The committee leaders, who sponsored the PRO(TECH)T (Protecting Records, Optimizing Treatment and Easing Communication Through Healthcare Technology Act of 2008), made concessions to privacy advocates and to those who use health IT, as they modified the bill (H.R. 6357) approved in June.
The PRO(TECH)T Act aims to promote national use of EHRs by 2014, which President George W. Bush called for in 2004, by establishing in law the technology standards activities that the Bush administration developed. The bill also would provide $560 million in grants and loans for healthcare providers, in particular in small and rural practices and those serving the underserved, to acquire EHR systems, according to Government Health IT.
Before the bill was approved, the committee adopted, a substitute amendment proposed by Chairman John D. Dingell, D-Mich., that embodied a bipartisan compromise between committee leaders, according to CQ Politics. Committee ranking Republican Joe L. Barton of Texas called the bill “a good faith effort by all parties.”
“This bill has reached a delicate balance between promoting and encouraging the electronic flow of health information and protecting that information from those who should not have it,” Dingell said in a statement.
Among the changes since the previous Subcommittee approval in June, the bill strengthens enforcement of protections under the HIPAA of 1996, Government Health IT reported. It would require the Health and Human Services Department (HHS) to investigate complaints and to impose fines on violators, when violations rise to the level of willful neglect.
If approved, the PRO(TECH)T Act would require HHS to disclose more fully how it resolves complaints of HIPAA privacy and security violations. The HIPAA privacy and security rules would be extended to health information exchanges, health records trusts and other organizations that handle personal health information.
Government Health IT reported the new version preserves “controversial” provisions calling for patients to consent to use of their private health information for purposes other than their treatment and payment of their bills. However, it calls for HHS to issue regulations and model consent language, and it delays the consent provision for 24 months. Also, patients could sign a one-time consent form, rather than consenting to each disclosure.
The provisions calling for patients to be notified in case of loss or disclosure of their health IT was modified to waive breach notification if the information was encrypted or otherwise rendered inaccessible.
Finally, the the PRO(TECH)T Act also would make it illegal to sell EHRs or the information within them.