153.45(1)(b)2.b. b. The payment source, by type.
153.45(1)(b)2.c. c. The patient's age category, by 5-year intervals.
153.45(1)(b)2.d. d. The patient's procedure code.
153.45(1)(b)2.e. e. The patient's diagnosis code.
153.45(1)(b)2.f. f. Charges assessed with respect to the procedure code.
153.45(1)(b)2.g. g. The name and address of the facility in which the patient's services were rendered.
153.45(1)(b)2.h. h. The patient's sex.
153.45(1)(b)2.i. i. Information that contains the name of a health care provider that is not a hospital or ambulatory surgery center, if the independent review board first reviews and approves the release or if the department promulgates rules that specify circumstances under which the independent review board need not review and approve the release.
153.45(1)(b)2.j. j. Calendar quarters of service, except if the department specifies by rule that the number of data elements included in the public use data file is too small to enable protection of patient confidentiality.
153.45(1)(b)2.k. k. Information other than patient-identifiable data, as defined in s. 153.50 (1) (b), as approved by the independent review board.
153.45(1)(c) (c) Custom-designed reports containing portions of the data under par. (b). Of information submitted by health care providers that are not hospitals or ambulatory surgery centers, requests under this paragraph for data elements other than those available for public use data files under par. (b) 2., including the patient's month and year of birth, require review and approval by the independent review board before the data elements may be released. Information that contains the name of a health care provider that is not a hospital or ambulatory surgery center may be released only if the independent review board first reviews and approves the release or if the department promulgates rules that specify circumstances under which the independent review board need not review and approve the release. Reports under this paragraph may include the patient's zip code only if at least one of the following applies:
153.45(1)(c)1. 1. Other potentially identifying data elements are not released.
153.45(1)(c)2. 2. Population density is sufficient to mask patient identity.
153.45(1)(c)3. 3. Other potentially identifying data elements are grouped to provide population density sufficient to protect identity.
153.45(1)(c)4. 4. Multiple years of data elements are added to protect identity.
153.45(1m) (1m) After completion of data verification and review procedures specified by the department by rule, the department may, but is not required to, release special data compilations.
153.45(2) (2) The department shall provide to other entities the data necessary to fulfill their statutory mandates for epidemiological purposes or to minimize the duplicate collection of similar data elements.
153.45(3) (3) The department may, but is not required to, release health care provider-specific and employer-specific data, except in public use data files as specified under sub. (1) (b), in a manner that is specified in rules promulgated by the department.
153.45(4) (4) The department shall prohibit purchasers of data from rereleasing individual data elements of health care data files.
153.45(5) (5) The department may not release any health care information that is subject to rules promulgated under s. 153.75 (1) (b) until the verification, comment and review procedures required under those rules have been complied with. Nothing in this subsection prohibits release of health care provider-specific information to the health care provider to whom the information relates.
153.45(6) (6) The department may not sell or distribute databases of information, from health care providers who are not hospitals or ambulatory surgery centers, that are able to be linked with public use data files, unless first approved by the independent review board.
153.50 153.50 Protection of patient confidentiality.
153.50(1) (1)Definitions. In this section:
153.50(1)(b)1.1. "Patient-identifiable data", for information submitted by hospitals and ambulatory surgery centers, means all of the following data elements:
153.50(1)(b)1.a. a. Patient medical record or chart number.
153.50(1)(b)1.b. b. Patient control number.
153.50(1)(b)1.c. c. Patient date of birth.
153.50(1)(b)1.d. d. Date of patient admission.
153.50(1)(b)1.e. e. Date of patient discharge.
153.50(1)(b)1.f. f. Date of patient's principal procedure.
153.50(1)(b)1.g. g. Encrypted case identifier.
153.50(1)(b)1.h. h. Insured's policy number.
153.50(1)(b)1.i. i. Patient's employer's name.
153.50(1)(b)1.j. j. Insured's date of birth.
153.50(1)(b)1.k. k. Insured's identification number.
153.50(1)(b)1.L. L. Medicaid resubmission code.
153.50(1)(b)1.m. m. Medicaid prior authorization number.
153.50(1)(b)2. 2. "Patient-identifiable data", for information submitted by health care providers who are not hospitals or ambulatory surgery centers, means all of the following data elements:
153.50(1)(b)2.a. a. Data elements specified in subd. 1. a. to g., L. and m.
153.50(1)(b)2.b. b. Whether the patient's condition is related to employment, and occurrence and place of an auto accident or other accident.
153.50(1)(b)2.c. c. Date of first symptom of current illness, of current injury or of current pregnancy.
153.50(1)(b)2.d. d. First date of the patient's same or similar illness, if any.
153.50(1)(b)2.e. e. Dates that the patient has been unable to work in his or her current occupation.
153.50(1)(b)2.f. f. Dates of receipt by the patient of medical service.
153.50(1)(b)2.g. g. The patient's city, town or village.
153.50(1)(c) (c) "Small number" means a number that is insufficiently large to be statistically significant, as determined by the department.
153.50(3) (3)Departmental measures to ensure protection of patient identity. To ensure that the identity of patients is protected when information obtained by the department is disseminated, the department shall do all of the following:
153.50(3)(a) (a) Aggregate any data element category containing small numbers, using procedures that are developed by the department and approved by the board and that follow commonly accepted statistical methodology.
153.50(3)(b) (b) Remove and destroy all of the following data elements on the uniform patient billing forms that are received by the department under the requirements of this chapter:
153.50(3)(b)1. 1. The patient's name and street address.
153.50(3)(b)2. 2. The insured's name, address and telephone number.
153.50(3)(b)3. 3. Any other insured's name, employer name and date of birth.
153.50(3)(b)4. 4. The signature of the patient or other authorized signature.
153.50(3)(b)5. 5. The signature of the insured or other authorized signature.
153.50(3)(b)6. 6. The signature of the physician.
153.50(3)(b)7. 7. The patient's account number, after use only as verification of data by the department.
153.50(3)(c) (c) Develop, for use by purchasers of data under this chapter, a data use agreement that specifies data use restrictions, appropriate uses of data and penalties for misuse of data, and notify prospective and current purchasers of data of the appropriate uses.
153.50(3)(d) (d) Require that a purchaser of data under this chapter sign and have notarized the data use agreement of the department specified in par. (c).
153.50(3m) (3m)Health care provider measures to ensure patient identity protection. A health care provider that is not a hospital or ambulatory surgery center shall, before submitting information required by the department under this chapter, convert to a payer category code as specified by the department any names of an insured's payer or other insured's payer.
153.50(4) (4)Release of patient-identifiable data.
153.50(4)(a)(a) Except as specified in par. (b), under the procedures specified in sub. (5), release of patient-identifiable data may be made only to any of the following:
153.50(4)(a)1. 1. An agent of the department who is responsible for the patient-identifiable data in the department, in order to store the data and ensure the accuracy of the information in the database of the department.
153.50(4)(a)2. 2. A health care provider or the agent of a health care provider, to ensure the accuracy of the information in the database of the department.
153.50(4)(a)3. 3. The department, for purposes of epidemiological investigation or to eliminate the need for duplicative databases.
153.50(4)(a)4. 4. An entity that is required by federal or state statute to obtain patient-identifiable data for purposes of epidemiological investigation or to eliminate the need for duplicative databases.
153.50(4)(b) (b) Of information submitted by health care providers that are not hospitals or ambulatory surgery centers, patient-identifiable data that contain a patient's date of birth may be released under par. (a) only under circumstances as specified by rule by the department.
153.50(5) (5)Procedures for release of patient-identifiable data.
153.50(5)(a)(a) The department may not release or provide access to patient-identifiable data to a person authorized under sub. (4) (a) unless the authorized person requests the department, in writing, to release the patient-identifiable data. The request shall include all of the following:
153.50(5)(a)1. 1. The requester's name and address.
153.50(5)(a)2. 2. The reason for the request.
153.50(5)(a)3. 3. For a person who is authorized under sub. (4) (a) to receive or have access to patient-identifiable data, evidence, in writing, that indicates that authorization.
153.50(5)(a)4. 4. For an entity that is authorized under sub. (4) (a) 4. to receive or have access to patient-identifiable data, evidence, in writing, of all of the following:
153.50(5)(a)4.a. a. The federal or state statutory requirement to obtain the patient-identifiable data.
153.50(5)(a)4.b. b. Any federal or state statutory requirement to uphold the patient confidentiality provisions of this chapter or patient confidentiality provisions that are more restrictive than those of this chapter; or, if the latter evidence is inapplicable, an agreement, in writing, to uphold the patient confidentiality provisions of this chapter.
153.50(5)(b) (b) Upon receipt of a request under par. (a), the department shall, as soon as practicable, comply with the request or notify the requester, in writing, of all of the following:
153.50(5)(b)1. 1. That the department is denying the request in whole or in part.
153.50(5)(b)2. 2. The reason for the denial.
153.50(5)(b)3. 3. For a person who believes that he or she is authorized under sub. (4) (a), the action provided under s. 19.37.
153.50(5m) (5m)Employers not to request patient-identifiable data. Notwithstanding subs. (4) and (5) no employer may request the release of or access to patient-identifiable data of an employee of the employer.
153.50(6) (6)Information submitted.
153.50(6)(a)(a) The department may not require a health care provider submitting health care information under this chapter to include the patient's name, street address or social security number.
153.50(6)(b) (b) The department may not require under this chapter a health care provider that is not a hospital or ambulatory surgery center to submit uniform patient billing forms.
153.50(6)(c) (c) A health care provider that is not a hospital or ambulatory surgery center may not submit any of the following to the department under the requirements of this chapter:
153.50(6)(c)1. 1. The data elements specified under sub. (3) (b).
153.50(6)(c)2. 2. The patient's telephone number.
153.50(6)(c)3. 3. The insured's employer's name or school name.
153.50(6)(c)4. 4. Data regarding insureds other than the patient, other than the payer category code under sub. (3m).
Loading...
Loading...
This is an archival version of the Wis. Stats. database for 1999. See Are the Statutes on this Website Official?