Wisconsin Legislature: Amendment AA28-SB315

LRBa1951/3

DAK:kmg:ijs

1997 - 1998 LEGISLATURE

ASSEMBLY AMENDMENT 28,
TO 1997 SENATE BILL 315

March 10, 1998 - Offered by Representative Underheim.

SB315-AA28,1,21 At the locations indicated, amend the bill, as shown by senate substitute
2amendment 2, as follows:

SB315-AA28,1,3 31. Page 2, line 3: after "records," insert "health care provider confidentiality,".

SB315-AA28,1,5 42. Page 12, line 24: after that line, delete the material inserted by assembly
5amendment 1.

SB315-AA28,1,8 63. Page 13, line 1: delete lines 1 to 10, as affected by assembly amendment 1,
7including the material inserted after page 13, line 10, by assembly amendment1, and
8substitute:

SB315-AA28,1,10 9" Section 48m. 153.50 of the statutes, as affected by 1997 Wisconsin Act 27, is
10repealed and recreated to read:

SB315-AA28,1,12 11153.50 Protection of patient confidentiality. (1) Definitions. In this
12section:

SB315-AA28,2,2

1(a) "Data element" means an item of information from a uniform patient billing
2form.

SB315-AA28,2,33 (b) "Patient-identifiable data" means all of the following data elements:

SB315-AA28,2,44 1. Patient medical record or chart number.

SB315-AA28,2,55 2. Patient control number.

SB315-AA28,2,66 3. Patient date of birth.

SB315-AA28,2,77 4. Date of patient admission.

SB315-AA28,2,88 5. Date of patient discharge.

SB315-AA28,2,99 6. Date of patient's principal procedure.

SB315-AA28,2,1010 7. Encrypted case identifier.

SB315-AA28,2,1111 8. Insured's policy number.

SB315-AA28,2,1212 9. Patient's employer's name.

SB315-AA28,2,1313 10. Insured's date of birth.

SB315-AA28,2,1414 11. Insured's identification number.

SB315-AA28,2,1515 12. Medicaid resubmission code.

SB315-AA28,2,1616 13. Medicaid prior authorization number.

SB315-AA28,2,1817 (c) "Small number" means a number that is insufficiently large to be
18statistically significant, as determined by the department.

SB315-AA28,2,21 19(2) Prohibition on release. Patient-identifiable data obtained under this
20chapter is not subject to inspection, copying or receipt under s. 19.35 (1) and may not
21be released by the department except as provided in sub. (4).

SB315-AA28,2,24 22(3) Departmental measures to ensure protection of patient identity. To
23ensure that the identity of patients is protected when information obtained by the
24department is disseminated, the department shall do all of the following:

SB315-AA28,3,3

1(a) Aggregate any data element category containing small numbers, using
2procedures that are developed by the department and approved by the board and
3that follow commonly accepted statistical methodology.

SB315-AA28,3,64 (b) Remove and destroy all of the following data elements on the uniform
5patient billing forms that are received by the department under the requirements of
6this chapter:

SB315-AA28,3,77 1. The patient's name and street address.

SB315-AA28,3,88 2. The insured's name, address and telephone number.

SB315-AA28,3,99 3. Any other insured's name, employer name and date of birth.

SB315-AA28,3,1010 4. The signature of the patient or other authorized signature.

SB315-AA28,3,1111 5. The signature of the insured or other authorized signature.

SB315-AA28,3,1212 6. The signature of the physician.

SB315-AA28,3,14 13(4) Release of patient-identifiable data. Under the procedures specified in
14sub. (5), release of patient-identifiable data may be made to any of the following:

SB315-AA28,3,1615 (a) The patient or a person granted permission in writing by the patient for
16release of the patient's patient-identifiable data.

SB315-AA28,3,1917 (b) An agent of the department who is responsible for the patient-identifiable
18data in the department, in order to store the data and ensure the accuracy of the
19information in the data base of the department.

SB315-AA28,3,2120 (c) A health care provider or the agent of a health care provider, to ensure the
21accuracy of the information in the data base of the department.

SB315-AA28,3,2322 (d) The department, for purposes of epidemiological investigation or to
23eliminate the need for duplicative data bases.

SB315-AA28,4,3

1(e) An entity that is required by federal or state statute to obtain
2patient-identifiable data for purposes of epidemiological investigation or to
3eliminate the need for duplicative data bases.

SB315-AA28,4,8 4(5) Procedures for release of patient-identifiable data. (a) The department
5may not release or provide access to patient-identifiable data to a person authorized
6under sub. (4) (a), (c), (d) or (e) unless the authorized person requests the department,
7in writing, to release the patient-identifiable data. The request shall include all of
8the following:

SB315-AA28,4,99 1. The requester's name and address.

SB315-AA28,4,1010 2. The reason for the request.

SB315-AA28,4,1311 3. For a person who is authorized under sub. (4) (a), (c) or (d) to receive or have
12access to patient-identifiable data, evidence, in writing, that indicates that
13authorization.

SB315-AA28,4,1514 4. For an entity that is authorized under sub. (4) (e) to receive or have access
15to patient-identifiable data, evidence, in writing, of all of the following:

SB315-AA28,4,1716 a. The federal or state statutory requirement to obtain the patient-identifiable
17data.

SB315-AA28,4,2218 b. Any federal or state statutory requirement to uphold the patient
19confidentiality provisions of this chapter or patient confidentiality provisions that
20are more restrictive than those of this chapter; or, if the latter evidence is
21inapplicable, an agreement, in writing, to uphold the patient confidentiality
22provisions of this chapter.

SB315-AA28,4,2523 (b) Upon receipt of a request under par. (a), the department shall, as soon as
24practicable, comply with the request or notify the requester, in writing, of all of the
25following: