involved in the collection and publication of provider and10
health plan specific cost, quality, and performance data elements. Members shall11
include but not be limited to health care purchasers, hospitals and other service12
providers, consumer and patient advocacy groups, quality improvement and health13
information technology groups, physicians, and any other individuals or groups as14
deemed necessary by the secretary.15
C. The Health Data Panel shall consider the provisions set forth in R.S.16
40:1300.112. Changes to the mandatory health care data elements or the17
methodology by which data shall be reported by health care providers and18
health plans to the Department of Health and Hospitals shall be approved by19
a majority vote of the members of the Health Data Panel and promulgated by20
a rule in accordance with the Administrative Procedure Act by the Department21
of Health and Hospitals.22
D. The secretary or his designee shall serve as the chairman of the meetings23
of the Health Data Panel. The secretary shall convene meetings of the Health24
Data Panel on an annual basis and as needed to fulfill the provisions of this25
Part. The secretary may shall use the recommendations of the Health Data Panel to26
fulfill the Department of Health and Hospitals' responsibilities as set forth in this27
Part.28
D. E. Members of the Health Data Panel shall serve without compensation.29 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 5 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
§1300.114. Release of information1
A. Notwithstanding any other provision of the law to the contrary, data2
collected pursuant to this Part may be disclosed for research purposes but only3
under the following circumstances:4
(1) The requesting entity is recognized as a health care research5
organization, focused on the improvement of healthcare outcomes through6
education and community engagement.7
(2) The data sought to be used for research qualifies as de-identified8
personal health information as defined in 45 CFR 164.514.9
B.(1) All requests for data shall be submitted to Department of Health10
and Hospitals, then reviewed and approved by a majority vote of the Health11
Data Panel.12
(2) The data request shall include:13
(a) A description of the requesting entity, including its ownership14
structure.15
(b) Rationale for the study or data use.16
(c) A summary of the project or study plan, including a project timeline,17
definition of project scope, and justification for the particular fields and records18
necessary for the project or study.19
(d) Signed data use agreement pursuant to R.S. 40:1300.115 by the20
requesting entity and any subcontractors.21
(e) Affirmation that the data requesting entity shall destroy all data in22
its entirety upon completion of the research project.23
§1300.115. Data use agreement24
The Department of Health and Hospitals shall enter into a data use25
agreement outlining the permitted uses and disclosures of the de-identified26
personal health information. The agreement shall include at a minimum the27
following:28
(1) A description of the requesting entity, including its ownership29 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 6 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
structure.1
(2) Rationale for the study or data use.2
(3) A summary of the project or study plan, including a project timeline,3
definition of project scope, and justification for the particular fields and records4
necessary for the project or study.5
(4) Identify all parties who may use or receive the information and6
prohibit any recipient from using or further disclosing the data, except as7
permitted by the agreement.8
(5) Include an affirmation that data shall be used only for the stated9
purpose, and that no attempts shall be made to combine data provided for in the10
request with other data to identify confidential information.11
(6) Require the recipient to use and demonstrate that appropriate12
safeguards are in place to prevent the use or disclosure of data that is not13
permitted by the agreement.14
(7) Require the recipient to report to the Department of Health and15
Hospitals any unauthorized use or disclosure of data.16
(8) Require the recipient to ensure that any agents, including17
subcontractors to whom it provides the information, agree to the data use18
restrictions.19
(9) Detail the method by which the data will be destroyed after the20
qualifying research project is completed.21
(10) Signed by the requesting health care research entity and any22
subcontractors. Any future subcontractors shall be disclosed and approved by23
the Department of Health and Hospitals.24
(11) Prohibit the recipient from identifying the information or contacting25
the individuals.26
§1300.114 116. Violations; penalties27
A. All state agencies and health professional licensing, certification, or28
registration boards and commissions, which collect, maintain, or distribute health29 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 7 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
data, shall provide to the Department of Health and Hospitals such data as are1
necessary for the department to carry out its responsibilities as defined in this Part.2
B. All health care providers licensed by the state, including but not limited3
to hospitals, outpatient surgical facilities, and outpatient clinical facilities shall4
submit information in the manner and form prescribed in rules and regulations5
promulgated by the Department of Health and Hospitals pursuant to this Part.6
C. Any person, firm, corporation, organization, or institution that violates any7
of the provisions of this Part or any rules and regulations promulgated thereunder8
regarding patient confidentiality of information shall be guilty of a misdemeanor and9
upon conviction thereof shall be punished by a fine of not less than five hundred10
dollars nor more than one thousand dollars or by imprisonment not exceeding one11
month, or both. Each day of the violation shall constitute a separate offense.12
D. Any person, firm, corporation, organization, or institution knowingly13
violating any of the provisions of this Part or any rules and regulations promulgated14
thereunder shall be guilty of a misdemeanor and upon a plea of guilty, a plea of nolo15
contendere or conviction, shall be punished by a fine of not more than one thousand16
dollars.17
E. Renewal of state licenses issued by the Department of Health and18
Hospitals, Department of Insurance or health professional licensing, certification, or19
registration boards and commissions shall be predicated in part on compliance with20
data reporting requirements of this Part and rules and regulations promulgated21
thereunder. Prior to relicensing, the secretary of the Department of Health and22
Hospitals shall confirm compliance with data reporting requirements in writing to23
the appropriate permitting or licensing authority. The permit, certification, or license24
of any health care provider, health plan, or facility covered by this Part shall be25
suspended until such time as the required data is submitted to the Department of26
Health and Hospitals.27 SB NO. 259
SLS 14RS-597 ORIGINAL
Page 8 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
The original instrument and the following digest, which constitutes no part
of the legislative instrument, were prepared by Christopher D. Adams.
DIGEST
Johns (SB 259)
Present law provides for the health care consumers' right to know.
Proposed law adds to the legislative findings to find that as a result of the rapidly expanding
availability and access to patient sensitive health care data, the citizens of Louisiana deserve
protection of their patient encounter data to the greatest extent possible relative to health care
data reporting and dissemination of protected health information datasets for use in research
projects intended to improve the population health of Louisiana's citizens.
Proposed law amends present law to include to that the Department of Health and Hospitals
(the department), in consultation with the Health Data Panel, shall maintain the
computerized database of consumer's personal health information in a secure environment
in compliance with federal laws ensuring the security of the system containing such data.
Further, in the event of a data breach or suspected data breach, the department shall within
30 days notify any resident of the state whose personal information was, or is reasonably
believed to have been, acquired by an unauthorized person.
Present law provides the department shall create the Health Data Panel, and the purpose of
the Health Data Panel shall be to make recommendations to the secretary of the department
for the implementation of the requirements of present law. Present law provides the Health
Data Panel shall consider the provisions set forth in present law.
Proposed law amends present law and removes the provision that provides the Health Data
Panel shall consider the provisions set forth in present law.
Present law provides members of the Health Data Panel shall be appointed by the secretary
and shall represent all interests involved in the collection and publication of provider and
health plan specific cost, quality, and performance data elements. Further, members shall
include but not be limited to health care purchasers, hospitals and other service providers,
consumer and patient advocacy groups, quality improvement and health information
technology groups, physicians, and any other individuals or groups as deemed necessary by
the secretary.
Proposed law provides the Health Data Panel shall consider the provisions set forth in
present law. Further provides that changes to the mandatory health care data elements or the
methodology by which data shall be reported by health care providers and health plans to
the department shall be approved by a majority vote of the members of the Health Data
Panel and promulgated by a rule in accordance with the Administrative Procedure Act by
the department.
Present law provides the secretary or his designee shall serve as the chairman of the
meetings of the Health Data Panel. Further, the secretary may use the recommendations of
the Health Data Panel to fulfill the department's responsibilities as set forth in present law.
Proposed law provides the secretary or his designee shall serve as the chairman of the
meetings of the Health Data Panel. The secretary shall convene meetings of the Health Data
Panel on an annual basis and as needed to fulfill the provisions of present law. Further, the
secretary shall use the recommendations of the Health Data Panel to fulfill the department's
responsibilities as set forth in present law.
Proposed law provides data collected pursuant to present law may be disclosed for research
purposes but only under the following circumstances: SB NO. 259
SLS 14RS-597 ORIGINAL
Page 9 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
(1)The requesting entity is recognized as a health care research organization, focused
on the improvement of healthcare outcomes through education and community
engagement.
(2)The data sought to be used for research qualifies a de-identified personal health
information as defined in 45 CFR 164.514.
Proposed law provides all requests for data shall be submitted to the department, then
reviewed and approved by a majority vote of the Health Data Panel.
Proposed law provides the data request shall include:
(1)A description of the requesting entity, including its ownership structure.
(2)Rationale for the study or data use.
(3)A summary of the project or study plan, including a project timeline, definition of
project scope, and justification for the particular fields and records necessary for the
project or study.
(4)Signed data use agreement pursuant to present law by the requesting entity and any
subcontractors.
(5)Affirmation that the data requesting entity shall destroy all data in its entirety upon
completion of the research project.
Proposed law provides the department shall enter into a data use agreement outlining the
permitted uses and disclosures of the de-identified personal health information. The
agreement shall include at a minimum the following:
(1)A description of the requesting entity, including its ownership structure.
(2)Rationale for the study or data use.
(3)A summary of the project or study plan, including a project timeline, definition of
project scope, and justification for the particular fields and records necessary for the
project or study.
(4)Identify all parties who may use or receive the information and prohibit any recipient
from using or further disclosing the data, except as permitted by the agreement.
(5)Include an affirmation that data shall be used only for the stated purpose, and that no
attempts shall be made to combine data provided for in the request with other data
to identify confidential information.
(6)Require the recipient to use and demonstrate that appropriate safeguards are in place
to prevent the use or disclosure of data that is not permitted by the agreement.
(7)Require the recipient to report to the department any unauthorized use or disclosure
of data.
(8)Require the recipient to ensure that any agents, including subcontractors to whom it
provides the information, agree to the data use restrictions.
(9)Detail the method by which the data will be destroyed after the qualifying research
project is completed.
(10)Signed by the requesting health care research entity and any subcontractors. Any SB NO. 259
SLS 14RS-597 ORIGINAL
Page 10 of 10
Coding: Words which are struck through are deletions from existing law;
words in boldface type and underscored are additions.
future subcontractors shall be disclosed and approved by the department.
(11)Prohibit the recipient from identifying the information or contacting the individuals.
Effective August 1, 2014.
(Amends R.S. 40:1300.111-1300.114; adds R.S. 40:1300.115 and 1300.116)