(1) The authority shall compile and analyze the data submitted by health carriers, pharmacy benefit managers, manufacturers, and pharmacy services administrative organizations pursuant to this chapter and prepare an annual report for the public and the legislature synthesizing the data to demonstrate the overall impact that drug costs, rebates, and other discounts have on health care premiums.

(2) The data in the report must be aggregated and must not reveal information specific to individual health carriers, pharmacy benefit managers, pharmacy services administrative organizations, individual prescription drugs, individual classes of prescription drugs, individual manufacturers, or discount amounts paid in connection with individual prescription drugs.

(3) Beginning January 1, 2021, and by each January 1st thereafter, the authority must publish the report on its website.

(4) Except for the report, and as provided in subsection (5) of this section, the authority shall keep confidential all data submitted pursuant to RCW 43.71C.020 through 43.71C.080.

(5) For purposes of public policy, upon request of a legislator, the authority must provide all data provided pursuant to RCW 43.71C.020 through 43.71C.080 and any analysis prepared by the authority. Any information provided pursuant to this subsection must be kept confidential within the legislature and may not be publicly released.

(6) For the purpose of reviewing drug prices and conducting affordability reviews, the prescription drug affordability board, as established in chapter 70.405 RCW, and the health care cost transparency board, established in chapter 70.390 RCW, may access all data collected pursuant to RCW 43.71C.020 through 43.71C.080 and any analysis prepared by the authority.

(7) The data collected pursuant to this chapter is not subject to public disclosure under chapter 42.56 RCW. Any information provided pursuant to this section must be kept confidential and may not be publicly released. Recipients of data under subsection (6) of this section shall:

(a) Follow all rules adopted by the authority regarding appropriate data use and protection; and

(b) Acknowledge that the recipient is responsible for any liability arising from misuse of the data and that the recipient does not have any conflicts under the ethics in public service act that would prevent the recipient from accessing or using the data.