PUBLIC LAW 104-191
AUG. 21, 1996
HEALTH INSURANCE PORTABILITY AND
ACCOUNTABILITY ACT OF 1996
Public Law
104-191
104th Congress
An Act
To amend the
Internal Revenue Code of 1986 to improve portability and
continuity of health insurance coverage in the group and
individual markets, to combat waste, fraud, and abuse in health
insurance and health care delivery, to promote the use of medical
savings accounts, to improve access to long-term care services and
coverage, to simplify the administration of health insurance, and
for other purposes.
Be it enacted
by the Senate and House of Representatives of the United States of
America in Congress assembled,
SECTION 1.
SHORT TITLE; TABLE OF CONTENTS.
(a)
SHORT TITLE.--This Act may be cited as the "Health
Insurance Portability and Accountability Act of 1996".
(b)
TABLE OF CONTENTS.--The table of contents of this Act is
as follows:
Sec. 1. Short
title; table of contents.
TITLE
I--HEALTH CARE ACCESS, PORTABILITY, AND RENEWABILITY
...
TITLE
II--PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE
SIMPLIFICATION; MEDICAL LIABILITY REFORM
...
Subtitle F--Administrative
Simplification
"Part C--Administrative
Simplification
Sec. 263. Changes in membership and duties of
National Committee on Vital and Health Statistics.
Sec. 264. Recommendations with respect to privacy
of certain health information.
...
Subtitle F--Administrative
Simplification
SEC.
261. PURPOSE.
It is the
purpose of this subtitle to improve the Medicare program under
title XVIII of the Social Security Act, the medicaid program under
title XIX of such Act, and the efficiency and effectiveness of the
health care system, by encouraging the development of a health
information system through the establishment of standards and
requirements for the electronic transmission of certain health
information.
SEC.
262. ADMINISTRATIVE SIMPLIFICATION.
(a) IN
GENERAL.--Title XI (42 U.S.C. 1301 et seq.) is amended by adding
at the end the following:
"PART C--ADMINISTRATIVE
SIMPLIFICATION
"DEFINITIONS
"SEC. 1171.
For purposes of this part:
"(1) CODE
SET.--The term 'code set' means any set of codes used for encoding
data elements, such as tables of terms, medical concepts, medical
diagnostic codes, or medical procedure codes.
"(2) HEALTH
CARE CLEARINGHOUSE.--The term 'health care clearinghouse' means a
public or private entity that processes or facilitates the
processing of nonstandard data elements of health information into
standard data elements.
"(3) HEALTH
CARE PROVIDER.--The term 'health care provider' includes a
provider of services (as defined in section 1861(u)), a provider
of medical or other health services (as defined in section
1861(s)), and any other person furnishing health care services or
supplies.
"(4) HEALTH
INFORMATION.--The term 'health information' means any information,
whether oral or recorded in any form or medium, that--
"(A) is
created or received by a health care provider, health plan, public
health authority, employer, life insurer, school or university, or
health care clearinghouse; and
"(B) relates
to the past, present, or future physical or mental health or
condition of an individual, the provision of health care to an
individual, or the past, present, or future payment for the
provision of health care to an individual.
"(5) HEALTH
PLAN.--The term 'health plan' means an individual or group plan
that provides, or pays the cost of, medical care (as such term is
defined in section 2791 of the Public Health Service Act). Such
term includes the following, and any combination thereof:
"(A) A group
health plan (as defined in section 2791(a) of the Public Health
Service Act), but only if the plan--
"(i) has 50
or more participants (as defined in section 3(7) of the Employee
Retirement Income Security Act of 1974); or
"(ii) is
administered by an entity other than the employer who established
and maintains the plan.
"(B) A health
insurance issuer (as defined in section 2791(b) of the Public
Health Service Act).
"(C) A health
maintenance organization (as defined in section 2791(b) of the
Public Health Service Act).
"(D) Part A
or part B of the Medicare program under title XVIII.
"(E) The
medicaid program under title XIX.
"(F) A
Medicare supplemental policy (as defined in section 1882(g)(1)).
"(G) A
long-term care policy, including a nursing home fixed indemnity
policy (unless the Secretary determines that such a policy does
not provide sufficiently comprehensive coverage of a benefit so
that the policy should be treated as a health plan).
"(H) An
employee welfare benefit plan or any other arrangement which is
established or maintained for the purpose of offering or providing
health benefits to the employees of 2 or more employers.
"(I) The
health care program for active military personnel under title 10,
United States Code.
"(J) The
veterans health care program under chapter 17 of title 38, United
States Code.
"(K) The
Civilian Health and Medical Program of the Uniformed Services
(CHAMPUS), as defined in section 1072(4) of title 10, United
States Code.
"(L) The
Indian health service program under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et seq.).
"(M) The
Federal Employees Health Benefit Plan under chapter 89 of title 5,
United States Code.
"(6)
INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.--The term
'individually identifiable health information' means any
information, including demographic information collected from an
individual, that--
"(A) is
created or received by a health care provider, health plan,
employer, or health care clearinghouse; and
"(B) relates
to the past, present, or future physical or mental health or
condition of an individual, the provision of health care to an
individual, or the past, present, or future payment for the
provision of health care to an individual, and--
"(i)
identifies the individual; or
"(ii) with
respect to which there is a reasonable basis to believe that the
information can be used to identify the individual.
"(7)
STANDARD.--The term 'standard', when used with reference to a data
element of health information or a transaction referred to in
section 1173(a)(1), means any such data element or transaction
that meets each of the standards and implementation specifications
adopted or established by the Secretary with respect to the data
element or transaction under sections 1172 through 1174.
"(8) STANDARD
SETTING ORGANIZATION.--The term 'standard setting organization'
means a standard setting organization accredited by the American
National Standards Institute, including the National Council for
Prescription Drug Programs, that develops standards for
information transactions, data elements, or any other standard
that is necessary to, or will facilitate, the implementation of
this part.
"GENERAL REQUIREMENTS
FOR ADOPTION OF STANDARDS
"SEC.
1172. (a) APPLICABILITY.--Any standard adopted under this part
shall apply, in whole or in part, to the following persons:
"(1) A health
plan.
"(2) A health
care clearinghouse.
"(3) A health
care provider who transmits any health information in electronic
form in connection with a transaction referred to in section
1173(a)(1).
"(b)
REDUCTION OF COSTS.--Any standard adopted under this part shall be
consistent with the objective of reducing the administrative costs
of providing and paying for health care.
"(c) ROLE OF
STANDARD SETTING ORGANIZATIONS.--
"(1) IN
GENERAL.--Except as provided in paragraph (2), any standard
adopted under this part shall be a standard that has been
developed, adopted, or modified by a standard setting
organization.
"(2) SPECIAL
RULES.--
"(A)
DIFFERENT STANDARDS.--The Secretary may adopt a standard that is
different from any standard developed, adopted, or modified by a
standard setting organization, if--
"(i) the
different standard will substantially reduce administrative costs
to health care providers and health plans compared to the
alternatives; and
"(ii) the
standard is promulgated in accordance with the rulemaking
procedures of subchapter III of chapter 5 of title 5, United
States Code.
"(B) NO
STANDARD BY STANDARD SETTING ORGANIZATION.--If no standard setting
organization has developed, adopted, or modified any standard
relating to a standard that the Secretary is authorized or
required to adopt under this part--
"(i)
paragraph (1) shall not apply; and
"(ii)
subsection (f) shall apply.
(3)
CONSULTATION REQUIREMENT.--
"(A) IN
GENERAL.--A standard may not be adopted under this part unless--
"(i) in the
case of a standard that has been developed, adopted, or modified
by a standard setting organization, the organization consulted
with each of the organizations described in subparagraph (B) in
the course of such development, adoption, or modification; and
"(ii) in the
case of any other standard, the Secretary, in complying with the
requirements of subsection (f), consulted with each of the
organizations described in subparagraph (B) before adopting the
standard.
"(B)
ORGANIZATIONS DESCRIBED.--The organizations referred to in
subparagraph (A) are the following:
"(i) The
National Uniform Billing Committee.
"(ii) The
National Uniform Claim Committee.
"(iii) The
Workgroup for Electronic Data Interchange.
"(iv) The
American Dental Association.
"(d)
IMPLEMENTATION SPECIFICATIONS.--The Secretary shall establish
specifications for implementing each of the standards adopted
under this
part.
"(e)
PROTECTION OF TRADE SECRETS.--Except as otherwise required by law,
a standard adopted under this part shall not require disclosure of
trade secrets or confidential commercial information by a person
required to comply with this part.
"(f)
ASSISTANCE TO THE SECRETARY.--In complying with the requirements
of this part, the Secretary shall rely on the recommendations of
the National Committee on Vital and Health Statistics established
under section 306(k) of the Public Health Service Act (42 U.S.C.
242k(k)), and shall consult with appropriate Federal and State
agencies and private organizations. The Secretary shall publish in
the Federal Register any recommendation of the National Committee
on Vital and Health Statistics regarding the adoption of a
standard under this part.
(g)
APPLICATION TO MODIFICATIONS OF STANDARDS.--This section shall
apply to a modification to a standard (including an addition to a
standard) adopted under section 1174(b) in the same manner as it
applies to an initial standard adopted under section 1174(a).
"STANDARDS FOR
INFORMATION TRANSACTIONS AND DATA ELEMENTS
"SEC.
1173. (a) STANDARDS TO ENABLE ELECTRONIC EXCHANGE.--
"(1) IN
GENERAL.--The Secretary shall adopt standards for transactions,
and data elements for such transactions, to enable health
information to be exchanged electronically, that are appropriate
for--
"(A) the
financial and administrative transactions described in paragraph
(2); and
"(B) other
financial and administrative transactions determined appropriate
by the Secretary, consistent with the goals of improving the
operation of the health care system and reducing administrative
costs.
"(2)
TRANSACTIONS.--The transactions referred to in paragraph (1)(A)
are transactions with respect to the following:
"(A) Health
claims or equivalent encounter information.
"(B) Health
claims attachments.
"(C)
Enrollment and disenrollment in a health plan.
"(D)
Eligibility for a health plan.
"(E) Health
care payment and remittance advice.
"(F) Health
plan premium payments.
"(G) First
report of injury.
"(H) Health
claim status.
"(I) Referral
certification and authorization.
"(3)
ACCOMMODATION OF SPECIFIC PROVIDERS.--The standards adopted by the
Secretary under paragraph (1) shall accommodate the needs of
different types of health care providers.
(b) UNIQUE
HEALTH IDENTIFIERS.--
"(1) IN
GENERAL.--The Secretary shall adopt standards providing for a
standard unique health identifier for each individual, employer,
health plan, and health care provider for use in the health care
system. In carrying out the preceding sentence for each health
plan and health care provider, the Secretary shall take into
account multiple uses for identifiers and multiple locations and
specialty classifications for health care providers.
"(2) USE OF
IDENTIFIERS.--The standards adopted under paragraph (1) shall
specify the purposes for which a unique health identifier may be
used.
(c) CODE
SETS.--
"(1) IN
GENERAL.--The Secretary shall adopt standards that--
"(A) select
code sets for appropriate data elements for the transactions
referred to in subsection (a)(1) from among the code sets that
have been developed by private and public entities; or
"(B)
establish code sets for such data elements if no code sets for the
data elements have been developed.
"(2)
DISTRIBUTION.--The Secretary shall establish efficient and
low-cost procedures for distribution (including electronic
distribution) of code sets and modifications made to such code
sets under section 1174(b).
(d) SECURITY
STANDARDS FOR HEALTH INFORMATION.--
"(1) SECURITY
STANDARDS.--The Secretary shall adopt security standards that--
"(A) take
into account--
"(i) the
technical capabilities of record systems used to maintain health
information;
"(ii) the
costs of security measures;
"(iii) the
need for training persons who have access to health information;
"(iv) the
value of audit trails in computerized record systems; and
"(v) the
needs and capabilities of small health care providers and rural
health care providers (as such providers are defined by the
Secretary); and
"(B) ensure
that a health care clearinghouse, if it is part of a larger
organization, has policies and security procedures which isolate
the activities of the health care clearinghouse with respect to
processing information in a manner that prevents unauthorized
access to such information by such larger organization.
"(2)
SAFEGUARDS.--Each person described in section 1172(a) who
maintains or transmits health information shall maintain
reasonable and appropriate administrative, technical, and physical
safeguards--
"(A) to
ensure the integrity and confidentiality of the information;
"(B) to
protect against any reasonably anticipated--
"(i) threats
or hazards to the security or integrity of the information; and
"(ii)
unauthorized uses or disclosures of the information; and
"(C)
otherwise to ensure compliance with this part by the officers and
employees of such person.
(e)
ELECTRONIC SIGNATURE.--
"(1)
STANDARDS.--The Secretary, in coordination with the Secretary of
Commerce, shall adopt standards specifying procedures for the
electronic transmission and authentication of signatures with
respect to the transactions referred to in subsection (a)(1).
"(2) EFFECT
OF COMPLIANCE.--Compliance with the standards adopted under
paragraph (1) shall be deemed to satisfy Federal and State
statutory requirements for written signatures with respect to the
transactions referred to in subsection (a)(1).
(f) TRANSFER
OF INFORMATION AMONG HEALTH PLANS.--The Secretary shall adopt
standards for transferring among health plans appropriate standard
data elements needed for the coordination of benefits, the
sequential processing of claims, and other data elements for
individuals who have more than one health plan.
"TIMETABLES FOR
ADOPTION OF STANDARDS
"SEC.
1174. (a) INITIAL STANDARDS.--The Secretary shall carry out
section 1173 not later than 18 months after the date of the
enactment of the Health Insurance Portability and Accountability
Act of 1996, except that standards relating to claims attachments
shall be adopted not later than 30 months after such date.
"(b)
ADDITIONS AND MODIFICATIONS TO STANDARDS.--
"(1) IN
GENERAL.--Except as provided in paragraph (2), the Secretary shall
review the standards adopted under section 1173, and shall adopt
modifications to the standards (including additions to the
standards), as determined appropriate, but not more frequently
than once every 12 months. Any addition or modification to a
standard shall be completed in a manner which minimizes the
disruption and cost of compliance.
"(2) SPECIAL
RULES.--
"(A) FIRST
12-MONTH PERIOD.--Except with respect to additions and
modifications to code sets under subparagraph (B), the Secretary
may not adopt any modification to a standard adopted under this
part during the 12-month period beginning on the date the standard
is initially adopted, unless the Secretary determines that the
modification is necessary in order to permit compliance with the
standard.
"(B)
ADDITIONS AND MODIFICATIONS TO CODE SETS.--
"(i) IN
GENERAL.--The Secretary shall ensure that procedures exist for the
routine maintenance, testing, enhancement, and expansion of code
sets.
"(ii)
Additional rules.--If a code set is modified under this
subsection, the modified code set shall include instructions on
how data elements of health information that were encoded prior to
the modification may be converted or translated so as to preserve
the informational value of the data elements that existed before
the modification. Any modification to a code set under this
subsection shall be implemented in a manner that minimizes the
disruption and cost of complying with such modification.
"REQUIREMENTS
"SEC.
1175. (a) CONDUCT OF TRANSACTIONS BY PLANS.--
"(1) IN
GENERAL.--If a person desires to conduct a transaction referred to
in section 1173(a)(1) with a health plan as a standard
transaction--
"(A) the
health plan may not refuse to conduct such transaction as a
standard transaction;
"(B) the
insurance plan may not delay such transaction, or otherwise
adversely affect, or attempt to adversely affect, the person or
the transaction on the ground that the transaction is a standard
transaction; and
"(C) the
information transmitted and received in connection with the
transaction shall be in the form of standard data elements of
health information.
"(2)
SATISFACTION OF REQUIREMENTS.--A health plan may satisfy the
requirements under paragraph (1) by--
"(A) directly
transmitting and receiving standard data elements of health
information; or
"(B)
submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse, and receiving
standard data elements through the health care clearinghouse.
"(3)
TIMETABLE FOR COMPLIANCE.--Paragraph (1) shall not be construed to
require a health plan to comply with any standard, implementation
specification, or modification to a standard or specification
adopted or established by the Secretary under sections 1172
through 1174 at any time prior to the date on which the plan is
required to comply with the standard or specification under
subsection (b).
"(b)
COMPLIANCE WITH STANDARDS.--
"(1) INITIAL
COMPLIANCE.--
"(A) IN
GENERAL.--Not later than 24 months after the date on which an
initial standard or implementation specification is adopted or
established under sections 1172 and 1173, each person to whom the
standard or implementation specification applies shall comply with
the standard or specification.
"(B) SPECIAL
RULE FOR SMALL HEALTH PLANS.--In the case of a small health plan,
paragraph (1) shall be applied by substituting '36 months' for '24
months'. For purposes of this subsection, the Secretary shall
determine the plans that qualify as small health plans.
"(2)
COMPLIANCE WITH MODIFIED STANDARDS.--If the Secretary adopts a
modification to a standard or implementation specification under
this part, each person to whom the standard or implementation
specification applies shall comply with the modified standard or
implementation specification at such time as the Secretary
determines appropriate, taking into account the time needed to
comply due to the nature and extent of the modification. The time
determined appropriate under the preceding sentence may not be
earlier than the last day of the 180-day period beginning on the
date such modification is adopted. The Secretary may extend the
time for compliance for small health plans, if the Secretary
determines that such extension is appropriate.
"(3)
CONSTRUCTION.--Nothing in this subsection shall be construed to
prohibit any person from complying with a standard or
specification by--
"(A)
submitting nonstandard data elements to a health care
clearinghouse for processing into standard data elements and
transmission by the health care clearinghouse; or
"(B)
receiving standard data elements through a health care
clearinghouse.
"GENERAL PENALTY FOR
FAILURE TO COMPLY WITH REQUIREMENTS AND STANDARDS
"SEC.
1176. (a) GENERAL PENALTY.--
"(1) IN
GENERAL.--Except as provided in subsection (b), the Secretary
shall impose on any person who violates a provision of this part a
penalty of not more than $100 for each such violation, except that
the total amount imposed on the person for all violations of an
identical requirement or prohibition during a calendar year may
not exceed $25,000.
"(2)
PROCEDURES.--The provisions of section 1128A (other than
subsections (a) and (b) and the second sentence of subsection (f))
shall apply to the imposition of a civil money penalty under this
subsection in the same manner as such provisions apply to the
imposition of a penalty under such section 1128A.
"(b)
LIMITATIONS.--
"(1) OFFENSES
OTHERWISE PUNISHABLE.--A penalty may not be imposed under
subsection (a) with respect to an act if the act constitutes an
offense punishable under section 1177.
"(2)
NONCOMPLIANCE NOT DISCOVERED.--A penalty may not be imposed under
subsection (a) with respect to a provision of this part if it is
established to the satisfaction of the Secretary that the person
liable for the penalty did not know, and by exercising reasonable
diligence would not have known, that such person violated the
provision.
"(3) FAILURES
DUE TO REASONABLE CAUSE.--
"(A) IN
GENERAL.--Except as provided in subparagraph (B), a penalty may
not be imposed under subsection (a) if--
"(i) the
failure to comply was due to reasonable cause and not to willful
neglect; and
"(ii) the
failure to comply is corrected during the 30-day period beginning
on the first date the person liable for the penalty knew, or by
exercising reasonable diligence would have known, that the failure
to comply occurred.
"(B)
EXTENSION OF PERIOD.--
"(i) NO
PENALTY.--The period referred to in subparagraph (A)(ii) may be
extended as determined appropriate by the Secretary based on the
nature and extent of the failure to comply.
"(ii)
ASSISTANCE.--If the Secretary determines that a person failed to
comply because the person was unable to comply, the Secretary may
provide technical assistance to the person during the period
described in subparagraph (A)(ii). Such assistance shall be
provided in any manner determined appropriate by the Secretary.
"(4)
REDUCTION.--In the case of a failure to comply which is due to
reasonable cause and not to willful neglect, any penalty under
subsection (a) that is not entirely waived under paragraph (3) may
be waived to the extent that the payment of such penalty would be
excessive relative to the compliance failure involved.
"WRONGFUL DISCLOSURE
OF INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION
"SEC.
1177. (a) OFFENSE.--A person who knowingly and in violation of
this part--
"(1) uses or
causes to be used a unique health identifier;
"(2) obtains
individually identifiable health information relating to an
individual; or
"(3)
discloses individually identifiable health information to another
person,
shall be
punished as provided in subsection (b).
"(b)
PENALTIES.--A person described in subsection (a) shall--
"(1) be fined
not more than $50,000, imprisoned not more than 1 year, or both;
"(2) if the
offense is committed under false pretenses, be fined not more than
$100,000, imprisoned not more than 5 years, or both; and
"(3) if the
offense is committed with intent to sell, transfer, or use
individually identifiable health information for commercial
advantage, personal gain, or malicious harm, be fined not more
than $250,000, imprisoned not more than 10 years, or both.
"EFFECT ON STATE LAW
"SEC.
1178. (a) GENERAL EFFECT.--
"(1) GENERAL
RULE.--Except as provided in paragraph (2), a provision or
requirement under this part, or a standard or implementation
specification adopted or established under sections 1172 through
1174, shall supersede any contrary provision of State law,
including a provision of State law that requires medical or health
plan records (including billing information) to be maintained or
transmitted in written rather than electronic form.
"(2)
EXCEPTIONS.--A provision or requirement under this part, or a
standard or implementation specification adopted or established
under sections 1172 through 1174, shall not supersede a contrary
provision of State law, if the provision of State law--
"(A) is a
provision the Secretary determines--
"(i) is
necessary--
"(I) to
prevent fraud and abuse;
"(II) to
ensure appropriate State regulation of insurance and health plans;
"(III) for
State reporting on health care delivery or costs; or
"(IV) for
other purposes; or
"(ii)
addresses controlled substances; or
"(B) subject
to section 264(c)(2) of the Health Insurance Portability and
Accountability Act of 1996, relates to the privacy of individually
identifiable health information.
"(b) PUBLIC
HEALTH.--Nothing in this part shall be construed to invalidate or
limit the authority, power, or procedures established under any
law providing for the reporting of disease or injury, child abuse,
birth, or death, public health surveillance, or public health
investigation or intervention.
"(c) STATE
REGULATORY REPORTING.--Nothing in this part shall limit the
ability of a State to require a health plan to report, or to
provide access to, information for management audits, financial
audits, program monitoring and evaluation, facility licensure or
certification, or individual licensure or certification.
"PROCESSING PAYMENT
TRANSACTIONS BY FINANCIAL INSTITUTIONS
"SEC.
1179. To the extent that an entity is engaged in activities of
a financial institution (as defined in section 1101 of the Right
to Financial Privacy Act of 1978), or is engaged in authorizing,
processing, clearing, settling, billing,
transferring,
reconciling, or collecting payments, for a financial institution,
this part, and any standard adopted under this part, shall not
apply to the entity with respect to such activities, including the
following:
"(1) The use
or disclosure of information by the entity for authorizing,
processing, clearing, settling, billing, transferring, reconciling
or collecting, a payment for, or related to, health plan premiums
or health care, where such payment is made by any means, including
a credit, debit, or other payment card, an account, check, or
electronic funds transfer.
"(2) The
request for, or the use or disclosure of, information by the
entity with respect to a payment described in paragraph (1)--
"(A) for
transferring receivables;
"(B) for
auditing;
"(C) in
connection with--
"(i) a
customer dispute; or
"(ii) an
inquiry from, or to, a customer;
"(D) in a
communication to a customer of the entity regarding the customer's
transactions, payment card, account, check, or electronic funds
transfer;
"(E) for
reporting to consumer reporting agencies; or
"(F) for
complying with--
"(i) a civil
or criminal subpoena; or
"(ii) a
Federal or State law regulating the entity.".
(b)
CONFORMING AMENDMENTS.--
(1)
REQUIREMENT FOR MEDICARE PROVIDERS.--Section 1866(a)(1) (42 U.S.C.
1395cc(a)(1)) is amended--
(A) by
striking ``and" at the end of subparagraph (P);
(B) by
striking the period at the end of subparagraph (Q) and inserting
"; and"; and
(C) by
inserting immediately after subparagraph (Q) the following new
subparagraph:
"(R) to
contract only with a health care clearinghouse (as defined in
section 1171) that meets each standard and implementation
specification adopted or established under part C of title XI on
or after the date on which the health care clearinghouse is
required to comply with the standard or specification.".
(2) TITLE
HEADING.--Title XI (42 U.S.C. 1301 et seq.) is amended by striking
the title heading and inserting the following:
"TITLE XI--GENERAL PROVISIONS, PEER
REVIEW, AND ADMINISTRATIVE SIMPLIFICATION".
Section
306(k) of the Public Health Service Act (42 U.S.C. 242k(k))
is amended--
(1) in
paragraph (1), by striking "16" and inserting "18";
(2) by
amending paragraph (2) to read as follows:
"(2) The
members of the Committee shall be appointed from among persons who
have distinguished themselves in the fields of health statistics,
electronic interchange of health care information, privacy and
security of electronic information, population-based public
health, purchasing or financing health care services, integrated
computerized health information systems, health services research,
consumer interests in health information, health data standards,
epidemiology, and the provision of health services. Members of the
Committee shall be appointed for terms of 4 years.";
(3) by
redesignating paragraphs (3) through (5) as paragraphs (4) through
(6), respectively, and inserting after paragraph (2) the
following:
"(3) Of the
members of the Committee--
"(A) 1 shall
be appointed, not later than 60 days after the date of the
enactment of the Health Insurance Portability and Accountability
Act of 1996, by the Speaker of the House of Representatives after
consultation with the Minority Leader of the House of
Representatives;
"(B) 1 shall
be appointed, not later than 60 days after the date of the
enactment of the Health Insurance Portability and Accountability
Act of 1996, by the President pro tempore of the Senate after
consultation with the Minority Leader of the Senate; and
"(C) 16 shall
be appointed by the Secretary.";
(4) by
amending paragraph (5) (as so redesignated) to read as follows:
"(5) The
Committee--
"(A) shall
assist and advise the Secretary--
"(i) to
delineate statistical problems bearing on health and health
services which are of national or international interest;
"(ii) to
stimulate studies of such problems by other organizations and
agencies whenever possible or to make investigations of such
problems through subcommittees;
"(iii) to
determine, approve, and revise the terms, definitions,
classifications, and guidelines for assessing health status and
health services, their distribution and costs, for use (I) within
the Department of Health and Human Services, (II) by all programs
administered or funded by the Secretary, including the
Federal-State-local cooperative health statistics system referred
to in subsection (e), and (III) to the extent possible as
determined by the head of the agency involved, by the Department
of Veterans Affairs, the Department of Defense, and other Federal
agencies concerned with health and health services;
"(iv) with
respect to the design of and approval of health statistical and
health information systems concerned with the collection,
processing, and tabulation of health statistics within the
Department of Health and Human Services, with respect to the
Cooperative Health Statistics System established under subsection
(e), and with respect to the standardized means for the collection
of health information and statistics to be established by the
Secretary under subsection (j)(1);
"(v) to
review and comment on findings and proposals developed by other
organizations and agencies and to make recommendations for their
adoption or implementation by local, State, national, or
international agencies;
"(vi) to
cooperate with national committees of other countries and with the
World Health Organization and other national agencies in the
studies of problems of mutual interest;
"(vii) to
issue an annual report on the state of the Nation's health, its
health services, their costs and distributions, and to make
proposals for improvement of the Nation's health statistics and
health information systems; and
"(viii) in
complying with the requirements imposed on the Secretary under
part C of title XI of the Social Security Act;
"(B) shall
study the issues related to the adoption of uniform data standards
for patient medical record information and the electronic exchange
of such information;
"(C) shall
report to the Secretary not later than 4 years after the date of
the enactment of the Health Insurance Portability and
Accountability Act of 1996 recommendations and legislative
proposals for such standards and electronic exchange; and
"(D) shall be
responsible generally for advising the Secretary and the Congress
on the status of the implementation of part C of title XI of the
Social Security Act."; and
(5) by adding
at the end the following:
"(7) Not
later than 1 year after the date of the enactment of the Health
Insurance Portability and Accountability Act of 1996, and annually
thereafter, the Committee shall submit to the Congress, and make
public, a report regarding the implementation of part C of title
XI of the Social Security Act. Such report shall address the
following subjects, to the extent that the Committee determines
appropriate:
"(A) The
extent to which persons required to comply with part C of title XI
of the Social Security Act are cooperating in implementing the
standards adopted under such part.
"(B) The
extent to which such entities are meeting the security standards
adopted under such part and the types of penalties assessed for
noncompliance with such standards.
"(C) Whether
the Federal and State Governments are receiving information of
sufficient quality to meet their responsibilities under such part.
"(D) Any
problems that exist with respect to implementation of such part.
"(E) The
extent to which timetables under such part are being met.".
SEC.
264. RECOMMENDATIONS WITH RESPECT TO PRIVACY OF
CERTAIN HEALTH INFORMATION.
(a) IN
GENERAL.--Not later than the date that is 12 months after the date
of the enactment of this Act, the Secretary of Health and Human
Services shall submit to the Committee on Labor and Human
Resources and the Committee on Finance of the Senate and the
Committee on Commerce and the Committee on Ways and Means of the
House of Representatives detailed recommendations on standards
with respect to the privacy of individually identifiable health
information.
(b) SUBJECTS
FOR RECOMMENDATIONS.--The recommendations under subsection (a)
shall address at least the following:
(1) The
rights that an individual who is a subject of individually
identifiable health information should have.
(2) The
procedures that should be established for the exercise of such
rights.
(3) The uses
and disclosures of such information that should be authorized or
required.
(c)
REGULATIONS.--
(1) IN
GENERAL.--If legislation governing standards with respect to the
privacy of individually identifiable health information
transmitted in connection with the transactions described in
section 1173(a) of the Social Security Act (as added by section
262) is not enacted by the date that is 36 months after the date
of the enactment of this Act, the Secretary of Health and Human
Services shall promulgate final regulations containing such
standards not later than the date that is 42 months after the date
of the enactment of this Act. Such regulations shall address at
least the subjects described in subsection (b).
(2)
PREEMPTION.--A regulation promulgated under paragraph (1) shall
not supercede a contrary provision of State law, if the provision
of State law imposes requirements, standards, or implementation
specifications that are more stringent than the requirements,
standards, or implementation specifications imposed under the
regulation.
(d)
CONSULTATION.--In carrying out this section, the Secretary of
Health and Human Services shall consult with--
(1) the
National Committee on Vital and Health Statistics established
under section 306(k) of the Public Health Service Act (42 U.S.C.
242k(k)); and
(2) the
Attorney General.
...
|
