REQUESTING THE NEW MEXICO HEALTH POLICY COMMISSION TO REVIEW AND MAKE RECOMMENDATIONS REGARDING HEALTH DATA PRIVACY AND CONFIDENTIALITY AND HEALTH DATA SECURITY STANDARDS.
WHEREAS, individuals expect confidential, respectful treatment of personal information about their health; and
WHEREAS, many participants in the health care system and government have legitimate needs to access health care information in performing their roles, and access to such information has potential benefits to the health of New Mexico and an effective, efficient health care system; and
WHEREAS, health data is increasingly collected, shared, analyzed, accessed and stored by a variety of entities; and
WHEREAS, health data increasingly is electronically transmitted, including via the internet, which enhances the efficiency of the health care system, yet raises concerns regarding unauthorized access to such data; and
WHEREAS, the state is best positioned to ensure an appropriate balance between the privacy of individuals and the legitimate needs of access to personal health data; and
WHEREAS, New Mexico has multiple fragmented statutes pertaining to health data confidentiality and privacy and few provisions for required electronic transmission security; and
WHEREAS, the federal Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, requires the federal secretary of health and human services to adopt security transmission standards for a subset of health data exchanges; and
WHEREAS, the secretary of health and human services, in accordance with Public Law 104-191, has made recommendations to congress regarding confidentiality and privacy of health data and congress is expected to establish a minimum level of protection, allowing states to impose requirements, standards or implementation specifications that are more stringent;
NOW, THEREFORE, BE IT RESOLVED BY THE LEGISLATURE OF THE STATE OF NEW MEXICO that the New Mexico health policy commission, working with members of the health information alliance, study and make recommendations concerning the appropriate protection, access, use, disclosure and electronic transmission security standards of personal health data; and
BE IT FURTHER RESOLVED that the commission review federal law and New Mexico law on health data confidentiality and privacy, electronic transmission of health data and security standards, and the health care industry and security technical standards; and
BE IT FURTHER RESOLVED that the views of the New Mexico public and the balance between privacy and benefits to the state and the health of New Mexico from access to personal health data be considered; and
BE IT FURTHER RESOLVED that careful consideration be given to the privacy rights of individuals, including the use and disclosure of personal identifiable health information and the need for authorization; and
BE IT FURTHER RESOLVED that the technical capabilities of the health care industry and costs of security measures, especially in regards to implementation by small and rural health care providers be considered; and
BE IT FURTHER RESOLVED that the New Mexico health policy commission and health information alliance seek participation by all state government agencies responsible for health, health care services and insurance; the state chief information officer; the private health care sector; consumers; and individuals with security, technical and pertinent legal expertise; and
BE IT FURTHER RESOLVED that the New Mexico health policy commission present a preliminary report by October 15, 1999 and final assessment and recommendation by October 1, 2000 to
the appropriate legislative committee; and
BE IT FURTHER RESOLVED that a copy of this memorial be sent to the chairman of the New Mexico health policy commission for distribution to appropriate state departments and agencies and other persons.