This browser is not actively supported anymore. For the best passle experience, we strongly recommend you upgrade your browser.
List Professionals Alphabetically
A B C D E F G H I J K L M N O P Q R S T U V W X Y Z View All
Search Professionals
Site Search Submit
| 1 minute read

Florida Health Information Storage Changes Taking Effect on July 1, 2023

Foreign Interests in the health care provider environment have generally meant ownership interests of persons from outside of the state in which the healthcare provider operates, rather than foreign countries.  Thus, it would be easy to miss the healthcare provisions in the recent Florida legislative bill that was signed into law on May 8, 2023, entitled Interests of Foreign Countries (CS/SB 264).  

Governor DeSantis signed legislation, effective on July 1, 2023, that changed Section 408.051 of the Florida Statutes to add a new Section 3 that requires that a health care provider that utilizes a certified electronic health record technology to ensure that all patient information, when stored in an offsite physical or virtual environment, including third-party or subcontracted computer facilities or an entity providing cloud computing services, is physically maintained in the continental United States or its territories or Canada.

Although some states have certain data storage rules tied to Medicaid that restrict storage in foreign countries, Florida’s new law would affect all payors within the State of Florida. 

Additionally, the new legislation adds a very broad definition of “health care provider” to include most health care practitioners licensed by the Department of Health, entities regulated by Florida’s Agency for Health Care Administration (AHCA), pharmacies, continuing care facilities and more. 

As health care entities look to their data storage needs, it will be increasingly important to review both Federal and State guidelines when choosing EHR and data storage needs.

New Section 408.051(3) - SECURITY AND STORAGE OF PERSONAL MEDICAL INFORMATION. In addition to the requirements in 45 C.F.R. part 160 and 780 subparts A and C of part 164, a health care provider that utilizes certified electronic health record technology must ensure that all patient information stored in an offsite physical or virtual environment, including through a third-party or subcontracted computing facility or an entity providing cloud computing services, is physically maintained in the continental United States or its territories or Canada. This subsection applies to all qualified electronic health records that are stored using any technology that can allow information to be electronically retrieved, accessed, or transmitted.

Tags

health information, florida, health law, health care, privacy data and cybersecurity