Public Act 104-0471

HB5295 Enrolled LRB104 20300 BDA 34136 b

AN ACT concerning health.

Be it enacted by the People of the State of Illinois,

represented in the General Assembly:

Section 1. Short title. This Act may be cited as the

Reproductive Health Records Privacy Act.

Section 5. Definitions. As used in this Act:

"Abortion" has the meaning given to that term in Section

1-10 of the Reproductive Health Act.

"Abortion-related health care services" means all

supplies, care, and services of a medical, behavioral health,

mental health, physical health, surgical, psychiatric,

therapeutic, diagnostic, preventive, rehabilitative, or

supportive nature relating to an abortion.

"Coded private health care information" means the health

information contained in an electronic health network, related

to the following, unless expanded, narrowed, or otherwise

changed by rule adopted by the Department of Public Health

under this Act:

(1) codes for designating diagnoses, treatments,

outcomes, or other health care information, including,

without limitation, Current Procedural Terminology (CPT)

codes, Healthcare Common Procedure Coding System (HCPCS)

codes, or National Drug Codes, associated with any of the

following:

(A) complications following induced termination of

pregnancy;

(B) failed attempted termination of pregnancy;

(C) continuing pregnancy after selective reduction

of one fetus or more;

(D) encounter for elective termination of

pregnancy;

(E) induced abortion;

(F) multifetal pregnancy reductions;

(G) mifepristone; or

(H) medically induced abortion by oral ingestion

of medication, including all associated services and

supplies except drugs or medications; and

(2) medical diagnosis codes associated with gender

dysphoria.

"Covered entity" has the meaning given to that term in the

Health Insurance Portability and Accountability Act of 1996

(HIPAA), as specified in 45 CFR 160.103.

"Electronic health network" means an entity, other than a

health care provider or a hospital licensed under the Illinois

Hospital Licensing Act or a hospital licensed under the

University of Illinois Hospital Act, that is responsible for

facilitating the exchange of health information and is either:

(1) an entity that provides software or services that

allow health care providers to maintain health care

information electronically and make that information

available to other authorized persons, providers, or

entities; or

(2) a health information technology developer of

certified health information technology that develops or

offers health information technology, as that term is

defined in 42 U.S.C. 300jj(5).

"Health care provider" has the meaning given to that term

in the Health Insurance Portability and Accountability Act of

1996 (HIPAA), as specified in 45 CFR 160.103.

"Patient" means any person who has received or is

receiving health care services in this State from an

individual or institution licensed to provide health care

services in this State.

"Private health care information" means the health

information contained in an electronic health network related

to the following, unless expanded, narrowed, or otherwise

changed by rule adopted by the Department of Public Health

under this Act:

(1) coded private health care information; and

(2) abortion or abortion-related health care services.

Section 10. Segregation of information; technological

capabilities.

(a) An electronic health network shall prevent the

disclosure of a patient's coded private health care

information to a provider, business entity, other electronic

health network, or health information exchange located outside

this State unless the disclosure is:

(1) for technical support purposes;

(2) for quality assurance purposes;

(3) for payment or health care operations, as defined

by the Health Insurance Portability and Accountability Act

of 1996 (HIPAA); or

(4) to a specific covered entity with the consent of:

(A) the patient, for health care services for

which the patient can provide consent under the laws

of this State; or

(B) the patient's parent, guardian, health care

surrogate decision maker, or power of attorney for

health care for health care services for which the

parent, guardian, health care surrogate decision

maker, or power of attorney for health care can

provide consent under the laws of this State.

(b) An electronic health network shall develop and enable

the technological capabilities to, with respect to

out-of-state disclosures:

(1) parse coded private health care information and

convey all other information in a patient's electronic

health record that is not prohibited by law;

(2) allow a health care provider to manually segregate

or otherwise prevent the sharing or disclosure of private

health care information from a patient's electronic health

record;

(3) allow a patient to request and consent to the

exchange of private health care information to a specific

covered entity; and

(4) allow a patient to opt out of segregating private

health care information in a patient's electronic health

record.

(c) An electronic health network shall not notify a health

care provider, business entity, other electronic health

network, or health information exchange located outside this

State that private health care information may have been

segregated from a patient's electronic health record.

(d) The Department of Public Health may adopt rules as

necessary to administer and implement this Act. If the

Department adopts rules regarding the definition of private

health care information, the Department shall consider any

necessary exceptions to segregation and adopt rules that set

forth those exceptions as determined.

(e) Nothing in this Act shall be interpreted to undermine

the existing protections against disclosure of confidential

health information or lawful health care activity, including,

but not limited to, pursuant to the Lawful Health Care

Activity Act and the Personal Information Protection Act.

(f) Nothing in this Act shall be interpreted to require

health care providers to use electronic health networks.

Section 15. Patient direction to share health information.

(a) A patient may direct private health care information

to be shared, in whole or in part, with a specific covered

entity located outside the State through an electronic health

network in accordance with 45 CFR 171.202(b)(1). A patient may

also revoke a prior decision to direct private health care

information to be shared or not to be shared.

(b) An electronic health network shall make available to

covered entities meaningful information regarding a patient's

right to direct the electronic health network to share the

patient's private health care information.

(c) The Department of Public Health may publish, on its

website, information about this Act in English, Spanish, and

any other languages the Department deems necessary.

Section 20. Violations. Any person aggrieved by a

violation of this Act by an electronic health network may

bring an action against that electronic health network. Actual

damages, injunctive relief, and reasonable attorney's fees and

costs, as well as any other relief which the court deems

proper, may be awarded to a successful plaintiff in any action

under this Act. Nothing contained in this Act shall be deemed

to authorize the bringing of any action against any health

care provider.

Section 97. Severability. The provisions of this Act are

severable under Section 1.31 of the Statute on Statutes.

Section 99. Effective date. This Act takes effect July 1,

2027.