[Congressional Bills 110th Congress]
[From the U.S. Government Publishing Office]
[H.R. 7038 Introduced in House (IH)]







110th CONGRESS
  2d Session
                                H. R. 7038

To establish a Health Care Services Commission to enhance the quality, 
appropriateness, and effectiveness of health care services, and access 
    to such services, through the establishment of a broad base of 
   scientific research and through the promotion of improvements in 
 clinical practice and in the organization, financing, and delivery of 
                         health care services.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           September 24, 2008

Mr. Ryan of Wisconsin introduced the following bill; which was referred 
    to the Committee on Energy and Commerce, and in addition to the 
Committee on Ways and Means, for a period to be subsequently determined 
 by the Speaker, in each case for consideration of such provisions as 
        fall within the jurisdiction of the committee concerned

_______________________________________________________________________

                                 A BILL


 
To establish a Health Care Services Commission to enhance the quality, 
appropriateness, and effectiveness of health care services, and access 
    to such services, through the establishment of a broad base of 
   scientific research and through the promotion of improvements in 
 clinical practice and in the organization, financing, and delivery of 
                         health care services.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

    (a) Short Title.--This Act may be cited as the ``Health Care 
Services Commission Act''.
    (b) Table of Contents.--

Sec. 1. Short Titlte; table of Contents.
               TITLE I--ESTABLISHMENT AND GENERAL DUTIES

Sec. 101. Establishment.
Sec. 102. General authorities and duties.
Sec. 103. Dissemination.
      TITLE II--FORUM FOR QUALITY AND EFFECTIVENESS IN HEALTH CARE

Sec. 201. Establishment of office.
Sec. 202. Membership.
Sec. 203. Duties.
Sec. 204. Adoption and enforcement of guidelines and standards.
Sec. 205. Additional requirements.
                     TITLE III--GENERAL PROVISIONS

Sec. 301. Certain administrative authorities.
Sec. 302. Funding.
Sec. 303. Definitions.
                 TITLE IV--TERMINATIONS AND TRANSITION

Sec. 401. Termination of Agency for Healthcare Research and Quality.
Sec. 402. Transition.
                TITLE V--INDEPENDENT HEALTH RECORD TRUST

Sec. 501. Title V short title.
Sec. 502. Purpose.
Sec. 503. Definitions.
Sec. 504. Establishment, certification, and membership of independent 
                            health record trusts.
Sec. 505. Duties of IHRT to IHRT participants.
Sec. 506. Availability and use of information from records in IHRT 
                            consistent with privacy protections and 
                            agreements.
Sec. 507. Voluntary nature of trust participation and information 
                            sharing.
Sec. 508. Financing of activities.
Sec. 509. Regulatory oversight.

               TITLE I--ESTABLISHMENT AND GENERAL DUTIES

SEC. 101. ESTABLISHMENT.

    (a) In General.--There is hereby established a Health Care Services 
Commission (in this Act, referred to as the ``Commission'') to be 
composed of five commissioners (in this Act referred to as the 
``Commissioners'') to be appointed by the President by and with the 
advice and consent of the Senate. Not more than three of such 
commissioners shall be members of the same political party, and in 
making appointments members of different political parties shall be 
appointed alternately as nearly as may be practicable. No commissioner 
shall engage in any other business, vocation, or employment than that 
of serving as commissioner. Each commissioner shall hold office for a 
term of five years and until his successor is appointed and has 
qualified, except that he shall not so continue to serve beyond the 
expiration of the next session of Congress subsequent to the expiration 
of said fixed term of office, and except (1) any commissioner appointed 
to fill a vacancy occurring prior to the expiration of the term for 
which his predecessor was appointed shall be appointed for the 
remainder of such term, and (2) the terms of office of the 
commissioners first taking office after the enactment of this Act shall 
expire as designated by the President at the time of nomination, one at 
the end of one year, one at the end of two years, one at the end of 
three years, one at the end of four years, and one at the end of five 
years, after the date of the enactment of this Act.
    (b) Purpose.--The purpose of the Commission is to enhance the 
quality, appropriateness, and effectiveness of health care services, 
and access to such services, through the establishment of a broad base 
of scientific research and through the promotion of improvements in 
clinical practice and in the organization, financing, and delivery of 
health care services.
    (c) Appointment of Chairman.--The President shall, from among the 
Commissioners appointed under subsection (a), designate an individual 
to serve as the Chairman of the Commission.

SEC. 102. GENERAL AUTHORITIES AND DUTIES.

    (a) In General.--In carrying out section 101(b), the Commissioners 
shall conduct and support research, demonstration projects, 
evaluations, training, guideline development, and the dissemination of 
information, on health care services and on systems for the delivery of 
such services, including activities with respect to--
            (1) the effectiveness, efficiency, and quality of health 
        care services;
            (2) the outcomes of health care services and procedures;
            (3) clinical practice, including primary care and practice-
        oriented research;
            (4) health care technologies, facilities, and equipment;
            (5) health care costs, productivity, and market forces;
            (6) health promotion and disease prevention;
            (7) health statistics and epidemiology; and
            (8) medical liability.
    (b) Requirements With Respect to Rural Areas and Underserved 
Populations.--In carrying out subsection (a), the Commissioners shall 
undertake and support research, demonstration projects, and evaluations 
with respect to--
            (1) the delivery of health care services in rural areas 
        (including frontier areas); and
            (2) the health of low-income groups, minority groups, and 
        the elderly.

SEC. 103. DISSEMINATION.

    (a) In General.--The Commissioners shall--
            (1) promptly publish, make available, and otherwise 
        disseminate, in a form understandable and on as broad a basis 
        as practicable so as to maximize its use, the results of 
        research, demonstration projects, and evaluations conducted or 
        supported under this Act and the guidelines, standards, and 
        review criteria developed under this Act;
            (2) promptly make available to the public data developed in 
        such research, demonstration projects, and evaluations; and
            (3) as appropriate, provide technical assistance to State 
        and local government and health agencies and conduct liaison 
        activities to such agencies to foster dissemination.
    (b) Prohibition Against Restrictions.--Except as provided in 
subsection (c), the Commissioners may not restrict the publication or 
dissemination of data from, or the results of, projects conducted or 
supported under this Act.
    (c) Limitation on Use of Certain Information.--No information, if 
an establishment or person supplying the information or described in it 
is identifiable, obtained in the course of activities undertaken or 
supported under this Act may be used for any purpose other than the 
purpose for which it was supplied unless such establishment or person 
has consented (as determined under regulations of the Secretary) to its 
use for such other purpose. Such information may not be published or 
released in other form if the person who supplied the information or 
who is described in it is identifiable unless such person has consented 
(as determined under regulations of the Secretary) to its publication 
or release in other form.
    (d) Certain Interagency Agreement.--The Commissioners and the 
Director of the National Library of Medicine shall enter into an 
agreement providing for the implementation of subsection (a)(1).

      TITLE II--FORUM FOR QUALITY AND EFFECTIVENESS IN HEALTH CARE

SEC. 201. ESTABLISHMENT OF OFFICE.

    There is established within the Commission an office to be known as 
the Office of the Forum for Quality and Effectiveness in Health Care. 
The office shall be headed by a director (referred to in this Act as 
the ``Director'') who shall be appointed by the Commissioners.

SEC. 202. MEMBERSHIP.

    (a) In General.--The Office of the Forum for Quality and 
Effectiveness in Health Care shall be composed of 15 individuals 
nominated by private sector health care organizations and appointed by 
the Commission and shall include representation from at least the 
following:
            (1) Health insurance industry.
            (2) Health care provider groups.
            (3) Non-profit organizations.
            (4) Rural health organizations.
    (b) Terms.--
            (1) In general.--Except as provided in paragraph (2), 
        members of the Office of the Forum for Quality and 
        Effectiveness in Health Care shall serve for a term of 5 years.
            (2) Staggered rotation.--Of the members first appointed to 
        the Office of the Forum for Quality and Effectiveness in Health 
        Care, the Commission shall appoint 5 members to serve for a 
        term of 2 years, 5 members to serve for a term of 3 years, and 
        5 members to serve for a term of 4 years.
    (c) Treatment of Other Employment.--Each member of the Office of 
the Forum for Quality and Effectiveness in Health Care shall serve the 
Office independently from any other position of employment.

SEC. 203. DUTIES.

    (a) Establishment of Forum Program.--The Commissioners, acting 
through the Director, shall establish a program to be known as the 
Forum for Quality and Effectiveness in Health Care. For the purpose of 
promoting transparency in price, quality, appropriateness, and 
effectiveness of health care, the Director, using the process set forth 
in section 204, shall arrange for the development and periodic review 
and updating of standards of quality, performance measures, and medical 
review criteria through which health care providers and other 
appropriate entities may assess or review the provision of health care 
and assure the quality of such care.
    (b) Certain Requirements.--Guidelines, standards, performance 
measures, and review criteria under subsection (a) shall--
            (1) be based on the best available research and 
        professional judgment regarding the effectiveness and 
        appropriateness of health care services and procedures; and
            (2) be presented in formats appropriate for use by 
        physicians, health care practitioners, providers, medical 
        educators, and medical review organizations and in formats 
        appropriate for use by consumers of health care.
    (c) Authority for Contracts.--In carrying out this title, the 
Director may enter into contracts with public or nonprofit private 
entities.
    (d) Public Disclosure of Recommendations.--For each fiscal year 
beginning with 2010, the Director shall make publicly available the 
following:
            (1) quarterly reports for public comment that include 
        proposed recommendations for guidelines, standards, performance 
        measures, and review criteria under subsection (a) and any 
        updates to such guidelines, standards, performance measures, 
        and review criteria; and
            (2) after consideration of such comments, a final report 
        that contains final recommendations for such guidelines, 
        standards, performance measures, review criteria, and updates.
    (e) Date Certain for Initial Guidelines and Standards.--The 
Commissioners, by not later than January 1, 2012, shall assure the 
development of an initial set of guidelines, standards, performance 
measures, and review criteria under subsection (a).

SEC. 204. ADOPTION AND ENFORCEMENT OF GUIDELINES AND STANDARDS.

    (a) Adoption of Recommendations of Forum for Quality and 
Effectiveness in Health Care.--For each fiscal year, the Commissioners 
shall adopt the recommendations made for such year in the final report 
under subsection (d)(2) of section 203 for guidelines, standards, 
performance measures, and review criteria described in subsection (a) 
of such section.
    (b) Enforcement Authority.--The Commissioners, in consultation with 
the Secretary of Health and Human Services, have the authority to make 
recommendations to the Secretary to enforce compliance of health care 
providers with the guidelines, standards, performance measures, and 
review criteria adopted under subsection (a). Such recommendations may 
include the following, with respect to a health care provider who is 
not in compliance with such guidelines, standards, measures, and 
criteria:
            (1) Exclusion from participation in Federal health care 
        programs (as defined in section 1128B(f) of the Social Security 
        Act (42 U.S.C. 1320a-7b(f))).
            (2) Imposition of a civil money penalty on such provider.

SEC. 205. ADDITIONAL REQUIREMENTS.

    (a) Program Agenda.--The Commissioners shall provide for an agenda 
for the development of the guidelines, standards, performance measures, 
and review criteria described in section 203(a), including with respect 
to the standards, performance measures, and review criteria, 
identifying specific aspects of health care for which the standards, 
performance measures, and review criteria are to be developed and those 
that are to be given priority in the development of the standards, 
performance measures, and review criteria.

                     TITLE III--GENERAL PROVISIONS

SEC. 301. CERTAIN ADMINISTRATIVE AUTHORITIES.

    The Commissioners, in carrying out this Act, may accept voluntary 
and uncompensated services.

SEC. 302. FUNDING.

    For the purpose of carrying out this Act, there are authorized to 
be appropriated such sums as may be necessary for fiscal years 2010 
through 2014.

SEC. 303. DEFINITIONS.

    For purposes of this Act:
            (1) The term ``Commissioners'' means the Commissioners of 
        the Health Care Services Commission.
            (2) The term ``Commission'' means the Health Care Services 
        Commission.
            (3) The term ``Director'' means the Director of the Office 
        of the Forum for Quality and Effectiveness in Health Care.
            (4) The term ``Secretary'' means the Secretary of Health 
        and Human Services.

                 TITLE IV--TERMINATIONS AND TRANSITION

SEC. 401. TERMINATION OF AGENCY FOR HEALTHCARE RESEARCH AND QUALITY.

    As of the date of the enactment of this Act, the Agency for 
Healthcare Research and Quality is terminated, and title IX of the 
Public Health Service Act is repealed.

SEC. 402. TRANSITION.

    All orders, grants, contracts, privileges, and other determinations 
or actions of the Agency for Healthcare Research and Quality that are 
effective as of the date before the date of the enactment of this Act, 
shall be transferred to the Secretary and shall continue in effect 
according to their terms unless changed pursuant to law.

                TITLE V--INDEPENDENT HEALTH RECORD TRUST

SEC. 501. TITLE V SHORT TITLE.

    This title may be cited as the ``Independent Health Record Trust 
Act of 2008''.

SEC. 502. PURPOSE.

    It is the purpose of this title to provide for the establishment of 
a nationwide health information technology network that--
            (1) improves health care quality, reduces medical errors, 
        increases the efficiency of care, and advances the delivery of 
        appropriate, evidence-based health care services;
            (2) promotes wellness, disease prevention, and the 
        management of chronic illnesses by increasing the availability 
        and transparency of information related to the health care 
        needs of an individual;
            (3) ensures that appropriate information necessary to make 
        medical decisions is available in a usable form at the time and 
        in the location that the medical service involved is provided;
            (4) produces greater value for health care expenditures by 
        reducing health care costs that result from inefficiency, 
        medical errors, inappropriate care, and incomplete information;
            (5) promotes a more effective marketplace, greater 
        competition, greater systems analysis, increased choice, 
        enhanced quality, and improved outcomes in health care 
        services;
            (6) improves the coordination of information and the 
        provision of such services through an effective infrastructure 
        for the secure and authorized exchange and use of health 
        information; and
            (7) ensures that the health information privacy, security, 
        and confidentiality of individually identifiable health 
        information is protected.

SEC. 503. DEFINITIONS.

    In this title:
            (1) Access.--The term ``access'' means, with respect to an 
        electronic health record, entering information into such 
        account as well as retrieving information from such account.
            (2) Account.--The term ``account'' means an electronic 
        health record of an individual contained in an independent 
        health record trust.
            (3) Affirmative consent.--The term ``affirmative consent'' 
        means, with respect to an electronic health record of an 
        individual contained in an IHRT, express consent given by the 
        individual for the use of such record in response to a clear 
        and conspicuous request for such consent or at the individual's 
        own initiative.
            (4) Authorized ehr data user.--The term ``authorized EHR 
        data user'' means, with respect to an electronic health record 
        of an IHRT participant contained as part of an IHRT, any entity 
        (other than the participant) authorized (in the form of 
        affirmative consent) by the participant to access the 
        electronic health record.
            (5) Confidentiality.--The term ``confidentiality'' means, 
        with respect to individually identifiable health information of 
        an individual, the obligation of those who receive such 
        information to respect the health information privacy of the 
        individual.
            (6) Electronic health record.--The term ``electronic health 
        record'' means a longitudinal collection of information 
        concerning a single individual, including medical records and 
        personal health information, that is stored electronically.
            (7) Health information privacy.--The term ``health 
        information privacy'' means, with respect to individually 
        identifiable health information of an individual, the right of 
        such individual to control the acquisition, uses, or 
        disclosures of such information.
            (8) Health plan.--The term ``health plan'' means a group 
        health plan (as defined in section 2208(1) of the Public Health 
        Service Act (42 U.S.C. 300bb-8(1))) as well as a plan that 
        offers health insurance coverage in the individual market.
            (9) HIPAA privacy regulations.--The term ``HIPAA privacy 
        regulations'' means the regulations promulgated under section 
        264(c) of the Health Insurance Portability and Accountability 
        Act of 1996 (42 U.S.C. 1320d-2 note).
            (10) Independent health record trust; ihrt.--The terms 
        ``independent health record trust'' and ``IHRT'' mean a legal 
        arrangement under the administration of an IHRT operator that 
        meets the requirements of this title with respect to electronic 
        health records of individuals participating in the trust or 
        IHRT.
            (11) IHRT operator.--The term ``IHRT operator'' means, with 
        respect to an IHRT, the organization that is responsible for 
        the administration and operation of the IHRT in accordance with 
        this title.
            (12) IHRT participant.--The term ``IHRT participant'' 
        means, with respect to an IHRT, an individual who has a 
        participation agreement in effect with respect to the 
        maintenance of the individual's electronic health record by the 
        IHRT.
            (13) Individually identifiable health information.--The 
        term ``individually identifiable health information'' has the 
        meaning given such term in section 1171(6) of the Social 
        Security Act (42 U.S.C. 1320d(6)).
            (14) Security.--The term ``security'' means, with respect 
        to individually identifiable health information of an 
        individual, the physical, technological, or administrative 
        safeguards or tools used to protect such information from 
        unwarranted access or disclosure.

SEC. 504. ESTABLISHMENT, CERTIFICATION, AND MEMBERSHIP OF INDEPENDENT 
              HEALTH RECORD TRUSTS.

    (a) Establishment.--Not later than one year after the date of the 
enactment of this Act, the Federal Trade Commission, in consultation 
with the National Committee on Vital and Health Statistics, shall 
prescribe standards for the establishment, certification, operation, 
and interoperability of IHRTs to carry out the purposes described in 
section 502 in accordance with the provisions of this title.
    (b) Certification.--
            (1) Certification by ftc.--The Federal Trade Commission 
        shall provide for the certification of IHRTs. No IHRT may be 
        certified unless the IHRT is determined to meet the standards 
        for certification established under subsection (a).
            (2) Decertification.--The Federal Trade Commission shall 
        establish a process for the revocation of certification of an 
        IHRT under this section in the case that the IHRT violates the 
        standards established under subsection (a).
    (c) Membership.--
            (1) In general.--To be eligible to be a participant in an 
        IHRT, an individual shall--
                    (A) submit to the IHRT information as required by 
                the IHRT to establish an electronic health record with 
                the IHRT; and
                    (B) enter into a privacy protection agreement 
                described in section 506(b)(1) with the IHRT.
        The process to determine eligibility of an individual under 
        this subsection shall allow for the establishment by such 
        individual of an electronic health record as expeditiously as 
        possible if such individual is determined so eligible.
            (2) No limitation on membership.--Nothing in this 
        subsection shall be construed to permit an IHRT to restrict 
        membership, including on the basis of health condition.

SEC. 505. DUTIES OF IHRT TO IHRT PARTICIPANTS.

    (a) Fiduciary Duty of IHRT; Penalties for Violations of Fiduciary 
Duty.--
            (1) Fiduciary duty.--With respect to the electronic health 
        record of an IHRT participant maintained by an IHRT, the IHRT 
        shall have a fiduciary duty to act for the benefit and in the 
        interests of such participant and of the IHRT as a whole. Such 
        duty shall include obtaining the affirmative consent of such 
        participant prior to the release of information in such 
        participant's electronic health record in accordance with the 
        requirements of this title.
            (2) Penalties.--If the IHRT knowingly or recklessly 
        breaches the fiduciary duty described in paragraph (1), the 
        IHRT shall be subject to the following penalties:
                    (A) Loss of certification of the IHRT.
                    (B) A fine that is not in excess of $50,000.
                    (C) A term of imprisonment for the individuals 
                involved of not more than 5 years.
    (b) Electronic Health Record Deemed To Be Held in Trust by IHRT.--
With respect to an individual, an electronic health record maintained 
by an IHRT shall be deemed to be held in trust by the IHRT for the 
benefit of the individual and the IHRT shall have no legal or equitable 
interest in such electronic health record.

SEC. 506. AVAILABILITY AND USE OF INFORMATION FROM RECORDS IN IHRT 
              CONSISTENT WITH PRIVACY PROTECTIONS AND AGREEMENTS.

    (a) Protected Electronic Health Records Use and Access.--
            (1) General rights regarding uses of information.--
                    (A) In general.--With respect to the electronic 
                health record of an IHRT participant maintained by an 
                IHRT, subject to paragraph (2)(C), primary uses and 
                secondary uses (described in subparagraphs (B) and (C), 
                respectively) of information within such record (other 
                than by such participant) shall be permitted only upon 
                the authorization of such use, prior to such use, by 
                such participant.
                    (B) Primary uses.--For purposes of subparagraph (A) 
                and with respect to an electronic health record of an 
                individual, a primary use is a use for purposes of the 
                individual's self-care or care by health care 
                professionals.
                    (C) Secondary uses.--For purposes of subparagraph 
                (B) and with respect to an electronic health record of 
                an individual, a secondary use is any use not described 
                in subparagraph (B) and includes a use for purposes of 
                public health research or other related activities. 
                Additional authorization is required for a secondary 
                use extending beyond the original purpose of the 
                secondary use authorized by the IHRT participant 
                involved. Nothing in this paragraph shall be construed 
                as requiring authorization for every secondary use that 
                is within the authorized original purpose.
            (2) Rules for primary use of records for health care 
        purposes.--With respect to the electronic health record of an 
        IHRT participant (or specified parts of such electronic health 
        record) maintained by an IHRT standards for access to such 
        record shall provide for the following:
                    (A) Access by ihrt participants to their electronic 
                health records.--
                            (i) Ownership.--The participant maintains 
                        ownership over the entire electronic health 
                        record (and all portions of such record) and 
                        shall have the right to electronically access 
                        and review the contents of the entire record 
                        (and any portion of such record) at any time, 
                        in accordance with this subparagraph.
                            (ii) Addition of personal information.--The 
                        participant may add personal health information 
                        to the health record of that participant, 
                        except that such participant shall not alter 
                        information that is entered into the electronic 
                        health record by any authorized EHR data user. 
                        Such participant shall have the right to 
                        propose an amendment to information that is 
                        entered by an authorized EHR data user pursuant 
                        to standards prescribed by the Federal Trade 
                        Commission for purposes of amending such 
                        information.
                            (iii) Identification of information entered 
                        by participant.--Any additions or amendments 
                        made by the participant to the health record 
                        shall be identified and disclosed within such 
                        record as being made by such participant.
                    (B) Access by entities other than ihrt 
                participant.--
                            (i) Authorized access only.--Except as 
                        provided under subparagraph (C) and paragraph 
                        (4), access to the electronic health record (or 
                        any portion of the record)--
                                    (I) may be made only by authorized 
                                EHR data users and only to such 
                                portions of the record as specified by 
                                the participant; and
                                    (II) may be limited by the 
                                participant for purposes of entering 
                                information into such record, 
                                retrieving information from such 
                                record, or both.
                            (ii) Identification of entity that enters 
                        information.--Any information that is added by 
                        an authorized EHR data user to the health 
                        record shall be identified and disclosed within 
                        such record as being made by such user.
                            (iii) Satisfaction of hipaa privacy 
                        regulations.--In the case of a record of a 
                        covered entity (as defined for purposes of 
                        HIPAA privacy regulations), with respect to an 
                        individual, if such individual is an IHRT 
                        participant with an independent health record 
                        trust and such covered entity is an authorized 
                        EHR data user, the requirement under the HIPAA 
                        privacy regulations for such entity to provide 
                        the record to the participant shall be deemed 
                        met if such entity, without charge to the IHRT 
                        or the participant--
                                    (I) forwards to the trust an 
                                appropriately formatted electronic copy 
                                of the record (and updates to such 
                                records) for inclusion in the 
                                electronic health record of the 
                                participant maintained by the trust;
                                    (II) enters such record into the 
                                electronic health record of the 
                                participant so maintained; or
                                    (III) otherwise makes such record 
                                available for electronic access by the 
                                IHRT or the individual in a manner that 
                                permits such record to be included in 
                                the account of the individual contained 
                                in the IHRT.
                            (iv) Notification of sensitive 
                        information.--Any information, with respect to 
                        the participant, that is sensitive information, 
                        as specified by the Federal Trade Commission, 
                        shall not be forwarded or entered by an 
                        authorized EHR data user into the electronic 
                        health record of the participant maintained by 
                        the trust unless the user certifies that the 
                        participant has been notified of such 
                        information.
                    (C) Deemed authorization for access for emergency 
                health care.--
                            (i) Findings.--Congress finds that--
                                    (I) given the size and nature of 
                                visits to emergency departments in the 
                                United States, readily available health 
                                information could make the difference 
                                between life and death; and
                                    (II) because of the case mix and 
                                volume of patients treated, emergency 
                                departments are well positioned to 
                                provide information for public health 
                                surveillance, community risk 
                                assessment, research, education, 
                                training, quality improvement, and 
                                other uses.
                            (ii) Use of information.--With respect to 
                        the electronic health record of an IHRT 
                        participant (or specified parts of such 
                        electronic health record) maintained by an 
                        IHRT, the participant shall be deemed as 
                        providing authorization (in the form of 
                        affirmative consent) for health care providers 
                        to access, in connection with providing 
                        emergency care services to the participant, a 
                        limited, authenticated information set 
                        concerning the participant for emergency 
                        response purposes, unless the participant 
                        specifies that such information set (or any 
                        portion of such information set) may not be so 
                        accessed. Such limited information set may 
                        include information--
                                    (I) patient identification data, as 
                                determined appropriate by the 
                                participant;
                                    (II) provider identification that 
                                includes the use of unique provider 
                                identifiers;
                                    (III) payment information;
                                    (IV) information related to the 
                                individual's vitals, allergies, and 
                                medication history;
                                    (V) information related to existing 
                                chronic problems and active clinical 
                                conditions of the participant; and
                                    (VI) information concerning 
                                physical examinations, procedures, 
                                results, and diagnosis data.
            (3) Rules for secondary uses of records for research and 
        other purposes.--
                    (A) In general.--With respect to the electronic 
                health record of an IHRT participant (or specified 
                parts of such electronic health record) maintained by 
                an IHRT, the IHRT may sell such record (or specified 
                parts of such record) only if--
                            (i) the transfer is authorized by the 
                        participant pursuant to an agreement between 
                        the participant and the IHRT and is in 
                        accordance with the privacy protection 
                        agreement described in subsection (b)(1) 
                        entered into between such participant and such 
                        IHRT;
                            (ii) such agreement includes parameters 
                        with respect to the disclosure of information 
                        involved and a process for the authorization of 
                        the further disclosure of information in such 
                        record;
                            (iii) the information involved is to be 
                        used for research or other activities only as 
                        provided for in the agreement;
                            (iv) the recipient of the information 
                        provides assurances that the information will 
                        not be further transferred or reused in 
                        violation of such agreement; and
                            (v) the transfer otherwise meets the 
                        requirements and standards prescribed by the 
                        Federal Trade Commission.
                    (B) Treatment of public health reporting.--Nothing 
                in this paragraph shall be construed as prohibiting or 
                limiting the use of health care information of an 
                individual, including an individual who is an IHRT 
                participant, for public health reporting (or other 
                research) purposes prior to the inclusion of such 
                information in an electronic health record maintained 
                by an IHRT.
            (4) Law enforcement clarification.--Nothing in this title 
        shall prevent an IHRT from disclosing information contained in 
        an electronic health record maintained by the IHRT when 
        required for purposes of a lawful investigation or official 
        proceeding inquiring into a violation of, or failure to comply 
        with, any criminal or civil statute or any regulation, rule, or 
        order issued pursuant to such a statute.
            (5) Rule of construction.--Nothing in this section shall be 
        construed to require a health care provider that does not 
        utilize electronic methods or appropriate levels of health 
        information technology on the date of the enactment of this Act 
        to adopt such electronic methods or technology as a requirement 
        for participation or compliance under this title.
    (b) Privacy Protection Agreement; Treatment of State Privacy and 
Security Laws.--
            (1) Privacy protection agreement.--A privacy protection 
        agreement described in this subsection is an agreement, with 
        respect to an electronic health record of an IHRT participant 
        to be maintained by an independent health record trust, between 
        the participant and the trust--
                    (A) that is consistent with the standards described 
                in subsection (a)(2);
                    (B) under which the participant specifies the 
                portions of the record that may be accessed, under what 
                circumstances such portions may be accessed, any 
                authorizations for indicated authorized EHR data users 
                to access information contained in the record, and the 
                purposes for which the information (or portions of the 
                information) in the record may be used;
                    (C) which provides a process for the authorization 
                of the transfer of information contained in the record 
                to a third party, including for the sale of such 
                information for purposes of research, by an authorized 
                EHR data user and reuse of such information by such 
                third party, including a provision requiring that such 
                transfer and reuse is not in violation of any privacy 
                or transfer restrictions placed by the participant on 
                the independent health record of such participant; and
                    (D) under which the trust provides assurances that 
                the trust will not transfer, disclose, or provide 
                access to the record (or any portion of the record) in 
                violation of the parameters established in the 
                agreement or to any person or entity who has not agreed 
                to use and transfer such record (or portion of such 
                record) in accordance with such agreement.
            (2) Treatment of state laws.--
                    (A) In general.--Except as provided under 
                subparagraph (B), the provisions of a privacy 
                protection agreement entered into between an IHRT and 
                an IHRT participant shall preempt any provision of 
                State law (or any State regulation) relating to the 
                privacy and confidentiality of individually 
                identifiable health information or to the security of 
                such health information.
                    (B) Exception for privileged information.--The 
                provisions of a privacy protection agreement shall not 
                preempt any provision of State law (or any State 
                regulation) that recognizes privileged communications 
                between physicians, health care practitioners, and 
                patients of such physicians or health care 
                practitioners, respectively.
                    (C) State defined.--For purposes of this section, 
                the term ``State'' has the meaning given such term when 
                used in title XI of the Social Security Act, as 
                provided under section 1101(a) of such Act (42 U.S.C. 
                1301(a)).

SEC. 507. VOLUNTARY NATURE OF TRUST PARTICIPATION AND INFORMATION 
              SHARING.

    (a) In General.--Participation in an independent health record 
trust, or authorizing access to information from such a trust, is 
voluntary. No employer, health insurance issuer, group health plan, 
health care provider, or other person may require, as a condition of 
employment, issuance of a health insurance policy, coverage under a 
group health plan, the provision of health care services, payment for 
such services, or otherwise, that an individual participate in, or 
authorize access to information from, an independent health record 
trust.
    (b) Enforcement.--The penalties provided for in subsection (a) of 
section 1177 of the Social Security Act (42 U.S.C. 1320d-6) shall apply 
to a violation of subsection (a) in the same manner as such penalties 
apply to a person in violation of subsection (a) of such section.

SEC. 508. FINANCING OF ACTIVITIES.

    (a) In General.--Except as provided in subsection (b), an IHRT may 
generate revenue to pay for the operations of the IHRT through--
            (1) charging IHRT participants account fees for use of the 
        trust;
            (2) charging authorized EHR data users for accessing 
        electronic health records maintained in the trust;
            (3) the sale of information contained in the trust (as 
        provided for in section 506(a)(3)(A)); and
            (4) any other activity determined appropriate by the 
        Federal Trade Commission.
    (b) Prohibition Against Access Fees for Health Care Providers.--For 
purposes of providing incentives to health care providers to access 
information maintained in an IHRT, as authorized by the IHRT 
participants involved, the IHRT may not charge a fee for services 
specified by the IHRT. Such services shall include the transmittal of 
information from a health care provider to be included in an 
independent electronic health record maintained by the IHRT (or 
permitting such provider to input such information into the record), 
including the transmission of or access to information described in 
section 506(a)(2)(C)(ii) by appropriate emergency responders.
    (c) Required Disclosures.--The sources and amounts of revenue 
derived under subsection (a) for the operations of an IHRT shall be 
fully disclosed to each IHRT participant of such IHRT and to the 
public.
    (d) Treatment of Income.--For purposes of the Internal Revenue Code 
of 1986, any revenue described in subsection (a) shall not be included 
in gross income of any IHRT, IHRT participant, or authorized EHR data 
user.

SEC. 509. REGULATORY OVERSIGHT.

    (a) In General.--In carrying out this title, the Federal Trade 
Commission shall promulgate regulations for independent health record 
trusts.
    (b) Establishment of Interagency Steering Committee.--
            (1) In general.--The Secretary of Health and Human Services 
        shall establish an Interagency Steering Committee in accordance 
        with this subsection.
            (2) Chairperson.--The Secretary of Health and Human 
        Services shall serve as the chairperson of the Interagency 
        Steering Committee.
            (3) Membership.--The members of the Interagency Steering 
        Committee shall consist of the Attorney General, the 
        Chairperson of the Federal Trade Commission, the Chairperson 
        for the National Committee for Vital and Health Statistics, a 
        representative of the Federal Reserve, and other Federal 
        officials determined appropriate by the Secretary of Health and 
        Human Services.
            (4) Duties.--The Interagency Steering Committee shall 
        coordinate the implementation of this title, including the 
        implementation of policies described in subsection (d) based 
        upon the recommendations provided under such subsection, and 
        regulations promulgated under this title.
    (c) Federal Advisory Committee.--
            (1) In general.--The National Committee for Vital and 
        Health Statistics shall serve as an advisory committee for the 
        IHRTs. The membership of such advisory committee shall include 
        a representative from the Federal Trade Commission and the 
        chairperson of the Interagency Steering Committee. Not less 
        than 60 percent of such membership shall consist of 
        representatives of nongovernment entities, at least one of whom 
        shall be a representative from an organization representing 
        health care consumers.
            (2) Duties.--The National Committee for Vital and Health 
        Statistics shall issue periodic reports and review policies 
        concerning IHRTs based on each of the following factors:
                    (A) Privacy and security policies.
                    (B) Economic progress.
                    (C) Interoperability standards.
    (d) Policies Recommended by Federal Trade Commission.--The Federal 
Trade Commission, in consultation with the National Committee for Vital 
and Health Statistics, shall recommend policies to--
            (1) provide assistance to encourage the growth of 
        independent health record trusts;
            (2) track economic progress as it pertains to operators of 
        independent health records trusts and individuals receiving 
        nontaxable income with respect to accounts;
            (3) conduct public education activities regarding the 
        creation and usage of the independent health records trusts;
            (4) establish standards for the interoperability of health 
        information technology to ensure that information contained in 
        such record may be shared between the trust involved, the 
        participant, and authorized EHR data users, including for the 
        standardized collection and transmission of individual health 
        records (or portions of such records) to authorized EHR data 
        users through a common interface and for the portability of 
        such records among independent health record trusts; and
            (5) carry out any other activities determined appropriate 
        by the Federal Trade Commission.
    (e) Regulations Promulgated by Federal Trade Commission.--The 
Federal Trade Commission shall promulgate regulations based on, at a 
minimum, the following factors:
            (1) Requiring that an IHRT participant, who has an 
        electronic health record that is maintained by an IHRT, be 
        notified of a security breech with respect to such record, and 
        any corrective action taken on behalf of the participant.
            (2) Requiring that information sent to, or received from, 
        an IHRT that has been designated as high-risk should be 
        authenticated through the use of methods such as the periodic 
        changing of passwords, the use of biometrics, the use of tokens 
        or other technology as determined appropriate by the council.
            (3) Requiring a delay in releasing sensitive health care 
        test results and other similar information to patients directly 
        in order to give physicians time to contact the patient.
            (4) Recommendations for entities operating IHRTs, including 
        requiring analysis of the potential risk of health transaction 
        security breeches based on set criteria.
            (5) The conduct of audits of IHRTs to ensure that they are 
        in compliance with the requirements and standards established 
        under this title.
            (6) Disclosure to IHRT participants of the means by which 
        such trusts are financed, including revenue from the sale of 
        patient data.
            (7) Prevention of certification of an entity seeking 
        independent heath record trust certification based on--
                    (A) the potential for conflicts between the 
                interests of such entity and the security of the health 
                information involved; and
                    (B) the involvement of the entity in any activity 
                that is contrary to the best interests of a patient.
            (8) Prevention of the use of revenue sources that are 
        contrary to a patient's interests.
            (9) Public disclosure of audits in a manner similar to 
        financial audits required for publicly traded stock companies.
            (10) Requiring notification to a participating entity that 
        the information contained in such record may not be 
        representative of the complete or accurate electronic health 
        record of such account holder.
    (f) Compliance Report.--Not later than 1 year after the date of the 
enactment of this Act, and annually thereafter, the Commission shall 
submit to the Committee on Health, Education, Labor, and Pensions and 
the Committee on Finance of the Senate and the Committee on Energy and 
Commerce and the Committee on Ways and Means of the House of 
Representatives, a report on compliance by and progress of independent 
health record trusts with this title. Such report shall describe the 
following:
            (1) The number of complaints submitted about independent 
        health record trusts, which shall be divided by complaints 
        related to security breaches, and complaints not related to 
        security breaches, and may include other categories as the 
        Interagency Steering Committee established under subsection (b) 
        determines appropriate.
            (2) The number of enforcement actions undertaken by the 
        Commission against independent health record trusts in response 
        to complaints under paragraph (1), which shall be divided by 
        enforcement actions related to security breaches and 
        enforcement actions not related to security breaches and may 
        include other categories as the Interagency Steering Committee 
        established under subsection (b) determines appropriate.
            (3) The economic progress of the individual owner or 
        institution operator as achieved through independent health 
        record trust usage and existing barriers to such usage.
            (4) The progress in security auditing as provided for by 
        the Interagency Steering Committee council under subsection 
        (b).
            (5) The other core responsibilities of the Commission as 
        described in subsection (a).
    (g) Interagency Memorandum of Understanding.--The Interagency 
Steering Committee shall ensure, through the execution of an 
interagency memorandum of understanding, that--
            (1) regulations, rulings, and interpretations issued by 
        Federal officials relating to the same matter over which 2 or 
        more such officials have responsibility under this title are 
        administered so as to have the same effect at all times; and
            (2) the memorandum provides for the coordination of 
        policies related to enforcing the same requirements through 
        such officials in order to have coordinated enforcement 
        strategy that avoids duplication of enforcement efforts and 
        assigns priorities in enforcement.
                                 <all>