GENERAL ASSEMBLY OF NORTH CAROLINA

1987 SESSION

 

 

CHAPTER 592

SENATE BILL 539

 

AN ACT TO PROVIDE FOR CONFIDENTIALITY OF MEDICAL DATABASE INFORMATION.

 

The General Assembly of North Carolina enacts:

 

Section 1.  G.S. 131E-210(b) reads as rewritten:

"(b)      The General Assembly finds that as a result of rising medical care costs and the concern expressed by medical care providers, medical consumers, third-party payers, and health care planners involved with planning for the provision of medical care, there is an urgent need to understand patterns and trends in the use and cost of these services. It is the intent and purpose of this Article to establish an information base to be used to improve the appropriate and efficient usage of medical care services, while at the same time maintaining an acceptable quality of health care services in this State. This is to be accomplished by compiling a uniform set of data and disseminating aggregate data, including but not limited to price and utilization data. It is the intent of the General Assembly to require that the information necessary for a review and comparison of cost, utilization patterns, and quality of medical services be supplied to the Medical Database Commission by all medical care providers and third-party payers both public and private. It is the intent of the General Assembly that any duplication in the collection of medical care data shall be eliminated as recommended by the Medical Database Commission. The information is to be compiled by a statewide clearinghouse and made available in an aggregate form to interested persons, including medical care providers, payors, medical care consumers, and health care planners to improve the decision-making processes regarding access, identified needs, patterns of medical care, price and use of appropriate medical care services. The Commission shall take steps to assure that patient confidentiality shall be protected.  However, the limited use of the social security numbers of patients as provided in G.S. 131E-212(b) (5) and (6) and G.S. 131E-213 is vital to insuring the degree of accuracy of the information base contemplated by this Article and to achieve the purposes of the General Assembly in enacting this Article."

Sec. 2.  The first paragraph of G.S. 131E-212 is designated as subsection (a).

Sec. 3.  G.S. 131E-212(b) reads as rewritten:

"(b)      The Commission may adopt rules after holding required public hearings and complying with the other procedural requirements of Chapter 150A of the General Statutes, governing the acquisition, compilation, and dissemination of all data collected pursuant to this Article. The rules shall provide, at a minimum that:

(1)       The Commissioner of Insurance shall require all third-party payers, including licensed insurers, medical and hospital service corporations, health maintenance organizations, and self-funded employee health plans to provide to the Commission the claims data, as required by this Article. The data shall be provided in the most useful form possible to the data processor, which may include copies of the UB-82 to report hospital inpatient claims information, datatape, or other electronic media.

(2)       This data shall include the following: patient's age, sex, zip code, third-party coverage, principal and other diagnoses, date of admission, procedure and discharge date, principal and other procedures, total charges and components of those charges, attending physician identification number, and hospital identification number.  In accordance with the findings of the General Assembly set forth in G.S. 131E-210(b), data provided to the Commission may include the patient's social security number but the handling and disclosure of such number shall be in accordance with G.S. 131E-212(b)(5) and (6) and G.S. 131E-213.

(3)       The Commission shall ensure that adequate measures have been taken to provide system security for all data and information acquired under this Article.

(4)       The data shall be collected in the most efficient and cost-effective manner and the providers of the data shall be reimbursed for the reasonable cost incurred in providing for the actual data to the Commission as determined by the Commission.

(5)       The Commission shall develop procedures to assure the confidentiality of patient records. Patient names, addresses, and other personal identifiers patient identifying information shall be omitted from the database.  For purposes of this section, the social security numbers of patients shall not be considered to be patient identifying information, although the further dissemination of such numbers shall be governed by the provisions of G.S. 131E-212(b)(6) and G.S. 131E-213.

(6)       A data provider may obtain data it has submitted as well as other aggregate data, but it may not access data submitted by another provider and which is limited only to that provider.  In no event may a data provider obtain data regarding the social security number of a patient except in instances when that data was originally submitted by the requesting provider.  Prior to the release or dissemination of any data, in any form, the Commission shall permit providers an opportunity to verify the accuracy of any information pertaining to the provider.

(7)       The Commission shall charge users for the cost of data preparation for information that is beyond the routine data disseminated by the Commission.

(8)       Time limits shall be set for the submission and review of data by data providers and penalties shall be established for failure to submit and review the data within the established time."

Sec. 4.  G.S. 131E-213 reads as rewritten:

"§ 131E-213.  North Carolina Medical Database not public records.-The individual forms, computer tapes, or other forms of data collected by and furnished to the Commission or data processor shall not be public records under Chapter 132 of the General Statutes and shall not be subject to public inspection. After approval by the Commission, the compilations prepared for release or dissemination from the data collected, except for a report prepared for an individual data provider containing information concerning only its transactions, shall be public records. The confidentiality of patient's individual personal identifiers, such as name or address in conjunction with a social security or patient identification number, is to be protected and the laws of this State with regard to patient confidentiality apply. The confidentiality of patient identifying information is to be protected and the pertinent statutes, rules, and regulations of the State of North Carolina and of the Federal Government relative to patient confidentiality shall apply.  For purposes of this section, patient identifying information means the name, address, social security number or similar information by which the identity of the patient can be determined with reasonable accuracy and speed either directly or by reference to other publicly available information.  The term does not include a patient identifying number assigned by a program.  In any event, the patient identifying information (as defined in this section) obtained shall not be further disclosed, and may not be used in connection with any legal, administrative, supervisory, or other action whatsoever with respect to such patient.  The Commission shall hold such information in confidence, is prohibited from taking any administrative, investigative, or other action with respect to any individual patient on the basis of such information, and is prohibited from identifying, directly or indirectly, any individual patient in any report of scientific research or long-term evaluation, or otherwise disclosing patient identities in any manner.  Further, patient identifying information submitted to the Commission which would directly or indirectly identify any patient may not be disclosed by the Commission either voluntarily or in response to any legal process whether federal or State unless authorized by an appropriate court of competent jurisdiction granted after application showing good cause therefor.  In assessing good cause the court shall weigh the public interest and the need for disclosure against the injury to the patient, to the physician-patient relationship, and to the treatment services.  Upon the granting of such order, the court, in determining the extent to which any disclosure of all or any part of any record is necessary, shall impose appropriate safeguards against unauthorized disclosure."

Sec. 5.  This act is effective upon ratification.

In the General Assembly read three times and ratified this the 10th day of July, 1987.