[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2511 Introduced in Senate (IS)]
<DOC>
114th CONGRESS
2d Session
S. 2511
To improve Federal requirements relating to the development and use of
electronic health records technology.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
February 8, 2016
Mr. Alexander (for himself, Mrs. Murray, Mr. Cassidy, Mr. Whitehouse,
Mr. Hatch, and Mr. Bennet) introduced the following bill; which was
read twice and referred to the Committee on Health, Education, Labor,
and Pensions
_______________________________________________________________________
A BILL
To improve Federal requirements relating to the development and use of
electronic health records technology.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Improving Health Information
Technology Act''.
SEC. 2. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY OF
CARE FOR PATIENTS.
(a) In General.--Part 1 of subtitle A of title XIII of the Health
Information Technology for Economic and Clinical Health Act (Public Law
111-5) is amended by adding at the end the following:
``SEC. 13103. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY
OF CARE FOR PATIENTS.
``(a) Reduction in Burdens Goal.--The Secretary of Health and Human
Services (referred to in this section as the `Secretary'), in
consultation with providers of health services, health care suppliers
of services, health care payers, health professional societies, health
information technology developers, health care quality organizations,
health care accreditation organizations, public health entities,
States, and other appropriate entities, shall, in accordance with
subsection (b)--
``(1) establish a goal with respect to the reduction of
regulatory or administrative burdens (such as documentation
requirements) relating to the use of electronic health records;
``(2) develop a strategy for meeting the goal established
under paragraph (1); and
``(3) develop recommendations for meeting the goal
established under paragraph (1).
``(b) Strategy and Recommendations.--
``(1) In general.--To achieve the goals established under
subsection (a)(1), the Secretary, in consultation with the
entities described in such subsection, shall, not later than 12
months after the date of enactment of this section, develop a
strategy and recommendations to meet the goals in accordance
with this subsection.
``(2) Strategy.--The strategy developed under paragraph (1)
shall address the regulatory and administration burdens (such
as documentation requirements) relating to the use of
electronic health records. Such strategy shall include broad
public comment and shall prioritize burdens related to--
``(A) the Medicare and Medicaid EHR Meaningful Use
Incentive programs or the Merit-based Incentive Payment
System, the Alternative Payment Models, the Hospital
Value-Based Purchasing Program, and other value-based
payment programs determined appropriate by the
Secretary;
``(B) health information technology certification
programs;
``(C) standards, and implementation specifications,
as appropriate;
``(D) activities that provide individuals access to
their electronic health information;
``(E) activities related to protecting the privacy
of electronic health information;
``(F) activities related to protecting the security
of electronic health information;
``(G) activities related to facilitating health and
clinical research;
``(H) activities related to public health;
``(I) activities related to aligning and
simplifying quality measures across Federal programs
and other payers;
``(J) activities related to reporting clinical data
for administrative purposes; and
``(K) other areas determined appropriate by the
Secretary.
``(3) Recommendations.--The recommendations developed under
paragraph (1) shall address--
``(A) actions that improve the clinical
documentation experience;
``(B) actions that improve patient care;
``(C) actions to be taken by the Secretary and by
other entities; and
``(D) other areas determined appropriate by the
Secretary to reduce the reporting burden required of
health care providers.
``(4) FACA.--The Federal Advisory Committee Act (5 U.S.C.
App.) shall not apply to the development of the goal,
strategies, or recommendations described in this section.
``(c) Application of Certain Regulatory Requirements.--A physician
(as defined in section 1861(r)(1) of the Social Security Act) may
delegate electronic medical record documentation requirements specified
in regulations promulgated by the Department of Health and Human
Services to a person who is not such physician if such physician has
signed and verified the documentation.''.
(b) Certification of Health Information Technology for Medical
Specialties and Sites of Service.--Section 3001(c)(5) of the Public
Health Service Act (42 U.S.C. 300jj-11(c)(5)) is amended by adding at
the end the following:
``(C) Health information technology for medical
specialties and sites of service.--
``(i) In general.--The National Coordinator
shall encourage, keep, or recognize, through
existing authorities, the voluntary
certification of health information technology
under the program developed under subparagraph
(A) for use in medical specialties and sites of
service for which no such technology is
available or where more technological
advancement or integration is needed.
``(ii) Specific medical specialties.--The
HIT Policy and Standards Committees shall make
recommendations on specific medical specialties
and sites of service, in addition to those
described in clause (iii), applicable under
this paragraph.
``(iii) Certified health information
technology for pediatrics.--Not later than 18
months after the date of enactment of this
subparagraph, the HIT Policy and Standards
Committees, in consultation with relevant
stakeholders, shall make recommendations for
the voluntary certification of health
information technology for use by pediatric
health providers to support the health care of
children. Not later than 24 months after the
date of enactment of this subparagraph, the
Secretary shall adopt certification criteria
(under section 3004) to support the voluntary
certification of health information technology
for use by pediatric health providers to
support the health care of children.''.
(c) Meaningful Use Statistics.--
(1) In general.--Not later than 6 months after the date of
enactment of this Act, the Secretary of Health and Human
Services shall submit to the HIT Policy Committee of the Office
of the National Coordinator for Health Information Technology,
a report concerning attestation statistics for the Medicare and
Medicaid EHR Meaningful Use Incentive programs to assist in
informing standards adoption and related practices. Such
statistics shall include attestation information delineated by
State, including the number of providers who did not meet the
minimum criteria necessary to attest for the Medicare and
Medicaid EHR Meaningful Use Incentive programs for a calendar
year, and shall be made publicly available on the Internet
website of the Secretary on at least a quarterly basis.
(2) Authority to alter format.--The Secretary of Health and
Human Services may alter the format of the reports on the
attestation of eligible health care professionals following the
first performance year of the Merit-based Incentive Payment
System to account for changes arising from the implementation
of such payment system.
SEC. 3. TRANSPARENT RATINGS ON USABILITY AND SECURITY TO TRANSFORM
INFORMATION TECHNOLOGY.
(a) Enhancements to Certification.--Section 3001(c)(5) of the
Public Health Service Act (42 U.S.C. 300jj-11), as amended by section
2(b), is further amended--
(1) in subparagraph (A)--
(A) by striking ``The National Coordinator'' and
inserting the following:
``(i) Voluntary certification program.--The
National Coordinator''; and
(B) by adding at the end the following:
``(ii) Transparency of program.--
``(I) In general.--To enhance
transparency in the compliance of
health information technology with
certification criteria and other
requirements adopted under this
subtitle, the National Coordinator, in
coordination with authorized
certification bodies, may make
information demonstrating how health
information technology meets such
certification criteria or other
requirements publicly available. Such
information may include summaries,
screenshots, video demonstrations, or
any other information the National
Coordinator determines appropriate.
``(II) Protection of proprietary
information.--The National Coordinator
shall take appropriate measures to
ensure that there are in effect
effective procedures to prevent the
unauthorized disclosure of any trade
secret or confidential information that
is obtained by the Secretary pursuant
to this section.'';
(2) in subparagraph (B), by adding at the end the
following: ``Beginning 18 months after reporting criteria are
finalized under section 3009A, certification criteria shall
include, in addition to criteria to establish that the
technology meets such standards and implementation
specifications, criteria consistent with section 3009A(b) to
establish that technology meets applicable security
requirements, incorporates user-centered design, and achieves
interoperability.''; and
(3) by adding at the end the following:
``(D) Conditions of certification.--Beginning 1
year after the date of enactment of the Improving
Health Information Technology Act, the Secretary shall
require, as a condition of certification and
maintenance of certification for programs maintained or
recognized under this paragraph, that--
``(i) the health information technology
developer or entity does not take any action
that constitutes information blocking with
respect to health information technology;
``(ii) the health information technology
developer or entity permits unimpeded
communication among and between health
information technology users, and for the
purposes of health information technology users
communicating with an authorized certification
body, the Office of the National Coordinator,
and the Office of the Inspector General, the
health information technology developer or
entity permits unimpeded communication
regarding the usability, interoperability,
security, business practices, or other relevant
information about the health information
technology or users' experience with the health
information technology;
``(iii) health information from such
technology may be exchanged, accessed, and used
through the use of application programming
interfaces or successor technology or standard
as provided for under applicable law;
``(iv) the health information technology
developer or entity provides to the Secretary
an attestation that the developer or entity--
``(I) has not engaged in any of the
conduct described in clause (i);
``(II) allows for communication as
described in clause (ii); and
``(III) ensures that its technology
allows for health information to be
exchanged, accessed, and used, in the
manner described in clause (iii); and
``(v) the health information technology
developer or entity submits reporting criteria
in accordance with section 3009A(f).''.
(b) Health Information Technology Rating Program.--Subtitle A of
title XXX of the Public Health Service Act (42 U.S.C. 300jj-11 et seq.)
is amended by adding at the end the following:
``SEC. 3009A. HEALTH INFORMATION TECHNOLOGY RATING PROGRAM.
``(a) Establishment.--Not later than 180 days after the date of
enactment of the Improving Health Information Technology Act, the
Secretary shall recognize a development council made up of one
representative from each of the certification bodies authorized by the
Office of the National Coordinator and the testing laboratories
accredited under section 13201(b) of the Health Information Technology
for Economic and Clinical Health Act (42 U.S.C. 17911(b)), one
representative from the National Institute of Standards and Technology,
and one representative from the Office of the National Coordinator. The
development council shall meet as needed for the purposes of carrying
out its activities in accordance with this section.
``(b) Reporting Criteria.--
``(1) In general.--The Secretary shall, using the
procedures prescribed in this subsection, issue rules
establishing reporting criteria for health information
technology products.
``(2) Convening of stakeholders.--Not later than 1 year
after the date of enactment of the Improving Health Information
Technology Act, the Secretary, in consultation with the
development council described in subsection (a), shall convene
stakeholders as described in paragraph (3) for the purpose of
developing the reporting criteria in accordance with paragraph
(4).
``(3) Development of reporting criteria.--The reporting
criteria under this subsection shall be developed through a
public, transparent process that reflects input from relevant
stakeholders, including--
``(A) health care providers, including primary care
and specialty care health care professionals;
``(B) hospitals and hospital systems;
``(C) health information technology developers;
``(D) patients, consumers, and their advocates;
``(E) data sharing networks, such as health
information exchanges;
``(F) authorized certification bodies and testing
laboratories;
``(G) security experts;
``(H) relevant manufacturers of medical devices;
``(I) experts in health information technology
market economics;
``(J) public and private entities engaged in the
evaluation of health information technology
performance;
``(K) quality organizations, including the
consensus based entity described in section 1890 of the
Social Security Act;
``(L) experts in human factors engineering and the
measurement of user-centered design; and
``(M) other entities or persons, as the Secretary,
in consultation with the development council,
determines appropriate.
``(4) Considerations for reporting criteria.--The reporting
criteria developed under this subsection--
``(A) shall include measures that reflect
categories including, with respect to the technology--
``(i) security;
``(ii) usability and user-centered design;
``(iii) interoperability;
``(iv) conformance to certification
testing; and
``(v) other categories as appropriate to
measure the performance of health information
technology;
``(B) may include measures such as--
``(i) enabling the user to order and view
the results of laboratory tests, imaging tests,
and other diagnostic tests;
``(ii) submitting, editing, and retrieving
data from registries such as clinician-led
clinical data registries;
``(iii) accessing and exchanging
information and data from and through Health
Information Exchanges;
``(iv) accessing and exchanging information
and data from medical devices;
``(v) accessing and exchanging information
and data held by Federal, State, and local
agencies and other applicable entities useful
to a health care provider or other applicable
user in the furtherance of patient care;
``(vi) accessing and exchanging information
from other health care providers or applicable
users;
``(vii) accessing and exchanging patient
generated information;
``(viii) providing the patient or an
authorized designee with a complete copy of
their health information from an electronic
record in a computable format;
``(ix) providing accurate patient
information for the correct patient, including
exchanging such information, and avoiding the
duplication of patients records; and
``(x) other appropriate functionalities;
and
``(C) shall be designed to ensure that small and
start-up health information technology developers are
not unduly disadvantaged by the reporting criteria or
rating scale methodology.
``(5) Consideration of development council
recommendations.--In promulgating proposed rules under this
subsection, including modifications to such rules under
subsection (e), the Secretary may accept, reject, or modify the
recommendations of the development council, but may not
promulgate a proposed rule that does not represent a complete
recommendation of such council.
``(6) Public comment.--In promulgating proposed rules under
this subsection, the Secretary shall conduct a public comment
period of not less than 60 days during which any member of the
public may provide comments on the proposed reporting criteria
and the methodology for the rating body (defined in subsection
(g)) to use in determining the star ratings.
``(7) Final rules.--The final rule promulgated under this
subsection shall be accompanied by timely responses to the
public comments described in paragraph (6).
``(8) FACA.--The Federal Advisory Committee Act (5 U.S.C.
App.) shall not apply to the development council described in
this section.
``(c) Feedback.--
``(1) In general.--The Secretary, in consultation with the
development council, shall establish a process for the rating
body (described in subsection (g)) to collect and verify
confidential feedback from--
``(A) health care providers, patients, and other
users of certified health information technology on the
usability, security, and interoperability of health
information technology products; and
``(B) developers of certified health information
technology on practices of health information
technology users that may inhibit interoperability.
``(2) Paperwork reduction act.--The Paperwork Reduction Act
(44 U.S.C. 3501 et seq.) shall not apply to the collection of
feedback described in this subsection.
``(d) Methodology.--The Secretary, in consultation with the
development council, shall develop a methodology to be used by the
rating body described in subsection (g) to calculate the star ratings
for certified health information technology described in subsection
(a). The methodology shall use the reporting criteria developed in
subsection (b), and the confidential feedback collected under
subsection (c). In developing such methodology, the Secretary, in
consultation with the development council, shall--
``(1) provide for appropriate weighting of user feedback
submitted under subsection (c) and reporting criteria submitted
under subsection (f), including consideration of the number of
users who submitted such feedback;
``(2) consider the impact of customization or adaptation by
users of certified health information technology on
performance;
``(3) account for the intended function, scope, and type of
certified health information technology;
``(4) in consultation with the development council and
after seeking comment from developers of health information
technology in a manner that ensures appropriate industry
feedback, establish a timeframe, but in no case less frequent
than once every 3 years, for the submission of reporting
criteria under subsection (f); and
``(5) establish a timeframe for incorporating user feedback
submitted under subsection (c) and reporting criteria submitted
under subsection (f) into the star ratings for certified health
information technology that accounts for updates to such
technology in order to encourage innovation and maximize the
utility of the star ratings.
``(e) Modifications.--
``(1) To the number of stars in the rating program.--The
development council may modify the number of star ratings
employed by the system, but not more frequently than every 4
years. In no case shall the rating system employ fewer than 3
stars.
``(2) To the reporting criteria.--After the final reporting
criteria have been established under this section, the
Secretary, in consultation with the development council, may
convene stakeholders and conduct a public reporting period for
the purpose of modifying the reporting criteria developed under
subsection (b) and methodology for determining the star ratings
proposed under subsection (e).
``(3) To the methodology.--After the final methodology to
be used by the rating body is established under subsection (e),
the Secretary, in consultation with the development council,
may modify the methodology used to calculate the star ratings
for certified health information technology using the reporting
criteria developed under subsection (b) and the confidential
feedback collected under subsection (c).
``(4) Consideration of gao report.--The Secretary and the
development council shall take into account the recommendations
from the Comptroller General under subsection (k), where
available, for the purposes of this paragraph.
``(f) Participation.--As a condition of maintaining their
certification under section 3001(c)(5)(D), a developer of certified
health information technology shall report on the criteria developed
under subsection (b) for all such certified technology offered by such
developer pursuant to the timeframe established under subsection (d).
``(g) Rating Body.--
``(1) In general.--The National Coordinator shall recognize
an independent entity with appropriate expertise to carry out
the rating program established by the development council under
subsection (a) and shall redetermine such recognition at least
every 4 years.
``(2) Consultation.--The entity recognized under paragraph
(1) may consult with organizations with expertise in the
measurement of interoperability, usability, and security of
health information technology in carrying out activities under
this section.
``(h) One Star Rating.--Each health information technology
developer, or entity offering health information technology for
certification, that receives a 1 star rating shall take action, through
an improvement plan developed with the rating body and approved by the
Secretary, to improve the health information technology rating within a
timeframe that the Secretary determines appropriate.
``(i) Decertification.--
``(1) Mandatory.--The Secretary shall decertify health
information technology if the developer or entity offering
health information technology does not submit reporting
criteria in accordance with subsection (f) within 90 days of
the timeline established under subsection (d).
``(2) Other decertification.--The Secretary may decertify
health information technology if--
``(A) the health information technology does not
improve from a one star rating within the timeframe
established under subsection (h); or
``(B) in other circumstances, as the Secretary
determines appropriate.
``(j) GAO Reports.--During the 12-year period beginning on the date
of enactment of the Improving Health Information Technology Act, the
Comptroller General of the United States shall submit to Congress a
report every 4 years on the rating scale methodology developed pursuant
to subsection (d), providing observations on the appropriateness of the
current methodology and recommendations for changes to the methodology.
The Development Council shall recommend to Congress and the Secretary
if additional reports are needed after the expiration of such 12-year
period.
``(k) Internet Website.--On the Internet website of the Office of
the National Coordinator, the Secretary shall publish the criteria and
methodology used to determine the star ratings, and, for each certified
health information technology, the final star rating, and a report
outlining such technology's performance with regard to the reporting
criteria developed under subsection (b), and if an improvement plan has
been administered. Following the reporting described in subsection (f),
the rating body shall have 30 days to calculate and submit updated
ratings to the Secretary and each developer of health information
technology, and updated ratings shall be published on such Internet
website not later than 30 days following such submission,
notwithstanding an appeal of a rating by a developer or entity through
the process developed under subsection (m).
``(l) Hardship Exemption.--Decertification of an adopted health
information technology product under subsection (i) shall be considered
a significant hardship resulting in a blanket exemption from the
payment adjustment pursuant to section 1848(a)(7)(B) of the Social
Security Act for eligible professionals, section 1886(b)(3)(ix)(II) of
such Act for eligible hospitals, and 1814(l)(4)(C) of such Act for
critical access hospitals.
``(m) Notification and Appeals.--The Secretary shall establish a
process whereby any health information technology developer, or entity
offering health information technology, is notified not less than 30
days before being made public and can appeal--
``(1) the health information technology product's star
rating; or
``(2) the Secretary's decision to decertify a product, as
applicable.''.
SEC. 4. INFORMATION BLOCKING.
Subtitle C of title XXX of the Public Health Service Act (42 U.S.C.
300jj-51 et seq.) is amended by adding at the end the following:
``SEC. 3022. INFORMATION BLOCKING.
``(a) Definition.--
``(1) In general.--The term `information blocking' means--
``(A) with respect to a health information
technology developer, exchange, or network, business,
technical, or organizational practices that--
``(i) except as required by law or
specified by the Secretary, interferes with,
prevents, or materially discourages access,
exchange, or use of electronic health
information; and
``(ii) the developer, exchange, or network
knows, or should know, are likely to interfere
with or prevent or materially discourage the
access, exchange, or use of electronic health
information; and
``(B) with respect to a health care provider, the
person or entity knowingly and unreasonably restricts
electronic health information exchange for patient care
or other priorities as determined appropriate by the
Secretary.
``(2) Rulemaking.--The Secretary shall, through
rulemaking--
``(A) identify reasonable and necessary activities
that do not constitute information blocking for
purposes of paragraph (1)(A); and
``(B) identify actions that meet the definition of
information blocking with respect to health care
providers for purposes of paragraph (1)(B).
``(b) Inspector General Authority.--
``(1) In general.--The Inspector General of the Department
of Health and Human Services may investigate any claim that--
``(A) a health information technology developer of,
or other entity offering certified health information
technology--
``(i) submits a false attestation made
under section 3001(c)(5)(D); or
``(ii) engaged in information blocking with
respect to the use of such health information
technology by a health care provider, unless
for a legitimate purpose specified by the
Secretary;
``(B) a health care provider engaged in information
blocking with respect to access or exchange of
certified health information technology, unless for a
legitimate purpose specified by the Secretary; and
``(C) a health information network or exchange
provider engaged in information blocking with respect
to the access, exchange, or use of such certified
health information technology, unless for a legitimate
purpose specified by the Secretary.
``(2) Jurisdiction of the inspector general.--For purposes
of this section, the Office of the Inspector General shall have
jurisdiction with respect to exchanges and networks, as well as
any developer or entity offering health information technology
for certification under a program or programs kept or
recognized by the National Coordinator under section
3001(c)(5). The National Coordinator shall notify developers of
health information technology as appropriate regarding the
jurisdiction of the Inspector General under this paragraph.
``(3) Penalty.--
``(A) Developers, networks, and exchanges.--With
respect to a health information technology developer,
exchange, or network, a person or entity determined by
the Inspector General to have committed information
blocking as described in subparagraph (A) or (C) of
paragraph (1) shall be subject to a civil monetary
penalty in an amount determined, through notice-and-
comment rulemaking, by the Secretary which may take
into account factors such as the extent and duration of
the information blocking and the number of patients and
providers potentially affected.
``(B) Providers.--With respect to health care
providers, any person or entity determined by the
Inspector General to have committed information
blocking as described in subparagraph (B) of paragraph
(1) shall be subject to appropriate incentives and
disincentives using authorities under applicable
Federal law, as determined appropriate by the Secretary
through notice and comment rulemaking.
``(C) Procedure.--The provisions of section 1128A
of the Social Security Act (other than subsections (a)
and (b)) shall apply to a civil money penalty applied
under this subsection in the same manner as such
provisions apply to a civil money penalty or proceeding
under section 1128A(a).
``(D) Recovery of funds.--Notwithstanding section
3302 of title 31, United States Code, or any other
provision of law affecting the crediting of
collections, the Inspector General of the Department of
Health and Human Services may receive and retain for
current use any amounts recovered under subparagraphs
(A) and (C). In addition to amounts otherwise available
to the Inspector General, funds received by the
Inspector General under this paragraph shall be
deposited, as an offsetting collection, to the credit
of any appropriation available for purposes of carrying
out this subsection and shall be available without
fiscal year limitation and without further
appropriation.
``(4) Resolution of claims.--
``(A) In general.--The Office of the Inspector
General, if such Office determines that a simple
consultation regarding the health privacy and security
rules promulgated under section 264(c) of the Health
Insurance Portability and Accountability Act of 1996
(42 U.S.C. 1320d-2 note) will resolve the claim at
issue, may refer instances of information blocking to
the Office for Civil Rights of the Department of Health
and Human Services for resolution.
``(B) Limitation on liability.--If a health
information technology developer makes information
available based on a good faith reliance on
consultations with the Office for Civil Rights of the
Department of Health and Human Services with respect to
such information, the developer shall not be liable for
such disclosure.
``(c) Identifying Barriers to Exchange of Certified Health
Information Technology.--
``(1) Trusted exchange defined.--In this section, the term
`trusted exchange' with respect to certified health information
technology means that the certified health information
technology has the technical capability to enable secure health
information exchange between users and multiple certified
health information technology systems.
``(2) Guidance.--The National Coordinator, in consultation
with the Office for Civil Rights of the Department of Health
and Human Services, shall issue guidance on common legal,
governance, and security barriers that prevent the trusted
exchange of electronic health information.
``(3) Referral.--The National Coordinator and the Office
for Civil Rights of the Department of Health and Human Services
may refer to the Inspector General instances or patterns of
refusal to exchange health information with an individual or
entity using certified health information technology that is
technically capable of trusted exchange and under conditions
when exchange is legally permissible.
``(4) HIT standards committee consideration.--Not later
than 1 year after the date of enactment of the Improving Health
Information Technology Act, the HIT Standards Committee shall
begin consideration of issues related to trusted exchange.''.
SEC. 5. INTEROPERABILITY.
(a) Definition.--Section 3000 of the Public Health Service Act (42
U.S.C. 300jj) is amended--
(1) by redesignating paragraphs (10) through (14), as
paragraphs (11) through (15), respectively; and
(2) by inserting after paragraph (9) the following:
``(10) Interoperability.--The term `interoperability' with
respect to health information technology means such health
information technology that has the ability to securely
exchange electronic health information with and use electronic
health information from other health information technology
without special effort on the part of the user.''.
(b) Support for Interoperable Network Exchange.--Section 3001(c) of
the Public Health Service Act (42 U.S.C. 300jj-11(c)) is amended by
adding at the end the following:
``(9) Support for interoperable networks exchange.--
``(A) In general.--The National Coordinator shall,
in collaboration with the National Institute of
Standards and Technology and other relevant agencies
within the Department of Health and Human Services, for
the purpose of ensuring full network-to-network
exchange of health information, convene public-private
and public-public partnerships to build consensus and
develop a trusted exchange framework, including a
common agreement among health information networks
nationally. Such convention may occur at a frequency
determined appropriate by the Secretary.
``(B) Establishing a trusted exchange framework.--
``(i) In general.--Not later than six
months after the date of enactment of this
paragraph, the National Coordinator shall
convene appropriate public and private
stakeholders to develop a trusted exchange
framework for trust policies and practices and
for a common agreement for exchange between
health information networks. The common
agreement may include--
``(I) a common method for
authenticating trusted health
information network participants;
``(II) a common set of rules for
trusted exchange;
``(III) organizational and
operational policies to enable the
exchange of health information among
networks, including minimum conditions
for such exchange to occur; and
``(IV) a process for filing and
adjudicating noncompliance with the
terms of the common agreement.
``(ii) Technical assistance.--The National
Coordinator, in conjunction with the National
Institute of Standards and Technology, shall
provide technical assistance on how to
implement the trusted exchange framework and
common agreement under this paragraph.
``(iii) Pilot testing.--The National
Coordinator, in collaboration with the National
Institute of Standards and Technology, shall
provide for the pilot testing of the trusted
exchange framework and common agreement
established under this subsection (as
authorized under section 13201 of the Health
Information Technology for Economic and
Clinical Health Act). The National Coordinator,
in collaboration with the National Institute of
Standards and Technology, may delegate pilot
testing activities under this clause to
independent entities with appropriate
expertise.
``(C) Publication of a trusted exchange framework
and common agreement.--Not later than one year after
convening stakeholders under subparagraph (A), the
National Coordinator shall publish on its public
Internet website, and in the Federal register, the
trusted exchange framework and common agreement
developed under subparagraph (B). Such trusted exchange
framework and common agreement shall be published in a
manner that protects proprietary and security
information, including trade secrets and any other
protected intellectual property.
``(D) Directory of participating health information
networks.--
``(i) In general.--Not later than two years
after convening stakeholders under subparagraph
(A), and annually thereafter, the National
Coordinator shall publish on its public
Internet website a list of those health
information networks that have adopted the
common agreement and are capable of trusted
exchange pursuant to the common agreement
developed under paragraph (B).
``(ii) Process.--The Secretary shall,
through notice-and-comment rulemaking,
establish a process for health information
networks that voluntarily elect to adopt the
trusted exchange framework and common agreement
to attest to such adoption of the framework and
agreement.
``(E) Application of the trusted exchange framework
and common agreement.--As appropriate, Federal agencies
contracting or entering into agreements with health
information exchange networks may require that as each
such network upgrades health information technology or
trust and operational practices, it may adopt, where
available, the trusted exchange framework and common
agreement published under subparagraph (C).
``(F) Rule of construction.--
``(i) General adoption.--Nothing in this
paragraph shall be construed to require a
health information network to adopt the trusted
exchange framework or common agreement.
``(ii) Adoption when exchange of
information is within network.--Nothing in this
paragraph shall be construed to require a
health information network to adopt the trusted
exchange framework or common agreement for the
exchange of electronic health information
between participants of the same network.
``(iii) Existing frameworks and
agreements.--The trusted exchange framework and
common agreement published under subparagraph
(C) shall take into account existing trusted
exchange frameworks and agreements used by
health information networks to avoid the
disruption of existing exchanges between
participants of health information networks.
``(iv) Application by federal agencies.--
Notwithstanding clauses (i), (ii), and (iii),
Federal agencies may require the adoption of
the trusted exchange framework and common
agreement published under subparagraph (C) for
health information exchanges contracting with
or entering into agreements pursuant to
subparagraph (E).
``(v) Consideration of ongoing work.--In
carrying out this paragraph, the Secretary
shall ensure the consideration of activities
carried out by public and private organizations
related to exchange between health information
exchanges to avoid duplication of efforts.''.
(c) Provider Digital Contact Information Index.--
(1) In general.--Not later than 36 months after the date of
enactment of this Act, the Secretary of Health and Human
Services shall either directly, or through a partnership with a
private entity, establish a provider digital contact
information index to provide digital contact information for
health professionals, health facilities, and other individuals
or organizations.
(2) Use of existing index.--In establishing the initial
index under paragraph (1), the Secretary of Health and Human
Services may utilize an existing provider directory to make
such digital contact information available.
(3) Contact information.--An index established under this
subsection shall ensure that contact information is available
at the individual health care provider level and at the health
facility or practice level.
(4) Rule of construction.--
(A) In general.--The purpose of this subsection is
to encourage the exchange of electronic health
information by providing the most useful, reliable, and
comprehensive index of providers possible. In
furthering such purpose, the Secretary of Health and
Human Services shall include all health professionals,
health facilities, and other individuals or
organizations applicable to provide a useful, reliable,
and comprehensive index for use in the exchange of
health information.
(B) Limitation.--In no case shall exclusion from
the index of providers be used as a measure to achieve
objectives other those described in subparagraph (A).
(d) Standards Development Organizations.--Section 3004 of the
Public Health Service Act (42 U.S.C. 300jj-14) is amended by adding at
the end the following:
``(c) Deference to Standards Development Organizations.--In
adopting and implementing standards under this section, the Secretary
shall give deference to standards published by Standards Development
Organizations and voluntary consensus-based standards bodies.''.
SEC. 6. LEVERAGING HEALTH INFORMATION TECHNOLOGY TO IMPROVE PATIENT
CARE.
(a) Requirement Relating to Registries.--
(1) In general.--To be certified in accordance with title
XXX of the Public Health Service Act, health information
technology (as defined by section 3000(5) of the Public Health
Service Act (42 U.S.C. 300jj(5))) shall be capable of
transmitting to, and where applicable, receiving and accepting
data from registries in accordance with standards recognized by
the Office of the National Coordinator for Health Information
Technology, including clinician-led clinical data registries,
that are also certified to be technically capable of receiving
and accepting from, and where applicable, transmitting data to
certified health information technology in accordance with such
standards.
(2) Rule of construction.--Nothing in this subsection shall
be construed to require the certification of registries beyond
the technical capability to exchange data in accordance with
applicable endorsed standards.
(b) Definition.--For purposes of this Act (including amendments
made to title XXX of the Public Health Service Act (42 U.S.C. 300jj et
seq.)), the term ``clinician-led clinical data registry'' means a
clinical data repository--
(1) that is established and operated by a clinician-led or
controlled, tax-exempt (pursuant to section 501(c) of the
Internal Revenue Code of 1986), professional society or other
similar clinician-led or -controlled organization, or such
organization's controlled affiliate, devoted to the care of a
population defined by a particular disease, condition, exposure
or therapy;
(2) that is designed to collect detailed, standardized data
on an ongoing basis for medical procedures, services, or
therapies for particular diseases, conditions, or exposures;
(3) that provides feedback to participants who submit
reports to the repository;
(4) that meets standards for data quality including--
(A) systematically collecting clinical and other
health care data, using standardized data elements and
has procedures in place to verify the completeness and
validity of those data; and
(B) being subject to regular data checks or audits
to verify completeness and validity; and
(5) that provides ongoing participant training and support.
(c) Treatment of Health Information Technology Developers With
Respect to Patient Safety Organizations.--
(1) In general.--In applying part C of title IX of the
Public Health Service Act (42 U.S.C. 299b-21 et seq.), a health
information technology developer shall be treated as a provider
(as defined in section 921 of such Act) for purposes of
reporting and conducting patient safety activities concerning
improving clinical care through the use of health information
technology that could result in improved patient safety, health
care quality, or health care outcomes.
(2) Report.--Not later than 48 months after the date of
enactment of this Act, the Secretary of Health and Human
Services shall submit to the Committee on Health, Education,
Labor, and Pensions of the Senate and the Committee on Energy
and Commerce of the House of Representatives, a report
concerning best practices and current trends voluntarily
provided, and without identifying individual providers or
disclosing or using protected health information or
individually identifiable information, by Patient Safety
Organizations to improve the integration of health information
technology into clinical practice.
SEC. 7. EMPOWERING PATIENTS AND IMPROVING PATIENT ACCESS TO THEIR
ELECTRONIC HEALTH INFORMATION.
(a) Use of Health Information Exchanges for Patient Access.--
Section 3009 of the Public Health Service Act (42 U.S.C. 300jj-19) is
amended by adding at the end the following:
``(c) Promoting Patient Access to Electronic Health Information
Through Health Information Exchanges.--
``(1) In general.--The National Coordinator, in
coordination with the Office for Civil Rights of the Department
of Health and Human Services, shall use existing authorities to
encourage partnerships between health information exchange
organizations and networks and health care providers, health
plans, and other appropriate entities to offer patients access
to their electronic health information in a single,
longitudinal format that is easy to understand, secure, and may
update such information automatically.
``(2) Education of providers.--The National Coordinator, in
coordination with the Office for Civil Rights of the Department
of Health and Human Services, shall--
``(A) educate health care providers on ways in
which to leverage the capabilities of health
information exchanges (or other relevant platforms) to
provide patients with access to their electronic health
information;
``(B) clarify misunderstandings by health care
providers about using health information exchanges (or
other relevant platforms) for patient access to
electronic health information; and
``(C) to the extent practicable, educate providers
about health information exchanges (or other relevant
platforms) that employ some or all of the capabilities
described in paragraph (1).
``(3) Requirements.--In carrying out paragraph (1), the
National Coordinator, in coordination with the Office for Civil
Rights, shall issue guidance to health information exchanges
related to best practices to ensure that the electronic health
information provided to patients is--
``(A) private and secure;
``(B) accurate;
``(C) verifiable; and
``(D) where a patient's authorization to exchange
is required by law, easily exchanged pursuant to such
authorization.
``(4) Rule of construction.--Nothing in this subsection
shall be construed to preempt State laws applicable to patient
consent for the access of information through a Health
Information Exchange (or other relevant platforms) that provide
protections to patients that are greater than the protections
otherwise provided for under applicable Federal law.
``(d) Efforts To Promote Access to Health Information.--The
National Coordinator and the Office for Civil Rights of the Department
of Health and Human Services shall jointly, through the development of
policies that support dynamic technology solutions, promote patient
access to health information in a manner that would ensure that such
information is available in a form convenient for the patient, in a
reasonable manner, and without burdening the health care provider
involved.
``(e) Accessibility of Patient Records.--
``(1) Accessibility and updating of information.--
``(A) In general.--The Secretary, in consultation
with the National Coordinator, shall promote policies
that ensure that a patient's electronic health
information is accessible to that patient, and their
designees, in a manner that facilitates communication
with the patient's health care providers and such
patient's consent, including with respect to research.
``(B) Updating education on accessing and
exchanging personal health information.--To promote
awareness that an individual has a right of access to
inspect, obtain a copy of, and transmit to a third
party a copy of protected health information pursuant
to the Health Information Portability and
Accountability Act Privacy Rule (45 C.F.R. 164.524 et
seq.), the Director of the Office for Civil Rights, in
consultation with the National Coordinator, shall
assist individuals and health care providers in
understanding a patient's rights to access and protect
their personal health information under the Health
Insurance Portability and Accountability Act of 1996
(Public Law 104-191), including providing best
practices for requesting personal health information in
a computable format, including using patient portals or
third-party applications and common cases when a
provider is permitted to exchange and provide access to
health information.
``(2) Certifying usability for patients.--In carrying out
certification programs under section 3001(c)(5), the National
Coordinator shall require, where applicable, that such program
or programs require the following:
``(A) That certification criteria support patient
access to their electronic health information,
including in a single longitudinal format that is easy
to understand, secure, and may be updated
automatically.
``(B) That developers of health information
technology support patient access to an electronic
health record in a longitudinal format that is easy to
understand, secure, and may be updated automatically.
``(C) That certification criteria support patient
access to their personal electronic health information
for research at the option of the patient.
``(D) That certification criteria support patient
and health care provider communication, including--
``(i) the ability for the patient to
electronically communicate patient reported
information (such as family history and medical
history); and
``(ii) the ability for the patient to
electronically share patient health
information, at the option of the patient.
``(E) That certified health information technology
used for health programs where certified health
information technology is required, include the
function for patient access to their own health
information, including--
``(i) ensuring that, as a condition of
certification, health care providers have
options for making such information accessible
for patients;
``(ii) ensuring that patients have options
for accessing such information; and
``(iii) ensuring that patients have access
to information regarding their legal rights and
responsibilities, as well the options available
to them for accessing their electronic health
information.
``(F) That the HIT Standards Committee develop and
prioritize standards, implementation specifications,
and certification criteria required to help support
patient access to electronic health information,
patient usability, and support for technologies that
offer patients access to their electronic health
information in a single, longitudinal format that is
easy to understand, secure, and may be updated
automatically.''.
(b) Access to Information in an Electronic Format.--Section
13405(e) of the Health Information Technology for Economic and Clinical
Health Act (42 U.S.C. 17935) is amended--
(1) in paragraph (1), by striking ``and'' at the end;
(2) by redesignating paragraph (2) as paragraph (3); and
(3) by inserting after paragraph (1), the following:
``(2) if the individual makes a request to a business
associate for access to, or a copy of, protected health
information about the individual, or if an individual makes a
request to a business associate to grant such access to, or
transmit such copy directly to, a person or entity designated
by the individual, a business associate may provide the
individual with such access or copy, which may be in an
electronic form, or grant or transmit such access or copy to
such person or entity designated by the individual; and''.
SEC. 8. GAO STUDY ON PATIENT MATCHING.
(a) In General.--Not later than 1 year after the date of enactment
of this Act, the Comptroller General of the United States shall conduct
a study to review the policies and activities of the Office of the
National Coordinator for Health Information Technology and other
relevant stakeholders to ensure appropriate patient matching to protect
patient privacy and security with respect to electronic health records
and the exchange of electronic health information.
(b) Areas of Concentration.--In conducting the study under
subsection (a), the Comptroller General shall--
(1) evaluate current methods used in certified electronic
health records for patient matching based on performance
related to factors such as--
(A) the privacy of patient information;
(B) the security of patient information;
(C) improving matching rates;
(D) reducing matching errors; and
(E) reducing duplicate records; and
(2) determine whether the Office of the National
Coordinator for Health Information Technology could improve
patient matching by taking steps including--
(A) defining additional data elements to assist in
patient data matching;
(B) agreeing on a required minimum set of elements
that need to be collected and exchanged;
(C) requiring electronic health records to have the
ability to make certain fields required and use
specific standards; or
(D) other options recommended by the relevant
stakeholders consulted pursuant to subsection (a).
(c) Report.--Not later than 2 years after the date of enactment of
this Act, the Comptroller General shall submit to the appropriate
committees of Congress a report concerning the findings of the study
conducted under subsection (a).
<all>