Bill summaries are authored by CRS.

Shown Here:
Reported to House amended, Part I (09/11/2008)

Protecting Records, Optimizing Treatment, and Easing Communication through Healthcare Technology Act of 2008 or the Pro(TECH)T Act of 2008 - Title I: Health Information Technology - Subtitle A: Promotion of Health Information Technology - Part I: Improving Health Care Quality, Safety, and Efficiency - (Sec. 101) Amends the Public Health Service Act to establish within the Department of Health and Human Services (HHS) an Office of the National Coordinator for Health Information Technology to: (1) review and determine whether to endorse each standard, implementation specification, and certification criterion for the electronic exchange and use of health information that is recommended by the HIT Standards Committee; (2) coordinate health information technology policy and programs of HHS with other relevant executive branch agencies; and (3) maintain and update a strategic plan.

Requires the National Coordinator to: (1) assess and publish the impact of health information technology in communities with health disparities and in areas that serve uninsured, underinsured, and medically underserved individuals and identify practices to increase the adoption of such technology by health care providers in such communities; (2) evaluate and publish evidence on the benefits and costs of the electronic use and exchange of health information and assess to whom these benefits and costs accrue; and (3) estimate and publish resources required annually to reach the goal of utilization of an electronic health record for each person in the United States by 2014.

Requires the National Coordinator to develop a program for the voluntary certification of health information technology.

Establishes an HIT Policy Committee to make policy recommendations to the National Coordinator relating to the implementation of a nationwide health information technology infrastructure. Requires the HIT Policy Committee to: (1) recommend the areas in which standards, implementation specifications, and certification criteria are needed for the electronic exchange and use of health information; and (2) recommend an order or priority for the development, harmonization, and recognition of such standards, specifications, and criteria among the areas so recommended.

Establishes the HIT Standards Committee to: (1) recommend to the National Coordinator for adoption standards, implementation specifications, and certification criteria for the electronic exchange and use of health information; (2) provide for testing of such standards and specifications by the National Institute for Standards and Technology (NIST); and (3) integrate the recommendations of the HIT Policy Committee.

Requires the Secretary to review and determine whether to adopt standards, implementation specifications, or certification criteria.

Provides that any standard or implementation specification adopted under this Act shall be voluntary with respect to private entities.

Requires the National Coordinator to develop a Health Information Technology Resource Center to provide technical assistance and develop best practices to support health information technology.

Requires the National Coordinator to establish a toll-free telephone number or Internet website to provide health care providers with information on: (1) federal grants and technical assistance services related to the electronic exchange and use of health information; (2) standards, implementation specifications, and certification criteria; and (3) regional and local health information networks for assistance with health information technology.

(Sec. 102) Transfers functions, personnel, asset, liabilities, and applicable administrative actions of the National Coordinator for Health Information Technology appointed under a specified executive order to the National Coordinator appointed under this Act.

Transfers all functions, personnel, assets, and liabilities applicable to the American Health Information Community to the HIT Policy Committee or the HIT Standards Committee.

Part II: Application and Use of Adopted Health Information Technology Standards; Reports - (Sec. 111) Requires each federal agency, as it implements, acquires, or upgrades health information technology systems, to utilize systems and products that meet adopted standards and implementation specifications.

Directs the President to take measures to ensure that federal activities involving the broad collection and submission of health information are consistent with standards or implementation specifications within three years of adoption.

(Sec. 112) Directs each agency to require in contracts or agreements that health care providers, health plans, or health insurance issuers, as they implement, acquire, or upgrade health information technology systems, utilize systems and products that meet standards and implementation specifications.

(Sec. 113) Requires the Secretary to report to the appropriate congressional committees on: (1) actions taken by the federal government and private entities to facilitate the adoption of a nationwide system for the electronic use and exchange of health information; (2) barriers to the adoption of such a nationwide system; and (3) recommendations to achieve full implementation of a such a nationwide system.

Provides for studies and reports to Congress on: (1) methods to create efficient reimbursement incentives for improving health care quality in federally qualified health centers, rural health clinics, and free clinics; and (2) the potential use of new aging services technology to assist seniors, individuals with disabilities, and their caregivers throughout the aging process.

Subtitle B: Incentives for the Use of Health Information Technology - (Sec. 121) Authorizes the National Coordinator to award competitive, matching grants to eligible entities to purchase qualified health information technology. Directs the National Coordinator to give preference to eligible: (1) small health care providers; (2) entities that are located in rural and other areas that serve uninsured, underinsured, and medically underserved individuals; and (3) nonprofit health care providers.

Authorizes the National Coordinator to award competitive, matching grants to states or Indian tribes for the establishment of programs for loans to health care providers to purchase qualified health information technology.

Authorizes the National Coordinator to award competitive, matching grants to eligible entities to implement regional or local health information plans to improve health care quality and efficiency through the electronic exchange and use of health information. Requires the Secretary to give preference to eligible entities that intend to use amounts received under a grant to establish or implement a regional or local health information plan that encompasses communities with health disparities or areas that serve uninsured, underinsured, and medically underserved individuals.

Requires the National Coordinator to annually evaluate activities under this section and implement the lessons learned.

Authorizes appropriations for FY2009-FY2013.

Authorizes the Secretary to award matching grants to carry out demonstration projects to develop academic curricula integrating qualified health information technology in the clinical education of health professionals.

Title II: Testing of Health Information Technology - (Sec. 201) Requires the Director of NIST to: (1) test standards and implementation specifications developed under this Act to ensure their efficient use; and (2) support the establishment of a conformance testing infrastructure that may include a program to accredit independent, nonfederal laboratories to perform testing.

(Sec. 202) Requires the Director of NIST to establish a program of assistance to institutions of higher education to establish multidisciplinary Centers for Health Care Information Enterprise Integration.

Directs the National High-Performance Computing Program to coordinate federal research and development programs related to the development and deployment of health information technology, including activities related to: (1) computer infrastructure; (2) data security; and (3) development of large-scale, distributed, reliable computing systems.

Title III: Privacy and Security Provisions - Subtitle A: Security Provisions - (Sec. 301) Applies regulations establishing safeguards for the protection of electronic protected health information to business associates of a covered entity.

Applies penalties for failure to comply with requirements regarding protection of health information.

Requires the Secretary to annually issue guidance on the latest safeguard technologies for use in protecting health information.

(Sec. 302) Requires an entity that handles unsecured protected health information to notify each individual whose information has been, or is reasonably believed to have been, accessed, acquired, or disclosed of any breach of such information. Applies such requirements to business associates of such entities. Sets forth requirements for notifications, including requirements concerning timeliness, method, and content.

(Sec. 303) Requires the Secretary to designate an individual in each HHS regional office to offer guidance and education to covered entities, business associates, and individuals on their rights and responsibilities related to federal privacy and security requirements for protected health information.

Requires the Secretary to annually prepare a report concerning complaints of alleged violations of health information provisions that are received by the Secretary.

Directs the Office for Civil Rights within HHS to develop and maintain a national education initiative to enhance public transparency regarding the use of protected health information. Authorizes appropriations for FY2009-FY2013.

Subtitle B: Improved Privacy Provisions and Additional Security Provisions - (Sec. 311) Treats business associates in the same manner as covered entities for purposes of the protection of health information.

(Sec. 312) Requires a covered entity to comply with an individual's request to restrict the use and disclosure of protected health information if: (1) the disclosure is to a health plan for purposes of carrying out payment or health care operations; and (2) the protected health information pertains solely to a health care item or service for which the health care provider involved has been paid out of pocket in full.

Requires covered entities to limit the use, disclosure, or request of protected health information to the limited data set or to the minimum necessary to accomplish the intended purpose.

Gives individuals a right to an accounting of the disclosures of their electronic medical record, including disclosures to carry out treatment, payment, and health care operations.

Prohibits health care providers from disclosing protected health information in an individual's electronic medical record for purposes of health care operations without the consent of the individual.

Requires the Secretary to develop and make publicly available model informed consent forms.

Prohibits the sale of an electronic medical record of an individual or any protected health information obtained from such record unless: (1) the sale is necessary for treatment of the individual or payment for such treatment; or (2) a valid authorization from the individual is obtained.

Gives individuals the right to obtain their electronic medical records in an electronic format.

(Sec. 313) Prohibits a covered entity or business associate from receiving direct or indirect payment in exchange for certain types of communication without a valid authorization.

(Sec. 314) Directs the Secretary to submit to Congress recommendations to: (1) identify requirements relating to security, privacy, and notification in the case of a breach of security or privacy that should be applied to various entities, including vendors of personal health records; and (2) determine which federal government agency is best equipped to enforce such requirements.

(Sec. 315) Sets forth requirements for notification of individuals and the Federal Trade Commission (FTC) following the discovery of a breach of security of identifiable health information in a personal health record. Deems a violation of such requirements an unfair and deceptive act or practice in violation of the Federal Trade Commission Act.

(Sec. 316) Requires written contracts for organizations that provide data transmission of protected health information and that require access on a routine basis to such protected health information.

(Sec. 317) Requires the Secretary to issue guidance on how best to implement the requirements for the de-identification of protected health information.

(Sec. 318) Directs the Comptroller General to report to Congress on the best practices related to the disclosure among health care providers of protected health information of an individual for purposes of treatment.

(Sec. 319) Amends title XI (General Provisions, Peer Review, and Administrative Simplification) of the Social Security Act to require the Secretary to revise Health Insurance Portability and Accountability Act of 1996 (HIPAA) privacy regulations to consider a person to have obtained or disclosed individually identifiable health information in violation of HIPAA if the information is maintained by a covered entity and the individual obtained or disclosed such information without authorization.

(Sec. 320) Requires the Secretary to: (1) impose a penalty for violations of HIPAA privacy provisions due to willful neglect; and (2) formally investigate any complaint of a violation if a preliminary investigation indicates a possible violation due to willful neglect.

Subtitle C: Relationship to Other Laws; Regulatory References; Effective Date - (Sec. 321) Applies HIPAA preemption of state law provisions to this Act.

Provides that the standards governing the privacy and security of individually identifiable health information promulgated by the Secretary under HIPAA remain in effect to the extent they are consistent with this Act.