Utah bill that would centralize access to patients’ medical records advances out of committee


Boram Kim


The Utah House Health and Human Services Standing Committee voted 7-3 to favorably approve House Bill 239 on Thursday, advancing it to the House floor for consideration.


Stay one step ahead. Join our email list for the latest news.



The bill would direct the Department of Health and Human Services (DHHS) to work with stakeholders on designating a centralized health information exchange where patients and providers would have protected access to medical records across the system. The appropriation for the proposal is $1.5 million in ongoing general funding. 

“Colleagues … a patient has the right to have their own medical information available to them, when and where they need it,” said committee member Rep. Raymond Ward (R – Bountiful), testifying on behalf of his bill.

“We hear many times from other bureaucracies, [who are] well-meaning and [have] good objectives, about public health interests for data or about insurance companies’ interest for data, but the primary reason that we even keep patient data is so that the patient themselves can be benefited from it. Right now I would say that we don’t honor that right, maybe not intentionally, but the system that we have doesn’t meet that right.”

Ward said the issues stem from when people seek care from a provider outside of the system where the records are held due to systemic and administrative burdens. 

In his presentation, Ward outlined instances of patients and providers being unable to timely access vital medical records, which led to delays in diagnosis and care, elevated costs from re-testing, and wastes of time and resources.

The Center for Health Data and Informatics already acts as the central database for patient records in the state, but the system resides in a nonprofit entity that has struggled to maintain comprehensive accounting due to a lack of funding and participation, according to Ward.

“So the bill … asks [DHHS] to work with the stakeholders in the community to see if they can come to a consensus on how to work out those technical specifications,” Ward said. “The department is not the boss of them. These are private entities doing their best but if they are able to agree on these technical specifications so that we all do them the same here in the state, if we can come to that agreement, it will make it much easier in the future to share that data.”

The Utah Medical Association (UMA), representing the state’s family medicine physicians, endorses the bill because it says having all the available information is vital for physicians to make clinical decisions that benefit patients. 

“I’m often asked, ‘If you had a magic wand and could do one thing, what would you do?’” said Mark Greenwood, MD, president of UMA. “And my answer always without hesitation is [that] we would have a universal electronic medical record. The concept being we would be able to have all our patient and provider information and data in one source, universally accessible, as we provide an administrative care of our patients, as opposed to all of these silos.

This is a win-win [for both patients and providers]. Most importantly, this is a win for patients.”

Under the bill, patients would still retain the right to opt-in or opt-out of having their medical records shared, including the option to protect specific sensitive records from being disclosed. Yet, opponents to the bill had concerns over the privacy and safety risks of storing patient data in a centralized location. 

“The breaches are going to happen,” Kristen Chevrier said, a community member testifying on behalf of patients’ rights. “And once the breach has happened, it really doesn’t matter what the penalty is because the data is out there, the lives are destroyed. And I feel like data needs to be kept in the smallest possible orbit.

If anything, we need to be moving back toward more patient privacy and less open sharing of personal sensitive data. We need to remember that we are not living in Mayberry, we’re living in Gotham and data is gold. People want that data and where there’s a will, there’s a way and we’ve seen, as Representative [Ken] Ivory said, many data breaches in places where the data should be completely secure.”

Meanwhile, the Utah Hospital Association (UHA) said it could not comment on the bill when asked for a statement. UHA is currently reviewing and providing input for the bill and has yet to take a formal position on it. 

During the hearing, UHA officials expressed concerns over the new database’s HIPAA compliance and the liability associated with breaches of data and privacy.

“[HIPAA] has been around for 25 years and [there have] been some allusions to penalties,” said David Gessel, executive vice president of UHA. “I can attest to you [that] the penalties are harsh. Hospitals can get kicked out of the Medicare-Medicaid system, which basically puts them out of business. There have been a number of physicians that have gone to jail for inappropriately spreading people’s private medical information.”

Gessel said while major private health systems in the state have not had a breach in years, it remains a risk, and hospitals are already spending tens of millions of dollars to protect their data and ensure federal compliance. 

“We have this data now,” Gessel said. “The hospitals are willing to spend the money necessary to get the data to this new [proposed] entity the state is creating. But [hospitals] don’t want to own the liability of the state or those doctors that are on [the exchange] if that’s where the breach is.”

Committee member Rep. Rosemary Lesser (D – Ogden) spoke to the need for the bill based on her own experiences as an obstetrician. 

“Many times I need to make medical decisions and need prompt access to information,” Lesser said. “If any of you are familiar with sort of the nature of obstetrics, I can tell you there’s a lot of stuff that happens at three o’clock in the morning.

And I can certainly share stories where I have received patients who’ve been flown into the hospital where I was the receiving physician, and I got no medical information and to the point of patients being responsible for their own information, urgent things are happening in real-time. Patients do not know what medicine they’ve been given. And having the availability to access this information urgently is very, very important for patient care …

So I strongly support this initiative. I think this is good for patients, it’s good for providers. I respect the concerns that committee members have about patient privacy. Each one of these individual systems is working hard to protect that. And I also might want to add that the University of Utah, our very own flagship institution, has one of the leading health informatics graduate programs in the country, and we can lean on their expertise too.”