[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2511 Introduced in Senate (IS)]

<DOC>






114th CONGRESS
  2d Session
                                S. 2511

To improve Federal requirements relating to the development and use of 
                 electronic health records technology.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 8, 2016

 Mr. Alexander (for himself, Mrs. Murray, Mr. Cassidy, Mr. Whitehouse, 
  Mr. Hatch, and Mr. Bennet) introduced the following bill; which was 
 read twice and referred to the Committee on Health, Education, Labor, 
                              and Pensions

_______________________________________________________________________

                                 A BILL


 
To improve Federal requirements relating to the development and use of 
                 electronic health records technology.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Improving Health Information 
Technology Act''.

SEC. 2. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY OF 
              CARE FOR PATIENTS.

    (a) In General.--Part 1 of subtitle A of title XIII of the Health 
Information Technology for Economic and Clinical Health Act (Public Law 
111-5) is amended by adding at the end the following:

``SEC. 13103. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY 
              OF CARE FOR PATIENTS.

    ``(a) Reduction in Burdens Goal.--The Secretary of Health and Human 
Services (referred to in this section as the `Secretary'), in 
consultation with providers of health services, health care suppliers 
of services, health care payers, health professional societies, health 
information technology developers, health care quality organizations, 
health care accreditation organizations, public health entities, 
States, and other appropriate entities, shall, in accordance with 
subsection (b)--
            ``(1) establish a goal with respect to the reduction of 
        regulatory or administrative burdens (such as documentation 
        requirements) relating to the use of electronic health records;
            ``(2) develop a strategy for meeting the goal established 
        under paragraph (1); and
            ``(3) develop recommendations for meeting the goal 
        established under paragraph (1).
    ``(b) Strategy and Recommendations.--
            ``(1) In general.--To achieve the goals established under 
        subsection (a)(1), the Secretary, in consultation with the 
        entities described in such subsection, shall, not later than 12 
        months after the date of enactment of this section, develop a 
        strategy and recommendations to meet the goals in accordance 
        with this subsection.
            ``(2) Strategy.--The strategy developed under paragraph (1) 
        shall address the regulatory and administration burdens (such 
        as documentation requirements) relating to the use of 
        electronic health records. Such strategy shall include broad 
        public comment and shall prioritize burdens related to--
                    ``(A) the Medicare and Medicaid EHR Meaningful Use 
                Incentive programs or the Merit-based Incentive Payment 
                System, the Alternative Payment Models, the Hospital 
                Value-Based Purchasing Program, and other value-based 
                payment programs determined appropriate by the 
                Secretary;
                    ``(B) health information technology certification 
                programs;
                    ``(C) standards, and implementation specifications, 
                as appropriate;
                    ``(D) activities that provide individuals access to 
                their electronic health information;
                    ``(E) activities related to protecting the privacy 
                of electronic health information;
                    ``(F) activities related to protecting the security 
                of electronic health information;
                    ``(G) activities related to facilitating health and 
                clinical research;
                    ``(H) activities related to public health;
                    ``(I) activities related to aligning and 
                simplifying quality measures across Federal programs 
                and other payers;
                    ``(J) activities related to reporting clinical data 
                for administrative purposes; and
                    ``(K) other areas determined appropriate by the 
                Secretary.
            ``(3) Recommendations.--The recommendations developed under 
        paragraph (1) shall address--
                    ``(A) actions that improve the clinical 
                documentation experience;
                    ``(B) actions that improve patient care;
                    ``(C) actions to be taken by the Secretary and by 
                other entities; and
                    ``(D) other areas determined appropriate by the 
                Secretary to reduce the reporting burden required of 
                health care providers.
            ``(4) FACA.--The Federal Advisory Committee Act (5 U.S.C. 
        App.) shall not apply to the development of the goal, 
        strategies, or recommendations described in this section.
    ``(c) Application of Certain Regulatory Requirements.--A physician 
(as defined in section 1861(r)(1) of the Social Security Act) may 
delegate electronic medical record documentation requirements specified 
in regulations promulgated by the Department of Health and Human 
Services to a person who is not such physician if such physician has 
signed and verified the documentation.''.
    (b) Certification of Health Information Technology for Medical 
Specialties and Sites of Service.--Section 3001(c)(5) of the Public 
Health Service Act (42 U.S.C. 300jj-11(c)(5)) is amended by adding at 
the end the following:
                    ``(C) Health information technology for medical 
                specialties and sites of service.--
                            ``(i) In general.--The National Coordinator 
                        shall encourage, keep, or recognize, through 
                        existing authorities, the voluntary 
                        certification of health information technology 
                        under the program developed under subparagraph 
                        (A) for use in medical specialties and sites of 
                        service for which no such technology is 
                        available or where more technological 
                        advancement or integration is needed.
                            ``(ii) Specific medical specialties.--The 
                        HIT Policy and Standards Committees shall make 
                        recommendations on specific medical specialties 
                        and sites of service, in addition to those 
                        described in clause (iii), applicable under 
                        this paragraph.
                            ``(iii) Certified health information 
                        technology for pediatrics.--Not later than 18 
                        months after the date of enactment of this 
                        subparagraph, the HIT Policy and Standards 
                        Committees, in consultation with relevant 
                        stakeholders, shall make recommendations for 
                        the voluntary certification of health 
                        information technology for use by pediatric 
                        health providers to support the health care of 
                        children. Not later than 24 months after the 
                        date of enactment of this subparagraph, the 
                        Secretary shall adopt certification criteria 
                        (under section 3004) to support the voluntary 
                        certification of health information technology 
                        for use by pediatric health providers to 
                        support the health care of children.''.
    (c) Meaningful Use Statistics.--
            (1) In general.--Not later than 6 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall submit to the HIT Policy Committee of the Office 
        of the National Coordinator for Health Information Technology, 
        a report concerning attestation statistics for the Medicare and 
        Medicaid EHR Meaningful Use Incentive programs to assist in 
        informing standards adoption and related practices. Such 
        statistics shall include attestation information delineated by 
        State, including the number of providers who did not meet the 
        minimum criteria necessary to attest for the Medicare and 
        Medicaid EHR Meaningful Use Incentive programs for a calendar 
        year, and shall be made publicly available on the Internet 
        website of the Secretary on at least a quarterly basis.
            (2) Authority to alter format.--The Secretary of Health and 
        Human Services may alter the format of the reports on the 
        attestation of eligible health care professionals following the 
        first performance year of the Merit-based Incentive Payment 
        System to account for changes arising from the implementation 
        of such payment system.

SEC. 3. TRANSPARENT RATINGS ON USABILITY AND SECURITY TO TRANSFORM 
              INFORMATION TECHNOLOGY.

    (a) Enhancements to Certification.--Section 3001(c)(5) of the 
Public Health Service Act (42 U.S.C. 300jj-11), as amended by section 
2(b), is further amended--
            (1) in subparagraph (A)--
                    (A) by striking ``The National Coordinator'' and 
                inserting the following:
                            ``(i) Voluntary certification program.--The 
                        National Coordinator''; and
                    (B) by adding at the end the following:
                            ``(ii) Transparency of program.--
                                    ``(I) In general.--To enhance 
                                transparency in the compliance of 
                                health information technology with 
                                certification criteria and other 
                                requirements adopted under this 
                                subtitle, the National Coordinator, in 
                                coordination with authorized 
                                certification bodies, may make 
                                information demonstrating how health 
                                information technology meets such 
                                certification criteria or other 
                                requirements publicly available. Such 
                                information may include summaries, 
                                screenshots, video demonstrations, or 
                                any other information the National 
                                Coordinator determines appropriate.
                                    ``(II) Protection of proprietary 
                                information.--The National Coordinator 
                                shall take appropriate measures to 
                                ensure that there are in effect 
                                effective procedures to prevent the 
                                unauthorized disclosure of any trade 
                                secret or confidential information that 
                                is obtained by the Secretary pursuant 
                                to this section.'';
            (2) in subparagraph (B), by adding at the end the 
        following: ``Beginning 18 months after reporting criteria are 
        finalized under section 3009A, certification criteria shall 
        include, in addition to criteria to establish that the 
        technology meets such standards and implementation 
        specifications, criteria consistent with section 3009A(b) to 
        establish that technology meets applicable security 
        requirements, incorporates user-centered design, and achieves 
        interoperability.''; and
            (3) by adding at the end the following:
                    ``(D) Conditions of certification.--Beginning 1 
                year after the date of enactment of the Improving 
                Health Information Technology Act, the Secretary shall 
                require, as a condition of certification and 
                maintenance of certification for programs maintained or 
                recognized under this paragraph, that--
                            ``(i) the health information technology 
                        developer or entity does not take any action 
                        that constitutes information blocking with 
                        respect to health information technology;
                            ``(ii) the health information technology 
                        developer or entity permits unimpeded 
                        communication among and between health 
                        information technology users, and for the 
                        purposes of health information technology users 
                        communicating with an authorized certification 
                        body, the Office of the National Coordinator, 
                        and the Office of the Inspector General, the 
                        health information technology developer or 
                        entity permits unimpeded communication 
                        regarding the usability, interoperability, 
                        security, business practices, or other relevant 
                        information about the health information 
                        technology or users' experience with the health 
                        information technology;
                            ``(iii) health information from such 
                        technology may be exchanged, accessed, and used 
                        through the use of application programming 
                        interfaces or successor technology or standard 
                        as provided for under applicable law;
                            ``(iv) the health information technology 
                        developer or entity provides to the Secretary 
                        an attestation that the developer or entity--
                                    ``(I) has not engaged in any of the 
                                conduct described in clause (i);
                                    ``(II) allows for communication as 
                                described in clause (ii); and
                                    ``(III) ensures that its technology 
                                allows for health information to be 
                                exchanged, accessed, and used, in the 
                                manner described in clause (iii); and
                            ``(v) the health information technology 
                        developer or entity submits reporting criteria 
                        in accordance with section 3009A(f).''.
    (b) Health Information Technology Rating Program.--Subtitle A of 
title XXX of the Public Health Service Act (42 U.S.C. 300jj-11 et seq.) 
is amended by adding at the end the following:

``SEC. 3009A. HEALTH INFORMATION TECHNOLOGY RATING PROGRAM.

    ``(a) Establishment.--Not later than 180 days after the date of 
enactment of the Improving Health Information Technology Act, the 
Secretary shall recognize a development council made up of one 
representative from each of the certification bodies authorized by the 
Office of the National Coordinator and the testing laboratories 
accredited under section 13201(b) of the Health Information Technology 
for Economic and Clinical Health Act (42 U.S.C. 17911(b)), one 
representative from the National Institute of Standards and Technology, 
and one representative from the Office of the National Coordinator. The 
development council shall meet as needed for the purposes of carrying 
out its activities in accordance with this section.
    ``(b) Reporting Criteria.--
            ``(1) In general.--The Secretary shall, using the 
        procedures prescribed in this subsection, issue rules 
        establishing reporting criteria for health information 
        technology products.
            ``(2) Convening of stakeholders.--Not later than 1 year 
        after the date of enactment of the Improving Health Information 
        Technology Act, the Secretary, in consultation with the 
        development council described in subsection (a), shall convene 
        stakeholders as described in paragraph (3) for the purpose of 
        developing the reporting criteria in accordance with paragraph 
        (4).
            ``(3) Development of reporting criteria.--The reporting 
        criteria under this subsection shall be developed through a 
        public, transparent process that reflects input from relevant 
        stakeholders, including--
                    ``(A) health care providers, including primary care 
                and specialty care health care professionals;
                    ``(B) hospitals and hospital systems;
                    ``(C) health information technology developers;
                    ``(D) patients, consumers, and their advocates;
                    ``(E) data sharing networks, such as health 
                information exchanges;
                    ``(F) authorized certification bodies and testing 
                laboratories;
                    ``(G) security experts;
                    ``(H) relevant manufacturers of medical devices;
                    ``(I) experts in health information technology 
                market economics;
                    ``(J) public and private entities engaged in the 
                evaluation of health information technology 
                performance;
                    ``(K) quality organizations, including the 
                consensus based entity described in section 1890 of the 
                Social Security Act;
                    ``(L) experts in human factors engineering and the 
                measurement of user-centered design; and
                    ``(M) other entities or persons, as the Secretary, 
                in consultation with the development council, 
                determines appropriate.
            ``(4) Considerations for reporting criteria.--The reporting 
        criteria developed under this subsection--
                    ``(A) shall include measures that reflect 
                categories including, with respect to the technology--
                            ``(i) security;
                            ``(ii) usability and user-centered design;
                            ``(iii) interoperability;
                            ``(iv) conformance to certification 
                        testing; and
                            ``(v) other categories as appropriate to 
                        measure the performance of health information 
                        technology;
                    ``(B) may include measures such as--
                            ``(i) enabling the user to order and view 
                        the results of laboratory tests, imaging tests, 
                        and other diagnostic tests;
                            ``(ii) submitting, editing, and retrieving 
                        data from registries such as clinician-led 
                        clinical data registries;
                            ``(iii) accessing and exchanging 
                        information and data from and through Health 
                        Information Exchanges;
                            ``(iv) accessing and exchanging information 
                        and data from medical devices;
                            ``(v) accessing and exchanging information 
                        and data held by Federal, State, and local 
                        agencies and other applicable entities useful 
                        to a health care provider or other applicable 
                        user in the furtherance of patient care;
                            ``(vi) accessing and exchanging information 
                        from other health care providers or applicable 
                        users;
                            ``(vii) accessing and exchanging patient 
                        generated information;
                            ``(viii) providing the patient or an 
                        authorized designee with a complete copy of 
                        their health information from an electronic 
                        record in a computable format;
                            ``(ix) providing accurate patient 
                        information for the correct patient, including 
                        exchanging such information, and avoiding the 
                        duplication of patients records; and
                            ``(x) other appropriate functionalities; 
                        and
                    ``(C) shall be designed to ensure that small and 
                start-up health information technology developers are 
                not unduly disadvantaged by the reporting criteria or 
                rating scale methodology.
            ``(5) Consideration of development council 
        recommendations.--In promulgating proposed rules under this 
        subsection, including modifications to such rules under 
        subsection (e), the Secretary may accept, reject, or modify the 
        recommendations of the development council, but may not 
        promulgate a proposed rule that does not represent a complete 
        recommendation of such council.
            ``(6) Public comment.--In promulgating proposed rules under 
        this subsection, the Secretary shall conduct a public comment 
        period of not less than 60 days during which any member of the 
        public may provide comments on the proposed reporting criteria 
        and the methodology for the rating body (defined in subsection 
        (g)) to use in determining the star ratings.
            ``(7) Final rules.--The final rule promulgated under this 
        subsection shall be accompanied by timely responses to the 
        public comments described in paragraph (6).
            ``(8) FACA.--The Federal Advisory Committee Act (5 U.S.C. 
        App.) shall not apply to the development council described in 
        this section.
    ``(c) Feedback.--
            ``(1) In general.--The Secretary, in consultation with the 
        development council, shall establish a process for the rating 
        body (described in subsection (g)) to collect and verify 
        confidential feedback from--
                    ``(A) health care providers, patients, and other 
                users of certified health information technology on the 
                usability, security, and interoperability of health 
                information technology products; and
                    ``(B) developers of certified health information 
                technology on practices of health information 
                technology users that may inhibit interoperability.
            ``(2) Paperwork reduction act.--The Paperwork Reduction Act 
        (44 U.S.C. 3501 et seq.) shall not apply to the collection of 
        feedback described in this subsection.
    ``(d) Methodology.--The Secretary, in consultation with the 
development council, shall develop a methodology to be used by the 
rating body described in subsection (g) to calculate the star ratings 
for certified health information technology described in subsection 
(a). The methodology shall use the reporting criteria developed in 
subsection (b), and the confidential feedback collected under 
subsection (c). In developing such methodology, the Secretary, in 
consultation with the development council, shall--
            ``(1) provide for appropriate weighting of user feedback 
        submitted under subsection (c) and reporting criteria submitted 
        under subsection (f), including consideration of the number of 
        users who submitted such feedback;
            ``(2) consider the impact of customization or adaptation by 
        users of certified health information technology on 
        performance;
            ``(3) account for the intended function, scope, and type of 
        certified health information technology;
            ``(4) in consultation with the development council and 
        after seeking comment from developers of health information 
        technology in a manner that ensures appropriate industry 
        feedback, establish a timeframe, but in no case less frequent 
        than once every 3 years, for the submission of reporting 
        criteria under subsection (f); and
            ``(5) establish a timeframe for incorporating user feedback 
        submitted under subsection (c) and reporting criteria submitted 
        under subsection (f) into the star ratings for certified health 
        information technology that accounts for updates to such 
        technology in order to encourage innovation and maximize the 
        utility of the star ratings.
    ``(e) Modifications.--
            ``(1) To the number of stars in the rating program.--The 
        development council may modify the number of star ratings 
        employed by the system, but not more frequently than every 4 
        years. In no case shall the rating system employ fewer than 3 
        stars.
            ``(2) To the reporting criteria.--After the final reporting 
        criteria have been established under this section, the 
        Secretary, in consultation with the development council, may 
        convene stakeholders and conduct a public reporting period for 
        the purpose of modifying the reporting criteria developed under 
        subsection (b) and methodology for determining the star ratings 
        proposed under subsection (e).
            ``(3) To the methodology.--After the final methodology to 
        be used by the rating body is established under subsection (e), 
        the Secretary, in consultation with the development council, 
        may modify the methodology used to calculate the star ratings 
        for certified health information technology using the reporting 
        criteria developed under subsection (b) and the confidential 
        feedback collected under subsection (c).
            ``(4) Consideration of gao report.--The Secretary and the 
        development council shall take into account the recommendations 
        from the Comptroller General under subsection (k), where 
        available, for the purposes of this paragraph.
    ``(f) Participation.--As a condition of maintaining their 
certification under section 3001(c)(5)(D), a developer of certified 
health information technology shall report on the criteria developed 
under subsection (b) for all such certified technology offered by such 
developer pursuant to the timeframe established under subsection (d).
    ``(g) Rating Body.--
            ``(1) In general.--The National Coordinator shall recognize 
        an independent entity with appropriate expertise to carry out 
        the rating program established by the development council under 
        subsection (a) and shall redetermine such recognition at least 
        every 4 years.
            ``(2) Consultation.--The entity recognized under paragraph 
        (1) may consult with organizations with expertise in the 
        measurement of interoperability, usability, and security of 
        health information technology in carrying out activities under 
        this section.
    ``(h) One Star Rating.--Each health information technology 
developer, or entity offering health information technology for 
certification, that receives a 1 star rating shall take action, through 
an improvement plan developed with the rating body and approved by the 
Secretary, to improve the health information technology rating within a 
timeframe that the Secretary determines appropriate.
    ``(i) Decertification.--
            ``(1) Mandatory.--The Secretary shall decertify health 
        information technology if the developer or entity offering 
        health information technology does not submit reporting 
        criteria in accordance with subsection (f) within 90 days of 
        the timeline established under subsection (d).
            ``(2) Other decertification.--The Secretary may decertify 
        health information technology if--
                    ``(A) the health information technology does not 
                improve from a one star rating within the timeframe 
                established under subsection (h); or
                    ``(B) in other circumstances, as the Secretary 
                determines appropriate.
    ``(j) GAO Reports.--During the 12-year period beginning on the date 
of enactment of the Improving Health Information Technology Act, the 
Comptroller General of the United States shall submit to Congress a 
report every 4 years on the rating scale methodology developed pursuant 
to subsection (d), providing observations on the appropriateness of the 
current methodology and recommendations for changes to the methodology. 
The Development Council shall recommend to Congress and the Secretary 
if additional reports are needed after the expiration of such 12-year 
period.
    ``(k) Internet Website.--On the Internet website of the Office of 
the National Coordinator, the Secretary shall publish the criteria and 
methodology used to determine the star ratings, and, for each certified 
health information technology, the final star rating, and a report 
outlining such technology's performance with regard to the reporting 
criteria developed under subsection (b), and if an improvement plan has 
been administered. Following the reporting described in subsection (f), 
the rating body shall have 30 days to calculate and submit updated 
ratings to the Secretary and each developer of health information 
technology, and updated ratings shall be published on such Internet 
website not later than 30 days following such submission, 
notwithstanding an appeal of a rating by a developer or entity through 
the process developed under subsection (m).
    ``(l) Hardship Exemption.--Decertification of an adopted health 
information technology product under subsection (i) shall be considered 
a significant hardship resulting in a blanket exemption from the 
payment adjustment pursuant to section 1848(a)(7)(B) of the Social 
Security Act for eligible professionals, section 1886(b)(3)(ix)(II) of 
such Act for eligible hospitals, and 1814(l)(4)(C) of such Act for 
critical access hospitals.
    ``(m) Notification and Appeals.--The Secretary shall establish a 
process whereby any health information technology developer, or entity 
offering health information technology, is notified not less than 30 
days before being made public and can appeal--
            ``(1) the health information technology product's star 
        rating; or
            ``(2) the Secretary's decision to decertify a product, as 
        applicable.''.

SEC. 4. INFORMATION BLOCKING.

    Subtitle C of title XXX of the Public Health Service Act (42 U.S.C. 
300jj-51 et seq.) is amended by adding at the end the following:

``SEC. 3022. INFORMATION BLOCKING.

    ``(a) Definition.--
            ``(1) In general.--The term `information blocking' means--
                    ``(A) with respect to a health information 
                technology developer, exchange, or network, business, 
                technical, or organizational practices that--
                            ``(i) except as required by law or 
                        specified by the Secretary, interferes with, 
                        prevents, or materially discourages access, 
                        exchange, or use of electronic health 
                        information; and
                            ``(ii) the developer, exchange, or network 
                        knows, or should know, are likely to interfere 
                        with or prevent or materially discourage the 
                        access, exchange, or use of electronic health 
                        information; and
                    ``(B) with respect to a health care provider, the 
                person or entity knowingly and unreasonably restricts 
                electronic health information exchange for patient care 
                or other priorities as determined appropriate by the 
                Secretary.
            ``(2) Rulemaking.--The Secretary shall, through 
        rulemaking--
                    ``(A) identify reasonable and necessary activities 
                that do not constitute information blocking for 
                purposes of paragraph (1)(A); and
                    ``(B) identify actions that meet the definition of 
                information blocking with respect to health care 
                providers for purposes of paragraph (1)(B).
    ``(b) Inspector General Authority.--
            ``(1) In general.--The Inspector General of the Department 
        of Health and Human Services may investigate any claim that--
                    ``(A) a health information technology developer of, 
                or other entity offering certified health information 
                technology--
                            ``(i) submits a false attestation made 
                        under section 3001(c)(5)(D); or
                            ``(ii) engaged in information blocking with 
                        respect to the use of such health information 
                        technology by a health care provider, unless 
                        for a legitimate purpose specified by the 
                        Secretary;
                    ``(B) a health care provider engaged in information 
                blocking with respect to access or exchange of 
                certified health information technology, unless for a 
                legitimate purpose specified by the Secretary; and
                    ``(C) a health information network or exchange 
                provider engaged in information blocking with respect 
                to the access, exchange, or use of such certified 
                health information technology, unless for a legitimate 
                purpose specified by the Secretary.
            ``(2) Jurisdiction of the inspector general.--For purposes 
        of this section, the Office of the Inspector General shall have 
        jurisdiction with respect to exchanges and networks, as well as 
        any developer or entity offering health information technology 
        for certification under a program or programs kept or 
        recognized by the National Coordinator under section 
        3001(c)(5). The National Coordinator shall notify developers of 
        health information technology as appropriate regarding the 
        jurisdiction of the Inspector General under this paragraph.
            ``(3) Penalty.--
                    ``(A) Developers, networks, and exchanges.--With 
                respect to a health information technology developer, 
                exchange, or network, a person or entity determined by 
                the Inspector General to have committed information 
                blocking as described in subparagraph (A) or (C) of 
                paragraph (1) shall be subject to a civil monetary 
                penalty in an amount determined, through notice-and-
                comment rulemaking, by the Secretary which may take 
                into account factors such as the extent and duration of 
                the information blocking and the number of patients and 
                providers potentially affected.
                    ``(B) Providers.--With respect to health care 
                providers, any person or entity determined by the 
                Inspector General to have committed information 
                blocking as described in subparagraph (B) of paragraph 
                (1) shall be subject to appropriate incentives and 
                disincentives using authorities under applicable 
                Federal law, as determined appropriate by the Secretary 
                through notice and comment rulemaking.
                    ``(C) Procedure.--The provisions of section 1128A 
                of the Social Security Act (other than subsections (a) 
                and (b)) shall apply to a civil money penalty applied 
                under this subsection in the same manner as such 
                provisions apply to a civil money penalty or proceeding 
                under section 1128A(a).
                    ``(D) Recovery of funds.--Notwithstanding section 
                3302 of title 31, United States Code, or any other 
                provision of law affecting the crediting of 
                collections, the Inspector General of the Department of 
                Health and Human Services may receive and retain for 
                current use any amounts recovered under subparagraphs 
                (A) and (C). In addition to amounts otherwise available 
                to the Inspector General, funds received by the 
                Inspector General under this paragraph shall be 
                deposited, as an offsetting collection, to the credit 
                of any appropriation available for purposes of carrying 
                out this subsection and shall be available without 
                fiscal year limitation and without further 
                appropriation.
            ``(4) Resolution of claims.--
                    ``(A) In general.--The Office of the Inspector 
                General, if such Office determines that a simple 
                consultation regarding the health privacy and security 
                rules promulgated under section 264(c) of the Health 
                Insurance Portability and Accountability Act of 1996 
                (42 U.S.C. 1320d-2 note) will resolve the claim at 
                issue, may refer instances of information blocking to 
                the Office for Civil Rights of the Department of Health 
                and Human Services for resolution.
                    ``(B) Limitation on liability.--If a health 
                information technology developer makes information 
                available based on a good faith reliance on 
                consultations with the Office for Civil Rights of the 
                Department of Health and Human Services with respect to 
                such information, the developer shall not be liable for 
                such disclosure.
    ``(c) Identifying Barriers to Exchange of Certified Health 
Information Technology.--
            ``(1) Trusted exchange defined.--In this section, the term 
        `trusted exchange' with respect to certified health information 
        technology means that the certified health information 
        technology has the technical capability to enable secure health 
        information exchange between users and multiple certified 
        health information technology systems.
            ``(2) Guidance.--The National Coordinator, in consultation 
        with the Office for Civil Rights of the Department of Health 
        and Human Services, shall issue guidance on common legal, 
        governance, and security barriers that prevent the trusted 
        exchange of electronic health information.
            ``(3) Referral.--The National Coordinator and the Office 
        for Civil Rights of the Department of Health and Human Services 
        may refer to the Inspector General instances or patterns of 
        refusal to exchange health information with an individual or 
        entity using certified health information technology that is 
        technically capable of trusted exchange and under conditions 
        when exchange is legally permissible.
            ``(4) HIT standards committee consideration.--Not later 
        than 1 year after the date of enactment of the Improving Health 
        Information Technology Act, the HIT Standards Committee shall 
        begin consideration of issues related to trusted exchange.''.

SEC. 5. INTEROPERABILITY.

    (a) Definition.--Section 3000 of the Public Health Service Act (42 
U.S.C. 300jj) is amended--
            (1) by redesignating paragraphs (10) through (14), as 
        paragraphs (11) through (15), respectively; and
            (2) by inserting after paragraph (9) the following:
            ``(10) Interoperability.--The term `interoperability' with 
        respect to health information technology means such health 
        information technology that has the ability to securely 
        exchange electronic health information with and use electronic 
        health information from other health information technology 
        without special effort on the part of the user.''.
    (b) Support for Interoperable Network Exchange.--Section 3001(c) of 
the Public Health Service Act (42 U.S.C. 300jj-11(c)) is amended by 
adding at the end the following:
            ``(9) Support for interoperable networks exchange.--
                    ``(A) In general.--The National Coordinator shall, 
                in collaboration with the National Institute of 
                Standards and Technology and other relevant agencies 
                within the Department of Health and Human Services, for 
                the purpose of ensuring full network-to-network 
                exchange of health information, convene public-private 
                and public-public partnerships to build consensus and 
                develop a trusted exchange framework, including a 
                common agreement among health information networks 
                nationally. Such convention may occur at a frequency 
                determined appropriate by the Secretary.
                    ``(B) Establishing a trusted exchange framework.--
                            ``(i) In general.--Not later than six 
                        months after the date of enactment of this 
                        paragraph, the National Coordinator shall 
                        convene appropriate public and private 
                        stakeholders to develop a trusted exchange 
                        framework for trust policies and practices and 
                        for a common agreement for exchange between 
                        health information networks. The common 
                        agreement may include--
                                    ``(I) a common method for 
                                authenticating trusted health 
                                information network participants;
                                    ``(II) a common set of rules for 
                                trusted exchange;
                                    ``(III) organizational and 
                                operational policies to enable the 
                                exchange of health information among 
                                networks, including minimum conditions 
                                for such exchange to occur; and
                                    ``(IV) a process for filing and 
                                adjudicating noncompliance with the 
                                terms of the common agreement.
                            ``(ii) Technical assistance.--The National 
                        Coordinator, in conjunction with the National 
                        Institute of Standards and Technology, shall 
                        provide technical assistance on how to 
                        implement the trusted exchange framework and 
                        common agreement under this paragraph.
                            ``(iii) Pilot testing.--The National 
                        Coordinator, in collaboration with the National 
                        Institute of Standards and Technology, shall 
                        provide for the pilot testing of the trusted 
                        exchange framework and common agreement 
                        established under this subsection (as 
                        authorized under section 13201 of the Health 
                        Information Technology for Economic and 
                        Clinical Health Act). The National Coordinator, 
                        in collaboration with the National Institute of 
                        Standards and Technology, may delegate pilot 
                        testing activities under this clause to 
                        independent entities with appropriate 
                        expertise.
                    ``(C) Publication of a trusted exchange framework 
                and common agreement.--Not later than one year after 
                convening stakeholders under subparagraph (A), the 
                National Coordinator shall publish on its public 
                Internet website, and in the Federal register, the 
                trusted exchange framework and common agreement 
                developed under subparagraph (B). Such trusted exchange 
                framework and common agreement shall be published in a 
                manner that protects proprietary and security 
                information, including trade secrets and any other 
                protected intellectual property.
                    ``(D) Directory of participating health information 
                networks.--
                            ``(i) In general.--Not later than two years 
                        after convening stakeholders under subparagraph 
                        (A), and annually thereafter, the National 
                        Coordinator shall publish on its public 
                        Internet website a list of those health 
                        information networks that have adopted the 
                        common agreement and are capable of trusted 
                        exchange pursuant to the common agreement 
                        developed under paragraph (B).
                            ``(ii) Process.--The Secretary shall, 
                        through notice-and-comment rulemaking, 
                        establish a process for health information 
                        networks that voluntarily elect to adopt the 
                        trusted exchange framework and common agreement 
                        to attest to such adoption of the framework and 
                        agreement.
                    ``(E) Application of the trusted exchange framework 
                and common agreement.--As appropriate, Federal agencies 
                contracting or entering into agreements with health 
                information exchange networks may require that as each 
                such network upgrades health information technology or 
                trust and operational practices, it may adopt, where 
                available, the trusted exchange framework and common 
                agreement published under subparagraph (C).
                    ``(F) Rule of construction.--
                            ``(i) General adoption.--Nothing in this 
                        paragraph shall be construed to require a 
                        health information network to adopt the trusted 
                        exchange framework or common agreement.
                            ``(ii) Adoption when exchange of 
                        information is within network.--Nothing in this 
                        paragraph shall be construed to require a 
                        health information network to adopt the trusted 
                        exchange framework or common agreement for the 
                        exchange of electronic health information 
                        between participants of the same network.
                            ``(iii) Existing frameworks and 
                        agreements.--The trusted exchange framework and 
                        common agreement published under subparagraph 
                        (C) shall take into account existing trusted 
                        exchange frameworks and agreements used by 
                        health information networks to avoid the 
                        disruption of existing exchanges between 
                        participants of health information networks.
                            ``(iv) Application by federal agencies.--
                        Notwithstanding clauses (i), (ii), and (iii), 
                        Federal agencies may require the adoption of 
                        the trusted exchange framework and common 
                        agreement published under subparagraph (C) for 
                        health information exchanges contracting with 
                        or entering into agreements pursuant to 
                        subparagraph (E).
                            ``(v) Consideration of ongoing work.--In 
                        carrying out this paragraph, the Secretary 
                        shall ensure the consideration of activities 
                        carried out by public and private organizations 
                        related to exchange between health information 
                        exchanges to avoid duplication of efforts.''.
    (c) Provider Digital Contact Information Index.--
            (1) In general.--Not later than 36 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall either directly, or through a partnership with a 
        private entity, establish a provider digital contact 
        information index to provide digital contact information for 
        health professionals, health facilities, and other individuals 
        or organizations.
            (2) Use of existing index.--In establishing the initial 
        index under paragraph (1), the Secretary of Health and Human 
        Services may utilize an existing provider directory to make 
        such digital contact information available.
            (3) Contact information.--An index established under this 
        subsection shall ensure that contact information is available 
        at the individual health care provider level and at the health 
        facility or practice level.
            (4) Rule of construction.--
                    (A) In general.--The purpose of this subsection is 
                to encourage the exchange of electronic health 
                information by providing the most useful, reliable, and 
                comprehensive index of providers possible. In 
                furthering such purpose, the Secretary of Health and 
                Human Services shall include all health professionals, 
                health facilities, and other individuals or 
                organizations applicable to provide a useful, reliable, 
                and comprehensive index for use in the exchange of 
                health information.
                    (B) Limitation.--In no case shall exclusion from 
                the index of providers be used as a measure to achieve 
                objectives other those described in subparagraph (A).
    (d) Standards Development Organizations.--Section 3004 of the 
Public Health Service Act (42 U.S.C. 300jj-14) is amended by adding at 
the end the following:
    ``(c) Deference to Standards Development Organizations.--In 
adopting and implementing standards under this section, the Secretary 
shall give deference to standards published by Standards Development 
Organizations and voluntary consensus-based standards bodies.''.

SEC. 6. LEVERAGING HEALTH INFORMATION TECHNOLOGY TO IMPROVE PATIENT 
              CARE.

    (a) Requirement Relating to Registries.--
            (1) In general.--To be certified in accordance with title 
        XXX of the Public Health Service Act, health information 
        technology (as defined by section 3000(5) of the Public Health 
        Service Act (42 U.S.C. 300jj(5))) shall be capable of 
        transmitting to, and where applicable, receiving and accepting 
        data from registries in accordance with standards recognized by 
        the Office of the National Coordinator for Health Information 
        Technology, including clinician-led clinical data registries, 
        that are also certified to be technically capable of receiving 
        and accepting from, and where applicable, transmitting data to 
        certified health information technology in accordance with such 
        standards.
            (2) Rule of construction.--Nothing in this subsection shall 
        be construed to require the certification of registries beyond 
        the technical capability to exchange data in accordance with 
        applicable endorsed standards.
    (b) Definition.--For purposes of this Act (including amendments 
made to title XXX of the Public Health Service Act (42 U.S.C. 300jj et 
seq.)), the term ``clinician-led clinical data registry'' means a 
clinical data repository--
            (1) that is established and operated by a clinician-led or 
        controlled, tax-exempt (pursuant to section 501(c) of the 
        Internal Revenue Code of 1986), professional society or other 
        similar clinician-led or -controlled organization, or such 
        organization's controlled affiliate, devoted to the care of a 
        population defined by a particular disease, condition, exposure 
        or therapy;
            (2) that is designed to collect detailed, standardized data 
        on an ongoing basis for medical procedures, services, or 
        therapies for particular diseases, conditions, or exposures;
            (3) that provides feedback to participants who submit 
        reports to the repository;
            (4) that meets standards for data quality including--
                    (A) systematically collecting clinical and other 
                health care data, using standardized data elements and 
                has procedures in place to verify the completeness and 
                validity of those data; and
                    (B) being subject to regular data checks or audits 
                to verify completeness and validity; and
            (5) that provides ongoing participant training and support.
    (c) Treatment of Health Information Technology Developers With 
Respect to Patient Safety Organizations.--
            (1) In general.--In applying part C of title IX of the 
        Public Health Service Act (42 U.S.C. 299b-21 et seq.), a health 
        information technology developer shall be treated as a provider 
        (as defined in section 921 of such Act) for purposes of 
        reporting and conducting patient safety activities concerning 
        improving clinical care through the use of health information 
        technology that could result in improved patient safety, health 
        care quality, or health care outcomes.
            (2) Report.--Not later than 48 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall submit to the Committee on Health, Education, 
        Labor, and Pensions of the Senate and the Committee on Energy 
        and Commerce of the House of Representatives, a report 
        concerning best practices and current trends voluntarily 
        provided, and without identifying individual providers or 
        disclosing or using protected health information or 
        individually identifiable information, by Patient Safety 
        Organizations to improve the integration of health information 
        technology into clinical practice.

SEC. 7. EMPOWERING PATIENTS AND IMPROVING PATIENT ACCESS TO THEIR 
              ELECTRONIC HEALTH INFORMATION.

    (a) Use of Health Information Exchanges for Patient Access.--
Section 3009 of the Public Health Service Act (42 U.S.C. 300jj-19) is 
amended by adding at the end the following:
    ``(c) Promoting Patient Access to Electronic Health Information 
Through Health Information Exchanges.--
            ``(1) In general.--The National Coordinator, in 
        coordination with the Office for Civil Rights of the Department 
        of Health and Human Services, shall use existing authorities to 
        encourage partnerships between health information exchange 
        organizations and networks and health care providers, health 
        plans, and other appropriate entities to offer patients access 
        to their electronic health information in a single, 
        longitudinal format that is easy to understand, secure, and may 
        update such information automatically.
            ``(2) Education of providers.--The National Coordinator, in 
        coordination with the Office for Civil Rights of the Department 
        of Health and Human Services, shall--
                    ``(A) educate health care providers on ways in 
                which to leverage the capabilities of health 
                information exchanges (or other relevant platforms) to 
                provide patients with access to their electronic health 
                information;
                    ``(B) clarify misunderstandings by health care 
                providers about using health information exchanges (or 
                other relevant platforms) for patient access to 
                electronic health information; and
                    ``(C) to the extent practicable, educate providers 
                about health information exchanges (or other relevant 
                platforms) that employ some or all of the capabilities 
                described in paragraph (1).
            ``(3) Requirements.--In carrying out paragraph (1), the 
        National Coordinator, in coordination with the Office for Civil 
        Rights, shall issue guidance to health information exchanges 
        related to best practices to ensure that the electronic health 
        information provided to patients is--
                    ``(A) private and secure;
                    ``(B) accurate;
                    ``(C) verifiable; and
                    ``(D) where a patient's authorization to exchange 
                is required by law, easily exchanged pursuant to such 
                authorization.
            ``(4) Rule of construction.--Nothing in this subsection 
        shall be construed to preempt State laws applicable to patient 
        consent for the access of information through a Health 
        Information Exchange (or other relevant platforms) that provide 
        protections to patients that are greater than the protections 
        otherwise provided for under applicable Federal law.
    ``(d) Efforts To Promote Access to Health Information.--The 
National Coordinator and the Office for Civil Rights of the Department 
of Health and Human Services shall jointly, through the development of 
policies that support dynamic technology solutions, promote patient 
access to health information in a manner that would ensure that such 
information is available in a form convenient for the patient, in a 
reasonable manner, and without burdening the health care provider 
involved.
    ``(e) Accessibility of Patient Records.--
            ``(1) Accessibility and updating of information.--
                    ``(A) In general.--The Secretary, in consultation 
                with the National Coordinator, shall promote policies 
                that ensure that a patient's electronic health 
                information is accessible to that patient, and their 
                designees, in a manner that facilitates communication 
                with the patient's health care providers and such 
                patient's consent, including with respect to research.
                    ``(B) Updating education on accessing and 
                exchanging personal health information.--To promote 
                awareness that an individual has a right of access to 
                inspect, obtain a copy of, and transmit to a third 
                party a copy of protected health information pursuant 
                to the Health Information Portability and 
                Accountability Act Privacy Rule (45 C.F.R. 164.524 et 
                seq.), the Director of the Office for Civil Rights, in 
                consultation with the National Coordinator, shall 
                assist individuals and health care providers in 
                understanding a patient's rights to access and protect 
                their personal health information under the Health 
                Insurance Portability and Accountability Act of 1996 
                (Public Law 104-191), including providing best 
                practices for requesting personal health information in 
                a computable format, including using patient portals or 
                third-party applications and common cases when a 
                provider is permitted to exchange and provide access to 
                health information.
            ``(2) Certifying usability for patients.--In carrying out 
        certification programs under section 3001(c)(5), the National 
        Coordinator shall require, where applicable, that such program 
        or programs require the following:
                    ``(A) That certification criteria support patient 
                access to their electronic health information, 
                including in a single longitudinal format that is easy 
                to understand, secure, and may be updated 
                automatically.
                    ``(B) That developers of health information 
                technology support patient access to an electronic 
                health record in a longitudinal format that is easy to 
                understand, secure, and may be updated automatically.
                    ``(C) That certification criteria support patient 
                access to their personal electronic health information 
                for research at the option of the patient.
                    ``(D) That certification criteria support patient 
                and health care provider communication, including--
                            ``(i) the ability for the patient to 
                        electronically communicate patient reported 
                        information (such as family history and medical 
                        history); and
                            ``(ii) the ability for the patient to 
                        electronically share patient health 
                        information, at the option of the patient.
                    ``(E) That certified health information technology 
                used for health programs where certified health 
                information technology is required, include the 
                function for patient access to their own health 
                information, including--
                            ``(i) ensuring that, as a condition of 
                        certification, health care providers have 
                        options for making such information accessible 
                        for patients;
                            ``(ii) ensuring that patients have options 
                        for accessing such information; and
                            ``(iii) ensuring that patients have access 
                        to information regarding their legal rights and 
                        responsibilities, as well the options available 
                        to them for accessing their electronic health 
                        information.
                    ``(F) That the HIT Standards Committee develop and 
                prioritize standards, implementation specifications, 
                and certification criteria required to help support 
                patient access to electronic health information, 
                patient usability, and support for technologies that 
                offer patients access to their electronic health 
                information in a single, longitudinal format that is 
                easy to understand, secure, and may be updated 
                automatically.''.
    (b) Access to Information in an Electronic Format.--Section 
13405(e) of the Health Information Technology for Economic and Clinical 
Health Act (42 U.S.C. 17935) is amended--
            (1) in paragraph (1), by striking ``and'' at the end;
            (2) by redesignating paragraph (2) as paragraph (3); and
            (3) by inserting after paragraph (1), the following:
            ``(2) if the individual makes a request to a business 
        associate for access to, or a copy of, protected health 
        information about the individual, or if an individual makes a 
        request to a business associate to grant such access to, or 
        transmit such copy directly to, a person or entity designated 
        by the individual, a business associate may provide the 
        individual with such access or copy, which may be in an 
        electronic form, or grant or transmit such access or copy to 
        such person or entity designated by the individual; and''.

SEC. 8. GAO STUDY ON PATIENT MATCHING.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Comptroller General of the United States shall conduct 
a study to review the policies and activities of the Office of the 
National Coordinator for Health Information Technology and other 
relevant stakeholders to ensure appropriate patient matching to protect 
patient privacy and security with respect to electronic health records 
and the exchange of electronic health information.
    (b) Areas of Concentration.--In conducting the study under 
subsection (a), the Comptroller General shall--
            (1) evaluate current methods used in certified electronic 
        health records for patient matching based on performance 
        related to factors such as--
                    (A) the privacy of patient information;
                    (B) the security of patient information;
                    (C) improving matching rates;
                    (D) reducing matching errors; and
                    (E) reducing duplicate records; and
            (2) determine whether the Office of the National 
        Coordinator for Health Information Technology could improve 
        patient matching by taking steps including--
                    (A) defining additional data elements to assist in 
                patient data matching;
                    (B) agreeing on a required minimum set of elements 
                that need to be collected and exchanged;
                    (C) requiring electronic health records to have the 
                ability to make certain fields required and use 
                specific standards; or
                    (D) other options recommended by the relevant 
                stakeholders consulted pursuant to subsection (a).
    (c) Report.--Not later than 2 years after the date of enactment of 
this Act, the Comptroller General shall submit to the appropriate 
committees of Congress a report concerning the findings of the study 
conducted under subsection (a).
                                 <all>