PRINTER'S NO. 1927
No. 1626 Session of 1995
INTRODUCED BY DeLUCA, JAROLIN, READSHAW, FAIRCHILD, SHANER,
ROONEY, STURLA, ROBINSON, COLAIZZO, MANDERINO, LUCYK,
D. W. SNYDER, TIGUE, WALKO, YOUNGBLOOD, SAYLOR, HERMAN,
MIHALICH, ITKIN, RAMOS AND WASHINGTON, MAY 10, 1995
REFERRED TO COMMITTEE ON HEALTH AND HUMAN SERVICES, MAY 10, 1995
AN ACT
1 Providing for the confidentiality of medical records and for a
2 civil cause of action; and providing penalties.
3 The General Assembly of the Commonwealth of Pennsylvania
4 hereby enacts as follows:
5 Section 1. Short title.
6 This act shall be known and may be cited as the
7 Confidentiality of Medical Records Act.
8 Section 2. Legislative intent.
9 (a) Findings.--The General Assembly finds that computer
10 networks are increasingly being used to store confidential
11 medical records, which has increased the availability of this
12 information to nonauthorized personnel. Computer networks have
13 proven to be an invaluable tool in providing emergency health
14 care. The increased availability of these records, however,
15 requires strict laws regarding the access to and use of
16 confidential medical records.
1 (b) Intent.--It is the intent of the General Assembly to
2 promote the use of new technologies to improve medical care
3 while at the same time affording the public protection against
4 unauthorized access to and use of confidential medical records.
5 Section 3. Definitions.
6 The following words and phrases when used in this act shall
7 have the meanings given to them in this section unless the
8 context clearly indicates otherwise:
9 "Computer network." The interconnection of two or more
10 computers through the usage of satellite, microwave, line or
11 other communication medium.
12 "Department." The Department of Health of the Commonwealth.
13 "Medical records." Medical charts or records of any health
14 care facility licensed under the laws of this Commonwealth.
15 Section 4. Notification of records transfer.
16 No medical records shall be transferred to any computer
17 network without prior notice being provided to the patient.
18 Notice in writing shall be provided to any patient whose records
19 have been transferred prior to the effective date of this act.
20 Section 5. Good faith access and use of records.
21 No cause of action shall arise for transfers in regard to
22 this section if the action was made in good faith for the
23 benefit of the patient in an emergency health care situation.
24 Section 6. Civil cause of action.
25 Any person aggrieved by a violation of this act shall have a
26 cause of action against the person who committed or ordered the
27 commission of such violation and may receive compensatory
28 damages. An aggrieved person may also recover reasonable
29 attorney fees and costs.
30 Section 7. Sentencing.
19950H1626B1927 - 2 -
1 Any person who violates this act commits a misdemeanor of the
2 third degree and shall, upon conviction, be sentenced to pay a
3 fine of not more than $2,000 and to imprisonment for not more
4 than one year.
5 Section 8. Separate violations.
6 Each disclosure of or access to confidential medical records
7 in violation of this act is separate for the purposes of
8 criminal prosecution and civil liability.
9 Section 9. Departmental regulations.
10 The department shall issue any additional regulations needed
11 to ensure the confidentiality of any medical records placed on a
12 computer network.
13 Section 10. Automation of medical records.
14 Nothing in this act shall be construed to prohibit the use of
15 automation in medical records service, provided that all
16 provisions in this act are met and the information is readily
17 available for use in patient care.
18 Section 11. Effective date.
19 This act shall take effect in 90 days.
D11L35DGS/19950H1626B1927 - 3 -