SB 1275 Medical data in an electronic or digital format; limitations on use, storage, sharing, & processing.
SUMMARY AS INTRODUCED:
Medical data. Prohibits any person that regularly stores medical data in an electronic or digital format from (i) participating in the establishment or implementation of the Nationwide Health Information Network; (ii) performing any analytic or statistical processing with regard to any medical records from multiple patients for purposes of medical diagnosis or treatment, including population health management; or (iii) processing medical data at a facility within the Commonwealth in any instance where a majority of the patients whose medical data is being processed do not reside in the Commonwealth. A database at which medical data is regularly stored in an electronic or digital format shall not store or maintain in a manner that is accessible by the operator or any other person, in an electronic or digital format, at any one time, medical data regarding more than 10,000 patients.
Of note, the bill also counters the coercive aspects of the HITECH bill, stealthily sneaked into the Economic Recovery Act (ARRA) without so much as a peep of public comment, thanks to the Health IT lobby (as described by Robert O'Harrow Jr. in the WaPo in May 2009, see here):
The measure provides that any health care provider shall not be subject to any penalty, sanction, or other adverse action resulting from its failure or refusal to implement an online computerized medical record system. A patient's consent to the sharing of his health care information shall be presumed not to grant consent to the electronic or digital storing or transmission of the information to any person other than for health care coverage purposes. Finally, the measure prohibits the Commonwealth from authorizing the establishment or operation of a health information exchange.
The proposal seems authoritarian in terms of use of aggregated, de-identified medical data for public health purposes. In the current environment, however, of health IT hyper-exuberance, misuse of medical data (e.g., putting it up for sale as at link, link) and repeated major security breaches, perhaps a return to sanity requires putting the brakes on - hard - and performing a 'system reset.'
It's clear the hyperenthusiasts will not like this proposed legislation.
-- SS