Wisconsin Legislature: AB133-SSA1-SA1,297,5

AB133-SSA1-SA1,294,1717 a. The patient's county of residence.

AB133-SSA1-SA1,294,1818 b. The payment source, by type.

AB133-SSA1-SA1,294,2019 c. The patient's age category, by 5-year intervals up to age 80 and a category
20of 80 years or older.

AB133-SSA1-SA1,294,2121 d. The patient's procedure code.

AB133-SSA1-SA1,294,2222 e. The patient's diagnosis code.

AB133-SSA1-SA1,294,2323 f. Charges assessed with respect to the procedure code.

AB133-SSA1-SA1,294,2524 g. The name and address of the facility in which the patient's services were
25rendered.

AB133-SSA1-SA1,295,1

1h. The patient's sex.

AB133-SSA1-SA1,295,62 i. Information that contains the name of a health care provider that is not a
3hospital or ambulatory surgery center, if the independent review board first reviews
4and approves the release or if the department promulgates rules that specify
5circumstances under which the independent review board need not review and
6approve the release.

AB133-SSA1-SA1,295,97 j. Calendar quarters of service, except if the department specifies by rule that
8the number of data elements included in the public use data file is too small to enable
9protection of patient confidentiality.

AB133-SSA1-SA1,295,1110 k. Information other than patient-identifiable data, as defined in s. 153.50 (1)
11(b), as approved by the independent review board.

AB133-SSA1-SA1, s. 2280e 12Section 2280e. 153.45 (1) (c) of the statutes is renumbered 153.45 (1) (c)
13(intro.) and amended to read:

AB133-SSA1-SA1,295,2514 153.45 (1) (c) (intro.) Custom-designed reports containing portions of the data
15under par. (b). Of information submitted by health care providers that are not
16hospitals or ambulatory surgery centers, requests under this paragraph for data
17elements other than those available for public use data files under par. (b) 2.,
18including the patient's month and year of birth, require review and approval by the
19independent review board before the data elements may be released. Information
20that contains the name of a health care provider that is not a hospital or ambulatory
21surgery center may be released only if the independent review board first reviews
22and approves the release or if the department promulgates rules that specify
23circumstances under which the independent review board need not review and
24approve the release. Reports under this paragraph may include the patient's zip code
25only if at least one of the following applies:

AB133-SSA1-SA1, s. 2280f

1Section 2280f. 153.45 (1) (c) 1. to 4. of the statutes are created to read:

AB133-SSA1-SA1,296,22 153.45 (1) (c) 1. Other potentially identifying data elements are not released.

AB133-SSA1-SA1,296,33 2. Population density is sufficient to mask patient identity.

AB133-SSA1-SA1,296,54 3. Other potentially identifying data elements are grouped to provide
5population density sufficient to protect identity.

AB133-SSA1-SA1,296,66 4. Multiple years of data elements are added to protect identity.

AB133-SSA1-SA1, s. 2280g 7Section 2280g. 153.45 (6) of the statutes is created to read:

AB133-SSA1-SA1,296,118 153.45 (6) The department may not sell or distribute data bases of information,
9from health care providers who are not hospitals or ambulatory surgery centers, that
10are able to be linked with public use data files, unless first approved by the
11independent review board.

AB133-SSA1-SA1, s. 2280ge 12Section 2280ge. 153.50 (1) (a) of the statutes is renumbered 153.01 (2m).

AB133-SSA1-SA1, s. 2280gg 13Section 2280gg. 153.50 (1) (b) of the statutes is renumbered 153.50 (1) (b) 1.,
14and 153.50 (1) (b) 1. (intro.), as renumbered, is amended to read:

AB133-SSA1-SA1,296,1715 153.50 (1) (b) 1. (intro.) "Patient-identifiable data", for information submitted
16by hospitals and ambulatory surgery centers, means all of the following data
17elements:

AB133-SSA1-SA1, s. 2280gm 18Section 2280gm. 153.50 (1) (b) 2. of the statutes is created to read:

AB133-SSA1-SA1,296,2119 153.50 (1) (b) 2. "Patient-identifiable data", for information submitted by
20health care providers who are not hospitals or ambulatory surgery centers, means
21all of the following data elements:

AB133-SSA1-SA1,296,2222 a. Data elements specified in subd. 1. a. to g., L. and m.

AB133-SSA1-SA1,296,2423 b. Whether the patient's condition is related to employment, and occurrence
24and place of an auto accident or other accident.

AB133-SSA1-SA1,297,2

1c. Date of first symptom of current illness, of current injury or of current
2pregnancy.

AB133-SSA1-SA1,297,33 d. First date of patient's same or similar illness, if any.

AB133-SSA1-SA1,297,54 e. Dates that the patient has been unable to work in his or her current
5occupation.

AB133-SSA1-SA1,297,66 f. Dates of receipt by patient of medical service.

AB133-SSA1-SA1,297,77 g. The patient's city, town or village.

AB133-SSA1-SA1, s. 2280h 8Section 2280h. 153.50 (2) of the statutes is repealed.

AB133-SSA1-SA1, s. 2280i 9Section 2280i. 153.50 (3) (b) 7. of the statutes is created to read:

AB133-SSA1-SA1,297,1110 153.50 (3) (b) 7. The patient's account number, after use only as verification of
11data by the department.

AB133-SSA1-SA1, s. 2280j 12Section 2280j. 153.50 (3) (c) of the statutes is created to read:

AB133-SSA1-SA1,297,1613 153.50 (3) (c) Develop, for use by purchasers of data under this chapter, a data
14use agreement that specifies data use restrictions, appropriate uses of data and
15penalties for misuse of data, and notify prospective and current purchasers of data
16of the appropriate uses.

AB133-SSA1-SA1, s. 2280k 17Section 2280k. 153.50 (3) (d) of the statutes is created to read:

AB133-SSA1-SA1,297,1918 153.50 (3) (d) Require that a purchaser of data under this chapter sign and have
19notarized the data use agreement of the department specified in par. (c).

AB133-SSA1-SA1, s. 2280km 20Section 2280km. 153.50 (3m) of the statutes is created to read:

AB133-SSA1-SA1,297,2521 153.50 (3m) Healthcare provider measures to ensure patient identity
22protection. A health care provider that is not a hospital or ambulatory surgery
23center shall, before submitting information required by the department under this
24chapter, convert to a payer category code as specified by the department any names
25of an insured's payer or other insured's payer.

AB133-SSA1-SA1, s. 2280kp

1Section 2280kp. 153.50 (4) (intro.) of the statutes is renumbered 153.50 (4)
2(a) (intro.) and amended to read:

AB133-SSA1-SA1,298,53 153.50 (4) (a) (intro.) Under Except as specified in par. (b), under the
4procedures specified in sub. (5), release of patient-identifiable data may be made
5only to any of the following:

AB133-SSA1-SA1, s. 2280kq 6Section 2280kq. 153.50 (4) (a) of the statutes is repealed.

AB133-SSA1-SA1, s. 2280kr 7Section 2280kr. 153.50 (4) (b) to (e) of the statutes are renumbered 153.50 (4)
8(a) 1. to 4.

AB133-SSA1-SA1, s. 2280ks 9Section 2280ks. 153.50 (4) (b) of the statutes is created to read:

AB133-SSA1-SA1,298,1310 153.50 (4) (b) Of information submitted by health care providers that are not
11hospitals or ambulatory surgery centers, patient-identifiable data that contains a
12patient's date of birth may be released under par. (a) only under circumstances as
13specified by rule by the department.

AB133-SSA1-SA1, s. 2280ku 14Section 2280ku. 153.50 (5) (a) (intro.) of the statutes is amended to read:

AB133-SSA1-SA1,298,1815 153.50 (5) (a) (intro.) The department may not release or provide access to
16patient-identifiable data to a person authorized under sub. (4) (a) , (c), (d) or (e)
17unless the authorized person requests the department, in writing, to release the
18patient-identifiable data. The request shall include all of the following:

AB133-SSA1-SA1, s. 2280kv 19Section 2280kv. 153.50 (5) (a) 3. of the statutes is amended to read:

AB133-SSA1-SA1,298,2220 153.50 (5) (a) 3. For a person who is authorized under sub. (4) (a), (c) or (d) to
21receive or have access to patient-identifiable data, evidence, in writing, that
22indicates that authorization.

AB133-SSA1-SA1, s. 2280kw 23Section 2280kw. 153.50 (5) (a) 4. (intro.) of the statutes is amended to read:

AB133-SSA1-SA1,299,3

1153.50 (5) (a) 4. (intro.) For an entity that is authorized under sub. (4) (e) (a)
24. to receive or have access to patient-identifiable data, evidence, in writing, of all
3of the following:

AB133-SSA1-SA1, s. 2280kx 4Section 2280kx. 153.50 (5) (b) 3. of the statutes is amended to read:

AB133-SSA1-SA1,299,65 153.50 (5) (b) 3. For a person who believes that he or she is authorized under
6sub. (4) (a), the action provided under s. 19.37.".

AB133-SSA1-SA1,299,7 7959. Page 1170, line 22: after that line insert:

AB133-SSA1-SA1,299,8 8" Section 2280p. 153.50 (6) of the statutes is renumbered 153.50 (6) (a).

AB133-SSA1-SA1, s. 2280q 9Section 2280q. 153.50 (6) (b), (c), (d) and (e) of the statutes are created to read:

AB133-SSA1-SA1,299,1210 153.50 (6) (b) The department may not require under this chapter a health care
11provider that is a hospital or ambulatory surgery center to submit uniform patient
12billing forms.

AB133-SSA1-SA1,299,1513 (c) A health care provider that is not a hospital or ambulatory surgery center
14may not submit any of the following to the department under the requirements of
15this chapter:

AB133-SSA1-SA1,299,1616 1. The data elements specified under sub. (3) (b).

AB133-SSA1-SA1,299,1717 2. The patient's telephone number.

AB133-SSA1-SA1,299,1818 3. The insured's employer's name or school name.

AB133-SSA1-SA1,299,2019 4. Data regarding insureds other than the patient, other than the payer
20category code under sub. (3m).

AB133-SSA1-SA1,299,2121 5. The patient's employer's name or school name.

AB133-SSA1-SA1,299,2222 6. The patient's relationship to the insured.

AB133-SSA1-SA1,299,2323 7. The insured's identification number.

AB133-SSA1-SA1,299,2424 8. The insured's policy or group number.

AB133-SSA1-SA1,300,1

19. The insured's date of birth or sex.

AB133-SSA1-SA1,300,22 10. The patient's marital, employment or student status.

AB133-SSA1-SA1,300,63 (d) If a health care provider that is not a hospital or ambulatory surgery center
4submits a data element that is specified in par. (c) 1. to 10., the department shall
5immediately return this information to the health care provider or, if discovered
6later, shall remove and destroy the information.

AB133-SSA1-SA1,300,87 (e) A health care provider may not submit information that uses any of the
8following as a patient account number:

AB133-SSA1-SA1,300,109 1. The patient's social security number or any substantial portion of the
10patient's social security number.

AB133-SSA1-SA1,300,1111 2. A number that is related to another patient identifying number.

AB133-SSA1-SA1, s. 2280r 12Section 2280r. 153.55 of the statutes is amended to read:

AB133-SSA1-SA1,300,15 13153.55 Protection of health care provider confidentiality. Health care
14provider-identifiable data Data obtained under this chapter is not subject to
15inspection, copying or receipt under s. 19.35 (1).".

AB133-SSA1-SA1,300,16 16960. Page 1172, line 14: after that line insert:

AB133-SSA1-SA1,300,17 17" Section 2283g. 153.67 of the statutes is created to read:

AB133-SSA1-SA1,300,23 18153.67 Independent review board. The independent review board shall
19review any request under s. 153.45 (1) (c) for data elements other than those
20available for public use data files under s. 153.45 (1) (b). Unless the independent
21review board approves such a request or unless independent review board approval
22is not required under rules of the department promulgated under s. 153.45 (1) (c)
23(intro.), the data elements requested may not be released.

AB133-SSA1-SA1, s. 2283h 24Section 2283h. 153.76 of the statutes is created to read:

AB133-SSA1-SA1,301,4

1153.76 Rule-making by the independent review board.
2Notwithstanding s. 15.01 (1r), the independent review board may promulgate only
3those rules that are first reviewed and approved by the board on health care
4information.

AB133-SSA1-SA1, s. 2283i 5Section 2283i. 153.85 of the statutes is amended to read:

AB133-SSA1-SA1,301,9 6153.85 Civil liability. Any Except as provided in s. 153.86, any person
7violating s. 153.50 or rules promulgated under s. 153.75 (1) (a) is liable to the patient
8for actual damages and costs, plus exemplary damages of up to $1,000 for a negligent
9violation and up to $5,000 for an intentional violation.

AB133-SSA1-SA1, s. 2283j 10Section 2283j. 153.86 of the statutes is created to read:

AB133-SSA1-SA1,301,16 11153.86 Immunity from liability. A health care provider that submits
12information to the department under this chapter is immune from civil liability for
13any act or omission of an employe, official or agent of the health care provider that
14results in the release of a prohibited data element while submitting data to the
15department of health and family services. The immunity provided under this section
16does not apply to intentional, wilful or reckless acts or omissions.

AB133-SSA1-SA1, s. 2283k 17Section 2283k. 153.90 (1) of the statutes is amended to read:

AB133-SSA1-SA1,301,2018 153.90 (1) Whoever intentionally violates s. 153.45 (5) or 153.50 or rules
19promulgated under s. 153.75 (1) (a) may be fined not more than $10,000 $15,000 or
20imprisoned for not more than 9 months one year or both.".

AB133-SSA1-SA1,301,21 21961. Page 1174, line 2: after that line insert:

AB133-SSA1-SA1,301,22 22" Section 2286e. 165.25 (2m) of the statutes is created to read: