[Congressional Bills 113th Congress]
[From the U.S. Government Publishing Office]
[H.R. 3795 Introduced in House (IH)]

113th CONGRESS
  1st Session
                                H. R. 3795

To require notifications by the Secretary of Health and Human Services 
 to Congress and to individuals of breaches of personally identifiable 
information of such individuals maintained, submitted to, or submitted 
 by a system maintained by Exchanges under the Patient Protection and 
              Affordable Care Act, and for other purposes.


_______________________________________________________________________


                    IN THE HOUSE OF REPRESENTATIVES

                           December 19, 2013

Mr. Bilirakis introduced the following bill; which was referred to the 
                    Committee on Energy and Commerce

_______________________________________________________________________

                                 A BILL


 
To require notifications by the Secretary of Health and Human Services 
 to Congress and to individuals of breaches of personally identifiable 
information of such individuals maintained, submitted to, or submitted 
 by a system maintained by Exchanges under the Patient Protection and 
              Affordable Care Act, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``One Hour Notification Act of 2013'' 
and as the ``OH No Act of 2013''.

SEC. 2. NOTIFICATION AND ANNUAL REPORT RELATING TO BREACHES OF 
              PERSONALLY IDENTIFIABLE INFORMATION BY PPACA EXCHANGES.

    (a) Notification of Data Breaches.--The Secretary of Health and 
Human Services, following the discovery of a breach of the personally 
identifiable information of an individual that is maintained, submitted 
to, or submitted by a system maintained by an Exchange established 
under title I of the Patient Protection and Affordable Care Act (Public 
Law 111-148), shall--
            (1) not more than one hour after the time at which the 
        Secretary is notified of such breach, notify the individual 
        that such information has been so breached; and
            (2) in a timely manner, notify the Committees on Energy and 
        Commerce, Ways and Means, and Education and Workforce of the 
        House of Representatives and the Committees on Finance and 
        Health, Education, Labor, and Pensions of the Senate that such 
        information has been so breached.
    (b) Annual Report.--Not later than January 1, 2015, and each year 
thereafter, the Secretary of Health and Human Services shall submit to 
Congress an annual report that identifies, with respect to the breaches 
of security described in subsection (a)--
            (1) all such breaches that occurred within the past year; 
        and
            (2) the security rules, standards, and risk mitigation 
        strategies implemented by the Secretary, as of the date of the 
        submission of such report, for the purpose of preventing such 
        breaches.
                                 <all>