Sec. 3. Transparent ratings on usability and security to transform information technology
2,183 words·~10 min read·
/bill/114/s/2511/is/section-3A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
Section 3001(c)(5) of the Public Health Service Act ( 42 U.S.C. 300jj–11 ), as amended by section 2(b), is further amended— in subparagraph (A)— by striking The National Coordinator and inserting the following: The National Coordinator ; and by adding at the end the following: To enhance transparency in the compliance of health information technology with certification criteria and other requirements adopted under this subtitle, the National Coordinator, in coordination with authorized certification bodies, may make information demonstrating how health information technology meets such certification criteria or other requirements publicly available.
Such information may include summaries, screenshots, video demonstrations, or any other information the National Coordinator determines appropriate. The National Coordinator shall take appropriate measures to ensure that there are in effect effective procedures to prevent the unauthorized disclosure of any trade secret or confidential information that is obtained by the Secretary pursuant to this section. ; in subparagraph (B), by adding at the end the following: Beginning 18 months after reporting criteria are finalized under section 3009A, certification criteria shall include, in addition to criteria to establish that the technology meets such standards and implementation specifications, criteria consistent with section 3009A(b) to establish that technology meets applicable security requirements, incorporates user-centered design, and achieves interoperability. ; and by adding at the end the following:
Beginning 1 year after the date of enactment of the Improving Health Information Technology Act , the Secretary shall require, as a condition of certification and maintenance of certification for programs maintained or recognized under this paragraph, that— the health information technology developer or entity does not take any action that constitutes information blocking with respect to health information technology; the health information technology developer or entity permits unimpeded communication among and between health information technology users, and for the purposes of health information technology users communicating with an authorized certification body, the Office of the National Coordinator, and the Office of the Inspector General, the health information technology developer or entity permits unimpeded communication regarding the usability, interoperability, security, business practices, or other relevant information about the health information technology or users’ experience with the health information technology; health information from such technology may be exchanged, accessed, and used through the use of application programming interfaces or successor technology or standard as provided for under applicable law; the health information technology developer or entity provides to the Secretary an attestation that the developer or entity— has not engaged in any of the conduct described in clause (i); allows for communication as described in clause (ii); and ensures that its technology allows for health information to be exchanged, accessed, and used, in the manner described in clause (iii); and the health information technology developer or entity submits reporting criteria in accordance with section 3009A(f). .
Subtitle A of title XXX of the Public Health Service Act ( 42 U.S.C. 300jj–11 et seq. ) is amended by adding at the end the following: Not later than 180 days after the date of enactment of the Improving Health Information Technology Act , the Secretary shall recognize a development council made up of one representative from each of the certification bodies authorized by the Office of the National Coordinator and the testing laboratories accredited under section 13201(b) of the Health Information Technology for Economic and Clinical Health Act ( 42 U.S.C. 17911(b) ), one representative from the National Institute of Standards and Technology, and one representative from the Office of the National Coordinator.
The development council shall meet as needed for the purposes of carrying out its activities in accordance with this section. The Secretary shall, using the procedures prescribed in this subsection, issue rules establishing reporting criteria for health information technology products. Not later than 1 year after the date of enactment of the Improving Health Information Technology Act , the Secretary, in consultation with the development council described in subsection (a), shall convene stakeholders as described in paragraph
(3)for the purpose of developing the reporting criteria in accordance with paragraph (4). The reporting criteria under this subsection shall be developed through a public, transparent process that reflects input from relevant stakeholders, including— health care providers, including primary care and specialty care health care professionals; hospitals and hospital systems; health information technology developers; patients, consumers, and their advocates; data sharing networks, such as health information exchanges; authorized certification bodies and testing laboratories; security experts; relevant manufacturers of medical devices; experts in health information technology market economics; public and private entities engaged in the evaluation of health information technology performance; quality organizations, including the consensus based entity described in section 1890 of the Social Security Act; experts in human factors engineering and the measurement of user-centered design; and other entities or persons, as the Secretary, in consultation with the development council, determines appropriate. The reporting criteria developed under this subsection— shall include measures that reflect categories including, with respect to the technology— security; usability and user-centered design; interoperability; conformance to certification testing; and other categories as appropriate to measure the performance of health information technology; may include measures such as— enabling the user to order and view the results of laboratory tests, imaging tests, and other diagnostic tests; submitting, editing, and retrieving data from registries such as clinician-led clinical data registries; accessing and exchanging information and data from and through Health Information Exchanges; accessing and exchanging information and data from medical devices; accessing and exchanging information and data held by Federal, State, and local agencies and other applicable entities useful to a health care provider or other applicable user in the furtherance of patient care; accessing and exchanging information from other health care providers or applicable users; accessing and exchanging patient generated information; providing the patient or an authorized designee with a complete copy of their health information from an electronic record in a computable format; providing accurate patient information for the correct patient, including exchanging such information, and avoiding the duplication of patients records; and other appropriate functionalities; and shall be designed to ensure that small and start-up health information technology developers are not unduly disadvantaged by the reporting criteria or rating scale methodology. In promulgating proposed rules under this subsection, including modifications to such rules under subsection (e), the Secretary may accept, reject, or modify the recommendations of the development council, but may not promulgate a proposed rule that does not represent a complete recommendation of such council. In promulgating proposed rules under this subsection, the Secretary shall conduct a public comment period of not less than 60 days during which any member of the public may provide comments on the proposed reporting criteria and the methodology for the rating body (defined in subsection (g)) to use in determining the star ratings. The final rule promulgated under this subsection shall be accompanied by timely responses to the public comments described in paragraph (6). The Federal Advisory Committee Act (5 U.S.C. App.) shall not apply to the development council described in this section. The Secretary, in consultation with the development council, shall establish a process for the rating body (described in subsection (g)) to collect and verify confidential feedback from— health care providers, patients, and other users of certified health information technology on the usability, security, and interoperability of health information technology products; and developers of certified health information technology on practices of health information technology users that may inhibit interoperability. The Paperwork Reduction Act ( 44 U.S.C. 3501 et seq. ) shall not apply to the collection of feedback described in this subsection. The Secretary, in consultation with the development council, shall develop a methodology to be used by the rating body described in subsection
(g)to calculate the star ratings for certified health information technology described in subsection (a). The methodology shall use the reporting criteria developed in subsection (b), and the confidential feedback collected under subsection (c). In developing such methodology, the Secretary, in consultation with the development council, shall— provide for appropriate weighting of user feedback submitted under subsection
(c)and reporting criteria submitted under subsection (f), including consideration of the number of users who submitted such feedback; consider the impact of customization or adaptation by users of certified health information technology on performance; account for the intended function, scope, and type of certified health information technology; in consultation with the development council and after seeking comment from developers of health information technology in a manner that ensures appropriate industry feedback, establish a timeframe, but in no case less frequent than once every 3 years, for the submission of reporting criteria under subsection (f); and establish a timeframe for incorporating user feedback submitted under subsection
(c)and reporting criteria submitted under subsection
(f)into the star ratings for certified health information technology that accounts for updates to such technology in order to encourage innovation and maximize the utility of the star ratings. The development council may modify the number of star ratings employed by the system, but not more frequently than every 4 years. In no case shall the rating system employ fewer than 3 stars. After the final reporting criteria have been established under this section, the Secretary, in consultation with the development council, may convene stakeholders and conduct a public reporting period for the purpose of modifying the reporting criteria developed under subsection
(b)and methodology for determining the star ratings proposed under subsection (e). After the final methodology to be used by the rating body is established under subsection (e), the Secretary, in consultation with the development council, may modify the methodology used to calculate the star ratings for certified health information technology using the reporting criteria developed under subsection
(b)and the confidential feedback collected under subsection (c). The Secretary and the development council shall take into account the recommendations from the Comptroller General under subsection (k), where available, for the purposes of this paragraph. As a condition of maintaining their certification under section 3001(c)(5)(D), a developer of certified health information technology shall report on the criteria developed under subsection
(b)for all such certified technology offered by such developer pursuant to the timeframe established under subsection (d). The National Coordinator shall recognize an independent entity with appropriate expertise to carry out the rating program established by the development council under subsection
(a)and shall redetermine such recognition at least every 4 years. The entity recognized under paragraph
(1)may consult with organizations with expertise in the measurement of interoperability, usability, and security of health information technology in carrying out activities under this section. Each health information technology developer, or entity offering health information technology for certification, that receives a 1 star rating shall take action, through an improvement plan developed with the rating body and approved by the Secretary, to improve the health information technology rating within a timeframe that the Secretary determines appropriate. The Secretary shall decertify health information technology if the developer or entity offering health information technology does not submit reporting criteria in accordance with subsection
(f)within 90 days of the timeline established under subsection (d). The Secretary may decertify health information technology if— the health information technology does not improve from a one star rating within the timeframe established under subsection (h); or in other circumstances, as the Secretary determines appropriate. During the 12-year period beginning on the date of enactment of the Improving Health Information Technology Act , the Comptroller General of the United States shall submit to Congress a report every 4 years on the rating scale methodology developed pursuant to subsection (d), providing observations on the appropriateness of the current methodology and recommendations for changes to the methodology. The Development Council shall recommend to Congress and the Secretary if additional reports are needed after the expiration of such 12-year period. On the Internet website of the Office of the National Coordinator, the Secretary shall publish the criteria and methodology used to determine the star ratings, and, for each certified health information technology, the final star rating, and a report outlining such technology's performance with regard to the reporting criteria developed under subsection (b), and if an improvement plan has been administered. Following the reporting described in subsection (f), the rating body shall have 30 days to calculate and submit updated ratings to the Secretary and each developer of health information technology, and updated ratings shall be published on such Internet website not later than 30 days following such submission, notwithstanding an appeal of a rating by a developer or entity through the process developed under subsection (m). Decertification of an adopted health information technology product under subsection
(i)shall be considered a significant hardship resulting in a blanket exemption from the payment adjustment pursuant to section 1848(a)(7)(B) of the Social Security Act for eligible professionals, section 1886(b)(3)(ix)(II) of such Act for eligible hospitals, and 1814(l)(4)(C) of such Act for critical access hospitals. The Secretary shall establish a process whereby any health information technology developer, or entity offering health information technology, is notified not less than 30 days before being made public and can appeal— the health information technology product’s star rating; or the Secretary’s decision to decertify a product, as applicable. .
Connectionstraces to 2
Traces to 2 documents
1 reference not yet in our index
- 42 USC 300jj–11
Citation graph
cites case law
Sec. 3
Transparent ratings on usability and security to transform information technology
Cite42 USC 300jj–11
Cites 3Cited by 0 across 0 sources