HIPAA Regulatory Alert

House health IT bill seeks to protect health information

A House subcommittee approved and sent on to the full Energy and Commerce Committee H.R. 6357, the "Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008," known as the PRO(TECH)T Act, which is intended to strengthen the quality of health care, reduce medical errors and costs by encouraging adoption of health information technology, and further protect the privacy and security of health information in the electronic age.

"Your grocery store automatically knows what brand of chips you bought last year, but your cardiologist doesn't automatically know what prescriptions your family doctor prescribed for you yesterday," said committee Chairman John Dingell (D-MI). "The PRO(TECH)T Act provides for adoption of standards to allow providers across the country to exchange health information about their patients. It also strengthens current federal privacy protections and expands them to new entities that store your electronic health information."

The legislation promotes nationwide adoption of a health information technology infrastructure and establishes incentives for doctors, hospitals, insurers, and the government to exchange health information electronically across the country. It also makes permanent the Department of Health and Human Services' Office of the National Coordinator for Health Information Technology and encourages use of an electronic health record for each person in the United States by 2014. And it would strengthen protection of security and privacy of individuals' health information through provisions such as requiring notification when personal health information is breached.

Different from Senate bill

The measure has several parallels to the Wired for Healthcare Quality bill that is pending in the Senate. Like the Wired bill, the House bill would codify in law the Office of the National Coordinator; establish committees to advise on development of health information technology policy and standards; authorize a voluntary product certification program similar to the one in operation at the Certification Commission for Health IT; provide loans and grants to support health IT adoption by doctors and clinics; and update HIPAA's privacy and security provisions.

But there also are some differences, analysts say. Thus, the Senate bill would establish a policy committee in the private sector, while the House measure calls for a federal advisory committee. And the House bill would extend HIPAA privacy and security rules to health information exchanges by defining them as business associates of health care providers, while the Senate measure would use a different means to the same end.

The House bill would empower the federal government to enforce privacy and security requirements that apply to HIPAA business associates and strengthen other HIPAA privacy and security provisions, while the original Senate draft would not address those issues.