Tap any paragraph to write a margin note. Your notes collect in the Desk below the text and file under cases with @. The side-by-side margin rail opens on a larger screen.

§
Marginalia
Code · BILL · 117th Congress · S. 3620 (Introduced in Senate) — To establish the Commission for the Comprehensive Study of Health Data Use and Privacy Protection. · Sec. 4

Sec. 4. Duties of Commission

1,173 words·~5 min read·/bill/117/s/3620/is/section-4

A research copy — for the controlling text, always check the official state or federal source. Not legal advice.

The Commission shall conduct a study of issues relating to protection of individual privacy and the appropriate balance to be achieved between protecting individual privacy and allowing and advancing appropriate uses of personal health information, including the following issues: The monitoring, collection, and distribution of personal health information by Federal, State, and local governments, such as the collection of information to combat the spread of infectious diseases such as COVID–19, the threat of substance use disorders involving opioids and other substances, and other public health threats and benefits.
Current efforts to address the access, exchange, and use of personal health information by Federal and State governments, individuals, or entities, including— existing statutes and regulations relating to the protection of individual privacy, such as section 552a of title 5, United States Code (commonly known as the Privacy Act of 1974 ), section 552 of title 5, United States Code (commonly known as the Freedom of Information Act ), the Federal Trade Commission Act ( 15 U.S.C. 42 et seq. ), the Common Rule and other applicable regulations promulgated under the Health Information Portability and Accountability Act of 1996 ( Public Law 104–191 ), the Health Information Technology for Economic and Clinical Health Act ( Public Law 111–5 ) (including the amendments made by such Act), the 21st Century Cures Act ( Public Law 114–255 ) (including the amendments made by such Act), and section 444 of the General Education Provisions Act ( 20 U.S.C. 1232g ; commonly known as the Family Educational Rights and Privacy Act of 1974 ); relevant legislation pending before Congress and State legislatures; privacy protection efforts undertaken by— the Federal Government;
State governments; or foreign governments and international governing bodies; privacy protection efforts undertaken by the private sector, including any relevant recommendations, frameworks, or proposals; and self-regulatory efforts initiated or proposed by the private sector to respond to privacy issues. The differences and similarities between Federal, State, and international rules for protecting the privacy of health information and the degree to which such similarities or differences create or address problems related to collecting, sharing, and using health information to improve care and lower costs, and any trade-offs related to patient privacy and patient control over health information.
The need for consistency in deidentification standards for health data to avoid conflicting requirements that could impede the improvement of health care through clinical trials, technology development, public health surveillance, monitoring of general health trends, and medical research. Technologies and data currently used for treatment, payment, and health care operations, compared with technologies used when the privacy regulations promulgated under section 264 of the Health Insurance Portability and Accountability Act of 1996 ( 42 U.S.C. 1320d–2 note) were first issued, including an assessment of any gaps in the privacy protections under such regulations resulting from data collection and use by non-covered entities, taking into account recommendations of the National Committee on Vital and Health Statistics and the Office for the National Coordinator for Health Information Technology.
The monitoring, collection, and distribution of personal information by individuals or entities, including access to, and use of, personal health information and medical records, and the ability to access and restrict the information. Employer practices and policies with respect to the health information of employees, including— the extent to which employers collect, use, or disclose employee health information for marketing, employment, or insurance underwriting purposes; what restrictions employers place on disclosure or use of employee health information; and practices of employer medical departments with respect to disclosing employee health information to administrative or other personnel of the employer.
Current enforcement of privacy laws and rules through the Federal Trade Commission, the Office for Civil Rights of the Department of Health and Human Services, the Civil Rights Division of the Department of Justice, State agencies (including State attorneys general), and private rights of action. Such evaluation shall include an examination of efficacy, recommendations, and advantages and disadvantages of different enforcement mechanisms, and the potential for consolidation of enforcement.
Varying notices of privacy practices and whether such practices are effective in informing consumers of their rights and responsibilities, including, as appropriate, an assessment of best practices. Varying statutory and regulatory employee training requirements, including, as appropriate, an assessment of best practices and whether harmonized training requirements may be more effective in encouraging efficient and effective training of employees in sound practices concerning personal health data.
Challenges and potential solutions to consent requirements and processes, particularly related to medical research. The degree to which personal health information is sold with or without consent, and the uses of such information. The Commission may conduct field hearings in the United States. Not later than 6 months after the appointment of all members of the Commission— a majority of the members of the Commission shall approve a report described in paragraph (2); and the Commission shall submit the approved report to the Committee on Health, Education, Labor, and Pensions of the Senate, the Committee on Energy and Commerce of the House of Representatives, the Secretary of Health and Human Services, and the President.
The report required under paragraph
(1)shall include a detailed statement of findings, conclusions, and recommendations, including the following: Findings from the study conducted by the Commission pursuant to section 4(a), including potential threats posed to individual health privacy and to legitimate business and policy interests. Analysis of purposes for which sharing of health information is appropriate and beneficial to consumers and the threat to health outcomes and costs if privacy rules are too stringent. Analysis of the effectiveness of existing statutes, regulations, private sector self-regulatory efforts, technology advances, and market forces in protecting individual health privacy. Recommendations on whether Federal legislation is necessary, and if so, specific suggestions on proposals to reform, streamline, harmonize, unify, or augment current laws and regulations relating to individual health privacy, including reforms or additions to existing law related to enforcement, preemption, consent, penalties for misuse, transparency, and notice of privacy practices. Analysis of whether additional regulations may impose costs or burdens, or cause unintended consequences in other policy areas, such as security, law enforcement, medical research, health care cost containment, improved patient outcomes, public health, or critical infrastructure protection, and whether such costs or burdens are justified by the additional regulations or benefits to privacy, including whether such benefits may be achieved through less onerous means. Cost analysis of legislative or regulatory changes proposed in the report. Recommendations on non-legislative solutions to individual health privacy concerns, including education, market-based measures, industry best practices, and new technologies. Review of the effectiveness and utility of third-party statements of privacy principles and private sector self-regulatory efforts, as well as third-party certification or accreditation programs meant to ensure compliance with privacy requirements. Together with the report under subsection (c), the Commission shall submit to Congress and the President any additional report of dissenting opinions or minority views by a member or members of the Commission. The Commission may submit to Congress and the President an interim report approved by a majority of the members of the Commission.
Connectionstraces to 3
3 references not yet in our index
  • Pub. L. 104-191
  • Pub. L. 111-5
  • 42 USC 1320d–2
Citation graph
cites case law
Sec. 4
Duties of Commission
U.S.C.§ 42
Pub. L.Public Law 114-255
U.S.C.§ 1232g
Pub. L.Pub. L. 104-191
Pub. L.Pub. L. 111-5
Cite42 USC 1320d–2
Cites 6Cited by 0 across 0 sources
★   the supreme law of the land   ★
Don't Tread on Me
E Pluribus Unum — out of many, one

"If you don't know your rights, you don't have any."

Marginalia · a citizen's law index
A research desk, not legal advice. Always read the cited source before relying on a summary.
Questions or an issue? support@self-law.org
disclaimerMarginalia is a research index, not a law firm. Nothing on this site is legal, tax, or financial advice and no attorney–client relationship is formed by using it. Statutes, regulations, and case law change; summaries, search results, AI output, and member posts may be incomplete, out of date, or wrong. Any interpretation drawn from material on this site should be validated by a licensed attorney in your jurisdiction before you act on it.