


110 HR 7038 IH: Independent Health Record Trust

U.S. House of Representatives
2008-09-24
text/xml
EN
Pursuant to Title 17 Section 105 of the United States Code, this file is not subject to copyright protection and is in the public domain.


	
		I
		110th CONGRESS
		2d Session
		H. R. 7038
		IN THE HOUSE OF REPRESENTATIVES
		
			September 24, 2008
			Mr. Ryan of Wisconsin
			 introduced the following bill; which was referred to the
			 Committee on Energy and
			 Commerce, and in addition to the Committee on
			 Ways and Means, for a
			 period to be subsequently determined by the Speaker, in each case for
			 consideration of such provisions as fall within the jurisdiction of the
			 committee concerned
		
		A BILL
		To establish a Health Care Services Commission to enhance
		  the quality, appropriateness, and effectiveness of health care services, and
		  access to such services, through the establishment of a broad base of
		  scientific research and through the promotion of improvements in clinical
		  practice and in the organization, financing, and delivery of health care
		  services.
	
	
		1.Short Title; Table of
			 Contents
			(a)Short
			 TitleThis Act may be cited
			 as the Health Care Services Commission
			 Act.
			(b)Table of
			 Contents
				
					Sec. 1. Short Titlte; table of Contents.
					Title I—ESTABLISHMENT AND GENERAL DUTIES
					Sec. 101. Establishment.
					Sec. 102. General authorities and duties.
					Sec. 103. Dissemination.
					Title II—FORUM FOR QUALITY AND EFFECTIVENESS IN HEALTH
				CARE
					Sec. 201. Establishment of office.
					Sec. 202. Membership.
					Sec. 203. Duties.
					Sec. 204. Adoption and enforcement of guidelines and
				standards.
					Sec. 205. Additional requirements.
					Title III—GENERAL PROVISIONS
					Sec. 301. Certain administrative authorities.
					Sec. 302. Funding.
					Sec. 303. Definitions.
					Title IV—TERMINATIONS AND TRANSITION
					Sec. 401. Termination of Agency for Healthcare Research and
				Quality.
					Sec. 402. Transition.
					Title V—INDEPENDENT HEALTH RECORD TRUST
					Sec. 501. Title V short title.
					Sec. 502. Purpose.
					Sec. 503. Definitions.
					Sec. 504. Establishment, certification, and membership of
				independent health record trusts.
					Sec. 505. Duties of IHRT to IHRT participants.
					Sec. 506. Availability and use of information from records in
				IHRT consistent with privacy protections and agreements.
					Sec. 507. Voluntary nature of trust participation and
				information sharing.
					Sec. 508. Financing of activities.
					Sec. 509. Regulatory oversight.
				
			IESTABLISHMENT AND
			 GENERAL DUTIES
			101.Establishment
				(a)In
			 generalThere is hereby established a Health Care Services
			 Commission (in this Act, referred to as the Commission) to be
			 composed of five commissioners (in this Act referred to as the
			 Commissioners) to be appointed by the President by and with the
			 advice and consent of the Senate. Not more than three of such commissioners
			 shall be members of the same political party, and in making appointments
			 members of different political parties shall be appointed alternately as nearly
			 as may be practicable. No commissioner shall engage in any other business,
			 vocation, or employment than that of serving as commissioner. Each commissioner
			 shall hold office for a term of five years and until his successor is appointed
			 and has qualified, except that he shall not so continue to serve beyond the
			 expiration of the next session of Congress subsequent to the expiration of said
			 fixed term of office, and except (1) any commissioner appointed to fill a
			 vacancy occurring prior to the expiration of the term for which his predecessor
			 was appointed shall be appointed for the remainder of such term, and (2) the
			 terms of office of the commissioners first taking office after the enactment of
			 this Act shall expire as designated by the President at the time of nomination,
			 one at the end of one year, one at the end of two years, one at the end of
			 three years, one at the end of four years, and one at the end of five years,
			 after the date of the enactment of this Act.
				(b)PurposeThe
			 purpose of the Commission is to enhance the quality, appropriateness, and
			 effectiveness of health care services, and access to such services, through the
			 establishment of a broad base of scientific research and through the promotion
			 of improvements in clinical practice and in the organization, financing, and
			 delivery of health care services.
				(c)Appointment of
			 chairmanThe President shall,
			 from among the Commissioners appointed under subsection (a), designate an
			 individual to serve as the Chairman of the Commission.
				102.General
			 authorities and duties
				(a)In
			 generalIn carrying out section 101(b), the Commissioners shall
			 conduct and support research, demonstration projects, evaluations, training,
			 guideline development, and the dissemination of information, on health care
			 services and on systems for the delivery of such services, including activities
			 with respect to—
					(1)the effectiveness,
			 efficiency, and quality of health care services;
					(2)the outcomes of
			 health care services and procedures;
					(3)clinical practice,
			 including primary care and practice-oriented research;
					(4)health care
			 technologies, facilities, and equipment;
					(5)health care costs,
			 productivity, and market forces;
					(6)health promotion
			 and disease prevention;
					(7)health statistics
			 and epidemiology; and
					(8)medical
			 liability.
					(b)Requirements
			 with respect to rural areas and underserved populationsIn
			 carrying out subsection (a), the Commissioners shall undertake and support
			 research, demonstration projects, and evaluations with respect to—
					(1)the delivery of
			 health care services in rural areas (including frontier areas); and
					(2)the health of
			 low-income groups, minority groups, and the elderly.
					103.Dissemination
				(a)In
			 generalThe Commissioners shall—
					(1)promptly publish,
			 make available, and otherwise disseminate, in a form understandable and on as
			 broad a basis as practicable so as to maximize its use, the results of
			 research, demonstration projects, and evaluations conducted or supported under
			 this Act and the guidelines, standards, and review criteria developed under
			 this Act;
					(2)promptly make
			 available to the public data developed in such research, demonstration
			 projects, and evaluations; and
					(3)as appropriate,
			 provide technical assistance to State and local government and health agencies
			 and conduct liaison activities to such agencies to foster dissemination.
					(b)Prohibition
			 against restrictionsExcept as provided in subsection (c), the
			 Commissioners may not restrict the publication or dissemination of data from,
			 or the results of, projects conducted or supported under this Act.
				(c)Limitation on
			 use of certain informationNo information, if an establishment or
			 person supplying the information or described in it is identifiable, obtained
			 in the course of activities undertaken or supported under this Act may be used
			 for any purpose other than the purpose for which it was supplied unless such
			 establishment or person has consented (as determined under regulations of the
			 Secretary) to its use for such other purpose. Such information may not be
			 published or released in other form if the person who supplied the information
			 or who is described in it is identifiable unless such person has consented (as
			 determined under regulations of the Secretary) to its publication or release in
			 other form.
				(d)Certain
			 interagency agreementThe Commissioners and the Director of the
			 National Library of Medicine shall enter into an agreement providing for the
			 implementation of subsection (a)(1).
				IIFORUM
			 FOR QUALITY AND EFFECTIVENESS IN HEALTH CARE
			201.Establishment of
			 officeThere is established
			 within the Commission an office to be known as the Office of the Forum for
			 Quality and Effectiveness in Health Care. The office shall be headed by a
			 director (referred to in this Act as the Director) who shall be
			 appointed by the Commissioners.
			202.Membership
				(a)In
			 generalThe Office of the
			 Forum for Quality and Effectiveness in Health Care shall be composed of 15
			 individuals nominated by private sector health care organizations and appointed
			 by the Commission and shall include representation from at least the
			 following:
					(1)Health insurance
			 industry.
					(2)Health care
			 provider groups.
					(3)Non-profit
			 organizations.
					(4)Rural health
			 organizations.
					(b)Terms
					(1)In
			 generalExcept as provided in
			 paragraph (2), members of the Office of the Forum for Quality and Effectiveness
			 in Health Care shall serve for a term of 5 years.
					(2)Staggered
			 rotationOf the members first
			 appointed to the Office of the Forum for Quality and Effectiveness in Health
			 Care, the Commission shall appoint 5 members to serve for a term of 2 years, 5
			 members to serve for a term of 3 years, and 5 members to serve for a term of 4
			 years.
					(c)Treatment of
			 other employmentEach member
			 of the Office of the Forum for Quality and Effectiveness in Health Care shall
			 serve the Office independently from any other position of employment.
				203.Duties
				(a)Establishment of
			 forum programThe Commissioners, acting through the Director,
			 shall establish a program to be known as the Forum for Quality and
			 Effectiveness in Health Care. For the purpose of promoting transparency in
			 price, quality, appropriateness, and effectiveness of health care, the
			 Director, using the process set forth in section 204, shall arrange for the
			 development and periodic review and updating of standards of quality,
			 performance measures, and medical review criteria through which health care
			 providers and other appropriate entities may assess or review the provision of
			 health care and assure the quality of such care.
				(b)Certain
			 requirementsGuidelines, standards, performance measures, and
			 review criteria under subsection (a) shall—
					(1)be based on the
			 best available research and professional judgment regarding the effectiveness
			 and appropriateness of health care services and procedures; and
					(2)be presented in
			 formats appropriate for use by physicians, health care practitioners,
			 providers, medical educators, and medical review organizations and in formats
			 appropriate for use by consumers of health care.
					(c)Authority for
			 contractsIn carrying out this title, the Director may enter into
			 contracts with public or nonprofit private entities.
				(d)Public
			 disclosure of recommendationsFor each fiscal year beginning with 2010,
			 the Director shall make publicly available the following:
					(1)quarterly reports
			 for public comment that include proposed recommendations for guidelines,
			 standards, performance measures, and review criteria under subsection (a) and
			 any updates to such guidelines, standards, performance measures, and review
			 criteria; and
					(2)after
			 consideration of such comments, a final report that contains final
			 recommendations for such guidelines, standards, performance measures, review
			 criteria, and updates.
					(e)Date certain for
			 initial guidelines and standardsThe Commissioners, by not later
			 than January 1, 2012, shall assure the development of an initial set of
			 guidelines, standards, performance measures, and review criteria under
			 subsection (a).
				204.Adoption and
			 enforcement of guidelines and standards
				(a)Adoption of
			 recommendations of Forum for Quality and Effectiveness in Health
			 CareFor each fiscal year,
			 the Commissioners shall adopt the recommendations made for such year in the
			 final report under subsection (d)(2) of section 203 for guidelines, standards,
			 performance measures, and review criteria described in subsection (a) of such
			 section.
				(b)Enforcement
			 authorityThe Commissioners, in consultation with the Secretary
			 of Health and Human Services, have the authority to make recommendations to the
			 Secretary to enforce compliance of health care providers with the guidelines,
			 standards, performance measures, and review criteria adopted under subsection
			 (a). Such recommendations may include the following, with respect to a health
			 care provider who is not in compliance with such guidelines, standards,
			 measures, and criteria:
					(1)Exclusion from participation in Federal
			 health care programs (as defined in section 1128B(f) of the Social Security Act
			 (42 U.S.C. 1320a–7b(f))).
					(2)Imposition of a
			 civil money penalty on such provider.
					205.Additional
			 requirements
				(a)Program
			 agendaThe Commissioners
			 shall provide for an agenda for the development of the guidelines, standards,
			 performance measures, and review criteria described in section 203(a),
			 including with respect to the standards, performance measures, and review
			 criteria, identifying specific aspects of health care for which the standards,
			 performance measures, and review criteria are to be developed and those that
			 are to be given priority in the development of the standards, performance
			 measures, and review criteria.
				IIIGENERAL
			 PROVISIONS
			301.Certain
			 administrative authoritiesThe
			 Commissioners, in carrying out this Act, may accept voluntary and uncompensated
			 services.
			302.FundingFor the purpose of carrying out this Act,
			 there are authorized to be appropriated such sums as may be necessary for
			 fiscal years 2010 through 2014.
			303.DefinitionsFor purposes of this Act:
				(1)The term
			 Commissioners means the Commissioners of the Health Care Services
			 Commission.
				(2)The term
			 Commission means the Health Care Services Commission.
				(3)The term
			 Director means the Director of the Office of the Forum for Quality
			 and Effectiveness in Health Care.
				(4)The term
			 Secretary means the Secretary of Health and Human Services.
				IVTERMINATIONS AND
			 TRANSITION
			401.Termination of
			 Agency for Healthcare Research and QualityAs of the date of the enactment of this Act,
			 the Agency for Healthcare Research and Quality is terminated, and title IX of
			 the Public Health Service Act is repealed.
			402.TransitionAll orders, grants, contracts, privileges,
			 and other determinations or actions of the Agency for Healthcare Research and
			 Quality that are effective as of the date before the date of the enactment of
			 this Act, shall be transferred to the Secretary and shall continue in effect
			 according to their terms unless changed pursuant to law.
			VINDEPENDENT HEALTH
			 RECORD TRUST
			501.Title V short
			 titleThis title may be cited
			 as the Independent Health Record Trust
			 Act of 2008.
			502.PurposeIt is the purpose of this title to provide
			 for the establishment of a nationwide health information technology network
			 that—
				(1)improves health
			 care quality, reduces medical errors, increases the efficiency of care, and
			 advances the delivery of appropriate, evidence-based health care
			 services;
				(2)promotes wellness,
			 disease prevention, and the management of chronic illnesses by increasing the
			 availability and transparency of information related to the health care needs
			 of an individual;
				(3)ensures that
			 appropriate information necessary to make medical decisions is available in a
			 usable form at the time and in the location that the medical service involved
			 is provided;
				(4)produces greater
			 value for health care expenditures by reducing health care costs that result
			 from inefficiency, medical errors, inappropriate care, and incomplete
			 information;
				(5)promotes a more
			 effective marketplace, greater competition, greater systems analysis, increased
			 choice, enhanced quality, and improved outcomes in health care services;
				(6)improves the
			 coordination of information and the provision of such services through an
			 effective infrastructure for the secure and authorized exchange and use of
			 health information; and
				(7)ensures that the health information
			 privacy, security, and confidentiality of individually identifiable health
			 information is protected.
				503.DefinitionsIn this title:
				(1)AccessThe
			 term access means, with respect to an electronic health record,
			 entering information into such account as well as retrieving information from
			 such account.
				(2)AccountThe
			 term account means an electronic health record of an individual
			 contained in an independent health record trust.
				(3)Affirmative
			 consentThe term affirmative consent means, with
			 respect to an electronic health record of an individual contained in an IHRT,
			 express consent given by the individual for the use of such record in response
			 to a clear and conspicuous request for such consent or at the individual’s own
			 initiative.
				(4)Authorized EHR
			 data userThe term
			 authorized EHR data user means, with respect to an electronic
			 health record of an IHRT participant contained as part of an IHRT, any entity
			 (other than the participant) authorized (in the form of affirmative consent) by
			 the participant to access the electronic health record.
				(5)ConfidentialityThe term confidentiality
			 means, with respect to individually identifiable health information of an
			 individual, the obligation of those who receive such information to respect the
			 health information privacy of the individual.
				(6)Electronic
			 health recordThe term electronic health record
			 means a longitudinal collection of information concerning a single individual,
			 including medical records and personal health information, that is stored
			 electronically.
				(7)Health
			 information privacyThe term
			 health information privacy means, with respect to individually
			 identifiable health information of an individual, the right of such individual
			 to control the acquisition, uses, or disclosures of such information.
				(8)Health
			 planThe term health
			 plan means a group health plan (as defined in section 2208(1) of the
			 Public Health Service Act (42 U.S.C. 300bb–8(1))) as well as a plan that offers
			 health insurance coverage in the individual market.
				(9)HIPAA privacy
			 regulationsThe term HIPAA privacy regulations means
			 the regulations promulgated under section 264(c) of the Health Insurance
			 Portability and Accountability Act of 1996 (42 U.S.C. 1320d–2 note).
				(10)Independent
			 health record trust; IHRTThe terms independent health
			 record trust and IHRT mean a legal arrangement under the
			 administration of an IHRT operator that meets the requirements of this title
			 with respect to electronic health records of individuals participating in the
			 trust or IHRT.
				(11)IHRT
			 operatorThe term IHRT operator means, with respect
			 to an IHRT, the organization that is responsible for the administration and
			 operation of the IHRT in accordance with this title.
				(12)IHRT
			 participantThe term IHRT participant means, with
			 respect to an IHRT, an individual who has a participation agreement in effect
			 with respect to the maintenance of the individual’s electronic health record by
			 the IHRT.
				(13)Individually
			 identifiable health informationThe term individually
			 identifiable health information has the meaning given such term in
			 section 1171(6) of the Social Security Act (42 U.S.C. 1320d(6)).
				(14)SecurityThe
			 term security means, with respect to individually identifiable
			 health information of an individual, the physical, technological, or
			 administrative safeguards or tools used to protect such information from
			 unwarranted access or disclosure.
				504.Establishment,
			 certification, and membership of independent health record trusts
				(a)EstablishmentNot
			 later than one year after the date of the enactment of this Act, the Federal
			 Trade Commission, in consultation with the National Committee on Vital and
			 Health Statistics, shall prescribe standards for the establishment,
			 certification, operation, and interoperability of IHRTs to carry out the
			 purposes described in section 502 in accordance with the provisions of this
			 title.
				(b)Certification
					(1)Certification by
			 FTCThe Federal Trade
			 Commission shall provide for the certification of IHRTs. No IHRT may be
			 certified unless the IHRT is determined to meet the standards for certification
			 established under subsection (a).
					(2)DecertificationThe
			 Federal Trade Commission shall establish a process for the revocation of
			 certification of an IHRT under this section in the case that the IHRT violates
			 the standards established under subsection (a).
					(c)Membership
					(1)In
			 generalTo be eligible to be a participant in an IHRT, an
			 individual shall—
						(A)submit to the IHRT
			 information as required by the IHRT to establish an electronic health record
			 with the IHRT; and
						(B)enter into a
			 privacy protection agreement described in section 506(b)(1) with the
			 IHRT.
						The process
			 to determine eligibility of an individual under this subsection shall allow for
			 the establishment by such individual of an electronic health record as
			 expeditiously as possible if such individual is determined so eligible.(2)No limitation on
			 membershipNothing in this subsection shall be construed to
			 permit an IHRT to restrict membership, including on the basis of health
			 condition.
					505.Duties of IHRT
			 to IHRT participants
				(a)Fiduciary duty
			 of IHRT; penalties for violations of fiduciary duty
					(1)Fiduciary
			 dutyWith respect to the
			 electronic health record of an IHRT participant maintained by an IHRT, the IHRT
			 shall have a fiduciary duty to act for the benefit and in the interests of such
			 participant and of the IHRT as a whole. Such duty shall include obtaining the
			 affirmative consent of such participant prior to the release of information in
			 such participant’s electronic health record in accordance with the requirements
			 of this title.
					(2)PenaltiesIf the IHRT knowingly or recklessly
			 breaches the fiduciary duty described in paragraph (1), the IHRT shall be
			 subject to the following penalties:
						(A)Loss of
			 certification of the IHRT.
						(B)A fine that is not
			 in excess of $50,000.
						(C)A term of
			 imprisonment for the individuals involved of not more than 5 years.
						(b)Electronic
			 health record deemed To be held in trust by IHRTWith respect to
			 an individual, an electronic health record maintained by an IHRT shall be
			 deemed to be held in trust by the IHRT for the benefit of the individual and
			 the IHRT shall have no legal or equitable interest in such electronic health
			 record.
				506.Availability
			 and use of information from records in IHRT consistent with privacy protections
			 and agreements
				(a)Protected
			 electronic health records use and access
					(1)General rights
			 regarding uses of information
						(A)In
			 generalWith respect to the electronic health record of an IHRT
			 participant maintained by an IHRT, subject to paragraph (2)(C), primary uses
			 and secondary uses (described in subparagraphs (B) and (C), respectively) of
			 information within such record (other than by such participant) shall be
			 permitted only upon the authorization of such use, prior to such use, by such
			 participant.
						(B)Primary
			 usesFor purposes of subparagraph (A) and with respect to an
			 electronic health record of an individual, a primary use is a use for purposes
			 of the individual’s self-care or care by health care professionals.
						(C)Secondary
			 usesFor purposes of
			 subparagraph (B) and with respect to an electronic health record of an
			 individual, a secondary use is any use not described in subparagraph (B) and
			 includes a use for purposes of public health research or other related
			 activities. Additional authorization is required for a secondary use extending
			 beyond the original purpose of the secondary use authorized by the IHRT
			 participant involved. Nothing in this paragraph shall be construed as requiring
			 authorization for every secondary use that is within the authorized original
			 purpose.
						(2)Rules for
			 primary use of records for health care purposesWith respect to
			 the electronic health record of an IHRT participant (or specified parts of such
			 electronic health record) maintained by an IHRT standards for access to such
			 record shall provide for the following:
						(A)Access by IHRT
			 participants to their electronic health records
							(i)OwnershipThe
			 participant maintains ownership over the entire electronic health record (and
			 all portions of such record) and shall have the right to electronically access
			 and review the contents of the entire record (and any portion of such record)
			 at any time, in accordance with this subparagraph.
							(ii)Addition of
			 personal informationThe
			 participant may add personal health information to the health record of that
			 participant, except that such participant shall not alter information that is
			 entered into the electronic health record by any authorized EHR data user. Such
			 participant shall have the right to propose an amendment to information that is
			 entered by an authorized EHR data user pursuant to standards prescribed by the
			 Federal Trade Commission for purposes of amending such information.
							(iii)Identification
			 of information entered by participantAny additions or amendments made by the
			 participant to the health record shall be identified and disclosed within such
			 record as being made by such participant.
							(B)Access by
			 entities other than IHRT participant
							(i)Authorized
			 access onlyExcept as provided under subparagraph (C) and
			 paragraph (4), access to the electronic health record (or any portion of the
			 record)—
								(I)may be made only by
			 authorized EHR data users and only to such portions of the record as specified
			 by the participant; and
								(II)may be limited by
			 the participant for purposes of entering information into such record,
			 retrieving information from such record, or both.
								(ii)Identification
			 of entity that enters informationAny information that is added
			 by an authorized EHR data user to the health record shall be identified and
			 disclosed within such record as being made by such user.
							(iii)Satisfaction
			 of HIPAA privacy regulationsIn the case of a record of a covered entity
			 (as defined for purposes of HIPAA privacy regulations), with respect to an
			 individual, if such individual is an IHRT participant with an independent
			 health record trust and such covered entity is an authorized EHR data user, the
			 requirement under the HIPAA privacy regulations for such entity to provide the
			 record to the participant shall be deemed met if such entity, without charge to
			 the IHRT or the participant—
								(I)forwards to the
			 trust an appropriately formatted electronic copy of the record (and updates to
			 such records) for inclusion in the electronic health record of the participant
			 maintained by the trust;
								(II)enters such
			 record into the electronic health record of the participant so maintained;
			 or
								(III)otherwise makes
			 such record available for electronic access by the IHRT or the individual in a
			 manner that permits such record to be included in the account of the individual
			 contained in the IHRT.
								(iv)Notification of
			 sensitive informationAny information, with respect to the
			 participant, that is sensitive information, as specified by the Federal Trade
			 Commission, shall not be forwarded or entered by an authorized EHR data user
			 into the electronic health record of the participant maintained by the trust
			 unless the user certifies that the participant has been notified of such
			 information.
							(C)Deemed
			 authorization for access for emergency health care
							(i)FindingsCongress
			 finds that—
								(I)given the size and
			 nature of visits to emergency departments in the United States, readily
			 available health information could make the difference between life and death;
			 and
								(II)because of the
			 case mix and volume of patients treated, emergency departments are well
			 positioned to provide information for public health surveillance, community
			 risk assessment, research, education, training, quality improvement, and other
			 uses.
								(ii)Use of
			 informationWith respect to the electronic health record of an
			 IHRT participant (or specified parts of such electronic health record)
			 maintained by an IHRT, the participant shall be deemed as providing
			 authorization (in the form of affirmative consent) for health care providers to
			 access, in connection with providing emergency care services to the
			 participant, a limited, authenticated information set concerning the
			 participant for emergency response purposes, unless the participant specifies
			 that such information set (or any portion of such information set) may not be
			 so accessed. Such limited information set may include information—
								(I)patient
			 identification data, as determined appropriate by the participant;
								(II)provider
			 identification that includes the use of unique provider identifiers;
								(III)payment
			 information;
								(IV)information
			 related to the individual’s vitals, allergies, and medication history;
								(V)information
			 related to existing chronic problems and active clinical conditions of the
			 participant; and
								(VI)information
			 concerning physical examinations, procedures, results, and diagnosis
			 data.
								(3)Rules for
			 secondary uses of records for research and other purposes
						(A)In
			 generalWith respect to the electronic health record of an IHRT
			 participant (or specified parts of such electronic health record) maintained by
			 an IHRT, the IHRT may sell such record (or specified parts of such record) only
			 if—
							(i)the transfer is
			 authorized by the participant pursuant to an agreement between the participant
			 and the IHRT and is in accordance with the privacy protection agreement
			 described in subsection (b)(1) entered into between such participant and such
			 IHRT;
							(ii)such agreement
			 includes parameters with respect to the disclosure of information involved and
			 a process for the authorization of the further disclosure of information in
			 such record;
							(iii)the information
			 involved is to be used for research or other activities only as provided for in
			 the agreement;
							(iv)the
			 recipient of the information provides assurances that the information will not
			 be further transferred or reused in violation of such agreement; and
							(v)the transfer
			 otherwise meets the requirements and standards prescribed by the Federal Trade
			 Commission.
							(B)Treatment of
			 public health reportingNothing in this paragraph shall be
			 construed as prohibiting or limiting the use of health care information of an
			 individual, including an individual who is an IHRT participant, for public
			 health reporting (or other research) purposes prior to the inclusion of such
			 information in an electronic health record maintained by an IHRT.
						(4)Law enforcement
			 clarificationNothing in this
			 title shall prevent an IHRT from disclosing information contained in an
			 electronic health record maintained by the IHRT when required for purposes of a
			 lawful investigation or official proceeding inquiring into a violation of, or
			 failure to comply with, any criminal or civil statute or any regulation, rule,
			 or order issued pursuant to such a statute.
					(5)Rule of
			 constructionNothing in this section shall be construed to
			 require a health care provider that does not utilize electronic methods or
			 appropriate levels of health information technology on the date of the
			 enactment of this Act to adopt such electronic methods or technology as a
			 requirement for participation or compliance under this title.
					(b)Privacy
			 protection agreement; treatment of State privacy and security laws
					(1)Privacy
			 protection agreementA privacy protection agreement described in
			 this subsection is an agreement, with respect to an electronic health record of
			 an IHRT participant to be maintained by an independent health record trust,
			 between the participant and the trust—
						(A)that is consistent
			 with the standards described in subsection (a)(2);
						(B)under which the participant specifies the
			 portions of the record that may be accessed, under what circumstances such
			 portions may be accessed, any authorizations for indicated authorized EHR data
			 users to access information contained in the record, and the purposes for which
			 the information (or portions of the information) in the record may be
			 used;
						(C)which provides a process for the
			 authorization of the transfer of information contained in the record to a third
			 party, including for the sale of such information for purposes of research, by
			 an authorized EHR data user and reuse of such information by such third party,
			 including a provision requiring that such transfer and reuse is not in
			 violation of any privacy or transfer restrictions placed by the participant on
			 the independent health record of such participant; and
						(D)under which the
			 trust provides assurances that the trust will not transfer, disclose, or
			 provide access to the record (or any portion of the record) in violation of the
			 parameters established in the agreement or to any person or entity who has not
			 agreed to use and transfer such record (or portion of such record) in
			 accordance with such agreement.
						(2)Treatment of
			 State laws
						(A)In
			 generalExcept as provided under subparagraph (B), the provisions
			 of a privacy protection agreement entered into between an IHRT and an IHRT
			 participant shall preempt any provision of State law (or any State regulation)
			 relating to the privacy and confidentiality of individually identifiable health
			 information or to the security of such health information.
						(B)Exception for
			 privileged informationThe provisions of a privacy protection
			 agreement shall not preempt any provision of State law (or any State
			 regulation) that recognizes privileged communications between physicians,
			 health care practitioners, and patients of such physicians or health care
			 practitioners, respectively.
						(C)State
			 definedFor purposes of this section, the term State
			 has the meaning given such term when used in title XI of the Social Security
			 Act, as provided under section 1101(a) of such Act (42 U.S.C. 1301(a)).
						507.Voluntary
			 nature of trust participation and information sharing
				(a)In
			 generalParticipation in an independent health record trust, or
			 authorizing access to information from such a trust, is voluntary. No employer,
			 health insurance issuer, group health plan, health care provider, or other
			 person may require, as a condition of employment, issuance of a health
			 insurance policy, coverage under a group health plan, the provision of health
			 care services, payment for such services, or otherwise, that an individual
			 participate in, or authorize access to information from, an independent health
			 record trust.
				(b)EnforcementThe
			 penalties provided for in subsection (a) of section 1177 of the Social Security
			 Act (42 U.S.C. 1320d–6) shall apply to a violation of subsection (a) in the
			 same manner as such penalties apply to a person in violation of subsection (a)
			 of such section.
				508.Financing of
			 activities
				(a)In
			 generalExcept as provided in subsection (b), an IHRT may
			 generate revenue to pay for the operations of the IHRT through—
					(1)charging IHRT
			 participants account fees for use of the trust;
					(2)charging authorized
			 EHR data users for accessing electronic health records maintained in the
			 trust;
					(3)the sale of
			 information contained in the trust (as provided for in section 506(a)(3)(A));
			 and
					(4)any
			 other activity determined appropriate by the Federal Trade Commission.
					(b)Prohibition
			 against access fees for health care providersFor purposes of providing incentives to
			 health care providers to access information maintained in an IHRT, as
			 authorized by the IHRT participants involved, the IHRT may not charge a fee for
			 services specified by the IHRT. Such services shall include the transmittal of
			 information from a health care provider to be included in an independent
			 electronic health record maintained by the IHRT (or permitting such provider to
			 input such information into the record), including the transmission of or
			 access to information described in section 506(a)(2)(C)(ii) by appropriate
			 emergency responders.
				(c)Required
			 disclosuresThe sources and amounts of revenue derived under
			 subsection (a) for the operations of an IHRT shall be fully disclosed to each
			 IHRT participant of such IHRT and to the public.
				(d)Treatment of
			 incomeFor purposes of the Internal Revenue Code of 1986, any
			 revenue described in subsection (a) shall not be included in gross income of
			 any IHRT, IHRT participant, or authorized EHR data user.
				509.Regulatory
			 oversight
				(a)In
			 generalIn carrying out this title, the Federal Trade Commission
			 shall promulgate regulations for independent health record trusts.
				(b)Establishment of
			 Interagency Steering Committee
					(1)In
			 generalThe Secretary of Health and Human Services shall
			 establish an Interagency Steering Committee in accordance with this
			 subsection.
					(2)ChairpersonThe
			 Secretary of Health and Human Services shall serve as the chairperson of the
			 Interagency Steering Committee.
					(3)MembershipThe
			 members of the Interagency Steering Committee shall consist of the Attorney
			 General, the Chairperson of the Federal Trade Commission, the Chairperson for
			 the National Committee for Vital and Health Statistics, a representative of the
			 Federal Reserve, and other Federal officials determined appropriate by the
			 Secretary of Health and Human Services.
					(4)DutiesThe
			 Interagency Steering Committee shall coordinate the implementation of this
			 title, including the implementation of policies described in subsection (d)
			 based upon the recommendations provided under such subsection, and regulations
			 promulgated under this title.
					(c)Federal advisory
			 committee
					(1)In
			 generalThe National Committee for Vital and Health Statistics
			 shall serve as an advisory committee for the IHRTs. The membership of such
			 advisory committee shall include a representative from the Federal Trade
			 Commission and the chairperson of the Interagency Steering Committee. Not less
			 than 60 percent of such membership shall consist of representatives of
			 nongovernment entities, at least one of whom shall be a representative from an
			 organization representing health care consumers.
					(2)DutiesThe
			 National Committee for Vital and Health Statistics shall issue periodic reports
			 and review policies concerning IHRTs based on each of the following
			 factors:
						(A)Privacy and
			 security policies.
						(B)Economic
			 progress.
						(C)Interoperability
			 standards.
						(d)Policies
			 recommended by Federal Trade CommissionThe Federal Trade
			 Commission, in consultation with the National Committee for Vital and Health
			 Statistics, shall recommend policies to—
					(1)provide assistance
			 to encourage the growth of independent health record trusts;
					(2)track economic
			 progress as it pertains to operators of independent health records trusts and
			 individuals receiving nontaxable income with respect to accounts;
					(3)conduct public
			 education activities regarding the creation and usage of the independent health
			 records trusts;
					(4)establish standards for the
			 interoperability of health information technology to ensure that information
			 contained in such record may be shared between the trust involved, the
			 participant, and authorized EHR data users, including for the standardized
			 collection and transmission of individual health records (or portions of such
			 records) to authorized EHR data users through a common interface and for the
			 portability of such records among independent health record trusts; and
					(5)carry out any
			 other activities determined appropriate by the Federal Trade Commission.
					(e)Regulations
			 promulgated by Federal Trade CommissionThe Federal Trade
			 Commission shall promulgate regulations based on, at a minimum, the following
			 factors:
					(1)Requiring that an
			 IHRT participant, who has an electronic health record that is maintained by an
			 IHRT, be notified of a security breech with respect to such record, and any
			 corrective action taken on behalf of the participant.
					(2)Requiring that
			 information sent to, or received from, an IHRT that has been designated as
			 high-risk should be authenticated through the use of methods such as the
			 periodic changing of passwords, the use of biometrics, the use of tokens or
			 other technology as determined appropriate by the council.
					(3)Requiring a delay
			 in releasing sensitive health care test results and other similar information
			 to patients directly in order to give physicians time to contact the
			 patient.
					(4)Recommendations
			 for entities operating IHRTs, including requiring analysis of the potential
			 risk of health transaction security breeches based on set criteria.
					(5)The conduct of
			 audits of IHRTs to ensure that they are in compliance with the requirements and
			 standards established under this title.
					(6)Disclosure to IHRT
			 participants of the means by which such trusts are financed, including revenue
			 from the sale of patient data.
					(7)Prevention of
			 certification of an entity seeking independent heath record trust certification
			 based on—
						(A)the potential for
			 conflicts between the interests of such entity and the security of the health
			 information involved; and
						(B)the involvement of
			 the entity in any activity that is contrary to the best interests of a
			 patient.
						(8)Prevention of the
			 use of revenue sources that are contrary to a patient’s interests.
					(9)Public disclosure
			 of audits in a manner similar to financial audits required for publicly traded
			 stock companies.
					(10)Requiring
			 notification to a participating entity that the information contained in such
			 record may not be representative of the complete or accurate electronic health
			 record of such account holder.
					(f)Compliance
			 reportNot later than 1 year after the date of the enactment of
			 this Act, and annually thereafter, the Commission shall submit to the Committee
			 on Health, Education, Labor, and Pensions and the Committee on Finance of the
			 Senate and the Committee on Energy and Commerce and the Committee on Ways and
			 Means of the House of Representatives, a report on compliance by and progress
			 of independent health record trusts with this title. Such report shall describe
			 the following:
					(1)The number of
			 complaints submitted about independent health record trusts, which shall be
			 divided by complaints related to security breaches, and complaints not related
			 to security breaches, and may include other categories as the Interagency
			 Steering Committee established under subsection (b) determines
			 appropriate.
					(2)The number of
			 enforcement actions undertaken by the Commission against independent health
			 record trusts in response to complaints under paragraph (1), which shall be
			 divided by enforcement actions related to security breaches and enforcement
			 actions not related to security breaches and may include other categories as
			 the Interagency Steering Committee established under subsection (b) determines
			 appropriate.
					(3)The economic
			 progress of the individual owner or institution operator as achieved through
			 independent health record trust usage and existing barriers to such
			 usage.
					(4)The progress in
			 security auditing as provided for by the Interagency Steering Committee council
			 under subsection (b).
					(5)The other core
			 responsibilities of the Commission as described in subsection (a).
					(g)Interagency
			 memorandum of understandingThe Interagency Steering Committee
			 shall ensure, through the execution of an interagency memorandum of
			 understanding, that—
					(1)regulations,
			 rulings, and interpretations issued by Federal officials relating to the same
			 matter over which 2 or more such officials have responsibility under this title
			 are administered so as to have the same effect at all times; and
					(2)the memorandum
			 provides for the coordination of policies related to enforcing the same
			 requirements through such officials in order to have coordinated enforcement
			 strategy that avoids duplication of enforcement efforts and assigns priorities
			 in enforcement.
					
