1.This Act may be cited as the
Personal Health Record Act of 2009
.
2.Enhancing
meaningful use of electronic health records through interoperability
(a)
(1)Section 3000 of the Public Health Service Act (42 U.S.C.
300jj) is amended by adding at the end the following:
(15)The term
electronic exchange shall include the automated transfer of
individual health information between electronic medical records and personal
health records, and between electronic medical records, personal health
records, and other electronic systems.
(16)The term
personal health record means an electronic record of PHR
identifiable health information (as defined in section 13407(f)(2) of the
HITECH Act) of an individual that—
(A)complies with
appropriate data content standards;
(B)enables the
individual, an authorized representative, vendor of personal health records (as
defined in section 318.2(j) of title 16, Code of Federal Regulations, as in
effect as of November 1, 2009), any covered entity (as defined for purposes of
HIPAA privacy and security law, as defined in section 3009(a)(2)), or an entity
to the extent that it engages in activities as a business associate (as defined
for such purposes) of such a covered entity, to retrieve data from or input
data into the electronic record; and
(C)is portable and
capable of electronic communication between such individual and the relevant
covered entity, business associate described in subparagraph (B), or vendor of
personal health records of such individual that is managed, shared, and
controlled by or primarily for the
individual.
.
(2)Section 13400(11)
of the HITECH Act (42 U.S.C. 17921(11)) is amended to read as follows:
(11)The term
personal health record has the meaning given such term in section
3000(16) of the Public Health Service Act.
.
(b)Access to
individually identifiable health informationSection 3001(b) of the Public Health
Service Act (42 U.S.C. 300jj–11(b)) is amended—
(1)in the matter
preceding paragraph (1), by inserting electronic
before
exchange
;
(2)in paragraph
(6)—
(A)by inserting
“individuals,” after “physician offices,”; and
(B)by inserting
“electronic” before “exchange of health care information”;
(3)in paragraph (10),
by striking at the end and
;
(4)in paragraph (11),
by striking the period and inserting ; and
; and
(5)by adding at the
end the following new paragraph:
(12)allows for an individual to have access to
their individually identifiable health
information.
.
(c)Strategic plan
relating to personal health recordsSection 3001(c)(3)(A) of the Public Health
Service Act (42 U.S.C. 300jj–11(c)(3)(A)) is amended by adding at the end the
following new clause:
(ix)The interoperability of a personal health
record with an electronic health
record.
.
(d)Guidelines
relating to Personal Health RecordsSection 3001(c) of the Public
Health Service Act (42 U.S.C. 300jj–11(c)) is amended by adding at the end the
following new paragraph:
(9)Guidelines for
Personal Health RecordsNot
later than the date that is 12 months after the date of the enactment of the
Personal Health Record Act of 2009, the National Coordinator shall develop
guidelines for making electronic health records interoperable with personal
health records for the purpose of improving health care quality, reducing
medical errors, and advancing the delivery of patient-centered medical care and
health management. Such guidelines shall include—
(A)standards based on
the recommendations provided in section 3002(b)(2)(B)(ix), including for
purposes of requiring electronic health records to be made available through
electronic exchange and interoperable with personal health records for purposes
of demonstrating meaningful use of an electronic health record under sections
1848(o)(2)(A)(i), 1886(n)(3)(A)(i), and 1903(t)(6)(C)(i)(II) of the Social
Security Act;
(B)recommendations
for applying such a requirement of making electronic health records available,
with respect to community and behavioral health programs, in the form of
personal health records to improve the effective and efficient electronic
exchange and management of information between the individual (or authorized
representative of the individual), including those in medically underserved
communities (as defined in section 799B(6)), and community health centers and
behavioral health service providers;
(C)required
components of a personal health record, which shall include—
(i)information on medical history, including
diagnoses and procedures, including updates if diagnosis or procedures change
after each provider encounter;
(ii)information on recent laboratory results,
diagnostic examinations, and radiologic procedures, if available in electronic
format;
(iii)information on medications and
prescriptions, both current and historical, including updates if medications
change after each provider encounter;
(iv)information on allergies, both medication
and environmental, including the specific reaction;
(v)privacy, security,
and electronic informed consents for disclosing individually identifiable
health information;
(vi)computer programming standards determined
by the National Coordinator that allow interoperability of individually
identifiable health information and communications between covered entities (as
defined for purposes of HIPAA privacy and security law, as defined in section
3009(a)(2)), entities to the extent that they engage in activities as business
associates of such covered entities, individuals, and vendors of personal
health records;
(vii)portability of
the personal health record by the individual between covered entities, business
associates described in clause (vi), or vendors of personal health
records;
(viii)ability to use
such record as part of the patient intake process;
(ix)accurate attribution of the source of all
data in the personal health record, including the source of the information,
the date that such information was entered into the personal health record, and
standards-based protection of data provided by the health care provider (such
as health care provider clinic notes, laboratory results, diagnostic
examinations, and radiologic procedures) from changes;
(x)notification of
the individual involved or the authorized representative of such individual of
the risks of withholding medical information from a medical provider;
and
(xi)health services
communication tools, including those which offer online secure communication
with covered entities (as defined for purposes of HIPAA privacy and security
law, as defined in section 3009(a)(2)) and entities to the extent that they
engage in activities as business associates (as defined for such purposes) of
such a covered entity;
(D)other possible
components for consideration of a personal health record, including—
(i)an audit trail to monitor who has accessed
the personal health record of the individual;
(ii)automated appointment, care reminders, and
health self-management tools;
(iii)the ability to
provide education tools;
(iv)the ability of the individual or authorized
representative involved to annotate (without changing) health care provider
records, such as to provide feedback to health care providers of the
individual;
(v)protection of clinical records in the
personal health record which are imported from or exported to a covered entity,
business associate described in clause (i), or vendor of personal health
records from being changed by the individual, authorized representative of the
individual, vendor of personal health records, the covered entity, or business
associate;
(vi)the ability to allow comments by the
individual, authorized representative, and covered entity within an area of the
personal health record that is separate from the clinical record imported from
or exported to a covered entity; and
(vii)emergency access procedures for medical
personnel, with respect to the record, for clinical care in cases that the
individual or authorized representative is not able to give consent; and
(E)security, privacy, and electronic informed
consents for disclosing individually identifiable health information for
personal health records, including the recommendations described in paragraph
(6)(F).
In the
case that the Secretary determines that any standard or component for personal
health records included under the guidance under this paragraph is not adequate
pursuant to the report submitted under paragraph (6)(F), the Secretary shall
notify the National Coordinator and the HIT Standards Committee in accordance
with section 3004(a)(2)(B) and the National Coordinator may revise such
standard or component, respectively..
(e)Section 3001(c)(6) of such Act (42 U.S.C.
300jj–11(c)(6)) is amended by adding at the end the following new
subparagraphs:
(F)Monitoring
personal health recordsNot
later than the date that is 24 months after the date of the enactment of the
Personal Health Record Act of 2009 and annually thereafter, the National
Coordinator, in consultation with the Administrator of the Centers for Medicare
& Medicaid Services, shall submit to the appropriate committees of
jurisdiction of Congress an annual report on—
(i)the extent to which personal health records
have been integrated into the meaningful use of electronic health records for
purposes of sections 1848(o)(2), 1886(n)(3), and 1903(t)(6) of the Social
Security Act;
(ii)the extent to which the use of personal
health records improve communication between individuals and covered entities
(as defined for purposes of HIPAA privacy and security law, as defined in
section 3009(a)(2)) and improve patient health management, including
documentation of the extent to which there are cost savings;
(iii)the extent to
which the use of personal health records, with respect to community health
centers and behavioral health services, improve the effective and efficient
exchange and management of information between the individual involved (or
authorized representative of the individual), including those in medically
underserved communities, and community health centers and behavioral health
service providers;
(iv)status of the
standards implemented in paragraph (9)(A) and the need to revise or include new
standards;
(v)the adequacy of
the components of a personal health record described in paragraph (9)(C);
and
(vi)the affect of having an individual with
full access to the medical records of such individual through use of a personal
health record, including—
(I)a prospective
study analyzing health care utilization (including the impact of personal
health records on health care provider efficiency, health care provider
reimbursement for time spent interacting with individuals as a result of
personal health records, and defensive medicine practices);
(II)the extent that
such access affects communications by means of such records between various
health care providers of the individual (including the use of provider
notations);
(III)a prospective
study analyzing the affect of such access on the patient-health care provider
relationship; and
(IV)the risks and
benefits of an individual having full access to medical records of the
individual through the use of personal health records.
(G)Recommendation
relating to security and privacy of personal health recordsNot later than 6 months after the date of
the enactment of the Personal Health Record Act of 2009, the National
Coordinator shall submit to the appropriate committees of jurisdiction of
Congress a report, including recommendations, on the technological,
medicolegal, medical safety, and other pertinent issues related to an
individual’s control of the personal health record of such individual and shall
establish guidelines for such control. The National Coordinator shall ensure
the participation in such a report of health care consumers, vendors of
personal health records, and covered entities (as defined for purposes of HIPAA
privacy and security law, as defined in section 3009(a)(2)), along with other
health care stakeholders. The report shall encompass at least the following
issues:
(i)the rights of an individual utilizing a
personal health record with respect to the individual’s own individually
identifiable health information contained in such; and
(ii)the security and privacy of an individual
utilizing a personal health record, including—
(I)defining who has
right of access to an individual’s personal health record in the case of a
personal health record provided by a covered entity;
(II)security and privacy issues following
medical emergency access of information in a personal health record by health
care providers;
(III)the impact of an individual restricting
medical information access in a personal health record of such individual to
health care providers on patient care and safety;
(IV)the risks and
benefits of health care provider notification if the personal health record of
an individual is restricted by the individual;
(V)the uses and
disclosures of the information of an individual contained in a personal health
record that should be authorized or required by a vendor of personal health
records providing and maintaining such record;
(VI)electronic
informed consents for disclosing individually identifiable health information;
(VII)the use of an
audit trail of who has entered, removed, and changed data within a personal
health record; and
(VIII)the
dissemination of abnormal laboratory results, diagnostic examinations, and
radiological procedures into personal health records prior to notification of
the abnormality by the health care
provider.
.
(f)Personal health
record standards included in HIT Policy Committee recommendations
(1)Section 3002(b)(2)(B) of the Public Health Service Act
(42 U.S.C. 300jj–12(b)(2)(B)) is amended by adding at the end the following new
clause:
(ix)Standards and implementation specifications
for the interoperability of personal health records and electronic health
records.
.
(2)Conforming
changes relating to HIT Standards Committee recommendations
(A)Deadline for
submission of recommendations to National CoordinatorSection
3003(b)(1)(A) of such Act (42 U.S.C. 300jj–13(b)(1)(A)) is amended by adding at
the end the following: Not later than the date that is 6 months after
the date of the enactment of the Personal Health Record Act of 2009, the HIT
Standards Committee shall recommend to the National Coordinator standards and
implementation specifications described in section 3002(b)(2)(B)(ix). The HIT
Standards Committee shall update such recommendations and make new
recommendations as appropriate, including in response to notification sent
under section 3004(a)(2)(B).
.
(B)Section 3003(b)(2) of such Act (42 U.S.C.
300jj–13(b)(2)) is amended by inserting before the period the following:
, including for the adoption of interoperability of personal health
records and electronic health records
.
(3)Conforming
changes relating to adoption of initial set of standardsSection 3004(b)(1) of such Act (42 U.S.C.
300jj–14(b)(1)) is amended by inserting (other than clause (ix))
after section 3002(b)(2)(B)
.
(g)Application of
guidelines to meaningful use requirements of electronic medical records under
Medicare
(1)Eligible
professional payment incentivesSection 1848(o)(2)(A)(i) of the Social
Security Act (42 U.S.C. 1395w–4(o)(2)(A)(i)) is amended by inserting before the
period at the end the following: and shall include demonstrating the
availability of such technology to and use of such technology by individuals
furnished items and services by such professional in the form of electronic and
personal health records consistent with guidelines established by the National
Coordinator under section 3001(c)(9)(A) of the Public Health Service
Act
.
(2)Eligible
hospital payment incentivesSection 1886(n)(3)(A)(i) of such Act (42
U.S.C. 1395ww(n)(3)(A)(i)) is amended by inserting before the period at the end
the following: , which shall include demonstrating the availability of
such technology to and use of such technology by individuals furnished items
and services by such hospital in the form of electronic and personal health
records consistent with guidelines established by the National Coordinator
under section 3001(c)(9)(A) of the Public Health Service Act
.
(h)Application of
guidelines to meaningful EHR use requirements under
MedicaidSection 1903(t)(6)(C)(i)(II) of the Social Security Act
(42 U.S.C. 1396b(t)(6)(C)(i)(II)) is amended—
(1)by striking
and
before that may be based
; and
(2)by inserting
before the period at the end the following: , and which shall include
demonstrating the availability of such technology to and use of such technology
by individuals furnished items and services by such Medicaid provider in the
form of electronic and personal health records consistent with guidelines
established by the National Coordinator under section 3001(c)(9)(A) of the
Public Health Service Act
.
(i)Relationship to
other lawsSection 13421 of the HITECH Act (42 U.S.C. 17951) is
amended by adding at the end the following new subsection:
(c)Health
Information Portability and Accountability Act, health care providers, and
personal health recordsNothing in this subtitle or the provisions
of or amendments made by the Personal Health Record Act of 2009 shall affect
the ability of a health care provider involved in the direct care of an
individual to obtain pertinent information on the medical history of such
individual from another health care provider involved in the medical care of
the individual, in accordance with HIPAA privacy and security law (as defined
in section 3009(a)(2) of the Public Health Service Act) as in effect before the
date of the enactment of the Personal Health Record Act of 2009.
.