The proposed US Senate bill (S. 336) contains some sweeping changes on health information technology funding, implementation, privacy, and security. In addition to the oft-mentioned $20 billion in funding, the bill takes on business associates -- treating them the same as covered entities for enforcement purposes -- and vendors and other third parties who transmit electronic health information, including but not limited to entities involved with the provision of PHRs. In this latter respect, the Federal Trade Commission ("FTC") which has been selected as the enforcer of the Red Flag Rules, will be enforcing violations.
This legislation will have a dramatic effect on all healthcare providers. In addition, it may provide some opportunities for higher education entities based upon the grants that are targeted for certificate, undergraduate, and graduate studies in health information technology and the creation of state and regional HIT extension and training projects.
The stated goal of the legislation is to create the infrastructure for a national health network. EHRs are proposed for every person by 2014. The House bill, (H.R. 1) contains some similar provisions. The conference report will be quite interesting for health IT.