This is the preview version of the Wisconsin State Legislature site.
Please see http://docs.legis.wisconsin.gov for the production version.
DHS 120.29(2)(e)(e) The patient’s diagnostic code.
DHS 120.29(2)(f)(f) Charges assessed with respect to the procedure code.
DHS 120.29(2)(g)(g) The name and address of the facility in which the patient’s services were rendered.
DHS 120.29(2)(h)(h) The patient’s gender.
DHS 120.29(2)(i)(i) Information that contains the name of the health care provider who is an individual, if the independent review board first reviews and approves the release or if the department promulgates rules that specify the circumstances under which the independent review board need not review and approve the release.
DHS 120.29(2)(j)(j) Calendar quarters of service during which the patient visit or procedure occurred, except if the department determines the number of data records included in the public use file is too small to enable protection of patient confidentiality.
DHS 120.29(2)(k)(k) Information, other than patient-identifiable data, as defined in s. 153.50 (1) (b), Stats., as approved by the independent review board.
DHS 120.29(3)(a)(a) Public use data files based on information submitted by hospitals and ambulatory surgery centers may not permit the identification of specific patients or employers.
DHS 120.29(3)(b)(b) The department shall protect the identification of patients and employers by all necessary means, including all of the following:
DHS 120.29(3)(b)1.1. The deletion of patient identifiers.
DHS 120.29(3)(b)2.2. The use of calculated variables and aggregated variables.
DHS 120.29(3)(b)3.3. Not releasing information concerning a patient’s race or ethnicity, or dates of admission, discharge, procedures or visits.
DHS 120.29(3)(c)(c) The department shall suppress or mask zip code information in the public use data file when the number of persons having a given zip code is insufficient to mask their identity.
DHS 120.29 HistoryHistory: Cr. Register, December, 2000, No. 540, eff. 1-1-01.
DHS 120.30DHS 120.30Patient data elements considered patient-identifiable.
DHS 120.30(1)(1)Nonrelease of patient-identifiable data. The department may not release or provide access to patient-identifiable data, except as provided in s. 153.50 (4), Stats. The department shall protect the identity of a patient by all necessary means, including the use of calculated, masked or aggregated variables.
DHS 120.30(2)(2)Procedures governing release of patient-identifiable data.
DHS 120.30(2)(a)(a) Persons authorized and desiring to access patient-identifiable data under s. 153.50 (4), Stats., shall submit to the department a request for the release of the data in writing and shall include all of the following:
DHS 120.30(2)(a)1.1. The requester’s name and address.
DHS 120.30(2)(a)2.2. The reason for the request.
DHS 120.30(2)(a)3.3. For a person who is authorized under s. 153.50 (4), Stats., to receive or have access to patient-identifiable data, evidence, in writing, that indicates the authorization.
DHS 120.30(2)(a)4.4. For an entity that is authorized under s. 153.50 (4), Stats., to receive or have access to patient-identifiable data, evidence, in writing, of all of the following:
DHS 120.30(2)(a)4.a.a. The federal or state statutory requirement to obtain the patient-identifiable data.
DHS 120.30(2)(a)4.b.b. Any federal or state statutory requirement to uphold the patient confidentiality provisions of this chapter or patient confidentiality provisions that are more restrictive than those of this chapter; or, if the latter evidence is inapplicable, an agreement, in writing, to uphold the patient confidentiality provisions of this chapter.
DHS 120.30(2)(a)4.c.c. An entity specified under s. 153.50 (4), Stats., having access to data elements considered patient-identifiable may not rerelease these data elements.
DHS 120.30 NoteNote: Requests should be sent to the following address: Bureau of Health Information and Policy, P. O. Box 26599, Madison, Wisconsin 53701-2659, or deliver the communications to Room 372, 1 W. Wilson Street, Madison, Wisconsin.
DHS 120.30(2)(b)(b) Upon receiving a request for patient-identifiable data under par. (a), the department shall, as soon as practicable, either comply with the request or notify the requester, in writing, of all of the following:
DHS 120.30(2)(b)1.1. That the department is denying the request in whole or in part.
DHS 120.30(2)(b)2.2. The reason for the denial.
DHS 120.30(2)(b)3.3. For a person who believes that he or she is authorized under s. 153.50 (4), Stats., the procedures for appealing the denial under s. 19.37 (1), Stats.
DHS 120.30(3)(3)Access to patient-identifiable data. In accordance with s. 153.50, Stats., only the following persons or entities may have access to patient-identifiable data maintained by the department:
DHS 120.30(3)(a)(a) A health care provider or the agent of a health care provider to ensure the accuracy of the information in the department database.
DHS 120.30(3)(b)(b) An agent of the department responsible for collecting and maintaining data under this chapter and who is responsible for the patient-identifiable data in the department in order to safely store the data and ensure the accuracy of the information in the department’s database.
DHS 120.30(3)(c)(c) The department for any of the following purposes:
DHS 120.30(3)(c)1.1. Epidemiological investigation purposes specified in writing.
DHS 120.30(3)(c)2.2. Eliminating the need to maintain duplicative databases where the requesting department agent has statutory authority to collect patient-identifiable data as defined in s. 153.50 (1) (b), Stats.
DHS 120.30(3)(d)(d) Other entities that have a signed, notarized written agreement with the department, in accordance with the following conditions:
DHS 120.30(3)(d)1.1. The entity has a statutory requirement for obtaining patient-identifiable data for any of the following:
DHS 120.30(3)(d)1.a.a. Epidemiological investigation purposes.
DHS 120.30(3)(d)1.b.b. Eliminating the need to maintain duplicative databases, under s. 153.50 (4) (a), Stats.
DHS 120.30(3)(d)2.2. The department may review and approve specific requests by the entity for patient-identifiable data to fulfill the entity’s statutory requirement. The entity’s request shall include all of the following:
DHS 120.30(3)(d)2.a.a. Written statutory evidence that the entity is entitled to have access to patient-identifiable data.
DHS 120.30(3)(d)2.b.b. Written statutory evidence requiring the entity to uphold the patient confidentiality provisions specified in this section or stricter patient confidentiality provisions than those specified in this section. If these statutory requirements do not exist, the department shall require the entity to sign and notarize a written data use agreement to uphold the patient confidentiality provisions in this section.
DHS 120.30 NoteNote: Examples of other entities include the U.S. Centers for Disease Control and cancer registries in other states.
DHS 120.30(3)(e)(e) Of information submitted by health care providers that are not hospitals or ambulatory surgery centers, patient-identifiable data that contain a patient’s date of birth may be released to an entity specified under s. 153.50 (4) (a), Stats., upon request and a demonstrated need for the date of birth.
DHS 120.30(3)(f)(f) Notwithstanding sub. (2) and pars. (a) to (e), no employer may request the release of or access to patient-identifiable data of an employee of the employer.
DHS 120.30(3)(g)(g) An entity specified under s. 153.50 (4), Stats., having access to data elements considered patient-identifiable may not rerelease these data elements.
DHS 120.30(4)(4)Data elements considered patient-identifiable.
DHS 120.30(4)(a)(a) For information submitted by hospitals and ambulatory surgery centers, all of the following data elements from the uniform patient billing form that identify a patient shall be considered confidential, except as stated in sub. (3):
DHS 120.30(4)(a)1.1. Patient medical record or chart number.
DHS 120.30(4)(a)2.2. Patient control or account number.
DHS 120.30(4)(a)3.3. Patient date of birth.
DHS 120.30(4)(a)4.4. Patient’s employment status and occurrence and place of an auto or other accident.
DHS 120.30(4)(a)5.5. Patient’s school name, if applicable.
DHS 120.30(4)(a)6.6. Patient’s race.
DHS 120.30(4)(a)7.7. Patient’s ethnicity.
DHS 120.30(4)(a)8.8. Patient’s city of residence.
DHS 120.30(4)(a)9.9. Date of patient’s first symptom of current illness, injury or pregnancy.
DHS 120.30(4)(a)10.10. Dates of services provided to patient.
DHS 120.30(4)(a)11.11. Hospitalization dates related to current services provided to patient.
DHS 120.30(4)(a)12.12. Dates patient is unable to work in current occupation.
DHS 120.30(4)(a)13.13. Date of patient admission.
DHS 120.30(4)(a)14.14. Date of patient discharge.
DHS 120.30(4)(a)15.15. Date of patient’s principal procedure.
DHS 120.30(4)(a)16.16. Encrypted case identifier.
DHS 120.30(4)(a)17.17. Insured’s policy number.
DHS 120.30(4)(a)18.18. Insured’s date of birth.
DHS 120.30(4)(a)19.19. Insured’s identification number.
DHS 120.30(4)(a)20.20. Insured’s gender.
DHS 120.30(4)(a)21.21. Medical assistance resubmission code.
DHS 120.30(4)(a)22.22. Medical assistance prior authorization number.
DHS 120.30(4)(a)23.23. Patient’s employer’s name.
DHS 120.30(4)(b)(b) For information submitted by health care providers who are not hospitals or ambulatory surgery centers, patient-identifiable data means all of the following elements:
DHS 120.30(4)(b)1.1. Data elements specified in par. (a) 1. to 3., 13. to 16., 21. and 22.
DHS 120.30(4)(b)2.2. Whether the patient’s condition is related to employment, and the occurrence and place of an auto accident or other accident.
DHS 120.30(4)(b)3.3. Date of first symptom of current illness, of current injury or of current pregnancy.
DHS 120.30(4)(b)4.4. First date of patient’s same or similar illness, if any.
DHS 120.30(4)(b)5.5. Dates that the patient has been unable to work in his or her current occupation.
DHS 120.30(4)(b)6.6. Dates of receipt by patient of medical service.
DHS 120.30(4)(b)7.7. The patient’s city, town or village.
DHS 120.30(5)(5)Additional methods for ensuring confidentiality of data.
DHS 120.30(5)(a)(a) In this subsection, “small number” means any number that is not large enough to be statistically significant, as determined by the department.
DHS 120.30(5)(b)(b) Requests for customized data from the physician office data collection including data elements other than those available in public use files require the approval of the independent review board, except in cases where the custom request has been previously authorized in administrative rule or in policies approved by the independent review board.
DHS 120.30(5)(c)(c) To ensure that the identity of patients is protected when information generated by the department is released, the department shall do all of the following:
DHS 120.30(5)(c)1.1. Aggregate any data element category containing small numbers that would allow identification of an individual patient using procedures developed by the department and approved by the board. The procedures shall follow commonly accepted statistical methodology.
DHS 120.30(5)(c)2.2. Mask data through any of the following techniques:
DHS 120.30(5)(c)2.a.a. Combining raw data elements.
DHS 120.30(5)(c)2.b.b. Recoding data from individual values to category values.
Loading...
Loading...
Published under s. 35.93, Stats. Updated on the first day of each month. Entire code is always current. The Register date on each page is the date the chapter was last published.