By December 1, 2011, the lead organization shall, consistent with the federal health insurance portability and accountability act, develop processes, guidelines, and standards that address:
(1) Identification and prioritization of high value health data from health data providers. High value health data include:
(a) Prescriptions;
(b) Immunization records;
(c) Laboratory results;
(d) Allergies; and
(e) Diagnostic imaging;
(2) Processes to request, submit, and receive data;
(3) Data security, including:
(a) Storage, access, encryption, and password protection;
(b) Secure methods for accepting and responding to requests for data;
(c) Handling unauthorized access to or disclosure of individually identifiable patient health information, including penalties for unauthorized disclosure; and
(d) Authentication of individuals, including patients and providers, when requesting access to health information, and maintenance of a permanent audit trail of such requests, including:
(i) Identification of the party making the request;
(ii) The data elements reported; and
(iii) Transaction dates;
(4) Materials written in plain language that explain the exchange of health information and how patients can effectively manage such information, including the use of online tools for that purpose;
(5) Materials for health care providers that explain the exchange of health information and the secure management of such information.