
From the U.S. Code Online via GPO Access
[wais.access.gpo.gov]
[Laws in effect as of January 23, 2000]
[Document not affected by Public Laws enacted between
  January 23, 2000 and December 4, 2001]
[CITE: 42USC1320d-2]

 
                 TITLE 42--THE PUBLIC HEALTH AND WELFARE
 
                       CHAPTER 7--SOCIAL SECURITY
 
   SUBCHAPTER XI--GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE 
                             SIMPLIFICATION
 
                  Part C--Administrative Simplification
 
Sec. 1320d-2. Standards for information transactions and data 
        elements
        

(a) Standards to enable electronic exchange

                           (1) In general

        The Secretary shall adopt standards for transactions, and data 
    elements for such transactions, to enable health information to be 
    exchanged electronically, that are appropriate for--
            (A) the financial and administrative transactions described 
        in paragraph (2); and
            (B) other financial and administrative transactions 
        determined appropriate by the Secretary, consistent with the 
        goals of improving the operation of the health care system and 
        reducing administrative costs.

                          (2) Transactions

        The transactions referred to in paragraph (1)(A) are 
    transactions with respect to the following:
            (A) Health claims or equivalent encounter information.
            (B) Health claims attachments.
            (C) Enrollment and disenrollment in a health plan.
            (D) Eligibility for a health plan.
            (E) Health care payment and remittance advice.
            (F) Health plan premium payments.
            (G) First report of injury.
            (H) Health claim status.
            (I) Referral certification and authorization.

               (3) Accommodation of specific providers

        The standards adopted by the Secretary under paragraph (1) shall 
    accommodate the needs of different types of health care providers.

(b) Unique health identifiers

                           (1) In general

        The Secretary shall adopt standards providing for a standard 
    unique health identifier for each individual, employer, health plan, 
    and health care provider for use in the health care system. In 
    carrying out the preceding sentence for each health plan and health 
    care provider, the Secretary shall take into account multiple uses 
    for identifiers and multiple locations and specialty classifications 
    for health care providers.

                       (2) Use of identifiers

        The standards adopted under paragraph (1) shall specify the 
    purposes for which a unique health identifier may be used.

(c) Code sets

                           (1) In general

        The Secretary shall adopt standards that--
            (A) select code sets for appropriate data elements for the 
        transactions referred to in subsection (a)(1) of this section 
        from among the code sets that have been developed by private and 
        public entities; or
            (B) establish code sets for such data elements if no code 
        sets for the data elements have been developed.

                          (2) Distribution

        The Secretary shall establish efficient and low-cost procedures 
    for distribution (including electronic distribution) of code sets 
    and modifications made to such code sets under section 1320d-3(b) of 
    this title.

(d) Security standards for health information

                       (1) Security standards

        The Secretary shall adopt security standards that--
            (A) take into account--
                (i) the technical capabilities of record systems used to 
            maintain health information;
                (ii) the costs of security measures;
                (iii) the need for training persons who have access to 
            health information;
                (iv) the value of audit trails in computerized record 
            systems; and
                (v) the needs and capabilities of small health care 
            providers and rural health care providers (as such providers 
            are defined by the Secretary); and

            (B) ensure that a health care clearinghouse, if it is part 
        of a larger organization, has policies and security procedures 
        which isolate the activities of the health care clearinghouse 
        with respect to processing information in a manner that prevents 
        unauthorized access to such information by such larger 
        organization.

                           (2) Safeguards

        Each person described in section 1320d-1(a) of this title who 
    maintains or transmits health information shall maintain reasonable 
    and appropriate administrative, technical, and physical safeguards--
            (A) to ensure the integrity and confidentiality of the 
        information;
            (B) to protect against any reasonably anticipated--
                (i) threats or hazards to the security or integrity of 
            the information; and
                (ii) unauthorized uses or disclosures of the 
            information; and

            (C) otherwise to ensure compliance with this part by the 
        officers and employees of such person.

(e) Electronic signature

                            (1) Standards

        The Secretary, in coordination with the Secretary of Commerce, 
    shall adopt standards specifying procedures for the electronic 
    transmission and authentication of signatures with respect to the 
    transactions referred to in subsection (a)(1) of this section.

                      (2) Effect of compliance

        Compliance with the standards adopted under paragraph (1) shall 
    be deemed to satisfy Federal and State statutory requirements for 
    written signatures with respect to the transactions referred to in 
    subsection (a)(1) of this section.

(f) Transfer of information among health plans

    The Secretary shall adopt standards for transferring among health 
plans appropriate standard data elements needed for the coordination of 
benefits, the sequential processing of claims, and other data elements 
for individuals who have more than one health plan.

(Aug. 14, 1935, ch. 531, title XI, Sec. 1173, as added Pub. L. 104-191, 
title II, Sec. 262(a), Aug. 21, 1996, 110 Stat. 2024.)


                            Prior Provisions

    A prior section 1173 of act Aug. 14, 1935, was classified to section 
1320c-22 of this title prior to the general amendment of part B of this 
subchapter by Pub. L. 97-248.


  Recommendations With Respect to Privacy of Certain Health Information

    Section 264 of Pub. L. 104-191 provided that:
    ``(a) In General.--Not later than the date that is 12 months after 
the date of the enactment of this Act [Aug. 21, 1996], the Secretary of 
Health and Human Services shall submit to the Committee on Labor and 
Human Resources and the Committee on Finance of the Senate and the 
Committee on Commerce and the Committee on Ways and Means of the House 
of Representatives detailed recommendations on standards with respect to 
the privacy of individually identifiable health information.
    ``(b) Subjects for Recommendations.--The recommendations under 
subsection (a) shall address at least the following:
        ``(1) The rights that an individual who is a subject of 
    individually identifiable health information should have.
        ``(2) The procedures that should be established for the exercise 
    of such rights.
        ``(3) The uses and disclosures of such information that should 
    be authorized or required.
    ``(c) Regulations.--
        ``(1) In general.--If legislation governing standards with 
    respect to the privacy of individually identifiable health 
    information transmitted in connection with the transactions 
    described in section 1173(a) of the Social Security Act [subsec. (a) 
    of this section] (as added by section 262) is not enacted by the 
    date that is 36 months after the date of the enactment of this Act 
    [Aug. 21, 1996], the Secretary of Health and Human Services shall 
    promulgate final regulations containing such standards not later 
    than the date that is 42 months after the date of the enactment of 
    this Act. Such regulations shall address at least the subjects 
    described in subsection (b).
        ``(2) Preemption.--A regulation promulgated under paragraph (1) 
    shall not supercede a contrary provision of State law, if the 
    provision of State law imposes requirements, standards, or 
    implementation specifications that are more stringent than the 
    requirements, standards, or implementation specifications imposed 
    under the regulation.
    ``(d) Consultation.--In carrying out this section, the Secretary of 
Health and Human Services shall consult with--
        ``(1) the National Committee on Vital and Health Statistics 
    established under section 306(k) of the Public Health Service Act 
    (42 U.S.C. 242k(k)); and
        ``(2) the Attorney General.''

                  Section Referred to in Other Sections

    This section is referred to in sections 1320d, 1320d-1, 1320d-3, 
1320d-4, 1320d-7, 1396u-2 of this title.
