Collapse to view only § 300jj-19. Miscellaneous provisions

§ 300jj–11. Office of the National Coordinator for Health Information Technology
(a) Establishment
(b) PurposeThe National Coordinator shall perform the duties under subsection (c) in a manner consistent with the development of a nationwide health information technology infrastructure that allows for the electronic use and exchange of information and that—
(1) ensures that each patient’s health information is secure and protected, in accordance with applicable law;
(2) improves health care quality, reduces medical errors, reduces health disparities, and advances the delivery of patient-centered medical care;
(3) reduces health care costs resulting from inefficiency, medical errors, inappropriate care, duplicative care, and incomplete information;
(4) provides appropriate information to help guide medical decisions at the time and place of care;
(5) ensures the inclusion of meaningful public input in such development of such infrastructure;
(6) improves the coordination of care and information among hospitals, laboratories, physician offices, and other entities through an effective infrastructure for the secure and authorized exchange of health care information;
(7) improves public health activities and facilitates the early identification and rapid response to public health threats and emergencies, including bioterror events and infectious disease outbreaks;
(8) facilitates health and clinical research and health care quality;
(9) promotes early detection, prevention, and management of chronic diseases;
(10) promotes a more effective marketplace, greater competition, greater systems analysis, increased consumer choice, and improved outcomes in health care services; and
(11) improves efforts to reduce health disparities.
(c) Duties of the National Coordinator
(1) StandardsThe National Coordinator shall—
(A) review and determine whether to endorse each standard, implementation specification, and certification criterion for the electronic exchange and use of health information that is recommended by the HIT Advisory Committee under section 300jj–12 of this title for purposes of adoption under section 300jj–14 of this title;
(B) make such determinations under subparagraph (A), and report to the Secretary such determinations, not later than 45 days after the date the recommendation is received by the Coordinator; and
(C) review Federal health information technology investments to ensure that Federal health information technology programs are meeting the objectives of the strategic plan published under paragraph (3).
(2) HIT policy coordination
(A) In general
(B) HIT Advisory Committee
(3) Strategic plan
(A) In generalThe National Coordinator shall, in consultation with other appropriate Federal agencies (including the National Institute of Standards and Technology), update the Federal Health IT Strategic Plan (developed as of June 3, 2008) to include specific objectives, milestones, and metrics with respect to the following:
(i) The electronic exchange and use of health information and the enterprise integration of such information.
(ii) The utilization of an electronic health record for each person in the United States by 2014.
(iii) The incorporation of privacy and security protections for the electronic exchange of an individual’s individually identifiable health information.
(iv) Ensuring security methods to ensure appropriate authorization and electronic authentication of health information and specifying technologies or methodologies for rendering health information unusable, unreadable, or indecipherable.
(v) Specifying a framework for coordination and flow of recommendations and policies under this part among the Secretary, the National Coordinator, the HIT Advisory Committee, and other health information exchanges and other relevant entities.
(vi) Methods to foster the public understanding of health information technology.
(vii) Strategies to enhance the use of health information technology in improving the quality of health care, reducing medical errors, reducing health disparities, improving public health, increasing prevention and coordination with community resources, and improving the continuity of care among health care settings.
(viii) Specific plans for ensuring that populations with unique needs, such as children, are appropriately addressed in the technology design, as appropriate, which may include technology that automates enrollment and retention for eligible individuals.
(B) Collaboration
(C) Measurable outcome goals
(D) Publication
(4) Website
(5) Certification
(A) In general
(B) Certification criteria described
(C) Health information technology for medical specialties and sites of service
(i) In general
(ii) Specific medical specialties
(iii) Health information technology for pediatrics
(D) Conditions of certificationNot later than 1 year after December 13, 2016, the Secretary, through notice and comment rulemaking, shall require, as a condition of certification and maintenance of certification for programs maintained or recognized under this paragraph, consistent with other conditions and requirements under this subchapter, that the health information technology developer or entity—
(i) does not take any action that constitutes information blocking as defined in section 300jj–52(a) of this title;
(ii) provides assurances satisfactory to the Secretary that such developer or entity, unless for legitimate purposes specified by the Secretary, will not take any action described in clause (i) or any other action that may inhibit the appropriate exchange, access, and use of electronic health information;
(iii) does not prohibit or restrict communication regarding—(I) the usability of the health information technology;(II) the interoperability of the health information technology;(III) the security of the health information technology;(IV) relevant information regarding users’ experiences when using the health information technology;(V) the business practices of developers of health information technology related to exchanging electronic health information; and(VI) the manner in which a user of the health information technology has used such technology;
(iv) has published application programming interfaces and allows health information from such technology to be accessed, exchanged, and used without special effort through the use of application programming interfaces or successor technology or standards, as provided for under applicable law, including providing access to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws;
(v) has successfully tested the real world use of the technology for interoperability (as defined in section 300jj of this title) in the type of setting in which such technology would be marketed;
(vi) provides to the Secretary an attestation that the developer or entity—(I) has not engaged in any of the conduct described in clause (i);(II) has provided assurances satisfactory to the Secretary in accordance with clause (ii);(III) does not prohibit or restrict communication as described in clause (iii);(IV) has published information in accordance with clause (iv);(V) ensures that its technology allows for health information to be exchanged, accessed, and used, in the manner described in clause (iv); and(VI) has undertaken real world testing as described in clause (v); and
(vii) submits reporting criteria in accordance with section 300jj–19a(b) of this title.
(E) Compliance with conditions of certification
(6) Reports and publications
(A) Report on additional funding or authority needed
(B) Implementation report
(C) Assessment of impact of HIT on communities with health disparities and uninsured, underinsured, and medically underserved areas
(D) Evaluation of benefits and costs of the electronic use and exchange of health information
(E) Resource requirementsThe National Coordinator shall estimate and publish resources required annually to reach the goal of utilization of an electronic health record for each person in the United States by 2014, including—
(i) the required level of Federal funding;
(ii) expectations for regional, State, and private investment;
(iii) the expected contributions by volunteers to activities for the utilization of such records; and
(iv) the resources needed to establish a health information technology workforce sufficient to support this effort (including education programs in medical informatics and health information management).
(7) Assistance
(8) Governance for nationwide health information network
(9) Support for interoperable networks exchange
(A) In general
(B) Establishing a trusted exchange framework
(i) In generalNot later than 6 months after December 13, 2016, the National Coordinator shall convene appropriate public and private stakeholders to develop or support a trusted exchange framework for trust policies and practices and for a common agreement for exchange between health information networks. The common agreement may include—(I) a common method for authenticating trusted health information network participants;(II) a common set of rules for trusted exchange;(III) organizational and operational policies to enable the exchange of health information among networks, including minimum conditions for such exchange to occur; and(IV) a process for filing and adjudicating noncompliance with the terms of the common agreement.
(ii) Technical assistance
(iii) Pilot testing
(C) Publication of a trusted exchange framework and common agreement
(D) Directory of participating health information networks
(i) In general
(ii) Process
(E) Application of the trusted exchange framework and common agreement
(F) Rule of construction
(i) General adoption
(ii) Adoption when exchange of information is within network
(iii) Existing frameworks and agreements
(iv) Application by Federal agencies
(v) Consideration of ongoing work
(d) Detail of Federal employees
(1) In general
(2) Effect of detailAny detail of personnel under paragraph (1) shall—
(A) not interrupt or otherwise affect the civil service status or privileges of the Federal employee; and
(B) be in addition to any other staff of the Department employed by the National Coordinator.
(3) Acceptance of detailees
(e) Chief Privacy Officer of the Office of the National Coordinator
(July 1, 1944, ch. 373, title XXX, § 3001, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 230; amended Pub. L. 114–255, div. A, title IV, §§ 4001(b), 4002(a), 4003(b), (e)(2)(A)(i), (ii), (C), Dec. 13, 2016, 130 Stat. 1158, 1159, 1165, 1174.)
§ 300jj–12. Health Information Technology Advisory Committee
(a) Establishment
(b) Duties
(1) Recommendations on policy framework to advance an interoperable health information technology infrastructure
(A) In general
(B) Updates
(2) General duties and target areas
(A) In general
(B) Priority target areasFor purposes of this section, the HIT Advisory Committee shall make recommendations under subparagraph (A) with respect to at least each of the following target areas:
(i) Achieving a health information technology infrastructure, nationally and locally, that allows for the electronic access, exchange, and use of health information, including through technology that provides accurate patient information for the correct patient, including exchanging such information, and avoids the duplication of patient records.
(ii) The promotion and protection of privacy and security of health information in health information technology, including technologies that allow for an accounting of disclosures and protections against disclosures of individually identifiable health information made by a covered entity for purposes of treatment, payment, and health care operations (as such terms are defined for purposes of the regulation promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996), including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care.
(iii) The facilitation of secure access by an individual to such individual’s protected health information and access to such information by a family member, caregiver, or guardian acting on behalf of a patient, including due to age-related and other disability, cognitive impairment, or dementia.
(iv) Subject to subparagraph (D), any other target area that the HIT Advisory Committee identifies as an appropriate target area to be considered under this subparagraph.
(C) Additional target areasFor purposes of this section, the HIT Advisory Committee may make recommendations under subparagraph (A), in addition to areas described in subparagraph (B), with respect to any of the following areas:
(i) The use of health information technology to improve the quality of health care, such as by promoting the coordination of health care and improving continuity of health care among health care providers, reducing medical errors, improving population health, reducing chronic disease, and advancing research and education.
(ii) The use of technologies that address the needs of children and other vulnerable populations.
(iii) The use of electronic systems to ensure the comprehensive collection of patient demographic data, including at a minimum, race, ethnicity, primary language, and gender information.
(iv) The use of self-service, telemedicine, home health care, and remote monitoring technologies.
(v) The use of technologies that meet the needs of diverse populations.
(vi) The use of technologies that support—(I) data for use in quality and public reporting programs;(II) public health; or(III) drug safety.
(vii) The use of technologies that allow individually identifiable health information to be rendered unusable, unreadable, or indecipherable to unauthorized individuals when such information is transmitted in a health information network or transported outside of the secure facilities or systems where the disclosing covered entity is responsible for security conditions.
(viii) The use of a certified health information technology for each individual in the United States.
(D) Authority for temporary additional priority target areasFor purposes of subparagraph (B)(iv), the HIT Advisory Committee may identify an area to be considered for purposes of recommendations under this subsection as a target area described in subparagraph (B) if—
(i) the area is so identified for purposes of responding to new circumstances that have arisen in the health information technology community that affect the interoperability, privacy, or security of health information, or affect patient safety; and
(ii) at least 30 days prior to treating such area as if it were a target area described in subparagraph (B), the National Coordinator provides adequate notice to Congress of the intent to treat such area as so described.
(E) Focus of committee work
(3) Rules relating to recommendations for standards, implementation specifications, and certification criteria
(A) In general
(B) Harmonization
(C) Pilot testing of standards and implementation specifications
(D) Consistency
(E) Special rule related to interoperability
(4) Forum
(5) Schedule
(6) Public input
(c) Measured progress in advancing priority areas
(1) In general
(2) Annual progress reports on advancing interoperability
(A) In generalThe HIT Advisory Committee, in consultation with the National Coordinator, shall annually submit to the Secretary and Congress a report on the progress made during the preceding fiscal year in—
(i) achieving a health information technology infrastructure, nationally and locally, that allows for the electronic access, exchange, and use of health information; and
(ii) meeting the objectives and benchmarks described in paragraph (1).
(B) ContentEach such report shall include, for a fiscal year—
(i) a description of the work conducted by the HIT Advisory Committee during the preceding fiscal year with respect to the areas described in subsection (b)(2)(B);
(ii) an assessment of the status of the infrastructure described in subparagraph (A), including the extent to which electronic health information is appropriately and readily available to enhance the access, exchange, and the use of electronic health information between users and across technology offered by different developers;
(iii) the extent to which advancements have been achieved with respect to areas described in subsection (b)(2)(B);
(iv) an analysis identifying existing gaps in policies and resources for—(I) achieving the objectives and benchmarks established under paragraph (1); and(II) furthering interoperability throughout the health information technology infrastructure;
(v) recommendations for addressing the gaps identified in clause (iii); and
(vi) a description of additional initiatives as the HIT Advisory Committee and National Coordinator determine appropriate.
(3) Significant advancement determination
(d) Membership and operations
(1) In general
(2) MembershipThe membership of the HIT Advisory Committee shall—
(A) include at least 25 members, of which—
(i) no fewer than 2 members are advocates for patients or consumers of health information technology;
(ii) 3 members are appointed by the Secretary, 1 of whom shall be appointed to represent the Department of Health and Human Services and 1 of whom shall be a public health official;
(iii) 2 members are appointed by the majority leader of the Senate;
(iv) 2 members are appointed by the minority leader of the Senate;
(v) 2 members are appointed by the Speaker of the House of Representatives;
(vi) 2 members are appointed by the minority leader of the House of Representatives; and
(vii) such other members are appointed by the Comptroller General of the United States; and
(B) at least reflect providers, ancillary health care workers, consumers, purchasers, health plans, health information technology developers, researchers, patients, relevant Federal agencies, and individuals with technical expertise on health care quality, system functions, privacy, security, and on the electronic exchange and use of health information, including the use standards for such activity.
(3) Participation
(4) Terms
(A) In general
(B) Vacancies
(C) Limits
(5) Outside involvement
(6) Quorum
(7) Consideration
(8) Assistance
(e) Application of chapter 10 of title 5
(f) Publication
(July 1, 1944, ch. 373, title XXX, § 3002, as added Pub. L. 114–255, div. A, title IV, § 4003(e)(1), Dec. 13, 2016, 130 Stat. 1168; amended Pub. L. 117–286, § 4(a)(246), Dec. 27, 2022, 136 Stat. 4332.)
§ 300jj–13. Setting priorities for standards adoption
(a) Identifying priorities
(1) In generalNot later than 6 months after the date on which the HIT Advisory Committee first meets, the National Coordinator shall periodically convene the HIT Advisory Committee to—
(A) identify priority uses of health information technology, focusing on priorities—
(i) arising from the implementation of the incentive programs for the meaningful use of certified EHR technology, the Merit-based Incentive Payment System, Alternative Payment Models, the Hospital Value-Based Purchasing Program, and any other value-based payment program determined appropriate by the Secretary;
(ii) related to the quality of patient care;
(iii) related to public health;
(iv) related to clinical research;
(v) related to the privacy and security of electronic health information;
(vi) related to innovation in the field of health information technology;
(vii) related to patient safety;
(viii) related to the usability of health information technology;
(ix) related to individuals’ access to electronic health information; and
(x) other priorities determined appropriate by the Secretary;
(B) identify existing standards and implementation specifications that support the use and exchange of electronic health information needed to meet the priorities identified in subparagraph (A); and
(C) publish a report summarizing the findings of the analysis conducted under subparagraphs (A) and (B) and make appropriate recommendations.
(2) Prioritization
(3) Guidelines for review of existing standards and specifications
(b) Review of adopted standards
(1) In generalBeginning 5 years after December 13, 2016, and every 3 years thereafter, the National Coordinator shall convene stakeholders to review the existing set of adopted standards and implementation specifications and make recommendations with respect to whether to—
(A) maintain the use of such standards and implementation specifications; or
(B) phase out such standards and implementation specifications.
(2) Priorities
(c) Rule of construction
(July 1, 1944, ch. 373, title XXX, § 3003, as added Pub. L. 114–255, div. A, title IV, § 4003(f), Dec. 13, 2016, 130 Stat. 1175.)
§ 300jj–14. Process for adoption of endorsed recommendations; adoption of initial set of standards, implementation specifications, and certification criteria
(a) Process for adoption of endorsed recommendations
(1) Review of endorsed standards, implementation specifications, and certification criteria
(2) Determination to adopt standards, implementation specifications, and certification criteria
If the Secretary determines—
(A) to propose adoption of any grouping of such standards, implementation specifications, or certification criteria, the Secretary shall, by regulation under section 553 of title 5, determine whether or not to adopt such grouping of standards, implementation specifications, or certification criteria; or
(B) not to propose adoption of any grouping of standards, implementation specifications, or certification criteria, the Secretary shall notify the National Coordinator and the HIT Advisory Committee in writing of such determination and the reasons for not proposing the adoption of such recommendation.
(3) Publication
(b) Adoption of standards, implementation specifications, and certification criteria
(1) In general
(2) Application of current standards, implementation specifications, and certification criteria
(3) Subsequent standards activity
(c) Deference to standards development organizations
(July 1, 1944, ch. 373, title XXX, § 3004, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 240; amended Pub. L. 114–255, div. A, title IV, § 4003(d), (e)(2)(A)(i), (D), Dec. 13, 2016, 130 Stat. 1168, 1174, 1175.)
§ 300jj–15. Application and use of adopted standards and implementation specifications by Federal agencies

For requirements relating to the application and use by Federal agencies of the standards and implementation specifications adopted under section 300jj–14 of this title, see section 17901 of this title.

(July 1, 1944, ch. 373, title XXX, § 3005, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 241.)
§ 300jj–16. Voluntary application and use of adopted standards and implementation specifications by private entities
(a) In general
Except as provided under section 13112 of the HITECH Act [42 U.S.C. 17902], nothing in such Act or in the amendments made by such Act shall be construed—
(1) to require a private entity to adopt or comply with a standard or implementation specification adopted under section 300jj–14 of this title; or
(2) to provide a Federal agency authority, other than the authority such agency may have under other provisions of law, to require a private entity to comply with such a standard or implementation specification.
(b) Rule of construction
(July 1, 1944, ch. 373, title XXX, § 3006, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 241.)
§ 300jj–17. Federal health information technology
(a) In general
(b) Certification
(c) Authorization to charge a nominal fee
(d) Rule of construction
(July 1, 1944, ch. 373, title XXX, § 3007, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 241; amended Pub. L. 114–255, div. A, title IV, § 4003(e)(2)(E), Dec. 13, 2016, 130 Stat. 1175.)
§ 300jj–18. Transitions
(a) ONCHIT
(b) National eHealth Collaborative
(c) Consistency of recommendations
(July 1, 1944, ch. 373, title XXX, § 3008, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 241; amended Pub. L. 114–255, div. A, title IV, § 4003(e)(2)(A)(i), (iii), (F), Dec. 13, 2016, 130 Stat. 1174, 1175.)
§ 300jj–19. Miscellaneous provisions
(a) Relation to HIPAA privacy and security law
(1) In generalWith respect to the relation of this subchapter to HIPAA privacy and security law:
(A) This subchapter may not be construed as having any effect on the authorities of the Secretary under HIPAA privacy and security law.
(B) The purposes of this subchapter include ensuring that the health information technology standards and implementation specifications adopted under section 300jj–14 of this title take into account the requirements of HIPAA privacy and security law.
(2) DefinitionFor purposes of this section, the term “HIPAA privacy and security law” means—
(A) the provisions of part C of title XI of the Social Security Act [42 U.S.C. 1320d et seq.], section 264 of the Health Insurance Portability and Accountability Act of 1996, and subtitle D of title IV 1
1 See References in Text note below.
of the Health Information Technology for Economic and Clinical Health Act; and
(B) regulations under such provisions.
(b) Flexibility
(c) Promoting patient access to electronic health information through health information exchanges
(1) In general
(2) Education of providersThe Secretary, in coordination with the Office for Civil Rights of the Department of Health and Human Services, shall—
(A) educate health care providers on ways of leveraging the capabilities of health information exchanges (or other relevant platforms) to provide patients with access to their electronic health information;
(B) clarify misunderstandings by health care providers about using health information exchanges (or other relevant platforms) for patient access to electronic health information; and
(C) to the extent practicable, educate providers about health information exchanges (or other relevant platforms) that employ some or all of the capabilities described in paragraph (1).
(3) RequirementsIn carrying out paragraph (1), the Secretary, in coordination with the Office for Civil Rights, shall issue guidance to health information exchanges related to best practices to ensure that the electronic health information provided to patients is—
(A) private and secure;
(B) accurate;
(C) verifiable; and
(D) where a patient’s authorization to exchange information is required by law, easily exchanged pursuant to such authorization.
(4) Rule of construction
(d) Efforts to promote access to health information
(e) Accessibility of patient records
(1) Accessibility and updating of information
(A) In general
(B) Updating education on accessing and exchanging personal health information
(2) Certifying usability for patientsIn carrying out certification programs under section 300jj–11(c)(5) of this title, the National Coordinator may require that—
(A) the certification criteria support—
(i) patient access to their electronic health information, including in a single longitudinal format that is easy to understand, secure, and may be updated automatically;
(ii) the patient’s ability to electronically communicate patient-reported information (such as family history and medical history); and
(iii) patient access to their personal electronic health information for research at the option of the patient; and
(B) the HIT Advisory Committee develop and prioritize standards, implementation specifications, and certification criteria required to help support patient access to electronic health information, patient usability, and support for technologies that offer patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure, and may be updated automatically.
(July 1, 1944, ch. 373, title XXX, § 3009, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 242; amended Pub. L. 114–255, div. A, title IV, § 4006(a), Dec. 13, 2016, 130 Stat. 1181.)
§ 300jj–19a. Electronic health record reporting program
(a) Reporting criteria
(1) Convening of stakeholders
(2) Development of reporting criteriaThe reporting criteria under this subsection shall be developed through a public, transparent process that reflects input from relevant stakeholders, including—
(A) health care providers, including primary care and specialty care health care professionals;
(B) hospitals and hospital systems;
(C) health information technology developers;
(D) patients, consumers, and their advocates;
(E) data sharing networks, such as health information exchanges;
(F) authorized certification bodies and testing laboratories;
(G) security experts;
(H) relevant manufacturers of medical devices;
(I) experts in health information technology market economics;
(J) public and private entities engaged in the evaluation of health information technology performance;
(K) quality organizations, including the consensus based entity described in section 1395aaa of this title;
(L) experts in human factors engineering and the measurement of user-centered design; and
(M) other entities or individuals, as the Secretary determines appropriate.
(3) Considerations for reporting criteriaThe reporting criteria developed under this subsection—
(A) shall include measures that reflect categories including—
(i) security;
(ii) usability and user-centered design;
(iii) interoperability;
(iv) conformance to certification testing; and
(v) other categories, as appropriate to measure the performance of electronic health record technology;
(B) may include categories such as—
(i) enabling the user to order and view the results of laboratory tests, imaging tests, and other diagnostic tests;
(ii) submitting, editing, and retrieving data from registries such as clinician-led clinical data registries;
(iii) accessing and exchanging information and data from and through health information exchanges;
(iv) accessing and exchanging information and data from medical devices;
(v) accessing and exchanging information and data held by Federal, State, and local agencies and other applicable entities useful to a health care provider or other applicable user in the furtherance of patient care;
(vi) accessing and exchanging information from other health care providers or applicable users;
(vii) accessing and exchanging patient generated information;
(viii) providing the patient or an authorized designee with a complete copy of their health information from an electronic record in a computable format;
(ix) providing accurate patient information for the correct patient, including exchanging such information, and avoiding the duplication of patients records; and
(x) other categories regarding performance, accessibility,1
1 So in original. Probably should be “performance or accessibility,”.
as the Secretary determines appropriate; and
(C) shall be designed to ensure that small and startup health information technology developers are not unduly disadvantaged by the reporting criteria.
(4) Modifications
(b) Participation
(c) Reporting program
(1) In general
(2) Applications
(A) the proposed method for reviewing and summarizing information gathered based on reporting criteria established under subsection (a);
(B) if applicable, the intended focus on a specific subset of certified electronic health record technology users, such as health care providers, including primary care, specialty care, and care provided in rural settings; hospitals and hospital systems; and patients, consumers, and patients and consumer advocates;
(C) the plan for widely distributing reports described in paragraph (6);
(D) the period for which the grant, contract, or agreement is requested, which may be up to 2 years; and
(E) the budget for reporting program participation, and whether the eligible independent entity intends to continue participation after the period of the grant, contract, or agreement.
(3) Considerations for independent entitiesIn awarding grants, contracts, and agreements under paragraph (1), the Secretary shall give priority to independent entities with appropriate expertise in health information technology usability, interoperability, and security (especially entities with such expertise in electronic health records) with respect to—
(A) health care providers, including primary care, specialty care, and care provided in rural settings;
(B) hospitals and hospital systems; and
(C) patients, consumers, and patient and consumer advocates.
(4) Limitations
(A) Assessment and redeterminationNot later than 4 years after December 13, 2016, and every 2 years thereafter, the Secretary, in consultation with stakeholders, shall—
(i) assess performance of the recipients of the grants, contracts, and agreements under paragraph (1) based on quality and usability of reports described in paragraph (6); and
(ii) re-determine grants, contracts, and agreements as necessary.
(B) Prohibitions on participationThe Secretary may not award a grant, contract, or cooperative agreement under paragraph (1) to—
(i) a proprietor of certified health information technology or a business affiliate of such a proprietor;
(ii) a developer of certified health information technology; or
(iii) a State or local government agency.
(5) FeedbackBased on reporting criteria established under subsection (a), the recipients of grants, contracts, and agreements under paragraph (1) shall develop and implement a process to collect and verify confidential feedback on such criteria from—
(A) health care providers, patients, and other users of certified electronic health record technology; and
(B) developers of certified electronic health record technology.
(6) Reports
(A) Development of reports
(B) Distribution of reports
(d) PublicationThe Secretary shall distribute widely, as appropriate, and publish, on the Internet website of the Office of the National Coordinator—
(1) the reporting criteria developed under subsection (a); and
(2) the summary and detailed reports under subsection (c)(6).
(e) Review
(f) Additional resources
(July 1, 1944, ch. 373, title XXX, § 3009A, as added Pub. L. 114–255, div. A, title IV, § 4002(c), Dec. 13, 2016, 130 Stat. 1161.)