130290.

 (a) (1) On or before July 1, 2022, and subject to an appropriation in the annual Budget Act, the California Health and Human Services Agency, along with its departments and offices and in consultation with stakeholders and local partners, shall establish the California Health and Human Services Data Exchange Framework that shall include a single data sharing agreement and common set of policies and procedures that will leverage and advance national standards for information exchange and data content, and that will govern and require the exchange of health information among health care entities and government agencies in California.

(2) The California Health and Human Services Data Exchange Framework is not intended to be an information technology system or single repository of data, rather it is technology agnostic and is a collection of organizations that are required to share health information using national standards and a common set of policies in order to improve the health outcomes of the individuals they serve.

(3) The California Health and Human Services Data Exchange Framework will be designed to enable and require real-time access to, or exchange of, health information among health care providers and payers through any health information exchange network, health information organization, or technology that adheres to specified standards and policies.

(4) The California Health and Human Services Data Exchange Framework shall align with state and federal data requirements, including the federal Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191), the Confidentiality of Medical Information Act of 1996 (Part 2.6 (commencing with Section 56) of Division 1 of the Civil Code), the information blocking provisions of the federal 21st Century Cures Act (Public Law 114-255), and other applicable state and federal privacy laws related to the sharing of data among and between providers, payers, and the government, while also streamlining and reducing reporting burden.

(5) For the purposes of this section, “health information” means:

(A) For hospitals, clinics, and physician practices, at a minimum, the United States Core Data for Interoperability Version 1, until October 6, 2022. After that date, it shall include all electronic health information as defined under federal regulation in Section 171.102 of Title 45 of the Code of Federal Regulations and held by the entity.

(B) For health insurers and health care service plans, at a minimum, the data required to be shared under the Centers for Medicare and Medicaid Services Interoperability and Patient Access regulations for public programs as contained in United States Department of Health and Human Services final rule CMS-9115-F, 85 FR 25510.

(6) For purposes of this section, “EHR vendor” means a company that develops and provides real-time, patient-centered records that make information available securely to authorized users in a digital format capable of being shared with other providers across more than one health care organization. provides or sells a software system supporting electronic health records, as defined in Section 17921 of Title 42 of the United States Code.

(b) (1)  On or before January 31, 2024, the entities listed in subdivision (f), except those identified in paragraph (2), shall exchange health information or provide access to health information to and from every other entity in subdivision (f) in real time as specified by the California Health and Human Services Agency pursuant to the California Health and Human Services Data Exchange Framework data sharing agreement for treatment, payment, or health care operations.

(2) The requirement in paragraph (1) shall not apply to physician practices of fewer than 25 physicians, rehabilitation hospitals, long-term acute care hospitals, acute psychiatric hospitals, critical access hospitals, and rural general acute care hospitals with fewer than 100 acute care beds, state-run acute psychiatric hospitals, and any nonprofit clinic with fewer than 10 health care providers until January 31, 2026.

(c) (1) The California Health and Human Services Agency shall convene a stakeholder advisory group no later than September 1, 2021, to advise on the development and implementation of the California Health and Human Services Data Exchange Framework.

(2) The members of the stakeholder advisory group shall be appointed by the Secretary of California Health and Human Services and shall not have a financial interest, individually or through a family member, related to issues the stakeholder advisory group will advise on.

(3) The stakeholder advisory group shall be composed of health care stakeholders and experts, including representatives of all the following:

(A) The State Department of Health Care Services.

(B) The State Department of Social Services.

(C) The Department of Managed Health Care.

(D) The Department of Health Care Access and Information.

(E) The State Department of Public Health.

(F) The Department of Insurance.

(G) The Public Employees’ Retirement System.

(H) The California Health Benefit Exchange.

(I) Health care service plans and health insurers.

(J) Physicians, including those with small practices.

(K) Hospitals, including public, private, rural, and critical access hospitals.

(L) Clinics, long-term care facilities, behavioral health facilities, or substance use disorder facilities.

(M) Consumers.

(N) Organized labor.

(O) Privacy and security professionals.

(P) Health information technology professionals.

(Q) Community health information organizations.

(R) County health, social services, and public health.

(S) Community-based organizations providing social services.

(4) The stakeholder advisory group shall provide information and advice to the California Health and Human Services Agency on health information technology issues, including all of the following:

(A) Identify which data beyond health information as defined in paragraph (5) of subdivision (a), at minimum, should be shared for specified purposes between the entities outlined in this subdivision and subdivision (f).

(B) Identify gaps, and propose solutions to gaps, in the life cycle of health information, including gaps in any of the following:

(i) Health information creation, including the use of national standards in clinical documentation, health plan records, and social services data.

(ii) Translation, mapping, controlled vocabularies, coding, and data classification.

(iii) Storage, maintenance, and management of health information.

(iv) Linking, sharing, exchanging, and providing access to health information.

(C) Identify ways to incorporate data related to social determinants of health, such as housing and food insecurity, into shared health information.

(D) Identify ways to incorporate data related to underserved or underrepresented populations, including, but not limited to, data regarding sexual orientation and gender identity and racial and ethnic minorities.

(E) Identify ways to incorporate relevant data on behavioral health and substance use disorder conditions.

(F) Address the privacy, security, and equity risks of expanding care coordination, health information exchange, access, and telehealth in a dynamic technological, and entrepreneurial environment, where data and network security are under constant threat of attack.

(G) Develop policies and procedures consistent with national standards and federally adopted standards in the exchange of health information and ensure that health information sharing broadly implements national frameworks and agreements consistent with federal rules and programs.

(H) Develop definitions of complete clinical, administrative, and claims data consistent with federal policies and national standards.

(I) Identify how all payers will be required to provide enrollees with electronic access to their health information, consistent with rules applicable to federal payer programs.

(J) Assess governance structures to help guide policy decisions and general oversight.

(K) Identify federal, state, private, or philanthropic sources of funding that could support data access and exchange.

(L) Consider whether standards for including EHR vendors in the California Health and Human Services Data Exchange Framework would be appropriate, and, if determined to be appropriate, develop those standards.

(5) The stakeholder advisory group shall hold public meetings with stakeholders, solicit input, and set its own meeting agendas. Meetings of the stakeholder advisory group are subject to the Bagley-Keene Open Meeting Act (Article 9 (commencing with Section 11120) of Chapter 1 of Part 1 of Division 3 of Title 2 of the Government Code).

(6) The members of the stakeholder advisory group shall serve without compensation, but shall be reimbursed for any actual and necessary expenses incurred in connection with their duties as members of the group.

(d) No later than April 1, 2022, the California Health and Human Services Agency shall submit an update, including written recommendations, to the Legislature based on input from the stakeholder advisory group on the issues identified in paragraph (4) of subdivision (c).

(e) On or before January 31, 2023, the California Health and Human Services Agency shall work with the California State Association of Counties to encourage the inclusion of county health, public health, and social services, to the extent possible, as part of the California Health and Human Services Data Exchange Framework in order to assist both public and private entities to connect through uniform standards and policies. It is the intent of the Legislature that all state and local public health agencies will exchange electronic health information in real time with participating health care entities to protect and improve the health and well-being of Californians.

(f) (1) On or before January 31, 2023, and in alignment with existing federal standards and policies, the following health care organizations shall execute the California Health and Human Services Data Exchange Framework data sharing agreement pursuant to subdivision (a):

(A) General acute care hospitals, as defined by Section 1250.

(B) Physician organizations and medical groups.

(C) Skilled nursing facilities, as defined by Section 1250, that currently maintain electronic records.

(D) Health care service plans and disability insurers that provide hospital, medical, or surgical coverage that are regulated by the Department of Managed Health Care or the Department of Insurance. This section shall also apply to a Medi-Cal managed care plan under a comprehensive risk contract with the State Department of Health Care Services pursuant to Chapter 7 (commencing with Section 14000) or Chapter 8 (commencing with Section 14200) of Part 3 of Division 9 of the Welfare and Institutions Code that is not regulated by the Department of Managed Health Care or the Department of Insurance.

(E) Clinical laboratories, as that term is used in Section 1265 of the Business and Professions Code, and that are regulated by the State Department of Public Health.

(F) Acute psychiatric hospitals, as defined by Section 1250.

(2) If the stakeholder advisory group develops standards for including EHR vendors in the California Health and Human Services Data Exchange Framework, EHR vendors shall execute the California Health and Human Services Data Exchange Framework data sharing agreement no later than 12 months after the completion of the standards, and in alignment with existing federal standards and policies pursuant to subdivision (a).

(g) The California Health and Human Services Agency shall work with experienced nonprofit organizations and entities represented in the stakeholder advisory group in subdivision (c) to provide technical assistance to the entities outlined in subdivisions (e) and (f).

(h) On or before July 31, 2022, the California Health and Human Services Agency shall develop in consultation with the stakeholder advisory group in subdivision (c) a strategy for unique, secure digital identities capable of supporting master patient indices to be implemented by both private and public organizations in California.

(i) For purposes of implementing this section, including, but not limited to, hiring staff and consultants, facilitating and conducting meetings, conducting research and analysis, and developing the required reports, the California Health and Human Services Agency may enter into exclusive or nonexclusive contracts on a bid or negotiated basis. Contracts entered into or amended pursuant to this section shall be exempt from Chapter 6 (commencing with Section 14825) of Part 5.5 of Division 3 of Title 2 of the Government Code, Section 19130 of the Government Code, and Part 2 (commencing with Section 10100) of Division 2 of the Public Contract Code, and shall be exempt from the review or approval of any division of the Department of General Services. No person hired or otherwise retained pursuant to this subdivision shall be permitted to have any financial interest in the California Health and Human Services Data Exchange Framework or shall be, or be affiliated with, any health care organization required to participate in the California Health and Human Services Data Exchange Framework pursuant to subdivisions (b) and (f). The term “person,” as used in this subdivision, means any individual, partnership, joint venture, association, corporation, or any other organization or any combination thereof.

(j) (1) Any fees charged by an EHR vendor to enable compliance with the California Health and Human Services Data Exchange Framework shall be reasonable, consistent with Section Sections 171.302(a) and 171.303 of Title 45 of the Code of Federal Regulations.

(2) Reasonable fees shall be sufficient to include the cost of enabling the collection and sharing of all data required to be exchanged under this section, as specified in the California Health and Human Services Data Sharing Agreement.

(l) All actions to implement the California Health and Human Services Data Exchange Framework, including the adoption or development of any data sharing agreement, requirements, policies and procedures, guidelines, subgrantee contract provisions, or reporting requirements, shall be exempt from the Administrative Procedure Act (Chapter 3.5 (commencing with Section 11340) of Part 1 of Division 3 of Title 2 of the Government Code). The California Health and Human Services Agency, or a designee department or office under its jurisdiction, shall release program notices that detail the requirements of the California Health and Human Services Data Exchange Framework.