Wednesday, March 17, 2010

Personal Health Record Act

I wrote last September about the "Personal Health Record Act of 2009." It took a few months for the legislation to actually be introduced and it is now in the Ways and Means Committee.

Representatives Patrick Kennedy (D-RI), Dave Reichert (R-WA) and Charles W. Boustany, Jr., (R-LA) actually introduced the legislation December 7, 2009 to amend the HITECH Act in order to enhance the interoperability and the meaningful use of electronic medical records with personal health records (PHR)s. Required components of a PHR under this act could include monitoring who accesses the record, automated reminders and education tools, ability for a patient to annotate the record and leave feedback for the health care provider, and emergency access procedures for medical personnel in cases where a patient or authorized representative is unable to give consent. The Office of the National Coordinator would also report to Congress on the technological, medicolegal, medical safety and other pertinent issues related to an individual's control of their PHR.

Here is the full Act as introduced:


111th CONGRESS
1st Session

H. R. 4216


    To amend the Public Health Service Act and titles XVIII and XIX of the Social Security Act to establish guidelines to enhance the meaningful use and interoperability of electronic medical records with personal health records, including for purposes of Medicare and Medicaid payment incentives.


IN THE HOUSE OF REPRESENTATIVES

December 7, 2009
    Mr. Kennedy (for himself and Mr. Reichert) introduced the following bill; which was referred to the Committee on Energy and Commerce, and in addition to the Committee on Ways and Means, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned




A BILL

    To amend the Public Health Service Act and titles XVIII and XIX of the Social Security Act to establish guidelines to enhance the meaningful use and interoperability of electronic medical records with personal health records, including for purposes of Medicare and Medicaid payment incentives.

Be it enacted by the Senate and House of Representatives of the United States of America in Congress assembled,
SECTION 1. SHORT TITLE.

This Act may be cited as the “Personal Health Record Act of 2009”.

SEC. 2. ENHANCING MEANINGFUL USE OF ELECTRONIC HEALTH RECORDS THROUGH INTEROPERABILITY.

(a) Definitions.—
(1) IN GENERAL.—Section 3000 of the Public Health Service Act (42 U.S.C. 300jj) is amended by adding at the end the following:
“(15) ELECTRONIC EXCHANGE.—The term ‘electronic exchange’ shall include the automated transfer of individual health information between electronic medical records and personal health records, and between electronic medical records, personal health records, and other electronic systems.
“(16) PERSONAL HEALTH RECORD.—The term ‘personal health record’ means an electronic record of PHR identifiable health information (as defined in section 13407(f)(2) of the HITECH Act) of an individual that—
“(A) complies with appropriate data content standards;
“(B) enables the individual, an authorized representative, vendor of personal health records (as defined in section 318.2(j) of title 16, Code of Federal Regulations, as in effect as of November 1, 2009), any covered entity (as defined for purposes of HIPAA privacy and security law, as defined in section 3009(a)(2)), or an entity to the extent that it engages in activities as a business associate (as defined for such purposes) of such a covered entity, to retrieve data from or input data into the electronic record; and
“(C) is portable and capable of electronic communication between such individual and the relevant covered entity, business associate described in subparagraph (B), or vendor of personal health records of such individual that is managed, shared, and controlled by or primarily for the individual.”.



(2) CONFORMING AMENDMENT.—Section 13400(11) of the HITECH Act (42 U.S.C. 17921(11)) is amended to read as follows:
“(11) PERSONAL HEALTH RECORD.—The term ‘personal health record’ has the meaning given such term in section 3000(16) of the Public Health Service Act.”.



(b) Access To Individually Identifiable Health Information.—Section 3001(b) of the Public Health Service Act (42 U.S.C. 300jj–11(b)) is amended—
(1) in the matter preceding paragraph (1), by inserting “electronic” before “exchange”;
(2) in paragraph (6)—
(A) by inserting “individuals,” after “physician offices,”; and
(B) by inserting “electronic” before “exchange of health care information”;

(3) in paragraph (10), by striking at the end “and”;
(4) in paragraph (11), by striking the period and inserting “; and”; and
(5) by adding at the end the following new paragraph:
“(12) allows for an individual to have access to their individually identifiable health information.”.



(c) Strategic Plan Relating To Personal Health Records.—Section 3001(c)(3)(A) of the Public Health Service Act (42 U.S.C. 300jj–11(c)(3)(A)) is amended by adding at the end the following new clause:
“(ix) The interoperability of a personal health record with an electronic health record.”.


(d) Guidelines Relating To Personal Health Records.—Section 3001(c) of the Public Health Service Act (42 U.S.C. 300jj–11(c)) is amended by adding at the end the following new paragraph:
“(9) GUIDELINES FOR PERSONAL HEALTH RECORDS.—Not later than the date that is 12 months after the date of the enactment of the Personal Health Record Act of 2009, the National Coordinator shall develop guidelines for making electronic health records interoperable with personal health records for the purpose of improving health care quality, reducing medical errors, and advancing the delivery of patient-centered medical care and health management. Such guidelines shall include—
“(A) standards based on the recommendations provided in section 3002(b)(2)(B)(ix), including for purposes of requiring electronic health records to be made available through electronic exchange and interoperable with personal health records for purposes of demonstrating meaningful use of an electronic health record under sections 1848(o)(2)(A)(i), 1886(n)(3)(A)(i), and 1903(t)(6)(C)(i)(II) of the Social Security Act;
“(B) recommendations for applying such a requirement of making electronic health records available, with respect to community and behavioral health programs, in the form of personal health records to improve the effective and efficient electronic exchange and management of information between the individual (or authorized representative of the individual), including those in medically underserved communities (as defined in section 799B(6)), and community health centers and behavioral health service providers;
“(C) required components of a personal health record, which shall include—
“(i) information on medical history, including diagnoses and procedures, including updates if diagnosis or procedures change after each provider encounter;
“(ii) information on recent laboratory results, diagnostic examinations, and radiologic procedures, if available in electronic format;
“(iii) information on medications and prescriptions, both current and historical, including updates if medications change after each provider encounter;
“(iv) information on allergies, both medication and environmental, including the specific reaction;
“(v) privacy, security, and electronic informed consents for disclosing individually identifiable health information;
“(vi) computer programming standards determined by the National Coordinator that allow interoperability of individually identifiable health information and communications between covered entities (as defined for purposes of HIPAA privacy and security law, as defined in section 3009(a)(2)), entities to the extent that they engage in activities as business associates of such covered entities, individuals, and vendors of personal health records;
“(vii) portability of the personal health record by the individual between covered entities, business associates described in clause (vi), or vendors of personal health records;
“(viii) ability to use such record as part of the patient intake process;
“(ix) accurate attribution of the source of all data in the personal health record, including the source of the information, the date that such information was entered into the personal health record, and standards-based protection of data provided by the health care provider (such as health care provider clinic notes, laboratory results, diagnostic examinations, and radiologic procedures) from changes;
“(x) notification of the individual involved or the authorized representative of such individual of the risks of withholding medical information from a medical provider; and
“(xi) health services communication tools, including those which offer online secure communication with covered entities (as defined for purposes of HIPAA privacy and security law, as defined in section 3009(a)(2)) and entities to the extent that they engage in activities as business associates (as defined for such purposes) of such a covered entity;

“(D) other possible components for consideration of a personal health record, including—
“(i) an audit trail to monitor who has accessed the personal health record of the individual;
“(ii) automated appointment, care reminders, and health self-management tools;
“(iii) the ability to provide education tools;
“(iv) the ability of the individual or authorized representative involved to annotate (without changing) health care provider records, such as to provide feedback to health care providers of the individual;
“(v) protection of clinical records in the personal health record which are imported from or exported to a covered entity, business associate described in clause (i), or vendor of personal health records from being changed by the individual, authorized representative of the individual, vendor of personal health records, the covered entity, or business associate;
“(vi) the ability to allow comments by the individual, authorized representative, and covered entity within an area of the personal health record that is separate from the clinical record imported from or exported to a covered entity; and
“(vii) emergency access procedures for medical personnel, with respect to the record, for clinical care in cases that the individual or authorized representative is not able to give consent; and

“(E) security, privacy, and electronic informed consents for disclosing individually identifiable health information for personal health records, including the recommendations described in paragraph (6)(F).
In the case that the Secretary determines that any standard or component for personal health records included under the guidance under this paragraph is not adequate pursuant to the report submitted under paragraph (6)(F), the Secretary shall notify the National Coordinator and the HIT Standards Committee in accordance with section 3004(a)(2)(B) and the National Coordinator may revise such standard or component, respectively.”.



(e) Reports.—Section 3001(c)(6) of such Act (42 U.S.C. 300jj–11(c)(6)) is amended by adding at the end the following new subparagraphs:
“(F) MONITORING PERSONAL HEALTH RECORDS.—Not later than the date that is 24 months after the date of the enactment of the Personal Health Record Act of 2009 and annually thereafter, the National Coordinator, in consultation with the Administrator of the Centers for Medicare & Medicaid Services, shall submit to the appropriate committees of jurisdiction of Congress an annual report on—
“(i) the extent to which personal health records have been integrated into the meaningful use of electronic health records for purposes of sections 1848(o)(2), 1886(n)(3), and 1903(t)(6) of the Social Security Act;
“(ii) the extent to which the use of personal health records improve communication between individuals and covered entities (as defined for purposes of HIPAA privacy and security law, as defined in section 3009(a)(2)) and improve patient health management, including documentation of the extent to which there are cost savings;
“(iii) the extent to which the use of personal health records, with respect to community health centers and behavioral health services, improve the effective and efficient exchange and management of information between the individual involved (or authorized representative of the individual), including those in medically underserved communities, and community health centers and behavioral health service providers;
“(iv) status of the standards implemented in paragraph (9)(A) and the need to revise or include new standards;
“(v) the adequacy of the components of a personal health record described in paragraph (9)(C); and
“(vi) the affect of having an individual with full access to the medical records of such individual through use of a personal health record, including—
“(I) a prospective study analyzing health care utilization (including the impact of personal health records on health care provider efficiency, health care provider reimbursement for time spent interacting with individuals as a result of personal health records, and defensive medicine practices);
“(II) the extent that such access affects communications by means of such records between various health care providers of the individual (including the use of provider notations);
“(III) a prospective study analyzing the affect of such access on the patient-health care provider relationship; and
“(IV) the risks and benefits of an individual having full access to medical records of the individual through the use of personal health records.


“(G) RECOMMENDATION RELATING TO SECURITY AND PRIVACY OF PERSONAL HEALTH RECORDS.—Not later than 6 months after the date of the enactment of the Personal Health Record Act of 2009, the National Coordinator shall submit to the appropriate committees of jurisdiction of Congress a report, including recommendations, on the technological, medicolegal, medical safety, and other pertinent issues related to an individual’s control of the personal health record of such individual and shall establish guidelines for such control. The National Coordinator shall ensure the participation in such a report of health care consumers, vendors of personal health records, and covered entities (as defined for purposes of HIPAA privacy and security law, as defined in section 3009(a)(2)), along with other health care stakeholders. The report shall encompass at least the following issues:
“(i) the rights of an individual utilizing a personal health record with respect to the individual’s own individually identifiable health information contained in such; and
“(ii) the security and privacy of an individual utilizing a personal health record, including—
“(I) defining who has right of access to an individual’s personal health record in the case of a personal health record provided by a covered entity;
“(II) security and privacy issues following medical emergency access of information in a personal health record by health care providers;
“(III) the impact of an individual restricting medical information access in a personal health record of such individual to health care providers on patient care and safety;
“(IV) the risks and benefits of health care provider notification if the personal health record of an individual is restricted by the individual;
“(V) the uses and disclosures of the information of an individual contained in a personal health record that should be authorized or required by a vendor of personal health records providing and maintaining such record;
“(VI) electronic informed consents for disclosing individually identifiable health information;
“(VII) the use of an audit trail of who has entered, removed, and changed data within a personal health record; and
“(VIII) the dissemination of abnormal laboratory results, diagnostic examinations, and radiological procedures into personal health records prior to notification of the abnormality by the health care provider.”.




(f) Personal Health Record Standards Included In HIT Policy Committee Recommendations.—
(1) IN GENERAL.—Section 3002(b)(2)(B) of the Public Health Service Act (42 U.S.C. 300jj–12(b)(2)(B)) is amended by adding at the end the following new clause:
“(ix) Standards and implementation specifications for the interoperability of personal health records and electronic health records.”.


(2) CONFORMING CHANGES RELATING TO HIT STANDARDS COMMITTEE RECOMMENDATIONS.—
(A) DEADLINE FOR SUBMISSION OF RECOMMENDATIONS TO NATIONAL COORDINATOR.—Section 3003(b)(1)(A) of such Act (42 U.S.C. 300jj–13(b)(1)(A)) is amended by adding at the end the following: “Not later than the date that is 6 months after the date of the enactment of the Personal Health Record Act of 2009, the HIT Standards Committee shall recommend to the National Coordinator standards and implementation specifications described in section 3002(b)(2)(B)(ix). The HIT Standards Committee shall update such recommendations and make new recommendations as appropriate, including in response to notification sent under section 3004(a)(2)(B).”.
(B) FORUM.—Section 3003(b)(2) of such Act (42 U.S.C. 300jj–13(b)(2)) is amended by inserting before the period the following: “, including for the adoption of interoperability of personal health records and electronic health records”.

(3) CONFORMING CHANGES RELATING TO ADOPTION OF INITIAL SET OF STANDARDS.—Section 3004(b)(1) of such Act (42 U.S.C. 300jj–14(b)(1)) is amended by inserting “(other than clause (ix))” after “section 3002(b)(2)(B)”.

(g) Application Of Guidelines To Meaningful Use Requirements Of Electronic Medical Records Under Medicare.—
(1) ELIGIBLE PROFESSIONAL PAYMENT INCENTIVES.—Section 1848(o)(2)(A)(i) of the Social Security Act (42 U.S.C. 1395w–4(o)(2)(A)(i)) is amended by inserting before the period at the end the following: “and shall include demonstrating the availability of such technology to and use of such technology by individuals furnished items and services by such professional in the form of electronic and personal health records consistent with guidelines established by the National Coordinator under section 3001(c)(9)(A) of the Public Health Service Act”.
(2) ELIGIBLE HOSPITAL PAYMENT INCENTIVES.—Section 1886(n)(3)(A)(i) of such Act (42 U.S.C. 1395ww(n)(3)(A)(i)) is amended by inserting before the period at the end the following: “, which shall include demonstrating the availability of such technology to and use of such technology by individuals furnished items and services by such hospital in the form of electronic and personal health records consistent with guidelines established by the National Coordinator under section 3001(c)(9)(A) of the Public Health Service Act”.

(h) Application Of Guidelines To Meaningful EHR Use Requirements Under Medicaid.—Section 1903(t)(6)(C)(i)(II) of the Social Security Act (42 U.S.C. 1396b(t)(6)(C)(i)(II)) is amended—
(1) by striking “and” before “that may be based”; and
(2) by inserting before the period at the end the following: “, and which shall include demonstrating the availability of such technology to and use of such technology by individuals furnished items and services by such Medicaid provider in the form of electronic and personal health records consistent with guidelines established by the National Coordinator under section 3001(c)(9)(A) of the Public Health Service Act”.

(i) Relationship To Other Laws.—Section 13421 of the HITECH Act (42 U.S.C. 17951) is amended by adding at the end the following new subsection:
“(c) Health Information Portability And Accountability Act, Health Care Providers, And Personal Health Records.—Nothing in this subtitle or the provisions of or amendments made by the Personal Health Record Act of 2009 shall affect the ability of a health care provider involved in the direct care of an individual to obtain pertinent information on the medical history of such individual from another health care provider involved in the medical care of the individual, in accordance with HIPAA privacy and security law (as defined in section 3009(a)(2) of the Public Health Service Act) as in effect before the date of the enactment of the Personal Health Record Act of 2009.”.




No comments:

Post a Comment