Dingell, Barton Sponsor I.T. Bill

HDM Breaking News, June 25, 2008

Reps. John Dingell (D-Mich.) and Joe Barton (R-Texas) have introduced health care information technology legislation in the U.S. House a month after issuing a draft bill for public comment.

Dingell and Barton are the leaders of the powerful House Energy & Commerce Committee. The legislation, H.R. 6357, also was referred to the Science & Technology and Ways & Means Committees.

The bill would make several changes to the HIPAA privacy and security rules. It would make security safeguards under the security rule and penalties for violations apply to business associates in the same manner as applied to covered entities. Further, it would require individuals affected by breaches of unencrypted protected health information to be notified “without unreasonable delay and no later than 60 calendar days after discovery,” according to the bill. Further, the bill would require the Secretary of Health and Human Services, in consultation with stakeholders, to annually issue guidance on the latest technologies for protecting information.

The legislation would amend the privacy rule to require application of penalties to business associates in the same manner as applied to covered entities. Another provision would permit patients to specify that information about a specific health care item or service not be disclosed to an insurer for purposes of payment or health care operations, unless otherwise required by law, if the patient paid in full out-of-pocket for the item or service.

The bill also would tighten disclosure requirements, broaden individuals’ rights to request an accounting of disclosures, and require providers to get patient consent to use or disclose protected information for health care operations purposes if the provider is using an electronic medical medical record.

The bill also would require the Secretary of Health and Human Services and the Federal Trade Commission to recommend processes to Congress for notifying users of personal health records of breaches of their information. A provision that sunsets two years after enactment would require PHR vendors to notify individuals and the FTC of breaches of unencrypted identifiable information. The FTC would have enforcement authority regarding PHR breaches.

Other provisions of the legislation include:

* Require regional health information organizations, health information exchanges and “e-prescribing gateways” to have business associate contracts.

* Authorize grant programs to offer matching funds to providers to purchase I.T., help states offer low-interest loans to providers for I.T. purchases, and support local or regional organizations to develop health information exchange initiatives. The bill would authorize total annual funding of $115 million for the three grant programs through fiscal 2013.

* Create a demonstration program, with $10 million in funding, to integrate information technology into clinical education.

* Codify, or place into law, the Office of the National Coordinator for Health Information Technology, which would make the position permanent. The bill also would authorize $66 million in appropriations for the office in fiscal 2009.

* Establish two federal advisory committees to prioritize and develop technical data standards.

* Text of H.R. 6357, as well as section-by-section analysis and changes from the draft legislation, are available at http://energycommerce.house.gov.

For more information on related topics, visit the following channels: