Health information system; confidentiality.

Checkout our iOS App for a better way to browser and research.

A. Health information collected and disseminated pursuant to the Health Information System Act is strictly confidential and shall not be a matter of public record or accessible to the public except as provided in this section and Sections 24-14A-6 and 24-14A-7 NMSA 1978. No data source shall be liable for damages to any person for having furnished the information to the department.

B. Record-level data provided to the department pursuant to Section 24-14A-6 NMSA 1978 are confidential. The agency that receives record-level data shall not disclose the data except to the extent that they are included in a compilation of aggregate data.

C. The individual forms, electronic information or other forms of data collected by and furnished for the health information system shall not be public records subject to inspection pursuant to Section 14-2-1 NMSA 1978. The department may release or disseminate aggregate data, including those data that pertain to a specifically identified hospital or other type of health facility. These data shall be public records if the release of these data does not violate state or federal law relating to the privacy and confidentiality of individually identifiable health information.

History: Laws 1989, ch. 29, § 8; 1994, ch. 59, § 9; 2009, ch. 166, § 3; 2012, ch. 15, § 9; 2015, ch. 121, § 3.

ANNOTATIONS

The 2015 amendment, effective June 19, 2015, provided that the department of health may release aggregate health information data and that this data shall be a part of the public record only if the data does not violate state or federal privacy and confidentiality laws; in Subsection A, after "except as provided", added "in this section and"; in Subsection C, after "NMSA 1978.", deleted "Compilations of" and added "The department may release or disseminate", after "aggregate data", deleted "prepared for release or dissemination from the data collected except for a report prepared for an individual data provider or the provider's designee containing information concerning only its transactions", and added "including those data that pertain to a specifically identified hospital or other type of health facility. These data", and after "shall be public records", added "if the release of these data does not violate state or federal law relating to the privacy and confidentiality of individually identifiable health information."

The 2012 amendment, effective May 16, 2012, limited the liability of data sources that furnish data to the department of health; required agencies that receive record-level data to keep the data confidential; in Subsection A, in the second sentence after "information to the", deleted "commission" and added "department"; and in Subsection B, in the second sentence after "The", deleted "department" and added "agency".

The 2009 amendment, effective June 19, 2009, in Subsection A, at the end of the second sentence, added "to the commission"; added Subsection B; and in Subsection C, in the first sentence, after "individual forms" deleted "computer tapes" and added "electronic information"; and in the last sentence, after "data provider", added "or the provider's designee".

The 1994 amendment, effective March 4, 1994, substituted the language beginning "strictly confidential" for "subject to the confidentiality provisions of Section 14-6-1 NMSA 1978" in Subsection A, and inserted "health information" in the first sentence of Subsection B.


Download our app to see the most-to-date content.