Skip to Content

Liability and Confidentiality, Iowa Code § 135D.7

Link to the law
This will open in a new window

Legal and policy -- liability -- confidentiality 
Requires the Iowa Health Information Network Board to implement privacy and security standards that comply at minimum with HIPAA. Identifies these standards as including participation agreements, the ability for patients to opt out of the health information network, and a secure system for monitoring network transactions. Prohibits providers from denying treatment to patients that opt out of the network. Prohibits the use of a court order or legal process to compel providers to access network information that they did not create. Immunizes health care providers from liability arising out of their use of network information so long as they acted in good faith, but clarifies that this immunity does not extend to actions that were negligent, intentional, or reckless. Classifies health information sent to, stored in, or received from the network as well as information maintained by the Board as confidential and prohibits release of the information absent consent or court order. Permits patients to seek equitable relief in civil court for violations of these section.