Sec. 4002. TRANSPARENT REPORTING ON USABILITY, SECURITY, AND FUNCTIONALITY
2,631 words·~12 min read·
/statute-compilations/comps-13005/sec-4002A research copy — for the controlling text, always check the official state or federal source. Not legal advice.
## SEC. 4002 TRANSPARENT REPORTING ON USABILITY, SECURITY, AND FUNCTIONALITY ###
(a)Enhancements to Certification Section 3001(c)(5) of the Public Health Service Act (42 U.S.C. 300jj-11), as amended by section 4001(b), is further amended by adding at the end the following: > > ##### “(D) Conditions of certification > > Not later than 1 year after the date of enactment of the 21st Century Cures Act, the Secretary, through notice and comment rulemaking, shall require, as a condition of certification and maintenance of certification for programs maintained or recognized under this paragraph, consistent with other conditions and requirements under this title, that the health information technology developer or entity— > > > ###### “(i) > > does not take any action that constitutes information blocking as defined in section 3022(a); > > > ###### “(ii) > > provides assurances satisfactory to the Secretary that such developer or entity, unless for legitimate purposes specified by the Secretary, will not take any action described in clause
(i)or any other action that may inhibit the appropriate exchange, access, and use of electronic health information; > > > ###### “(iii) > > does not prohibit or restrict communication regarding— > > > ###### “(I) > > the usability of the health information technology; > > > ###### “(II) > > the interoperability of the health information technology; > > > ###### “(III) > > the security of the health information technology; > > > ###### “(IV) > > relevant information regarding users’ experiences when using the health information technology; > > > ###### “(V) > > the business practices of developers of health information technology related to exchanging electronic health information; and > > > ###### “(VI) > > the manner in which a user of the health information technology has used such technology; > > > ###### “(iv) > > has published application programming interfaces and allows health information from such technology to be accessed, exchanged, and used without special effort through the use of application programming interfaces or successor technology or standards, as provided for under applicable law, including providing access to all data elements of a patient’s electronic health record to the extent permissible under applicable privacy laws; > > > ###### “(v) > > has successfully tested the real world use of the technology for interoperability (as defined in section 3000) in the type of setting in which such technology would be marketed; > > > ###### “(vi) > > provides to the Secretary an attestation that the developer or entity— > > > ###### “(I) > > has not engaged in any of the conduct described in clause (i); > > > ###### “(II) > > has provided assurances satisfactory to the Secretary in accordance with clause (ii); > > > ###### “(III) > > does not prohibit or restrict communication as described in clause (iii); > > > ###### “(IV) > > has published information in accordance with clause (iv); > > > ###### “(V) > > ensures that its technology allows for health information to be exchanged, accessed, and used, in the manner described in clause (iv); and > > > ###### “(VI) > > has undertaken real world testing as described in clause (v); and > > > ###### “(vii) > > submits reporting criteria in accordance with section 3009A(b).” > . > > ##### “(E) Compliance with conditions of certification > > The Secretary may encourage compliance with the conditions of certification described in subparagraph
(D)and take action to discourage noncompliance, as appropriate.” > . ###
(b)EHR Significant Hardship Exception ####
(1)Application to eligible professionals #####
(A)In case of decertification Section 1848(a)(7)(B) of the Social Security Act (42 U.S.C. 1395w-4(a)(7)(B)) is amended by inserting after the first sentence the following new sentence: “The Secretary shall exempt an eligible professional from the application of the payment adjustment under subparagraph
(A)with respect to a year, subject to annual renewal, if the Secretary determines that compliance with the requirement for being a meaningful EHR user is not possible because the certified EHR technology used by such professional has been decertified under a program kept or recognized pursuant to section 3001(c)(5) of the Public Health Service Act.”. #####
(B)Continued application under mips Section 1848(o)(2)(D) of the Social Security Act (42 U.S.C. 1395w-4(o)(2)(D)) is amended by adding at the end the following new sentence: “The provisions of subparagraphs
(B)and
(D)of subsection (a)(7), shall apply to assessments of MIPS eligible professionals under subsection
(q)with respect to the performance category described in subsection (q)(2)(A)(iv) in an appropriate manner which may be similar to the manner in which such provisions apply with respect to payment adjustments made under subsection (a)(7)(A).”. ####
(2)Application to eligible hospitals Section 1886(b)(3)(B)(ix)(II) of the Social Security Act (42 U.S.C. 1395ww(b)(3)(B)(ix)(II)) is amended by inserting after the first sentence the following new sentence: “The Secretary shall exempt an eligible hospital from the application of the payment adjustment under subclause
(I)with respect to a fiscal year, subject to annual renewal, if the Secretary determines that compliance with the requirement for being a meaningful EHR user is not possible because the certified EHR technology used by such hospital is decertified under a program kept or recognized pursuant to section 3001(c)(5) of the Public Health Service Act.”. ###
(c)Electronic Health Record Reporting Program Subtitle A of title XXX of the Public Health Service Act (42 U.S.C. 300jj-11 et seq.) is amended by adding at the end the following: > > ## “SEC. 3009A ELECTRONIC HEALTH RECORD REPORTING PROGRAM > > > ### “(a) Reporting Criteria > > > #### “(1) Convening of stakeholders > > Not later than 1 year after the date of enactment of the 21st Century Cures Act, the Secretary shall convene stakeholders, as described in paragraph (2), for the purpose of developing the reporting criteria in accordance with paragraph (3). > > > #### “(2) Development of reporting criteria > > The reporting criteria under this subsection shall be developed through a public, transparent process that reflects input from relevant stakeholders, including— > > > ##### “(A) > > health care providers, including primary care and specialty care health care professionals; > > > ##### “(B) > > hospitals and hospital systems; > > > ##### “(C) > > health information technology developers; > > > ##### “(D) > > patients, consumers, and their advocates; > > > ##### “(E) > > data sharing networks, such as health information exchanges; > > > ##### “(F) > > authorized certification bodies and testing laboratories; > > > ##### “(G) > > security experts; > > > ##### “(H) > > relevant manufacturers of medical devices; > > > ##### “(I) > > experts in health information technology market economics; > > > ##### “(J) > > public and private entities engaged in the evaluation of health information technology performance; > > > ##### “(K) > > quality organizations, including the consensus based entity described in section 1890 of the Social Security Act; > > > ##### “(L) > > experts in human factors engineering and the measurement of user-centered design; and > > > ##### “(M) > > other entities or individuals, as the Secretary determines appropriate. > > > #### “(3) Considerations for reporting criteria > > The reporting criteria developed under this subsection— > > > ##### “(A) > > shall include measures that reflect categories including— > > > ###### “(i) > > security; > > > ###### “(ii) > > usability and user-centered design; > > > ###### “(iii) > > interoperability; > > > ###### “(iv) > > conformance to certification testing; and > > > ###### “(v) > > other categories, as appropriate to measure the performance of electronic health record technology; > > > ##### “(B) > > may include categories such as— > > > ###### “(i) > > enabling the user to order and view the results of laboratory tests, imaging tests, and other diagnostic tests; > > > ###### “(ii) > > submitting, editing, and retrieving data from registries such as clinician-led clinical data registries; > > > ###### “(iii) > > accessing and exchanging information and data from and through health information exchanges; > > > ###### “(iv) > > accessing and exchanging information and data from medical devices; > > > ###### “(v) > > accessing and exchanging information and data held by Federal, State, and local agencies and other applicable entities useful to a health care provider or other applicable user in the furtherance of patient care; > > > ###### “(vi) > > accessing and exchanging information from other health care providers or applicable users; > > > ###### “(vii) > > accessing and exchanging patient generated information; > > > ###### “(viii) > > providing the patient or an authorized designee with a complete copy of their health information from an electronic record in a computable format; > > > ###### “(ix) > > providing accurate patient information for the correct patient, including exchanging such information, and avoiding the duplication of patients records; and > > > ###### “(x) > > other categories regarding performance, accessibility, as the Secretary determines appropriate; and > > > ##### “(C) > > shall be designed to ensure that small and startup health information technology developers are not unduly disadvantaged by the reporting criteria. > > > #### “(4) Modifications > > After the reporting criteria have been developed under paragraph (3), the Secretary may convene stakeholders and conduct a public comment period for the purpose of modifying the reporting criteria developed under such paragraph. > > > ### “(b) Participation > > As a condition of maintaining certification under section 3001(c)(5)(D), a developer of certified electronic health records shall submit to an appropriate recipient of a grant, contract, or agreement under subsection (c)(1) responses to the criteria developed under subsection (a), with respect to all certified technology offered by such developer. > > > ### “(c) Reporting Program > > > #### “(1) In general > > Not later than 1 year after the date of enactment of the 21st Century Cures Act, the Secretary shall award grants, contracts, or agreements to independent entities on a competitive basis to support the convening of stakeholders as described in subsection (a)(2), collect the information required to be reported in accordance with the criteria established as described subsection (a)(3), and develop and implement a process in accordance with paragraph
(5)and report such information to the Secretary. > > > #### “(2) Applications > > An independent entity that seeks a grant, contract, or agreement under this subsection shall submit an application to the Secretary at such time, in such manner, and containing such information as the Secretary may reasonably require, including a description of— > > > ##### “(A) > > the proposed method for reviewing and summarizing information gathered based on reporting criteria established under subsection (a); > > > ##### “(B) > > if applicable, the intended focus on a specific subset of certified electronic health record technology users, such as health care providers, including primary care, specialty care, and care provided in rural settings; hospitals and hospital systems; and patients, consumers, and patients and consumer advocates; > > > ##### “(C) > > the plan for widely distributing reports described in paragraph (6); > > > ##### “(D) > > the period for which the grant, contract, or agreement is requested, which may be up to 2 years; and > > > ##### “(E) > > the budget for reporting program participation, and whether the eligible independent entity intends to continue participation after the period of the grant, contract, or agreement. > > > #### “(3) Considerations for independent entities > > In awarding grants, contracts, and agreements under paragraph (1), the Secretary shall give priority to independent entities with appropriate expertise in health information technology usability, interoperability, and security (especially entities with such expertise in electronic health records) with respect to— > > > ##### “(A) > > health care providers, including primary care, specialty care, and care provided in rural settings; > > > ##### “(B) > > hospitals and hospital systems; and > > > ##### “(C) > > patients, consumers, and patient and consumer advocates. > > > #### “(4) Limitations > > > ##### “(A) Assessment and redetermination > > Not later than 4 years after the date of enactment of the 21st Century Cures Act and every 2 years thereafter, the Secretary, in consultation with stakeholders, shall— > > > ###### “(i) > > assess performance of the recipients of the grants, contracts, and agreements under paragraph
(1)based on quality and usability of reports described in paragraph (6); and > > > ###### “(ii) > > re-determine grants, contracts, and agreements as necessary. > > > ##### “(B) Prohibitions on participation > > The Secretary may not award a grant, contract, or cooperative agreement under paragraph
(1)to— > > > ###### “(i) > > a proprietor of certified health information technology or a business affiliate of such a proprietor; > > > ###### “(ii) > > a developer of certified health information technology; or > > > ###### “(iii) > > a State or local government agency. > > > #### “(5) Feedback > > Based on reporting criteria established under subsection (a), the recipients of grants, contracts, and agreements under paragraph
(1)shall develop and implement a process to collect and verify confidential feedback on such criteria from— > > > ##### “(A) > > health care providers, patients, and other users of certified electronic health record technology; and > > > ##### “(B) > > developers of certified electronic health record technology. > > > #### “(6) Reports > > > ##### “(A) Development of reports > > Each recipient of a grant, contract, or agreement under paragraph
(1)shall report on the information reported to such recipient pursuant to subsection
(a)and the user feedback collected under paragraph
(5)by preparing summary reports and detailed reports of such information. > > > ##### “(B) Distribution of reports > > Each recipient of a grant, contract, or agreement under paragraph
(1)shall submit the reports prepared under subparagraph
(A)to the Secretary for public distribution in accordance with subsection (d). > > > ### “(d) Publication > > The Secretary shall distribute widely, as appropriate, and publish, on the Internet website of the Office of the National Coordinator— > > > #### “(1) > > the reporting criteria developed under subsection (a); and > > > #### “(2) > > the summary and detailed reports under subsection (c)(6). > > > ### “(e) Review > > Each recipient of a grant, contract, or agreement under paragraph
(1)shall develop and implement a process through which participating electronic health record technology developers may review and recommend changes to the reports created under subsection (c)(6) for products developed by such developer prior to the publication of such report under subsection (d). > > > ### “(f) Additional Resources > > The Secretary may provide additional resources on the Internet website of the Office of the National Coordinator to better inform consumers of health information technology. Such reports may be carried out through partnerships with private organizations with appropriate expertise.” > . ###
(d)Authorization of Appropriations There is authorized to be appropriated $15,000,000 for purposes of carrying out subparagraph
(D)of section 3001(c)(5) of the Public Health Service Act (42 U.S.C. 300jj-11) (as added by subsection (a)) and section 3009A of the Public Health Service Act (as added by subsection (b)), including for purposes of administering any contracts, grants, or agreements, to remain available until expended.
Connectionstraces to 3
Citation graph
cites case law
Sec. 4002
TRANSPARENT REPORTING ON USABILITY, SECURITY, AND FUNCTIONALITY
Cites 3Cited by 0 across 0 sources