(20 ILCS 3860/20)
    (Section scheduled to be repealed on January 1, 2021)
    Sec. 20. Powers and duties of the Illinois Health Information Exchange Authority. The Authority has the following powers, together with all powers incidental or necessary to accomplish the purposes of this Act:
        (1) The Authority shall create and administer the
    
ILHIE using information systems and processes that are secure, are cost effective, and meet all other relevant privacy and security requirements under State and federal law.
        (2) The Authority shall establish and adopt
    
standards and requirements for the use of health information and the requirements for participation in the ILHIE by persons or entities including, but not limited to, health care providers, payors, and local health information exchanges.
        (3) The Authority shall establish minimum standards
    
for accessing the ILHIE to ensure that the appropriate security and privacy protections apply to health information, consistent with applicable federal and State standards and laws. The Authority shall have the power to suspend, limit, or terminate the right to participate in the ILHIE for non-compliance or failure to act, with respect to applicable standards and laws, in the best interests of patients, users of the ILHIE, or the public. The Authority may seek all remedies allowed by law to address any violation of the terms of participation in the ILHIE.
        (4) The Authority shall identify barriers to the
    
adoption of electronic health records systems, including researching the rates and patterns of dissemination and use of electronic health record systems throughout the State. The Authority shall make the results of the research available on its website.
        (5) The Authority shall prepare educational
    
materials and educate the general public on the benefits of electronic health records, the ILHIE, and the safeguards available to prevent unauthorized disclosure of health information.
        (6) The Authority may appoint or designate an
    
institutional review board in accordance with federal and State law to review and approve requests for research in order to ensure compliance with standards and patient privacy and security protections as specified in paragraph (3) of this Section.
        (7) The Authority may enter into all contracts and
    
agreements necessary or incidental to the performance of its powers under this Act. The Authority's expenditures of private funds are exempt from the Illinois Procurement Code, pursuant to Section 1-10 of that Act. Notwithstanding this exception, the Authority shall comply with the Business Enterprise for Minorities, Women, and Persons with Disabilities Act.
        (8) The Authority may solicit and accept grants,
    
loans, contributions, or appropriations from any public or private source and may expend those moneys, through contracts, grants, loans, or agreements, on activities it considers suitable to the performance of its duties under this Act.
        (9) The Authority may determine, charge, and
    
collect any fees, charges, costs, and expenses from any healthcare provider or entity in connection with its duties under this Act. Moneys collected under this paragraph (9) shall be deposited into the Health Information Exchange Fund.
        (10) The Authority may, under the direction of the
    
Executive Director, employ and discharge staff, including administrative, technical, expert, professional, and legal staff, as is necessary or convenient to carry out the purposes of this Act. The Authority may establish and administer standards of classification regarding compensation, benefits, duties, performance, and tenure for that staff and may enter into contracts of employment with members of that staff for such periods and on such terms as the Authority deems desirable. All employees of the Authority are exempt from the Personnel Code as provided by Section 4 of the Personnel Code.
        (11) The Authority shall consult and coordinate
    
with the Department of Public Health to further the Authority's collection of health information from health care providers for public health purposes. The collection of public health information shall include identifiable information for use by the Authority or other State agencies to comply with State and federal laws. Any identifiable information so collected shall be privileged and confidential in accordance with Sections 8-2101, 8-2102, 8-2103, 8-2104, and 8-2105 of the Code of Civil Procedure.
        (12) All identified or deidentified health
    
information in the form of health data or medical records contained in, stored in, submitted to, transferred by, or released from the Illinois Health Information Exchange, and identified or deidentified health information in the form of health data and medical records of the Illinois Health Information Exchange in the possession of the Illinois Health Information Exchange Authority due to its administration of the Illinois Health Information Exchange, shall be exempt from inspection and copying under the Freedom of Information Act. The terms "identified" and "deidentified" shall be given the same meaning as in the Health Insurance Portability and Accountability Act of 1996, Public Law 104-191, or any subsequent amendments thereto, and any regulations promulgated thereunder.
        (13) To address gaps in the adoption of, workforce
    
preparation for, and exchange of electronic health records that result in regional and socioeconomic disparities in the delivery of care, the Authority may evaluate such gaps and provide resources as available, giving priority to healthcare providers serving a significant percentage of Medicaid or uninsured patients and in medically underserved or rural areas.
(Source: P.A. 99-642, eff. 7-28-16; 100-391, eff. 8-25-17.)