View all text of Part A [§ 300jj-11 - § 300jj-19a]
§ 300jj–19. Miscellaneous provisions
(a) Relation to HIPAA privacy and security law
(1) In generalWith respect to the relation of this subchapter to HIPAA privacy and security law:
(A) This subchapter may not be construed as having any effect on the authorities of the Secretary under HIPAA privacy and security law.
(B) The purposes of this subchapter include ensuring that the health information technology standards and implementation specifications adopted under section 300jj–14 of this title take into account the requirements of HIPAA privacy and security law.
(2) DefinitionFor purposes of this section, the term “HIPAA privacy and security law” means—
(A) the provisions of part C of title XI of the Social Security Act [42 U.S.C. 1320d et seq.], section 264 of the Health Insurance Portability and Accountability Act of 1996, and subtitle D of title IV 1
1 See References in Text note below.
of the Health Information Technology for Economic and Clinical Health Act; and(B) regulations under such provisions.
(b) Flexibility
(c) Promoting patient access to electronic health information through health information exchanges
(1) In general
(2) Education of providersThe Secretary, in coordination with the Office for Civil Rights of the Department of Health and Human Services, shall—
(A) educate health care providers on ways of leveraging the capabilities of health information exchanges (or other relevant platforms) to provide patients with access to their electronic health information;
(B) clarify misunderstandings by health care providers about using health information exchanges (or other relevant platforms) for patient access to electronic health information; and
(C) to the extent practicable, educate providers about health information exchanges (or other relevant platforms) that employ some or all of the capabilities described in paragraph (1).
(3) RequirementsIn carrying out paragraph (1), the Secretary, in coordination with the Office for Civil Rights, shall issue guidance to health information exchanges related to best practices to ensure that the electronic health information provided to patients is—
(A) private and secure;
(B) accurate;
(C) verifiable; and
(D) where a patient’s authorization to exchange information is required by law, easily exchanged pursuant to such authorization.
(4) Rule of construction
(d) Efforts to promote access to health information
(e) Accessibility of patient records
(1) Accessibility and updating of information
(A) In general
(B) Updating education on accessing and exchanging personal health information
(2) Certifying usability for patientsIn carrying out certification programs under section 300jj–11(c)(5) of this title, the National Coordinator may require that—
(A) the certification criteria support—
(i) patient access to their electronic health information, including in a single longitudinal format that is easy to understand, secure, and may be updated automatically;
(ii) the patient’s ability to electronically communicate patient-reported information (such as family history and medical history); and
(iii) patient access to their personal electronic health information for research at the option of the patient; and
(B) the HIT Advisory Committee develop and prioritize standards, implementation specifications, and certification criteria required to help support patient access to electronic health information, patient usability, and support for technologies that offer patients access to their electronic health information in a single, longitudinal format that is easy to understand, secure, and may be updated automatically.
(July 1, 1944, ch. 373, title XXX, § 3009, as added Pub. L. 111–5, div. A, title XIII, § 13101, Feb. 17, 2009, 123 Stat. 242; amended Pub. L. 114–255, div. A, title IV, § 4006(a), Dec. 13, 2016, 130 Stat. 1181.)