[Congressional Bills 111th Congress]
[From the U.S. Government Publishing Office]
[H.R. 4216 Introduced in House (IH)]

111th CONGRESS
  1st Session
                                H. R. 4216

To amend the Public Health Service Act and titles XVIII and XIX of the 
 Social Security Act to establish guidelines to enhance the meaningful 
 use and interoperability of electronic medical records with personal 
health records, including for purposes of Medicare and Medicaid payment 
                              incentives.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                            December 7, 2009

  Mr. Kennedy (for himself and Mr. Reichert) introduced the following 
 bill; which was referred to the Committee on Energy and Commerce, and 
  in addition to the Committee on Ways and Means, for a period to be 
subsequently determined by the Speaker, in each case for consideration 
  of such provisions as fall within the jurisdiction of the committee 
                               concerned

_______________________________________________________________________

                                 A BILL


 
To amend the Public Health Service Act and titles XVIII and XIX of the 
 Social Security Act to establish guidelines to enhance the meaningful 
 use and interoperability of electronic medical records with personal 
health records, including for purposes of Medicare and Medicaid payment 
                              incentives.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Personal Health Record Act of 
2009''.

SEC. 2. ENHANCING MEANINGFUL USE OF ELECTRONIC HEALTH RECORDS THROUGH 
              INTEROPERABILITY.

    (a) Definitions.--
            (1) In general.--Section 3000 of the Public Health Service 
        Act (42 U.S.C. 300jj) is amended by adding at the end the 
        following:
            ``(15) Electronic exchange.--The term `electronic exchange' 
        shall include the automated transfer of individual health 
        information between electronic medical records and personal 
        health records, and between electronic medical records, 
        personal health records, and other electronic systems.
            ``(16) Personal health record.--The term `personal health 
        record' means an electronic record of PHR identifiable health 
        information (as defined in section 13407(f)(2) of the HITECH 
        Act) of an individual that--
                    ``(A) complies with appropriate data content 
                standards;
                    ``(B) enables the individual, an authorized 
                representative, vendor of personal health records (as 
                defined in section 318.2(j) of title 16, Code of 
                Federal Regulations, as in effect as of November 1, 
                2009), any covered entity (as defined for purposes of 
                HIPAA privacy and security law, as defined in section 
                3009(a)(2)), or an entity to the extent that it engages 
                in activities as a business associate (as defined for 
                such purposes) of such a covered entity, to retrieve 
                data from or input data into the electronic record; and
                    ``(C) is portable and capable of electronic 
                communication between such individual and the relevant 
                covered entity, business associate described in 
                subparagraph (B), or vendor of personal health records 
                of such individual that is managed, shared, and 
                controlled by or primarily for the individual.''.
            (2) Conforming amendment.--Section 13400(11) of the HITECH 
        Act (42 U.S.C. 17921(11)) is amended to read as follows:
            ``(11) Personal health record.--The term `personal health 
        record' has the meaning given such term in section 3000(16) of 
        the Public Health Service Act.''.
    (b) Access to Individually Identifiable Health Information.--
Section 3001(b) of the Public Health Service Act (42 U.S.C. 300jj-
11(b)) is amended--
            (1) in the matter preceding paragraph (1), by inserting 
        ``electronic'' before ``exchange'';
            (2) in paragraph (6)--
                    (A) by inserting ``individuals,'' after ``physician 
                offices,''; and
                    (B) by inserting ``electronic'' before ``exchange 
                of health care information'';
            (3) in paragraph (10), by striking at the end ``and'';
            (4) in paragraph (11), by striking the period and inserting 
        ``; and''; and
            (5) by adding at the end the following new paragraph:
            ``(12) allows for an individual to have access to their 
        individually identifiable health information.''.
    (c) Strategic Plan Relating to Personal Health Records.--Section 
3001(c)(3)(A) of the Public Health Service Act (42 U.S.C. 300jj-
11(c)(3)(A)) is amended by adding at the end the following new clause:
                            ``(ix) The interoperability of a personal 
                        health record with an electronic health 
                        record.''.
    (d) Guidelines Relating to Personal Health Records.--Section 
3001(c) of the Public Health Service Act (42 U.S.C. 300jj-11(c)) is 
amended by adding at the end the following new paragraph:
            ``(9) Guidelines for personal health records.--Not later 
        than the date that is 12 months after the date of the enactment 
        of the Personal Health Record Act of 2009, the National 
        Coordinator shall develop guidelines for making electronic 
        health records interoperable with personal health records for 
        the purpose of improving health care quality, reducing medical 
        errors, and advancing the delivery of patient-centered medical 
        care and health management. Such guidelines shall include--
                    ``(A) standards based on the recommendations 
                provided in section 3002(b)(2)(B)(ix), including for 
                purposes of requiring electronic health records to be 
                made available through electronic exchange and 
                interoperable with personal health records for purposes 
                of demonstrating meaningful use of an electronic health 
                record under sections 1848(o)(2)(A)(i), 
                1886(n)(3)(A)(i), and 1903(t)(6)(C)(i)(II) of the 
                Social Security Act;
                    ``(B) recommendations for applying such a 
                requirement of making electronic health records 
                available, with respect to community and behavioral 
                health programs, in the form of personal health records 
                to improve the effective and efficient electronic 
                exchange and management of information between the 
                individual (or authorized representative of the 
                individual), including those in medically underserved 
                communities (as defined in section 799B(6)), and 
                community health centers and behavioral health service 
                providers;
                    ``(C) required components of a personal health 
                record, which shall include--
                            ``(i) information on medical history, 
                        including diagnoses and procedures, including 
                        updates if diagnosis or procedures change after 
                        each provider encounter;
                            ``(ii) information on recent laboratory 
                        results, diagnostic examinations, and 
                        radiologic procedures, if available in 
                        electronic format;
                            ``(iii) information on medications and 
                        prescriptions, both current and historical, 
                        including updates if medications change after 
                        each provider encounter;
                            ``(iv) information on allergies, both 
                        medication and environmental, including the 
                        specific reaction;
                            ``(v) privacy, security, and electronic 
                        informed consents for disclosing individually 
                        identifiable health information;
                            ``(vi) computer programming standards 
                        determined by the National Coordinator that 
                        allow interoperability of individually 
                        identifiable health information and 
                        communications between covered entities (as 
                        defined for purposes of HIPAA privacy and 
                        security law, as defined in section 
                        3009(a)(2)), entities to the extent that they 
                        engage in activities as business associates of 
                        such covered entities, individuals, and vendors 
                        of personal health records;
                            ``(vii) portability of the personal health 
                        record by the individual between covered 
                        entities, business associates described in 
                        clause (vi), or vendors of personal health 
                        records;
                            ``(viii) ability to use such record as part 
                        of the patient intake process;
                            ``(ix) accurate attribution of the source 
                        of all data in the personal health record, 
                        including the source of the information, the 
                        date that such information was entered into the 
                        personal health record, and standards-based 
                        protection of data provided by the health care 
                        provider (such as health care provider clinic 
                        notes, laboratory results, diagnostic 
                        examinations, and radiologic procedures) from 
                        changes;
                            ``(x) notification of the individual 
                        involved or the authorized representative of 
                        such individual of the risks of withholding 
                        medical information from a medical provider; 
                        and
                            ``(xi) health services communication tools, 
                        including those which offer online secure 
                        communication with covered entities (as defined 
                        for purposes of HIPAA privacy and security law, 
                        as defined in section 3009(a)(2)) and entities 
                        to the extent that they engage in activities as 
                        business associates (as defined for such 
                        purposes) of such a covered entity;
                    ``(D) other possible components for consideration 
                of a personal health record, including--
                            ``(i) an audit trail to monitor who has 
                        accessed the personal health record of the 
                        individual;
                            ``(ii) automated appointment, care 
                        reminders, and health self-management tools;
                            ``(iii) the ability to provide education 
                        tools;
                            ``(iv) the ability of the individual or 
                        authorized representative involved to annotate 
                        (without changing) health care provider 
                        records, such as to provide feedback to health 
                        care providers of the individual;
                            ``(v) protection of clinical records in the 
                        personal health record which are imported from 
                        or exported to a covered entity, business 
                        associate described in clause (i), or vendor of 
                        personal health records from being changed by 
                        the individual, authorized representative of 
                        the individual, vendor of personal health 
                        records, the covered entity, or business 
                        associate;
                            ``(vi) the ability to allow comments by the 
                        individual, authorized representative, and 
                        covered entity within an area of the personal 
                        health record that is separate from the 
                        clinical record imported from or exported to a 
                        covered entity; and
                            ``(vii) emergency access procedures for 
                        medical personnel, with respect to the record, 
                        for clinical care in cases that the individual 
                        or authorized representative is not able to 
                        give consent; and
                    ``(E) security, privacy, and electronic informed 
                consents for disclosing individually identifiable 
                health information for personal health records, 
                including the recommendations described in paragraph 
                (6)(F).
        In the case that the Secretary determines that any standard or 
        component for personal health records included under the 
        guidance under this paragraph is not adequate pursuant to the 
        report submitted under paragraph (6)(F), the Secretary shall 
        notify the National Coordinator and the HIT Standards Committee 
        in accordance with section 3004(a)(2)(B) and the National 
        Coordinator may revise such standard or component, 
        respectively.''.
    (e) Reports.--Section 3001(c)(6) of such Act (42 U.S.C. 300jj-
11(c)(6)) is amended by adding at the end the following new 
subparagraphs:
                    ``(F) Monitoring personal health records.--Not 
                later than the date that is 24 months after the date of 
                the enactment of the Personal Health Record Act of 2009 
                and annually thereafter, the National Coordinator, in 
                consultation with the Administrator of the Centers for 
                Medicare & Medicaid Services, shall submit to the 
                appropriate committees of jurisdiction of Congress an 
                annual report on--
                            ``(i) the extent to which personal health 
                        records have been integrated into the  
                        meaningful  use of electronic health records 
                        for purposes of sections 1848(o)(2), 
                        1886(n)(3), and 1903(t)(6) of the Social 
                        Security Act;
                            ``(ii) the extent to which the use of 
                        personal health records improve communication 
                        between individuals and covered entities (as 
                        defined for purposes of HIPAA privacy and 
                        security law, as defined in section 3009(a)(2)) 
                        and improve patient health management, 
                        including documentation of the extent to which 
                        there are cost savings;
                            ``(iii) the extent to which the use of 
                        personal health records, with respect to 
                        community health centers and behavioral health 
                        services, improve the effective and efficient 
                        exchange and management of information between 
                        the individual involved (or authorized 
                        representative of the individual), including 
                        those in medically underserved communities, and 
                        community health centers and behavioral health 
                        service providers;
                            ``(iv) status of the standards implemented 
                        in paragraph (9)(A) and the need to revise or 
                        include new standards;
                            ``(v) the adequacy of the components of a 
                        personal health record described in paragraph 
                        (9)(C); and
                            ``(vi) the affect of having an individual 
                        with full access to the medical records of such 
                        individual through use of a personal health 
                        record, including--
                                    ``(I) a prospective study analyzing 
                                health care utilization (including the 
                                impact of personal health records on 
                                health care provider efficiency, health 
                                care provider reimbursement for time 
                                spent interacting with individuals as a 
                                result of personal health records, and 
                                defensive medicine practices);
                                    ``(II) the extent that such access 
                                affects communications by means of such 
                                records between various health care 
                                providers of the individual (including 
                                the use of provider notations);
                                    ``(III) a prospective study 
                                analyzing the affect of such access on 
                                the patient-health care provider 
                                relationship; and
                                    ``(IV) the risks and benefits of an 
                                individual having full access to 
                                medical records of the individual 
                                through the use of personal health 
                                records.
                    ``(G) Recommendation relating to security and 
                privacy of personal health records.--Not later than 6 
                months after the date of the enactment of the Personal 
                Health Record Act of 2009, the National Coordinator 
                shall submit to the appropriate committees of 
                jurisdiction of Congress a report, including 
                recommendations, on the technological, medicolegal, 
                medical safety, and other pertinent issues related to 
                an individual's control of the personal health record 
                of such individual and shall establish guidelines for 
                such control. The National Coordinator shall ensure the 
                participation in such a report of health care 
                consumers, vendors of personal health records, and 
                covered entities (as defined for purposes of HIPAA 
                privacy and security law, as defined in section 
                3009(a)(2)), along with other health care stakeholders. 
                The report shall encompass at least the following 
                issues:
                            ``(i) the rights of an individual utilizing 
                        a personal health record with respect to the 
                        individual's own individually identifiable 
                        health information contained in such; and
                            ``(ii) the security and privacy of an 
                        individual utilizing a personal health record, 
                        including--
                                    ``(I) defining who has right of 
                                access to an individual's personal 
                                health record in the case of a personal 
                                health record provided by a covered 
                                entity;
                                    ``(II) security and privacy issues 
                                following medical emergency access of 
                                information in a personal health record 
                                by health care providers;
                                    ``(III) the impact of an individual 
                                restricting medical information access 
                                in a personal health record of such 
                                individual to health care providers on 
                                patient care and safety;
                                    ``(IV) the risks and benefits of 
                                health care provider notification if 
                                the personal health record of an 
                                individual is restricted by the 
                                individual;
                                    ``(V) the uses and disclosures of 
                                the information of an individual 
                                contained in a personal health record 
                                that should be authorized or required 
                                by a vendor of personal health records 
                                providing and maintaining such record;
                                    ``(VI) electronic informed consents 
                                for disclosing individually 
                                identifiable health information;
                                    ``(VII) the use of an audit trail 
                                of who has entered, removed, and 
                                changed data within a personal health 
                                record; and
                                    ``(VIII) the dissemination of 
                                abnormal laboratory results, diagnostic 
                                examinations, and radiological 
                                procedures into personal health records 
                                prior to notification of the 
                                abnormality by the health care 
                                provider.''.
    (f) Personal Health Record Standards Included in HIT Policy 
Committee Recommendations.--
            (1) In general.--Section 3002(b)(2)(B) of the Public Health 
        Service Act (42 U.S.C. 300jj-12(b)(2)(B)) is amended by adding 
        at the end the following new clause:
                            ``(ix) Standards and implementation 
                        specifications for the interoperability of 
                        personal health records and electronic health 
                        records.''.
            (2) Conforming changes relating to hit standards committee 
        recommendations.--
                    (A) Deadline for submission of recommendations to 
                national coordinator.--Section 3003(b)(1)(A) of such 
                Act (42 U.S.C. 300jj-13(b)(1)(A)) is amended by adding 
                at the end the following: ``Not later than the date 
                that is 6 months after the date of the enactment of the 
                Personal Health Record Act of 2009, the HIT Standards 
                Committee shall recommend to the National Coordinator 
                standards and implementation specifications described 
                in section 3002(b)(2)(B)(ix). The HIT Standards 
                Committee shall update such recommendations and make 
                new recommendations as appropriate, including in 
                response to notification sent under section 
                3004(a)(2)(B).''.
                    (B) Forum.--Section 3003(b)(2) of such Act (42 
                U.S.C. 300jj-13(b)(2)) is amended by inserting before 
                the period the following: ``, including for the 
                adoption of interoperability of personal health records 
                and electronic health records''.
            (3) Conforming changes relating to adoption of initial set 
        of standards.--Section 3004(b)(1) of such Act (42 U.S.C. 300jj-
        14(b)(1)) is amended by inserting ``(other than clause (ix))'' 
        after ``section 3002(b)(2)(B)''.
    (g) Application of Guidelines to Meaningful Use Requirements of 
Electronic Medical Records Under Medicare.--
            (1) Eligible professional payment incentives.--Section 
        1848(o)(2)(A)(i) of the Social Security Act (42 U.S.C. 1395w-
        4(o)(2)(A)(i)) is amended by inserting before the period at the 
        end the following: ``and shall include demonstrating the 
        availability of such technology to and use of such technology 
        by individuals furnished items and services by such 
        professional in the form of electronic and personal health 
        records consistent with guidelines established by the National 
        Coordinator under section 3001(c)(9)(A) of the Public Health 
        Service Act''.
            (2) Eligible hospital payment incentives.--Section 
        1886(n)(3)(A)(i) of such Act (42 U.S.C. 1395ww(n)(3)(A)(i)) is 
        amended by inserting before the period at the end the 
        following: ``, which shall include demonstrating the 
        availability of such technology to and use of such technology 
        by individuals furnished items and services by such hospital in 
        the form of electronic and personal health records consistent 
        with guidelines established by the National Coordinator under 
        section 3001(c)(9)(A) of the Public Health Service Act''.
    (h) Application of Guidelines to Meaningful EHR Use Requirements 
Under Medicaid.--Section 1903(t)(6)(C)(i)(II) of the Social Security 
Act (42 U.S.C. 1396b(t)(6)(C)(i)(II)) is amended--
            (1) by striking ``and'' before ``that may be based''; and
            (2) by inserting before the period at the end the 
        following: ``, and which shall include demonstrating the 
        availability of such technology to and use of such technology 
        by individuals furnished items and services by such Medicaid 
        provider in the form of electronic and personal health records 
        consistent with guidelines established by the National 
        Coordinator under section 3001(c)(9)(A) of the Public Health 
        Service Act''.
    (i) Relationship to Other Laws.--Section 13421 of the HITECH Act 
(42 U.S.C. 17951) is amended by adding at the end the following new 
subsection:
    ``(c) Health Information Portability and Accountability Act, Health 
Care Providers, and Personal Health Records.--Nothing in this subtitle 
or the provisions of or amendments made by the Personal Health Record 
Act of 2009 shall affect the ability of a health care provider involved 
in the direct care of an individual to obtain pertinent information on 
the medical history of such individual from another health care 
provider involved in the medical care of the individual, in accordance 
with HIPAA privacy and security law (as defined in section 3009(a)(2) 
of the Public Health Service Act) as in effect before the date of the 
enactment of the Personal Health Record Act of 2009.''.
                                 <all>