Ley HIPAA (Ingles)

Publicado: junio 20, 2011 en Leyes

LEY HIPAA
-HEALTH INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF
1996


PUBLIC LAW
104-191

AUG.
21, 1996

HEALTH
INSURANCE PORTABILITY AND ACCOUNTABILITY ACT OF 1996

Public Law 104-191
104th Congress

An
Act

To amend the Internal
Revenue Code of 1986 to improve portability and continuity of health insurance
coverage in the group and individual markets, to combat waste, fraud, and abuse
in health insurance and health care delivery, to promote the use of medical
savings accounts, to improve access to long-term care services and coverage, to
simplify the administration of health insurance, and for other
purposes.

Be it enacted by the Senate
and House of Representatives of the United States of America in Congress
assembled,

SECTION 1. SHORT TITLE;
TABLE OF CONTENTS.

(a) SHORT
TITLE.
–This Act may be cited as the “Health Insurance Portability and
Accountability Act of 1996”.

(b) TABLE OF
CONTENTS.
–The table of contents of this Act is as
follows:

Sec. 1. Short title; table
of contents.

TITLE I–HEALTH
CARE ACCESS, PORTABILITY, AND RENEWABIL
ITY

TITLE
II–PREVENTING HEALTH CARE FRAUD AND ABUSE; ADMINISTRATIVE SIMPLIFICATION;
MEDICAL LIABILITY REFORM

Subtitle F–Administrative
Simplification

Skip to Main Content

“Part C–Administrative
Simplification

Skip to Main Content

Sec. 263. Changes in membership and duties of
National Committee on Vital and Health Statistics.

Sec. 264. Recommendations with respect to privacy of
certain health information.


Subtitle F–Administrative
Simplification

SEC. 261.
PURPOSE.

It is the purpose of this
subtitle to improve the Medicare program under title XVIII of the Social
Security Act, the medicaid program under title XIX of such Act, and the
efficiency and effectiveness of the health care system, by encouraging the
development of a health information system through the establishment of
standards and requirements for the electronic transmission of certain health
information.

SEC. 262.
ADMINISTRATIVE SIMPLIFICATION.

(a) IN GENERAL.–Title XI
(42 U.S.C. 1301 et seq.) is amended by adding at the end the
following:

“PART C–ADMINISTRATIVE
SIMPLIFICATION

“DEFINITIONS

SEC. 1171. For
purposes of this part:

“(1) CODE SET.–The term
‘code set’ means any set of codes used for encoding data elements, such as
tables of terms, medical concepts, medical diagnostic codes, or medical
procedure codes.

“(2) HEALTH CARE
CLEARINGHOUSE.–The term ‘health care clearinghouse’ means a public or private
entity that processes or facilitates the processing of nonstandard data elements
of health information into standard data elements.

“(3) HEALTH CARE
PROVIDER.–The term ‘health care provider’ includes a provider of services (as
defined in section 1861(u)), a provider of medical or other health services (as
defined in section 1861(s)), and any other person furnishing health care
services or supplies.

“(4) HEALTH
INFORMATION.–The term ‘health information’ means any information, whether oral
or recorded in any form or medium, that–

“(A) is created or received
by a health care provider, health plan, public health authority, employer, life
insurer, school or university, or health care clearinghouse;
and

“(B) relates to the past,
present, or future physical or mental health or condition of an individual, the
provision of health care to an individual, or the past, present, or future
payment for the provision of health care to an individual.

“(5) HEALTH PLAN.–The term
‘health plan’ means an individual or group plan that provides, or pays the cost
of, medical care (as such term is defined in section 2791 of the Public Health
Service Act). Such term includes the following, and any combination
thereof:

“(A) A group health plan
(as defined in section 2791(a) of the Public Health Service Act), but only if
the plan–

“(i) has 50 or more
participants (as defined in section 3(7) of the Employee Retirement Income
Security Act of 1974); or

“(ii) is administered by an
entity other than the employer who established and maintains the
plan.

“(B) A health insurance
issuer (as defined in section 2791(b) of the Public Health Service
Act).

“(C) A health maintenance
organization (as defined in section 2791(b) of the Public Health Service
Act).

“(D) Part A or part B of
the Medicare program under title XVIII.

“(E) The medicaid program
under title XIX.

“(F) A Medicare
supplemental policy (as defined in section 1882(g)(1)).

“(G) A long-term care
policy, including a nursing home fixed indemnity policy (unless the Secretary
determines that such a policy does not provide sufficiently comprehensive
coverage of a benefit so that the policy should be treated as a health
plan).

“(H) An employee welfare
benefit plan or any other arrangement which is established or maintained for the
purpose of offering or providing health benefits to the employees of 2 or more
employers.

“(I) The health care
program for active military personnel under title 10, United States
Code.

“(J) The veterans health
care program under chapter 17 of title 38, United States
Code.

“(K) The Civilian Health
and Medical Program of the Uniformed Services (CHAMPUS), as defined in section
1072(4) of title 10, United States Code.

“(L) The Indian health
service program under the Indian Health Care Improvement Act (25 U.S.C. 1601 et
seq.).

“(M) The Federal Employees
Health Benefit Plan under chapter 89 of title 5, United States
Code.

“(6) INDIVIDUALLY
IDENTIFIABLE HEALTH INFORMATION.–The term ‘individually identifiable health
information’ means any information, including demographic information collected
from an individual, that–

“(A) is created or received
by a health care provider, health plan, employer, or health care clearinghouse;
and

“(B) relates to the past,
present, or future physical or mental health or condition of an individual, the
provision of health care to an individual, or the past, present, or future
payment for the provision of health care to an individual,
and–

“(i) identifies the
individual; or

“(ii) with respect to which
there is a reasonable basis to believe that the information can be used to
identify the individual.

“(7) STANDARD.–The term
‘standard’, when used with reference to a data element of health information or
a transaction referred to in section 1173(a)(1), means any such data element or
transaction that meets each of the standards and implementation specifications
adopted or established by the Secretary with respect to the data element or
transaction under sections 1172 through 1174.

“(8) STANDARD SETTING
ORGANIZATION.–The term ‘standard setting organization’ means a standard setting
organization accredited by the American National Standards Institute, including
the National Council for Prescription Drug Programs, that develops standards for
information transactions, data elements, or any other standard that is necessary
to, or will facilitate, the implementation of this part.

“GENERAL REQUIREMENTS FOR ADOPTION
OF STANDARDS

SEC. 1172. (a)
APPLICABILITY.–Any standard adopted under this part shall apply, in whole or in
part, to the following persons:

“(1) A health
plan.

“(2) A health care
clearinghouse.

“(3) A health care provider
who transmits any health information in electronic form in connection with a
transaction referred to in section 1173(a)(1).

“(b) REDUCTION OF
COSTS.–Any standard adopted under this part shall be consistent with the
objective of reducing the administrative costs of providing and paying for
health care.

“(c) ROLE OF STANDARD
SETTING ORGANIZATIONS.–

“(1) IN GENERAL.–Except as
provided in paragraph (2), any standard adopted under this part shall be a
standard that has been developed, adopted, or modified by a standard setting
organization.

“(2) SPECIAL
RULES.–

“(A) DIFFERENT
STANDARDS.–The Secretary may adopt a standard that is different from any
standard developed, adopted, or modified by a standard setting organization,
if–

“(i) the different standard
will substantially reduce administrative costs to health care providers and
health plans compared to the alternatives; and

“(ii) the standard is
promulgated in accordance with the rulemaking procedures of subchapter III of
chapter 5 of title 5, United States Code.

“(B) NO STANDARD BY
STANDARD SETTING ORGANIZATION.–If no standard setting organization has
developed, adopted, or modified any standard relating to a standard that the
Secretary is authorized or required to adopt under this
part–

“(i) paragraph (1) shall
not apply; and

“(ii) subsection (f) shall
apply.

(3) CONSULTATION
REQUIREMENT.–

“(A) IN GENERAL.–A
standard may not be adopted under this part unless–

“(i) in the case of a
standard that has been developed, adopted, or modified by a standard setting
organization, the organization consulted with each of the organizations
described in subparagraph (B) in the course of such development, adoption, or
modification; and

“(ii) in the case of any
other standard, the Secretary, in complying with the requirements of subsection
(f), consulted with each of the organizations described in subparagraph (B)
before adopting the standard.

“(B) ORGANIZATIONS
DESCRIBED.–The organizations referred to in subparagraph (A) are the
following:

“(i) The National Uniform
Billing Committee.

“(ii) The National Uniform
Claim Committee.

“(iii) The Workgroup for
Electronic Data Interchange.

“(iv) The American Dental
Association.

“(d) IMPLEMENTATION
SPECIFICATIONS.–The Secretary shall establish

specifications for
implementing each of the standards adopted under this

part.

“(e) PROTECTION OF TRADE
SECRETS.–Except as otherwise required by law, a standard adopted under this
part shall not require disclosure of trade secrets or confidential commercial
information by a person required to comply with this part.

“(f) ASSISTANCE TO THE
SECRETARY.–In complying with the requirements of this part, the Secretary shall
rely on the recommendations of the National Committee on Vital and Health
Statistics established under section 306(k) of the Public Health Service Act (42
U.S.C. 242k(k)), and shall consult with appropriate Federal and State agencies
and private organizations. The Secretary shall publish in the Federal Register
any recommendation of the National Committee on Vital and Health Statistics
regarding the adoption of a standard under this part.

(g) APPLICATION TO
MODIFICATIONS OF STANDARDS.–This section shall apply to a modification to a
standard (including an addition to a standard) adopted under section 1174(b) in
the same manner as it applies to an initial standard adopted under section
1174(a).

“STANDARDS FOR INFORMATION
TRANSACTIONS AND DATA ELEMENTS

SEC. 1173. (a)
STANDARDS TO ENABLE ELECTRONIC EXCHANGE.–

“(1) IN GENERAL.–The
Secretary shall adopt standards for transactions, and data elements for such
transactions, to enable health information to be exchanged electronically, that
are appropriate for–

“(A) the financial and
administrative transactions described in paragraph (2);
and

“(B) other financial and
administrative transactions determined appropriate by the Secretary, consistent
with the goals of improving the operation of the health care system and reducing
administrative costs.

“(2) TRANSACTIONS.–The
transactions referred to in paragraph (1)(A) are transactions with respect to
the following:

“(A) Health claims or
equivalent encounter information.

“(B) Health claims
attachments.

“(C) Enrollment and
disenrollment in a health plan.

“(D) Eligibility for a
health plan.

“(E) Health care payment
and remittance advice.

“(F) Health plan premium
payments.

“(G) First report of
injury.

“(H) Health claim
status.

“(I) Referral certification
and authorization.

“(3) ACCOMMODATION OF
SPECIFIC PROVIDERS.–The standards adopted by the Secretary under paragraph (1)
shall accommodate the needs of different types of health care
providers.

(b) UNIQUE HEALTH
IDENTIFIERS.–

“(1) IN GENERAL.–The
Secretary shall adopt standards providing for a standard unique health
identifier for each individual, employer, health plan, and health care provider
for use in the health care system. In carrying out the preceding sentence for
each health plan and health care provider, the Secretary shall take into account
multiple uses for identifiers and multiple locations and specialty
classifications for health care providers.

“(2) USE OF
IDENTIFIERS.–The standards adopted under paragraph (1) shall specify the
purposes for which a unique health identifier may be used.

(c) CODE
SETS.–

“(1) IN GENERAL.–The
Secretary shall adopt standards that–

“(A) select code sets for
appropriate data elements for the transactions referred to in subsection (a)(1)
from among the code sets that have been developed by private and public
entities; or

“(B) establish code sets
for such data elements if no code sets for the data elements have been
developed.

“(2) DISTRIBUTION.–The
Secretary shall establish efficient and low-cost procedures for distribution
(including electronic distribution) of code sets and modifications made to such
code sets under section 1174(b).

(d) SECURITY STANDARDS FOR
HEALTH INFORMATION.–

“(1) SECURITY
STANDARDS.–The Secretary shall adopt security standards
that–

“(A) take into
account–

“(i) the technical
capabilities of record systems used to maintain health
information;

“(ii) the costs of security
measures;

“(iii) the need for
training persons who have access to health information;

“(iv) the value of audit
trails in computerized record systems; and

“(v) the needs and
capabilities of small health care providers and rural health care providers (as
such providers are defined by the Secretary); and

“(B) ensure that a health
care clearinghouse, if it is part of a larger organization, has policies and
security procedures which isolate the activities of the health care
clearinghouse with respect to processing information in a manner that prevents
unauthorized access to such information by such larger
organization.

“(2) SAFEGUARDS.–Each
person described in section 1172(a) who maintains or transmits health
information shall maintain reasonable and appropriate administrative, technical,
and physical safeguards–

“(A) to ensure the
integrity and confidentiality of the information;

“(B) to protect against any
reasonably anticipated–

“(i) threats or hazards to
the security or integrity of the information; and

“(ii) unauthorized uses or
disclosures of the information; and

“(C) otherwise to ensure
compliance with this part by the officers and employees of such
person.

(e) ELECTRONIC
SIGNATURE.–

“(1) STANDARDS.–The
Secretary, in coordination with the Secretary of Commerce, shall adopt standards
specifying procedures for the electronic transmission and authentication of
signatures with respect to the transactions referred to in subsection
(a)(1).

“(2) EFFECT OF
COMPLIANCE.–Compliance with the standards adopted under paragraph (1) shall be
deemed to satisfy Federal and State statutory requirements for written
signatures with respect to the transactions referred to in subsection
(a)(1).

(f) TRANSFER OF INFORMATION
AMONG HEALTH PLANS.–The Secretary shall adopt standards for transferring among
health plans appropriate standard data elements needed for the coordination of
benefits, the sequential processing of claims, and other data elements for
individuals who have more than one health plan.

“TIMETABLES FOR ADOPTION OF
STANDARDS

SEC. 1174. (a)
INITIAL STANDARDS.–The Secretary shall carry out section 1173 not later than 18
months after the date of the enactment of the Health Insurance Portability and
Accountability Act of 1996, except that standards relating to claims attachments
shall be adopted not later than 30 months after such date.

“(b) ADDITIONS AND
MODIFICATIONS TO STANDARDS.–

“(1) IN GENERAL.–Except as
provided in paragraph (2), the Secretary shall review the standards adopted
under section 1173, and shall adopt modifications to the standards (including
additions to the standards), as determined appropriate, but not more frequently
than once every 12 months. Any addition or modification to a standard shall be
completed in a manner which minimizes the disruption and cost of
compliance.

“(2) SPECIAL
RULES.–

“(A) FIRST 12-MONTH
PERIOD.–Except with respect to additions and modifications to code sets under
subparagraph (B), the Secretary may not adopt any modification to a standard
adopted under this part during the 12-month period beginning on the date the
standard is initially adopted, unless the Secretary determines that the
modification is necessary in order to permit compliance with the
standard.

“(B) ADDITIONS AND
MODIFICATIONS TO CODE SETS.–

“(i) IN GENERAL.–The
Secretary shall ensure that procedures exist for the routine maintenance,
testing, enhancement, and expansion of code sets.

“(ii) Additional rules.–If
a code set is modified under this subsection, the modified code set shall
include instructions on how data elements of health information that were
encoded prior to the modification may be converted or translated so as to
preserve the informational value of the data elements that existed before the
modification. Any modification to a code set under this subsection shall be
implemented in a manner that minimizes the disruption and cost of complying with
such modification.

“REQUIREMENTS

SEC. 1175. (a)
CONDUCT OF TRANSACTIONS BY PLANS.–

“(1) IN GENERAL.–If a
person desires to conduct a transaction referred to in section 1173(a)(1) with a
health plan as a standard transaction–

“(A) the health plan may
not refuse to conduct such transaction as a standard
transaction;

“(B) the insurance plan may
not delay such transaction, or otherwise adversely affect, or attempt to
adversely affect, the person or the transaction on the ground that the
transaction is a standard transaction; and

“(C) the information
transmitted and received in connection with the transaction shall be in the form
of standard data elements of health information.

“(2) SATISFACTION OF
REQUIREMENTS.–A health plan may satisfy the requirements under paragraph (1)
by–

“(A) directly transmitting
and receiving standard data elements of health information;
or

“(B) submitting nonstandard
data elements to a health care clearinghouse for processing into standard data
elements and transmission by the health care clearinghouse, and receiving
standard data elements through the health care
clearinghouse.

“(3) TIMETABLE FOR
COMPLIANCE.–Paragraph (1) shall not be construed to require a health plan to
comply with any standard, implementation specification, or modification to a
standard or specification adopted or established by the Secretary under sections
1172 through 1174 at any time prior to the date on which the plan is required to
comply with the standard or specification under subsection
(b).

“(b) COMPLIANCE WITH
STANDARDS.–

“(1) INITIAL
COMPLIANCE.–

“(A) IN GENERAL.–Not later
than 24 months after the date on which an initial standard or implementation
specification is adopted or established under sections 1172 and 1173, each
person to whom the standard or implementation specification applies shall comply
with the standard or specification.

“(B) SPECIAL RULE FOR SMALL
HEALTH PLANS.–In the case of a small health plan, paragraph (1) shall be
applied by substituting ’36 months’ for ’24 months’. For purposes of this
subsection, the Secretary shall determine the plans that qualify as small health
plans.

“(2) COMPLIANCE WITH
MODIFIED STANDARDS.–If the Secretary adopts a modification to a standard or
implementation specification under this part, each person to whom the standard
or implementation specification applies shall comply with the modified standard
or implementation specification at such time as the Secretary determines
appropriate, taking into account the time needed to comply due to the nature and
extent of the modification. The time determined appropriate under the preceding
sentence may not be earlier than the last day of the 180-day period beginning on
the date such modification is adopted. The Secretary may extend the time for
compliance for small health plans, if the Secretary determines that such
extension is appropriate.

“(3) CONSTRUCTION.–Nothing
in this subsection shall be construed to prohibit any person from complying with
a standard or specification by–

“(A) submitting nonstandard
data elements to a health care clearinghouse for processing into standard data
elements and transmission by the health care clearinghouse;
or

“(B) receiving standard
data elements through a health care clearinghouse.

“GENERAL PENALTY FOR FAILURE TO
COMPLY WITH REQUIREMENTS AND STANDARDS

SEC. 1176. (a)
GENERAL PENALTY.–

“(1) IN GENERAL.–Except as
provided in subsection (b), the Secretary shall impose on any person who
violates a provision of this part a penalty of not more than $100 for each such
violation, except that the total amount imposed on the person for all violations
of an identical requirement or prohibition during a calendar year may not exceed
$25,000.

“(2) PROCEDURES.–The
provisions of section 1128A (other than subsections (a) and (b) and the second
sentence of subsection (f)) shall apply to the imposition of a civil money
penalty under this subsection in the same manner as such provisions apply to the
imposition of a penalty under such section 1128A.

“(b)
LIMITATIONS.–

“(1) OFFENSES OTHERWISE
PUNISHABLE.–A penalty may not be imposed under subsection (a) with respect to
an act if the act constitutes an offense punishable under section
1177.

“(2) NONCOMPLIANCE NOT
DISCOVERED.–A penalty may not be imposed under subsection (a) with respect to a
provision of this part if it is established to the satisfaction of the Secretary
that the person liable for the penalty did not know, and by exercising
reasonable diligence would not have known, that such person violated the

provision.

“(3) FAILURES DUE TO
REASONABLE CAUSE.–

“(A) IN GENERAL.–Except as
provided in subparagraph (B), a penalty may not be imposed under subsection (a)
if–

“(i) the failure to comply
was due to reasonable cause and not to willful neglect;
and

“(ii) the failure to comply
is corrected during the 30-day period beginning on the first date the person
liable for the penalty knew, or by exercising reasonable diligence would have
known, that the failure to comply occurred.

“(B) EXTENSION OF
PERIOD.–

“(i) NO PENALTY.–The
period referred to in subparagraph (A)(ii) may be extended as determined
appropriate by the Secretary based on the nature and extent of the failure to
comply.

“(ii) ASSISTANCE.–If the
Secretary determines that a person failed to comply because the person was
unable to comply, the Secretary may provide technical assistance to the person
during the period described in subparagraph (A)(ii). Such assistance shall be
provided in any manner determined appropriate by the
Secretary.

“(4) REDUCTION.–In the
case of a failure to comply which is due to reasonable cause and not to willful
neglect, any penalty under subsection (a) that is not entirely waived under
paragraph (3) may be waived to the extent that the payment of such penalty would
be excessive relative to the compliance failure involved.

“WRONGFUL DISCLOSURE OF INDIVIDUALLY
IDENTIFIABLE HEALTH INFORMATION

SEC. 1177. (a)
OFFENSE.–A person who knowingly and in violation of this
part–

“(1) uses or causes to be
used a unique health identifier;

“(2) obtains individually
identifiable health information relating to an individual;
or

“(3) discloses individually
identifiable health information to another person,

shall be punished as
provided in subsection (b).

“(b) PENALTIES.–A person
described in subsection (a) shall–

“(1) be fined not more than
$50,000, imprisoned not more than 1 year, or both;

“(2) if the offense is
committed under false pretenses, be fined not more than $100,000, imprisoned not
more than 5 years, or both; and

“(3) if the offense is
committed with intent to sell, transfer, or use individually identifiable health
information for commercial advantage, personal gain, or malicious harm, be fined
not more than $250,000, imprisoned not more than 10 years, or
both.

“EFFECT ON STATE LAW

SEC. 1178. (a)
GENERAL EFFECT.–

“(1) GENERAL RULE.–Except
as provided in paragraph (2), a provision or requirement under this part, or a
standard or implementation specification adopted or established under sections
1172 through 1174, shall supersede any contrary provision of State law,
including a provision of State law that requires medical or health plan records
(including billing information) to be maintained or transmitted in written
rather than electronic form.

“(2) EXCEPTIONS.–A
provision or requirement under this part, or a standard or implementation
specification adopted or established under sections 1172 through 1174, shall not
supersede a contrary provision of State law, if the provision of State
law–

“(A) is a provision the
Secretary determines–

“(i) is
necessary–

“(I) to prevent fraud and
abuse;

“(II) to ensure appropriate
State regulation of insurance and health plans;

“(III) for State reporting
on health care delivery or costs; or

“(IV) for other purposes;
or

“(ii) addresses controlled
substances; or

“(B) subject to section
264(c)(2) of the Health Insurance Portability and Accountability Act of 1996,
relates to the privacy of individually identifiable health
information.

“(b) PUBLIC
HEALTH.–Nothing in this part shall be construed to invalidate or limit the
authority, power, or procedures established under any law providing for the
reporting of disease or injury, child abuse, birth, or death, public health
surveillance, or public health investigation or
intervention.

“(c) STATE REGULATORY
REPORTING.–Nothing in this part shall limit the ability of a State to require a
health plan to report, or to provide access to, information for management
audits, financial audits, program monitoring and evaluation, facility licensure
or certification, or individual licensure or
certification.

“PROCESSING PAYMENT TRANSACTIONS BY
FINANCIAL INSTITUTIONS

SEC. 1179. To the
extent that an entity is engaged in activities of a financial institution (as
defined in section 1101 of the Right to Financial Privacy Act of 1978), or is
engaged in authorizing, processing, clearing, settling,
billing,

transferring, reconciling,
or collecting payments, for a financial institution, this part, and any standard
adopted under this part, shall not apply to the entity with respect to such
activities, including the following:

“(1) The use or disclosure
of information by the entity for authorizing, processing, clearing, settling,
billing, transferring, reconciling or collecting, a payment for, or related to,
health plan premiums or health care, where such payment is made by any means,
including a credit, debit, or other payment card, an account, check, or
electronic funds transfer.

“(2) The request for, or
the use or disclosure of, information by the entity with respect to a payment
described in paragraph (1)–

“(A) for transferring
receivables;

“(B) for
auditing;

“(C) in connection
with–

“(i) a customer dispute;
or

“(ii) an inquiry from, or
to, a customer;

“(D) in a communication to
a customer of the entity regarding the customer’s transactions, payment card,
account, check, or electronic funds transfer;

“(E) for reporting to
consumer reporting agencies; or

“(F) for complying
with–

“(i) a civil or criminal
subpoena; or

“(ii) a Federal or State
law regulating the entity.”.

(b) CONFORMING
AMENDMENTS.–

(1) REQUIREMENT FOR
MEDICARE PROVIDERS.–Section 1866(a)(1) (42 U.S.C. 1395cc(a)(1)) is
amended–

(A) by striking “and” at
the end of subparagraph (P);

(B) by striking the period
at the end of subparagraph (Q) and inserting “; and”; and

(C) by inserting
immediately after subparagraph (Q) the following new
subparagraph:

“(R) to contract only with
a health care clearinghouse (as defined in section 1171) that meets each
standard and implementation specification adopted or established under part C of
title XI on or after the date on which the health care clearinghouse is required
to comply with the standard or specification.”.

(2) TITLE HEADING.–Title
XI (42 U.S.C. 1301 et seq.) is amended by striking the title heading and
inserting the following:

“TITLE XI–GENERAL PROVISIONS, PEER
REVIEW, AND ADMINISTRATIVE SIMPLIFICATION”.

SEC. 263.
CHANGES IN MEMBERSHIP AND DUTIES OF NATIONAL COMMITTEE ON VITAL AND HEALTH
STATISTICS.

Section 306(k) of the
Public Health Service Act (42 U.S.C. 242k(k))

is
amended–

(1) in paragraph (1), by
striking “16” and inserting “18”;

(2) by amending paragraph
(2) to read as follows:

“(2) The members of the
Committee shall be appointed from among persons who have distinguished
themselves in the fields of health statistics, electronic interchange of health
care information, privacy and security of electronic information,
population-based public health, purchasing or financing health care services,
integrated computerized health information systems, health services research,
consumer interests in health information, health data standards, epidemiology,
and the provision of health services. Members of the Committee shall be
appointed for terms of 4 years.”;

(3) by redesignating
paragraphs (3) through (5) as paragraphs (4) through (6), respectively, and
inserting after paragraph (2) the following:

“(3) Of the members of the
Committee–

“(A) 1 shall be appointed,
not later than 60 days after the date of the enactment of the Health Insurance
Portability and Accountability Act of 1996, by the Speaker of the House of
Representatives after consultation with the Minority Leader of the House of
Representatives;

“(B) 1 shall be appointed,
not later than 60 days after the date of the enactment of the Health Insurance
Portability and Accountability Act of 1996, by the President pro tempore of the
Senate after consultation with the Minority Leader of the Senate;
and

“(C) 16 shall be appointed
by the Secretary.”;

(4) by amending paragraph
(5) (as so redesignated) to read as follows:

“(5) The
Committee–

“(A) shall assist and
advise the Secretary–

“(i) to delineate
statistical problems bearing on health and health services which are of national
or international interest;

“(ii) to stimulate studies
of such problems by other organizations and agencies whenever possible or to
make investigations of such problems through
subcommittees;

“(iii) to determine,
approve, and revise the terms, definitions, classifications, and guidelines for
assessing health status and health services, their distribution and costs, for
use (I) within the Department of Health and Human Services, (II) by all programs
administered or funded by the Secretary, including the Federal-State-local
cooperative health statistics system referred to in subsection (e), and (III) to
the extent possible as determined by the head of the agency involved, by the
Department of Veterans Affairs, the Department of Defense, and other Federal
agencies concerned with health and health services;

“(iv) with respect to the
design of and approval of health statistical and health information systems
concerned with the collection, processing, and tabulation of health statistics
within the Department of Health and Human Services, with respect to the
Cooperative Health Statistics System established under subsection (e), and with
respect to the standardized means for the collection of health information and
statistics to be established by the Secretary under subsection
(j)(1);

“(v) to review and comment
on findings and proposals developed by other organizations and agencies and to
make recommendations for their adoption or implementation by local, State,
national, or international agencies;

“(vi) to cooperate with
national committees of other countries and with the World Health Organization
and other national agencies in the studies of problems of mutual
interest;

“(vii) to issue an annual
report on the state of the Nation’s health, its health services, their costs and
distributions, and to make proposals for improvement of the Nation’s health
statistics and health information systems; and

“(viii) in complying with
the requirements imposed on the Secretary under part C of title XI of the Social
Security Act;

“(B) shall study the issues
related to the adoption of uniform data standards for patient medical record
information and the electronic exchange of such
information;

“(C) shall report to the
Secretary not later than 4 years after the date of the enactment of the Health
Insurance Portability and Accountability Act of 1996 recommendations and
legislative proposals for such standards and electronic exchange;
and

“(D) shall be responsible
generally for advising the Secretary and the Congress on the status of the
implementation of part C of title XI of the Social Security Act.”;
and

(5) by adding at the end
the following:

“(7) Not later than 1 year
after the date of the enactment of the Health Insurance Portability and
Accountability Act of 1996, and annually thereafter, the Committee shall submit
to the Congress, and make public, a report regarding the implementation of part
C of title XI of the Social Security Act. Such report shall address the
following subjects, to the extent that the Committee determines
appropriate:

“(A) The extent to which
persons required to comply with part C of title XI of the Social Security Act
are cooperating in implementing the standards adopted under such
part.

“(B) The extent to which
such entities are meeting the security standards adopted under such part and the
types of penalties assessed for noncompliance with such
standards.

“(C) Whether the Federal
and State Governments are receiving information of sufficient quality to meet
their responsibilities under such part.

“(D) Any problems that
exist with respect to implementation of such part.

“(E) The extent to which
timetables under such part are being met.”.

SEC. 264.
RECOMMENDATIONS WITH RESPECT TO PRIVACY OF CERTAIN HEALTH
INFORMATION.

(a) IN GENERAL.–Not later
than the date that is 12 months after the date of the enactment of this Act, the
Secretary of Health and Human Services shall submit to the Committee on Labor
and Human Resources and the Committee on Finance of the Senate and the Committee
on Commerce and the Committee on Ways and Means of the House of Representatives
detailed recommendations on standards with respect to the privacy of
individually identifiable health information.

(b) SUBJECTS FOR
RECOMMENDATIONS.–The recommendations under subsection (a) shall address at
least the following:

(1) The rights that an
individual who is a subject of individually identifiable health information
should have.

(2) The procedures that
should be established for the exercise of such rights.

(3) The uses and
disclosures of such information that should be authorized or
required.

(c)
REGULATIONS.–

(1) IN GENERAL.–If
legislation governing standards with respect to the privacy of individually
identifiable health information transmitted in connection with the transactions
described in section 1173(a) of the Social Security Act (as added by section
262) is not enacted by the date that is 36 months after the date of the
enactment of this Act, the Secretary of Health and Human Services shall
promulgate final regulations containing such standards not later than the date
that is 42 months after the date of the enactment of this Act. Such regulations
shall address at least the subjects described in subsection
(b).

(2) PREEMPTION.–A
regulation promulgated under paragraph (1) shall not supercede a contrary
provision of State law, if the provision of State law imposes requirements,
standards, or implementation specifications that are more stringent than the
requirements, standards, or implementation specifications imposed under the
regulation.

(d) CONSULTATION.–In
carrying out this section, the Secretary of Health and Human Services shall
consult with–

(1) the National Committee
on Vital and Health Statistics established under section 306(k) of the Public
Health Service Act (42 U.S.C. 242k(k)); and

(2) the Attorney General.

Responder

Introduce tus datos o haz clic en un icono para iniciar sesión:

Logo de WordPress.com

Estás comentando usando tu cuenta de WordPress.com. Cerrar sesión / Cambiar )

Imagen de Twitter

Estás comentando usando tu cuenta de Twitter. Cerrar sesión / Cambiar )

Foto de Facebook

Estás comentando usando tu cuenta de Facebook. Cerrar sesión / Cambiar )

Google+ photo

Estás comentando usando tu cuenta de Google+. Cerrar sesión / Cambiar )

Conectando a %s