With respect to the relation of this subchapter to HIPAA privacy and security law:
With respect to the relation of this subchapter to HIPAA privacy and security law:
(A) This subchapter may not be construed as having any effect on the authorities of the Secretary under HIPAA privacy and security law.
(B) The purposes of this subchapter include ensuring that the health information technology standards and implementation specifications adopted under section 300jj–14 of this title take into account the requirements of HIPAA privacy and security law.
For purposes of this section, the term “HIPAA privacy and security law” means—
(A) the provisions of part C of title XI of the Social Security Act [42 U.S.C. 1320d et seq.], section 264 of the Health Insurance Portability and Accountability Act of 1996, and subtitle D of title IV [1] of the Health Information Technology for Economic and Clinical Health Act; and
(B) regulations under such provisions.
In administering the provisions of this subchapter, the Secretary shall have flexibility in applying the definition of health care provider under section 300jj(3) of this title, including the authority to omit certain entities listed in such definition when applying such definition under this subchapter, where appropriate.
The Secretary, in coordination with the Office for Civil Rights of the Department of Health and Human Services, shall—
(1) In general The Secretary shall use existing authorities to encourage partnerships between health information exchange organizations and networks and health care providers, health plans, and other appropriate entities with the goal of offering patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure, and may be updated automatically.
The Secretary, in coordination with the Office for Civil Rights of the Department of Health and Human Services, shall—
(A) educate health care providers on ways of leveraging the capabilities of health information exchanges (or other relevant platforms) to provide patients with access to their electronic health information;
(B) clarify misunderstandings by health care providers about using health information exchanges (or other relevant platforms) for patient access to electronic health information; and
(C) to the extent practicable, educate providers about health information exchanges (or other relevant platforms) that employ some or all of the capabilities described in paragraph (1).
In carrying out paragraph (1), the Secretary, in coordination with the Office for Civil Rights, shall issue guidance to health information exchanges related to best practices to ensure that the electronic health information provided to patients is—
(A) private and secure;
(B) accurate;
(C) verifiable; and
(D) where a patient’s authorization to exchange information is required by law, easily exchanged pursuant to such authorization.
(4) Rule of construction Nothing in this subsection shall be construed to preempt State laws applicable to patient consent for the access of information through a health information exchange (or other relevant platform) that provide protections to patients that are greater than the protections otherwise provided for under applicable Federal law.
The National Coordinator and the Office for Civil Rights of the Department of Health and Human Services shall jointly promote patient access to health information in a manner that would ensure that such information is available in a form convenient for the patient, in a reasonable manner, without burdening the health care provider involved.
In carrying out certification programs under section 300jj–11(c)(5) of this title, the National Coordinator may require that—
The Secretary, in consultation with the National Coordinator, shall promote policies that ensure that a patient’s electronic health information is accessible to that patient and the patient’s designees, in a manner that facilitates communication with the patient’s health care providers and other individuals, including researchers, consistent with such patient’s consent.
(A) In general The Secretary, in consultation with the National Coordinator, shall promote policies that ensure that a patient’s electronic health information is accessible to that patient and the patient’s designees, in a manner that facilitates communication with the patient’s health care providers and other individuals, including researchers, consistent with such patient’s consent.
(B) Updating education on accessing and exchanging personal health information To promote awareness that an individual has a right of access to inspect, obtain a copy of, and transmit to a third party a copy of such individual’s protected health information pursuant to the Health Information Portability and Accountability Act, Privacy Rule (subpart E of part 164 of title 45, Code of Federal Regulations), the Director of the Office for Civil Rights, in consultation with the National Coordinator, shall assist individuals and health care providers in understanding a patient’s rights to access and protect personal health information under the Health Insurance Portability and Accountability Act of 1996 (Public Law 104–191), including providing best practices for requesting personal health information in a computable format, including using patient portals or third-party applications and common cases when a provider is permitted to exchange and provide access to health information.”.[2]
In carrying out certification programs under section 300jj–11(c)(5) of this title, the National Coordinator may require that—
(A) the certification criteria support— (i) patient access to their electronic health information, including in a single longitudinal format that is easy to understand, secure, and may be updated automatically; (ii) the patient’s ability to electronically communicate patient-reported information (such as family history and medical history); and (iii) patient access to their personal electronic health information for research at the option of the patient; and
(B) the HIT Advisory Committee develop and prioritize standards, implementation specifications, and certification criteria required to help support patient access to electronic health information, patient usability, and support for technologies that offer patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure, and may be updated automatically.
(July 1, 1944, ch. 373, title XXX, § 3009, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 242; amended Pub. L. 114–255, div. A, title IV, § 4006(a), Dec. 13, 2016, 130 Stat. 1181.)
