PUBLIC
LAW 104-191
AUG.
21, 1996
HEALTH
INSURANCE PORTABILITY AND
ACCOUNTABILITY ACT OF 1996
Public Law 104-191
104th Congress
An Act
To
amend the Internal Revenue Code of
1986 to improve portability and
continuity of health insurance
coverage in the group and individual
markets, to combat waste, fraud, and
abuse in health insurance and health
care delivery, to promote the use of
medical savings accounts, to improve
access to long-term care services
and coverage, to simplify the
administration of health insurance,
and for other purposes.
Be
it enacted by the Senate and House
of Representatives of the United
States of America in Congress
assembled,
SECTION 1. SHORT TITLE; TABLE OF
CONTENTS.
(a)
SHORT TITLE.--This
Act may be cited as the "Health
Insurance Portability and
Accountability Act of 1996".
(b)
TABLE OF CONTENTS.--The
table of contents of this Act is as
follows:
Sec.
1. Short title; table of contents.
TITLE I--HEALTH CARE ACCESS,
PORTABILITY, AND RENEWABILITY
...
TITLE II--PREVENTING HEALTH
CARE FRAUD AND ABUSE; ADMINISTRATIVE
SIMPLIFICATION; MEDICAL LIABILITY
REFORM
...
Subtitle F--Administrative
Simplification
"Part C--Administrative
Simplification
Sec. 263. Changes in
membership and duties of National
Committee on Vital and Health
Statistics.
Sec. 264.
Recommendations with respect to
privacy of certain health
information.
...
Subtitle F--Administrative
Simplification
SEC. 261. PURPOSE.
It
is the purpose of this subtitle to
improve the Medicare program under
title XVIII of the Social Security
Act, the medicaid program under
title XIX of such Act, and the
efficiency and effectiveness of the
health care system, by encouraging
the development of a health
information system through the
establishment of standards and
requirements for the electronic
transmission of certain health
information.
SEC. 262.
ADMINISTRATIVE SIMPLIFICATION.
(a)
IN GENERAL.--Title XI (42 U.S.C.
1301 et seq.) is amended by adding
at the end the following:
"PART C--ADMINISTRATIVE
SIMPLIFICATION
"DEFINITIONS
"SEC.
1171. For purposes of this part:
"(1)
CODE SET.--The term 'code set' means
any set of codes used for encoding
data elements, such as tables of
terms, medical concepts, medical
diagnostic codes, or medical
procedure codes.
"(2)
HEALTH CARE CLEARINGHOUSE.--The term
'health care clearinghouse' means a
public or private entity that
processes or facilitates the
processing of nonstandard data
elements of health information into
standard data elements.
"(3)
HEALTH CARE PROVIDER.--The term
'health care provider' includes a
provider of services (as defined in
section 1861(u)), a provider of
medical or other health services (as
defined in section 1861(s)), and any
other person furnishing health care
services or supplies.
"(4)
HEALTH INFORMATION.--The term
'health information' means any
information, whether oral or
recorded in any form or medium,
that--
"(A)
is created or received by a health
care provider, health plan, public
health authority, employer, life
insurer, school or university, or
health care clearinghouse; and
"(B)
relates to the past, present, or
future physical or mental health or
condition of an individual, the
provision of health care to an
individual, or the past, present, or
future payment for the provision of
health care to an individual.
"(5)
HEALTH PLAN.--The term 'health plan'
means an individual or group plan
that provides, or pays the cost of,
medical care (as such term is
defined in section 2791 of the
Public Health Service Act). Such
term includes the following, and any
combination thereof:
"(A)
A group health plan (as defined in
section 2791(a) of the Public Health
Service Act), but only if the plan--
"(i)
has 50 or more participants (as
defined in section 3(7) of the
Employee Retirement Income Security
Act of 1974); or
"(ii) is administered by an entity
other than the employer who
established and maintains the plan.
"(B)
A health insurance issuer (as
defined in section 2791(b) of the
Public Health Service Act).
"(C)
A health maintenance organization
(as defined in section 2791(b) of
the Public Health Service Act).
"(D)
Part A or part B of the Medicare
program under title XVIII.
"(E)
The medicaid program under title
XIX.
"(F)
A Medicare supplemental policy (as
defined in section 1882(g)(1)).
"(G)
A long-term care policy, including a
nursing home fixed indemnity policy
(unless the Secretary determines
that such a policy does not provide
sufficiently comprehensive coverage
of a benefit so that the policy
should be treated as a health plan).
"(H)
An employee welfare benefit plan or
any other arrangement which is
established or maintained for the
purpose of offering or providing
health benefits to the employees of
2 or more employers.
"(I)
The health care program for active
military personnel under title 10,
United States Code.
"(J)
The veterans health care program
under chapter 17 of title 38, United
States Code.
"(K)
The Civilian Health and Medical
Program of the Uniformed Services
(CHAMPUS), as defined in section
1072(4) of title 10, United States
Code.
"(L)
The Indian health service program
under the Indian Health Care
Improvement Act (25 U.S.C. 1601 et
seq.).
"(M)
The Federal Employees Health Benefit
Plan under chapter 89 of title 5,
United States Code.
"(6)
INDIVIDUALLY IDENTIFIABLE HEALTH
INFORMATION.--The term 'individually
identifiable health information'
means any information, including
demographic information collected
from an individual, that--
"(A)
is created or received by a health
care provider, health plan,
employer, or health care
clearinghouse; and
"(B)
relates to the past, present, or
future physical or mental health or
condition of an individual, the
provision of health care to an
individual, or the past, present, or
future payment for the provision of
health care to an individual, and--
"(i)
identifies the individual; or
"(ii) with respect to which there is
a reasonable basis to believe that
the information can be used to
identify the individual.
"(7)
STANDARD.--The term 'standard', when
used with reference to a data
element of health information or a
transaction referred to in section
1173(a)(1), means any such data
element or transaction that meets
each of the standards and
implementation specifications
adopted or established by the
Secretary with respect to the data
element or transaction under
sections 1172 through 1174.
"(8)
STANDARD SETTING ORGANIZATION.--The
term 'standard setting organization'
means a standard setting
organization accredited by the
American National Standards
Institute, including the National
Council for Prescription Drug
Programs, that develops standards
for information transactions, data
elements, or any other standard that
is necessary to, or will facilitate,
the implementation of this part.
"GENERAL REQUIREMENTS
FOR ADOPTION OF STANDARDS
"SEC.
1172. (a) APPLICABILITY.--Any
standard adopted under this part
shall apply, in whole or in part, to
the following persons:
"(1)
A health plan.
"(2)
A health care clearinghouse.
"(3)
A health care provider who transmits
any health information in electronic
form in connection with a
transaction referred to in section
1173(a)(1).
"(b)
REDUCTION OF COSTS.--Any standard
adopted under this part shall be
consistent with the objective of
reducing the administrative costs of
providing and paying for health
care.
"(c)
ROLE OF STANDARD SETTING
ORGANIZATIONS.--
"(1)
IN GENERAL.--Except as provided in
paragraph (2), any standard adopted
under this part shall be a standard
that has been developed, adopted, or
modified by a standard setting
organization.
"(2)
SPECIAL RULES.--
"(A)
DIFFERENT STANDARDS.--The Secretary
may adopt a standard that is
different from any standard
developed, adopted, or modified by a
standard setting organization, if--
"(i)
the different standard will
substantially reduce administrative
costs to health care providers and
health plans compared to the
alternatives; and
"(ii) the standard is promulgated in
accordance with the rulemaking
procedures of subchapter III of
chapter 5 of title 5, United States
Code.
"(B)
NO STANDARD BY STANDARD SETTING
ORGANIZATION.--If no standard
setting organization has developed,
adopted, or modified any standard
relating to a standard that the
Secretary is authorized or required
to adopt under this part--
"(i)
paragraph (1) shall not apply; and
"(ii) subsection (f) shall apply.
(3)
CONSULTATION REQUIREMENT.--
"(A)
IN GENERAL.--A standard may not be
adopted under this part unless--
"(i)
in the case of a standard that has
been developed, adopted, or modified
by a standard setting organization,
the organization consulted with each
of the organizations described in
subparagraph (B) in the course of
such development, adoption, or
modification; and
"(ii) in the case of any other
standard, the Secretary, in
complying with the requirements of
subsection (f), consulted with each
of the organizations described in
subparagraph (B) before adopting the
standard.
"(B)
ORGANIZATIONS DESCRIBED.--The
organizations referred to in
subparagraph (A) are the following:
"(i)
The National Uniform Billing
Committee.
"(ii) The National Uniform Claim
Committee.
"(iii) The Workgroup for Electronic
Data Interchange.
"(iv) The American Dental
Association.
"(d)
IMPLEMENTATION SPECIFICATIONS.--The
Secretary shall establish
specifications for implementing each
of the standards adopted under this
part.
"(e)
PROTECTION OF TRADE SECRETS.--Except
as otherwise required by law, a
standard adopted under this part
shall not require disclosure of
trade secrets or confidential
commercial information by a person
required to comply with this part.
"(f)
ASSISTANCE TO THE SECRETARY.--In
complying with the requirements of
this part, the Secretary shall rely
on the recommendations of the
National Committee on Vital and
Health Statistics established under
section 306(k) of the Public Health
Service Act (42 U.S.C. 242k(k)), and
shall consult with appropriate
Federal and State agencies and
private organizations. The Secretary
shall publish in the Federal
Register any recommendation of the
National Committee on Vital and
Health Statistics regarding the
adoption of a standard under this
part.
(g)
APPLICATION TO MODIFICATIONS OF
STANDARDS.--This section shall apply
to a modification to a standard
(including an addition to a
standard) adopted under section
1174(b) in the same manner as it
applies to an initial standard
adopted under section 1174(a).
"STANDARDS FOR
INFORMATION TRANSACTIONS AND DATA
ELEMENTS
"SEC.
1173. (a) STANDARDS TO ENABLE
ELECTRONIC EXCHANGE.--
"(1)
IN GENERAL.--The Secretary shall
adopt standards for transactions,
and data elements for such
transactions, to enable health
information to be exchanged
electronically, that are appropriate
for--
"(A)
the financial and administrative
transactions described in paragraph
(2); and
"(B)
other financial and administrative
transactions determined appropriate
by the Secretary, consistent with
the goals of improving the operation
of the health care system and
reducing administrative costs.
"(2)
TRANSACTIONS.--The transactions
referred to in paragraph (1)(A) are
transactions with respect to the
following:
"(A)
Health claims or equivalent
encounter information.
"(B)
Health claims attachments.
"(C)
Enrollment and disenrollment in a
health plan.
"(D)
Eligibility for a health plan.
"(E)
Health care payment and remittance
advice.
"(F)
Health plan premium payments.
"(G)
First report of injury.
"(H)
Health claim status.
"(I)
Referral certification and
authorization.
"(3)
ACCOMMODATION OF SPECIFIC
PROVIDERS.--The standards adopted by
the Secretary under paragraph (1)
shall accommodate the needs of
different types of health care
providers.
(b)
UNIQUE HEALTH IDENTIFIERS.--
"(1)
IN GENERAL.--The Secretary shall
adopt standards providing for a
standard unique health identifier
for each individual, employer,
health plan, and health care
provider for use in the health care
system. In carrying out the
preceding sentence for each health
plan and health care provider, the
Secretary shall take into account
multiple uses for identifiers and
multiple locations and specialty
classifications for health care
providers.
"(2)
USE OF IDENTIFIERS.--The standards
adopted under paragraph (1) shall
specify the purposes for which a
unique health identifier may be
used.
(c)
CODE SETS.--
"(1)
IN GENERAL.--The Secretary shall
adopt standards that--
"(A)
select code sets for appropriate
data elements for the transactions
referred to in subsection (a)(1)
from among the code sets that have
been developed by private and public
entities; or
"(B)
establish code sets for such data
elements if no code sets for the
data elements have been developed.
"(2)
DISTRIBUTION.--The Secretary shall
establish efficient and low-cost
procedures for distribution
(including electronic distribution)
of code sets and modifications made
to such code sets under section
1174(b).
(d)
SECURITY STANDARDS FOR HEALTH
INFORMATION.--
"(1)
SECURITY STANDARDS.--The Secretary
shall adopt security standards
that--
"(A)
take into account--
"(i)
the technical capabilities of record
systems used to maintain health
information;
"(ii) the costs of security
measures;
"(iii) the need for training persons
who have access to health
information;
"(iv) the value of audit trails in
computerized record systems; and
"(v)
the needs and capabilities of small
health care providers and rural
health care providers (as such
providers are defined by the
Secretary); and
"(B)
ensure that a health care
clearinghouse, if it is part of a
larger organization, has policies
and security procedures which
isolate the activities of the health
care clearinghouse with respect to
processing information in a manner
that prevents unauthorized access to
such information by such larger
organization.
"(2)
SAFEGUARDS.--Each person described
in section 1172(a) who maintains or
transmits health information shall
maintain reasonable and appropriate
administrative, technical, and
physical safeguards--
"(A)
to ensure the integrity and
confidentiality of the information;
"(B)
to protect against any reasonably
anticipated--
"(i)
threats or hazards to the security
or integrity of the information; and
"(ii) unauthorized uses or
disclosures of the information; and
"(C)
otherwise to ensure compliance with
this part by the officers and
employees of such person.
(e)
ELECTRONIC SIGNATURE.--
"(1)
STANDARDS.--The Secretary, in
coordination with the Secretary of
Commerce, shall adopt standards
specifying procedures for the
electronic transmission and
authentication of signatures with
respect to the transactions referred
to in subsection (a)(1).
"(2)
EFFECT OF COMPLIANCE.--Compliance
with the standards adopted under
paragraph (1) shall be deemed to
satisfy Federal and State statutory
requirements for written signatures
with respect to the transactions
referred to in subsection (a)(1).
(f)
TRANSFER OF INFORMATION AMONG HEALTH
PLANS.--The Secretary shall adopt
standards for transferring among
health plans appropriate standard
data elements needed for the
coordination of benefits, the
sequential processing of claims, and
other data elements for individuals
who have more than one health plan.
"TIMETABLES FOR
ADOPTION OF STANDARDS
"SEC.
1174. (a) INITIAL
STANDARDS.--The Secretary shall
carry out section 1173 not later
than 18 months after the date of the
enactment of the Health Insurance
Portability and Accountability Act
of 1996, except that standards
relating to claims attachments shall
be adopted not later than 30 months
after such date.
"(b)
ADDITIONS AND MODIFICATIONS TO
STANDARDS.--
"(1)
IN GENERAL.--Except as provided in
paragraph (2), the Secretary shall
review the standards adopted under
section 1173, and shall adopt
modifications to the standards
(including additions to the
standards), as determined
appropriate, but not more frequently
than once every 12 months. Any
addition or modification to a
standard shall be completed in a
manner which minimizes the
disruption and cost of compliance.
"(2)
SPECIAL RULES.--
"(A)
FIRST 12-MONTH PERIOD.--Except with
respect to additions and
modifications to code sets under
subparagraph (B), the Secretary may
not adopt any modification to a
standard adopted under this part
during the 12-month period beginning
on the date the standard is
initially adopted, unless the
Secretary determines that the
modification is necessary in order
to permit compliance with the
standard.
"(B)
ADDITIONS AND MODIFICATIONS TO CODE
SETS.--
"(i)
IN GENERAL.--The Secretary shall
ensure that procedures exist for the
routine maintenance, testing,
enhancement, and expansion of code
sets.
"(ii) Additional rules.--If a code
set is modified under this
subsection, the modified code set
shall include instructions on how
data elements of health information
that were encoded prior to the
modification may be converted or
translated so as to preserve the
informational value of the data
elements that existed before the
modification. Any modification to a
code set under this subsection shall
be implemented in a manner that
minimizes the disruption and cost of
complying with such modification.
"REQUIREMENTS
"SEC.
1175. (a) CONDUCT OF
TRANSACTIONS BY PLANS.--
"(1)
IN GENERAL.--If a person desires to
conduct a transaction referred to in
section 1173(a)(1) with a health
plan as a standard transaction--
"(A)
the health plan may not refuse to
conduct such transaction as a
standard transaction;
"(B)
the insurance plan may not delay
such transaction, or otherwise
adversely affect, or attempt to
adversely affect, the person or the
transaction on the ground that the
transaction is a standard
transaction; and
"(C)
the information transmitted and
received in connection with the
transaction shall be in the form of
standard data elements of health
information.
"(2)
SATISFACTION OF REQUIREMENTS.--A
health plan may satisfy the
requirements under paragraph (1)
by--
"(A)
directly transmitting and receiving
standard data elements of health
information; or
"(B)
submitting nonstandard data elements
to a health care clearinghouse for
processing into standard data
elements and transmission by the
health care clearinghouse, and
receiving standard data elements
through the health care
clearinghouse.
"(3)
TIMETABLE FOR COMPLIANCE.--Paragraph
(1) shall not be construed to
require a health plan to comply with
any standard, implementation
specification, or modification to a
standard or specification adopted or
established by the Secretary under
sections 1172 through 1174 at any
time prior to the date on which the
plan is required to comply with the
standard or specification under
subsection (b).
"(b)
COMPLIANCE WITH STANDARDS.--
"(1)
INITIAL COMPLIANCE.--
"(A)
IN GENERAL.--Not later than 24
months after the date on which an
initial standard or implementation
specification is adopted or
established under sections 1172 and
1173, each person to whom the
standard or implementation
specification applies shall comply
with the standard or specification.
"(B)
SPECIAL RULE FOR SMALL HEALTH
PLANS.--In the case of a small
health plan, paragraph (1) shall be
applied by substituting '36 months'
for '24 months'. For purposes of
this subsection, the Secretary shall
determine the plans that qualify as
small health plans.
"(2)
COMPLIANCE WITH MODIFIED
STANDARDS.--If the Secretary adopts
a modification to a standard or
implementation specification under
this part, each person to whom the
standard or implementation
specification applies shall comply
with the modified standard or
implementation specification at such
time as the Secretary determines
appropriate, taking into account the
time needed to comply due to the
nature and extent of the
modification. The time determined
appropriate under the preceding
sentence may not be earlier than the
last day of the 180-day period
beginning on the date such
modification is adopted. The
Secretary may extend the time for
compliance for small health plans,
if the Secretary determines that
such extension is appropriate.
"(3)
CONSTRUCTION.--Nothing in this
subsection shall be construed to
prohibit any person from complying
with a standard or specification
by--
"(A)
submitting nonstandard data elements
to a health care clearinghouse for
processing into standard data
elements and transmission by the
health care clearinghouse; or
"(B)
receiving standard data elements
through a health care clearinghouse.
"GENERAL PENALTY FOR
FAILURE TO COMPLY WITH REQUIREMENTS
AND STANDARDS
"SEC.
1176. (a) GENERAL PENALTY.--
"(1)
IN GENERAL.--Except as provided in
subsection (b), the Secretary shall
impose on any person who violates a
provision of this part a penalty of
not more than $100 for each such
violation, except that the total
amount imposed on the person for all
violations of an identical
requirement or prohibition during a
calendar year may not exceed
$25,000.
"(2)
PROCEDURES.--The provisions of
section 1128A (other than
subsections (a) and (b) and the
second sentence of subsection (f))
shall apply to the imposition of a
civil money penalty under this
subsection in the same manner as
such provisions apply to the
imposition of a penalty under such
section 1128A.
"(b)
LIMITATIONS.--
"(1)
OFFENSES OTHERWISE PUNISHABLE.--A
penalty may not be imposed under
subsection (a) with respect to an
act if the act constitutes an
offense punishable under section
1177.
"(2)
NONCOMPLIANCE NOT DISCOVERED.--A
penalty may not be imposed under
subsection (a) with respect to a
provision of this part if it is
established to the satisfaction of
the Secretary that the person liable
for the penalty did not know, and by
exercising reasonable diligence
would not have known, that such
person violated the provision.
"(3)
FAILURES DUE TO REASONABLE CAUSE.--
"(A)
IN GENERAL.--Except as provided in
subparagraph (B), a penalty may not
be imposed under subsection (a) if--
"(i)
the failure to comply was due to
reasonable cause and not to willful
neglect; and
"(ii) the failure to comply is
corrected during the 30-day period
beginning on the first date the
person liable for the penalty knew,
or by exercising reasonable
diligence would have known, that the
failure to comply occurred.
"(B)
EXTENSION OF PERIOD.--
"(i)
NO PENALTY.--The period referred to
in subparagraph (A)(ii) may be
extended as determined appropriate
by the Secretary based on the nature
and extent of the failure to comply.
"(ii) ASSISTANCE.--If the Secretary
determines that a person failed to
comply because the person was unable
to comply, the Secretary may provide
technical assistance to the person
during the period described in
subparagraph (A)(ii). Such
assistance shall be provided in any
manner determined appropriate by the
Secretary.
"(4)
REDUCTION.--In the case of a failure
to comply which is due to reasonable
cause and not to willful neglect,
any penalty under subsection (a)
that is not entirely waived under
paragraph (3) may be waived to the
extent that the payment of such
penalty would be excessive relative
to the compliance failure involved.
"WRONGFUL DISCLOSURE
OF INDIVIDUALLY IDENTIFIABLE HEALTH
INFORMATION
"SEC.
1177. (a) OFFENSE.--A person who
knowingly and in violation of this
part--
"(1)
uses or causes to be used a unique
health identifier;
"(2)
obtains individually identifiable
health information relating to an
individual; or
"(3)
discloses individually identifiable
health information to another
person,
shall be punished as provided in
subsection (b).
"(b)
PENALTIES.--A person described in
subsection (a) shall--
"(1)
be fined not more than $50,000,
imprisoned not more than 1 year, or
both;
"(2)
if the offense is committed under
false pretenses, be fined not more
than $100,000, imprisoned not more
than 5 years, or both; and
"(3)
if the offense is committed with
intent to sell, transfer, or use
individually identifiable health
information for commercial
advantage, personal gain, or
malicious harm, be fined not more
than $250,000, imprisoned not more
than 10 years, or both.
"EFFECT ON STATE LAW
"SEC.
1178. (a) GENERAL EFFECT.--
"(1)
GENERAL RULE.--Except as provided in
paragraph (2), a provision or
requirement under this part, or a
standard or implementation
specification adopted or established
under sections 1172 through 1174,
shall supersede any contrary
provision of State law, including a
provision of State law that requires
medical or health plan records
(including billing information) to
be maintained or transmitted in
written rather than electronic form.
"(2)
EXCEPTIONS.--A provision or
requirement under this part, or a
standard or implementation
specification adopted or established
under sections 1172 through 1174,
shall not supersede a contrary
provision of State law, if the
provision of State law--
"(A)
is a provision the Secretary
determines--
"(i)
is necessary--
"(I)
to prevent fraud and abuse;
"(II) to ensure appropriate State
regulation of insurance and health
plans;
"(III) for State reporting on health
care delivery or costs; or
"(IV) for other purposes; or
"(ii) addresses controlled
substances; or
"(B)
subject to section 264(c)(2) of the
Health Insurance Portability and
Accountability Act of 1996, relates
to the privacy of individually
identifiable health information.
"(b)
PUBLIC HEALTH.--Nothing in this part
shall be construed to invalidate or
limit the authority, power, or
procedures established under any law
providing for the reporting of
disease or injury, child abuse,
birth, or death, public health
surveillance, or public health
investigation or intervention.
"(c)
STATE REGULATORY REPORTING.--Nothing
in this part shall limit the ability
of a State to require a health plan
to report, or to provide access to,
information for management audits,
financial audits, program monitoring
and evaluation, facility licensure
or certification, or individual
licensure or certification.
"PROCESSING PAYMENT
TRANSACTIONS BY FINANCIAL
INSTITUTIONS
"SEC.
1179. To the extent that an
entity is engaged in activities of a
financial institution (as defined in
section 1101 of the Right to
Financial Privacy Act of 1978), or
is engaged in authorizing,
processing, clearing, settling,
billing,
transferring, reconciling, or
collecting payments, for a financial
institution, this part, and any
standard adopted under this part,
shall not apply to the entity with
respect to such activities,
including the following:
"(1)
The use or disclosure of information
by the entity for authorizing,
processing, clearing, settling,
billing, transferring, reconciling
or collecting, a payment for, or
related to, health plan premiums or
health care, where such payment is
made by any means, including a
credit, debit, or other payment
card, an account, check, or
electronic funds transfer.
"(2)
The request for, or the use or
disclosure of, information by the
entity with respect to a payment
described in paragraph (1)--
"(A)
for transferring receivables;
"(B)
for auditing;
"(C)
in connection with--
"(i)
a customer dispute; or
"(ii) an inquiry from, or to, a
customer;
"(D)
in a communication to a customer of
the entity regarding the customer's
transactions, payment card, account,
check, or electronic funds transfer;
"(E)
for reporting to consumer reporting
agencies; or
"(F)
for complying with--
"(i)
a civil or criminal subpoena; or
"(ii) a Federal or State law
regulating the entity.".
(b)
CONFORMING AMENDMENTS.--
(1)
REQUIREMENT FOR MEDICARE
PROVIDERS.--Section 1866(a)(1) (42
U.S.C. 1395cc(a)(1)) is amended--
(A)
by striking ``and" at the end of
subparagraph (P);
(B)
by striking the period at the end of
subparagraph (Q) and inserting ";
and"; and
(C)
by inserting immediately after
subparagraph (Q) the following new
subparagraph:
"(R)
to contract only with a health care
clearinghouse (as defined in section
1171) that meets each standard and
implementation specification adopted
or established under part C of title
XI on or after the date on which the
health care clearinghouse is
required to comply with the standard
or specification.".
(2)
TITLE HEADING.--Title XI (42 U.S.C.
1301 et seq.) is amended by striking
the title heading and inserting the
following:
"TITLE
XI--GENERAL PROVISIONS, PEER REVIEW,
AND ADMINISTRATIVE SIMPLIFICATION".
Section 306(k) of the Public Health
Service Act (42 U.S.C. 242k(k))
is
amended--
(1)
in paragraph (1), by striking "16"
and inserting "18";
(2)
by amending paragraph (2) to read as
follows:
"(2)
The members of the Committee shall
be appointed from among persons who
have distinguished themselves in the
fields of health statistics,
electronic interchange of health
care information, privacy and
security of electronic information,
population-based public health,
purchasing or financing health care
services, integrated computerized
health information systems, health
services research, consumer
interests in health information,
health data standards, epidemiology,
and the provision of health
services. Members of the Committee
shall be appointed for terms of 4
years.";
(3)
by redesignating paragraphs (3)
through (5) as paragraphs (4)
through (6), respectively, and
inserting after paragraph (2) the
following:
"(3)
Of the members of the Committee--
"(A)
1 shall be appointed, not later than
60 days after the date of the
enactment of the Health Insurance
Portability and Accountability Act
of 1996, by the Speaker of the House
of Representatives after
consultation with the Minority
Leader of the House of
Representatives;
"(B)
1 shall be appointed, not later than
60 days after the date of the
enactment of the Health Insurance
Portability and Accountability Act
of 1996, by the President pro
tempore of the Senate after
consultation with the Minority
Leader of the Senate; and
"(C)
16 shall be appointed by the
Secretary.";
(4)
by amending paragraph (5) (as so
redesignated) to read as follows:
"(5)
The Committee--
"(A)
shall assist and advise the
Secretary--
"(i)
to delineate statistical problems
bearing on health and health
services which are of national or
international interest;
"(ii) to stimulate studies of such
problems by other organizations and
agencies whenever possible or to
make investigations of such problems
through subcommittees;
"(iii) to determine, approve, and
revise the terms, definitions,
classifications, and guidelines for
assessing health status and health
services, their distribution and
costs, for use (I) within the
Department of Health and Human
Services, (II) by all programs
administered or funded by the
Secretary, including the
Federal-State-local cooperative
health statistics system referred to
in subsection (e), and (III) to the
extent possible as determined by the
head of the agency involved, by the
Department of Veterans Affairs, the
Department of Defense, and other
Federal agencies concerned with
health and health services;
"(iv) with respect to the design of
and approval of health statistical
and health information systems
concerned with the collection,
processing, and tabulation of health
statistics within the Department of
Health and Human Services, with
respect to the Cooperative Health
Statistics System established under
subsection (e), and with respect to
the standardized means for the
collection of health information and
statistics to be established by the
Secretary under subsection (j)(1);
"(v)
to review and comment on findings
and proposals developed by other
organizations and agencies and to
make recommendations for their
adoption or implementation by local,
State, national, or international
agencies;
"(vi) to cooperate with national
committees of other countries and
with the World Health Organization
and other national agencies in the
studies of problems of mutual
interest;
"(vii) to issue an annual report on
the state of the Nation's health,
its health services, their costs and
distributions, and to make proposals
for improvement of the Nation's
health statistics and health
information systems; and
"(viii) in complying with the
requirements imposed on the
Secretary under part C of title XI
of the Social Security Act;
"(B)
shall study the issues related to
the adoption of uniform data
standards for patient medical record
information and the electronic
exchange of such information;
"(C)
shall report to the Secretary not
later than 4 years after the date of
the enactment of the Health
Insurance Portability and
Accountability Act of 1996
recommendations and legislative
proposals for such standards and
electronic exchange; and
"(D)
shall be responsible generally for
advising the Secretary and the
Congress on the status of the
implementation of part C of title XI
of the Social Security Act."; and
(5)
by adding at the end the following:
"(7)
Not later than 1 year after the date
of the enactment of the Health
Insurance Portability and
Accountability Act of 1996, and
annually thereafter, the Committee
shall submit to the Congress, and
make public, a report regarding the
implementation of part C of title XI
of the Social Security Act. Such
report shall address the following
subjects, to the extent that the
Committee determines appropriate:
"(A)
The extent to which persons required
to comply with part C of title XI of
the Social Security Act are
cooperating in implementing the
standards adopted under such part.
"(B)
The extent to which such entities
are meeting the security standards
adopted under such part and the
types of penalties assessed for
noncompliance with such standards.
"(C)
Whether the Federal and State
Governments are receiving
information of sufficient quality to
meet their responsibilities under
such part.
"(D)
Any problems that exist with respect
to implementation of such part.
"(E)
The extent to which timetables under
such part are being met.".
SEC. 264.
RECOMMENDATIONS WITH RESPECT TO
PRIVACY OF CERTAIN HEALTH
INFORMATION.
(a)
IN GENERAL.--Not later than the date
that is 12 months after the date of
the enactment of this Act, the
Secretary of Health and Human
Services shall submit to the
Committee on Labor and Human
Resources and the Committee on
Finance of the Senate and the
Committee on Commerce and the
Committee on Ways and Means of the
House of Representatives detailed
recommendations on standards with
respect to the privacy of
individually identifiable health
information.
(b)
SUBJECTS FOR RECOMMENDATIONS.--The
recommendations under subsection (a)
shall address at least the
following:
(1)
The rights that an individual who is
a subject of individually
identifiable health information
should have.
(2)
The procedures that should be
established for the exercise of such
rights.
(3)
The uses and disclosures of such
information that should be
authorized or required.
(c)
REGULATIONS.--
(1)
IN GENERAL.--If legislation
governing standards with respect to
the privacy of individually
identifiable health information
transmitted in connection with the
transactions described in section
1173(a) of the Social Security Act
(as added by section 262) is not
enacted by the date that is 36
months after the date of the
enactment of this Act, the Secretary
of Health and Human Services shall
promulgate final regulations
containing such standards not later
than the date that is 42 months
after the date of the enactment of
this Act. Such regulations shall
address at least the subjects
described in subsection (b).
(2)
PREEMPTION.--A regulation
promulgated under paragraph (1)
shall not supercede a contrary
provision of State law, if the
provision of State law imposes
requirements, standards, or
implementation specifications that
are more stringent than the
requirements, standards, or
implementation specifications
imposed under the regulation.
(d)
CONSULTATION.--In carrying out this
section, the Secretary of Health and
Human Services shall consult with--
(1)
the National Committee on Vital and
Health Statistics established under
section 306(k) of the Public Health
Service Act (42 U.S.C. 242k(k)); and
(2)
the Attorney General.
... |
