Florida Statutes 408.051 – Florida Electronic Health Records Exchange Act
Current as of: 2023 | Check for updates
|
Other versions
(1) SHORT TITLE.–This section may be cited as the “Florida Electronic Health Records Exchange Act.”
(2) DEFINITIONS.–As used in this section, the term:
(a) “Certified electronic health record technology” means a qualified electronic health record that is certified pursuant to s. 3001(c)(5) of the Public Health Service Act as meeting standards adopted under s. 3004 of such act which are applicable to the type of record involved, such as an ambulatory electronic health record for office-based physicians or an inpatient hospital electronic health record for hospitals.
Terms Used In Florida Statutes 408.051
- Accepted: means that the agency has found that a report or data submitted by a health care facility or a health care provider contains all schedules and data required by the agency and has been prepared in the format specified by the agency, and otherwise conforms to applicable rule or Florida Hospital Uniform Reporting System manual requirements regarding reports in effect at the time such report was submitted, and the data are mathematically reasonable and accurate. See Florida Statutes 408.07
- Agency: means the Agency for Health Care Administration. See Florida Statutes 408.07
- Common law: The legal system that originated in England and is now in use in the United States. It is based on judicial decisions rather than legislative action.
- Continuing care facility: means a facility licensed under chapter 651. See Florida Statutes 408.07
- Damages: Money paid by defendants to successful plaintiffs in civil cases to compensate the plaintiffs for their injuries.
- Guardian: A person legally empowered and charged with the duty of taking care of and managing the property of another person who because of age, intellect, or health, is incapable of managing his (her) own affairs.
- Health care facility: means an ambulatory surgical center, a hospice, a nursing home, a hospital, a diagnostic-imaging center, a freestanding or hospital-based therapy center, a clinical laboratory, a home health agency, a cardiac catheterization laboratory, a medical equipment supplier, an alcohol or chemical dependency treatment center, a physical rehabilitation center, a lithotripsy center, an ambulatory care center, a birth center, or a nursing home component licensed under chapter 400 within a continuing care facility licensed under chapter 651. See Florida Statutes 408.07
- Health care provider: means a health care professional licensed under chapter 458, chapter 459, chapter 460, chapter 461, chapter 463, chapter 464, chapter 465, chapter 466, part I, part III, part IV, part V, or part X of chapter 468, chapter 483, chapter 484, chapter 486, chapter 490, or chapter 491. See Florida Statutes 408.07
- Hospital: means a health care institution licensed by the Agency for Health Care Administration as a hospital under chapter 395. See Florida Statutes 408.07
- minor: includes any person who has not attained the age of 18 years. See Florida Statutes 1.01
- person: includes individuals, children, firms, associations, joint adventures, partnerships, estates, trusts, business trusts, syndicates, fiduciaries, corporations, and all other groups or combinations. See Florida Statutes 1.01
- Power of attorney: A written instrument which authorizes one person to act as another's agent or attorney. The power of attorney may be for a definite, specific act, or it may be general in nature. The terms of the written power of attorney may specify when it will expire. If not, the power of attorney usually expires when the person granting it dies. Source: OCC
(b) “Cloud computing” has the same meaning as in s. 282.0041.
(c) “Electronic health record” means a record of a person‘s medical treatment which is created by a licensed health care provider and stored in an interoperable and accessible digital format.
(d) “Health care provider” means any of the following:
1. A provider as defined in s. 408.803.
2. A health care practitioner as defined in s. 456.001.
3. A health care professional certified under part IV of chapter 468.
4. A home health aide as defined in s. 400.462.
5. A service provider as defined in s. 394.455 and the service provider’s clinical and nonclinical staff who provide inpatient or outpatient services.
6. A continuing care facility licensed under chapter 651.
7. A pharmacy permitted under chapter 465.
(e) “Health record” means any information, recorded in any form or medium, which relates to the past, present, or future health of an individual for the primary purpose of providing health care and health-related services.
(f) “Identifiable health record” means any health record that identifies the patient or with respect to which there is a reasonable basis to believe the information can be used to identify the patient.
(g) “Patient” means an individual who has sought, is seeking, is undergoing, or has undergone care or treatment in a health care facility or by a health care provider.
(h) “Patient representative” means a parent of a minor patient, a court-appointed guardian for the patient, a health care surrogate, or a person holding a power of attorney or notarized consent appropriately executed by the patient granting permission to a health care facility or health care provider to disclose the patient’s health care information to that person. In the case of a deceased patient, the term also means the personal representative of the estate of the deceased patient; the deceased patient’s surviving spouse, surviving parent, or surviving adult child; the parent or guardian of a surviving minor child of the deceased patient; the attorney for the patient’s surviving spouse, parent, or adult child; or the attorney for the parent or guardian of a surviving minor child.
(i) “Qualified electronic health record” means an electronic record of health-related information concerning an individual which includes patient demographic and clinical health information, such as medical history and problem lists, and which has the capacity to provide clinical decision support, to support physician order entry, to capture and query information relevant to health care quality, and to exchange electronic health information with, and integrate such information from, other sources.
(3) SECURITY AND STORAGE OF PERSONAL MEDICAL INFORMATION.–In addition to the requirements in 45 C.F.R. part 160 and subparts A and C of part 164, a health care provider that utilizes certified electronic health record technology must ensure that all patient information stored in an offsite physical or virtual environment, including through a third-party or subcontracted computing facility or an entity providing cloud computing services, is physically maintained in the continental United States or its territories or Canada. This subsection applies to all qualified electronic health records that are stored using any technology that can allow information to be electronically retrieved, accessed, or transmitted.
(4) EMERGENCY RELEASE OF IDENTIFIABLE HEALTH RECORD.–A health care provider may release or access an identifiable health record of a patient without the patient’s consent for use in the treatment of the patient for an emergency medical condition, as defined in s. 395.002(8), when the health care provider is unable to obtain the patient’s consent or the consent of the patient representative due to the patient’s condition or the nature of the situation requiring immediate medical attention. A health care provider who in good faith releases or accesses an identifiable health record of a patient in any form or medium under this subsection is immune from civil liability for accessing or releasing an identifiable health record.
(5) UNIVERSAL PATIENT AUTHORIZATION FORM.–
(a) By July 1, 2010, the agency shall develop forms in both paper and electronic formats which may be used by a health care provider to document patient authorization for the use or release, in any form or medium, of an identifiable health record.
(b) The agency shall adopt by rule the authorization form and accompanying instructions and make the authorization form available on the agency’s website, pursuant to s. 408.05.
(c) A health care provider receiving an authorization form containing a request for the release of an identifiable health record shall accept the form as a valid authorization to release an identifiable health record. A health care provider may elect to accept the authorization form in either electronic or paper format or both. The individual or entity that submits the authorization form containing a request for the release of an identifiable health record shall determine which format is accepted by the health care provider prior to submitting the form.
(d) An individual or entity that submits a request for an identifiable health record is not required under this section to use the authorization form adopted and distributed by the agency.
(e) The exchange by a health care provider of an identifiable health record upon receipt of an authorization form completed and submitted in accordance with agency instructions creates a rebuttable presumption that the release of the identifiable health record was appropriate. A health care provider that releases an identifiable health record in reliance on the information provided to the health care provider on a properly completed authorization form does not violate any right of confidentiality and is immune from civil liability for accessing or releasing an identifiable health record under this subsection.
(f) A health care provider that exchanges an identifiable health record upon receipt of an authorization form shall not be deemed to have violated or waived any privilege protected under the statutory or common law of this state.
(6) PENALTIES.–A person who does any of the following may be liable to the patient or a health care provider that has released an identifiable health record in reliance on an authorization form presented to the health care provider by the person for compensatory damages caused by an unauthorized release, plus reasonable attorney’s fees and costs:
(a) Forges a signature on an authorization form or materially alters the authorization form of another person without the person’s authorization; or
(b) Obtains an authorization form or an identifiable health record of another person under false pretenses.