Bill Summary & Status for the 106th Congress

NEW SEARCH | HOME | HELP
H.R.2404
Sponsor: Rep Murtha, John P.(introduced 6/30/1999)
Latest Major Action: 9/24/1999 Referred to House subcommittee
Title: To protect the privacy of individuals by ensuring the confidentiality of information contained in their medical records and health-care-related information, and for other purposes.
Jump to: Titles, Status, Committees, Related Bill Details, Amendments, Cosponsors, Summary
TITLE(S):  (italics indicate a title for a portion of a bill)
STATUS: (color indicates Senate actions)
6/30/1999:
Referred to the Committee on Commerce, and in addition to the Committee on the Judiciary, for a period to be subsequently determined by the Speaker, in each case for consideration of such provisions as fall within the jurisdiction of the committee concerned.
6/30/1999:
Referred to House Commerce
7/13/1999:
Referred to the Subcommittee on Health and Environment.
6/30/1999:
Referred to House Judiciary
9/24/1999:
Referred to the Subcommittee on Crime.
COMMITTEE(S):
RELATED BILL DETAILS:

***NONE***

AMENDMENT(S):

***NONE***

COSPONSOR(S):

***NONE***

SUMMARY AS OF:
6/30/1999--Introduced.

TABLE OF CONTENTS:

Personal Medical Information Protection Act of 1999 - Title I: Individual's Rights - Subtitle A: Review of Protected Health Information by Subjects of the Information - Grants to individuals who are the subject of protected health information, or to the individual's designee, the right to inspect and copy such information. Provides for: (1) procedures and fees; (2) a special rule relating to ongoing clinical trials; (3) amendment of protected health information; (4) rules governing agents; and (5) notice of confidentiality practices.

Subtitle B: Establishment of Safeguards - Mandates safeguards to protect the confidentiality, security, accuracy, and integrity of protected health information created, received, obtained, maintained, used, transmitted, or disposed of by a health care provider, health plan, health oversight agency, public health authority, employer, health or life insurer, health researcher, law enforcement official, school, or university (entity). Recommends encryption technology with regard to computer database medical record protection against unauthorized disclosure of protected health information. Details disclosure recordkeeping requirements.

Title II: Restrictions on Use and Disclosure - Sets forth general rules regarding use and authorized disclosure of protected health information, including rules on such use or disclosure of protected health information within an entity.

(Sec. 202) Details requirements for employers, health plans, and providers in obtaining a signed, written authorization meeting specified requirements concerning the use and disclosure of protected health information for treatment, payment, and health care operations with respect to employer and group health plan enrollees and the uninsured, respectively. Allows, generally, for revocation of authorizations, and mandates recordkeeping of individual authorizations and revocations.

(Sec. 203) Provides for similar written authorizations for disclosure of protected health information other than for treatment, payment, or health care operations. Permits an individual to revoke or amend an authorization.

Sets out requirements for release of protected health information to coroners and medical examiners.

States that a recipient of information pursuant to an authorization may use or disclose such information solely to carry out the purpose for which the information was authorized for release.

Directs the Secretary of Health and Human Services (HHS) to develop and disseminate model written authorizations.

(Sec. 204) Outlines requirements governing information disclosure to next of kin, as well as disclosure of certain directory information.

(Sec. 205) Authorizes any person who creates or receives protected health information under this title to disclose such information in emergency circumstances when necessary to protect the health or safety of the individual who is the subject of such information from serious, imminent harm.

(Sec. 206) Allows, generally, any person to disclose protected health information to an accrediting body or public health authority, a health oversight agency, or a State insurance department, for purposes of an oversight function authorized by law.

(Sec. 207) Outlines the rules governing authorized entity disclosures with regard to public health, health research, civil, judicial, and administrative procedures, and law enforcement purposes.

(Sec. 208) Directs the Secretary to: (1) review the requirements of the common rule (the Federal agency policy for the protection of human subjects from research risks) pertaining to the privacy of protected health information, and promulgate any necessary amendments; (2) submit to Congress recommendations on standards with respect to the privacy of individually identifiable health information in certain research; and (3) promulgate final regulations containing such standards if appropriate legislation governing them is not enacted.

(Sec. 211) Provides that if an individual pays for health care by presenting a debit, credit, or other payment card or account number, or by any other electronic payment means, the entity receiving payment may disclose to transaction personnel only such protected health information about the individual as is necessary for payment processing, billing, or collecting amounts paid by electronic means.

(Sec. 212) Directs the Secretary to promulgate standards for disclosing, authorizing, and authenticating protected health information in electronic form consistent with this title.

(Sec. 213) Specifies guidelines for agents of protected individuals (including health care powers of attorney) and for executors of the estates of deceased individuals.

Applies this Act to protected health information concerning a deceased individual for two years following death.

(Sec. 214) Provides limited liability for Federal and State law enforcement officers for violations of this Act.

(Sec. 215) Shields from common law liability to the protected individual an entity that makes permissible disclosures under this Act.

Title III: Sanctions - Subtitle A: Criminal Provisions - Amends the Federal criminal code to establish criminal penalties for the knowing and intentional wrongful disclosure of protected health information in violation of title II of this Act.

Subtitle B: Civil Sanctions - Establishes civil money penalties for health care providers, health researchers, health plans, health oversight agencies, public health agencies, law enforcement agencies, employers, health or life insurers, schools, or universities, or the agent of any such individual or entity, who the Secretary determines has substantially and materially failed to comply with this Act. Outlines procedures for imposition of such penalties, and provides for judicial review. Allows the Secretary to bring an action to seek injunctive relief to prevent any activities which subject a person to a civil monetary penalty.

(Sec. 313) Allows individuals whose rights under this Act have been knowingly or negligently violated to bring a civil action for damages and appropriate relief.

(Sec. 314) Directs the Secretary to develop alternative dispute resolution procedures, including mediation and arbitration, to resolve civil claims, possibly even before the individual brings a civil action.

Title IV: Miscellaneous - Sets forth: (1) the relationship of this Act to other Federal and State laws, including the Privacy Act of 1974, and regulations relating to protected health information or to an individual's access to it; and (2) mandatory outreach efforts, including downloadable availability on the HHS website, to explain this Act and resulting final regulations.