HIPAA Compliance Plan
« Previous PageHITECH Act Table of ContentsNext Page »

Download a FREE copy of the HIPAA Survival Guide 4th Edition.

Sec. 13101. ONCHIT; Standards Development and Adoption.

The Public Health Service Act (42 U.S.C. 201 et seq.) is amended by adding at the end the following:

‘‘TITLE XXX—HEALTH INFORMATION TECHNOLOGY AND QUALITY

‘‘SEC. 3000. DEFINITIONS.

‘‘In this title:

‘‘(1) CERTIFIED EHR TECHNOLOGY.—The term ‘certified EHR technology’ means a qualified electronic health record that is certified pursuant to section 3001(c)(5) as meeting standards adopted under section 3004 that are applicable to the type of record involved (as determined by the Secretary, such as an ambulatory electronic health record for office-based physicians or an inpatient hospital electronic health record for hospitals).

‘‘(2) ENTERPRISE INTEGRATION.—The term ‘enterprise integration’ means the electronic linkage of health care providers, health plans, the government, and other interested parties, to enable the electronic exchange and use of health information among all the components in the health care infrastructure in accordance with applicable law, and such term includes related application protocols and other related standards.

‘‘(3) HEALTH CARE PROVIDER.—The term ‘health care provider’ includes a hospital, skilled nursing facility, nursing facility, home health entity or other long term care facility, health care clinic, community mental health center (as defined in section 1913(b)(1)), renal dialysis facility, blood center, ambulatory surgical center described in section 1833(i) of the Social Security Act, emergency medical services provider, Federally qualified health center, group practice, a pharmacist, a pharmacy, a laboratory, a physician (as defined in section 1861(r) of the Social Security Act), a practitioner (as described in section 1842(b)(18)(C) of the Social Security Act), a provider operated by, or under contract with, the Indian Health Service or by an Indian tribe (as defined in the Indian Self-Determination and Education Assistance Act), tribal organization, or urban Indian organization (as defined in section 4 of the Indian Health Care Improvement Act), a rural health clinic, a covered entity under section 340B, an ambulatory surgical center described in section 1833(i) of the Social Security Act, a therapist (as defined in section 1848(k)(3)(B)(iii) of the Social Security Act), and any other category of health care facility, entity, practitioner, or clinician determined appropriate by the Secretary.

‘‘(4) HEALTH INFORMATION.—The term ‘health information’ has the meaning given such term in section 1171(4) of the Social Security Act.

‘‘(5) HEALTH INFORMATION TECHNOLOGY.—The term ‘health information technology’ means hardware, software, integrated technologies or related licenses, intellectual property, upgrades, or packaged solutions sold as services that are designed for or support the use by health care entities or patients for the electronic creation, maintenance, access, or exchange of health information

‘‘(6) HEALTH PLAN.—The term ‘health plan’ has the meaning given such term in section 1171(5) of the Social Security Act.

‘‘(7) HIT POLICY COMMITTEE.—The term ‘HIT Policy Committee’ means such Committee established under section 3002(a).

‘‘(8) HIT STANDARDS COMMITTEE.—The term ‘HIT Standards Committee’ means such Committee established under section 3003(a).

‘‘(9) INDIVIDUALLY IDENTIFIABLE HEALTH INFORMATION.— The term ‘individually identifiable health information’ has the meaning given such term in section 1171(6) of the Social Security Act.

‘‘(10) LABORATORY.—The term ‘laboratory’ has the meaning given such term in section 353(a).

‘‘(11) NATIONAL COORDINATOR.—The term ‘National Coordinator’ means the head of the Office of the National Coordinator for Health Information Technology established under section 3001(a).

‘‘(12) PHARMACIST.—The term ‘pharmacist’ has the meaning given such term in section 804(2) of the Federal Food, Drug, and Cosmetic Act.

‘‘(13) QUALIFIED ELECTRONIC HEALTH RECORD.—The term ‘qualified electronic health record’ means an electronic record of health-related information on an individual that—

‘‘(A) includes patient demographic and clinical health information, such as medical history and problem lists; and

‘‘(B) has the capacity—

‘‘(i) to provide clinical decision support;

‘‘(ii) to support physician order entry;

‘‘(iii) to capture and query information relevant to health care quality; and

‘‘(iv) to exchange electronic health information with, and integrate such information from other sources.

‘‘(14) STATE.—The term ‘State’ means each of the several States, the District of Columbia, Puerto Rico, the Virgin Islands, Guam, American Samoa, and the Northern Mariana Islands.

‘‘Subtitle A—Promotion of Health Information Technology

‘‘SEC. 3001. OFFICE OF THE NATIONAL COORDINATOR FOR HEALTH INFORMATION TECHNOLOGY.

‘‘(a) ESTABLISHMENT.—There is established within the Department of Health and Human Services an Office of the National Coordinator for Health Information Technology (referred to in this section as the ‘Office’). The Office shall be headed by a National Coordinator who shall be appointed by the Secretary and shall report directly to the Secretary.

‘‘(b) PURPOSE.—The National Coordinator shall perform the duties under subsection (c) in a manner consistent with the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information and that—

‘‘(1) ensures that each patient’s health information is secure and protected, in accordance with applicable law;

‘‘(2) improves health care quality, reduces medical errors, reduces health disparities, and advances the delivery of patientcentered medical care;

‘‘(3) reduces health care costs resulting from inefficiency, medical errors, inappropriate care, duplicative care, and incomplete information;

‘‘(4) provides appropriate information to help guide medical decisions at the time and place of care;

‘‘(5) ensures the inclusion of meaningful public input in such development of such infrastructure;

‘‘(6) improves the coordination of care and information among hospitals, laboratories, physician offices, and other entities through an effective infrastructure for the secure and authorized exchange of health care information;

‘‘(7) improves public health activities and facilitates the early identification and rapid response to public health threats and emergencies, including bioterror events and infectious disease outbreaks;

‘‘(8) facilitates health and clinical research and health care quality;

‘‘(9) promotes early detection, prevention, and management of chronic diseases;

‘‘(10) promotes a more effective marketplace, greater competition, greater systems analysis, increased consumer choice, and improved outcomes in health care services; and

‘‘(11) improves efforts to reduce health disparities.

‘‘(c) DUTIES OF THE NATIONAL COORDINATOR.—

‘‘(1) STANDARDS.—The National Coordinator shall—

‘‘(A) review and determine whether to endorse each standard, implementation specification, and certification criterion for the electronic exchange and use of health information that is recommended by the HIT Standards Committee under section 3003 for purposes of adoption under section 3004;

‘‘(B) make such determinations under subparagraph (A), and report to the Secretary such determinations, not later than 45 days after the date the recommendation is received by the Coordinator; and

‘‘(C) review Federal health information technology investments to ensure that Federal health information technology programs are meeting the objectives of the strategic plan published under paragraph (3).

‘‘(2) HIT POLICY COORDINATION.—

‘‘(A) IN GENERAL.—The National Coordinator shall coordinate health information technology policy and programs of the Department with those of other relevant executive branch agencies with a goal of avoiding duplication of efforts and of helping to ensure that each agency undertakes health information technology activities primarily within the areas of its greatest expertise and technical capability and in a manner towards a coordinated national goal.

‘‘(B) HIT POLICY AND STANDARDS COMMITTEES.—The National Coordinator shall be a leading member in the establishment and operations of the HIT Policy Committee and the HIT Standards Committee and shall serve as a liaison among those two Committees and the Federal Government.

‘‘(3) STRATEGIC PLAN.—

‘‘(A) IN GENERAL.—The National Coordinator shall, in consultation with other appropriate Federal agencies (including the National Institute of Standards and Technology), update the Federal Health IT Strategic Plan (developed as of June 3, 2008) to include specific objectives, milestones, and metrics with respect to the following:

‘‘(i) The electronic exchange and use of health information and the enterprise integration of such information.

‘‘(ii) The utilization of an electronic health record for each person in the United States by 2014.

‘‘(iii) The incorporation of privacy and security protections for the electronic exchange of an individual’s individually identifiable health information.

‘‘(iv) Ensuring security methods to ensure appropriate authorization and electronic authentication of health information and specifying technologies or methodologies for rendering health information unusable, unreadable, or indecipherable.

‘‘(v) Specifying a framework for coordination and flow of recommendations and policies under this subtitle among the Secretary, the National Coordinator, the HIT Policy Committee, the HIT Standards Committee, and other health information exchanges and other relevant entities.

‘‘(vi) Methods to foster the public understanding of health information technology.

‘‘(vii) Strategies to enhance the use of health information technology in improving the quality of health care, reducing medical errors, reducing health disparities, improving public health, increasing prevention and coordination with community resources, and improving the continuity of care among health care settings.

‘‘(viii) Specific plans for ensuring that populations with unique needs, such as children, are appropriately addressed in the technology design, as appropriate, which may include technology that automates enrollment and retention for eligible individuals.

‘‘(B) COLLABORATION.—The strategic plan shall be updated through collaboration of public and private entities.

‘‘(C) MEASURABLE OUTCOME GOALS.—The strategic plan update shall include measurable outcome goals.

‘‘(D) PUBLICATION.—The National Coordinator shall republish the strategic plan, including all updates.

‘‘(4) WEBSITE.—The National Coordinator shall maintain and frequently update an Internet website on which there is posted information on the work, schedules, reports, recommendations, and other information to ensure transparency in promotion of a nationwide health information technology infrastructure.

‘‘(5) CERTIFICATION.—

‘‘(A) IN GENERAL.—The National Coordinator, in consultation with the Director of the National Institute of Standards and Technology, shall keep or recognize a program or programs for the voluntary certification of health information technology as being in compliance with applicable certification criteria adopted under this subtitle. Such program shall include, as appropriate, testing of the technology in accordance with section 13201(b) of the Health Information Technology for Economic and Clinical Health Act.

‘‘(B) CERTIFICATION CRITERIA DESCRIBED.—In this title, the term ‘certification criteria’ means, with respect to standards and implementation specifications for health information technology, criteria to establish that the technology meets such standards and implementation specifications.

‘‘(6) REPORTS AND PUBLICATIONS.—

‘‘(A) REPORT ON ADDITIONAL FUNDING OR AUTHORITY NEEDED.—Not later than 12 months after the date of the enactment of this title, the National Coordinator shall submit to the appropriate committees of jurisdiction of the House of Representatives and the Senate a report on any additional funding or authority the Coordinator or the HIT Policy Committee or HIT Standards Committee requires to evaluate and develop standards, implementation specifications, and certification criteria, or to achieve full participation of stakeholders in the adoption of a nationwide health information technology infrastructure that allows for the electronic use and exchange of health information.

‘‘(B) IMPLEMENTATION REPORT.—The National Coordinator shall prepare a report that identifies lessons learned from major public and private health care systems in their implementation of health information technology, including information on whether the technologies and practices developed by such systems may be applicable to and usable in whole or in part by other health care providers.

‘‘(C) ASSESSMENT OF IMPACT OF HIT ON COMMUNITIES WITH HEALTH DISPARITIES AND UNINSURED, UNDERINSURED, AND MEDICALLY UNDERSERVED AREAS.—The National Coordinator shall assess and publish the impact of health information technology in communities with health disparities and in areas with a high proportion of individuals who are uninsured, underinsured, and medically underserved individuals (including urban and rural areas) and identify practices to increase the adoption of such technology by health care providers in such communities, and the use of health information technology to reduce and better manage chronic diseases.

‘‘(D) EVALUATION OF BENEFITS AND COSTS OF THE ELECTRONIC USE AND EXCHANGE OF HEALTH INFORMATION.—The National Coordinator shall evaluate and publish evidence on the benefits and costs of the electronic use and exchange of health information and assess to whom these benefits and costs accrue.

‘‘(E) RESOURCE REQUIREMENTS.—The National Coordinator shall estimate and publish resources required annually to reach the goal of utilization of an electronic health record for each person in the United States by 2014, including—

‘‘(i) the required level of Federal funding;

‘‘(ii) expectations for regional, State, and private investment;

‘‘(iii) the expected contributions by volunteers to activities for the utilization of such records; and

‘‘(iv) the resources needed to establish a health information technology workforce sufficient to support this effort (including education programs in medical informatics and health information management).

‘‘(7) ASSISTANCE.—The National Coordinator may provide financial assistance to consumer advocacy groups and not-forprofit entities that work in the public interest for purposes of defraying the cost to such groups and entities to participate under, whether in whole or in part, the National Technology Transfer Act of 1995 (15 U.S.C. 272 note).

‘‘(8) GOVERNANCE FOR NATIONWIDE HEALTH INFORMATION NETWORK.—The National Coordinator shall establish a governance mechanism for the nationwide health information network.

‘‘(d) DETAIL OF FEDERAL EMPLOYEES.—

‘‘(1) IN GENERAL.—Upon the request of the National Coordinator, the head of any Federal agency is authorized to detail, with or without reimbursement from the Office, any of the personnel of such agency to the Office to assist it in carrying out its duties under this section.

‘‘(2) EFFECT OF DETAIL.—Any detail of personnel under paragraph (1) shall—

‘‘(A) not interrupt or otherwise affect the civil service status or privileges of the Federal employee; and

‘‘(B) be in addition to any other staff of the Department employed by the National Coordinator.

‘‘(3) ACCEPTANCE OF DETAILEES.—Notwithstanding any other provision of law, the Office may accept detailed personnel from other Federal agencies without regard to whether the agency described under paragraph (1) is reimbursed.

‘‘(e) CHIEF PRIVACY OFFICER OF THE OFFICE OF THE NATIONAL COORDINATOR.—Not later than 12 months after the date of the enactment of this title, the Secretary shall appoint a Chief Privacy Officer of the Office of the National Coordinator, whose duty it shall be to advise the National Coordinator on privacy, security, and data stewardship of electronic health information and to coordinate with other Federal agencies (and similar privacy officers in such agencies), with State and regional efforts, and with foreign countries with regard to the privacy, security, and data stewardship of electronic individually identifiable health information.

‘‘SEC. 3002. HIT POLICY COMMITTEE.

‘‘(a) ESTABLISHMENT.—There is established a HIT Policy Committee to make policy recommendations to the National Coordinator relating to the implementation of a nationwide health information technology infrastructure, including implementation of the strategic plan described in section 3001(c)(3).

‘‘(b) DUTIES.—

‘‘(1) RECOMMENDATIONS ON HEALTH INFORMATION TECHNOLOGY INFRASTRUCTURE.—The HIT Policy Committee shall recommend a policy framework for the development and adoption of a nationwide health information technology infrastructure that permits the electronic exchange and use of health information as is consistent with the strategic plan under section 3001(c)(3) and that includes the recommendations under paragraph (2). The Committee shall update such recommendations and make new recommendations as appropriate.

‘‘(2) SPECIFIC AREAS OF STANDARD DEVELOPMENT.—

‘‘(A) IN GENERAL.—The HIT Policy Committee shall recommend the areas in which standards, implementation specifications, and certification criteria are needed for the electronic exchange and use of health information for purposes of adoption under section 3004 and shall recommend an order of priority for the development, harmonization, and recognition of such standards, specifications, and certification criteria among the areas so recommended. Such standards and implementation specifications shall include named standards, architectures, and software schemes for the authentication and security of individually identifiable health information and other information as needed to ensure the reproducible development of common solutions across disparate entities.

‘‘(B) AREAS REQUIRED FOR CONSIDERATION.—For purposes of subparagraph (A), the HIT Policy Committee shall make recommendations for at least the following areas:

‘‘(i) Technologies that protect the privacy of health information and promote security in a qualified electronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care (or disclose information about a condition) because of privacy concerns, in accordance with applicable law, and for the use and disclosure of limited data sets of such information.

‘‘(ii) A nationwide health information technology infrastructure that allows for the electronic use and accurate exchange of health information.

‘‘(iii) The utilization of a certified electronic health record for each person in the United States by 2014.

‘‘(iv) Technologies that as a part of a qualified electronic health record allow for an accounting of disclosures made by a covered entity (as defined for purposes of regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996) for purposes of treatment, payment, and health care operations (as such terms are defined for purposes of such regulations).

‘‘(v) The use of certified electronic health records to improve the quality of health care, such as by promoting the coordination of health care and improving continuity of health care among health care providers, by reducing medical errors, by improving population health, by reducing health disparities, by reducing chronic disease, and by advancing research and education.

‘‘(vi) Technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in the nationwide health information network or physically transported outside of the secured, physical perimeter of a health care provider, health plan, or health care clearinghouse.

‘‘(vii) The use of electronic systems to ensure the comprehensive collection of patient demographic data, including, at a minimum, race, ethnicity, primary language, and gender information.

‘‘(viii) Technologies that address the needs of children and other vulnerable populations.

‘‘(C) OTHER AREAS FOR CONSIDERATION.—In making recommendations under subparagraph (A), the HIT Policy Committee may consider the following additional areas:

‘‘(i) The appropriate uses of a nationwide health information infrastructure, including for purposes of—

‘‘(I) the collection of quality data and public reporting;

‘‘(II) biosurveillance and public health;

‘‘(III) medical and clinical research; and

‘‘(IV) drug safety.

‘‘(ii) Self-service technologies that facilitate the use and exchange of patient information and reduce wait times.

‘‘(iii) Telemedicine technologies, in order to reduce travel requirements for patients in remote areas.

‘‘(iv) Technologies that facilitate home health care and the monitoring of patients recuperating at home.

‘‘(v) Technologies that help reduce medical errors.

‘‘(vi) Technologies that facilitate the continuity of care among health settings.

‘‘(vii) Technologies that meet the needs of diverse populations.

‘‘(viii) Methods to facilitate secure access by an individual to such individual’s protected health information.

‘‘(ix) Methods, guidelines, and safeguards to facilitate secure access to patient information by a family member, caregiver, or guardian acting on behalf of a patient due to age-related and other disability, cognitive impairment, or dementia.

‘‘(x) Any other technology that the HIT Policy Committee finds to be among the technologies with the greatest potential to improve the quality and efficiency of health care.

‘‘(3) FORUM.—The HIT Policy Committee shall serve as a forum for broad stakeholder input with specific expertise in policies relating to the matters described in paragraphs (1) and (2).

‘‘(4) CONSISTENCY WITH EVALUATION CONDUCTED UNDER MIPPA.—

‘‘(A) REQUIREMENT FOR CONSISTENCY.—The HIT Policy Committee shall ensure that recommendations made under paragraph (2)(B)(vi) are consistent with the evaluation conducted under section 1809(a) of the Social Security Act.

‘‘(B) SCOPE.—Nothing in subparagraph (A) shall be construed to limit the recommendations under paragraph (2)(B)(vi) to the elements described in section 1809(a)(3) of the Social Security Act.

‘‘(C) TIMING.—The requirement under subparagraph (A) shall be applicable to the extent that evaluations have been conducted under section 1809(a) of the Social Security Act, regardless of whether the report described in subsection (b) of such section has been submitted.

‘‘(c) MEMBERSHIP AND OPERATIONS.—

‘‘(1) IN GENERAL.—The National Coordinator shall take a leading position in the establishment and operations of the HIT Policy Committee.

‘‘(2) MEMBERSHIP.—The HIT Policy Committee shall be composed of members to be appointed as follows:

‘‘(A) 3 members shall be appointed by the Secretary, 1 of whom shall be appointed to represent the Department of Health and Human Services and 1 of whom shall be a public health official.

‘‘(B) 1 member shall be appointed by the majority leader of the Senate.

‘‘(C) 1 member shall be appointed by the minority leader of the Senate.

‘‘(D) 1 member shall be appointed by the Speaker of the House of Representatives.

‘‘(E) 1 member shall be appointed by the minority leader of the House of Representatives.

‘‘(F) Such other members as shall be appointed by the President as representatives of other relevant Federal agencies.

‘‘(G) 13 members shall be appointed by the Comptroller General of the United States of whom—

‘‘(i) 3 members shall advocates for patients or consumers;

‘‘(ii) 2 members shall represent health care providers, one of which shall be a physician;

‘‘(iii) 1 member shall be from a labor organization representing health care workers;

‘‘(iv) 1 member shall have expertise in health information privacy and security;

‘‘(v) 1 member shall have expertise in improving the health of vulnerable populations;

‘‘(vi) 1 member shall be from the research community;

‘‘(vii) 1 member shall represent health plans or other third-party payers;

‘‘(viii) 1 member shall represent information technology vendors;

‘‘(ix) 1 member shall represent purchasers or employers; and

‘‘(x) 1 member shall have expertise in health care quality measurement and reporting.

‘‘(3) PARTICIPATION.—The members of the HIT Policy Committee appointed under paragraph (2) shall represent a balance among various sectors of the health care system so that no single sector unduly influences the recommendations of the Policy Committee.

‘‘(4) TERMS.—

‘‘(A) IN GENERAL.—The terms of the members of the HIT Policy Committee shall be for 3 years, except that the Comptroller General shall designate staggered terms for the members first appointed.

‘‘(B) VACANCIES.—Any member appointed to fill a vacancy in the membership of the HIT Policy Committee that occurs prior to the expiration of the term for which the member’s predecessor was appointed shall be appointed only for the remainder of that term. A member may serve after the expiration of that member’s term until a successor has been appointed. A vacancy in the HIT Policy Committee shall be filled in the manner in which the original appointment was made.

‘‘(5) OUTSIDE INVOLVEMENT.—The HIT Policy Committee shall ensure an opportunity for the participation in activities of the Committee of outside advisors, including individuals with expertise in the development of policies for the electronic exchange and use of health information, including in the areas of health information privacy and security.

‘‘(6) QUORUM.—A majority of the member of the HIT Policy Committee shall constitute a quorum for purposes of voting, but a lesser number of members may meet and hold hearings.

‘‘(7) FAILURE OF INITIAL APPOINTMENT.—If, on the date that is 45 days after the date of enactment of this title, an official authorized under paragraph (2) to appoint one or more members of the HIT Policy Committee has not appointed the full number of members that such paragraph authorizes such official to appoint, the Secretary is authorized to appoint such members.

‘‘(8) CONSIDERATION.—The National Coordinator shall ensure that the relevant and available recommendations and comments from the National Committee on Vital and Health Statistics are considered in the development of policies.

‘‘(d) APPLICATION OF FACA.—The Federal Advisory Committee Act (5 U.S.C. App.), other than section 14 of such Act, shall apply to the HIT Policy Committee.

‘‘(e) PUBLICATION.—The Secretary shall provide for publication in the Federal Register and the posting on the Internet website of the Office of the National Coordinator for Health Information Technology of all policy recommendations made by the HIT Policy Committee under this section.

‘‘SEC. 3003. HIT STANDARDS COMMITTEE.

‘‘(a) ESTABLISHMENT.—There is established a committee to be known as the HIT Standards Committee to recommend to the National Coordinator standards, implementation specifications, and certification criteria for the electronic exchange and use of health information for purposes of adoption under section 3004, consistent with the implementation of the strategic plan described in section 3001(c)(3) and beginning with the areas listed in section 3002(b)(2)(B) in accordance with policies developed by the HIT Policy Committee.

‘‘(b) DUTIES.—

‘‘(1) STANDARDS DEVELOPMENT.—

‘‘(A) IN GENERAL.—The HIT Standards Committee shall recommend to the National Coordinator standards, implementation specifications, and certification criteria described in subsection (a) that have been developed, harmonized, or recognized by the HIT Standards Committee. The HIT Standards Committee shall update such recommendations and make new recommendations as appropriate, including in response to a notification sent under section 3004(a)(2)(B). Such recommendations shall be consistent with the latest recommendations made by the HIT Policy Committee.

‘‘(B) HARMONIZATION.—The HIT Standards Committee recognize harmonized or updated standards from an entity or entities for the purpose of harmonizing or updating standards and implementation specifications in order to achieve uniform and consistent implementation of the standards and implementation specifications.

‘‘(C) PILOT TESTING OF STANDARDS AND IMPLEMENTATION SPECIFICATIONS.—In the development, harmonization, or recognition of standards and implementation specifications, the HIT Standards Committee shall, as appropriate, provide for the testing of such standards and specifications by the National Institute for Standards and Technology under section 13201(a) of the Health Information Technology for Economic and Clinical Health Act.

‘‘(D) CONSISTENCY.—The standards, implementation specifications, and certification criteria recommended under this subsection shall be consistent with the standards for information transactions and data elements adopted pursuant to section 1173 of the Social Security Act.

‘‘(2) FORUM.—The HIT Standards Committee shall serve as a forum for the participation of a broad range of stakeholders to provide input on the development, harmonization, and recognition of standards, implementation specifications, and certification criteria necessary for the development and adoption of a nationwide health information technology infrastructure that allows for the electronic use and exchange of health information.

‘‘(3) SCHEDULE.—Not later than 90 days after the date of the enactment of this title, the HIT Standards Committee shall develop a schedule for the assessment of policy recommendations developed by the HIT Policy Committee under section 3002. The HIT Standards Committee shall update such schedule annually. The Secretary shall publish such schedule in the Federal Register.

‘‘(4) PUBLIC INPUT.—The HIT Standards Committee shall conduct open public meetings and develop a process to allow for public comment on the schedule described in paragraph (3) and recommendations described in this subsection. Under such process comments shall be submitted in a timely manner after the date of publication of a recommendation under this subsection.

‘‘(5) CONSIDERATION.—The National Coordinator shall ensure that the relevant and available recommendations and comments from the National Committee on Vital and Health Statistics are considered in the development of standards.

‘‘(c) MEMBERSHIP AND OPERATIONS.—

‘‘(1) IN GENERAL.—The National Coordinator shall take a leading position in the establishment and operations of the HIT Standards Committee.

‘‘(2) MEMBERSHIP.—The membership of the HIT Standards Committee shall at least reflect providers, ancillary healthcare workers, consumers, purchasers, health plans, technology vendors, researchers, relevant Federal agencies, and individuals with technical expertise on health care quality, privacy and security, and on the electronic exchange and use of health information.

‘‘(3) PARTICIPATION.—The members of the HIT Standards Committee appointed under this subsection shall represent a balance among various sectors of the health care system so that no single sector unduly influences the recommendations of such Committee.

‘‘(4) OUTSIDE INVOLVEMENT.—The HIT Policy Committee shall ensure an opportunity for the participation in activities of the Committee of outside advisors, including individuals with expertise in the development of standards for the electronic exchange and use of health information, including in the areas of health information privacy and security.

‘‘(5) BALANCE AMONG SECTORS.—In developing the procedures for conducting the activities of the HIT Standards Committee, the HIT Standards Committee shall act to ensure a balance among various sectors of the health care system so that no single sector unduly influences the actions of the HIT Standards Committee.

‘‘(6) ASSISTANCE.—For the purposes of carrying out this section, the Secretary may provide or ensure that financial assistance is provided by the HIT Standards Committee to defray in whole or in part any membership fees or dues charged by such Committee to those consumer advocacy groups and not for profit entities that work in the public interest as a part of their mission.

‘‘(d) APPLICATION OF FACA.—The Federal Advisory Committee Act (5 U.S.C. App.), other than section 14, shall apply to the HIT Standards Committee.

‘‘(e) PUBLICATION.—The Secretary shall provide for publication in the Federal Register and the posting on the Internet website of the Office of the National Coordinator for Health Information Technology of all recommendations made by the HIT Standards Committee under this section.

‘‘SEC. 3004. PROCESS FOR ADOPTION OF ENDORSED RECOMMENDATIONS; ADOPTION OF INITIAL SET OF STANDARDS, IMPLEMENTATION SPECIFICATIONS, AND CERTIFICATION CRITERIA.

‘‘(a) PROCESS FOR ADOPTION OF ENDORSED RECOMMENDATIONS.—

‘‘(1) REVIEW OF ENDORSED STANDARDS, IMPLEMENTATION SPECIFICATIONS, AND CERTIFICATION CRITERIA.—Not later than 90 days after the date of receipt of standards, implementation specifications, or certification criteria endorsed under section 3001(c), the Secretary, in consultation with representatives of other relevant Federal agencies, shall jointly review such standards, implementation specifications, or certification criteria and shall determine whether or not to propose adoption of such standards, implementation specifications, or certification criteria.

‘‘(2) DETERMINATION TO ADOPT STANDARDS, IMPLEMENTATION SPECIFICATIONS, AND CERTIFICATION CRITERIA.—If the Secretary determines—

‘‘(A) to propose adoption of any grouping of such standards, implementation specifications, or certification criteria, the Secretary shall, by regulation under section 553 of title 5, United States Code, determine whether or not to adopt such grouping of standards, implementation specifications, or certification criteria; or

‘‘(B) not to propose adoption of any grouping of standards, implementation specifications, or certification criteria, the Secretary shall notify the National Coordinator and the HIT Standards Committee in writing of such determination and the reasons for not proposing the adoption of such recommendation.

‘‘(3) PUBLICATION.—The Secretary shall provide for publication in the Federal Register of all determinations made by the Secretary under paragraph (1).

‘‘(b) ADOPTION OF STANDARDS, IMPLEMENTATION SPECIFICATIONS, AND CERTIFICATION CRITERIA.—

‘‘(1) IN GENERAL.—Not later than December 31, 2009, the Secretary shall, through the rulemaking process consistent with subsection (a)(2)(A), adopt an initial set of standards, implementation specifications, and certification criteria for the areas required for consideration under section 3002(b)(2)(B). The rulemaking for the initial set of standards, implementation specifications, and certification criteria may be issued on an interim, final basis.

‘‘(2) APPLICATION OF CURRENT STANDARDS, IMPLEMENTATION SPECIFICATIONS, AND CERTIFICATION CRITERIA.—The standards, implementation specifications, and certification criteria adopted before the date of the enactment of this title through the process existing through the Office of the National Coordinator for Health Information Technology may be applied towards meeting the requirement of paragraph (1).

‘‘(3) SUBSEQUENT STANDARDS ACTIVITY.—The Secretary shall adopt additional standards, implementation specifications, and certification criteria as necessary and consistent with the schedule published under section 3003(b)(2).

‘‘SEC. 3005. APPLICATION AND USE OF ADOPTED STANDARDS AND IMPLEMENTATION SPECIFICATIONS BY FEDERAL AGENCIES.

‘‘For requirements relating to the application and use by Federal agencies of the standards and implementation specifications adopted under section 3004, see section 13111 of the Health Information Technology for Economic and Clinical Health Act.

‘‘SEC. 3006. VOLUNTARY APPLICATION AND USE OF ADOPTED STANDARDS AND IMPLEMENTATION SPECIFICATIONS BY PRIVATE ENTITIES.

‘‘(a) IN GENERAL.—Except as provided under section 13112 of the HITECH Act, nothing in such Act or in the amendments made by such Act shall be construed—

‘‘(1) to require a private entity to adopt or comply with a standard or implementation specification adopted under section 3004; or

‘‘(2) to provide a Federal agency authority, other than the authority such agency may have under other provisions of law, to require a private entity to comply with such a standard or implementation specification.

‘‘(b) RULE OF CONSTRUCTION.—Nothing in this subtitle shall be construed to require that a private entity that enters into a contract with the Federal Government apply or use the standards and implementation specifications adopted under section 3004 with respect to activities not related to the contract.

‘‘SEC. 3007. FEDERAL HEALTH INFORMATION TECHNOLOGY.

‘‘(a) IN GENERAL.—The National Coordinator shall support the development and routine updating of qualified electronic health record technology (as defined in section 3000) consistent with subsections (b) and (c) and make available such qualified electronic health record technology unless the Secretary determines through an assessment that the needs and demands of providers are being substantially and adequately met through the marketplace.

‘‘(b) CERTIFICATION.—In making such electronic health record technology publicly available, the National Coordinator shall ensure that the qualified electronic health record technology described in subsection (a) is certified under the program developed under section 3001(c)(3) to be in compliance with applicable standards adopted under section 3003(a).

‘‘(c) AUTHORIZATION TO CHARGE A NOMINAL FEE.—The National Coordinator may impose a nominal fee for the adoption by a health care provider of the health information technology system developed or approved under subsection (a) and (b). Such fee shall take into account the financial circumstances of smaller providers, low income providers, and providers located in rural or other medically underserved areas.

‘‘(d) RULE OF CONSTRUCTION.—Nothing in this section shall be construed to require that a private or government entity adopt or use the technology provided under this section.

‘‘SEC. 3008. TRANSITIONS.

‘‘(a) ONCHIT.—To the extent consistent with section 3001, all functions, personnel, assets, liabilities, and administrative actions applicable to the National Coordinator for Health Information Technology appointed under Executive Order No. 13335 or the Office of such National Coordinator on the date before the date of the enactment of this title shall be transferred to the National Coordinator appointed under section 3001(a) and the Office of such National Coordinator as of the date of the enactment of this title.

‘‘(b) NATIONAL EHEALTH COLLABORATIVE.—Nothing in sections 3002 or 3003 or this subsection shall be construed as prohibiting the AHIC Successor, Inc. doing business as the National eHealth Collaborative from modifying its charter, duties, membership, and any other structure or function required to be consistent with section 3002 and 3003 so as to allow the Secretary to recognize such AHIC Successor, Inc. as the HIT Policy Committee or the HIT Standards Committee.

‘‘(c) CONSISTENCY OF RECOMMENDATIONS.—In carrying out section 3003(b)(1)(A), until recommendations are made by the HIT Policy Committee, recommendations of the HIT Standards Committee shall be consistent with the most recent recommendations made by such AHIC Successor, Inc.

‘‘SEC. 3009. MISCELLANEOUS PROVISIONS.

‘‘(a) RELATION TO HIPAA PRIVACY AND SECURITY LAW.—

‘‘(1) IN GENERAL.—With respect to the relation of this title to HIPAA privacy and security law:

‘‘(A) This title may not be construed as having any effect on the authorities of the Secretary under HIPAA privacy and security law.

‘‘(B) The purposes of this title include ensuring that the health information technology standards and implementation specifications adopted under section 3004 take into account the requirements of HIPAA privacy and security law.

‘‘(2) DEFINITION.—For purposes of this section, the term ‘HIPAA privacy and security law’ means—

‘‘(A) the provisions of part C of title XI of the Social Security Act, section 264 of the Health Insurance Portability and Accountability Act of 1996, and subtitle D of title IV of the Health Information Technology for Economic and Clinical Health Act; and

‘‘(B) regulations under such provisions.

‘‘(b) FLEXIBILITY.—In administering the provisions of this title, the Secretary shall have flexibility in applying the definition of health care provider under section 3000(3), including the authority to omit certain entities listed in such definition when applying such definition under this title, where appropriate.’’.

Download a FREE copy of our Breach Notification Training Module.