House committee approves major health IT bill

The House Energy and Commerce Committee unanimously approved a major health IT bill today and sent it to the full House for action.The committee leaders who sponsored the Protecting Records, Optimizing Treatment and Easing Communication Through Healthcare Technology Act of 2008 (H.R. 6357) made significant concessions to privacy advocates and to those who use health information as they modified the bill approved in June.The PRO(TECH)T Act aims to promote e-health records for all Americans by 2014, as President Bush called for in 2004. It establishes in law the technology standards activities that the Bush administration developed and would provide $560 million in grants and loans for health care providers, particular in small and rural practices and those serving the underserved, to acquire EHR systems.“This bill has reached a delicate balance between promoting and encouraging the electronic flow of health information and protecting that information from those who should not have it,” committee Chairman Rep. John Dingell (D-Mich.) said in his opening statement.He and other committee members stressed the bipartisan nature of the bill and the amount of effort that went into it over a period of years.House leaders reportedly are eager to bring the bill to the floor soon.Among the changes since the Health Subcommittee approved the bill in June, the bill strengthens enforcement of protections under the Health Insurance Portability and Accountability Act of 1996. It would require the Health and Human Services Department to investigate complaints and would require HHS to impose fines on violators when violations rise to the level of willful neglect.It also would require HHS to disclose more fully how it resolves complaints of HIPAA privacy and security violations.The HIPAA privacy and security rules would be extended to health information exchanges, health records trusts and other organizations that handle personal health information.The new version preserves controversial provisions calling for patients to consent to use of their private health information for purposes other than their treatment and payment of their bills. But it calls for HHS to issue regulations and model consent language, and it delays the consent provision for 24 months.Also, patients could sign a one-time consent form, rather than consenting to each disclosure.The provisions calling for patients to be notified in case of loss or disclosure of their health information was modified to waive breach notification if the information was encrypted or otherwise rendered inaccessible.The bill also would make it illegal to sell e-medical records or the information within them.Several minor amendments were made during today’s markup session, but both Republican and Democratic committee leaders indicated they were not interested in major modifications to a hard-won compromise bill.