[Congressional Bills 109th Congress]
[From the U.S. Government Publishing Office]
[S. 3454 Introduced in Senate (IS)]
109th CONGRESS
2d Session
S. 3454
To amend the Internal Revenue Code of 1986 to improve the exchange of
healthcare information through the use of technology, to encourage the
creation, use and maintenance of lifetime electronic health records
that may contain health plan and debit card functionality in
independent health record banks, to use such records to build a
nationwide health information technology infrastructure, and to promote
participation in health information exchange by consumers through tax
incentives and for other purposes.
_______________________________________________________________________
IN THE SENATE OF THE UNITED STATES
June 6, 2006
Mr. Brownback (for himself and Mr. Talent) introduced the following
bill; which was read twice and referred to the Committee on Finance
_______________________________________________________________________
A BILL
To amend the Internal Revenue Code of 1986 to improve the exchange of
healthcare information through the use of technology, to encourage the
creation, use and maintenance of lifetime electronic health records
that may contain health plan and debit card functionality in
independent health record banks, to use such records to build a
nationwide health information technology infrastructure, and to promote
participation in health information exchange by consumers through tax
incentives and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Independent Health Record Bank Act
of 2006''.
SEC. 2. PURPOSES.
It is the purpose of this Act to provide for the establishment of a
nationwide health information technology network to--
(1) improve healthcare quality, reduce medical errors,
increase the efficiency of care, and advance the delivery of
appropriate, evidence-based healthcare services;
(2) promotes the wellness, disease prevention, and
management of chronic illnesses by increasing the availability
and transparency of information related to the healthcare needs
of an individual;
(3) ensure that appropriate information necessary to make
medical decisions is available in a usable form at the time and
in the location that the medical service involved is provided;
(4) produces greater value for healthcare expenditures by
reducing healthcare costs that result from inefficiency,
medical errors, inappropriate care, and incomplete information;
(5) promotes a more effective marketplace, greater
competition, greater systems analysis, increased choice,
enhanced quality, and improved outcomes in healthcare services;
(6) improve the coordination of information and the
provision of such services through an effective infrastructure
for the secure and authorized exchange and use of healthcare
information; and
(7) ensure that the confidentiality of individually
identifiable health information of a patient is secure and
protected.
SEC. 3. DEFINITIONS.
In this Act:
(1) Account.--The term ``account'' means an electronic
health record of an individual contained in an independent
health record bank.
(2) Electronic health record.--The term ``electronic health
record'' means a longitudinal collection of personal health
information concerning a single individual, entered or accepted
by healthcare providers, and stored electronically.
(3) Healthcare entity.--The term ``healthcare entity''
includes healthcare consumers, providers, and payers,
government agencies, pharmaceutical companies, laboratories,
and research institutes.
(4) HIPAA.--The term ``HIPAA'' means the regulations under
section 264(c) of the Health Insurance Portability and
Accountability Act of 1996 (42 U.S.C. 1320d-2 note).
(5) Individually identifiable health information.--The term
``individually identifiable health information'' has the
meaning given such term in section 1171(6) of the Social
Security Act (42 U.S.C. 1320d(6)).
(6) Nonidentifiable health information.--The term
``nonidentifiable health information'' means any list,
description or other grouping of consumer information
(including publicly available information pertaining to them)
that is derived without using personally identifiable
information that is not publicly available.
(7) Partially identifiable health information.--The term
``partially identifiable health information'' means any list,
description, or other grouping of consumer information (and
publicly available information pertaining to them) derived
using any personally identifiable information that is not
publicly available.
(8) Protected health information.--The term ``protected
health information'' shall have the meaning given such term for
purposes of HIPAA.
(9) Secretary.--The term ``Secretary'' means the Secretary
of Commerce.
SEC. 4. INDEPENDENT HEALTH RECORD BANKS.
(a) Purpose.--It is the purpose of this section to provide for the
establishment of independent health record banks to achieve a savings
of money and lives in the healthcare system through--
(1) the creation and storage of lifetime individual
electronic health records for individuals that may contain
health plan and debit card functionality and that serves the
interests of all healthcare entities;
(2) the utilization of technological infrastructure with
the goal of connecting health records to build a national
health information network;
(3) the provision of health information data sets, within
distinct authorization boundaries, based on usage needs,
including--
(A) the sale of approved data for research and
other consumer purposes as provided for under section
6(b);
(B) the provision of data for emergency healthcare
as provided for under section 6(c); and
(C) the provision of data for all other healthcare
needs determined appropriate by the Secretary (in
accordance with the protections provided for under
section 6);
(4) the offering of incentives to employers that face
rising employee health costs, to encourage employee
participation in independent health record banks; and
(5) the creation of a source of tax-free income to support
the operations of the independent health record banks, and,
through revenue sharing, to provide incentives to independent
health record bank account holders, healthcare providers, and
fee payers to contribute health information.
(b) Establishment.--
(1) In general.--Not later than 1 year after the date of
enactment of this Act, the Secretary shall prescribe standards
for the establishment and certification of independent health
record banks to carry out the purposes described in subsection
(a).
(2) Requirement of non-profit entity.--The standards under
paragraph (1) shall permit a non-profit entity to establish an
independent health record bank as a cooperative entity that
operates for the benefit and in the interests of the membership
of the bank as a whole. Such bank shall be owned and controlled
by its members.
(3) For-profit entities.--A for-profit entity may not
participate in the establishment and operation of an
independent health record bank, except to the extent that such
entity is by contract employed to assist in carrying out the
operations of the bank.
(4) Treatment as covered entity for purposes of hipaa.--To
the extent that an independent health record bank (or
associated vendor) is engaged in transmitting protected health
information, the bank shall be considered to be a covered
entity for purposes of HIPAA with respect to such information.
(c) Membership.--
(1) In general.--To be eligible to be a member of an
independent health record bank, an individual shall obtain or
have obtained a product or service from a covered entity that
is to be used primarily for personal, family, or household
purposes, or that individual's legal representative.
(2) No limitation on membership.--Nothing in this
subsection shall be construed to permit an independent health
record bank to restrict membership.
(d) Rights Relating to Information in the Bank.--
(1) Individual consumers.--
(A) General right.--An individual who has a health
record contained in an independent health record bank
shall maintain ownership over the entire health record
and shall have the right to review the contents of the
record in its entirety at any time during the normal
business operating hours of the bank.
(B) Additional information and limitation.--An
individual described in subparagraph (A) may add
personal health information to the health record of
that individual, except that such individual shall not
alter or falsify information that is entered into the
health record by another healthcare entity. Such an
individual shall have the right to propose an amendment
to such information pursuant to standards prescribed by
the Secretary relating to the correction of information
contained in a health record.
(2) Other healthcare entities.--A healthcare entity (other
than an individual) shall serve as the custodian of only that
information that has been added by such entity to the health
record of an individual that is maintained by an independent
health record bank. Such entity may be permitted to have access
to other specified information contained in such health record
(including the entire record if appropriate) if such access is
granted by the independent health record bank and the
individual involved (pursuant to standards prescribed by the
Secretary relating to access to information).
(e) Financing of Activities.--
(1) In general.--An independent health record bank may
generate revenue to pay for the operations of the bank
through--
(A) charging healthcare entities, including
individual account holders, account fees for use of the
bank;
(B) the sale of nonidentifiable and partially
identifiable health information contained in the bank
for research purposes (as provided for in section
6(b)); and
(C) the conduct of any other activities determined
appropriate by the Secretary.
(2) Sharing of revenue.--Revenue derived under paragraph
(1)(B) shall be shared with independent health record bank
account holders, and may be shared with healthcare providers
and payers, in accordance with this Act.
(3) Treatment of income.--For purposes of the Internal
Revenue Code of 1986, any revenue described in this subsection
shall not be included in gross income of any independent health
record bank, independent health record bank account holder,
healthcare provider, or payer described in this subsection.
SEC. 5. HEALTHCARE CLEARINGHOUSE ACTIVITIES.
(a) Application of Section.--This section shall apply to an
independent health record bank (and associated vendors) with respect to
activities undertaken by such bank in operating as a health care
clearinghouse (as such term is defined in section 1171(2) of the Social
Security Act (42 U.S.C. 1329d(2)).
(b) Accreditation.--
(1) In general.--To be eligible to carry out clearinghouse
activities under this section, an independent health record
bank (and associated vendors performing clearinghouse
functions) shall be accredited by a national standards
development organization, utilizing the criteria described in
paragraph (2), that is properly authenticated and registered
with the Attorney General and the Federal Trade Commission
pursuant to the provisions of the National Cooperation Research
and Production Act of 1993 (15 U.S.C. 4301 et seq.).
(2) Criteria.--The criteria to be used by a national
standards development organization in the accreditation of an
independent health record bank under this section shall be
designed to measure the competency, assets, practices, and
procedures of the bank for purposes of conducting clearinghouse
activities. Such criteria shall include--
(A) the technical capacity and electronic
facilities of the bank for the receipt, transmission,
and handling of electronic health information
transactions;
(B) the ability of the bank to process transactions
to which HIPAA applies;
(C) the backup and disaster recovery plans and
capacity of the bank;
(D) the privacy practices, procedures, and employee
training programs of the bank consistent with HIPAA;
and
(E) the security practices, procedures, and
employee training programs of the bank consistent with
HIPAA, including compliance with the HIPAA security
rule that protected health information must only be
viewable by the intended recipient.
(3) Existing clearinghouses.--An independent health record
bank operated by an entity that has been certified under part C
of title XI of the Social Security Act (42 U.S.C. 1320d et
seq.) as a health care clearinghouse prior to the date of
enactment of this Act shall be considered to be accredited for
purposes of paragraph (1).
(c) Information Requirement.--An independent health record bank
acting as a health care clearinghouse under this section shall ensure
that reporting services are provided to individual consumers in a
manner that includes the provision of lists of individuals or
organizations that have accessed the health record account of the
consumer or to whom health information disclosures concerning the
consumer have been made in accordance with the requirements of HIPAA.
SEC. 6. AVAILABILITY AND USE OF HEALTHCARE INFORMATION IN BANK.
(a) General Rule.--Except as provided in this section, access to
specified sections of, or an entire, electronic health record
maintained by an independent health record bank concerning an
individual shall only be provided with the prior authorization of the
individual involved, as authenticated as provided for under the
standards prescribed by the Secretary under section 8.
(b) Availability of Data for Research and Other Activities.--An
independent health record bank may sell nonidentifiable and partially
identifiable health information concerning and individual only if--
(1) the bank and the individual involved agree to the sale;
(2) the agreement provided for under paragraph (1) includes
parameters with respect to the disclosure of information
involved and a process for the authorization of the further
disclosure of partially identifiable health information;
(3) the data involved is to be used for research or other
activities only as provided for in the agreement under
paragraph (1);
(4) the data involved does not identify the individual who
is the subject of the data;
(5) the revenue to be derived from the sale of the data is
collected by the bank and equally divided between the bank and
the individual involved, except that revenue may also be
distributed to healthcare providers and payers as incentives to
contribute additional data to the bank; and
(6) the transaction otherwise meets the requirements and
standards prescribed by the Secretary.
(c) Availability of Data for Emergency Healthcare.--
(1) Findings.--Congress finds that--
(A) given the size and nature of visits to
emergency departments in the United States, readily
available health data could make the difference between
life and death; and
(B) due to the case mix and volume of patients
treated, emergency departments are well positioned to
provide data for public health surveillance, community
risk assessment, research, education, training, quality
improvement, and other uses.
(2) Use of data.--An independent health record bank may
permit healthcare providers to access, during an emergency
department visit, a limited, authenticated data set concerning
an individual for emergency response purposes without the prior
consent of the individual. Such limited data may include--
(A) patient identification data, as determined
appropriate by the individual involved;
(B) provider identification that includes the use
of a unique provider identifiers as provided for in
section 1173 of the Social Security Act (42 U.S.C.
1320d-2);
(C) payment data;
(D) arrival and first assessment data;
(E) data related to the individual's vitals,
allergies, and medication history;
(F) data related to existing chronic problems and
active clinical conditions of the individual; and
(G) data concerning physical examinations,
procedures, results, and diagnosis data relating to the
visit.
(d) Effect on HIPAA.--Nothing in this Act shall be construed to
affect the scope, substance, or applicability of the part C of title XI
of the Social Security Act (42 U.S.C. 1320d et seq.) or HIPAA as such
relates to individually identifiable health information maintained in
an independent health record bank.
SEC. 7. APPLICATION OF FEDERAL AND STATE SECURITY AND CONFIDENTIALITY
STANDARDS.
(a) In General.--Existing Federal security and confidentiality
standards and State security and confidentiality laws shall apply to
this Act (and the amendments made by this Act) until such time as
Congress acts to amend such standards.
(b) Provision of Information and Informational Provision.--
(1) Designation of agency.--Each State with an independent
health records bank operating in the State shall designate a
State agency to be responsible for addressing complaints by
residents of the State with respect to health records contained
in the bank.
(2) Provision of information.--An independent health record
bank operating in a State shall provide the State authority
designated under paragraph (1) with an informational filing
that describes the policies of the bank, the types of
information sold by the bank, and other relevant information
determined appropriate by such authority.
(3) Information.--An individual who has a health record
maintained by an independent health record bank shall direct
any concerns, problems, or questions related to such record
directly to the appropriate State authority.
(c) Definitions.--For purposes of this section:
(1) State security and confidentiality laws.--The term
``State security and confidentiality laws'' means State laws
and regulations relating to the privacy and confidentiality of
individually identifiable health information or to the security
of such information.
(2) Current federal security and confidentiality
standards.--The term ``current Federal security and
confidentiality standards'' means the Federal privacy standards
established pursuant to section 264(c) of the Health Insurance
Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2
note) and security standards established under section 1173(d)
of the Social Security Act.
(3) State.--The term ``State'' has the meaning given such
term when used in title XI of the Social Security Act, as
provided under section 1101(a) of such Act (42 U.S.C. 1301(a)).
SEC. 8. REGULATORY OVERSIGHT.
(a) In General.--In carrying out this Act, the Secretary, acting
through the Under Secretary for Technology or other appropriate
official, shall--
(1) develop a program to certify entities to operate
independent health record banks;
(2) provide assistance to encourage the growth of
independent health record banks;
(3) track economic progress as it pertains to independent
health records bank operators and individuals receiving non-
taxable income with respect to accounts;
(4) conduct public education activities regarding the
creation and usage of the independent health records banks;
(5) establish an interagency council under subsection (b)
to develop standards for Federal security auditing for entities
operating independent health record banks; and
(6) carry out any other activities determined appropriate
by the Secretary.
(b) Interagency Council for Security Auditing.--
(1) In general.--The Secretary, in consultation with the
Secretary of Health and Human Services and other appropriate
Federal officials, shall establish an interagency council to
develop standards for Federal security auditing as it relates
to data security, authentication, and authorization
recommendations, and reviews of independent health record
banks.
(2) Duties.--The interagency council established under
paragraph (1) shall take into consideration the following
factors when developing recommendations for security,
authentication, and authorization of data in independent health
record banks:
(A) The number and type of factors used for the
exchange of protected health information.
(B) Requiring that individuals, who have health
records that are maintained by the bank, be notified of
a security breech with respect to such records, and any
corrective action taken on behalf of the individual.
(C) Requiring that information sent to, or received
from, an independent health record bank that has been
designated as high-risk should be authenticated through
the use of methods such as the periodic changing of
passwords, the use of biometrics, the use of tokens or
other technology as determined appropriate by the
council.
(D) Recommendations for entities operating
independent health record banks, including requiring
analysis of the potential risk of health transaction
security breeches based on set criteria.
(E) The conduct of audits of independent health
record banks to ensure that they are in compliance with
the requirements and standards established under this
Act.
(3) Compliance report.--The interagency council established
under this subsection shall annually submit to the Secretary a
report on compliance by independent health record banks with
the requirements and standard under this Act. Such report shall
be included in the report required under subsection (d).
(c) Interagency Memorandum of Understanding.--The Secretary and the
Secretary of Health and Human Services, and other Federal officials
that may be impacted by this Act, shall ensure, through the execution
of an interagency memorandum of understanding among such Secretaries,
that--
(1) regulations, rulings, and interpretations issued by
such Secretaries or officials relating to the same matter over
which 2 or more such Secretaries or officials have
responsibility under this Act are administered so as to have
the same effect at all times; and
(2) coordination of policies relating to enforcing the same
requirements through such Secretaries or officials in order to
have coordinated enforcement strategy that avoids duplication
of enforcement efforts and assigns priorities in enforcement.
(d) Annual Report.--Not later than 1 year after the date of
enactment of this Act, and annually thereafter, the Secretary, acting
through the Under Secretary for Technology, shall submit to Committee
on Health, Education, Labor, and Pensions and the Committee on Finance
of the Senate and the Committee on Energy and Commerce and the
Committee on Ways and Means of the House of Representatives, a report
that--
(1) describes individual owner or institution operator
economic progress as achieved through independent health record
bank usage and existing barriers to such usage;
(2) describes progress in security auditing as provided for
by the interagency security council under subsection (b); and
(3) contains information on the other core responsibilities
of the Secretary as described in subsection (a).
SEC. 9. PENALTIES FOR FRAUD AND ABUSE.
The penalties provided for in section 1177(b) of the Social
Security Act (42 U.S.C. 1320d-6) shall apply to the wrongful disclosure
of information collected, maintained, or made available by an
independent health record bank under this Act, including disclosures by
any employees or associates of any such bank or other healthcare entity
using or disclosing such information.
SEC. 10. TAX CREDIT FOR EMPLOYER-PROVIDED EMPLOYEE INDEPENDENT HEALTH
RECORD BANK ACCOUNT FEES.
(a) Allowance of Credit.--Subpart D of part IV of subchapter A of
chapter 1 of the Internal Revenue Code of 1986 (relating to business
related credits) is amended by adding at the end the following new
section:
``SEC. 45N. EMPLOYER-PROVIDED EMPLOYEE INDEPENDENT HEALTH RECORD BANK
ACCOUNT FEES.
``(a) Determination of Amount.--For purposes of section 38, the
independent health record bank account investment credit determined
under this section with respect to any taxpayer for any taxable year is
an amount equal to the independent health record bank account
investment provided by such taxpayer during the taxable year.
``(b) Independent Health Record Bank Account Investment.--For
purposes of this section, the term `independent health record bank
account investment' means, with respect to each employee of the
taxpayer for any taxable year, an amount equal to the lesser of--
``(1) 50 percent of the cost for such employee to maintain
an independent health record bank account paid by the taxpayer
during the taxable year, or
``(2) $50.
``(c) Independent Health Record Bank Account.--For purposes of this
section, the term `independent health record bank account' has the
meaning given to the term `account' under section 3(1) of the
Independent Health Record Bank Act of 2006.
``(d) Special Rules.--No deduction or credit (other than under this
section) shall be allowed under this chapter with respect to any
expense which is taken into account under subsection (a) in determining
the credit under this section.
``(e) Reports.--
``(1) In general.--Each taxpayer shall make such reports to
the Secretary and to employees of the taxpayer regarding--
``(A) independent health record bank account
investments made with respect to such employee during
any calendar year, and
``(B) such other information as the Secretary may
require.
``(2) Time for making reports.--The reports required by
this subsection--
``(A) shall be filed at such time and in such
manner as the Secretary prescribes, and
``(B) shall be furnished to employees--
``(i) not later than January 31 of the
calendar year following the calendar year to
which such reports relate, and
``(ii) in such manner as the Secretary
prescribes.
``(f) Regulations.--The Secretary may prescribe such regulations as
may be necessary or appropriate to carry out this section.
``(g) Application of Section.--This section shall apply with
respect to any independent health record bank account investments made
by the taxpayer for the 5-taxable year period beginning with the first
taxable year during which such investments are made by the taxpayer.''.
(b) Credit Treated as Business Credit.--Section 38(b) of the
Internal Revenue Code of 1986 (relating to current year business
credit) is amended by striking ``and'' at the end of paragraph (29), by
striking the period at the end of paragraph (30) and inserting ``,
plus'', and by adding at the end the following new paragraph:
``(31) the independent health record bank account
investment credit determined under section 45N(a).''.
(c) Conforming Amendment.--The table of sections for subpart C of
part IV of subchapter A of chapter 1 of the Internal Revenue Code of
1986 is amended by adding at the end the following new item:
``Sec. 45N. Employer-provided employee independent health record bank
account fees.''.
(d) Effective Date.--The amendments made by this section shall
apply to taxable years beginning after the date of the enactment of
this Act.
(e) Additional Incentive for Consumers Participating in IHRB.--
Revenue generated by an independent health record bank and received by
an account holder, healthcare entity, or healthcare payer shall not be
considered taxable income under the Internal Revenue Code of 1986.
<all>