Independent Health Record Bank Act of 2006 - Requires the Board of Governors of the Federal Reserve System to prescribe standards for the establishment and certification of independent health record banks to store individual electronic health records.
Gives an individual ownership over his/her entire health record with the right to review its contents at any time during normal business hours.
Allows a bank to generate revenue through the sale of nonidentifiable and partially identifiable health information contained in the bank for research purposes, but requires that such revenue be shared with account holders and allows such revenue to be shared with health care providers and payers. Excludes any such revenue from the gross income of the bank, account holder, or health care provider or payer.
Requires prior authorization by an individual before access can be given to his/her electronic health record. Permits access to a limited, authenticated information set concerning an individual for emergency response purposes without the individual's prior consent.
Requires the Board of Governors, acting through the Under Secretary for Technology or other appropriate official, to: (1) develop a program to certify entities to operate independent health record banks; and (2) establish an interagency council to develop standards for federal security auditing for entities operating banks.
Imposes fines and/or imprisonment for the wrongful disclosure of information collected, maintained, or made available by a record bank.
Amends the Internal Revenue Code to allow a tax deduction for the cost paid by a taxpayer to maintain an independent health record bank account.
[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5559 Introduced in House (IH)]
109th CONGRESS
2d Session
H. R. 5559
To improve the exchange of health information by encouraging the
creation, use, and maintenance of lifetime electronic health records in
independent health record banks, by using such records to build a
nationwide health information technology infrastructure, and by
promoting participation in health information exchanges by consumers
through tax incentives.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 8, 2006
Mr. Ryan of Wisconsin (for himself, Mr. Sessions, Mr. Moore of Kansas,
and Mr. Herger) introduced the following bill; which was referred to
the Committee on Energy and Commerce, and in addition to the Committee
on Ways and Means, for a period to be subsequently determined by the
Speaker, in each case for consideration of such provisions as fall
within the jurisdiction of the committee concerned
_______________________________________________________________________
A BILL
To improve the exchange of health information by encouraging the
creation, use, and maintenance of lifetime electronic health records in
independent health record banks, by using such records to build a
nationwide health information technology infrastructure, and by
promoting participation in health information exchanges by consumers
through tax incentives.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Independent Health Record Bank Act
of 2006''.
SEC. 2. PURPOSE.
It is the purpose of this Act to provide for the establishment of a
nationwide health information technology network that--
(1) improves health care quality, reduces medical errors,
increases the efficiency of care, and advances the delivery of
appropriate, evidence-based health care services;
(2) promotes wellness, disease prevention, and the
management of chronic illnesses by increasing the availability
and transparency of information related to the health care
needs of an individual;
(3) ensures that appropriate information necessary to make
medical decisions is available in a usable form at the time and
in the location that the medical service involved is provided;
(4) produces greater value for health care expenditures by
reducing health care costs that result from inefficiency,
medical errors, inappropriate care, and incomplete information;
(5) promotes a more effective marketplace, greater
competition, greater systems analysis, increased choice,
enhanced quality, and improved outcomes in health care
services;
(6) improves the coordination of information and the
provision of such services through an effective infrastructure
for the secure and authorized exchange and use of health
information; and
(7) ensures that the confidentiality of individually
identifiable health information of a patient is secure and
protected.
SEC. 3. DEFINITIONS.
In this Act:
(1) Account.--The term ``account'' means an electronic
health record of an individual contained in an independent
health record bank.
(2) Electronic health record.--The term ``electronic health
record'' means a longitudinal collection of personal health
information concerning a single individual, entered or accepted
by health care providers, and stored electronically.
(3) Health care entity.--The term ``health care entity''
includes health care consumers, health care providers, and
health care payers, government agencies, pharmaceutical
companies, laboratories, and health care research institutes.
(4) HIPAA regulations.--The term ``HIPAA regulations''
means the regulations promulgated under section 264(c) of the
Health Insurance Portability and Accountability Act of 1996 (42
U.S.C. 1320d-2 note).
(5) Individually identifiable health information.--The term
``individually identifiable health information'' has the
meaning given such term in section 1171(6) of the Social
Security Act (42 U.S.C. 1320d(6)).
(6) Nonidentifiable health information.--The term
``nonidentifiable health information'' means any list,
description, or other grouping of consumer information
(including publicly available information pertaining to them)
that is derived without using personally identifiable
information that is not publicly available.
(7) Partially identifiable health information.--The term
``partially identifiable health information'' means any list,
description, or other grouping of consumer information
(including publicly available information pertaining to them)
that is derived using any personally identifiable information
that is not publicly available.
(8) Protected health information.--The term ``protected
health information'' shall have the meaning given such term for
purposes of HIPAA regulations.
(9) Board of governors.--The term ``Board of Governors''
means the Board of Governors of the Federal Reserve System.
SEC. 4. INDEPENDENT HEALTH RECORD BANKS.
(a) Purpose.--It is the purpose of this section to provide for the
establishment of independent health record banks to achieve financial
savings in the health care system and improvements in the provision of
health care through--
(1) the creation and storage of lifetime individual
electronic health records for individuals that may contain
health plan and debit card functionality and that serves the
interests of all health care entities;
(2) the utilization of a technological infrastructure with
the goal of connecting health records to build a national
health information network;
(3) the provision of health information data sets, within
distinct authorization boundaries, based on usage needs,
including--
(A) the sale of approved data for research and
other consumer purposes as provided for under section
6(b);
(B) the provision of data for emergency health care
as provided for under section 6(c); and
(C) the provision of data for all other health care
needs determined appropriate by the Board of Governors
(in accordance with the protections provided for under
section 6);
(4) the offering of incentives to employers that face
rising employee health costs, to encourage employee
participation in independent health record banks; and
(5) the creation of a source of tax-free income to support
the operations of the independent health record banks, and,
through revenue sharing, to provide incentives to independent
health record bank account holders, health care providers, and
fee payers to contribute health information.
(b) Establishment.--
(1) In general.--Not later than one year after the date of
the enactment of this Act, the Board of Governors shall
prescribe standards for the establishment and certification of
independent health record banks to carry out the purpose
described in subsection (a).
(2) Requirement of non-profit entity.--Under the standards
under paragraph (1), a non-profit entity may establish an
independent health record bank as a cooperative entity that
operates for the benefit and in the interests of the membership
of the bank as a whole. Such bank shall be owned and controlled
by its members.
(3) For-profit entities.--Under the standards under
paragraph (1), a for-profit entity may not participate in the
establishment and operation of an independent health record
bank, except to the extent that such entity is by contract
employed to assist in carrying out the operations of the bank.
(4) Treatment as covered entity for purposes of hipaa
regulations.--To the extent that an independent health record
bank (or associated vendor) is engaged in receiving or
transmitting protected health information, the bank shall be
considered to be a HIPAA covered entity for purposes of HIPAA
regulations with respect to such information.
(c) Membership.--
(1) In general.--To be eligible to be a member of an
independent health record bank, an individual shall obtain or
have obtained a product or service from a covered entity that
is to be used primarily for personal, family, or household
purposes, or that individual's legal representative.
(2) No limitation on membership.--Nothing in this
subsection shall be construed to permit an independent health
record bank to restrict membership.
(d) Rights Relating to Information in the Bank.--
(1) Individual consumers.--
(A) General right.--An individual who has a health
record contained in an independent health record bank
shall maintain ownership over the entire health record
and shall have the right to review the contents of the
entire record at any time during the normal business
operating hours of the bank.
(B) Additional information and limitation.--An
individual described in subparagraph (A) may add
personal health information to the health record of
that individual, except that such individual shall not
falsify information and shall not alter information
that is entered into the health record by a health care
entity. Such an individual shall have the right to
propose an amendment to information that is entered by
a health care entity pursuant to standards prescribed
by the Board of Governors for purposes of correcting
such information.
(2) Other health care entities.--A health care entity
(other than the individual who maintains ownership over the
health record involved) shall serve as the custodian of only
information that has been added by such entity to the health
record. Such entity may be permitted to have access to other
specified information contained in such health record
(including the entire record if appropriate) if such access is
granted by the independent health record bank and the
individual involved (pursuant to standards prescribed by the
Secretary relating to access to information).
(e) Financing of Activities.--
(1) In general.--An independent health record bank may
generate revenue to pay for the operations of the bank
through--
(A) charging health care entities, including
individual account holders, account fees for use of the
bank;
(B) the sale of nonidentifiable and partially
identifiable health information contained in the bank
for research purposes (as provided for in section
6(b)); and
(C) the conduct of any other activities determined
appropriate by the Board of Governors.
(2) Sharing of revenue.--Revenue derived under paragraph
(1)(B) shall be shared with independent health record bank
account holders, and may be shared with health care providers
and payers, in accordance with this Act.
(3) Treatment of income.--For purposes of the Internal
Revenue Code of 1986, any revenue described in this subsection
shall not be included in gross income of any independent health
record bank, independent health record bank account holder,
health care provider, or payer described in this subsection.
SEC. 5. HEALTH CARE CLEARINGHOUSE ACTIVITIES.
(a) Application of Section.--This section shall apply to an
independent health record bank (and associated vendors) with respect to
activities undertaken by such bank in operating as a health care
clearinghouse (as such term is defined in section 1171(2) of the Social
Security Act (42 U.S.C. 1329d(2)).
(b) Accreditation.--
(1) In general.--To be eligible to carry out clearinghouse
activities under this section, an independent health record
bank (and associated vendors performing clearinghouse
functions) shall be accredited by a national standards
development organization, utilizing the criteria described in
paragraph (2), that is properly authenticated and registered
with the Attorney General and the Federal Trade Commission
pursuant to the provisions of the National Cooperation Research
and Production Act of 1993 (15 U.S.C. 4301 et seq.).
(2) Criteria.--The criteria to be used by a national
standards development organization in the accreditation of an
independent health record bank under this section shall be
designed to measure the competency, assets, practices, and
procedures of the bank for purposes of conducting clearinghouse
activities. Such criteria shall include--
(A) the technical capacity and electronic
facilities of the bank for the receipt, transmission,
and handling of electronic health information
transactions;
(B) the ability of the bank to process transactions
to which HIPAA regulations apply;
(C) the backup and disaster recovery plans and
capacity of the bank;
(D) the privacy practices, procedures, and employee
training programs of the bank consistent with HIPAA
regulations; and
(E) the security practices, procedures, and
employee training programs of the bank consistent with
HIPAA regulations, including compliance with the HIPAA
regulations security rule that protected health
information must only be viewable by the intended
recipient.
(3) Existing clearinghouses.--An independent health record
bank operated by an entity that has been certified under part C
of title XI of the Social Security Act (42 U.S.C. 1320d et
seq.) as a health care clearinghouse before the date of the
enactment of this Act shall be considered to be accredited for
purposes of paragraph (1).
(c) Information Requirement.--An independent health record bank
acting as a health care clearinghouse under this section shall ensure
that reporting services are provided to individual consumers in a
manner that includes the provision of lists of individuals or
organizations that have accessed the health record account of the
consumer or to whom health information disclosures concerning the
consumer have been made in accordance with the requirements of HIPAA
regulations.
SEC. 6. AVAILABILITY AND USE OF HEALTH INFORMATION IN BANK.
(a) General Rule.--Except as provided in this section, access to an
individual's electronic health record (or specified parts of such
electronic health record) maintained by an independent health record
bank shall only be provided with the prior authorization of the
individual involved, as authenticated as provided for under the
standards prescribed by the Board of Governors under section 8.
(b) Availability of Data for Research and Other Activities.--An
independent health record bank may sell nonidentifiable and partially
identifiable health information, with respect to an individual, only
if--
(1) the bank and the individual agree to the sale;
(2) the agreement provided for under paragraph (1) includes
parameters for the disclosure of information involved and a
process for the authorization of the further disclosure of
partially identifiable health information;
(3) the data involved are to be used for research or other
activities only as provided for in the agreement under
paragraph (1);
(4) the data involved do not identify the individual who is
the subject of the data;
(5) the revenue to be derived from the sale of the data is
collected by the bank and equally divided between the bank and
the individual involved, except that revenue may also be
distributed to health care providers and payers as incentives
to contribute additional data to the bank; and
(6) the transaction otherwise meets the requirements and
standards prescribed by the Board of Governors.
(c) Availability of Data for Emergency Health Care.--
(1) Findings.--Congress finds that--
(A) given the size and nature of visits to
emergency departments in the United States, readily
available health information could make the difference
between life and death; and
(B) because of the case mix and volume of patients
treated in emergency departments, such departments are
well positioned to provide information for public
health surveillance, community risk assessment,
research, education, training, quality improvement, and
other uses.
(2) Use of data.--An independent health record bank may
permit health care providers to access, during an emergency
department visit, a limited, authenticated information set
concerning an individual for emergency response purposes
without the prior consent of the individual. Such limited
information may include--
(A) patient identification information, as
determined appropriate by the individual involved;
(B) provider identification that includes the use
of unique provider identifiers as provided for in
section 1173 of the Social Security Act (42 U.S.C.
1320d-2);
(C) payment information;
(D) arrival and first assessment data;
(E) information related to existing chronic
problems and active clinical conditions of the
individual;
(F) information related to the individual's vitals,
allergies, and medication history; and
(G) information concerning physical examinations,
procedures, results, and diagnosis information relating
to the visit.
SEC. 7. ENSURING PRIVACY AND SECURITY.
(a) In General.--Current Federal security and confidentiality
standards and State security amd confidentiality laws shall apply to
this Act (and the amendments made by this Act) until such time as
Congress acts to amend such standards.
(b) Application of HIPAA Regulations and Transactional Standards.--
Nothing in this Act (or the amendments made by this Act) shall be
construed to narrow the scope, substance, or applicability of part C of
title XI of the Social Security Act (42 U.S.C. 1320d et seq.), or HIPAA
regulations, as such provisions or regulations relate to individually
identifiable health information maintained in an independent health
record bank.
(c) Treatment of State Laws.--Nothing in this Act (or the
amendments made by this Act) shall be construed as preempting or
otherwise affecting any provision of State law (or any State
regulation) relating to the privacy and confidentiality of individually
identifiable health information or to the security of such information,
to the extent that such provision (or regulation)--
(1) provides at least as much protection as otherwise
provided under this Act and under HIPAA regulations; and
(2) does not prohibit or restrict the exchange of health
information across State borders.
(d) State Defined.--For purposes of this section, the term
``State'' has the meaning given such term when used in title XI of the
Social Security Act, as provided under section 1101(a) of such Act (42
U.S.C. 1301(a)).
SEC. 8. REGULATORY OVERSIGHT.
(a) In General.--In carrying out this Act, the Board of Governors,
acting through the Under Secretary for Technology or other appropriate
official, shall--
(1) develop a program to certify entities to operate
independent health record banks;
(2) provide assistance to encourage the growth of
independent health record banks;
(3) track economic progress as it pertains to independent
health record bank operators and individuals receiving non-
taxable income with respect to accounts;
(4) conduct public education activities regarding the
creation and use of the independent health record banks;
(5) establish an interagency council under subsection (b)
to develop standards for Federal security auditing for entities
operating independent health record banks; and
(6) carry out any other activities determined appropriate
by the Board of Governors.
(b) Interagency Council for Security Auditing.--
(1) In general.--The Board of Governors, in consultation
with the Secretary of Health and Human Services and other
appropriate Federal officials, shall establish an interagency
council to develop standards for Federal security auditing as
it relates to data security, authentication, and authorization
recommendations, and reviews of independent health record
banks.
(2) Duties.--The interagency council established under
paragraph (1) shall take into consideration the following
factors when developing recommendations for security,
authentication, and authorization of information in independent
health record banks:
(A) The number and type of factors used for the
exchange of protected health information.
(B) The requirement that individuals, who have
health records that are maintained by the bank, be
notified of a security breech with respect to such
records, and any corrective action taken on behalf of
the individual.
(C) The requirement that information sent to, or
received from, an independent health record bank that
has been designated as high-risk should be
authenticated through the use of methods such as the
periodic changing of passwords, the use of biometrics,
the use of tokens or other technology as determined
appropriate by the council.
(D) Recommendations for entities operating
independent health record banks, including requiring
analysis of the potential risk of health transaction
security breaches based on set criteria.
(E) The conduct of audits of independent health
record banks to ensure that they are in compliance with
the requirements and standards established under this
Act.
(3) Compliance report.--The interagency council established
under this subsection shall annually submit to the Board of
Governors a report on compliance by independent health record
banks with the requirements and standard under this Act. Such
report shall be included in the corresponding annual report
required under subsection (d).
(c) Interagency Memorandum of Understanding.--The Board of
Governors and the Secretary of Health and Human Services, and other
Federal officials that may be impacted by this Act, shall ensure,
through the execution of an interagency memorandum of understanding
among the Board, Secretary, and officials, that--
(1) regulations, rulings, and interpretations issued by
such Board, Secretary, or officials relating to the same matter
over which two or more of such entities have responsibility
under this Act are administered so as to have the same effect
at all times; and
(2) coordination of policies relating to enforcing the same
requirements through the Board, Secretary, or officials in
order to have a coordinated enforcement strategy that avoids
duplication of enforcement efforts and assigns priorities in
enforcement.
(d) Annual Report.--Not later than one year after the date of the
enactment of this Act, and annually thereafter, the Secretary, acting
through the Under Secretary for Technology, shall submit to the
Committee on Energy and Commerce and the Committee on Ways and Means of
the House of Representatives and the Committee on Health, Education,
Labor, and Pensions and the Committee on Finance of the Senate, a
report that--
(1) describes individual owner or institution operator
economic progress as achieved through the use of independent
health record bank and existing barriers to such use;
(2) describes progress in security auditing as provided for
by the interagency security council under subsection (b); and
(3) contains information on the other duties of the Board
of Governors, as described in subsection (a).
SEC. 9. PENALTIES FOR WRONGFUL DISCLOSURE.
The penalties provided for in subsection (a) of section 1177 of the
Social Security Act (42 U.S.C. 1320d-6) shall apply to the wrongful
disclosure of information collected, maintained, or made available by
an independent health record bank under this Act, including disclosures
by any employees or associates of any such bank or other health care
entity using or disclosing such information, in the same manner as such
penalties apply to a person in violation of subsection (a) of such
section.
SEC. 10. TREATMENT OF EMPLOYER-PROVIDED EMPLOYEE INDEPENDENT HEALTH
RECORD BANK ACCOUNT FEES.
(a) In General.--Section 162 of the Internal Revenue Code of 1986
(relating to trade or business expenses) is amended by redesignating
subsection (q) as subsection (r) and by inserting after subsection (p)
the following new subsection:
``(q) Treatment of Employer-Provided Employee Independent Health
Record Bank Account Fees.--
``(1) In general.--In the case of a taxpayer, there shall
be allowed as a deduction under this section an amount equal to
the independent health record bank account investment provided
by such taxpayer during the taxable year.
``(2) Independent health record bank account investment.--
For purposes of this subsection, the term `independent health
record bank account investment' means, with respect to each
employee of the taxpayer for any taxable year, an amount equal
to the the cost paid by the taxpayer during the taxable year
for such employee to maintain an independent health record bank
account.
``(3) Independent health record bank account.--For purposes
of this subsection, the term `independent health record bank
account' has the meaning given to the term `account' under
section 3(1) of the Independent Health Record Bank Act of 2006.
``(4) Special rules.--No credit or deduction (other than
under this subsection) shall be allowed under this chapter with
respect to any expense which is taken into account under
paragraph (1) in determining the deduction under this
subsection.
``(5) Reports.--
``(A) In general.--Each taxpayer shall make such
reports to the Chairman of the Federal Reserve Board of
Governors and to employees of the taxpayer regarding--
``(i) independent health record bank
account investments made with respect to such
employees during any calendar year, and
``(ii) such other information as the
Chairman may require.
``(B) Time for making reports.--The reports
required by this subsection--
``(i) shall be filed at such time and in
such manner as the Chairman of the Federal
Reserve Board of Governors prescribes, and
``(ii) shall be furnished to employees--
``(I) not later than January 31 of
the calendar year following the
calendar year to which such reports
relate, and
``(II) in such manner as the
Chairman prescribes.
``(6) Regulations.--The Secretary may prescribe such
regulations as may be necessary or appropriate to carry out
this subsection.
``(7) Application of subsection.--This subsection shall
apply with respect to any independent health record bank
account investments made by the taxpayer for the 5-taxable year
period beginning with the first taxable year during which such
investments are made by the taxpayer.''.
(b) Effective Date.--The amendment made by this section shall apply
to taxable years beginning after the date of the enactment of this Act.
(c) Additional Incentive for Consumers Participating in IHRB.--
Revenue generated by an independent health record bank and received by
an account holder, health care entity, or health care payer shall not
be considered taxable income under the Internal Revenue Code of 1986.
<all>
Introduced in House
Introduced in House
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Subcommittee on Health.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line