Florida Senate - 2019 SB 1544 By Senator Harrell 25-01042-19 20191544__ 1 A bill to be entitled 2 An act relating to data innovation; creating s. 11.52, 3 F.S.; providing a short title; providing legislative 4 intent; establishing the Office of Data Innovation and 5 Governance for specified purposes; providing duties of 6 the office; requiring the office to develop an 7 interagency governance committee; providing committee 8 membership; requiring the committee to develop 9 operating guidelines; requiring the office to provide 10 a certain recommendation to the Governor and the 11 Legislature by a specified date; amending s. 408.051, 12 F.S.; requiring certain health care providers to 13 quarterly report their secure messaging direct 14 addresses to the Agency for Health Care 15 Administration; requiring the agency to publish a 16 directory of such direct addresses in a certain 17 format; creating s. 408.0522, F.S.; providing 18 legislative intent; defining terms; requiring certain 19 certified electronic health record (EHR) vendors 20 conducting business in this state to provide 21 interoperability and data integration; requiring such 22 EHR vendors to make a certain attestation to the 23 agency; requiring the agency to quarterly publish a 24 certain list of EHR vendors; requiring licensed health 25 care entities and licensed providers to report EHR 26 vendor information blocking; requiring the agency to 27 impose a specified fine on an EHR vendor for certain 28 noncompliance or information blocking; providing for 29 the distribution of collected fines; requiring any 30 integrating partner to meet security requirements for 31 EHR vendors; providing immunity from liability for an 32 EHR vendor under certain circumstances; prohibiting 33 discriminatory pricing; clarifying that the qualifying 34 entity is responsible for integration; prohibiting EHR 35 vendors from taking certain actions; providing an 36 effective date. 37 38 Be It Enacted by the Legislature of the State of Florida: 39 40 Section 1. Section 11.52, Florida Statutes, is created to 41 read: 42 11.52 Office of Data Innovation and Governance; 43 interoperability; portfolio rationalization.— 44 (1) SHORT TITLE.—This section shall be known and may be 45 cited as the “Legislature’s Office of Data Innovation 46 Governance, Interoperability, and Portfolio Rationalization 47 Act.” 48 (2) LEGISLATIVE INTENT.—The Legislature recognizes that no 49 state agency or entity is tasked with ensuring that the state’s 50 data is interoperable. It is the intent of the Legislature to 51 create the Office of Data Innovation and Governance to ensure 52 that all state agencies collaborate and synthesize data securely 53 through interoperability, and to create software and information 54 technology (IT) application procurement with the intent of 55 achieving interoperability, thereby reducing the number of 56 standalone applications that do not communicate with each other. 57 It is the intent of the Legislature to minimize the costs 58 associated with areas of data management; to ensure accurate 59 procedures around regulation and compliance activities; to 60 increase transparency within any data-related activities; to 61 institute better training and educational practices for the 62 management of data assets; to increase the value of this state’s 63 data while providing standardized data systems, data policies, 64 and data procedures; to aid in the resolution of past and 65 current data issues; to facilitate improved monitoring and 66 tracking mechanisms for data quality and other data-related 67 activities; to increase overall state data standards, thereby 68 translating data into actionable information and workable 69 knowledge of this state’s IT system; and to improve the health 70 of all persons in this state. It is the intent of the 71 Legislature to enable agencies to transform their use of 72 technology to offer services in an effective, efficient, and 73 secure manner. 74 (3) OFFICE OF DATA INNOVATION AND GOVERNANCE.—The Office of 75 Data Innovation and Governance is established to evaluate and 76 execute interagency data-sharing agreements, to develop common 77 data definitions across the executive and legislative branches 78 of government, to provide interagency transparency, to create an 79 assessment of all IT systems in this state, to create an IT 80 software procurement process, and to recommend a software 81 portfolio rationalization to the Governor, the President of the 82 Senate, and the Speaker of the House of Representatives each 83 fiscal year. The President of the Senate shall appoint a chief 84 data officer to direct the office. 85 (a) Data catalog.—The Office of Data Innovation and 86 Governance shall identify all data elements contained within 87 state agencies and publish a comprehensive data catalog. 88 (b) Data dictionary.—The office shall develop common data 89 definitions across state agencies and publish a data dictionary. 90 Where data definitions are limited to agency functionality, the 91 data dictionary shall define each data element, depending upon 92 each agency’s need. 93 (c) Interagency data-sharing agreements.—By the end of the 94 2018-2019 fiscal year, the office shall inventory all existing 95 interagency data-sharing agreements, identify areas of data 96 sharing needs which are not currently addressed, and execute an 97 interagency agreement. 98 (d) Transparency.—The office shall inform state agencies of 99 types of data collected by the agencies which are reported 100 publicly or to the federal government for the purpose of 101 identifying where interagency data sharing can create staff 102 efficiencies and technology efficiencies. 103 (e) Software procurement.—All state agency software 104 procurement efforts must be reviewed by the office to ensure the 105 procurement efforts and the solutions sought provide 106 interoperability between the agencies. An agency procurement 107 request may not be published without the approval of the office. 108 (f) Portfolio rationalization.—The office shall report to 109 the Executive Office of the Governor, the President of the 110 Senate, and the Speaker of the House of Representatives an 111 inventory of all technology currently being used by state 112 agencies. This inventory of systems and applications must 113 identify duplicate systems and make recommendations for reducing 114 the number of legacy systems supporting each separate agency. 115 (g) System of algorithms.—By the end of the 2019-2020 116 fiscal year, all agencies housing health-related data must 117 implement a system of algorithms to continuously search for 118 duplicate patient records in the databases of such agencies. The 119 algorithms must scan for data elements within a patient’s 120 information, including, but not limited to, his or her name, 121 address, medical record number, social security number, and 122 insurance company or health care provider, to determine whether 123 records belong to the same patient or if more research is 124 needed. The system shall use both deterministic and 125 probabilistic algorithms to match patient records. 126 (h) Identity management.—The office shall implement an 127 identity verification function capable of authenticating the 128 digital identity of a person, organization, device, or 129 application. The identity verification function must allow for 130 the authentication across state agencies without the need to 131 physically store protected health information or personal 132 identifying information in order to ensure data connectivity and 133 integration across all agency data sets. 134 (i) Direct address directory.—The office shall develop a 135 direct address directory for all relevant providers in this 136 state and publish the directory in a format that can be 137 digitally digested by qualified entities. 138 (j) Security.—The digital front door recommended by the 139 office: 140 1. Must enable the secure exchange of digital information 141 with, and use of digital information from, other IT systems 142 without special effort on the part of the user; 143 2. Must allow for complete access, exchange, and use of all 144 electronically accessible information for authorized use under 145 applicable state or federal law; and 146 3. Does not constitute information blocking as defined in 147 s. 408.0522(2). 148 (4) INTERAGENCY GOVERNANCE COMMITTEE.—The Office of Data 149 Innovation and Governance shall develop an interagency 150 governance committee consisting of all of the following members: 151 (a) One representative from each state agency that houses 152 health-related data, appointed by the Governor. 153 (b) One member from the health plan industry, appointed by 154 the President of the Senate. 155 (c) One member from the hospital industry, appointed by the 156 President of the Senate. 157 (d) One member from an ambulatory surgical center, 158 appointed by the President of the Senate. 159 (e) One member from the long-term care community, appointed 160 by the President of the Senate. 161 (f) Two members from the banking industry, one appointed by 162 the President of the Senate and one appointed by the Speaker of 163 the House of Representatives. 164 (g) One member from the IT industry, appointed by the 165 Speaker of the House of Representatives. 166 (h) One member from the social services industry, appointed 167 by the Speaker of the House of Representatives. 168 (i) One member from the licensed practitioner community, 169 appointed by the Speaker of the House of Representatives. 170 (j) One member involved with promoting civil justice, 171 appointed by the Speaker of the House of Representatives. 172 (5) GUIDELINES.—The committee shall develop operating 173 guidelines that must: 174 (a) Serve the best interests of the state; 175 (b) Prioritize technology capabilities to improve delivery 176 of mission-critical services; 177 (c) Prioritize projects that can serve as common solutions 178 or inspire reuse; 179 (d) Abide by an open, transparent, and fair process for 180 evaluating project proposals; 181 (e) Implement a fair evaluation process based on consistent 182 criteria that include a strong technical and security approach 183 with an execution strategy led by a highly capable team; 184 (f) Require agencies to articulate why they are requesting 185 funds for IT software and provide assurance of sound project 186 cost and savings estimates; 187 (g) Accept proposals for new projects or ideas that require 188 funding to implement and for ongoing projects that need an input 189 of funds or technical expertise to improve project execution and 190 produce stronger results; 191 (h) Publish updates, success stories, funding 192 recommendations, and additional information that allows agencies 193 to learn from the office’s operating model; and 194 (i) Develop an agile project implementation process that 195 supports the mission of the office. 196 (6) RECOMMENDATION.—The Office of Data Innovation and 197 Governance shall recommend to the Governor, the President of the 198 Senate, and the Speaker of the House of Representatives by the 199 2020-2021 fiscal year a statewide framework for a digital front 200 door for managing information throughout this state. The digital 201 front door must address eligibility for state services, 202 treatment by state-licensed practitioners, payment, policy 203 research, patient outcomes improvement, and state and federal 204 governmental reporting. 205 Section 2. Subsection (6) is added to section 408.051, 206 Florida Statutes, to read: 207 408.051 Florida Electronic Health Records Exchange Act.— 208 (6) SECURE MESSAGING DIRECT ADDRESS.—Each provider that 209 uses an electronic health records company that has received 210 certification by the federal Office of the National Coordinator 211 shall quarterly report its secure messaging direct address to 212 the agency. The direct address is the address at which the 213 provider prefers to receive direct messages. The agency shall 214 publish in an open-sourced and digestible format a dynamic 215 directory of direct addresses for providers treating patients in 216 this state, whether in person or remotely. 217 Section 3. Section 408.0522, Florida Statutes, is created 218 to read: 219 408.0522 Florida Health Data Interoperability Act.— 220 (1) It is the intent of the Legislature to create a robust 221 interoperability between health systems and to ensure that 222 health care providers are able to leverage their EHR investments 223 to achieve their unique desired outcomes. 224 (2) As used in this section, the term: 225 (a) “Agency” means the Agency for Health Care 226 Administration. 227 (b) “DCF” means the Department of Children and Families. 228 (c) “Department” means the Department of Health. 229 (d) “DOEA” means the Department of Elder Affairs. 230 (e) “EHR” means an electronic health record, a digital 231 version of a patient’s paper chart which presents information in 232 real-time and allows information to be made available instantly 233 and securely to authorized users. The term may include a 234 patient’s medical history, diagnoses, medications, treatment 235 plans, immunization dates, allergies, radiology images, and 236 laboratory and test results. 237 (f) “EHR vendor” means a company that develops and creates 238 for sale an EHR system. 239 (g) “Information blocking” means a practice that is likely 240 to interfere with, prevent, or materially discourage access, 241 exchange, or use of electronic health information that is 242 conducted by an EHR vendor or provider who knows, or should 243 know, that such practice is likely to interfere with, prevent, 244 or materially discourage the access, exchange, or use of 245 electronic health information. 246 (h) “Interoperable” means the ability of two or more 247 systems or components to exchange information and to use the 248 information that has been exchanged. 249 (i) “Licensed health care entity” means a licensed health 250 care facility regulated by the agency. 251 (j) “Provider” means a licensed health care practitioner 252 whose practice is regulated by the department. 253 (k) “Qualified entity” means a third party that meets the 254 security requirements necessary to securely integrate with an 255 EHR vendor that received certification by the federal Office of 256 the National Coordinator. 257 (3) An EHR vendor certified by the federal Office of the 258 National Coordinator for Health Information Technology, or 259 qualified entities conducting business in this state with a 260 licensed health care entity or a provider, shall provide 261 interoperability and data integration at the direction of a 262 qualified entity or a provider. 263 (4) An EHR vendor doing business in this state must attest 264 to the agency whether it has the required functionality to 265 support interoperability and seamless third-party integrations. 266 The attestation must list all the types of integrations 267 supported, if any. 268 (5) The agency shall quarterly publish an open-sourced and 269 dynamic list of EHR vendors that support interoperability. The 270 list must include: 271 a. Each EHR vendor’s name and the location of its 272 headquarters; 273 b. The name and contact information of each EHR vendor’s 274 registered agent; and 275 c. The name of each EHR vendor’s software and version 276 number. 277 (6) Licensed health care entities and licensed providers 278 shall report to the agency any instance of an EHR vendor 279 conducting business in a way that creates information blocking 280 that results in a lack of interoperability. 281 (7) The agency shall impose a fine on an EHR vendor that 282 fails to comply with the interoperability standards or that 283 creates information blocking in an amount equal to the greatest 284 amount, whether expressed as a fixed sum or a proportion of 285 revenue generated, charged to a third party for integration 286 times the revenue generated from business in this state. 287 Proceeds of any such settlement shall be distributed as: 288 (a) Thirty percent to fund clinical trials, as deemed 289 appropriate by the Office of Data Innovation and Governance; 290 (b) Forty percent to fund pilot programs that include cost 291 based, rather than fee schedule-based, reimbursements; 292 (c) Twenty percent to fund unreimbursed care in this state 293 on a cost basis, rather than on a fee schedule basis, via the 294 Medicaid low-income pool; and 295 (d) Ten percent to the whistleblower hospital, practice, or 296 provider that discovers and reports the information blocking. 297 (8) A qualified entity must meet the security requirements 298 that EHR vendors are held accountable for in both federal and 299 state regulations. EHR vendors are immune from liability when 300 the qualified entity is denied integration because the data 301 integration partner does not meet the security requirements 302 necessary or does not have the necessary technical capacities to 303 integrate. 304 (9) There are no pricing mandates for integration and data 305 costs. EHR vendors may not use price to discriminate in a manner 306 that hinders data integration and innovation. 307 (10) This section does not require an EHR vendor to develop 308 technological capabilities to meet the needs of qualified 309 entities. The qualified entity is responsible for integrating 310 the use of existing, uninteroperable digitized electronic 311 medical records. 312 (11) EHR vendors may not use existing technological 313 resources to discriminate against qualified entities. EHR 314 vendors may not publish an application programming interface to 315 one qualified entity and require another qualified entity 316 needing the same functionality to use the interoperability 317 standards of Health Level Seven International. 318 Section 4. This act shall take effect July 1, 2019.