(a)
Subject to available funding, the California Health and Human Services Agency shall be responsible for ensuring that all federal grant deliverables are met. The agency shall coordinate electronic health activities in the state and work with stakeholders, state departments, and the Legislature to support policy needs for health information technology and health information exchange in California.
(b)
In the event that a state governance entity is established, all of the following conditions shall be met:
(1)
The agency shall be responsible for ensuring that all deliverables established in the strategic and operational plans established pursuant to subdivision (e) of Section 130251, and as required by the federal grant, are met.
(2)
Any grant issued by the agency to the state governance entity for health information exchange shall be deliverables based. All deliverables shall be subject to approval and acceptance by the agency.
(c)
The agency, state-designated entity, or the state governance entity shall establish and begin providing health information exchange services by January 1, 2012.
(d)
The state-designated entity or state governance entity shall ensure that an effective model for health information exchange governance and accountability is in place. In order to avoid any real or apparent conflict of interest, the state-designated entity or state governance entity shall ensure organizational and functional separation exists between the governance functions of the entity and its operational functions, specifically between operating entities that are or may be involved in building and maintaining the health information exchange. The agency shall conduct periodic internal reviews at least once after an entity has received the designation, and periodically as necessary, to ensure this separation is maintained, and that the state-designated entity or state governance entity operates in a manner that ensures organizational integrity and accountability.
(e)
The state-designated entity or state governance entity shall
provide a process for public comment and input, which may include integrating public workgroups convened by the agency during the operational planning process into its organizational structure.
(f)
The state-designated entity or state governance entity, in consultation with the Office of Health Information Integrity, shall develop detailed standards and policies to be included in all contracts with health care entities that are participants of the state-designated entity’s or governance entity’s health information exchange for health information exchange services provided by the applicable entity. The state-designated entity or state governance entity shall also work with the Office of Health Information Integrity to ensure standardization of privacy and security policies for health information exchange statewide. The state-designated entity or state governance entity shall develop operational policies based on privacy and security guidelines
developed by the state, and create a uniform set of privacy and security rules to be used by other entities participating in health information exchanges established by the state-designated entity or state governance entity for health information exchange or a contract made by the applicable entity for health information exchange.
(g)
Any contract for state designation or subgrant agreement pursuant to this section shall be made through an open and competitive process as required by federal law.
(h)
The state designated entity or state governance entity shall comply with applicable provisions of the federal Health Information Technology for Economic and Clinical Health Act (HITECH Act; Public Law 111-5), the federal Public Health Service Act (42 U.S.C. Sec. 300x-26), and applicable federal policies, guidance, and requirements. These provisions shall include, but are not limited
to, the requirement that funds be used to conduct activities to facilitate and expand the electronic movement and use of health information among organizations according to nationally recognized standards in effect on December 31, 2010.