[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[H.R. 5559 Introduced in House (IH)]








109th CONGRESS
  2d Session
                                H. R. 5559

   To improve the exchange of health information by encouraging the 
creation, use, and maintenance of lifetime electronic health records in 
   independent health record banks, by using such records to build a 
    nationwide health information technology infrastructure, and by 
 promoting participation in health information exchanges by consumers 
                        through tax incentives.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                              June 8, 2006

Mr. Ryan of Wisconsin (for himself, Mr. Sessions, Mr. Moore of Kansas, 
 and Mr. Herger) introduced the following bill; which was referred to 
the Committee on Energy and Commerce, and in addition to the Committee 
 on Ways and Means, for a period to be subsequently determined by the 
  Speaker, in each case for consideration of such provisions as fall 
           within the jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
   To improve the exchange of health information by encouraging the 
creation, use, and maintenance of lifetime electronic health records in 
   independent health record banks, by using such records to build a 
    nationwide health information technology infrastructure, and by 
 promoting participation in health information exchanges by consumers 
                        through tax incentives.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Independent Health Record Bank Act 
of 2006''.

SEC. 2. PURPOSE.

    It is the purpose of this Act to provide for the establishment of a 
nationwide health information technology network that--
            (1) improves health care quality, reduces medical errors, 
        increases the efficiency of care, and advances the delivery of 
        appropriate, evidence-based health care services;
            (2) promotes wellness, disease prevention, and the 
        management of chronic illnesses by increasing the availability 
        and transparency of information related to the health care 
        needs of an individual;
            (3) ensures that appropriate information necessary to make 
        medical decisions is available in a usable form at the time and 
        in the location that the medical service involved is provided;
            (4) produces greater value for health care expenditures by 
        reducing health care costs that result from inefficiency, 
        medical errors, inappropriate care, and incomplete information;
            (5) promotes a more effective marketplace, greater 
        competition, greater systems analysis, increased choice, 
        enhanced quality, and improved outcomes in health care 
        services;
            (6) improves the coordination of information and the 
        provision of such services through an effective infrastructure 
        for the secure and authorized exchange and use of health 
        information; and
            (7) ensures that the confidentiality of individually 
        identifiable health information of a patient is secure and 
        protected.

SEC. 3. DEFINITIONS.

    In this Act:
            (1) Account.--The term ``account'' means an electronic 
        health record of an individual contained in an independent 
        health record bank.
            (2) Electronic health record.--The term ``electronic health 
        record'' means a longitudinal collection of personal health 
        information concerning a single individual, entered or accepted 
        by health care providers, and stored electronically.
            (3) Health care entity.--The term ``health care entity'' 
        includes health care consumers, health care providers, and 
        health care payers, government agencies, pharmaceutical 
        companies, laboratories, and health care research institutes.
            (4) HIPAA regulations.--The term ``HIPAA regulations'' 
        means the regulations promulgated under section 264(c) of the 
        Health Insurance Portability and Accountability Act of 1996 (42 
        U.S.C. 1320d-2 note).
            (5) Individually identifiable health information.--The term 
        ``individually identifiable health information'' has the 
        meaning given such term in section 1171(6) of the Social 
        Security Act (42 U.S.C. 1320d(6)).
            (6) Nonidentifiable health information.--The term 
        ``nonidentifiable health information'' means any list, 
        description, or other grouping of consumer information 
        (including publicly available information pertaining to them) 
        that is derived without using personally identifiable 
        information that is not publicly available.
            (7) Partially identifiable health information.--The term 
        ``partially identifiable health information'' means any list, 
        description, or other grouping of consumer information 
        (including publicly available information pertaining to them) 
        that is derived using any personally identifiable information 
        that is not publicly available.
            (8) Protected health information.--The term ``protected 
        health information'' shall have the meaning given such term for 
        purposes of HIPAA regulations.
            (9) Board of governors.--The term ``Board of Governors'' 
        means the Board of Governors of the Federal Reserve System.

SEC. 4. INDEPENDENT HEALTH RECORD BANKS.

    (a) Purpose.--It is the purpose of this section to provide for the 
establishment of independent health record banks to achieve financial 
savings in the health care system and improvements in the provision of 
health care through--
            (1) the creation and storage of lifetime individual 
        electronic health records for individuals that may contain 
        health plan and debit card functionality and that serves the 
        interests of all health care entities;
            (2) the utilization of a technological infrastructure with 
        the goal of connecting health records to build a national 
        health information network;
            (3) the provision of health information data sets, within 
        distinct authorization boundaries, based on usage needs, 
        including--
                    (A) the sale of approved data for research and 
                other consumer purposes as provided for under section 
                6(b);
                    (B) the provision of data for emergency health care 
                as provided for under section 6(c); and
                    (C) the provision of data for all other health care 
                needs determined appropriate by the Board of Governors 
                (in accordance with the protections provided for under 
                section 6);
            (4) the offering of incentives to employers that face 
        rising employee health costs, to encourage employee 
        participation in independent health record banks; and
            (5) the creation of a source of tax-free income to support 
        the operations of the independent health record banks, and, 
        through revenue sharing, to provide incentives to independent 
        health record bank account holders, health care providers, and 
        fee payers to contribute health information.
    (b) Establishment.--
            (1) In general.--Not later than one year after the date of 
        the enactment of this Act, the Board of Governors shall 
        prescribe standards for the establishment and certification of 
        independent health record banks to carry out the purpose 
        described in subsection (a).
            (2) Requirement of non-profit entity.--Under the standards 
        under paragraph (1), a non-profit entity may establish an 
        independent health record bank as a cooperative entity that 
        operates for the benefit and in the interests of the membership 
        of the bank as a whole. Such bank shall be owned and controlled 
        by its members.
            (3) For-profit entities.--Under the standards under 
        paragraph (1), a for-profit entity may not participate in the 
        establishment and operation of an independent health record 
        bank, except to the extent that such entity is by contract 
        employed to assist in carrying out the operations of the bank.
            (4) Treatment as covered entity for purposes of hipaa 
        regulations.--To the extent that an independent health record 
        bank (or associated vendor) is engaged in receiving or 
        transmitting protected health information, the bank shall be 
        considered to be a HIPAA covered entity for purposes of HIPAA 
        regulations with respect to such information.
    (c) Membership.--
            (1) In general.--To be eligible to be a member of an 
        independent health record bank, an individual shall obtain or 
        have obtained a product or service from a covered entity that 
        is to be used primarily for personal, family, or household 
        purposes, or that individual's legal representative.
            (2) No limitation on membership.--Nothing in this 
        subsection shall be construed to permit an independent health 
        record bank to restrict membership.
    (d) Rights Relating to Information in the Bank.--
            (1) Individual consumers.--
                    (A) General right.--An individual who has a health 
                record contained in an independent health record bank 
                shall maintain ownership over the entire health record 
                and shall have the right to review the contents of the 
                entire record at any time during the normal business 
                operating hours of the bank.
                    (B) Additional information and limitation.--An 
                individual described in subparagraph (A) may add 
                personal health information to the health record of 
                that individual, except that such individual shall not 
                falsify information and shall not alter information 
                that is entered into the health record by a health care 
                entity. Such an individual shall have the right to 
                propose an amendment to information that is entered by 
                a health care entity pursuant to standards prescribed 
                by the Board of Governors for purposes of correcting 
                such information.
            (2) Other health care entities.--A health care entity 
        (other than the individual who maintains ownership over the 
        health record involved) shall serve as the custodian of only 
        information that has been added by such entity to the health 
        record. Such entity may be permitted to have access to other 
        specified information contained in such health record 
        (including the entire record if appropriate) if such access is 
        granted by the independent health record bank and the 
        individual involved (pursuant to standards prescribed by the 
        Secretary relating to access to information).
    (e) Financing of Activities.--
            (1) In general.--An independent health record bank may 
        generate revenue to pay for the operations of the bank 
        through--
                    (A) charging health care entities, including 
                individual account holders, account fees for use of the 
                bank;
                    (B) the sale of nonidentifiable and partially 
                identifiable health information contained in the bank 
                for research purposes (as provided for in section 
                6(b)); and
                    (C) the conduct of any other activities determined 
                appropriate by the Board of Governors.
            (2) Sharing of revenue.--Revenue derived under paragraph 
        (1)(B) shall be shared with independent health record bank 
        account holders, and may be shared with health care providers 
        and payers, in accordance with this Act.
            (3) Treatment of income.--For purposes of the Internal 
        Revenue Code of 1986, any revenue described in this subsection 
        shall not be included in gross income of any independent health 
        record bank, independent health record bank account holder, 
        health care provider, or payer described in this subsection.

SEC. 5. HEALTH CARE CLEARINGHOUSE ACTIVITIES.

    (a) Application of Section.--This section shall apply to an 
independent health record bank (and associated vendors) with respect to 
activities undertaken by such bank in operating as a health care 
clearinghouse (as such term is defined in section 1171(2) of the Social 
Security Act (42 U.S.C. 1329d(2)).
    (b) Accreditation.--
            (1) In general.--To be eligible to carry out clearinghouse 
        activities under this section, an independent health record 
        bank (and associated vendors performing clearinghouse 
        functions) shall be accredited by a national standards 
        development organization, utilizing the criteria described in 
        paragraph (2), that is properly authenticated and registered 
        with the Attorney General and the Federal Trade Commission 
        pursuant to the provisions of the National Cooperation Research 
        and Production Act of 1993 (15 U.S.C. 4301 et seq.).
            (2) Criteria.--The criteria to be used by a national 
        standards development organization in the accreditation of an 
        independent health record bank under this section shall be 
        designed to measure the competency, assets, practices, and 
        procedures of the bank for purposes of conducting clearinghouse 
        activities. Such criteria shall include--
                    (A) the technical capacity and electronic 
                facilities of the bank for the receipt, transmission, 
                and handling of electronic health information 
                transactions;
                    (B) the ability of the bank to process transactions 
                to which HIPAA regulations apply;
                    (C) the backup and disaster recovery plans and 
                capacity of the bank;
                    (D) the privacy practices, procedures, and employee 
                training programs of the bank consistent with HIPAA 
                regulations; and
                    (E) the security practices, procedures, and 
                employee training programs of the bank consistent with 
                HIPAA regulations, including compliance with the HIPAA 
                regulations security rule that protected health 
                information must only be viewable by the intended 
                recipient.
            (3) Existing clearinghouses.--An independent health record 
        bank operated by an entity that has been certified under part C 
        of title XI of the Social Security Act (42 U.S.C. 1320d et 
        seq.) as a health care clearinghouse before the date of the 
        enactment of this Act shall be considered to be accredited for 
        purposes of paragraph (1).
    (c) Information Requirement.--An independent health record bank 
acting as a health care clearinghouse under this section shall ensure 
that reporting services are provided to individual consumers in a 
manner that includes the provision of lists of individuals or 
organizations that have accessed the health record account of the 
consumer or to whom health information disclosures concerning the 
consumer have been made in accordance with the requirements of HIPAA 
regulations.

SEC. 6. AVAILABILITY AND USE OF HEALTH INFORMATION IN BANK.

    (a) General Rule.--Except as provided in this section, access to an 
individual's electronic health record (or specified parts of such 
electronic health record) maintained by an independent health record 
bank shall only be provided with the prior authorization of the 
individual involved, as authenticated as provided for under the 
standards prescribed by the Board of Governors under section 8.
    (b) Availability of Data for Research and Other Activities.--An 
independent health record bank may sell nonidentifiable and partially 
identifiable health information, with respect to an individual, only 
if--
            (1) the bank and the individual agree to the sale;
            (2) the agreement provided for under paragraph (1) includes 
        parameters for the disclosure of information involved and a 
        process for the authorization of the further disclosure of 
        partially identifiable health information;
            (3) the data involved are to be used for research or other 
        activities only as provided for in the agreement under 
        paragraph (1);
            (4) the data involved do not identify the individual who is 
        the subject of the data;
            (5) the revenue to be derived from the sale of the data is 
        collected by the bank and equally divided between the bank and 
        the individual involved, except that revenue may also be 
        distributed to health care providers and payers as incentives 
        to contribute additional data to the bank; and
            (6) the transaction otherwise meets the requirements and 
        standards prescribed by the Board of Governors.
    (c) Availability of Data for Emergency Health Care.--
            (1) Findings.--Congress finds that--
                    (A) given the size and nature of visits to 
                emergency departments in the United States, readily 
                available health information could make the difference 
                between life and death; and
                    (B) because of the case mix and volume of patients 
                treated in emergency departments, such departments are 
                well positioned to provide information for public 
                health surveillance, community risk assessment, 
                research, education, training, quality improvement, and 
                other uses.
            (2) Use of data.--An independent health record bank may 
        permit health care providers to access, during an emergency 
        department visit, a limited, authenticated information set 
        concerning an individual for emergency response purposes 
        without the prior consent of the individual. Such limited 
        information may include--
                    (A) patient identification information, as 
                determined appropriate by the individual involved;
                    (B) provider identification that includes the use 
                of unique provider identifiers as provided for in 
                section 1173 of the Social Security Act (42 U.S.C. 
                1320d-2);
                    (C) payment information;
                    (D) arrival and first assessment data;
                    (E) information related to existing chronic 
                problems and active clinical conditions of the 
                individual;
                    (F) information related to the individual's vitals, 
                allergies, and medication history; and
                    (G) information concerning physical examinations, 
                procedures, results, and diagnosis information relating 
                to the visit.

SEC. 7. ENSURING PRIVACY AND SECURITY.

    (a) In General.--Current Federal security and confidentiality 
standards and State security amd confidentiality laws shall apply to 
this Act (and the amendments made by this Act) until such time as 
Congress acts to amend such standards.
    (b) Application of HIPAA Regulations and Transactional Standards.--
Nothing in this Act (or the amendments made by this Act) shall be 
construed to narrow the scope, substance, or applicability of part C of 
title XI of the Social Security Act (42 U.S.C. 1320d et seq.), or HIPAA 
regulations, as such provisions or regulations relate to individually 
identifiable health information maintained in an independent health 
record bank.
    (c) Treatment of State Laws.--Nothing in this Act (or the 
amendments made by this Act) shall be construed as preempting or 
otherwise affecting any provision of State law (or any State 
regulation) relating to the privacy and confidentiality of individually 
identifiable health information or to the security of such information, 
to the extent that such provision (or regulation)--
            (1) provides at least as much protection as otherwise 
        provided under this Act and under HIPAA regulations; and
            (2) does not prohibit or restrict the exchange of health 
        information across State borders.
    (d) State Defined.--For purposes of this section, the term 
``State'' has the meaning given such term when used in title XI of the 
Social Security Act, as provided under section 1101(a) of such Act (42 
U.S.C. 1301(a)).

SEC. 8. REGULATORY OVERSIGHT.

    (a) In General.--In carrying out this Act, the Board of Governors, 
acting through the Under Secretary for Technology or other appropriate 
official, shall--
            (1) develop a program to certify entities to operate 
        independent health record banks;
            (2) provide assistance to encourage the growth of 
        independent health record banks;
            (3) track economic progress as it pertains to independent 
        health record bank operators and individuals receiving non-
        taxable income with respect to accounts;
            (4) conduct public education activities regarding the 
        creation and use of the independent health record banks;
            (5) establish an interagency council under subsection (b) 
        to develop standards for Federal security auditing for entities 
        operating independent health record banks; and
            (6) carry out any other activities determined appropriate 
        by the Board of Governors.
    (b) Interagency Council for Security Auditing.--
            (1) In general.--The Board of Governors, in consultation 
        with the Secretary of Health and Human Services and other 
        appropriate Federal officials, shall establish an interagency 
        council to develop standards for Federal security auditing as 
        it relates to data security, authentication, and authorization 
        recommendations, and reviews of independent health record 
        banks.
            (2) Duties.--The interagency council established under 
        paragraph (1) shall take into consideration the following 
        factors when developing recommendations for security, 
        authentication, and authorization of information in independent 
        health record banks:
                    (A) The number and type of factors used for the 
                exchange of protected health information.
                    (B) The requirement that individuals, who have 
                health records that are maintained by the bank, be 
                notified of a security breech with respect to such 
                records, and any corrective action taken on behalf of 
                the individual.
                    (C) The requirement that information sent to, or 
                received from, an independent health record bank that 
                has been designated as high-risk should be 
                authenticated through the use of methods such as the 
                periodic changing of passwords, the use of biometrics, 
                the use of tokens or other technology as determined 
                appropriate by the council.
                    (D) Recommendations for entities operating 
                independent health record banks, including requiring 
                analysis of the potential risk of health transaction 
                security breaches based on set criteria.
                    (E) The conduct of audits of independent health 
                record banks to ensure that they are in compliance with 
                the requirements and standards established under this 
                Act.
            (3) Compliance report.--The interagency council established 
        under this subsection shall annually submit to the Board of 
        Governors a report on compliance by independent health record 
        banks with the requirements and standard under this Act. Such 
        report shall be included in the corresponding annual report 
        required under subsection (d).
    (c) Interagency Memorandum of Understanding.--The Board of 
Governors and the Secretary of Health and Human Services, and other 
Federal officials that may be impacted by this Act, shall ensure, 
through the execution of an interagency memorandum of understanding 
among the Board, Secretary, and officials, that--
            (1) regulations, rulings, and interpretations issued by 
        such Board, Secretary, or officials relating to the same matter 
        over which two or more of such entities have responsibility 
        under this Act are administered so as to have the same effect 
        at all times; and
            (2) coordination of policies relating to enforcing the same 
        requirements through the Board, Secretary, or officials in 
        order to have a coordinated enforcement strategy that avoids 
        duplication of enforcement efforts and assigns priorities in 
        enforcement.
    (d) Annual Report.--Not later than one year after the date of the 
enactment of this Act, and annually thereafter, the Secretary, acting 
through the Under Secretary for Technology, shall submit to the 
Committee on Energy and Commerce and the Committee on Ways and Means of 
the House of Representatives and the Committee on Health, Education, 
Labor, and Pensions and the Committee on Finance of the Senate, a 
report that--
            (1) describes individual owner or institution operator 
        economic progress as achieved through the use of independent 
        health record bank and existing barriers to such use;
            (2) describes progress in security auditing as provided for 
        by the interagency security council under subsection (b); and
            (3) contains information on the other duties of the Board 
        of Governors, as described in subsection (a).

SEC. 9. PENALTIES FOR WRONGFUL DISCLOSURE.

    The penalties provided for in subsection (a) of section 1177 of the 
Social Security Act (42 U.S.C. 1320d-6) shall apply to the wrongful 
disclosure of information collected, maintained, or made available by 
an independent health record bank under this Act, including disclosures 
by any employees or associates of any such bank or other health care 
entity using or disclosing such information, in the same manner as such 
penalties apply to a person in violation of subsection (a) of such 
section.

SEC. 10. TREATMENT OF EMPLOYER-PROVIDED EMPLOYEE INDEPENDENT HEALTH 
              RECORD BANK ACCOUNT FEES.

    (a) In General.--Section 162 of the Internal Revenue Code of 1986 
(relating to trade or business expenses) is amended by redesignating 
subsection (q) as subsection (r) and by inserting after subsection (p) 
the following new subsection:
    ``(q) Treatment of Employer-Provided Employee Independent Health 
Record Bank Account Fees.--
            ``(1) In general.--In the case of a taxpayer, there shall 
        be allowed as a deduction under this section an amount equal to 
        the independent health record bank account investment provided 
        by such taxpayer during the taxable year.
            ``(2) Independent health record bank account investment.--
        For purposes of this subsection, the term `independent health 
        record bank account investment' means, with respect to each 
        employee of the taxpayer for any taxable year, an amount equal 
        to the the cost paid by the taxpayer during the taxable year 
        for such employee to maintain an independent health record bank 
        account.
            ``(3) Independent health record bank account.--For purposes 
        of this subsection, the term `independent health record bank 
        account' has the meaning given to the term `account' under 
        section 3(1) of the Independent Health Record Bank Act of 2006.
            ``(4) Special rules.--No credit or deduction (other than 
        under this subsection) shall be allowed under this chapter with 
        respect to any expense which is taken into account under 
        paragraph (1) in determining the deduction under this 
        subsection.
            ``(5) Reports.--
                    ``(A) In general.--Each taxpayer shall make such 
                reports to the Chairman of the Federal Reserve Board of 
                Governors and to employees of the taxpayer regarding--
                            ``(i) independent health record bank 
                        account investments made with respect to such 
                        employees during any calendar year, and
                            ``(ii) such other information as the 
                        Chairman may require.
                    ``(B) Time for making reports.--The reports 
                required by this subsection--
                            ``(i) shall be filed at such time and in 
                        such manner as the Chairman of the Federal 
                        Reserve Board of Governors prescribes, and
                            ``(ii) shall be furnished to employees--
                                    ``(I) not later than January 31 of 
                                the calendar year following the 
                                calendar year to which such reports 
                                relate, and
                                    ``(II) in such manner as the 
                                Chairman prescribes.
            ``(6) Regulations.--The Secretary may prescribe such 
        regulations as may be necessary or appropriate to carry out 
        this subsection.
            ``(7) Application of subsection.--This subsection shall 
        apply with respect to any independent health record bank 
        account investments made by the taxpayer for the 5-taxable year 
        period beginning with the first taxable year during which such 
        investments are made by the taxpayer.''.
    (b) Effective Date.--The amendment made by this section shall apply 
to taxable years beginning after the date of the enactment of this Act.
    (c) Additional Incentive for Consumers Participating in IHRB.--
Revenue generated by an independent health record bank and received by 
an account holder, health care entity, or health care payer shall not 
be considered taxable income under the Internal Revenue Code of 1986.
                                 <all>