Page:United States Statutes at Large Volume 123.djvu/254

 123STA T . 23 4PUBLIC LA W 111 –5—FE B.1 7, 2 0 0 9shal l beto a dvi se the N atio n al C oo r dinator on p riva cy, sec u rity, and data ste w ardship o f electronic health infor m ation and to coordi - nate with other F ederal a g encies ( and similar privacy officers in such agencies ) , with S tate and regional efforts, and with foreign countries with regard to the privacy, security, and data stewardship of electronic individually identifiable health information .‘ ‘ SEC.30 0 2 . HITPOL IC Y CO M MITTEE. ‘ ‘(a) ESTABLI S HMEN T. —T here is established a HI T P olicy Com- mittee to ma k e policy recommendations to the National Coordinator relating to the implementation of a nationwide health information technology infrastructure, including implementation of the strategic plan described in section 30 0 1 (c)(3). ‘‘(b) DU TIES.— ‘‘(1) R E CO MMEN D ATIONS ON HEALTH IN F O R MATION TECH- NOLO GY INFRASTRUCTURE.—The HIT Policy Committee shall recommend a policy framework for the development and adop- tion of a nationwide health information technology infrastruc- ture that permits the electronic e x change and use of health information as is consistent with the strategic plan under sec- tion 3001(c)(3) and that includes the recommendations under paragraph ( 2 ). The Committee shall update such recommenda- tions and make new recommendations as appropriate. ‘‘(2) S P ECIFIC AREAS OF STANDARD DE V ELOPMENT.— ‘‘( A ) IN GENERAL.—The HIT Policy Committee shall recommend the areas in which standards, implementation specifications, and certification criteria are needed for the electronic exchange and use of health information for pur- poses of adoption under section 300 4 and shall recommend an order of priority for the development, harmoni z ation, and recognition of such standards, specifications, and cer- tification criteria among the areas so recommended. Such standards and implementation specifications shall include named standards, architectures, and software schemes for the authentication and security of individually identifiable health information and other information as needed to ensure the reproducible development of common solutions across disparate entities. ‘‘( B ) AREAS RE Q UIRED FOR CONSIDERATION.—For pur- poses of subparagraph (A), the HIT Policy Committee shall make recommendations for at least the following areas ‘‘(i) Technologies that protect the privacy of health information and promote security in a q ualified elec- tronic health record, including for the segmentation and protection from disclosure of specific and sensitive individually identifiable health information with the goal of minimizing the reluctance of patients to seek care (or disclose information about a condition) because of privacy concerns, in accordance with applicable law, and for the use and disclosure of limited data sets of such information. ‘‘(ii) A nationwide health information technology infrastructure that allows for the electronic use and accurate exchange of health information. ‘‘(iii) The utilization of a certified electronic health record for each person in the U nited States by 2014. Recom me nda-ti on s.42USC30 0 j j –1 2.