[Congressional Bills 114th Congress]
[From the U.S. Government Publishing Office]
[S. 2511 Reported in Senate (RS)]

<DOC>





                                                       Calendar No. 418
114th CONGRESS
  2d Session
                                S. 2511

To improve Federal requirements relating to the development and use of 
                 electronic health records technology.


_______________________________________________________________________


                   IN THE SENATE OF THE UNITED STATES

                            February 8, 2016

 Mr. Alexander (for himself, Mrs. Murray, Mr. Cassidy, Mr. Whitehouse, 
  Mr. Hatch, and Mr. Bennet) introduced the following bill; which was 
 read twice and referred to the Committee on Health, Education, Labor, 
                              and Pensions

                             April 5, 2016

              Reported by Mr. Alexander, with an amendment
 [Strike out all after the enacting clause and insert the part printed 
                               in italic]

_______________________________________________________________________

                                 A BILL


 
To improve Federal requirements relating to the development and use of 
                 electronic health records technology.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

<DELETED>SECTION 1. SHORT TITLE.</DELETED>

<DELETED>    This Act may be cited as the ``Improving Health 
Information Technology Act''.</DELETED>

<DELETED>SEC. 2. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE 
              QUALITY OF CARE FOR PATIENTS.</DELETED>

<DELETED>    (a) In General.--Part 1 of subtitle A of title XIII of the 
Health Information Technology for Economic and Clinical Health Act 
(Public Law 111-5) is amended by adding at the end the 
following:</DELETED>

<DELETED>``SEC. 13103. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE 
              QUALITY OF CARE FOR PATIENTS.</DELETED>

<DELETED>    ``(a) Reduction in Burdens Goal.--The Secretary of Health 
and Human Services (referred to in this section as the `Secretary'), in 
consultation with providers of health services, health care suppliers 
of services, health care payers, health professional societies, health 
information technology developers, health care quality organizations, 
health care accreditation organizations, public health entities, 
States, and other appropriate entities, shall, in accordance with 
subsection (b)--</DELETED>
        <DELETED>    ``(1) establish a goal with respect to the 
        reduction of regulatory or administrative burdens (such as 
        documentation requirements) relating to the use of electronic 
        health records;</DELETED>
        <DELETED>    ``(2) develop a strategy for meeting the goal 
        established under paragraph (1); and</DELETED>
        <DELETED>    ``(3) develop recommendations for meeting the goal 
        established under paragraph (1).</DELETED>
<DELETED>    ``(b) Strategy and Recommendations.--</DELETED>
        <DELETED>    ``(1) In general.--To achieve the goals 
        established under subsection (a)(1), the Secretary, in 
        consultation with the entities described in such subsection, 
        shall, not later than 12 months after the date of enactment of 
        this section, develop a strategy and recommendations to meet 
        the goals in accordance with this subsection.</DELETED>
        <DELETED>    ``(2) Strategy.--The strategy developed under 
        paragraph (1) shall address the regulatory and administration 
        burdens (such as documentation requirements) relating to the 
        use of electronic health records. Such strategy shall include 
        broad public comment and shall prioritize burdens related to--
        </DELETED>
                <DELETED>    ``(A) the Medicare and Medicaid EHR 
                Meaningful Use Incentive programs or the Merit-based 
                Incentive Payment System, the Alternative Payment 
                Models, the Hospital Value-Based Purchasing Program, 
                and other value-based payment programs determined 
                appropriate by the Secretary;</DELETED>
                <DELETED>    ``(B) health information technology 
                certification programs;</DELETED>
                <DELETED>    ``(C) standards, and implementation 
                specifications, as appropriate;</DELETED>
                <DELETED>    ``(D) activities that provide individuals 
                access to their electronic health 
                information;</DELETED>
                <DELETED>    ``(E) activities related to protecting the 
                privacy of electronic health information;</DELETED>
                <DELETED>    ``(F) activities related to protecting the 
                security of electronic health information;</DELETED>
                <DELETED>    ``(G) activities related to facilitating 
                health and clinical research;</DELETED>
                <DELETED>    ``(H) activities related to public 
                health;</DELETED>
                <DELETED>    ``(I) activities related to aligning and 
                simplifying quality measures across Federal programs 
                and other payers;</DELETED>
                <DELETED>    ``(J) activities related to reporting 
                clinical data for administrative purposes; 
                and</DELETED>
                <DELETED>    ``(K) other areas determined appropriate 
                by the Secretary.</DELETED>
        <DELETED>    ``(3) Recommendations.--The recommendations 
        developed under paragraph (1) shall address--</DELETED>
                <DELETED>    ``(A) actions that improve the clinical 
                documentation experience;</DELETED>
                <DELETED>    ``(B) actions that improve patient 
                care;</DELETED>
                <DELETED>    ``(C) actions to be taken by the Secretary 
                and by other entities; and</DELETED>
                <DELETED>    ``(D) other areas determined appropriate 
                by the Secretary to reduce the reporting burden 
                required of health care providers.</DELETED>
        <DELETED>    ``(4) FACA.--The Federal Advisory Committee Act (5 
        U.S.C. App.) shall not apply to the development of the goal, 
        strategies, or recommendations described in this 
        section.</DELETED>
<DELETED>    ``(c) Application of Certain Regulatory Requirements.--A 
physician (as defined in section 1861(r)(1) of the Social Security Act) 
may delegate electronic medical record documentation requirements 
specified in regulations promulgated by the Department of Health and 
Human Services to a person who is not such physician if such physician 
has signed and verified the documentation.''.</DELETED>
<DELETED>    (b) Certification of Health Information Technology for 
Medical Specialties and Sites of Service.--Section 3001(c)(5) of the 
Public Health Service Act (42 U.S.C. 300jj-11(c)(5)) is amended by 
adding at the end the following:</DELETED>
                <DELETED>    ``(C) Health information technology for 
                medical specialties and sites of service.--</DELETED>
                        <DELETED>    ``(i) In general.--The National 
                        Coordinator shall encourage, keep, or 
                        recognize, through existing authorities, the 
                        voluntary certification of health information 
                        technology under the program developed under 
                        subparagraph (A) for use in medical specialties 
                        and sites of service for which no such 
                        technology is available or where more 
                        technological advancement or integration is 
                        needed.</DELETED>
                        <DELETED>    ``(ii) Specific medical 
                        specialties.--The HIT Policy and Standards 
                        Committees shall make recommendations on 
                        specific medical specialties and sites of 
                        service, in addition to those described in 
                        clause (iii), applicable under this 
                        paragraph.</DELETED>
                        <DELETED>    ``(iii) Certified health 
                        information technology for pediatrics.--Not 
                        later than 18 months after the date of 
                        enactment of this subparagraph, the HIT Policy 
                        and Standards Committees, in consultation with 
                        relevant stakeholders, shall make 
                        recommendations for the voluntary certification 
                        of health information technology for use by 
                        pediatric health providers to support the 
                        health care of children. Not later than 24 
                        months after the date of enactment of this 
                        subparagraph, the Secretary shall adopt 
                        certification criteria (under section 3004) to 
                        support the voluntary certification of health 
                        information technology for use by pediatric 
                        health providers to support the health care of 
                        children.''.</DELETED>
<DELETED>    (c) Meaningful Use Statistics.--</DELETED>
        <DELETED>    (1) In general.--Not later than 6 months after the 
        date of enactment of this Act, the Secretary of Health and 
        Human Services shall submit to the HIT Policy Committee of the 
        Office of the National Coordinator for Health Information 
        Technology, a report concerning attestation statistics for the 
        Medicare and Medicaid EHR Meaningful Use Incentive programs to 
        assist in informing standards adoption and related practices. 
        Such statistics shall include attestation information 
        delineated by State, including the number of providers who did 
        not meet the minimum criteria necessary to attest for the 
        Medicare and Medicaid EHR Meaningful Use Incentive programs for 
        a calendar year, and shall be made publicly available on the 
        Internet website of the Secretary on at least a quarterly 
        basis.</DELETED>
        <DELETED>    (2) Authority to alter format.--The Secretary of 
        Health and Human Services may alter the format of the reports 
        on the attestation of eligible health care professionals 
        following the first performance year of the Merit-based 
        Incentive Payment System to account for changes arising from 
        the implementation of such payment system.</DELETED>

<DELETED>SEC. 3. TRANSPARENT RATINGS ON USABILITY AND SECURITY TO 
              TRANSFORM INFORMATION TECHNOLOGY.</DELETED>

<DELETED>    (a) Enhancements to Certification.--Section 3001(c)(5) of 
the Public Health Service Act (42 U.S.C. 300jj-11), as amended by 
section 2(b), is further amended--</DELETED>
        <DELETED>    (1) in subparagraph (A)--</DELETED>
                <DELETED>    (A) by striking ``The National 
                Coordinator'' and inserting the following:</DELETED>
                        <DELETED>    ``(i) Voluntary certification 
                        program.--The National Coordinator''; 
                        and</DELETED>
                <DELETED>    (B) by adding at the end the 
                following:</DELETED>
                        <DELETED>    ``(ii) Transparency of program.--
                        </DELETED>
                                <DELETED>    ``(I) In general.--To 
                                enhance transparency in the compliance 
                                of health information technology with 
                                certification criteria and other 
                                requirements adopted under this 
                                subtitle, the National Coordinator, in 
                                coordination with authorized 
                                certification bodies, may make 
                                information demonstrating how health 
                                information technology meets such 
                                certification criteria or other 
                                requirements publicly available. Such 
                                information may include summaries, 
                                screenshots, video demonstrations, or 
                                any other information the National 
                                Coordinator determines 
                                appropriate.</DELETED>
                                <DELETED>    ``(II) Protection of 
                                proprietary information.--The National 
                                Coordinator shall take appropriate 
                                measures to ensure that there are in 
                                effect effective procedures to prevent 
                                the unauthorized disclosure of any 
                                trade secret or confidential 
                                information that is obtained by the 
                                Secretary pursuant to this 
                                section.'';</DELETED>
        <DELETED>    (2) in subparagraph (B), by adding at the end the 
        following: ``Beginning 18 months after reporting criteria are 
        finalized under section 3009A, certification criteria shall 
        include, in addition to criteria to establish that the 
        technology meets such standards and implementation 
        specifications, criteria consistent with section 3009A(b) to 
        establish that technology meets applicable security 
        requirements, incorporates user-centered design, and achieves 
        interoperability.''; and</DELETED>
        <DELETED>    (3) by adding at the end the following:</DELETED>
                <DELETED>    ``(D) Conditions of certification.--
                Beginning 1 year after the date of enactment of the 
                Improving Health Information Technology Act, the 
                Secretary shall require, as a condition of 
                certification and maintenance of certification for 
                programs maintained or recognized under this paragraph, 
                that--</DELETED>
                        <DELETED>    ``(i) the health information 
                        technology developer or entity does not take 
                        any action that constitutes information 
                        blocking with respect to health information 
                        technology;</DELETED>
                        <DELETED>    ``(ii) the health information 
                        technology developer or entity permits 
                        unimpeded communication among and between 
                        health information technology users, and for 
                        the purposes of health information technology 
                        users communicating with an authorized 
                        certification body, the Office of the National 
                        Coordinator, and the Office of the Inspector 
                        General, the health information technology 
                        developer or entity permits unimpeded 
                        communication regarding the usability, 
                        interoperability, security, business practices, 
                        or other relevant information about the health 
                        information technology or users' experience 
                        with the health information 
                        technology;</DELETED>
                        <DELETED>    ``(iii) health information from 
                        such technology may be exchanged, accessed, and 
                        used through the use of application programming 
                        interfaces or successor technology or standard 
                        as provided for under applicable law;</DELETED>
                        <DELETED>    ``(iv) the health information 
                        technology developer or entity provides to the 
                        Secretary an attestation that the developer or 
                        entity--</DELETED>
                                <DELETED>    ``(I) has not engaged in 
                                any of the conduct described in clause 
                                (i);</DELETED>
                                <DELETED>    ``(II) allows for 
                                communication as described in clause 
                                (ii); and</DELETED>
                                <DELETED>    ``(III) ensures that its 
                                technology allows for health 
                                information to be exchanged, accessed, 
                                and used, in the manner described in 
                                clause (iii); and</DELETED>
                        <DELETED>    ``(v) the health information 
                        technology developer or entity submits 
                        reporting criteria in accordance with section 
                        3009A(f).''.</DELETED>
<DELETED>    (b) Health Information Technology Rating Program.--
Subtitle A of title XXX of the Public Health Service Act (42 U.S.C. 
300jj-11 et seq.) is amended by adding at the end the 
following:</DELETED>

<DELETED>``SEC. 3009A. HEALTH INFORMATION TECHNOLOGY RATING 
              PROGRAM.</DELETED>

<DELETED>    ``(a) Establishment.--Not later than 180 days after the 
date of enactment of the Improving Health Information Technology Act, 
the Secretary shall recognize a development council made up of one 
representative from each of the certification bodies authorized by the 
Office of the National Coordinator and the testing laboratories 
accredited under section 13201(b) of the Health Information Technology 
for Economic and Clinical Health Act (42 U.S.C. 17911(b)), one 
representative from the National Institute of Standards and Technology, 
and one representative from the Office of the National Coordinator. The 
development council shall meet as needed for the purposes of carrying 
out its activities in accordance with this section.</DELETED>
<DELETED>    ``(b) Reporting Criteria.--</DELETED>
        <DELETED>    ``(1) In general.--The Secretary shall, using the 
        procedures prescribed in this subsection, issue rules 
        establishing reporting criteria for health information 
        technology products.</DELETED>
        <DELETED>    ``(2) Convening of stakeholders.--Not later than 1 
        year after the date of enactment of the Improving Health 
        Information Technology Act, the Secretary, in consultation with 
        the development council described in subsection (a), shall 
        convene stakeholders as described in paragraph (3) for the 
        purpose of developing the reporting criteria in accordance with 
        paragraph (4).</DELETED>
        <DELETED>    ``(3) Development of reporting criteria.--The 
        reporting criteria under this subsection shall be developed 
        through a public, transparent process that reflects input from 
        relevant stakeholders, including--</DELETED>
                <DELETED>    ``(A) health care providers, including 
                primary care and specialty care health care 
                professionals;</DELETED>
                <DELETED>    ``(B) hospitals and hospital 
                systems;</DELETED>
                <DELETED>    ``(C) health information technology 
                developers;</DELETED>
                <DELETED>    ``(D) patients, consumers, and their 
                advocates;</DELETED>
                <DELETED>    ``(E) data sharing networks, such as 
                health information exchanges;</DELETED>
                <DELETED>    ``(F) authorized certification bodies and 
                testing laboratories;</DELETED>
                <DELETED>    ``(G) security experts;</DELETED>
                <DELETED>    ``(H) relevant manufacturers of medical 
                devices;</DELETED>
                <DELETED>    ``(I) experts in health information 
                technology market economics;</DELETED>
                <DELETED>    ``(J) public and private entities engaged 
                in the evaluation of health information technology 
                performance;</DELETED>
                <DELETED>    ``(K) quality organizations, including the 
                consensus based entity described in section 1890 of the 
                Social Security Act;</DELETED>
                <DELETED>    ``(L) experts in human factors engineering 
                and the measurement of user-centered design; 
                and</DELETED>
                <DELETED>    ``(M) other entities or persons, as the 
                Secretary, in consultation with the development 
                council, determines appropriate.</DELETED>
        <DELETED>    ``(4) Considerations for reporting criteria.--The 
        reporting criteria developed under this subsection--</DELETED>
                <DELETED>    ``(A) shall include measures that reflect 
                categories including, with respect to the technology--
                </DELETED>
                        <DELETED>    ``(i) security;</DELETED>
                        <DELETED>    ``(ii) usability and user-centered 
                        design;</DELETED>
                        <DELETED>    ``(iii) 
                        interoperability;</DELETED>
                        <DELETED>    ``(iv) conformance to 
                        certification testing; and</DELETED>
                        <DELETED>    ``(v) other categories as 
                        appropriate to measure the performance of 
                        health information technology;</DELETED>
                <DELETED>    ``(B) may include measures such as--
                </DELETED>
                        <DELETED>    ``(i) enabling the user to order 
                        and view the results of laboratory tests, 
                        imaging tests, and other diagnostic 
                        tests;</DELETED>
                        <DELETED>    ``(ii) submitting, editing, and 
                        retrieving data from registries such as 
                        clinician-led clinical data 
                        registries;</DELETED>
                        <DELETED>    ``(iii) accessing and exchanging 
                        information and data from and through Health 
                        Information Exchanges;</DELETED>
                        <DELETED>    ``(iv) accessing and exchanging 
                        information and data from medical 
                        devices;</DELETED>
                        <DELETED>    ``(v) accessing and exchanging 
                        information and data held by Federal, State, 
                        and local agencies and other applicable 
                        entities useful to a health care provider or 
                        other applicable user in the furtherance of 
                        patient care;</DELETED>
                        <DELETED>    ``(vi) accessing and exchanging 
                        information from other health care providers or 
                        applicable users;</DELETED>
                        <DELETED>    ``(vii) accessing and exchanging 
                        patient generated information;</DELETED>
                        <DELETED>    ``(viii) providing the patient or 
                        an authorized designee with a complete copy of 
                        their health information from an electronic 
                        record in a computable format;</DELETED>
                        <DELETED>    ``(ix) providing accurate patient 
                        information for the correct patient, including 
                        exchanging such information, and avoiding the 
                        duplication of patients records; and</DELETED>
                        <DELETED>    ``(x) other appropriate 
                        functionalities; and</DELETED>
                <DELETED>    ``(C) shall be designed to ensure that 
                small and start-up health information technology 
                developers are not unduly disadvantaged by the 
                reporting criteria or rating scale 
                methodology.</DELETED>
        <DELETED>    ``(5) Consideration of development council 
        recommendations.--In promulgating proposed rules under this 
        subsection, including modifications to such rules under 
        subsection (e), the Secretary may accept, reject, or modify the 
        recommendations of the development council, but may not 
        promulgate a proposed rule that does not represent a complete 
        recommendation of such council.</DELETED>
        <DELETED>    ``(6) Public comment.--In promulgating proposed 
        rules under this subsection, the Secretary shall conduct a 
        public comment period of not less than 60 days during which any 
        member of the public may provide comments on the proposed 
        reporting criteria and the methodology for the rating body 
        (defined in subsection (g)) to use in determining the star 
        ratings.</DELETED>
        <DELETED>    ``(7) Final rules.--The final rule promulgated 
        under this subsection shall be accompanied by timely responses 
        to the public comments described in paragraph (6).</DELETED>
        <DELETED>    ``(8) FACA.--The Federal Advisory Committee Act (5 
        U.S.C. App.) shall not apply to the development council 
        described in this section.</DELETED>
<DELETED>    ``(c) Feedback.--</DELETED>
        <DELETED>    ``(1) In general.--The Secretary, in consultation 
        with the development council, shall establish a process for the 
        rating body (described in subsection (g)) to collect and verify 
        confidential feedback from--</DELETED>
                <DELETED>    ``(A) health care providers, patients, and 
                other users of certified health information technology 
                on the usability, security, and interoperability of 
                health information technology products; and</DELETED>
                <DELETED>    ``(B) developers of certified health 
                information technology on practices of health 
                information technology users that may inhibit 
                interoperability.</DELETED>
        <DELETED>    ``(2) Paperwork reduction act.--The Paperwork 
        Reduction Act (44 U.S.C. 3501 et seq.) shall not apply to the 
        collection of feedback described in this subsection.</DELETED>
<DELETED>    ``(d) Methodology.--The Secretary, in consultation with 
the development council, shall develop a methodology to be used by the 
rating body described in subsection (g) to calculate the star ratings 
for certified health information technology described in subsection 
(a). The methodology shall use the reporting criteria developed in 
subsection (b), and the confidential feedback collected under 
subsection (c). In developing such methodology, the Secretary, in 
consultation with the development council, shall--</DELETED>
        <DELETED>    ``(1) provide for appropriate weighting of user 
        feedback submitted under subsection (c) and reporting criteria 
        submitted under subsection (f), including consideration of the 
        number of users who submitted such feedback;</DELETED>
        <DELETED>    ``(2) consider the impact of customization or 
        adaptation by users of certified health information technology 
        on performance;</DELETED>
        <DELETED>    ``(3) account for the intended function, scope, 
        and type of certified health information technology;</DELETED>
        <DELETED>    ``(4) in consultation with the development council 
        and after seeking comment from developers of health information 
        technology in a manner that ensures appropriate industry 
        feedback, establish a timeframe, but in no case less frequent 
        than once every 3 years, for the submission of reporting 
        criteria under subsection (f); and</DELETED>
        <DELETED>    ``(5) establish a timeframe for incorporating user 
        feedback submitted under subsection (c) and reporting criteria 
        submitted under subsection (f) into the star ratings for 
        certified health information technology that accounts for 
        updates to such technology in order to encourage innovation and 
        maximize the utility of the star ratings.</DELETED>
<DELETED>    ``(e) Modifications.--</DELETED>
        <DELETED>    ``(1) To the number of stars in the rating 
        program.--The development council may modify the number of star 
        ratings employed by the system, but not more frequently than 
        every 4 years. In no case shall the rating system employ fewer 
        than 3 stars.</DELETED>
        <DELETED>    ``(2) To the reporting criteria.--After the final 
        reporting criteria have been established under this section, 
        the Secretary, in consultation with the development council, 
        may convene stakeholders and conduct a public reporting period 
        for the purpose of modifying the reporting criteria developed 
        under subsection (b) and methodology for determining the star 
        ratings proposed under subsection (e).</DELETED>
        <DELETED>    ``(3) To the methodology.--After the final 
        methodology to be used by the rating body is established under 
        subsection (e), the Secretary, in consultation with the 
        development council, may modify the methodology used to 
        calculate the star ratings for certified health information 
        technology using the reporting criteria developed under 
        subsection (b) and the confidential feedback collected under 
        subsection (c).</DELETED>
        <DELETED>    ``(4) Consideration of gao report.--The Secretary 
        and the development council shall take into account the 
        recommendations from the Comptroller General under subsection 
        (k), where available, for the purposes of this 
        paragraph.</DELETED>
<DELETED>    ``(f) Participation.--As a condition of maintaining their 
certification under section 3001(c)(5)(D), a developer of certified 
health information technology shall report on the criteria developed 
under subsection (b) for all such certified technology offered by such 
developer pursuant to the timeframe established under subsection 
(d).</DELETED>
<DELETED>    ``(g) Rating Body.--</DELETED>
        <DELETED>    ``(1) In general.--The National Coordinator shall 
        recognize an independent entity with appropriate expertise to 
        carry out the rating program established by the development 
        council under subsection (a) and shall redetermine such 
        recognition at least every 4 years.</DELETED>
        <DELETED>    ``(2) Consultation.--The entity recognized under 
        paragraph (1) may consult with organizations with expertise in 
        the measurement of interoperability, usability, and security of 
        health information technology in carrying out activities under 
        this section.</DELETED>
<DELETED>    ``(h) One Star Rating.--Each health information technology 
developer, or entity offering health information technology for 
certification, that receives a 1 star rating shall take action, through 
an improvement plan developed with the rating body and approved by the 
Secretary, to improve the health information technology rating within a 
timeframe that the Secretary determines appropriate.</DELETED>
<DELETED>    ``(i) Decertification.--</DELETED>
        <DELETED>    ``(1) Mandatory.--The Secretary shall decertify 
        health information technology if the developer or entity 
        offering health information technology does not submit 
        reporting criteria in accordance with subsection (f) within 90 
        days of the timeline established under subsection 
        (d).</DELETED>
        <DELETED>    ``(2) Other decertification.--The Secretary may 
        decertify health information technology if--</DELETED>
                <DELETED>    ``(A) the health information technology 
                does not improve from a one star rating within the 
                timeframe established under subsection (h); 
                or</DELETED>
                <DELETED>    ``(B) in other circumstances, as the 
                Secretary determines appropriate.</DELETED>
<DELETED>    ``(j) GAO Reports.--During the 12-year period beginning on 
the date of enactment of the Improving Health Information Technology 
Act, the Comptroller General of the United States shall submit to 
Congress a report every 4 years on the rating scale methodology 
developed pursuant to subsection (d), providing observations on the 
appropriateness of the current methodology and recommendations for 
changes to the methodology. The Development Council shall recommend to 
Congress and the Secretary if additional reports are needed after the 
expiration of such 12-year period.</DELETED>
<DELETED>    ``(k) Internet Website.--On the Internet website of the 
Office of the National Coordinator, the Secretary shall publish the 
criteria and methodology used to determine the star ratings, and, for 
each certified health information technology, the final star rating, 
and a report outlining such technology's performance with regard to the 
reporting criteria developed under subsection (b), and if an 
improvement plan has been administered. Following the reporting 
described in subsection (f), the rating body shall have 30 days to 
calculate and submit updated ratings to the Secretary and each 
developer of health information technology, and updated ratings shall 
be published on such Internet website not later than 30 days following 
such submission, notwithstanding an appeal of a rating by a developer 
or entity through the process developed under subsection (m).</DELETED>
<DELETED>    ``(l) Hardship Exemption.--Decertification of an adopted 
health information technology product under subsection (i) shall be 
considered a significant hardship resulting in a blanket exemption from 
the payment adjustment pursuant to section 1848(a)(7)(B) of the Social 
Security Act for eligible professionals, section 1886(b)(3)(ix)(II) of 
such Act for eligible hospitals, and 1814(l)(4)(C) of such Act for 
critical access hospitals.</DELETED>
<DELETED>    ``(m) Notification and Appeals.--The Secretary shall 
establish a process whereby any health information technology 
developer, or entity offering health information technology, is 
notified not less than 30 days before being made public and can 
appeal--</DELETED>
        <DELETED>    ``(1) the health information technology product's 
        star rating; or</DELETED>
        <DELETED>    ``(2) the Secretary's decision to decertify a 
        product, as applicable.''.</DELETED>

<DELETED>SEC. 4. INFORMATION BLOCKING.</DELETED>

<DELETED>    Subtitle C of title XXX of the Public Health Service Act 
(42 U.S.C. 300jj-51 et seq.) is amended by adding at the end the 
following:</DELETED>

<DELETED>``SEC. 3022. INFORMATION BLOCKING.</DELETED>

<DELETED>    ``(a) Definition.--</DELETED>
        <DELETED>    ``(1) In general.--The term `information blocking' 
        means--</DELETED>
                <DELETED>    ``(A) with respect to a health information 
                technology developer, exchange, or network, business, 
                technical, or organizational practices that--</DELETED>
                        <DELETED>    ``(i) except as required by law or 
                        specified by the Secretary, interferes with, 
                        prevents, or materially discourages access, 
                        exchange, or use of electronic health 
                        information; and</DELETED>
                        <DELETED>    ``(ii) the developer, exchange, or 
                        network knows, or should know, are likely to 
                        interfere with or prevent or materially 
                        discourage the access, exchange, or use of 
                        electronic health information; and</DELETED>
                <DELETED>    ``(B) with respect to a health care 
                provider, the person or entity knowingly and 
                unreasonably restricts electronic health information 
                exchange for patient care or other priorities as 
                determined appropriate by the Secretary.</DELETED>
        <DELETED>    ``(2) Rulemaking.--The Secretary shall, through 
        rulemaking--</DELETED>
                <DELETED>    ``(A) identify reasonable and necessary 
                activities that do not constitute information blocking 
                for purposes of paragraph (1)(A); and</DELETED>
                <DELETED>    ``(B) identify actions that meet the 
                definition of information blocking with respect to 
                health care providers for purposes of paragraph 
                (1)(B).</DELETED>
<DELETED>    ``(b) Inspector General Authority.--</DELETED>
        <DELETED>    ``(1) In general.--The Inspector General of the 
        Department of Health and Human Services may investigate any 
        claim that--</DELETED>
                <DELETED>    ``(A) a health information technology 
                developer of, or other entity offering certified health 
                information technology--</DELETED>
                        <DELETED>    ``(i) submits a false attestation 
                        made under section 3001(c)(5)(D); or</DELETED>
                        <DELETED>    ``(ii) engaged in information 
                        blocking with respect to the use of such health 
                        information technology by a health care 
                        provider, unless for a legitimate purpose 
                        specified by the Secretary;</DELETED>
                <DELETED>    ``(B) a health care provider engaged in 
                information blocking with respect to access or exchange 
                of certified health information technology, unless for 
                a legitimate purpose specified by the Secretary; 
                and</DELETED>
                <DELETED>    ``(C) a health information network or 
                exchange provider engaged in information blocking with 
                respect to the access, exchange, or use of such 
                certified health information technology, unless for a 
                legitimate purpose specified by the 
                Secretary.</DELETED>
        <DELETED>    ``(2) Jurisdiction of the inspector general.--For 
        purposes of this section, the Office of the Inspector General 
        shall have jurisdiction with respect to exchanges and networks, 
        as well as any developer or entity offering health information 
        technology for certification under a program or programs kept 
        or recognized by the National Coordinator under section 
        3001(c)(5). The National Coordinator shall notify developers of 
        health information technology as appropriate regarding the 
        jurisdiction of the Inspector General under this 
        paragraph.</DELETED>
        <DELETED>    ``(3) Penalty.--</DELETED>
                <DELETED>    ``(A) Developers, networks, and 
                exchanges.--With respect to a health information 
                technology developer, exchange, or network, a person or 
                entity determined by the Inspector General to have 
                committed information blocking as described in 
                subparagraph (A) or (C) of paragraph (1) shall be 
                subject to a civil monetary penalty in an amount 
                determined, through notice-and-comment rulemaking, by 
                the Secretary which may take into account factors such 
                as the extent and duration of the information blocking 
                and the number of patients and providers potentially 
                affected.</DELETED>
                <DELETED>    ``(B) Providers.--With respect to health 
                care providers, any person or entity determined by the 
                Inspector General to have committed information 
                blocking as described in subparagraph (B) of paragraph 
                (1) shall be subject to appropriate incentives and 
                disincentives using authorities under applicable 
                Federal law, as determined appropriate by the Secretary 
                through notice and comment rulemaking.</DELETED>
                <DELETED>    ``(C) Procedure.--The provisions of 
                section 1128A of the Social Security Act (other than 
                subsections (a) and (b)) shall apply to a civil money 
                penalty applied under this subsection in the same 
                manner as such provisions apply to a civil money 
                penalty or proceeding under section 1128A(a).</DELETED>
                <DELETED>    ``(D) Recovery of funds.--Notwithstanding 
                section 3302 of title 31, United States Code, or any 
                other provision of law affecting the crediting of 
                collections, the Inspector General of the Department of 
                Health and Human Services may receive and retain for 
                current use any amounts recovered under subparagraphs 
                (A) and (C). In addition to amounts otherwise available 
                to the Inspector General, funds received by the 
                Inspector General under this paragraph shall be 
                deposited, as an offsetting collection, to the credit 
                of any appropriation available for purposes of carrying 
                out this subsection and shall be available without 
                fiscal year limitation and without further 
                appropriation.</DELETED>
        <DELETED>    ``(4) Resolution of claims.--</DELETED>
                <DELETED>    ``(A) In general.--The Office of the 
                Inspector General, if such Office determines that a 
                simple consultation regarding the health privacy and 
                security rules promulgated under section 264(c) of the 
                Health Insurance Portability and Accountability Act of 
                1996 (42 U.S.C. 1320d-2 note) will resolve the claim at 
                issue, may refer instances of information blocking to 
                the Office for Civil Rights of the Department of Health 
                and Human Services for resolution.</DELETED>
                <DELETED>    ``(B) Limitation on liability.--If a 
                health information technology developer makes 
                information available based on a good faith reliance on 
                consultations with the Office for Civil Rights of the 
                Department of Health and Human Services with respect to 
                such information, the developer shall not be liable for 
                such disclosure.</DELETED>
<DELETED>    ``(c) Identifying Barriers to Exchange of Certified Health 
Information Technology.--</DELETED>
        <DELETED>    ``(1) Trusted exchange defined.--In this section, 
        the term `trusted exchange' with respect to certified health 
        information technology means that the certified health 
        information technology has the technical capability to enable 
        secure health information exchange between users and multiple 
        certified health information technology systems.</DELETED>
        <DELETED>    ``(2) Guidance.--The National Coordinator, in 
        consultation with the Office for Civil Rights of the Department 
        of Health and Human Services, shall issue guidance on common 
        legal, governance, and security barriers that prevent the 
        trusted exchange of electronic health information.</DELETED>
        <DELETED>    ``(3) Referral.--The National Coordinator and the 
        Office for Civil Rights of the Department of Health and Human 
        Services may refer to the Inspector General instances or 
        patterns of refusal to exchange health information with an 
        individual or entity using certified health information 
        technology that is technically capable of trusted exchange and 
        under conditions when exchange is legally 
        permissible.</DELETED>
        <DELETED>    ``(4) HIT standards committee consideration.--Not 
        later than 1 year after the date of enactment of the Improving 
        Health Information Technology Act, the HIT Standards Committee 
        shall begin consideration of issues related to trusted 
        exchange.''.</DELETED>

<DELETED>SEC. 5. INTEROPERABILITY.</DELETED>

<DELETED>    (a) Definition.--Section 3000 of the Public Health Service 
Act (42 U.S.C. 300jj) is amended--</DELETED>
        <DELETED>    (1) by redesignating paragraphs (10) through (14), 
        as paragraphs (11) through (15), respectively; and</DELETED>
        <DELETED>    (2) by inserting after paragraph (9) the 
        following:</DELETED>
        <DELETED>    ``(10) Interoperability.--The term 
        `interoperability' with respect to health information 
        technology means such health information technology that has 
        the ability to securely exchange electronic health information 
        with and use electronic health information from other health 
        information technology without special effort on the part of 
        the user.''.</DELETED>
<DELETED>    (b) Support for Interoperable Network Exchange.--Section 
3001(c) of the Public Health Service Act (42 U.S.C. 300jj-11(c)) is 
amended by adding at the end the following:</DELETED>
        <DELETED>    ``(9) Support for interoperable networks 
        exchange.--</DELETED>
                <DELETED>    ``(A) In general.--The National 
                Coordinator shall, in collaboration with the National 
                Institute of Standards and Technology and other 
                relevant agencies within the Department of Health and 
                Human Services, for the purpose of ensuring full 
                network-to-network exchange of health information, 
                convene public-private and public-public partnerships 
                to build consensus and develop a trusted exchange 
                framework, including a common agreement among health 
                information networks nationally. Such convention may 
                occur at a frequency determined appropriate by the 
                Secretary.</DELETED>
                <DELETED>    ``(B) Establishing a trusted exchange 
                framework.--</DELETED>
                        <DELETED>    ``(i) In general.--Not later than 
                        six months after the date of enactment of this 
                        paragraph, the National Coordinator shall 
                        convene appropriate public and private 
                        stakeholders to develop a trusted exchange 
                        framework for trust policies and practices and 
                        for a common agreement for exchange between 
                        health information networks. The common 
                        agreement may include--</DELETED>
                                <DELETED>    ``(I) a common method for 
                                authenticating trusted health 
                                information network 
                                participants;</DELETED>
                                <DELETED>    ``(II) a common set of 
                                rules for trusted exchange;</DELETED>
                                <DELETED>    ``(III) organizational and 
                                operational policies to enable the 
                                exchange of health information among 
                                networks, including minimum conditions 
                                for such exchange to occur; 
                                and</DELETED>
                                <DELETED>    ``(IV) a process for 
                                filing and adjudicating noncompliance 
                                with the terms of the common 
                                agreement.</DELETED>
                        <DELETED>    ``(ii) Technical assistance.--The 
                        National Coordinator, in conjunction with the 
                        National Institute of Standards and Technology, 
                        shall provide technical assistance on how to 
                        implement the trusted exchange framework and 
                        common agreement under this 
                        paragraph.</DELETED>
                        <DELETED>    ``(iii) Pilot testing.--The 
                        National Coordinator, in collaboration with the 
                        National Institute of Standards and Technology, 
                        shall provide for the pilot testing of the 
                        trusted exchange framework and common agreement 
                        established under this subsection (as 
                        authorized under section 13201 of the Health 
                        Information Technology for Economic and 
                        Clinical Health Act). The National Coordinator, 
                        in collaboration with the National Institute of 
                        Standards and Technology, may delegate pilot 
                        testing activities under this clause to 
                        independent entities with appropriate 
                        expertise.</DELETED>
                <DELETED>    ``(C) Publication of a trusted exchange 
                framework and common agreement.--Not later than one 
                year after convening stakeholders under subparagraph 
                (A), the National Coordinator shall publish on its 
                public Internet website, and in the Federal register, 
                the trusted exchange framework and common agreement 
                developed under subparagraph (B). Such trusted exchange 
                framework and common agreement shall be published in a 
                manner that protects proprietary and security 
                information, including trade secrets and any other 
                protected intellectual property.</DELETED>
                <DELETED>    ``(D) Directory of participating health 
                information networks.--</DELETED>
                        <DELETED>    ``(i) In general.--Not later than 
                        two years after convening stakeholders under 
                        subparagraph (A), and annually thereafter, the 
                        National Coordinator shall publish on its 
                        public Internet website a list of those health 
                        information networks that have adopted the 
                        common agreement and are capable of trusted 
                        exchange pursuant to the common agreement 
                        developed under paragraph (B).</DELETED>
                        <DELETED>    ``(ii) Process.--The Secretary 
                        shall, through notice-and-comment rulemaking, 
                        establish a process for health information 
                        networks that voluntarily elect to adopt the 
                        trusted exchange framework and common agreement 
                        to attest to such adoption of the framework and 
                        agreement.</DELETED>
                <DELETED>    ``(E) Application of the trusted exchange 
                framework and common agreement.--As appropriate, 
                Federal agencies contracting or entering into 
                agreements with health information exchange networks 
                may require that as each such network upgrades health 
                information technology or trust and operational 
                practices, it may adopt, where available, the trusted 
                exchange framework and common agreement published under 
                subparagraph (C).</DELETED>
                <DELETED>    ``(F) Rule of construction.--</DELETED>
                        <DELETED>    ``(i) General adoption.--Nothing 
                        in this paragraph shall be construed to require 
                        a health information network to adopt the 
                        trusted exchange framework or common 
                        agreement.</DELETED>
                        <DELETED>    ``(ii) Adoption when exchange of 
                        information is within network.--Nothing in this 
                        paragraph shall be construed to require a 
                        health information network to adopt the trusted 
                        exchange framework or common agreement for the 
                        exchange of electronic health information 
                        between participants of the same 
                        network.</DELETED>
                        <DELETED>    ``(iii) Existing frameworks and 
                        agreements.--The trusted exchange framework and 
                        common agreement published under subparagraph 
                        (C) shall take into account existing trusted 
                        exchange frameworks and agreements used by 
                        health information networks to avoid the 
                        disruption of existing exchanges between 
                        participants of health information 
                        networks.</DELETED>
                        <DELETED>    ``(iv) Application by federal 
                        agencies.--Notwithstanding clauses (i), (ii), 
                        and (iii), Federal agencies may require the 
                        adoption of the trusted exchange framework and 
                        common agreement published under subparagraph 
                        (C) for health information exchanges 
                        contracting with or entering into agreements 
                        pursuant to subparagraph (E).</DELETED>
                        <DELETED>    ``(v) Consideration of ongoing 
                        work.--In carrying out this paragraph, the 
                        Secretary shall ensure the consideration of 
                        activities carried out by public and private 
                        organizations related to exchange between 
                        health information exchanges to avoid 
                        duplication of efforts.''.</DELETED>
<DELETED>    (c) Provider Digital Contact Information Index.--
</DELETED>
        <DELETED>    (1) In general.--Not later than 36 months after 
        the date of enactment of this Act, the Secretary of Health and 
        Human Services shall either directly, or through a partnership 
        with a private entity, establish a provider digital contact 
        information index to provide digital contact information for 
        health professionals, health facilities, and other individuals 
        or organizations.</DELETED>
        <DELETED>    (2) Use of existing index.--In establishing the 
        initial index under paragraph (1), the Secretary of Health and 
        Human Services may utilize an existing provider directory to 
        make such digital contact information available.</DELETED>
        <DELETED>    (3) Contact information.--An index established 
        under this subsection shall ensure that contact information is 
        available at the individual health care provider level and at 
        the health facility or practice level.</DELETED>
        <DELETED>    (4) Rule of construction.--</DELETED>
                <DELETED>    (A) In general.--The purpose of this 
                subsection is to encourage the exchange of electronic 
                health information by providing the most useful, 
                reliable, and comprehensive index of providers 
                possible. In furthering such purpose, the Secretary of 
                Health and Human Services shall include all health 
                professionals, health facilities, and other individuals 
                or organizations applicable to provide a useful, 
                reliable, and comprehensive index for use in the 
                exchange of health information.</DELETED>
                <DELETED>    (B) Limitation.--In no case shall 
                exclusion from the index of providers be used as a 
                measure to achieve objectives other those described in 
                subparagraph (A).</DELETED>
<DELETED>    (d) Standards Development Organizations.--Section 3004 of 
the Public Health Service Act (42 U.S.C. 300jj-14) is amended by adding 
at the end the following:</DELETED>
<DELETED>    ``(c) Deference to Standards Development Organizations.--
In adopting and implementing standards under this section, the 
Secretary shall give deference to standards published by Standards 
Development Organizations and voluntary consensus-based standards 
bodies.''.</DELETED>

<DELETED>SEC. 6. LEVERAGING HEALTH INFORMATION TECHNOLOGY TO IMPROVE 
              PATIENT CARE.</DELETED>

<DELETED>    (a) Requirement Relating to Registries.--</DELETED>
        <DELETED>    (1) In general.--To be certified in accordance 
        with title XXX of the Public Health Service Act, health 
        information technology (as defined by section 3000(5) of the 
        Public Health Service Act (42 U.S.C. 300jj(5))) shall be 
        capable of transmitting to, and where applicable, receiving and 
        accepting data from registries in accordance with standards 
        recognized by the Office of the National Coordinator for Health 
        Information Technology, including clinician-led clinical data 
        registries, that are also certified to be technically capable 
        of receiving and accepting from, and where applicable, 
        transmitting data to certified health information technology in 
        accordance with such standards.</DELETED>
        <DELETED>    (2) Rule of construction.--Nothing in this 
        subsection shall be construed to require the certification of 
        registries beyond the technical capability to exchange data in 
        accordance with applicable endorsed standards.</DELETED>
<DELETED>    (b) Definition.--For purposes of this Act (including 
amendments made to title XXX of the Public Health Service Act (42 
U.S.C. 300jj et seq.)), the term ``clinician-led clinical data 
registry'' means a clinical data repository--</DELETED>
        <DELETED>    (1) that is established and operated by a 
        clinician-led or controlled, tax-exempt (pursuant to section 
        501(c) of the Internal Revenue Code of 1986), professional 
        society or other similar clinician-led or -controlled 
        organization, or such organization's controlled affiliate, 
        devoted to the care of a population defined by a particular 
        disease, condition, exposure or therapy;</DELETED>
        <DELETED>    (2) that is designed to collect detailed, 
        standardized data on an ongoing basis for medical procedures, 
        services, or therapies for particular diseases, conditions, or 
        exposures;</DELETED>
        <DELETED>    (3) that provides feedback to participants who 
        submit reports to the repository;</DELETED>
        <DELETED>    (4) that meets standards for data quality 
        including--</DELETED>
                <DELETED>    (A) systematically collecting clinical and 
                other health care data, using standardized data 
                elements and has procedures in place to verify the 
                completeness and validity of those data; and</DELETED>
                <DELETED>    (B) being subject to regular data checks 
                or audits to verify completeness and validity; 
                and</DELETED>
        <DELETED>    (5) that provides ongoing participant training and 
        support.</DELETED>
<DELETED>    (c) Treatment of Health Information Technology Developers 
With Respect to Patient Safety Organizations.--</DELETED>
        <DELETED>    (1) In general.--In applying part C of title IX of 
        the Public Health Service Act (42 U.S.C. 299b-21 et seq.), a 
        health information technology developer shall be treated as a 
        provider (as defined in section 921 of such Act) for purposes 
        of reporting and conducting patient safety activities 
        concerning improving clinical care through the use of health 
        information technology that could result in improved patient 
        safety, health care quality, or health care outcomes.</DELETED>
        <DELETED>    (2) Report.--Not later than 48 months after the 
        date of enactment of this Act, the Secretary of Health and 
        Human Services shall submit to the Committee on Health, 
        Education, Labor, and Pensions of the Senate and the Committee 
        on Energy and Commerce of the House of Representatives, a 
        report concerning best practices and current trends voluntarily 
        provided, and without identifying individual providers or 
        disclosing or using protected health information or 
        individually identifiable information, by Patient Safety 
        Organizations to improve the integration of health information 
        technology into clinical practice.</DELETED>

<DELETED>SEC. 7. EMPOWERING PATIENTS AND IMPROVING PATIENT ACCESS TO 
              THEIR ELECTRONIC HEALTH INFORMATION.</DELETED>

<DELETED>    (a) Use of Health Information Exchanges for Patient 
Access.--Section 3009 of the Public Health Service Act (42 U.S.C. 
300jj-19) is amended by adding at the end the following:</DELETED>
<DELETED>    ``(c) Promoting Patient Access to Electronic Health 
Information Through Health Information Exchanges.--</DELETED>
        <DELETED>    ``(1) In general.--The National Coordinator, in 
        coordination with the Office for Civil Rights of the Department 
        of Health and Human Services, shall use existing authorities to 
        encourage partnerships between health information exchange 
        organizations and networks and health care providers, health 
        plans, and other appropriate entities to offer patients access 
        to their electronic health information in a single, 
        longitudinal format that is easy to understand, secure, and may 
        update such information automatically.</DELETED>
        <DELETED>    ``(2) Education of providers.--The National 
        Coordinator, in coordination with the Office for Civil Rights 
        of the Department of Health and Human Services, shall--
        </DELETED>
                <DELETED>    ``(A) educate health care providers on 
                ways in which to leverage the capabilities of health 
                information exchanges (or other relevant platforms) to 
                provide patients with access to their electronic health 
                information;</DELETED>
                <DELETED>    ``(B) clarify misunderstandings by health 
                care providers about using health information exchanges 
                (or other relevant platforms) for patient access to 
                electronic health information; and</DELETED>
                <DELETED>    ``(C) to the extent practicable, educate 
                providers about health information exchanges (or other 
                relevant platforms) that employ some or all of the 
                capabilities described in paragraph (1).</DELETED>
        <DELETED>    ``(3) Requirements.--In carrying out paragraph 
        (1), the National Coordinator, in coordination with the Office 
        for Civil Rights, shall issue guidance to health information 
        exchanges related to best practices to ensure that the 
        electronic health information provided to patients is--
        </DELETED>
                <DELETED>    ``(A) private and secure;</DELETED>
                <DELETED>    ``(B) accurate;</DELETED>
                <DELETED>    ``(C) verifiable; and</DELETED>
                <DELETED>    ``(D) where a patient's authorization to 
                exchange is required by law, easily exchanged pursuant 
                to such authorization.</DELETED>
        <DELETED>    ``(4) Rule of construction.--Nothing in this 
        subsection shall be construed to preempt State laws applicable 
        to patient consent for the access of information through a 
        Health Information Exchange (or other relevant platforms) that 
        provide protections to patients that are greater than the 
        protections otherwise provided for under applicable Federal 
        law.</DELETED>
<DELETED>    ``(d) Efforts To Promote Access to Health Information.--
The National Coordinator and the Office for Civil Rights of the 
Department of Health and Human Services shall jointly, through the 
development of policies that support dynamic technology solutions, 
promote patient access to health information in a manner that would 
ensure that such information is available in a form convenient for the 
patient, in a reasonable manner, and without burdening the health care 
provider involved.</DELETED>
<DELETED>    ``(e) Accessibility of Patient Records.--</DELETED>
        <DELETED>    ``(1) Accessibility and updating of information.--
        </DELETED>
                <DELETED>    ``(A) In general.--The Secretary, in 
                consultation with the National Coordinator, shall 
                promote policies that ensure that a patient's 
                electronic health information is accessible to that 
                patient, and their designees, in a manner that 
                facilitates communication with the patient's health 
                care providers and such patient's consent, including 
                with respect to research.</DELETED>
                <DELETED>    ``(B) Updating education on accessing and 
                exchanging personal health information.--To promote 
                awareness that an individual has a right of access to 
                inspect, obtain a copy of, and transmit to a third 
                party a copy of protected health information pursuant 
                to the Health Information Portability and 
                Accountability Act Privacy Rule (45 C.F.R. 164.524 et 
                seq.), the Director of the Office for Civil Rights, in 
                consultation with the National Coordinator, shall 
                assist individuals and health care providers in 
                understanding a patient's rights to access and protect 
                their personal health information under the Health 
                Insurance Portability and Accountability Act of 1996 
                (Public Law 104-191), including providing best 
                practices for requesting personal health information in 
                a computable format, including using patient portals or 
                third-party applications and common cases when a 
                provider is permitted to exchange and provide access to 
                health information.</DELETED>
        <DELETED>    ``(2) Certifying usability for patients.--In 
        carrying out certification programs under section 3001(c)(5), 
        the National Coordinator shall require, where applicable, that 
        such program or programs require the following:</DELETED>
                <DELETED>    ``(A) That certification criteria support 
                patient access to their electronic health information, 
                including in a single longitudinal format that is easy 
                to understand, secure, and may be updated 
                automatically.</DELETED>
                <DELETED>    ``(B) That developers of health 
                information technology support patient access to an 
                electronic health record in a longitudinal format that 
                is easy to understand, secure, and may be updated 
                automatically.</DELETED>
                <DELETED>    ``(C) That certification criteria support 
                patient access to their personal electronic health 
                information for research at the option of the 
                patient.</DELETED>
                <DELETED>    ``(D) That certification criteria support 
                patient and health care provider communication, 
                including--</DELETED>
                        <DELETED>    ``(i) the ability for the patient 
                        to electronically communicate patient reported 
                        information (such as family history and medical 
                        history); and</DELETED>
                        <DELETED>    ``(ii) the ability for the patient 
                        to electronically share patient health 
                        information, at the option of the 
                        patient.</DELETED>
                <DELETED>    ``(E) That certified health information 
                technology used for health programs where certified 
                health information technology is required, include the 
                function for patient access to their own health 
                information, including--</DELETED>
                        <DELETED>    ``(i) ensuring that, as a 
                        condition of certification, health care 
                        providers have options for making such 
                        information accessible for patients;</DELETED>
                        <DELETED>    ``(ii) ensuring that patients have 
                        options for accessing such information; 
                        and</DELETED>
                        <DELETED>    ``(iii) ensuring that patients 
                        have access to information regarding their 
                        legal rights and responsibilities, as well the 
                        options available to them for accessing their 
                        electronic health information.</DELETED>
                <DELETED>    ``(F) That the HIT Standards Committee 
                develop and prioritize standards, implementation 
                specifications, and certification criteria required to 
                help support patient access to electronic health 
                information, patient usability, and support for 
                technologies that offer patients access to their 
                electronic health information in a single, longitudinal 
                format that is easy to understand, secure, and may be 
                updated automatically.''.</DELETED>
<DELETED>    (b) Access to Information in an Electronic Format.--
Section 13405(e) of the Health Information Technology for Economic and 
Clinical Health Act (42 U.S.C. 17935) is amended--</DELETED>
        <DELETED>    (1) in paragraph (1), by striking ``and'' at the 
        end;</DELETED>
        <DELETED>    (2) by redesignating paragraph (2) as paragraph 
        (3); and</DELETED>
        <DELETED>    (3) by inserting after paragraph (1), the 
        following:</DELETED>
        <DELETED>    ``(2) if the individual makes a request to a 
        business associate for access to, or a copy of, protected 
        health information about the individual, or if an individual 
        makes a request to a business associate to grant such access 
        to, or transmit such copy directly to, a person or entity 
        designated by the individual, a business associate may provide 
        the individual with such access or copy, which may be in an 
        electronic form, or grant or transmit such access or copy to 
        such person or entity designated by the individual; 
        and''.</DELETED>

<DELETED>SEC. 8. GAO STUDY ON PATIENT MATCHING.</DELETED>

<DELETED>    (a) In General.--Not later than 1 year after the date of 
enactment of this Act, the Comptroller General of the United States 
shall conduct a study to review the policies and activities of the 
Office of the National Coordinator for Health Information Technology 
and other relevant stakeholders to ensure appropriate patient matching 
to protect patient privacy and security with respect to electronic 
health records and the exchange of electronic health 
information.</DELETED>
<DELETED>    (b) Areas of Concentration.--In conducting the study under 
subsection (a), the Comptroller General shall--</DELETED>
        <DELETED>    (1) evaluate current methods used in certified 
        electronic health records for patient matching based on 
        performance related to factors such as--</DELETED>
                <DELETED>    (A) the privacy of patient 
                information;</DELETED>
                <DELETED>    (B) the security of patient 
                information;</DELETED>
                <DELETED>    (C) improving matching rates;</DELETED>
                <DELETED>    (D) reducing matching errors; 
                and</DELETED>
                <DELETED>    (E) reducing duplicate records; 
                and</DELETED>
        <DELETED>    (2) determine whether the Office of the National 
        Coordinator for Health Information Technology could improve 
        patient matching by taking steps including--</DELETED>
                <DELETED>    (A) defining additional data elements to 
                assist in patient data matching;</DELETED>
                <DELETED>    (B) agreeing on a required minimum set of 
                elements that need to be collected and 
                exchanged;</DELETED>
                <DELETED>    (C) requiring electronic health records to 
                have the ability to make certain fields required and 
                use specific standards; or</DELETED>
                <DELETED>    (D) other options recommended by the 
                relevant stakeholders consulted pursuant to subsection 
                (a).</DELETED>
<DELETED>    (c) Report.--Not later than 2 years after the date of 
enactment of this Act, the Comptroller General shall submit to the 
appropriate committees of Congress a report concerning the findings of 
the study conducted under subsection (a).</DELETED>

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Improving Health Information 
Technology Act''.

SEC. 2. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY OF 
              CARE FOR PATIENTS.

    (a) In General.--Part 1 of subtitle A of title XIII of the Health 
Information Technology for Economic and Clinical Health Act (Public Law 
111-5) is amended by adding at the end the following:

``SEC. 13103. ASSISTING DOCTORS AND HOSPITALS IN IMPROVING THE QUALITY 
              OF CARE FOR PATIENTS.

    ``(a) Reduction in Burdens Goal.--The Secretary of Health and Human 
Services (referred to in this section as the `Secretary'), in 
consultation with providers of health services, health care suppliers 
of services, health care payers, health professional societies, health 
information technology developers, health care quality organizations, 
health care accreditation organizations, public health entities, 
States, and other appropriate entities, shall, in accordance with 
subsection (b)--
            ``(1) establish a goal with respect to the reduction of 
        regulatory or administrative burdens (such as documentation 
        requirements) relating to the use of electronic health records;
            ``(2) develop a strategy for meeting the goal established 
        under paragraph (1); and
            ``(3) develop recommendations for meeting the goal 
        established under paragraph (1).
    ``(b) Strategy and Recommendations.--
            ``(1) In general.--To achieve the goals established under 
        subsection (a)(1), the Secretary, in consultation with the 
        entities described in such subsection, shall, not later than 12 
        months after the date of enactment of this section, develop a 
        strategy and recommendations to meet the goals in accordance 
        with this subsection.
            ``(2) Strategy.--The strategy developed under paragraph (1) 
        shall address the regulatory and administration burdens (such 
        as documentation requirements) relating to the use of 
        electronic health records. Such strategy shall include broad 
        public comment and shall prioritize burdens related to--
                    ``(A) the Medicare and Medicaid EHR Meaningful Use 
                Incentive programs or the Merit-based Incentive Payment 
                System, the Alternative Payment Models, the Hospital 
                Value-Based Purchasing Program, and other value-based 
                payment programs determined appropriate by the 
                Secretary;
                    ``(B) health information technology certification 
                programs;
                    ``(C) standards, and implementation specifications, 
                as appropriate;
                    ``(D) activities that provide individuals access to 
                their electronic health information;
                    ``(E) activities related to protecting the privacy 
                of electronic health information;
                    ``(F) activities related to protecting the security 
                of electronic health information;
                    ``(G) activities related to facilitating health and 
                clinical research;
                    ``(H) activities related to public health;
                    ``(I) activities related to aligning and 
                simplifying quality measures across Federal programs 
                and other payers;
                    ``(J) activities related to reporting clinical data 
                for administrative purposes; and
                    ``(K) other areas determined appropriate by the 
                Secretary;
            ``(3) Recommendations.--The recommendations developed under 
        paragraph (1) shall address--
                    ``(A) actions that improve the clinical 
                documentation experience;
                    ``(B) actions that improve patient care;
                    ``(C) actions to be taken by the Secretary and by 
                other entities; and
                    ``(D) other areas determined appropriate by the 
                Secretary to reduce the reporting burden required of 
                health care providers.
            ``(4) FACA.--The Federal Advisory Committee Act (5 U.S.C. 
        App.) shall not apply to the development of the goal, 
        strategies, or recommendations described in this section.
    ``(c) Application of Certain Regulatory Requirements.--A physician 
(as defined in section 1861(r)(1) of the Social Security Act) may 
delegate electronic medical record documentation requirements specified 
in regulations promulgated by the Department of Health and Human 
Service to a person who is not such physician if such physician has 
signed and verified the documentation.''.
    (b) Certification of Health Information Technology for Medical 
Specialties and Sites of Service.--Section 3001(c)(5) of the Public 
Health Service Act (42 U.S.C. 300jj-11(c)(5)) is amended by adding at 
the end the following:
                    ``(C) Health information technology for medical 
                specialties and sites of service.--
                            ``(i) In general.--The National Coordinator 
                        shall encourage, keep, or recognize, through 
                        existing authorities, the voluntary 
                        certification of health information technology 
                        under the program developed under subparagraph 
                        (A) for use in medical specialties and sites of 
                        service for which no such technology is 
                        available or where more technological 
                        advancement or integration is needed.
                            ``(ii) Specific medical specialties.--The 
                        HIT Policy and Standards Committees shall make 
                        recommendations on specific medical specialties 
                        and sites of service, in addition to those 
                        described in clause (iii), applicable under 
                        this paragraph.
                            ``(iii) Certified health information 
                        technology for pediatrics.--Not later than 18 
                        months after the date of enactment of this 
                        subparagraph, the HIT Policy and Standards 
                        Committees, in consultation with relevant 
                        stakeholders, shall make recommendations for 
                        the voluntary certification of health 
                        information technology for use by pediatric 
                        health providers to support the health care of 
                        children. Not later than 24 months after the 
                        date of enactment of this subparagraph, the 
                        Secretary shall adopt certification criteria 
                        (under section 3004) to support the voluntary 
                        certification of health information technology 
                        for use by pediatric health providers to 
                        support the health care of children.''.
    (c) Meaningful Use Statistics.--
            (1) In general.--Not later than 6 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall submit to the HIT Policy Committee of the Office 
        of the National Coordinator for Health Information Technology, 
        a report concerning attestation statistics for the Medicare and 
        Medicaid EHR Meaningful Use Incentive programs to assist in 
        informing standards adoption and related practices. Such 
        statistics shall include attestation information delineated by 
        State, including the number of providers who did not meet the 
        minimum criteria necessary to attest for the Medicare and 
        Medicaid EHR Meaningful Use Incentive programs for a calendar 
        year, and shall be made publicly available on the Internet 
        website of the Secretary on at least a quarterly basis.
            (2) Authority to alter format.--The Secretary of Health and 
        Human Service may alter the format of the reports on the 
        attestation of eligible health care professionals following the 
        first performance year of the Merit-based Incentive Payment 
        System to account for changes arising from the implementation 
        of such payment system.

SEC. 3. TRANSPARENT RATINGS ON USABILITY AND SECURITY TO TRANSFORM 
              INFORMATION TECHNOLOGY.

    (a) Enhancements to Certification.--Section 3001(c)(5) of the 
Public Health Service Act (42 U.S.C. 300jj-11), as amended by section 
2(b), is further amended--
            (1) in subparagraph (A)--
                    (A) by striking ``The National Coordinator'' and 
                inserting the following:
                            ``(i) Voluntary certification program.--The 
                        National Coordinator''; and
                    (B) by adding at the end the following:
                            ``(ii) Transparency of program.--
                                    ``(I) In general.--To enhance 
                                transparency in the compliance of 
                                health information technology with 
                                certification criteria and other 
                                requirements adopted under this 
                                subtitle, the National Coordinator, in 
                                coordination with authorized 
                                certification bodies, may make 
                                information demonstrating how health 
                                information technology meets such 
                                certification criteria or other 
                                requirements publicly available. Such 
                                information may include summaries, 
                                screenshots, video demonstrations, or 
                                any other information the National 
                                Coordinator determines appropriate.
                                    ``(II) Protection of proprietary 
                                information.--The National Coordinator 
                                shall take appropriate measures to 
                                ensure that there are in effect 
                                effective procedures to prevent the 
                                unauthorized disclosure of any trade 
                                secret or confidential information that 
                                is obtained by the Secretary pursuant 
                                to this section.'';
            (2) in subparagraph (B), by adding at the end the 
        following: ``Beginning 18 months after reporting criteria are 
        finalized under section 3009A, certification criteria shall 
        include, in addition to criteria to establish that the 
        technology meets such standards and implementation 
        specifications, criteria consistent with section 3009A(b) to 
        establish that technology meets applicable security 
        requirements, incorporates user-centered design, and achieves 
        interoperability.''; and
            (3) by adding at the end the following:
                    ``(D) Conditions of certification.--Beginning 1 
                year after the date of enactment of the Improving 
                Health Information Technology Act, the Secretary shall 
                require, as a condition of certification and 
                maintenance of certification for programs maintained or 
                recognized under this paragraph, that--
                            ``(i) the health information technology 
                        developer or entity does not take any action 
                        that constitutes information blocking with 
                        respect to health information technology;
                            ``(ii) the health information technology 
                        developer or entity permits unimpeded 
                        communication among and between health 
                        information technology users, and for the 
                        purposes of health information technology users 
                        communicating with an authorized certification 
                        body, the Office of the National Coordinator, 
                        and the Office of the Inspector General, the 
                        health information technology developer or 
                        entity permits unimpeded communication 
                        regarding the usability, interoperability, 
                        security, business practices, or other relevant 
                        information about the health information 
                        technology or users' experience with the health 
                        information technology;
                            ``(iii) health information from such 
                        technology may be exchanged, accessed, and used 
                        through the use of application programming 
                        interfaces or successor technology or standard 
                        as provided for under applicable law;
                            ``(iv) the health information technology 
                        developer or entity provides to the Secretary 
                        an attestation that the developer or entity--
                                    ``(I) has not engaged in any of the 
                                conduct described in clause (i);
                                    ``(II) allows for communication as 
                                described in clause (ii); and
                                    ``(III) ensures that its technology 
                                allows for health information to be 
                                exchanged, accessed, and used, in the 
                                manner described in clause (iii); and
                            ``(v) the health information technology 
                        developer or entity submits reporting criteria 
                        in accordance with section 3009A(f).''.
    (b) Health Information Technology Rating Program.--Subtitle A of 
title XXX of the Public Health Service Act (42 U.S.C. 300jj-11 et seq.) 
is amended by adding at the end the following:

``SEC. 3009A. HEALTH INFORMATION TECHNOLOGY RATING PROGRAM.

    ``(a) Establishment.--Not later than 180 days after the date of 
enactment of the Improving Health Information Technology Act, the 
Secretary shall recognize a development council made up of one 
representative from each of the certification bodies authorized by the 
Office of the National Coordinator and the testing laboratories 
accredited under section 13201(b) of the Health Information Technology 
for Economic and Clinical Health Act (42 U.S.C. 17911(b)), one 
representative from the National Institute of Standards and Technology, 
and one representative from the Office of the National Coordinator. The 
development council shall meet as needed for the purposes of carrying 
out its activities in accordance with this section.
    ``(b) Reporting Criteria.--
            ``(1) In general.--The Secretary shall, using the 
        procedures prescribed in this subsection, issue rules 
        establishing reporting criteria for health information 
        technology products.
            ``(2) Convening of stakeholders.--Not later than 1 year 
        after the date of enactment of the Improving Health Information 
        Technology Act, the Secretary, in consultation with the 
        development council described in subsection (a), shall convene 
        stakeholders as described in paragraph (3) for the purpose of 
        developing the reporting criteria in accordance with paragraph 
        (4).
            ``(3) Development of reporting criteria.--The reporting 
        criteria under this subsection shall be developed through a 
        public, transparent process that reflects input from relevant 
        stakeholders, including--
                    ``(A) health care providers, including primary care 
                and specialty care health care professionals;
                    ``(B) hospitals and hospital systems;
                    ``(C) health information technology developers;
                    ``(D) patients, consumers, and their advocates;
                    ``(E) data sharing networks, such as health 
                information exchanges;
                    ``(F) authorized certification bodies and testing 
                laboratories;
                    ``(G) security experts;
                    ``(H) relevant manufacturers of medical devices;
                    ``(I) experts in health information technology 
                market economics;
                    ``(J) public and private entities engaged in the 
                evaluation of health information technology 
                performance;
                    ``(K) quality organizations, including the 
                consensus based entity described in section 1890 of the 
                Social Security Act;
                    ``(L) experts in human factors engineering and the 
                measurement of user-centered design; and
                    ``(M) other entities or persons, as the Secretary, 
                in consultation with the development council, 
                determines appropriate.
            ``(4) Considerations for reporting criteria.--The reporting 
        criteria developed under this subsection--
                    ``(A) shall include measures that reflect 
                categories including, with respect to the technology--
                            ``(i) security;
                            ``(ii) usability and user-centered design;
                            ``(iii) interoperability;
                            ``(iv) conformance to certification 
                        testing; and
                            ``(v) other categories as appropriate to 
                        measure the performance of health information 
                        technology;
                    ``(B) may include measures such as--
                            ``(i) enabling the user to order and view 
                        the results of laboratory tests, imaging tests, 
                        and other diagnostic tests;
                            ``(ii) submitting, editing, and retrieving 
                        data from registries such as clinician-led 
                        clinical data registries;
                            ``(iii) accessing and exchanging 
                        information and data from and through Health 
                        Information Exchanges;
                            ``(iv) accessing and exchanging information 
                        and data from medical devices;
                            ``(v) accessing and exchanging information 
                        and data held by Federal, State, and local 
                        agencies and other applicable entities useful 
                        to a health care provider or other applicable 
                        user in the furtherance of patient care;
                            ``(vi) accessing and exchanging information 
                        from other health care providers or applicable 
                        users;
                            ``(vii) accessing and exchanging patient 
                        generated information;
                            ``(viii) providing the patient or an 
                        authorized designee with a complete copy of 
                        their health information from an electronic 
                        record in a computable format;
                            ``(ix) providing accurate patient 
                        information for the correct patient, including 
                        exchanging such information, and avoiding the 
                        duplication of patients records; and
                            ``(x) other appropriate functionalities; 
                        and
                    ``(C) shall be designed to ensure that small and 
                start-up health information technology developers are 
                not unduly disadvantaged by the reporting criteria or 
                rating scale methodology.
            ``(5) Consideration of development council 
        recommendations.--In promulgating proposed rules under this 
        subsection, including modifications to such rules under 
        subsection (e), the Secretary may accept, reject, or modify the 
        recommendations of the development council, but may not 
        promulgate a proposed rule that does not represent a complete 
        recommendation of such council.
            ``(6) Public comment.--In promulgating proposed rules under 
        this subsection, the Secretary shall conduct a public comment 
        period of not less than 60 days during which any member of the 
        public may provide comments on the proposed reporting criteria 
        and the methodology for the rating body (defined in subsection 
        (g)) to use in determining the star ratings.
            ``(7) Final rules.--The final rule promulgated under this 
        subsection shall be accompanied by timely responses to the 
        public comments described in paragraph (6).
            ``(8) FACA.--The Federal Advisory Committee Act (5 U.S.C. 
        App.) shall not apply to the development council described in 
        this section.
    ``(c) Feedback.--
            ``(1) In general.--The Secretary, in consultation with the 
        development council, shall establish a process for the rating 
        body (described in subsection (g)) to collect and verify 
        confidential feedback from--
                    ``(A) health care providers, patients, and other 
                users of certified health information technology on the 
                usability, security, and interoperability of health 
                information technology products; and
                    ``(B) developers of certified health information 
                technology on practices of health information 
                technology users that may inhibit interoperability.
            ``(2) Paperwork reduction act.--The Paperwork Reduction Act 
        (44 U.S.C. 3501 et seq.) shall not apply to the collection of 
        feedback described in this subsection.
    ``(d) Methodology.--The Secretary, in consultation with the 
development council, shall develop a methodology to be used by the 
rating body described in subsection (g) to calculate the star ratings 
for certified health information technology described in subsection 
(a). The methodology shall use the reporting criteria developed in 
subsection (b), and the confidential feedback collected under 
subsection (c). In developing such methodology, the Secretary, in 
consultation with the development council, shall--
            ``(1) provide for appropriate weighting of user feedback 
        submitted under subsection (c) and reporting criteria submitted 
        under subsection (f), including consideration of the number of 
        users who submitted such feedback;
            ``(2) consider the impact of customization or adaptation by 
        users of certified health information technology on 
        performance;
            ``(3) account for the intended function, scope, and type of 
        certified health information technology;
            ``(4) in consultation with the development council and 
        after seeking comment from developers of health information 
        technology in a manner that ensures appropriate industry 
        feedback, establish a timeframe, but in no case less frequent 
        than once every 3 years, for the submission of reporting 
        criteria under subsection (f); and
            ``(5) establish a timeframe for incorporating user feedback 
        submitted under subsection (c) and reporting criteria submitted 
        under subsection (f) into the star ratings for certified health 
        information technology that accounts for updates to such 
        technology in order to encourage innovation and maximize the 
        utility of the star ratings.
    ``(e) Modifications.--
            ``(1) To the number of stars in the rating program.--The 
        development council may modify the number of star ratings 
        employed by the system, but not more frequently than every 4 
        years. In no case shall the rating system employ fewer than 3 
        stars.
            ``(2) To the reporting criteria.--After the final reporting 
        criteria have been established under this section, the 
        Secretary, in consultation with the development council, may 
        convene stakeholders and conduct a public reporting period for 
        the purpose of modifying the reporting criteria developed under 
        subsection (b) and methodology for determining the star ratings 
        proposed under subsection (e).
            ``(3) To the methodology.--After the final methodology to 
        be used by the rating body is established under subsection (e), 
        the Secretary, in consultation with the development council, 
        may modify the methodology used to calculate the star ratings 
        for certified health information technology using the reporting 
        criteria developed under subsection (b) and the confidential 
        feedback collected under subsection (c).
            ``(4) Consideration of gao report.--The Secretary and the 
        development council shall take into account the recommendations 
        from the Comptroller General under subsection (k), where 
        available, for the purposes of this paragraph.
    ``(f) Participation.--As a condition of maintaining their 
certification under section 3001(c)(5)(D), a developer of certified 
health information technology shall report on the criteria developed 
under subsection (b) for all such certified technology offered by such 
developer pursuant to the timeframe established under subsection (d).
    ``(g) Rating Body.--
            ``(1) In general.--The National Coordinator shall recognize 
        an independent entity with appropriate expertise to carry out 
        the rating program established by the development council under 
        subsection (a) and shall re-determine such recognition at least 
        every 4 years.
            ``(2) Consultation.--The entity recognized under paragraph 
        (1) may consult with organizations with expertise in the 
        measurement of interoperability, usability, and security of 
        health information technology in carrying out activities under 
        this section.
    ``(h) One Star Rating.--Each health information technology 
developer, or entity offering health information technology for 
certification, that receives a 1 star rating shall take action, through 
an improvement plan developed with the rating body and approved by the 
Secretary, to improve the health information technology rating within a 
timeframe that the Secretary determines appropriate.
    ``(i) Decertification.--
            ``(1) Mandatory.--The Secretary shall decertify health 
        information technology if the developer or entity offering 
        health information technology does not submit reporting 
        criteria in accordance with subsection (f) within 90 days of 
        the timeline established under subsection (d).
            ``(2) Other decertification.--The Secretary may decertify 
        health information technology if--
                    ``(A) the health information technology does not 
                improve from a one star rating within the timeframe 
                established under subsection (h); or
                    ``(B) in other circumstances, as the Secretary 
                determines appropriate through notice and comment 
                rulemaking.
    ``(j) GAO Reports.--During the 12-year period beginning on the date 
of enactment of the Improving Health Information Technology Act, the 
Comptroller General of the United States shall submit to Congress a 
report every 4 years on the rating scale methodology developed pursuant 
to subsection (d), providing observations on the appropriateness of the 
current methodology and recommendations for changes to the methodology. 
The Development Council shall recommend to Congress and the Secretary 
if additional reports are needed after the expiration of such 12-year 
period.
    ``(k) Internet Website.--On the Internet website of the Office of 
the National Coordinator, the Secretary shall publish the criteria and 
methodology used to determine the star ratings, and, for each certified 
health information technology, the final star rating, and a report 
outlining such technology's performance with regard to the reporting 
criteria developed under subsection (b), and if an improvement plan has 
been administered. Following the reporting described in subsection (f), 
the rating body shall have 30 days to calculate and submit updated 
ratings to the Secretary and each developer of health information 
technology, and updated ratings shall be published on such Internet 
website not later than 30 days following such submission, 
notwithstanding an appeal of a rating by a developer or entity through 
the process developed under subsection (m).
    ``(l) Hardship Exemption.--Decertification of an adopted health 
information technology product under subsection (i) shall be considered 
a significant hardship resulting in a blanket exemption from the 
payment adjustment pursuant to section 1848(a)(7)(B) of the Social 
Security Act for eligible professionals, section 1886(b)(3)(ix)(II) of 
such Act for eligible hospitals, and 1814(l)(4)(C) of such Act for 
critical access hospitals.
    ``(m) Notification and Appeals.--The Secretary shall establish a 
process through rulemaking whereby any health information technology 
developer, or entity offering health information technology, is 
notified not less than 30 days before being made public and can 
appeal--
            ``(1) the health information technology product's star 
        rating; or
            ``(2) the Secretary's decision to decertify a product, as 
        applicable.''.

SEC. 4. INFORMATION BLOCKING.

    Subtitle C of title XXX of the Public Health Service Act (42 U.S.C. 
300jj-51 et seq.) is amended by adding at the end the following:

``SEC. 3022. INFORMATION BLOCKING.

    ``(a) Definition.--
            ``(1) In general.--The term `information blocking' means--
                    ``(A) with respect to a health information 
                technology developer, exchange, or network, business, 
                technical, or organizational practices that--
                            ``(i) except as required by law or 
                        specified by the Secretary, interferes with, 
                        prevents, or materially discourages access, 
                        exchange, or use of electronic health 
                        information; and
                            ``(ii) the developer, exchange, or network 
                        knows, or should know, are likely to interfere 
                        with or prevent or materially discourage the 
                        access, exchange, or use of electronic health 
                        information; and
                    ``(B) with respect to a health care provider, the 
                person or entity knowingly and unreasonably restricts 
                electronic health information exchange for patient care 
                or other priorities as determined appropriate by the 
                Secretary.
            ``(2) Rulemaking.--The Secretary shall, through 
        rulemaking--
                    ``(A) identify reasonable and necessary activities 
                that do not constitute information blocking for 
                purposes of paragraph (1)(A); and
                    ``(B) identify actions that meet the definition of 
                information blocking with respect to health care 
                providers for purposes of paragraph (1)(B).
    ``(b) Inspector General Authority.--
            ``(1) In general.--The Inspector General of the Department 
        of Health and Human Services may investigate any claim that--
                    ``(A) a health information technology developer of, 
                or other entity offering certified health information 
                technology--
                            ``(i) submits a false attestation made 
                        under section 3001(c)(5)(D); or
                            ``(ii) engaged in information blocking with 
                        respect to the use of such health information 
                        technology by a health care provider, unless 
                        for a legitimate purpose specified by the 
                        Secretary;
                    ``(B) a health care provider engaged in information 
                blocking with respect to access or exchange of 
                certified health information technology, unless for a 
                legitimate purpose specified by the Secretary; and
                    ``(C) a health information network or exchange 
                provider engaged in information blocking with respect 
                to the access, exchange, or use of such certified 
                health information technology, unless for a legitimate 
                purpose specified by the Secretary.
            ``(2) Jurisdiction of the inspector general.--For purposes 
        of this section, the Office of the Inspector General shall have 
        jurisdiction with respect to exchanges and networks, as well as 
        any developer or entity offering health information technology 
        for certification under a program or programs kept or 
        recognized by the National Coordinator under section 
        3001(c)(5). The National Coordinator shall notify developers of 
        health information technology as appropriate regarding the 
        jurisdiction of the Inspector General under this paragraph.
            ``(3) Penalty.--
                    ``(A) Developers, networks, and exchanges.--With 
                respect to a health information technology developer, 
                exchange, or network, a person or entity determined by 
                the Inspector General to have committed information 
                blocking as described in subparagraph (A) or (C) of 
                paragraph (1) shall be subject to a civil monetary 
                penalty in an amount determined, through notice-and-
                comment rulemaking, by the Secretary which may take 
                into account factors such as the extent and duration of 
                the information blocking and the number of patients and 
                providers potentially affected.
                    ``(B) Providers.--With respect to health care 
                providers, any person or entity determined by the 
                Inspector General to have committed information 
                blocking as described in subparagraph (B) of paragraph 
                (1) shall be subject to appropriate incentives and 
                disincentives using authorities under applicable 
                Federal law, as determined appropriate by the Secretary 
                through notice and comment rulemaking.
                    ``(C) Procedure.--The provisions of section 1128A 
                of the Social Security Act (other than subsections (a) 
                and (b)) shall apply to a civil money penalty applied 
                under this subsection in the same manner as such 
                provisions apply to a civil money penalty or proceeding 
                under section 1128A(a).
                    ``(D) Recovery of funds.--Notwithstanding section 
                3302 of title 31, United States Code, or any other 
                provision of law affecting the crediting of 
                collections, the Inspector General of the Department of 
                Health and Human Services may receive and retain for 
                current use any amounts recovered under subparagraphs 
                (A) and (C). In addition to amounts otherwise available 
                to the Inspector General, funds received by the 
                Inspector General under this paragraph shall be 
                deposited, as an offsetting collection, to the credit 
                of any appropriation available for purposes of carrying 
                out this subsection and shall be available without 
                fiscal year limitation and without further 
                appropriation.
            ``(4) Resolution of claims.--
                    ``(A) In general.--The Office of the Inspector 
                General, if such Office determines that a simple 
                consultation regarding the health privacy and security 
                rules promulgated under section 264(c) of the Health 
                Insurance Portability and Accountability Act of 1996 
                (42 U.S.C. 1320d-2 note) will resolve the claim at 
                issue, may refer instances of information blocking to 
                the Office for Civil Rights of the Department of Health 
                and Human Services for resolution.
                    ``(B) Limitation on liability.--If a health 
                information technology developer makes information 
                available based on a good faith reliance on 
                consultations with the Office for Civil Rights of the 
                Department of Health and Human Services with respect to 
                such information, the developer shall not be liable for 
                such disclosure.
    ``(c) Identifying Barriers to Exchange of Certified Health 
Information Technology.--
            ``(1) Trusted exchange defined.--In this section, the term 
        `trusted exchange' with respect to certified health information 
        technology means that the certified health information 
        technology has the technical capability to enable secure health 
        information exchange between users and multiple certified 
        health information technology systems.
            ``(2) Guidance.--The National Coordinator, in consultation 
        with the Office for Civil Rights of the Department of Health 
        and Human Services, shall issue guidance on common legal, 
        governance, and security barriers that prevent the trusted 
        exchange of electronic health information.
            ``(3) Referral.--The National Coordinator and the Office 
        for Civil Rights of the Department of Health and Human Services 
        may refer to the Inspector General instances or patterns of 
        refusal to exchange health information with an individual or 
        entity using certified health information technology that is 
        technically capable of trusted exchange and under conditions 
        when exchange is legally permissible.
            ``(4) HIT standards committee consideration.--Not later 
        than 1 year after the date of enactment of the Improving Health 
        Information Technology Act, the HIT Standards Committee shall 
        begin consideration of issues related to trusted exchange.''.

SEC. 5. INTEROPERABILITY.

    (a) Definition.--Section 3000 of the Public Health Service Act (42 
U.S.C. 300jj) is amended--
            (1) by redesignating paragraphs (10) through (14), as 
        paragraphs (11) through (15), respectively; and
            (2) by inserting after paragraph (9) the following:
            ``(10) Interoperability.--The term `interoperability' with 
        respect to health information technology means such health 
        information technology that has the ability to securely 
        exchange electronic health information with and use electronic 
        health information from other health information technology 
        without special effort on the part of the user.''.
    (b) Support for Interoperable Network Exchange.--Section 3001(c) of 
the Public Health Service Act (42 U.S.C. 300jj-11(c)) is amended by 
adding at the end the following:
            ``(9) Support for interoperable networks exchange.--
                    ``(A) In general.--The National Coordinator shall, 
                in collaboration with the National Institute of 
                Standards and Technology and other relevant agencies 
                within the Department of Health and Human Services, for 
                the purpose of ensuring full network-to-network 
                exchange of health information, convene public-private 
                and public-public partnerships to build consensus and 
                develop a trusted exchange framework, including a 
                common agreement among health information networks 
                nationally. Such convention may occur at a frequency 
                determined appropriate by the Secretary.
                    ``(B) Establishing a trusted exchange framework.--
                            ``(i) In general.--Not later than six 
                        months after the date of enactment of this 
                        paragraph, the National Coordinator shall 
                        convene appropriate public and private 
                        stakeholders to develop a trusted exchange 
                        framework for trust policies and practices and 
                        for a common agreement for exchange between 
                        health information networks. The common 
                        agreement may include--
                                    ``(I) a common method for 
                                authenticating trusted health 
                                information network participants;
                                    ``(II) a common set of rules for 
                                trusted exchange;
                                    ``(III) organizational and 
                                operational policies to enable the 
                                exchange of health information among 
                                networks, including minimum conditions 
                                for such exchange to occur; and
                                    ``(IV) a process for filing and 
                                adjudicating non-compliance with the 
                                terms of the common agreement.
                            ``(ii) Technical assistance.--The National 
                        Coordinator, in conjunction with National 
                        Institute of Standards and Technology, shall 
                        provide technical assistance on how to 
                        implement the trusted exchange framework and 
                        common agreement under this paragraph.
                            ``(iii) Pilot testing.--The National 
                        Coordinator, in collaboration with the National 
                        Institute of Standards and Technology, shall 
                        provide for the pilot testing of the trusted 
                        exchange framework and common agreement 
                        established under this subsection (as 
                        authorized under section 13201 of the Health 
                        Information Technology for Economic and 
                        Clinical Health Act). The National Coordinator, 
                        in collaboration with the National Institute of 
                        Standards and Technology, may delegate pilot 
                        testing activities under this clause to 
                        independent entities with appropriate 
                        expertise.
                    ``(C) Publication of a trusted exchange framework 
                and common agreement.--Not later than one year after 
                convening stakeholders under subparagraph (A), the 
                National Coordinator shall publish on its public 
                Internet website, and in the Federal register, the 
                trusted exchange framework and common agreement 
                developed under subparagraph (B). Such trusted exchange 
                framework and common agreement shall be published in a 
                manner that protects proprietary and security 
                information, including trade secrets and any other 
                protected intellectual property.
                    ``(D) Directory of participating health information 
                networks.--
                            ``(i) In general.--Not later than two years 
                        after convening stakeholders under subparagraph 
                        (A), and annually thereafter, the National 
                        Coordinator shall publish on its public 
                        Internet website a list of those health 
                        information networks that have adopted the 
                        common agreement and are capable of trusted 
                        exchange pursuant to the common agreement 
                        developed under paragraph (B).
                            ``(ii) Process.--The Secretary shall, 
                        through notice-and-comment rulemaking, 
                        establish a process for health information 
                        networks that voluntarily elect to adopt the 
                        trusted exchange framework and common agreement 
                        to attest to such adoption of the framework and 
                        agreement.
                    ``(E) Application of the trusted exchange framework 
                and common agreement.--As appropriate, Federal agencies 
                contracting or entering into agreements with health 
                information exchange networks may require that as each 
                such network upgrades health information technology or 
                trust and operational practices, it may adopt, where 
                available, the trusted exchange framework and common 
                agreement published under subparagraph (C).
                    ``(F) Rule of construction.--
                            ``(i) General adoption.--Nothing in this 
                        paragraph shall be construed to require a 
                        health information network to adopt the trusted 
                        exchange framework or common agreement.
                            ``(ii) Adoption when exchange of 
                        information is within network.--Nothing in this 
                        paragraph shall be construed to require a 
                        health information network to adopt the trusted 
                        exchange framework or common agreement for the 
                        exchange of electronic health information 
                        between participants of the same network.
                            ``(iii) Existing frameworks and 
                        agreements.--The trusted exchange framework and 
                        common agreement published under subparagraph 
                        (C) shall take into account existing trusted 
                        exchange frameworks and agreements used by 
                        health information networks to avoid the 
                        disruption of existing exchanges between 
                        participants of health information networks.
                            ``(iv) Application by federal agencies.--
                        Notwithstanding clauses (i), (ii), and (iii), 
                        Federal agencies may require the adoption of 
                        the trusted exchange framework and common 
                        agreement published under subparagraph (C) for 
                        health information exchanges contracting with 
                        or entering into agreements pursuant to 
                        subparagraph (E).
                            ``(v) Consideration of ongoing work.--In 
                        carrying out this paragraph, the Secretary 
                        shall ensure the consideration of activities 
                        carried out by public and private organizations 
                        related to exchange between health information 
                        exchanges to avoid duplication of efforts.''.
    (c) Provider Digital Contact Information Index.--
            (1) In general.--Not later than 36 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall either directly, or through a partnership with a 
        private entity, establish a provider digital contact 
        information index to provide digital contact information for 
        health professionals, health facilities, and other individuals 
        or organizations.
            (2) Use of existing index.--In establishing the initial 
        index under paragraph (1), the Secretary of Health and Human 
        Services may utilize an existing provider directory to make 
        such digital contact information available.
            (3) Contact information.--An index established under this 
        subsection shall ensure that contact information is available 
        at the individual health care provider level and at the health 
        facility or practice level.
            (4) Rule of construction.--
                    (A) In general.--The purpose of this subsection is 
                to encourage the exchange of electronic health 
                information by providing the most useful, reliable, and 
                comprehensive index of providers possible. In 
                furthering such purpose, the Secretary of Health and 
                Human Service shall include all health professionals, 
                health facilities, and other individuals or 
                organizations applicable to provide a useful, reliable, 
                and comprehensive index for use in the exchange of 
                health information.
                    (B) Limitation.--In no case shall exclusion from 
                the index of providers be used as a measure to achieve 
                objectives other those described in subparagraph (A).
    (d) Standards Development Organizations.--Section 3004 of the 
Public Health Service Act (42 U.S.C. 300jj-14) is amended by adding at 
the end the following:
    ``(c) Deference to Standards Development Organizations.--In 
adopting and implementing standards under this section, the Secretary 
shall give deference to standards published by Standards Development 
Organizations and voluntary consensus-based standards bodies.''.

SEC. 6. LEVERAGING HEALTH INFORMATION TECHNOLOGY TO IMPROVE PATIENT 
              CARE.

    (a) Requirement Relating to Registries.--
            (1) In general.--To be certified in accordance with title 
        XXX of the Public Health Service Act, health information 
        technology (as defined by section 3000(5) of the Public Health 
        Service Act (42 U.S.C. 300jj(5))) shall be capable of 
        transmitting to, and where applicable, receiving and accepting 
        data from registries in accordance with standards recognized by 
        the Office of the National Coordinator for Health Information 
        Technology, including clinician-led clinical data registries, 
        that are also certified to be technically capable of receiving 
        and accepting from, and where applicable, transmitting data to 
        certified health information technology in accordance with such 
        standards.
            (2) Rule of construction.--Nothing in this subsection shall 
        be construed to require the certification of registries beyond 
        the technical capability to exchange data in accordance with 
        applicable endorsed standards.
    (b) Definition.--For purposes of this Act (including amendments 
made to title XXX of the Public Health Service Act (42 U.S.C. 300jj et 
seq.), the term ``clinician-led clinical data registry'' means a 
clinical data repository--
            (1) that is established and operated by a clinician-led or 
        controlled, tax-exempt (pursuant to section 501(c) of the 
        Internal Revenue Code of 1986), professional society or other 
        similar clinician-led or -controlled organization, or such 
        organization's controlled affiliate, devoted to the care of a 
        population defined by a particular disease, condition, exposure 
        or therapy;
            (2) that is designed to collect detailed, standardized data 
        on an ongoing basis for medical procedures, services, or 
        therapies for particular diseases, conditions, or exposures;
            (3) that provides feedback to participants who submit 
        reports to the repository;
            (4) that meets standards for data quality including--
                    (A) systematically collecting clinical and other 
                health care data, using standardized data elements and 
                has procedures in place to verify the completeness and 
                validity of those data; and
                    (B) being subject to regular data checks or audits 
                to verify completeness and validity; and
            (5) that provides ongoing participant training and support.
    (c) Treatment of Health Information Technology Developers With 
Respect to Patient Safety Organizations.--
            (1) In general.--In applying part C of title IX of the 
        Public Health Service Act (42 U.S.C. 299b-21 et seq.), a health 
        information technology developer shall be treated as a provider 
        (as defined in section 921 of such Act) for purposes of 
        reporting and conducting patient safety activities concerning 
        improving clinical care through the use of health information 
        technology that could result in improved patient safety, health 
        care quality, or health care outcomes.
            (2) Report.--Not later than 48 months after the date of 
        enactment of this Act, the Secretary of Health and Human 
        Services shall submit to the Committee on Health, Education, 
        Labor, and Pension of the Senate and the Committee on Energy 
        and Commerce of the House of Representatives, a report 
        concerning best practices and current trends voluntarily 
        provided, and without identifying individual providers or 
        disclosing or using protected health information or 
        individually identifiable information, by Patient Safety 
        Organizations to improve the integration of health information 
        technology into clinical practice.

SEC. 7. EMPOWERING PATIENTS AND IMPROVING PATIENT ACCESS TO THEIR 
              ELECTRONIC HEALTH INFORMATION.

    (a) Use of Health Information Exchanges for Patient Access.--
Section 3009 of the Public Health Service Act (42 U.S.C. 300jj-19) is 
amended by adding at the end the following:
    ``(c) Promoting Patient Access to Electronic Health Information 
Through Health Information Exchanges.--
            ``(1) In general.--The National Coordinator, in 
        coordination with the Office for Civil Rights of the Department 
        of Health and Human Services, shall use existing authorities to 
        encourage partnerships between health information exchange 
        organizations and networks and health care providers, health 
        plans, and other appropriate entities to offer patients access 
        to their electronic health information in a single, 
        longitudinal format that is easy to understand, secure, and may 
        update such information automatically.
            ``(2) Education of providers.--The National Coordinator, in 
        coordination with the Office for Civil Rights of the Department 
        of Health and Human Services, shall--
                    ``(A) educate health care providers on ways in 
                which to leverage the capabilities of health 
                information exchanges (or other relevant platforms) to 
                provide patients with access to their electronic health 
                information;
                    ``(B) clarify misunderstandings by health care 
                providers about using health information exchanges (or 
                other relevant platforms) for patient access to 
                electronic health information; and
                    ``(C) to the extent practicable, educate providers 
                about health information exchanges (or other relevant 
                platforms) that employ some or all of the capabilities 
                described in paragraph (1).
            ``(3) Requirements.--In carrying out paragraph (1), the 
        National Coordinator, in coordination with the Office for Civil 
        Rights, shall issue guidance to health information exchanges 
        related to best practices to ensure that the electronic health 
        information provided to patients is--
                    ``(A) private and secure;
                    ``(B) accurate;,
                    ``(C) verifiable; and
                    ``(D) where a patient's authorization to exchange 
                is required by law, easily exchanged pursuant to such 
                authorization.
            ``(4) Rule of construction.--Nothing in this subsection 
        shall be construed to preempt State laws applicable to patient 
        consent for the access of information through a Health 
        Information Exchange (or other relevant platforms) that provide 
        protections to patients that are greater than the protections 
        otherwise provided for under applicable Federal law.
    ``(d) Efforts to Promote Access to Health Information.--The 
National Coordinator and the Office for Civil Rights of the Department 
of Health and Human Services shall jointly, through the development of 
policies that support dynamic technology solutions, promote patient 
access to health information in a manner that would ensure that such 
information is available in a form convenient for the patient, in a 
reasonable manner, and without burdening the health care provider 
involved.
    ``(e) Accessibility of Patient Records.--
            ``(1) Accessibility and updating of information.--
                    ``(A) In general.--The Secretary, in consultation 
                with the National Coordinator, shall promote policies 
                that ensure that a patient's electronic health 
                information is accessible to that patient, and their 
                designees, in a manner that facilitates communication 
                with the patient's health care providers and such 
                patient's consent, including with respect to research.
                    ``(B) Updating education on accessing and 
                exchanging personal health information.--To promote 
                awareness that an individual has a right of access to 
                inspect, obtain a copy of, and transmit to a third 
                party a copy of protected health information pursuant 
                to the Health Information Portability and 
                Accountability Act Privacy Rule (45 CFR 164.524 et 
                seq.), the Director of the Office for Civil Rights, in 
                consultation with the National Coordinator, shall 
                assist individuals and health care providers in 
                understanding a patient's rights to access and protect 
                their personal health information under the Health 
                Insurance Portability and Accountability Act of 1996 
                (Public Law 104-191), including providing best 
                practices for requesting personal health information in 
                a computable format, including using patient portals or 
                third-party applications and common cases when a 
                provider is permitted to exchange and provide access to 
                health information.
            ``(2) Certifying usability for patients.--In carrying out 
        certification programs under section 3001(c)(5), the National 
        Coordinator shall require, where applicable, that such program 
        or programs require the following:
                    ``(A) That certification criteria support patient 
                access to their electronic health information, 
                including in a single longitudinal format that is easy 
                to understand, secure, and may be updated 
                automatically.
                    ``(B) That developers of health information 
                technology support patient access to an electronic 
                health record in a longitudinal format that is easy to 
                understand, secure, and may be updated automatically.
                    ``(C) That certification criteria support patient 
                access to their personal electronic health information 
                for research at the option of the patient.
                    ``(D) That certification criteria support patient 
                and health care provider communication, including--
                            ``(i) the ability for the patient to 
                        electronically communicate patient reported 
                        information (such as family history and medical 
                        history); and
                            ``(ii) the ability for the patient to 
                        electronically share patient health 
                        information, at the option of the patient.
                    ``(E) That certified health information technology 
                used for health programs where certified health 
                information technology is required, include the 
                function for patient access to their own health 
                information, including--
                            ``(i) ensuring that, as a condition of 
                        certification, health care providers have 
                        options for making such information accessible 
                        for patients;
                            ``(ii) ensuring that patients have options 
                        for accessing such information; and
                            ``(iii) ensuring that patients have access 
                        to information regarding their legal rights and 
                        responsibilities, as well the options available 
                        to them for accessing their electronic health 
                        information.
                    ``(F) That the HIT Standards Committee develop and 
                prioritize standards, implementation specifications, 
                and certification criteria required to help support 
                patient access to electronic health information, 
                patient usability, and support for technologies that 
                offer patients access to their electronic health 
                information in a single, longitudinal format that is 
                easy to understand, secure, and may be updated 
                automatically.''.
    (b) Access to Information in an Electronic Format.--Section 
13405(e) of the Health Information Technology for Economic and Clinical 
Health Act (42 U.S.C. 17935) is amended--
            (1) in paragraph (1), by striking ``and'' at the end;
            (2) by redesignating paragraph (2) as paragraph (3); and
            (3) by inserting after paragraph (1), the following:
            ``(2) if the individual makes a request to a business 
        associate for access to, or a copy of, protected health 
        information about the individual, or if an individual makes a 
        request to a business associate to grant such access to, or 
        transmit such copy directly to, a person or entity designated 
        by the individual, a business associate may provide the 
        individual with such access or copy, which may be in an 
        electronic form, or grant or transmit such access or copy to 
        such person or entity designated by the individual; and''.

SEC. 8. GAO STUDY ON PATIENT MATCHING.

    (a) In General.--Not later than 1 year after the date of enactment 
of this Act, the Comptroller General of the United States shall conduct 
a study to review the policies and activities of the Office of the 
National Coordinator for Health Information Technology and other 
relevant stakeholders to ensure appropriate patient matching to protect 
patient privacy and security with respect to electronic health records 
and the exchange of electronic health information.
    (b) Areas of Concentration.--In conducting the study under 
subsection (a), the Comptroller General shall--
            (1) evaluate current methods used in certified electronic 
        health records for patient matching based on performance 
        related to factors such as--
                    (A) the privacy of patient information;
                    (B) the security of patient information;
                    (C) improving matching rates;
                    (D) reducing matching errors; and
                    (E) reducing duplicate records; and
            (2) determine whether the Office of the National 
        Coordinator for Health Information Technology could improve 
        patient matching by taking steps including--
                    (A) defining additional data elements to assist in 
                patient data matching;
                    (B) agreeing on a required minimum set of elements 
                that need to be collected and exchanged;
                    (C) requiring electronic health records to have the 
                ability to make certain fields required and use 
                specific standards; or
                    (D) other options recommended by the relevant 
                stakeholders consulted pursuant to subsection (a).
    (c) Report.--Not later than 2 years after the date of enactment of 
this Act, the Comptroller General shall submit to the appropriate 
committees of Congress a report concerning the findings of the study 
conducted under subsection (a).
                                                       Calendar No. 418

114th CONGRESS

  2d Session

                                S. 2511

_______________________________________________________________________

                                 A BILL

To improve Federal requirements relating to the development and use of 
                 electronic health records technology.

_______________________________________________________________________

                             April 5, 2016

                       Reported with an amendment