Upstate | Keep Up

log in to track
My Notes
External Links

UNC Bill Digest

See bill on NCGA website

ncleg.gov Bill Summaries
Bill Versions

From

To

Filed

Edition 1
Upcoming Calendar Events

No events on calendar for this bill.
Sponsors

Representative Gloristine Brown(D)
Representative Donny Lambeth(R)
Representative John Autry(D)
Representative George G. Cleveland(R)
Representative Carla D. Cunningham(D)
Representative Pricey Harrison(D)
Representative Joe John(D)
Representative Ya Liu(D)
Representative Lindsey Prather(D)
Representative Bill Ward(R)
Bill Action History

Ref to the Com on Health, if favorable, Rules, Calendar, and Operations of the House

House

2023-04-19

Passed 1st Reading

House

2023-04-19

Filed

DRAFT: DRH40390-MG-24A

House

2023-04-18
Fiscal Notes

Filed
No fiscal notes available.

Edition 1
No fiscal notes available.
Keywords

COMMERCE
HEALTH SERVICES
MEDICAL RECORDS
NOTIFICATION
PUBLIC
PUBLIC HEALTH
RECORDS
PATIENT RIGHTS
Statutes

90 (Chapters); 90-414.3
90-414.6A (Sections)
Counties

No counties specifically cited.

H754: Req. Consent to Monetize Protected Hlth Info. Latest Version

Session: 2023 - 2024

House

Passed 1st Reading

AN ACT enhancing protections against the use, disclosure, or sale of protected health information by requiring a notice of data sale or transfer.

The General Assembly of North Carolina enacts:

SECTION 1. G.S. 90‑414.3(3) reads as rewritten:

(3) Covered entity. – Any of the following:

a. Any entity described in ~~45 C.F.R. § 160.103 or any~~ 45 C.F.R. § 160.103.

b. Any other facility or practitioner licensed by the State to provide ~~health care~~ healthcare services.

c. Any other entity that engages in the practice of assembling, collecting, analyzing, using, evaluating, storing, or transmitting protected health information.

SECTION 2. Article 29B of Chapter 90 of the General Statutes is amended by adding a new section to read:

§ 90‑414.6A. Notice of data sale or transfer; exemption for clinical research involving human subjects.

(a) A covered entity may not use or disclose a patient's protected health information for any purpose outside of the normal course of providing patient care, billing or paying for healthcare services, or determining insurance coverage for healthcare services, unless the covered entity first does both of the following:

(1) Notifies the patient, electronically or in writing and separate from the notice of privacy practice required under the HIPAA Privacy Rule, of the covered entity's intent to distribute or sell the patient's protected health information. The notice required by this section shall meet all of the following criteria:

a. Be limited to 250 words.

b. Provide an explanation about how the patient's protected health information will be distributed or sold outside of the normal course of care.

c. Clearly state that the patient's treatment or access to care is not contingent on the patient's agreement to the terms of the notice of data sale or transfer.

(2) Obtains the patient's agreement, electronically or in writing, to the notice of data sale or transfer required by subdivision (1) of this section.

(b) A covered entity may not make a patient's treatment, access to care, access to a patient portal, or coverage for care contingent on the patient's agreement to the terms of a notice of data sale or transfer.

(c) The notice of data sale or transfer required by this section does not apply to information captured in the process of clinical research involving the participation of human subjects. For the purpose of this section, information captured in the process of clinical research involving the participation of human subjects means personal data collected, used, or shared in academic, private, or public research involving human subjects conducted in accordance with the good clinical practice guidelines issued by The International Council for Harmonisation of Technical Requirements for Pharmaceuticals for Human Use.

SECTION 3. This act becomes effective January 1, 2024, and applies to acts occurring on or after that date.