By December 1, 2011, the lead organization shall, consistent with the federal health insurance portability and accountability act, develop processes, guidelines, and standards that address:

(1) Identification and prioritization of high value health data from health data providers. High value health data include:

(a) Prescriptions;

(b) Immunization records;

(c) Laboratory results;

(d) Allergies; and

(e) Diagnostic imaging;

(2) Processes to request, submit, and receive data;

(3) Data security, including:

(a) Storage, access, encryption, and password protection;

(b) Secure methods for accepting and responding to requests for data;

(c) Handling unauthorized access to or disclosure of individually identifiable patient health information, including penalties for unauthorized disclosure; and

(d) Authentication of individuals, including patients and providers, when requesting access to health information, and maintenance of a permanent audit trail of such requests, including:

(i) Identification of the party making the request;

(ii) The data elements reported; and

(iii) Transaction dates;

(4) Materials written in plain language that explain the exchange of health information and how patients can effectively manage such information, including the use of online tools for that purpose;

(5) Materials for health care providers that explain the exchange of health information and the secure management of such information.

Findings—2009 c 300: See note following RCW 41.05.036.