SCS/SB 2 - This act creates the crime of knowingly receiving, selling, or obtaining personal health information without the person's consent. It shall be Class D felony if such crime is committed against at least one but not more than five persons. It shall be a Class C felony if such crime is committed against more than five persons. There are exemptions for law enforcement officers or other governmental agencies performing their official duties. There are exemptions for health care providers obtaining, using, disclosing, or permitting access to any personal health information record as otherwise authorized or required by state or federal law.
Nothing in this act shall be construed to prevent an insurance company or insurance producer, a workers' compensation carrier or other certain specified entities from obtaining, using, disclosing, or permitting access to any personal health information or personal health information record, either directly or indirectly through its agents, as permitted by federal and state laws and regulations governing the conduct of insurance companies with respect to personal information, including personal health information.
In addition, no provision of this section shall be construed so as to limit conducting any medical research as defined in federal regulations or to prohibit reporting personal health information where authorized or required by law.
"Personal health information" is defined as any identifiable information, in electronic or physical form, regarding the individual's health, medical history, medical treatment or diagnosis by a health care provider that is: (a) created or stored by the health care provider or health carrier in the normal course of its business operations; and (b) not otherwise available publicly or in the public domain.
The effective date for this act is January 1, 2008.
This act is identical to HCS/SS/SCS/SB 1041 (2006).