1. The board shall implement industry-accepted security standards, policies, and procedures to protect the transmission and receipt of protected health information exchanged through the Iowa health information network, which shall, at a minimum, comply with HIPAA and shall include all of the following:

 a. A secure and traceable electronic audit system to document and monitor the sender and recipient of health information exchanged through the Iowa health information network.
 b. A required standard participation agreement which defines the minimum privacy and security obligations of all participants using the Iowa health information network and services available through the Iowa health information network.
 c. The opportunity for a patient to decline exchange of the patient’s health information through the record locator service of the Iowa health information network.

 (1) A patient shall not be denied care or treatment for declining to exchange the patient’s health information, in whole or in part, through the network.
 (2) The board shall provide the means and process by which a patient may decline participation. The means and process utilized shall minimize the burden on patients and health care professionals.
 (3) Unless otherwise authorized by law or rule, a patient’s decision to decline participation means that none of the patient’s health information shall be accessible through the record locator service function of the Iowa health information network. A patient’s decision to decline having health information shared through the record locator service function shall not limit a health care professional with whom the patient has or is considering a treatment relationship from sharing health information concerning the patient through the secure messaging function of the Iowa health information network.
 (4) A patient who declines participation in the Iowa health information network may later decide to have health information shared through the network. A patient who is participating in the network may later decline participation in the network.

Terms Used In Iowa Code 135D.7

  • board: means the entity that governs and administers the Iowa health information network. See Iowa Code 135D.2
  • Care coordination: means the management of all aspects of a patient's care to improve health care quality. See Iowa Code 135D.2
  • Damages: Money paid by defendants to successful plaintiffs in civil cases to compensate the plaintiffs for their injuries.
  • Designated entity: means the nonprofit corporation designated by the department through a competitive process as the entity responsible for administering and governing the Iowa health information network. See Iowa Code 135D.2
  • Equitable: Pertaining to civil suits in "equity" rather than in "law." In English legal history, the courts of "law" could order the payment of damages and could afford no other remedy. See damages. A separate court of "equity" could order someone to do something or to cease to do something. See, e.g., injunction. In American jurisprudence, the federal courts have both legal and equitable power, but the distinction is still an important one. For example, a trial by jury is normally available in "law" cases but not in "equity" cases. Source: U.S. Courts
  • Exchange: means the authorized electronic sharing of health information between health care professionals, payors, consumers, public health agencies, the designated entity, the department, and other authorized participants utilizing the Iowa health information network and Iowa health information network services. See Iowa Code 135D.2
  • following: when used by way of reference to a chapter or other part of a statute mean the next preceding or next following chapter or other part. See Iowa Code 4.1
  • Health care professional: means a person who is licensed, certified, or otherwise authorized or permitted by the law of this state to administer health care in the ordinary course of business or in the practice of a profession. See Iowa Code 135D.2
  • Health information: means health information as defined in 45 C. See Iowa Code 135D.2
  • HIPAA: means the federal Health Insurance Portability and Accountability Act of 1996, Pub. See Iowa Code 135D.2
  • License: means a license issued by the state under this chapter to a hearing aid specialist. See Iowa Code 154A.1
  • network: means the statewide health information technology network that is the sole statewide network for Iowa pursuant to this chapter. See Iowa Code 135D.2
  • Participant: means an authorized health care professional, payor, patient, health care organization, public health agency, or the department that has agreed to authorize, submit, access, or disclose health information through the Iowa health information network in accordance with this chapter and all applicable laws, rules, agreements, policies, and standards. See Iowa Code 135D.2
  • Patient: means a person who has received or is receiving health services from a health care professional. See Iowa Code 135D.2
  • Person: means a natural person. See Iowa Code 154A.1
  • Public health activities: means actions taken by a participant in its capacity as a public health authority under the Health Insurance Portability and Accountability Act or as required or permitted by other federal or state law. See Iowa Code 135D.2
  • Record locator service: means the functionality of the Iowa health information network that queries data sources to locate and identify potential patient records. See Iowa Code 135D.2
  • Rule: includes "regulation". See Iowa Code 4.1
  • State: means a state, territory, or possession of the United States, the District of Columbia, or the Commonwealth of Puerto Rico. See Iowa Code 152E.3
  • Subpoena: A command to a witness to appear and give testimony.
 2. A participant shall not be compelled by subpoena, court order, or other process of law to access health information through the Iowa health information network in order to gather records or information not created by the participant.
 3. A participant exchanging health information and data through the Iowa health information network shall grant to other participants of the network a nonexclusive license to retrieve and use that information in accordance with applicable state and federal laws, and the policies and standards established by the board.
 4. A health care professional who relies reasonably and in good faith upon any health information provided through the Iowa health information network in treatment of a patient who is the subject of the health information shall be immune from criminal or civil liability arising from the damages caused by such reasonable, good-faith reliance. Such immunity shall not apply to acts or omissions constituting negligence, recklessness, or intentional misconduct.
 5. A participant who has disclosed health information through the Iowa health information network in compliance with applicable law and the standards, requirements, policies, procedures, and agreements of the network shall not be subject to criminal or civil liability for the use or disclosure of the health information by another participant.
 6. The following records shall be confidential records pursuant to chapter 22, unless otherwise ordered by a court or consented to by the patient or by a person duly authorized to release such information:

 a. The health information contained in, stored in, submitted to, transferred or exchanged by, or released from the Iowa health information network.
 b. Any health information in the possession of the board due to its administration of the Iowa health information network.
 7. Unless otherwise provided in this chapter, when sharing health information through the Iowa health information network or a private health information network maintained in this state that complies with the privacy and security requirements of this chapter for the purposes of patient treatment, payment or health care operations, as such terms are defined in HIPAA, or for the purposes of public health activities or care coordination, a participant authorized by the designated entity to use the record locator service is exempt from any other state law that is more restrictive than HIPAA that would otherwise prevent or hinder the exchange of patient information by the participant.
 8. A patient aggrieved or adversely affected by the designated entity’s failure to comply with subsection 1, paragraph “c”, may bring a civil action for equitable relief as the court deems appropriate.
  Previous section
Next section  
 Chapter 135D Contents