Florida Senate - 2019 SB 1544
By Senator Harrell
25-01042-19 20191544__
1 A bill to be entitled
2 An act relating to data innovation; creating s. 11.52,
3 F.S.; providing a short title; providing legislative
4 intent; establishing the Office of Data Innovation and
5 Governance for specified purposes; providing duties of
6 the office; requiring the office to develop an
7 interagency governance committee; providing committee
8 membership; requiring the committee to develop
9 operating guidelines; requiring the office to provide
10 a certain recommendation to the Governor and the
11 Legislature by a specified date; amending s. 408.051,
12 F.S.; requiring certain health care providers to
13 quarterly report their secure messaging direct
14 addresses to the Agency for Health Care
15 Administration; requiring the agency to publish a
16 directory of such direct addresses in a certain
17 format; creating s. 408.0522, F.S.; providing
18 legislative intent; defining terms; requiring certain
19 certified electronic health record (EHR) vendors
20 conducting business in this state to provide
21 interoperability and data integration; requiring such
22 EHR vendors to make a certain attestation to the
23 agency; requiring the agency to quarterly publish a
24 certain list of EHR vendors; requiring licensed health
25 care entities and licensed providers to report EHR
26 vendor information blocking; requiring the agency to
27 impose a specified fine on an EHR vendor for certain
28 noncompliance or information blocking; providing for
29 the distribution of collected fines; requiring any
30 integrating partner to meet security requirements for
31 EHR vendors; providing immunity from liability for an
32 EHR vendor under certain circumstances; prohibiting
33 discriminatory pricing; clarifying that the qualifying
34 entity is responsible for integration; prohibiting EHR
35 vendors from taking certain actions; providing an
36 effective date.
37
38 Be It Enacted by the Legislature of the State of Florida:
39
40 Section 1. Section 11.52, Florida Statutes, is created to
41 read:
42 11.52 Office of Data Innovation and Governance;
43 interoperability; portfolio rationalization.—
44 (1) SHORT TITLE.—This section shall be known and may be
45 cited as the “Legislature’s Office of Data Innovation
46 Governance, Interoperability, and Portfolio Rationalization
47 Act.”
48 (2) LEGISLATIVE INTENT.—The Legislature recognizes that no
49 state agency or entity is tasked with ensuring that the state’s
50 data is interoperable. It is the intent of the Legislature to
51 create the Office of Data Innovation and Governance to ensure
52 that all state agencies collaborate and synthesize data securely
53 through interoperability, and to create software and information
54 technology (IT) application procurement with the intent of
55 achieving interoperability, thereby reducing the number of
56 standalone applications that do not communicate with each other.
57 It is the intent of the Legislature to minimize the costs
58 associated with areas of data management; to ensure accurate
59 procedures around regulation and compliance activities; to
60 increase transparency within any data-related activities; to
61 institute better training and educational practices for the
62 management of data assets; to increase the value of this state’s
63 data while providing standardized data systems, data policies,
64 and data procedures; to aid in the resolution of past and
65 current data issues; to facilitate improved monitoring and
66 tracking mechanisms for data quality and other data-related
67 activities; to increase overall state data standards, thereby
68 translating data into actionable information and workable
69 knowledge of this state’s IT system; and to improve the health
70 of all persons in this state. It is the intent of the
71 Legislature to enable agencies to transform their use of
72 technology to offer services in an effective, efficient, and
73 secure manner.
74 (3) OFFICE OF DATA INNOVATION AND GOVERNANCE.—The Office of
75 Data Innovation and Governance is established to evaluate and
76 execute interagency data-sharing agreements, to develop common
77 data definitions across the executive and legislative branches
78 of government, to provide interagency transparency, to create an
79 assessment of all IT systems in this state, to create an IT
80 software procurement process, and to recommend a software
81 portfolio rationalization to the Governor, the President of the
82 Senate, and the Speaker of the House of Representatives each
83 fiscal year. The President of the Senate shall appoint a chief
84 data officer to direct the office.
85 (a) Data catalog.—The Office of Data Innovation and
86 Governance shall identify all data elements contained within
87 state agencies and publish a comprehensive data catalog.
88 (b) Data dictionary.—The office shall develop common data
89 definitions across state agencies and publish a data dictionary.
90 Where data definitions are limited to agency functionality, the
91 data dictionary shall define each data element, depending upon
92 each agency’s need.
93 (c) Interagency data-sharing agreements.—By the end of the
94 2018-2019 fiscal year, the office shall inventory all existing
95 interagency data-sharing agreements, identify areas of data
96 sharing needs which are not currently addressed, and execute an
97 interagency agreement.
98 (d) Transparency.—The office shall inform state agencies of
99 types of data collected by the agencies which are reported
100 publicly or to the federal government for the purpose of
101 identifying where interagency data sharing can create staff
102 efficiencies and technology efficiencies.
103 (e) Software procurement.—All state agency software
104 procurement efforts must be reviewed by the office to ensure the
105 procurement efforts and the solutions sought provide
106 interoperability between the agencies. An agency procurement
107 request may not be published without the approval of the office.
108 (f) Portfolio rationalization.—The office shall report to
109 the Executive Office of the Governor, the President of the
110 Senate, and the Speaker of the House of Representatives an
111 inventory of all technology currently being used by state
112 agencies. This inventory of systems and applications must
113 identify duplicate systems and make recommendations for reducing
114 the number of legacy systems supporting each separate agency.
115 (g) System of algorithms.—By the end of the 2019-2020
116 fiscal year, all agencies housing health-related data must
117 implement a system of algorithms to continuously search for
118 duplicate patient records in the databases of such agencies. The
119 algorithms must scan for data elements within a patient’s
120 information, including, but not limited to, his or her name,
121 address, medical record number, social security number, and
122 insurance company or health care provider, to determine whether
123 records belong to the same patient or if more research is
124 needed. The system shall use both deterministic and
125 probabilistic algorithms to match patient records.
126 (h) Identity management.—The office shall implement an
127 identity verification function capable of authenticating the
128 digital identity of a person, organization, device, or
129 application. The identity verification function must allow for
130 the authentication across state agencies without the need to
131 physically store protected health information or personal
132 identifying information in order to ensure data connectivity and
133 integration across all agency data sets.
134 (i) Direct address directory.—The office shall develop a
135 direct address directory for all relevant providers in this
136 state and publish the directory in a format that can be
137 digitally digested by qualified entities.
138 (j) Security.—The digital front door recommended by the
139 office:
140 1. Must enable the secure exchange of digital information
141 with, and use of digital information from, other IT systems
142 without special effort on the part of the user;
143 2. Must allow for complete access, exchange, and use of all
144 electronically accessible information for authorized use under
145 applicable state or federal law; and
146 3. Does not constitute information blocking as defined in
147 s. 408.0522(2).
148 (4) INTERAGENCY GOVERNANCE COMMITTEE.—The Office of Data
149 Innovation and Governance shall develop an interagency
150 governance committee consisting of all of the following members:
151 (a) One representative from each state agency that houses
152 health-related data, appointed by the Governor.
153 (b) One member from the health plan industry, appointed by
154 the President of the Senate.
155 (c) One member from the hospital industry, appointed by the
156 President of the Senate.
157 (d) One member from an ambulatory surgical center,
158 appointed by the President of the Senate.
159 (e) One member from the long-term care community, appointed
160 by the President of the Senate.
161 (f) Two members from the banking industry, one appointed by
162 the President of the Senate and one appointed by the Speaker of
163 the House of Representatives.
164 (g) One member from the IT industry, appointed by the
165 Speaker of the House of Representatives.
166 (h) One member from the social services industry, appointed
167 by the Speaker of the House of Representatives.
168 (i) One member from the licensed practitioner community,
169 appointed by the Speaker of the House of Representatives.
170 (j) One member involved with promoting civil justice,
171 appointed by the Speaker of the House of Representatives.
172 (5) GUIDELINES.—The committee shall develop operating
173 guidelines that must:
174 (a) Serve the best interests of the state;
175 (b) Prioritize technology capabilities to improve delivery
176 of mission-critical services;
177 (c) Prioritize projects that can serve as common solutions
178 or inspire reuse;
179 (d) Abide by an open, transparent, and fair process for
180 evaluating project proposals;
181 (e) Implement a fair evaluation process based on consistent
182 criteria that include a strong technical and security approach
183 with an execution strategy led by a highly capable team;
184 (f) Require agencies to articulate why they are requesting
185 funds for IT software and provide assurance of sound project
186 cost and savings estimates;
187 (g) Accept proposals for new projects or ideas that require
188 funding to implement and for ongoing projects that need an input
189 of funds or technical expertise to improve project execution and
190 produce stronger results;
191 (h) Publish updates, success stories, funding
192 recommendations, and additional information that allows agencies
193 to learn from the office’s operating model; and
194 (i) Develop an agile project implementation process that
195 supports the mission of the office.
196 (6) RECOMMENDATION.—The Office of Data Innovation and
197 Governance shall recommend to the Governor, the President of the
198 Senate, and the Speaker of the House of Representatives by the
199 2020-2021 fiscal year a statewide framework for a digital front
200 door for managing information throughout this state. The digital
201 front door must address eligibility for state services,
202 treatment by state-licensed practitioners, payment, policy
203 research, patient outcomes improvement, and state and federal
204 governmental reporting.
205 Section 2. Subsection (6) is added to section 408.051,
206 Florida Statutes, to read:
207 408.051 Florida Electronic Health Records Exchange Act.—
208 (6) SECURE MESSAGING DIRECT ADDRESS.—Each provider that
209 uses an electronic health records company that has received
210 certification by the federal Office of the National Coordinator
211 shall quarterly report its secure messaging direct address to
212 the agency. The direct address is the address at which the
213 provider prefers to receive direct messages. The agency shall
214 publish in an open-sourced and digestible format a dynamic
215 directory of direct addresses for providers treating patients in
216 this state, whether in person or remotely.
217 Section 3. Section 408.0522, Florida Statutes, is created
218 to read:
219 408.0522 Florida Health Data Interoperability Act.—
220 (1) It is the intent of the Legislature to create a robust
221 interoperability between health systems and to ensure that
222 health care providers are able to leverage their EHR investments
223 to achieve their unique desired outcomes.
224 (2) As used in this section, the term:
225 (a) “Agency” means the Agency for Health Care
226 Administration.
227 (b) “DCF” means the Department of Children and Families.
228 (c) “Department” means the Department of Health.
229 (d) “DOEA” means the Department of Elder Affairs.
230 (e) “EHR” means an electronic health record, a digital
231 version of a patient’s paper chart which presents information in
232 real-time and allows information to be made available instantly
233 and securely to authorized users. The term may include a
234 patient’s medical history, diagnoses, medications, treatment
235 plans, immunization dates, allergies, radiology images, and
236 laboratory and test results.
237 (f) “EHR vendor” means a company that develops and creates
238 for sale an EHR system.
239 (g) “Information blocking” means a practice that is likely
240 to interfere with, prevent, or materially discourage access,
241 exchange, or use of electronic health information that is
242 conducted by an EHR vendor or provider who knows, or should
243 know, that such practice is likely to interfere with, prevent,
244 or materially discourage the access, exchange, or use of
245 electronic health information.
246 (h) “Interoperable” means the ability of two or more
247 systems or components to exchange information and to use the
248 information that has been exchanged.
249 (i) “Licensed health care entity” means a licensed health
250 care facility regulated by the agency.
251 (j) “Provider” means a licensed health care practitioner
252 whose practice is regulated by the department.
253 (k) “Qualified entity” means a third party that meets the
254 security requirements necessary to securely integrate with an
255 EHR vendor that received certification by the federal Office of
256 the National Coordinator.
257 (3) An EHR vendor certified by the federal Office of the
258 National Coordinator for Health Information Technology, or
259 qualified entities conducting business in this state with a
260 licensed health care entity or a provider, shall provide
261 interoperability and data integration at the direction of a
262 qualified entity or a provider.
263 (4) An EHR vendor doing business in this state must attest
264 to the agency whether it has the required functionality to
265 support interoperability and seamless third-party integrations.
266 The attestation must list all the types of integrations
267 supported, if any.
268 (5) The agency shall quarterly publish an open-sourced and
269 dynamic list of EHR vendors that support interoperability. The
270 list must include:
271 a. Each EHR vendor’s name and the location of its
272 headquarters;
273 b. The name and contact information of each EHR vendor’s
274 registered agent; and
275 c. The name of each EHR vendor’s software and version
276 number.
277 (6) Licensed health care entities and licensed providers
278 shall report to the agency any instance of an EHR vendor
279 conducting business in a way that creates information blocking
280 that results in a lack of interoperability.
281 (7) The agency shall impose a fine on an EHR vendor that
282 fails to comply with the interoperability standards or that
283 creates information blocking in an amount equal to the greatest
284 amount, whether expressed as a fixed sum or a proportion of
285 revenue generated, charged to a third party for integration
286 times the revenue generated from business in this state.
287 Proceeds of any such settlement shall be distributed as:
288 (a) Thirty percent to fund clinical trials, as deemed
289 appropriate by the Office of Data Innovation and Governance;
290 (b) Forty percent to fund pilot programs that include cost
291 based, rather than fee schedule-based, reimbursements;
292 (c) Twenty percent to fund unreimbursed care in this state
293 on a cost basis, rather than on a fee schedule basis, via the
294 Medicaid low-income pool; and
295 (d) Ten percent to the whistleblower hospital, practice, or
296 provider that discovers and reports the information blocking.
297 (8) A qualified entity must meet the security requirements
298 that EHR vendors are held accountable for in both federal and
299 state regulations. EHR vendors are immune from liability when
300 the qualified entity is denied integration because the data
301 integration partner does not meet the security requirements
302 necessary or does not have the necessary technical capacities to
303 integrate.
304 (9) There are no pricing mandates for integration and data
305 costs. EHR vendors may not use price to discriminate in a manner
306 that hinders data integration and innovation.
307 (10) This section does not require an EHR vendor to develop
308 technological capabilities to meet the needs of qualified
309 entities. The qualified entity is responsible for integrating
310 the use of existing, uninteroperable digitized electronic
311 medical records.
312 (11) EHR vendors may not use existing technological
313 resources to discriminate against qualified entities. EHR
314 vendors may not publish an application programming interface to
315 one qualified entity and require another qualified entity
316 needing the same functionality to use the interoperability
317 standards of Health Level Seven International.
318 Section 4. This act shall take effect July 1, 2019.