Independent Health Record Trust Act of 2007 - Directs the Federal Trade Commission (FTC) to prescribe standards for the establishment, certification, operation, and interoperability of independent health record trusts (IHRTs).
Establishes a fiduciary duty requiring an IHRT to act for the benefit and interest of participants and of the IHRT as a whole. Sets forth penalties for any knowing or reckless breach of such duty.
Sets forth permitted uses for an electronic health record, including: (1) a primary use for purposes of the individual's self-care or care by health care professionals; and (2) a secondary use for purposes of public health research or related activities.
Directs that participation in an IHRT, or authorizing access to information from such trust, is voluntary. Prohibits any person from requiring that an individual participate in, or authorize access to information from, an IHRT.
Authorizes an IHRT to generate revenue to pay for operations through: (1) charging participants account fees; (2) charging authorized IHRT data users for accessing electronic health records; (3) the sale of information; and (4) any other activity determined appropriate by the FTC. Prohibits an IHRT from charging a fee for the transmittal of information from a health care provider to be included in an independent electronic health record.
Requires the Secretary of Health and Human Services to establish an Interagency Steering Committee to coordinate the implementation of this Act. Requires the National Committee for Vital and Health Statistics to serve as an advisory committee for IHRTs.
[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 2991 Introduced in House (IH)]
110th CONGRESS
1st Session
H. R. 2991
To improve the availability of health information and the provision of
health care by encouraging the creation, use, and maintenance of
lifetime electronic health records of individuals in independent health
record trusts and by providing a secure and privacy-protected framework
in which such records are made available only by the affirmative
consent of such individuals and are used to build a nationwide health
information technology infrastructure.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
July 11, 2007
Mr. Moore of Kansas (for himself, Mr. Ryan of Wisconsin, Mr. Barrow,
Mrs. Blackburn, Mr. Boustany, Mr. Boyd of Florida, Mrs. Boyda of
Kansas, Mr. Clay, Mr. Cleaver, Mr. Cooper, Mr. Crowley, Mr. Davis of
Alabama, Mr. Lincoln Davis of Tennessee, Mr. Delahunt, Mr. Dicks, Mrs.
Emerson, Mr. Etheridge, Mr. Graves, Mr. Heller of Nevada, Mr. Herger,
Mr. Hill, Mr. Holden, Mr. Holt, Mrs. Jones of Ohio, Mr. Larson of
Connecticut, Mrs. McCarthy of New York, Mr. Mitchell, Mr. Moran of
Kansas, Mr. Putnam, Mrs. McMorris Rodgers, Mr. Sensenbrenner, Mr.
Sessions, Mr. Smith of Washington, Mrs. Tauscher, Mr. Tiahrt, and Mr.
Baird) introduced the following bill; which was referred to the
Committee on Energy and Commerce, and in addition to the Committee on
Ways and Means, for a period to be subsequently determined by the
Speaker, in each case for consideration of such provisions as fall
within the jurisdiction of the committee concerned
_______________________________________________________________________
A BILL
To improve the availability of health information and the provision of
health care by encouraging the creation, use, and maintenance of
lifetime electronic health records of individuals in independent health
record trusts and by providing a secure and privacy-protected framework
in which such records are made available only by the affirmative
consent of such individuals and are used to build a nationwide health
information technology infrastructure.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Independent Health
Record Trust Act of 2007''.
(b) Table of Contents.--The table of contents of this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Purpose.
Sec. 3. Definitions.
Sec. 4. Establishment, certification, and membership of independent
health record trusts.
Sec. 5. Duties of IHRT to IHRT participants.
Sec. 6. Availability and use of information from records in IHRT
consistent with privacy protections and
agreements.
Sec. 7. Voluntary nature of trust participation and information
sharing.
Sec. 8. Financing of activities.
Sec. 9. Regulatory oversight.
SEC. 2. PURPOSE.
It is the purpose of this Act to provide for the establishment of a
nationwide health information technology network that--
(1) improves health care quality, reduces medical errors,
increases the efficiency of care, and advances the delivery of
appropriate, evidence-based health care services;
(2) promotes wellness, disease prevention, and the
management of chronic illnesses by increasing the availability
and transparency of information related to the health care
needs of an individual;
(3) ensures that appropriate information necessary to make
medical decisions is available in a usable form at the time and
in the location that the medical service involved is provided;
(4) produces greater value for health care expenditures by
reducing health care costs that result from inefficiency,
medical errors, inappropriate care, and incomplete information;
(5) promotes a more effective marketplace, greater
competition, greater systems analysis, increased choice,
enhanced quality, and improved outcomes in health care
services;
(6) improves the coordination of information and the
provision of such services through an effective infrastructure
for the secure and authorized exchange and use of health
information; and
(7) ensures that the health information privacy, security,
and confidentiality of individually identifiable health
information is protected.
SEC. 3. DEFINITIONS.
In this Act:
(1) Access.--The term ``access'' means, with respect to an
electronic health record, entering information into such
account as well as retrieving information from such account.
(2) Account.--The term ``account'' means an electronic
health record of an individual contained in an independent
health record trust.
(3) Affirmative consent.--The term ``affirmative consent''
means, with respect to an electronic health record of an
individual contained in an IHRT, express consent given by the
individual for the use of such record in response to a clear
and conspicuous request for such consent or at the individual's
own initiative.
(4) Authorized ehr data user.--The term ``authorized EHR
data user'' means, with respect to an electronic health record
of an IHRT participant contained as part of an IHRT, any entity
(other than the participant) authorized (in the form of
affirmative consent) by the participant to access the
electronic health record.
(5) Confidentiality.--The term ``confidentiality'' means,
with respect to individually identifiable health information of
an individual, the obligation of those who receive such
information to respect the health information privacy of the
individual.
(6) Electronic health record.--The term ``electronic health
record'' means a longitudinal collection of information
concerning a single individual, including medical records and
personal health information, that is stored electronically.
(7) Health information privacy.--The term ``health
information privacy'' means, with respect to individually
identifiable health information of an individual, the right of
such individual to control the acquisition, uses, or
disclosures of such information.
(8) Health plan.--The term ``health plan'' means a group
health plan (as defined in section 2208(1) of the Public Health
Service Act (42 U.S.C. 300bb-8(1))) as well as a plan that
offers health insurance coverage in the individual market.
(9) HIPAA privacy regulations.--The term ``HIPAA privacy
regulations'' means the regulations promulgated under section
264(c) of the Health Insurance Portability and Accountability
Act of 1996 (42 U.S.C. 1320d-2 note).
(10) Independent health record trust; ihrt.--The terms
``independent health record trust'' and ``IHRT'' mean a legal
arrangement under the administration of an IHRT operator that
meets the requirements of this Act with respect to electronic
health records of individuals participating in the trust or
IHRT.
(11) IHRT operator.--The term ``IHRT operator'' means, with
respect to an IHRT, the organization that is responsible for
the administration and operation of the IHRT in accordance with
this Act.
(12) IHRT participant.--The term ``IHRT participant''
means, with respect to an IHRT, an individual who has a
participation agreement in effect with respect to the
maintenance of the individual's electronic health record by the
IHRT.
(13) Individually identifiable health information.--The
term ``individually identifiable health information'' has the
meaning given such term in section 1171(6) of the Social
Security Act (42 U.S.C. 1320d(6)).
(14) Security.--The term ``security'' means, with respect
to individually identifiable health information of an
individual, the physical, technological, or administrative
safeguards or tools used to protect such information from
unwarranted access or disclosure.
SEC. 4. ESTABLISHMENT, CERTIFICATION, AND MEMBERSHIP OF INDEPENDENT
HEALTH RECORD TRUSTS.
(a) Establishment.--Not later than one year after the date of the
enactment of this Act, the Federal Trade Commission, in consultation
with the National Committee on Vital and Health Statistics, shall
prescribe standards for the establishment, certification, operation,
and interoperability of IHRTs to carry out the purposes described in
section 2 in accordance with the provisions of this Act.
(b) Certification.--
(1) Certification by ftc.--The Federal Trade Commission
shall provide for the certification of IHRTs. No IHRT may be
certified unless the IHRT is determined to meet the standards
for certification established under subsection (a).
(2) Decertification.--The Federal Trade Commission shall
establish a process for the revocation of certification of an
IHRT under this section in the case that the IHRT violates the
standards established under subsection (a).
(c) Membership.--
(1) In general.--To be eligible to be a participant in an
IHRT, an individual shall--
(A) submit to the IHRT information as required by
the IHRT to establish an electronic health record with
the IHRT; and
(B) enter into a privacy protection agreement
described in section 6(b)(1) with the IHRT.
The process to determine eligibility of an individual under
this subsection shall allow for the establishment by such
individual of an electronic health record as expeditiously as
possible if such individual is determined so eligible.
(2) No limitation on membership.--Nothing in this
subsection shall be construed to permit an IHRT to restrict
membership, including on the basis of health condition.
SEC. 5. DUTIES OF IHRT TO IHRT PARTICIPANTS.
(a) Fiduciary Duty of IHRT; Penalties for Violations of Fiduciary
Duty.--
(1) Fiduciary duty.--With respect to the electronic health
record of an IHRT participant maintained by an IHRT, the IHRT
shall have a fiduciary duty to act for the benefit and in the
interests of such participant and of the IHRT as a whole. Such
duty shall include obtaining the affirmative consent of such
participant prior to the release of information in such
participant's electronic health record in accordance with the
requirements of this Act.
(2) Penalties.--If the IHRT knowingly or recklessly
breaches the fiduciary duty described in paragraph (1), the
IHRT shall be subject to the following penalties:
(A) Loss of certification of the IHRT.
(B) A fine that is not in excess of $50,000.
(C) A term of imprisonment for the individuals
involved of not more than 5 years.
(b) Electronic Health Record Deemed To Be Held in Trust by IHRT.--
With respect to an individual, an electronic health record maintained
by an IHRT shall be deemed to be held in trust by the IHRT for the
benefit of the individual and the IHRT shall have no legal or equitable
interest in such electronic health record.
SEC. 6. AVAILABILITY AND USE OF INFORMATION FROM RECORDS IN IHRT
CONSISTENT WITH PRIVACY PROTECTIONS AND AGREEMENTS.
(a) Protected Electronic Health Records Use and Access.--
(1) General rights regarding uses of information.--
(A) In general.--With respect to the electronic
health record of an IHRT participant maintained by an
IHRT, subject to paragraph (2)(C), primary uses and
secondary uses (described in subparagraphs (B) and (C),
respectively) of information within such record (other
than by such participant) shall be permitted only upon
the authorization of such use, prior to such use, by
such participant.
(B) Primary uses.--For purposes of subparagraph (A)
and with respect to an electronic health record of an
individual, a primary use is a use for purposes of the
individual's self-care or care by health care
professionals.
(C) Secondary uses.--For purposes of subparagraph
(B) and with respect to an electronic health record of
an individual, a secondary use is any use not described
in subparagraph (B) and includes a use for purposes of
public health research or other related activities.
Additional authorization is required for a secondary
use extending beyond the original purpose of the
secondary use authorized by the IHRT participant
involved. Nothing in this paragraph shall be construed
as requiring authorization for every secondary use that
is within the authorized original purpose.
(2) Rules for primary use of records for health care
purposes.--With respect to the electronic health record of an
IHRT participant (or specified parts of such electronic health
record) maintained by an IHRT standards for access to such
record shall provide for the following:
(A) Access by ihrt participants to their electronic
health records.--
(i) Ownership.--The participant maintains
ownership over the entire electronic health
record (and all portions of such record) and
shall have the right to electronically access
and review the contents of the entire record
(and any portion of such record) at any time,
in accordance with this subparagraph.
(ii) Addition of personal information.--The
participant may add personal health information
to the health record of that participant,
except that such participant shall not alter
information that is entered into the electronic
health record by any authorized EHR data user.
Such participant shall have the right to
propose an amendment to information that is
entered by an authorized EHR data user pursuant
to standards prescribed by the Federal Trade
Commission for purposes of amending such
information.
(iii) Identification of information entered
by participant.--Any additions or amendments
made by the participant to the health record
shall be identified and disclosed within such
record as being made by such participant.
(B) Access by entities other than ihrt
participant.--
(i) Authorized access only.--Except as
provided under subparagraph (C) and paragraph
(4), access to the electronic health record (or
any portion of the record)--
(I) may be made only by authorized
EHR data users and only to such
portions of the record as specified by
the participant; and
(II) may be limited by the
participant for purposes of entering
information into such record,
retrieving information from such
record, or both.
(ii) Identification of entity that enters
information.--Any information that is added by
an authorized EHR data user to the health
record shall be identified and disclosed within
such record as being made by such user.
(iii) Satisfaction of hipaa privacy
regulations.--In the case of a record of a
covered entity (as defined for purposes of
HIPAA privacy regulations), with respect to an
individual, if such individual is an IHRT
participant with an independent health record
trust and such covered entity is an authorized
EHR data user, the requirement under the HIPAA
privacy regulations for such entity to provide
the record to the participant shall be deemed
met if such entity, without charge to the IHRT
or the participant--
(I) forwards to the trust an
appropriately formatted electronic copy
of the record (and updates to such
records) for inclusion in the
electronic health record of the
participant maintained by the trust;
(II) enters such record into the
electronic health record of the
participant so maintained; or
(III) otherwise makes such record
available for electronic access by the
IHRT or the individual in a manner that
permits such record to be included in
the account of the individual contained
in the IHRT.
(iv) Notification of sensitive
information.--Any information, with respect to
the participant, that is sensitive information,
as specified by the Federal Trade Commission,
shall not be forwarded or entered by an
authorized EHR data user into the electronic
health record of the participant maintained by
the trust unless the user certifies that the
participant has been notified of such
information.
(C) Deemed authorization for access for emergency
health care.--
(i) Findings.--Congress finds that--
(I) given the size and nature of
visits to emergency departments in the
United States, readily available health
information could make the difference
between life and death; and
(II) because of the case mix and
volume of patients treated, emergency
departments are well positioned to
provide information for public health
surveillance, community risk
assessment, research, education,
training, quality improvement, and
other uses.
(ii) Use of information.--With respect to
the electronic health record of an IHRT
participant (or specified parts of such
electronic health record) maintained by an
IHRT, the participant shall be deemed as
providing authorization (in the form of
affirmative consent) for health care providers
to access, in connection with providing
emergency care services to the participant, a
limited, authenticated information set
concerning the participant for emergency
response purposes, unless the participant
specifies that such information set (or any
portion of such information set) may not be so
accessed. Such limited information set may
include information--
(I) patient identification data, as
determined appropriate by the
participant;
(II) provider identification that
includes the use of unique provider
identifiers;
(III) payment information;
(IV) information related to the
individual's vitals, allergies, and
medication history;
(V) information related to existing
chronic problems and active clinical
conditions of the participant; and
(VI) information concerning
physical examinations, procedures,
results, and diagnosis data.
(3) Rules for secondary uses of records for research and
other purposes.--
(A) In general.--With respect to the electronic
health record of an IHRT participant (or specified
parts of such electronic health record) maintained by
an IHRT, the IHRT may sell such record (or specified
parts of such record) only if--
(i) the transfer is authorized by the
participant pursuant to an agreement between
the participant and the IHRT and is in
accordance with the privacy protection
agreement described in subsection (b)(1)
entered into between such participant and such
IHRT;
(ii) such agreement includes parameters
with respect to the disclosure of information
involved and a process for the authorization of
the further disclosure of information in such
record;
(iii) the information involved is to be
used for research or other activities only as
provided for in the agreement;
(iv) the recipient of the information
provides assurances that the information will
not be further transferred or reused in
violation of such agreement; and
(v) the transfer otherwise meets the
requirements and standards prescribed by the
Federal Trade Commission.
(B) Treatment of public health reporting.--Nothing
in this paragraph shall be construed as prohibiting or
limiting the use of health care information of an
individual, including an individual who is an IHRT
participant, for public health reporting (or other
research) purposes prior to the inclusion of such
information in an electronic health record maintained
by an IHRT.
(4) Law enforcement clarification.--Nothing in this Act
shall prevent an IHRT from disclosing information contained in
an electronic health record maintained by the IHRT when
required for purposes of a lawful investigation or official
proceeding inquiring into a violation of, or failure to comply
with, any criminal or civil statute or any regulation, rule, or
order issued pursuant to such a statute.
(5) Rule of construction.--Nothing in this section shall be
construed to require a health care provider that does not
utilize electronic methods or appropriate levels of health
information technology on the date of the enactment of this Act
to adopt such electronic methods or technology as a requirement
for participation or compliance under this Act.
(b) Privacy Protection Agreement; Treatment of State Privacy and
Security Laws.--
(1) Privacy protection agreement.--A privacy protection
agreement described in this subsection is an agreement, with
respect to an electronic health record of an IHRT participant
to be maintained by an independent health record trust, between
the participant and the trust--
(A) that is consistent with the standards described
in subsection (a)(2);
(B) under which the participant specifies the
portions of the record that may be accessed, under what
circumstances such portions may be accessed, any
authorizations for indicated authorized EHR data users
to access information contained in the record, and the
purposes for which the information (or portions of the
information) in the record may be used;
(C) which provides a process for the authorization
of the transfer of information contained in the record
to a third party, including for the sale of such
information for purposes of research, by an authorized
EHR data user and reuse of such information by such
third party, including a provision requiring that such
transfer and reuse is not in violation of any privacy
or transfer restrictions placed by the participant on
the independent health record of such participant; and
(D) under which the trust provides assurances that
the trust will not transfer, disclose, or provide
access to the record (or any portion of the record) in
violation of the parameters established in the
agreement or to any person or entity who has not agreed
to use and transfer such record (or portion of such
record) in accordance with such agreement.
(2) Treatment of state laws.--
(A) In general.--Except as provided under
subparagraph (B), the provisions of a privacy
protection agreement entered into between an IHRT and
an IHRT participant shall preempt any provision of
State law (or any State regulation) relating to the
privacy and confidentiality of individually
identifiable health information or to the security of
such health information.
(B) Exception for privileged information.--The
provisions of a privacy protection agreement shall not
preempt any provision of State law (or any State
regulation) that recognizes privileged communications
between physicians, health care practitioners, and
patients of such physicians or health care
practitioners, respectively.
(C) State defined.--For purposes of this section,
the term ``State'' has the meaning given such term when
used in title XI of the Social Security Act, as
provided under section 1101(a) of such Act (42 U.S.C.
1301(a)).
SEC. 7. VOLUNTARY NATURE OF TRUST PARTICIPATION AND INFORMATION
SHARING.
(a) In General.--Participation in an independent health record
trust, or authorizing access to information from such a trust, is
voluntary. No employer, health insurance issuer, group health plan,
health care provider, or other person may require, as a condition of
employment, issuance of a health insurance policy, coverage under a
group health plan, the provision of health care services, payment for
such services, or otherwise, that an individual participate in, or
authorize access to information from, an independent health record
trust.
(b) Enforcement.--The penalties provided for in subsection (a) of
section 1177 of the Social Security Act (42 U.S.C. 1320d-6) shall apply
to a violation of subsection (a) in the same manner as such penalties
apply to a person in violation of subsection (a) of such section.
SEC. 8. FINANCING OF ACTIVITIES.
(a) In General.--Except as provided in subsection (b), an IHRT may
generate revenue to pay for the operations of the IHRT through--
(1) charging IHRT participants account fees for use of the
trust;
(2) charging authorized EHR data users for accessing
electronic health records maintained in the trust;
(3) the sale of information contained in the trust (as
provided for in section 6(a)(3)(A)); and
(4) any other activity determined appropriate by the
Federal Trade Commission.
(b) Prohibition Against Access Fees for Health Care Providers.--For
purposes of providing incentives to health care providers to access
information maintained in an IHRT, as authorized by the IHRT
participants involved, the IHRT may not charge a fee for services
specified by the IHRT. Such services shall include the transmittal of
information from a health care provider to be included in an
independent electronic health record maintained by the IHRT (or
permitting such provider to input such information into the record),
including the transmission of or access to information described in
section 6(a)(2)(C)(ii) by appropriate emergency responders.
(c) Required Disclosures.--The sources and amounts of revenue
derived under subsection (a) for the operations of an IHRT shall be
fully disclosed to each IHRT participant of such IHRT and to the
public.
(d) Treatment of Income.--For purposes of the Internal Revenue Code
of 1986, any revenue described in subsection (a) shall not be included
in gross income of any IHRT, IHRT participant, or authorized EHR data
user.
SEC. 9. REGULATORY OVERSIGHT.
(a) In General.--In carrying out this Act, the Federal Trade
Commission shall promulgate regulations for independent health record
trusts.
(b) Establishment of Interagency Steering Committee.--
(1) In general.--The Secretary of Health and Human Services
shall establish an Interagency Steering Committee in accordance
with this subsection.
(2) Chairperson.--The Secretary of Health and Human
Services shall serve as the chairperson of the Interagency
Steering Committee.
(3) Membership.--The members of the Interagency Steering
Committee shall consist of the Attorney General, the
Chairperson of the Federal Trade Commission, the Chairperson
for the National Committee for Vital and Health Statistics, a
representative of the Federal Reserve, and other Federal
officials determined appropriate by the Secretary of Health and
Human Services.
(4) Duties.--The Interagency Steering Committee shall
coordinate the implementation of this Act, including the
implementation of policies described in subsection (d) based
upon the recommendations provided under such subsection, and
regulations promulgated under this Act.
(c) Federal Advisory Committee.--
(1) In general.--The National Committee for Vital and
Health Statistics shall serve as an advisory committee for the
IHRTs. The membership of such advisory committee shall include
a representative from the Federal Trade Commission and the
chairperson of the Interagency Steering Committee. Not less
than 60 percent of such membership shall consist of
representatives of nongovernment entities, at least one of whom
shall be a representative from an organization representing
health care consumers.
(2) Duties.--The National Committee for Vital and Health
Statistics shall issue periodic reports and review policies
concerning IHRTs based on each of the following factors:
(A) Privacy and security policies.
(B) Economic progress.
(C) Interoperability standards.
(d) Policies Recommended by Federal Trade Commission.--The Federal
Trade Commission, in consultation with the National Committee for Vital
and Health Statistics, shall recommend policies to--
(1) provide assistance to encourage the growth of
independent health record trusts;
(2) track economic progress as it pertains to operators of
independent health records trusts and individuals receiving
nontaxable income with respect to accounts;
(3) conduct public education activities regarding the
creation and usage of the independent health records trusts;
(4) establish standards for the interoperability of health
information technology to ensure that information contained in
such record may be shared between the trust involved, the
participant, and authorized EHR data users, including for the
standardized collection and transmission of individual health
records (or portions of such records) to authorized EHR data
users through a common interface and for the portability of
such records among independent health record trusts; and
(5) carry out any other activities determined appropriate
by the Federal Trade Commission.
(e) Regulations Promulgated by Federal Trade Commission.--The
Federal Trade Commission shall promulgate regulations based on, at a
minimum, the following factors:
(1) Requiring that an IHRT participant, who has an
electronic health record that is maintained by an IHRT, be
notified of a security breech with respect to such record, and
any corrective action taken on behalf of the participant.
(2) Requiring that information sent to, or received from,
an IHRT that has been designated as high-risk should be
authenticated through the use of methods such as the periodic
changing of passwords, the use of biometrics, the use of tokens
or other technology as determined appropriate by the council.
(3) Requiring a delay in releasing sensitive health care
test results and other similar information to patients directly
in order to give physicians time to contact the patient.
(4) Recommendations for entities operating IHRTs, including
requiring analysis of the potential risk of health transaction
security breeches based on set criteria.
(5) The conduct of audits of IHRTs to ensure that they are
in compliance with the requirements and standards established
under this Act.
(6) Disclosure to IHRT participants of the means by which
such trusts are financed, including revenue from the sale of
patient data.
(7) Prevention of certification of an entity seeking
independent heath record trust certification based on--
(A) the potential for conflicts between the
interests of such entity and the security of the health
information involved; and
(B) the involvement of the entity in any activity
that is contrary to the best interests of a patient.
(8) Prevention of the use of revenue sources that are
contrary to a patient's interests.
(9) Public disclosure of audits in a manner similar to
financial audits required for publicly traded stock companies.
(10) Requiring notification to a participating entity that
the information contained in such record may not be
representative of the complete or accurate electronic health
record of such account holder.
(f) Compliance Report.--Not later than 1 year after the date of the
enactment of this Act, and annually thereafter, the Commission shall
submit to the Committee on Health, Education, Labor, and Pensions and
the Committee on Finance of the Senate and the Committee on Energy and
Commerce and the Committee on Ways and Means of the House of
Representatives, a report on compliance by and progress of independent
health record trusts with this Act. Such report shall describe the
following:
(1) The number of complaints submitted about independent
health record trusts, which shall be divided by complaints
related to security breaches, and complaints not related to
security breaches, and may include other categories as the
Interagency Steering Committee established under section (b)
determines appropriate.
(2) The number of enforcement actions undertaken by the
Commission against independent health record trusts in response
to complaints under paragraph (1), which shall be divided by
enforcement actions related to security breaches and
enforcement actions not related to security breaches and may
include other categories as the Interagency Steering Committee
established under section (b) determines appropriate.
(3) The economic progress of the individual owner or
institution operator as achieved through independent health
record trust usage and existing barriers to such usage.
(4) The progress in security auditing as provided for by
the Interagency Steering Committee council under subsection
(b).
(5) The other core responsibilities of the Commission as
described in subsection (a).
(g) Interagency Memorandum of Understanding.--The Interagency
Steering Committee shall ensure, through the execution of an
interagency memorandum of understanding, that--
(1) regulations, rulings, and interpretations issued by
Federal officials relating to the same matter over which 2 or
more such officials have responsibility under this Act are
administered so as to have the same effect at all times; and
(2) the memorandum provides for the coordination of
policies related to enforcing the same requirements through
such officials in order to have coordinated enforcement
strategy that avoids duplication of enforcement efforts and
assigns priorities in enforcement.
<all>
Introduced in House
Introduced in House
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
Referred to the Subcommittee on Health.
Referred to the Subcommittee on Health.
Llama 3.2 · runs locally in your browser
Ask anything about this bill. The AI reads the full text to answer.
Enter to send · Shift+Enter for new line