U.S. Congress - Text of H.R.2991 as Introduced in House Independent Health Record Trust Act of 2007
The easiest way to email your members of Congress
Donate NowH.R.2991 - Independent Health Record Trust Act of 2007
To improve the availability of health information and the provision of health care by encouraging the creation, use, and maintenance of lifetime electronic health records of individuals in independent health record trusts and by providing a secure and privacy-protected framework in which such records are made available only by the affirmative consent of such individuals and are used to build a nationwide health information technology infrastructure.
Loading Bill Text
Rollover any line of text to comment and/or link to it.
HR 2991 IHCommentsClose CommentsPermalink
To improve the availability of health information and the provision of health care by encouraging the creation, use, and maintenance of lifetime electronic health records of individuals in independent health record trusts and by providing a secure and privacy-protected framework in which such records are made available only by the affirmative consent of such individuals and are used to build a nationwide health information technology infrastructure.CommentsClose CommentsPermalink
July 11, 2007
Mr. MOORE of Kansas (for himself, Mr. RYAN of Wisconsin, Mr. BARROW, Mrs. BLACKBURN, Mr. BOUSTANY, Mr. BOYD of Florida, Mrs. BOYDA of Kansas, Mr. CLAY, Mr. CLEAVER, Mr. COOPER, Mr. CROWLEY, Mr. DAVIS of Alabama, Mr. LINCOLN DAVIS of Tennessee, Mr. DELAHUNT, Mr. DICKS, Mrs. EMERSON, Mr. ETHERIDGE, Mr. GRAVES, Mr. HELLER of Nevada, Mr. HERGER, Mr. HILL, Mr. HOLDEN, Mr. HOLT, Mrs. JONES of Ohio, Mr. LARSON of Connecticut, Mrs. MCCARTHY of New York, Mr. MITCHELL, Mr. MORAN of Kansas, Mr. PUTNAM, Mrs. MCMORRIS RODGERS, Mr. SENSENBRENNER, Mr. SESSIONS, Mr. SMITH of Washington, Mrs. TAUSCHER, Mr. TIAHRT, and Mr. BAIRD) introduced the following bill; which was referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concernedCommentsClose CommentsPermalink
To improve the availability of health information and the provision of health care by encouraging the creation, use, and maintenance of lifetime electronic health records of individuals in independent health record trusts and by providing a secure and privacy-protected framework in which such records are made available only by the affirmative consent of such individuals and are used to build a nationwide health information technology infrastructure.CommentsClose CommentsPermalink
Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,CommentsClose CommentsPermalink
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title- This Act may be cited as the `Independent Health Record Trust Act of 2007'.CommentsClose CommentsPermalink
(b) Table of Contents- The table of contents of this Act is as follows:CommentsClose CommentsPermalink
Sec. 1. Short title; table of contents.CommentsClose CommentsPermalink
Sec. 2. Purpose.CommentsClose CommentsPermalink
Sec. 3. Definitions.CommentsClose CommentsPermalink
Sec. 4. Establishment, certification, and membership of independent health record trusts.CommentsClose CommentsPermalink
Sec. 5. Duties of IHRT to IHRT participants.CommentsClose CommentsPermalink
Sec. 6. Availability and use of information from records in IHRT consistent with privacy protections and agreements.CommentsClose CommentsPermalink
Sec. 7. Voluntary nature of trust participation and information sharing.CommentsClose CommentsPermalink
Sec. 8. Financing of activities.CommentsClose CommentsPermalink
Sec. 9. Regulatory oversight.CommentsClose CommentsPermalink
SEC. 2. PURPOSE.
It is the purpose of this Act to provide for the establishment of a nationwide health information technology network that--CommentsClose CommentsPermalink
(1) improves health care quality, reduces medical errors, increases the efficiency of care, and advances the delivery of appropriate, evidence-based health care services;CommentsClose CommentsPermalink
(2) promotes wellness, disease prevention, and the management of chronic illnesses by increasing the availability and transparency of information related to the health care needs of an individual;CommentsClose CommentsPermalink
(3) ensures that appropriate information necessary to make medical decisions is available in a usable form at the time and in the location that the medical service involved is provided;CommentsClose CommentsPermalink
(4) produces greater value for health care expenditures by reducing health care costs that result from inefficiency, medical errors, inappropriate care, and incomplete information;CommentsClose CommentsPermalink
(5) promotes a more effective marketplace, greater competition, greater systems analysis, increased choice, enhanced quality, and improved outcomes in health care services;CommentsClose CommentsPermalink
(6) improves the coordination of information and the provision of such services through an effective infrastructure for the secure and authorized exchange and use of health information; andCommentsClose CommentsPermalink
(7) ensures that the health information privacy, security, and confidentiality of individually identifiable health information is protected.CommentsClose CommentsPermalink
SEC. 3. DEFINITIONS.
In this Act:CommentsClose CommentsPermalink
(1) ACCESS- The term `access' means, with respect to an electronic health record, entering information into such account as well as retrieving information from such account.CommentsClose CommentsPermalink
(2) ACCOUNT- The term `account' means an electronic health record of an individual contained in an independent health record trust.CommentsClose CommentsPermalink
(3) AFFIRMATIVE CONSENT- The term `affirmative consent' means, with respect to an electronic health record of an individual contained in an IHRT, express consent given by the individual for the use of such record in response to a clear and conspicuous request for such consent or at the individual's own initiative.CommentsClose CommentsPermalink
(4) AUTHORIZED EHR DATA USER- The term `authorized EHR data user' means, with respect to an electronic health record of an IHRT participant contained as part of an IHRT, any entity (other than the participant) authorized (in the form of affirmative consent) by the participant to access the electronic health record.CommentsClose CommentsPermalink
(5) CONFIDENTIALITY- The term `confidentiality' means, with respect to individually identifiable health information of an individual, the obligation of those who receive such information to respect the health information privacy of the individual.CommentsClose CommentsPermalink
(6) ELECTRONIC HEALTH RECORD- The term `electronic health record' means a longitudinal collection of information concerning a single individual, including medical records and personal health information, that is stored electronically.CommentsClose CommentsPermalink
(7) HEALTH INFORMATION PRIVACY- The term `health information privacy' means, with respect to individually identifiable health information of an individual, the right of such individual to control the acquisition, uses, or disclosures of such information.CommentsClose CommentsPermalink
(8) HEALTH PLAN- The term `health plan' means a group health plan (as defined in section 2208(1) of the Public Health Service Act (
(9) HIPAA PRIVACY REGULATIONS- The term `HIPAA privacy regulations' means the regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (
(10) INDEPENDENT HEALTH RECORD TRUST; IHRT- The terms `independent health record trust' and `IHRT' mean a legal arrangement under the administration of an IHRT operator that meets the requirements of this Act with respect to electronic health records of individuals participating in the trust or IHRT.CommentsClose CommentsPermalink
(11) IHRT OPERATOR- The term `IHRT operator' means, with respect to an IHRT, the organization that is responsible for the administration and operation of the IHRT in accordance with this Act.CommentsClose CommentsPermalink
(12) IHRT PARTICIPANT- The term `IHRT participant' means, with respect to an IHRT, an individual who has a participation agreement in effect with respect to the maintenance of the individual's electronic health record by the IHRT.CommentsClose CommentsPermalink
(13) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION- The term `individually identifiable health information' has the meaning given such term in section 1171(6) of the Social Security Act (
(14) SECURITY- The term `security' means, with respect to individually identifiable health information of an individual, the physical, technological, or administrative safeguards or tools used to protect such information from unwarranted access or disclosure.CommentsClose CommentsPermalink
SEC. 4. ESTABLISHMENT, CERTIFICATION, AND MEMBERSHIP OF INDEPENDENT HEALTH RECORD TRUSTS.
(a) Establishment- Not later than one year after the date of the enactment of this Act, the Federal Trade Commission, in consultation with the National Committee on Vital and Health Statistics, shall prescribe standards for the establishment, certification, operation, and interoperability of IHRTs to carry out the purposes described in section 2 in accordance with the provisions of this Act.CommentsClose CommentsPermalink
(b) Certification-CommentsClose CommentsPermalink
(1) CERTIFICATION BY FTC- The Federal Trade Commission shall provide for the certification of IHRTs. No IHRT may be certified unless the IHRT is determined to meet the standards for certification established under subsection (a).CommentsClose CommentsPermalink
(2) DECERTIFICATION- The Federal Trade Commission shall establish a process for the revocation of certification of an IHRT under this section in the case that the IHRT violates the standards established under subsection (a).CommentsClose CommentsPermalink
(c) Membership-CommentsClose CommentsPermalink
(1) IN GENERAL- To be eligible to be a participant in an IHRT, an individual shall--CommentsClose CommentsPermalink
(A) submit to the IHRT information as required by the IHRT to establish an electronic health record with the IHRT; andCommentsClose CommentsPermalink
(B) enter into a privacy protection agreement described in section 6(b)(1) with the IHRT.CommentsClose CommentsPermalink
The process to determine eligibility of an individual under this subsection shall allow for the establishment by such individual of an electronic health record as expeditiously as possible if such individual is determined so eligible.CommentsClose CommentsPermalink
(2) NO LIMITATION ON MEMBERSHIP- Nothing in this subsection shall be construed to permit an IHRT to restrict membership, including on the basis of health condition.CommentsClose CommentsPermalink
SEC. 5. DUTIES OF IHRT TO IHRT PARTICIPANTS.
(a) Fiduciary Duty of IHRT; Penalties for Violations of Fiduciary Duty-CommentsClose CommentsPermalink
(1) FIDUCIARY DUTY- With respect to the electronic health record of an IHRT participant maintained by an IHRT, the IHRT shall have a fiduciary duty to act for the benefit and in the interests of such participant and of the IHRT as a whole. Such duty shall include obtaining the affirmative consent of such participant prior to the release of information in such participant's electronic health record in accordance with the requirements of this Act.CommentsClose CommentsPermalink
(2) PENALTIES- If the IHRT knowingly or recklessly breaches the fiduciary duty described in paragraph (1), the IHRT shall be subject to the following penalties:CommentsClose CommentsPermalink
(A) Loss of certification of the IHRT.CommentsClose CommentsPermalink
(B) A fine that is not in excess of $50,000.CommentsClose CommentsPermalink
(C) A term of imprisonment for the individuals involved of not more than 5 years.CommentsClose CommentsPermalink
(b) Electronic Health Record Deemed To Be Held in Trust by IHRT- With respect to an individual, an electronic health record maintained by an IHRT shall be deemed to be held in trust by the IHRT for the benefit of the individual and the IHRT shall have no legal or equitable interest in such electronic health record.CommentsClose CommentsPermalink
SEC. 6. AVAILABILITY AND USE OF INFORMATION FROM RECORDS IN IHRT CONSISTENT WITH PRIVACY PROTECTIONS AND AGREEMENTS.
(a) Protected Electronic Health Records Use and Access-CommentsClose CommentsPermalink
(1) GENERAL RIGHTS REGARDING USES OF INFORMATION-CommentsClose CommentsPermalink
(A) IN GENERAL- With respect to the electronic health record of an IHRT participant maintained by an IHRT, subject to paragraph (2)(C), primary uses and secondary uses (described in subparagraphs (B) and (C), respectively) of information within such record (other than by such participant) shall be permitted only upon the authorization of such use, prior to such use, by such participant.CommentsClose CommentsPermalink
(B) PRIMARY USES- For purposes of subparagraph (A) and with respect to an electronic health record of an individual, a primary use is a use for purposes of the individual's self-care or care by health care professionals.CommentsClose CommentsPermalink
(C) SECONDARY USES- For purposes of subparagraph (B) and with respect to an electronic health record of an individual, a secondary use is any use not described in subparagraph (B) and includes a use for purposes of public health research or other related activities. Additional authorization is required for a secondary use extending beyond the original purpose of the secondary use authorized by the IHRT participant involved. Nothing in this paragraph shall be construed as requiring authorization for every secondary use that is within the authorized original purpose.CommentsClose CommentsPermalink
(2) RULES FOR PRIMARY USE OF RECORDS FOR HEALTH CARE PURPOSES- With respect to the electronic health record of an IHRT participant (or specified parts of such electronic health record) maintained by an IHRT standards for access to such record shall provide for the following:CommentsClose CommentsPermalink
(A) ACCESS BY IHRT PARTICIPANTS TO THEIR ELECTRONIC HEALTH RECORDS-CommentsClose CommentsPermalink
(i) OWNERSHIP- The participant maintains ownership over the entire electronic health record (and all portions of such record) and shall have the right to electronically access and review the contents of the entire record (and any portion of such record) at any time, in accordance with this subparagraph.CommentsClose CommentsPermalink
(ii) ADDITION OF PERSONAL INFORMATION- The participant may add personal health information to the health record of that participant, except that such participant shall not alter information that is entered into the electronic health record by any authorized EHR data user. Such participant shall have the right to propose an amendment to information that is entered by an authorized EHR data user pursuant to standards prescribed by the Federal Trade Commission for purposes of amending such information.CommentsClose CommentsPermalink
(iii) IDENTIFICATION OF INFORMATION ENTERED BY PARTICIPANT- Any additions or amendments made by the participant to the health record shall be identified and disclosed within such record as being made by such participant.CommentsClose CommentsPermalink
(B) ACCESS BY ENTITIES OTHER THAN IHRT PARTICIPANT-CommentsClose CommentsPermalink
(i) AUTHORIZED ACCESS ONLY- Except as provided under subparagraph (C) and paragraph (4), access to the electronic health record (or any portion of the record)--CommentsClose CommentsPermalink
(I) may be made only by authorized EHR data users and only to such portions of the record as specified by the participant; andCommentsClose CommentsPermalink
(II) may be limited by the participant for purposes of entering information into such record, retrieving information from such record, or both.CommentsClose CommentsPermalink
(ii) IDENTIFICATION OF ENTITY THAT ENTERS INFORMATION- Any information that is added by an authorized EHR data user to the health record shall be identified and disclosed within such record as being made by such user.CommentsClose CommentsPermalink
(iii) SATISFACTION OF HIPAA PRIVACY REGULATIONS- In the case of a record of a covered entity (as defined for purposes of HIPAA privacy regulations), with respect to an individual, if such individual is an IHRT participant with an independent health record trust and such covered entity is an authorized EHR data user, the requirement under the HIPAA privacy regulations for such entity to provide the record to the participant shall be deemed met if such entity, without charge to the IHRT or the participant--CommentsClose CommentsPermalink
(I) forwards to the trust an appropriately formatted electronic copy of the record (and updates to such records) for inclusion in the electronic health record of the participant maintained by the trust;CommentsClose CommentsPermalink
(II) enters such record into the electronic health record of the participant so maintained; orCommentsClose CommentsPermalink
(III) otherwise makes such record available for electronic access by the IHRT or the individual in a manner that permits such record to be included in the account of the individual contained in the IHRT.CommentsClose CommentsPermalink
(iv) NOTIFICATION OF SENSITIVE INFORMATION- Any information, with respect to the participant, that is sensitive information, as specified by the Federal Trade Commission, shall not be forwarded or entered by an authorized EHR data user into the electronic health record of the participant maintained by the trust unless the user certifies that the participant has been notified of such information.CommentsClose CommentsPermalink
(C) DEEMED AUTHORIZATION FOR ACCESS FOR EMERGENCY HEALTH CARE-CommentsClose CommentsPermalink
(i) FINDINGS- Congress finds that--CommentsClose CommentsPermalink
(I) given the size and nature of visits to emergency departments in the United States, readily available health information could make the difference between life and death; andCommentsClose CommentsPermalink
(II) because of the case mix and volume of patients treated, emergency departments are well positioned to provide information for public health surveillance, community risk assessment, research, education, training, quality improvement, and other uses.CommentsClose CommentsPermalink
(ii) USE OF INFORMATION- With respect to the electronic health record of an IHRT participant (or specified parts of such electronic health record) maintained by an IHRT, the participant shall be deemed as providing authorization (in the form of affirmative consent) for health care providers to access, in connection with providing emergency care services to the participant, a limited, authenticated information set concerning the participant for emergency response purposes, unless the participant specifies that such information set (or any portion of such information set) may not be so accessed. Such limited information set may include information--CommentsClose CommentsPermalink
(I) patient identification data, as determined appropriate by the participant;CommentsClose CommentsPermalink
(II) provider identification that includes the use of unique provider identifiers;CommentsClose CommentsPermalink
(III) payment information;CommentsClose CommentsPermalink
(IV) information related to the individual's vitals, allergies, and medication history;CommentsClose CommentsPermalink
(V) information related to existing chronic problems and active clinical conditions of the participant; andCommentsClose CommentsPermalink
(VI) information concerning physical examinations, procedures, results, and diagnosis data.CommentsClose CommentsPermalink
(3) RULES FOR SECONDARY USES OF RECORDS FOR RESEARCH AND OTHER PURPOSES-CommentsClose CommentsPermalink
(A) IN GENERAL- With respect to the electronic health record of an IHRT participant (or specified parts of such electronic health record) maintained by an IHRT, the IHRT may sell such record (or specified parts of such record) only if--CommentsClose CommentsPermalink
(i) the transfer is authorized by the participant pursuant to an agreement between the participant and the IHRT and is in accordance with the privacy protection agreement described in subsection (b)(1) entered into between such participant and such IHRT;CommentsClose CommentsPermalink
(ii) such agreement includes parameters with respect to the disclosure of information involved and a process for the authorization of the further disclosure of information in such record;CommentsClose CommentsPermalink
(iii) the information involved is to be used for research or other activities only as provided for in the agreement;CommentsClose CommentsPermalink
(iv) the recipient of the information provides assurances that the information will not be further transferred or reused in violation of such agreement; andCommentsClose CommentsPermalink
(v) the transfer otherwise meets the requirements and standards prescribed by the Federal Trade Commission.CommentsClose CommentsPermalink
(B) TREATMENT OF PUBLIC HEALTH REPORTING- Nothing in this paragraph shall be construed as prohibiting or limiting the use of health care information of an individual, including an individual who is an IHRT participant, for public health reporting (or other research) purposes prior to the inclusion of such information in an electronic health record maintained by an IHRT.CommentsClose CommentsPermalink
(4) LAW ENFORCEMENT CLARIFICATION- Nothing in this Act shall prevent an IHRT from disclosing information contained in an electronic health record maintained by the IHRT when required for purposes of a lawful investigation or official proceeding inquiring into a violation of, or failure to comply with, any criminal or civil statute or any regulation, rule, or order issued pursuant to such a statute.CommentsClose CommentsPermalink
(5) RULE OF CONSTRUCTION- Nothing in this section shall be construed to require a health care provider that does not utilize electronic methods or appropriate levels of health information technology on the date of the enactment of this Act to adopt such electronic methods or technology as a requirement for participation or compliance under this Act.CommentsClose CommentsPermalink
(b) Privacy Protection Agreement; Treatment of State Privacy and Security Laws-CommentsClose CommentsPermalink
(1) PRIVACY PROTECTION AGREEMENT- A privacy protection agreement described in this subsection is an agreement, with respect to an electronic health record of an IHRT participant to be maintained by an independent health record trust, between the participant and the trust--CommentsClose CommentsPermalink
(A) that is consistent with the standards described in subsection (a)(2);CommentsClose CommentsPermalink
(B) under which the participant specifies the portions of the record that may be accessed, under what circumstances such portions may be accessed, any authorizations for indicated authorized EHR data users to access information contained in the record, and the purposes for which the information (or portions of the information) in the record may be used;CommentsClose CommentsPermalink
(C) which provides a process for the authorization of the transfer of information contained in the record to a third party, including for the sale of such information for purposes of research, by an authorized EHR data user and reuse of such information by such third party, including a provision requiring that such transfer and reuse is not in violation of any privacy or transfer restrictions placed by the participant on the independent health record of such participant; andCommentsClose CommentsPermalink
(D) under which the trust provides assurances that the trust will not transfer, disclose, or provide access to the record (or any portion of the record) in violation of the parameters established in the agreement or to any person or entity who has not agreed to use and transfer such record (or portion of such record) in accordance with such agreement.CommentsClose CommentsPermalink
(2) TREATMENT OF STATE LAWS-CommentsClose CommentsPermalink
(A) IN GENERAL- Except as provided under subparagraph (B), the provisions of a privacy protection agreement entered into between an IHRT and an IHRT participant shall preempt any provision of State law (or any State regulation) relating to the privacy and confidentiality of individually identifiable health information or to the security of such health information.CommentsClose CommentsPermalink
(B) EXCEPTION FOR PRIVILEGED INFORMATION- The provisions of a privacy protection agreement shall not preempt any provision of State law (or any State regulation) that recognizes privileged communications between physicians, health care practitioners, and patients of such physicians or health care practitioners, respectively.CommentsClose CommentsPermalink
(C) STATE DEFINED- For purposes of this section, the term `State' has the meaning given such term when used in title XI of the Social Security Act, as provided under section 1101(a) of such Act (
SEC. 7. VOLUNTARY NATURE OF TRUST PARTICIPATION AND INFORMATION SHARING.
(a) In General- Participation in an independent health record trust, or authorizing access to information from such a trust, is voluntary. No employer, health insurance issuer, group health plan, health care provider, or other person may require, as a condition of employment, issuance of a health insurance policy, coverage under a group health plan, the provision of health care services, payment for such services, or otherwise, that an individual participate in, or authorize access to information from, an independent health record trust.CommentsClose CommentsPermalink
(b) Enforcement- The penalties provided for in subsection (a) of section 1177 of the Social Security Act (
SEC. 8. FINANCING OF ACTIVITIES.
(a) In General- Except as provided in subsection (b), an IHRT may generate revenue to pay for the operations of the IHRT through--CommentsClose CommentsPermalink
(1) charging IHRT participants account fees for use of the trust;CommentsClose CommentsPermalink
(2) charging authorized EHR data users for accessing electronic health records maintained in the trust;CommentsClose CommentsPermalink
(3) the sale of information contained in the trust (as provided for in section 6(a)(3)(A)); andCommentsClose CommentsPermalink
(4) any other activity determined appropriate by the Federal Trade Commission.CommentsClose CommentsPermalink
(b) Prohibition Against Access Fees for Health Care Providers- For purposes of providing incentives to health care providers to access information maintained in an IHRT, as authorized by the IHRT participants involved, the IHRT may not charge a fee for services specified by the IHRT. Such services shall include the transmittal of information from a health care provider to be included in an independent electronic health record maintained by the IHRT (or permitting such provider to input such information into the record), including the transmission of or access to information described in section 6(a)(2)(C)(ii) by appropriate emergency responders.CommentsClose CommentsPermalink
(c) Required Disclosures- The sources and amounts of revenue derived under subsection (a) for the operations of an IHRT shall be fully disclosed to each IHRT participant of such IHRT and to the public.CommentsClose CommentsPermalink
(d) Treatment of Income- For purposes of the Internal Revenue Code of 1986, any revenue described in subsection (a) shall not be included in gross income of any IHRT, IHRT participant, or authorized EHR data user.CommentsClose CommentsPermalink
SEC. 9. REGULATORY OVERSIGHT.
(a) In General- In carrying out this Act, the Federal Trade Commission shall promulgate regulations for independent health record trusts.CommentsClose CommentsPermalink
(b) Establishment of Interagency Steering Committee-CommentsClose CommentsPermalink
(1) IN GENERAL- The Secretary of Health and Human Services shall establish an Interagency Steering Committee in accordance with this subsection.CommentsClose CommentsPermalink
(2) CHAIRPERSON- The Secretary of Health and Human Services shall serve as the chairperson of the Interagency Steering Committee.CommentsClose CommentsPermalink
(3) MEMBERSHIP- The members of the Interagency Steering Committee shall consist of the Attorney General, the Chairperson of the Federal Trade Commission, the Chairperson for the National Committee for Vital and Health Statistics, a representative of the Federal Reserve, and other Federal officials determined appropriate by the Secretary of Health and Human Services.CommentsClose CommentsPermalink
(4) DUTIES- The Interagency Steering Committee shall coordinate the implementation of this Act, including the implementation of policies described in subsection (d) based upon the recommendations provided under such subsection, and regulations promulgated under this Act.CommentsClose CommentsPermalink
(c) Federal Advisory Committee-CommentsClose CommentsPermalink
(1) IN GENERAL- The National Committee for Vital and Health Statistics shall serve as an advisory committee for the IHRTs. The membership of such advisory committee shall include a representative from the Federal Trade Commission and the chairperson of the Interagency Steering Committee. Not less than 60 percent of such membership shall consist of representatives of nongovernment entities, at least one of whom shall be a representative from an organization representing health care consumers.CommentsClose CommentsPermalink
(2) DUTIES- The National Committee for Vital and Health Statistics shall issue periodic reports and review policies concerning IHRTs based on each of the following factors:CommentsClose CommentsPermalink
(A) Privacy and security policies.CommentsClose CommentsPermalink
(B) Economic progress.CommentsClose CommentsPermalink
(C) Interoperability standards.CommentsClose CommentsPermalink
(d) Policies Recommended by Federal Trade Commission- The Federal Trade Commission, in consultation with the National Committee for Vital and Health Statistics, shall recommend policies to--CommentsClose CommentsPermalink
(1) provide assistance to encourage the growth of independent health record trusts;CommentsClose CommentsPermalink
(2) track economic progress as it pertains to operators of independent health records trusts and individuals receiving nontaxable income with respect to accounts;CommentsClose CommentsPermalink
(3) conduct public education activities regarding the creation and usage of the independent health records trusts;CommentsClose CommentsPermalink
(4) establish standards for the interoperability of health information technology to ensure that information contained in such record may be shared between the trust involved, the participant, and authorized EHR data users, including for the standardized collection and transmission of individual health records (or portions of such records) to authorized EHR data users through a common interface and for the portability of such records among independent health record trusts; andCommentsClose CommentsPermalink
(5) carry out any other activities determined appropriate by the Federal Trade Commission.CommentsClose CommentsPermalink
(e) Regulations Promulgated by Federal Trade Commission- The Federal Trade Commission shall promulgate regulations based on, at a minimum, the following factors:CommentsClose CommentsPermalink
(1) Requiring that an IHRT participant, who has an electronic health record that is maintained by an IHRT, be notified of a security breech with respect to such record, and any corrective action taken on behalf of the participant.CommentsClose CommentsPermalink
(2) Requiring that information sent to, or received from, an IHRT that has been designated as high-risk should be authenticated through the use of methods such as the periodic changing of passwords, the use of biometrics, the use of tokens or other technology as determined appropriate by the council.CommentsClose CommentsPermalink
(3) Requiring a delay in releasing sensitive health care test results and other similar information to patients directly in order to give physicians time to contact the patient.CommentsClose CommentsPermalink
(4) Recommendations for entities operating IHRTs, including requiring analysis of the potential risk of health transaction security breeches based on set criteria.CommentsClose CommentsPermalink
(5) The conduct of audits of IHRTs to ensure that they are in compliance with the requirements and standards established under this Act.CommentsClose CommentsPermalink
(6) Disclosure to IHRT participants of the means by which such trusts are financed, including revenue from the sale of patient data.CommentsClose CommentsPermalink
(7) Prevention of certification of an entity seeking independent heath record trust certification based on--CommentsClose CommentsPermalink
(A) the potential for conflicts between the interests of such entity and the security of the health information involved; andCommentsClose CommentsPermalink
(B) the involvement of the entity in any activity that is contrary to the best interests of a patient.CommentsClose CommentsPermalink
(8) Prevention of the use of revenue sources that are contrary to a patient's interests.CommentsClose CommentsPermalink
(9) Public disclosure of audits in a manner similar to financial audits required for publicly traded stock companies.CommentsClose CommentsPermalink
(10) Requiring notification to a participating entity that the information contained in such record may not be representative of the complete or accurate electronic health record of such account holder.CommentsClose CommentsPermalink
(f) Compliance Report- Not later than 1 year after the date of the enactment of this Act, and annually thereafter, the Commission shall submit to the Committee on Health, Education, Labor, and Pensions and the Committee on Finance of the Senate and the Committee on Energy and Commerce and the Committee on Ways and Means of the House of Representatives, a report on compliance by and progress of independent health record trusts with this Act. Such report shall describe the following:CommentsClose CommentsPermalink
(1) The number of complaints submitted about independent health record trusts, which shall be divided by complaints related to security breaches, and complaints not related to security breaches, and may include other categories as the Interagency Steering Committee established under section (b) determines appropriate.CommentsClose CommentsPermalink
(2) The number of enforcement actions undertaken by the Commission against independent health record trusts in response to complaints under paragraph (1), which shall be divided by enforcement actions related to security breaches and enforcement actions not related to security breaches and may include other categories as the Interagency Steering Committee established under section (b) determines appropriate.CommentsClose CommentsPermalink
(3) The economic progress of the individual owner or institution operator as achieved through independent health record trust usage and existing barriers to such usage.CommentsClose CommentsPermalink
(4) The progress in security auditing as provided for by the Interagency Steering Committee council under subsection (b).CommentsClose CommentsPermalink
(5) The other core responsibilities of the Commission as described in subsection (a).CommentsClose CommentsPermalink
(g) Interagency Memorandum of Understanding- The Interagency Steering Committee shall ensure, through the execution of an interagency memorandum of understanding, that--CommentsClose CommentsPermalink
(1) regulations, rulings, and interpretations issued by Federal officials relating to the same matter over which 2 or more such officials have responsibility under this Act are administered so as to have the same effect at all times; andCommentsClose CommentsPermalink
(2) the memorandum provides for the coordination of policies related to enforcing the same requirements through such officials in order to have coordinated enforcement strategy that avoids duplication of enforcement efforts and assigns priorities in enforcement.CommentsClose CommentsPermalink
Vote on This Bill
-
Share This Bill
More Share via Email
OC Blog Articles Related To This Bill
- With SOPA Shelved, Congress Readies its Next Attack on the Internet Feb 13, 2012
- Anti-Web Censorship Bill Protest from Our Perspective at OC Feb 08, 2012
- Indefinite military detention for U.S. citizens now in the hands of a secretive conference committee Dec 08, 2011
- Read the Military Detention Bill Nov 29, 2011
- Join the Public Mark-up of SOPA Nov 19, 2011
Recent OC Blog Articles
- Yes, let's stride towards an open VCS for legislation (or, GitHub for laws on OC) May 23, 2012
- Contact Congress Today to #FreeTHOMAS May 17, 2012
- Yochai Benkler: Blueprint for Democratic Participation May 10, 2012
- New NDAA Would Give the Military Clandestine Cyberwar Powers May 08, 2012
- The Week Ahead in Congress May 07, 2012