Legislative Update
Spyware
S. 687 – Software Principles Yielding Better Levels of Consumer Knowledge Act (SPYBLOCK Act) – Senator Conrad Burns (R-MT) and Senator Ron Wyden (D-OR)
Latest Update: S. 687 was introduced by Senator Burns on H.R. 1080 on March 20 and was referred to the Committee on Commerce, Science, and Transportation. CSIA worked closely with Senator Wyden's staff to include the Good Samaritan provision, which protects anti-spyware software firms from frivolous lawsuits.
Summary: S. 687 regulates the unauthorized installation of computer software, to require clear disclosure to computer users of certain computer software features that may pose a threat to user privacy.
S. 1004 – The Enhanced Consumer Protection Against Spyware Act of 2005– Senator George Allen (R-VA)
Latest Update: S. 1004 was introduced on May 11 and was referred to the Senate Committee on Commerce, Science and Transportation.
Summary: This bill provides the Federal Trade Commission (FTC) with the resources necessary to protect users of the Internet from the unfair and deceptive acts and practices associated with spyware.
H.R. 29 – The SPY ACT – Rep. Mary Bono (R-CA)
Latest Update: Also known as the “Securely Protect Yourself Against Cyber Trespass Act.” On January 6, Rep. Bono re-introduced her bill from the 108th Congress that aims to protect computer users against internet privacy invasion. On February 4, the bill was marked up, passed the House Energy and Commerce Committee's Subcommittee on Commerce, Trade and Consumer Protection, then forwarded on to the full committee for mark-up. On March 9, the full committee ordered the bill to be reported by a vote of 43-0. On April 12, the bill was reported (Amended) by the Committee on Energy and Commerce (H. Rept. 109-32). It was then placed on the Union Calendar, Calendar No. 15. On May 23, H.R. 29 passed the House by a vote of 393-4, and on May 24, it was sent to the Senate and referred to the Committee on Commerce, Science, and Transportation.
In October 2004, the original bill passed overwhelmingly in the House of Representatives, but did not pass the Senate before the 108th Congress came to a close.
Summary: This bill would prevent spyware purveyors from hijacking a home page or tracking users’ keystrokes. It requires that spyware programs be easily identifiable and removable, and allows for collection of personal information only after express consent from the user. Additionally, fines are exponentially increased against abusers. As passed, this bill contains an exemption for legitimate security operations.
H.R. 744 – The I-SPY Prevention Act of 2005 – Rep. Bob Goodlatte (R-VA)
Latest Update: Also known as the “Internet Spyware (I-SPY) Prevention Act of 2005.” On February 10, Representatives Bob Goodlatte, Zoe Lofgren (D-CA-16) and Lamar Smith (R-TX-21) reintroduced the Internet Spyware (I-SPY) Prevention Act of 2005. It was then referred to the House Committee on the Judiciary. On May 23, H.R. 744 passed the House by a vote of 395-1, and on May 24, it was sent to the Senate and referred to the Committee on the Judiciary.
This legislation was originally introduced during the 108th Congress and passed the House of Representatives by a vote of 415-0.
Summary: This bill addresses the most egregious activities that are conducted via spyware. It would make the following activities criminal offenses:
- Intentionally accessing a computer without authorization, or intentionally exceeding authorized access, by causing a computer program or code to be copied onto the computer and using that program or code to:
- Further another federal criminal offense (punishable by fine or imprisonment for up to 5 years)
- Intentionally obtain or transmit “personal information” with the intent of injuring or defrauding a person or damaging a computer (punishable by fine or imprisonment for up to 2 years)
- Intentionally impair the security protections of a computer (punishable by fine or imprisonment for up to 2 years)
The legislation includes language to preempt States from creating civil remedies based on violations of this act.
Phishing
S. 472 – Anti-Phishing Act of 2005 – Senator Patrick Leahy (D-VT)
Latest Update: On February 28, Senator Leahy introduced his anti-phishing legislation, which is similar to legislation he introduced during the 108th Congress (S. 2636). S. 472 was referred to the Senate Judiciary Committee, where it is awaiting further action.
Summary: The Anti-Phishing Act of 2005 criminalizes phishing, making it illegal to knowingly send out spoofed email that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher.
This legislation is similar to H.R. 1099.
H.R. 1099 – Anti-Phishing Act of 2005 – Rep. Darlene Hooley (D-OR)
Latest Update: Rep. Dooley introduced H.R. 1099 on March 3, when it was then referred to the House Committee on the Judiciary. On May 10, it was then referred to the Subcommittee on Crime, Terrorism, and Homeland Security.
Summary: H.R. 1099 criminalizes phishing, making it illegal to knowingly carry on any activity that links to websites with the intention of committing a crime. The legislation is also intended to penalize those who falsely represent themselves as being a legitimate online business and solicits an e-mail recipient to provide identification to the phisher. This legislation is similar to S. 472.
Privacy / Identity Theft Protection / Data Warehouses
S. 29 – Social Security Number Misuse Prevention Act – Senator Dianne Feinstein (D-CA)
Latest Update: S. 29 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
Summary: This bill amends the Federal criminal code to prohibit the display, sale, or purchase of social security numbers without the affirmatively expressed consent of the individual, except in specified circumstances. It directs the Attorney General to study and report to Congress on all the uses of social security numbers permitted, required, authorized, or excepted under any Federal law, including the impact of such uses on privacy and data security. S. 29 establishes a public records exception to the prohibition and directs the Comptroller General to study and report to Congress on social security numbers in public records. The Attorney General is granted rulemaking authority to enforce this Act's prohibition and to implement and clarify the permitted uses occurring as a result of an interaction between businesses, governments, or business and government.
S. 116 – Privacy Act of 2005 – Senator Dianne Feinstein (D-CA)
Latest Update: S. 116 was introduced on Jan. 24 by Senator Feinstein and was referred to the Committee on the Judiciary.
Summary: S. 116 prohibits the sale and disclosure of personally identifiable information by a commercial entity to a non-affiliated third party unless prescribed procedures for notice and opportunity to restrict such disclosure have been followed. The bill grants the Federal Trade Commission (FTC) enforcement authority. S. 166 also amends Federal criminal law to prohibit the display, sale, or purchase of social security numbers (SSNs) without the affirmatively expressed consent of the individual. This legislation prohibits the use of SSNs on checks issued for payment by governmental agencies and driver's licenses or motor vehicle registrations. It prohibits a commercial entity from requiring disclosure of an individual's SSN in order to obtain goods or services, and it establishes criminal and civil monetary penalties for misuse of an SSN.
S. 500 – Information Protection and Security Act
– Senator Bill Nelson
(D-FL)
Latest Update: Senator Nelson introduced the Information Protection and Security Act on March 3 and it was then referred to the Committee on Commerce, Science, and Transportation. H.R. 500 is identical to H.R. 1080, sponsored by Rep. Ed Markey (D-MA).
Summary: S. 500 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
S. 751 – Notification of Risk to Personal Data Act – Senator Dianne Feinstein (D-CA)
Latest Update: S. 751 was introduced on April 11, 2005 and referred to the Committee on the Judiciary. This bill is based on California law, which is the first and currently the only State law requiring notification of individuals.
Summary: S. 751 requires a business or government entity to notify an individual in writing or email when it is believed that personal information has been compromised, with the exception of situations relating to criminal investigation or national security purposes. Examples of personal information include: Social Security number, driver's license or state identification number, or credit card or bank account information. The bill covers both electronic and non-electronic data, as well as encrypted and non-encrypted data.
S. 768 – Comprehensive Identity Theft Prevention Act – Senator Charles Schumer (D-NY) and Senator Bill Nelson (D-FL)
Latest Update: S. 768 was introduced on April 12, 2005, and referred to the Committee on Commerce, Science, and Transportation.
Summary: S. 768 creates a new Federal Trade Commission (FTC) office of identity theft to help victims restore their identities. This office will promulgate regulations for data brokers, governing the sale, maintenance, collection, or transfer of sensitive personal information, including a requirement that reasonable steps are taken to prevent unauthorized access to sensitive personal information; penalties have been established for violators. The bill includes a breach notification provision. S. 768 also establishes an annual identity theft report, will not interfere with provisions of the Fair Credit Reporting Act, and preempts state law.
New! S. 1216 – Financial Privacy Breach Notification Act of 2005 – Senator Jon Corzine (D-NJ)
Latest Update: S. 1216 was introduced on June 9 and was referred to the Senate Committee on Banking, Housing, and Urban Affairs.
Summary: This bill amends the Gramm-Leach-Bliley Act to require a financial institution to promptly notify the following entities whenever a breach of personal information has occurred at such institution: each customer affected by such breach; certain consumer reporting agencies; and appropriate law enforcement agencies. Furthermore, it requires any person that maintains personal information for or on behalf of a financial institution to promptly notify the institution of any case in which such customer information has been breached. Prescribes notification procedures. Finally, it authorizes a customer injured by a violation of this Act to institute a civil action to recover damages and authorizes the Federal Trade Commission to enforce compliance with this Act, including the assessment of fines for violations.
New! S. 1326 – Notification of Risk to Personal Data Act – Senator Jeff Sessions (R-AL)
Latest Update: S. 1326 was introduced on June 28 and referred to the Committee on the Judiciary.
Summary: Defines "breach of security of the system" as compromise of the security of computerized data that provides a reasonable basis to conclude that sensitive personal information is at significant risk of identity theft. S. 1326 requires any entity that owns or licenses sensitive personal information to implement and maintain "reasonable" security and notification procedures and practices appropriate to the nature of the information; preempts any state laws which relate "in any way to electronic information security standards or notification."
New! S. 1332 – Personal Data Privacy and Security Act of 2005 – Senators Arlen Specter (R-PA) and Patrick Leahy (D-VT)
Latest Update: This bill was introduced on June 29 and placed on the Senate Legislative Calendar. On July 1, it was placed on the Senate Legislative Calendar under General Orders.
Summary: S. 1332 deals with different issues relating to identity theft and security breaches, specifically providing security measures that require "business entities" that have info on more than 10,000 US persons to adopt measures, commensurate with the sensitivity of the data and the size and complexity of the entities activities. This bill would encourage the Federal Trade Commission to create a new standard for reasonable security practices, including creating regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. It does not require total federal preemption of any similar state law except to the extent that the state law is inconsistent with this title.
New! S. 1336– Consumer Identity Protection and Security Act – Senator Mark Pryor (D-AR)
Latest Update: S. 1336 was introduced on June 29 and was referred to the Senate Committee on Commerce, Science, and Transportation.
Summary:This bill establish procedures for the protection of consumers from misuse of, and unauthorized access to, sensitive personal information contained in private information files maintained by commercial entities engaged in, or affecting, interstate commerce. More specifically any consumer may request a consumer reporting agency to place a "security freeze" on their private information file if they feel their information has been compromised. The consumer reporting agency must freeze the information no later than 2 business days after receiving a written or telephone request from the consumer or 24 hours after receiving a secure electronic mail request, and must inform the consumer of the enacted freeze. The freeze will only be terminated if the consumer requests the termination or if the consumer reporting agency determines the freeze was requested due to a material misrepresentation of fact by the consumer.
New! S. 1408 – Identity Theft Protection Act – Senators Gordon Smith (R-OR) and Bill Nelson (D-FL)
Latest Update: S. 1408 was introduced on July 14 and referred to the Committee on Commerce, Science and Transportation.
Summary: S. 1408 strengthens data protection and safeguards, requires data breach notification, and further prevents identity theft. Specifically, S. 1408 allows consumers to "freeze" their credit and requires companies to "develop, implement and maintain an effective information security program." Any entity, whether commercial or non-profit, could be fined $11,000 for each person who experiences a security breach; penalties would be capped at $11 million. Entities with breaches affecting more than 1,000 individuals must notify the FTC, and the agency must publish that information on its Web site. Companies must establish procedures to verify the identities of third parties that want to buy sensitive consumer information. S. 1408 prohibits the "covered entities" from using Social Security numbers in transactions unless their business is dependant on the numbers. Finally, "reasonable" risk of fraud would be the standard for triggering notice of security breaches to consumers (rather than the higher standard of "substantial" risk found in S. 751). Under this bill, the FTC will promulgate regulations that require covered entities to develop, implement, and maintain an effective information security program that contains administrative, technical, and physical safeguards for sensitive personal information, taking into account the use of technological safeguards, including encryption, truncation, and other safeguards available or being developed for such purposes; require procedures for verifying the credentials of any third party seeking to obtain the sensitive personal information of another person; and require disposal procedures to be followed by covered entities that dispose of sensitive personal information; or transfer sensitive personal information to third parties for disposal. This bill also requires the Chairman of the FTC to establish an Information Security Working Group to develop best practices to protect sensitive personal information stored and transferred. The Working Group shall be composed of industry participants, consumer groups, and other interested parties; the group would be required to submit to Congress a report on their findings with 12 months of the establishment of the working group.
H.R. 82 – Social Security On-line Privacy Protection Act – Rep. Rodney Frelinghuysen (R-NJ)
Latest Update: Rep. Frelinghuysen introduced H.R. 82 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
Summary: H.R. 82 prohibits an interactive computer service from disclosing to a third party an individual's Social Security number or related personally identifiable information without the individual's prior informed written consent. The bill also requires such service to permit an individual to revoke any consent at any time.
H.R. 84 – Online Privacy Protection Act of 2005 – Rep. Rodney Frelinghuysen (R-NJ)
Latest Update: Rep. Frelinghuysen introduced H.R. 84 on Jan. 4 and it was referred to the Subcommittee on Commerce, Trade and Consumer Protection. On February 4, it was then referred to the Subcommittee on Commerce, Trade and Consumer Protection.
Summary: H.R. 84 requires the Federal Trade Commission to prescribe regulations to protect the privacy of personal information collected from and about individuals who are not covered by the Children's Online Privacy Protection Act of 1998 (age 13 and above) on the Internet. It makes it unlawful for an operator of a Web site or online service to collect, use, or disclose personal information concerning an individual in a manner that is in violation of prescribed regulations, requiring such operators to protect the confidentiality, security, and integrity of personal information it collects from such individuals. H.R. 84 also provides greater individual control over the collection and use of that information by creating a process for such individuals to consent to or limit the disclosure of such information. Additionally, H.R. 84 directs the FTC to provide incentives for efforts of self-regulation by operators to implement appropriate protections for such information. Finally, it authorizes the States to enforce such regulations by bringing actions on behalf of residents, requiring the State attorney general to first notify the FTC of such action.
H.R. 220 – Identity Theft Prevention Act of 2005 – Rep. Ron Paul (R-TX)
Latest Update: H.R. 220 was introduced on Jan. 4 by Rep. Paul. It was then referred to the Committee on Ways and Means and the Committee on Government Reform. On January 25, the Committee on Ways and Means then referred it to the Subcommittee on Social Security.
Summary: H.R. 220 Amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act and the Internal Revenue Code to prohibit using a Social Security account number except for specified Social Security and tax purposes. The bill also prohibits the Social Security Administration from divulging the Social Security account number of an individual to any Federal, State, or local government agency or instrumentality, or to any other individual. Conversely, no Federal, State, or local government agency or instrumentality may request an individual to disclose his Social Security account number on either a mandatory or a voluntary basis, among other prohibitions.
H.R. 1069– Notification of Risk to Personal Data Act – Rep. Melissa Bean (D-IL)
Latest Update: H.R. 1069 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; the Committee on Government Reform; and the Financial Services Subcommittee on Financial Institutions and Consumer Credit.
Summary: This legislation prescribes notification procedures governing any agency, or person engaged in interstate commerce, that owns or licenses electronic data containing personal information, following the discovery of a breach of security of the system containing such data. Furthermore, it amends the Gramm-Leach-Bliley Act to require a financial institution, at which a breach of personal information is reasonably believed to have occurred, to promptly notify each affected customer, each pertinent consumer reporting agency, the information clearinghouse established by the Federal Trade Commission (FTC) under this Act, and appropriate law enforcement agencies in any case in which the financial institution has reason to believe that the breach or suspected breach affects a large number of customers. It also requires any person that maintains personal information for or on behalf of a financial institution to notify promptly the financial institution of any case in which such customer information has been, or is reasonably believed to have been, breached. In addition, the bill amends the Fair Credit Reporting Act to require a consumer reporting agency to maintain a fraud alert file with respect to any consumer upon receiving notice of a breach of personal information from: (1) an agency or person engaged in interstate commerce pursuant to this Act; or (2) a financial institution subject to the Gramm-Leach-Bliley Act. Finally, it authorizes State Attorneys General to bring civil actions in Federal district court to enforce this Act on behalf of the residents of the State and directs the FTC to establish and maintain a clearinghouse to collect and analyze information required under this Act.
H.R. 1078– Social Security Number Protection Act of 2005 – Rep. Ed Markey (D-MA)
Latest Update: H.R. 1078 was introduced on March 3 and was referred to the Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection; and the Committee on Ways and Means.
Summary: This bill amends title II (Old Age, Survivors and Disability Insurance) of the Social Security Act (SSA) to establish criminal penalties for the sale and purchase of the Social Security number and Social Security account number of any person, except in certain circumstances such as health, research, law enforcement, or emergency situations.
H.R. 1080 – Information Protection and Security Act – Rep. Ed Markey (D-MA)
Latest Update: H.R. 1080 was introduced on March 3 by Rep. Markey and was referred to the House Committee on Energy and Commerce. H.R. 1080 is identical to S. 500, sponsored by Senator Bill Nelson (D-FL).
Summary: H.R. 1080 regulates information brokers and protects individual rights with respect to personally identifiable information. Specifically, it authorizes the Federal Trade Commission (FTC) to promulgate regulations requiring information brokers to update the information they store and allow individuals to access their information; upon request by the individual, the information brokers must disclose what information they distribute and to whom it was given; the information brokers must also authenticate users before allowing usage; finally, H.R. 1080 authorizes enforcement by FTC and allows individuals the right to private action against the brokers.
H.R. 1263 – Consumer Privacy Protection Act of 2005 – Rep. Cliff Stearns (R-FL)
Latest Update: H.R. 1263 was introduced on March 10 and referred to the Committee on Energy and Commerce and the Committee on International Relations. On March 22, the Energy and Commerce Committee then referred H.R. 1263 to the Subcommittee on Commerce, Trade and Consumer Protection.
Summary: This bill protects and enhances consumer privacy by instituting a number of requirements for data collection organizations, specifically to provide notification to consumers and to establish a privacy policy with respect to the collection, sale, disclosure for consideration, or use of the consumer's information.
H.R. 1745 – Social Security Number Privacy and Identity Theft Prevention Act of 2005 – Rep. E. Clay Shaw, Jr. (R-FL)
Latest Update: H.R. 1745 was introduced on April 20 and referred to the Committee on Ways and Means, Financial Services, and Energy and Commerce. On May 13, it was referred to the House Energy and Commerce Subcommittee on Commerce, Trade and Consumer Protection, and on May 19, it was referred to the House Financial Services Subcommittee on Financial Institutions and Consumer Credit.
Summary: H.R. 1745 amends the Social Security Act to enhance Social Security account number privacy protections, to prevent fraudulent misuse of the Social Security account number, and to otherwise enhance protection against identity theft. Specifically, it:
- Specifies restrictions on the sale and display to the general public of Social Security account numbers (SSNs) (or any derivatives) by Federal, State, and local governments and bankruptcy case trustees
- Prohibits the display of SSNs (or any derivatives) on checks issued for payment by such governments
- Prohibits the Federal, State, or local government display of SSNs (or any derivatives) on employee identification cards or tags (IDs)
- Prohibits access to the SSNs of other individuals by prisoners employed by Federal, State, or local governments
- Prohibits the selling, purchasing, or displaying of SSNs (with certain exceptions), or the obtaining or use of any individual's SSN to locate or identify such individual with the intent to physically injure or harm such individual or to use the individual's ID for any illegal purpose by any person
H.R. 1745 also subjects to the Fair Credit Reporting Act information regarding a consumer's SSN (and any derivative), and provides that any person who refuses to do business with an individual for refusing to disclose his or her SSN shall be considered to have committed an unfair or deceptive act or practice. Finally, the bill establishes civil and criminal penalties for violations of this Act, and enhanced penalties in cases of terrorism, drug trafficking, crimes of violence, or prior offenses.
New! H.R. 3140– Consumer Data Security and Notification Act of 2005 – Rep. Melissa Bean (D-IL)
Latest Update: H.R. 3140 was introduced on June 30 and was referred to the House Committee on Financial Services.
Summary: This bill expands the protections for sensitive personal information in Federal law to cover the information collection and sharing practices of unregulated information brokers. In addition it enhances information security requirements for consumer reporting agencies and information brokers; and requires consumer reporting agencies, financial institutions, and other entities to notify consumers of data security breaches involving sensitive consumer information.
Internet
H.R. 214 – Advanced Internet Communications Services Act of 2005 – Rep. Cliff Stearns (R-FL)
Latest Update: Rep. Stearns introduced this bill on January 14 and on February 4, it was referred to House Subcommittee on Telecommunications and the Internet.
Summary: The bill aims to promote deployment of and investment in advanced Internet communications services. It gives the Federal Communications Commission (FCC) exclusive authority regarding advanced Internet communications services, allowing the FCC to impose specific requirements or obligations on providers of advanced Internet communications voice service.
Homeland Security
S. 140 – Domestic Defense Fund Act of 2005 – Senator Hillary Clinton (D-NY)
Latest Update: Senator Hillary Clinton introduced S. 140 on January 24. It was referred to the Senate Committee on Homeland Security and Governmental Affairs, where introductory remarks were made on February 15.
Summary: S. 140 provides for a domestic defense fund to improve the Nation's homeland defense by authorizing the Secretary of Homeland Security to award grants to States, units of local government, and Indian tribes for homeland security development. The grant awardees are required to develop a homeland security plan identifying both short- and long-term homeland security needs, among other items. 70 percent of grant funds are required to be allocated among metropolitan cities and urban counties based on the Secretary's calculations of various infrastructure vulnerabilities and threats such as proximity to international borders, nuclear or other energy facilities, air, rail or water transportation, and national icons and Federal buildings.
H.R. 91 – Smarter Funding for All of America's Homeland Security Act of 2005 – Rep. Rodney P. Frelinghuysen (R-NJ)
Latest Update: Rep Rodney Frelinghuysen introduced H.R. 91 on January 4. It was referred to the Committee on Homeland Security (Select), and also referred to the Committees on Transportation and Infrastructure, the Judiciary, and Energy and Commerce for consideration of provisions as they fall within the jurisdiction of the committee concerned. On February 25, it was referred to the Subcommittee on Health, where it currently is waiting for action by the Chairman.
Summary: H.R. 91 modifies the DHS grant program, authorizing the Secretary of Homeland Security to make grants to first responders. One new criteria will be "Threats to major communications nodes, including cyber and telephonic nodes."
Healthcare
S. 1223 – Information Technology for Health Care Quality Act – Senator Christopher Dodd (D-CT)
Latest Update: S. 1223 was introduced on June 9 and referred to the Senate Committee on Health, Education, Labor, and Pensions.
Summary: This bill amends the Public Health Service Act to improve the quality and efficiency of health care delivery through improvements in health care information technology. It establishes within the executive office of the President an Office of Health Information Technology, which will be headed by a Director appointed by the President. The Director is tasked to:
- Improve the quality and increase the efficiency of health care delivery through the use of health information technology
- Provide national leadership relating to, and encourage the adoption of, health information technology
- Direct all health information technology activities within the Federal Government
- Facilitate the interaction between the Federal Government and the private sector relating to health information technology development and use
Specifically, the Office will develop a national strategy for improving the quality and enhancing the efficiency of health care through the improved use of health information technology and the creation of a National Health Information Infrastructure, and serve as the principle advisor to the President concerning health information technology.
S. 1262 – Technology to Enhance Quality Act of 2005 (Health TEQ) – Senator Bill Frist (R-TN)
Latest Update: On June 16, Senator Frist introduced the “Health Technology to Enhance Quality Act of 2005” (Health TEQ), which creates an interoperable health information technology (IT) system through the adoption of standards that will help reduce costs, enhance efficiency and improve overall patient care.
Summary: The Health Technology to Enhance Quality Act of 2005 implements health information technology standards that would guide the design and operation of interoperable health information systems. The legislation codifies the Office of National Coordinator for Information Technology and establishes standards for the electronic exchange of health information. The bill also authorizes grants to local and regional consortiums to implement health information technology infrastructure that is compliant with national standards and establishes measures to assess the quality of care. Finally, it establishes standard quality measures to better assess the value of federal programs.
H.R. 2234 – The 21st Century Health Information Act of 2005 – Rep. Tim Murphy (R-PA)
Latest Update: HR 2234 was introduced on May 10 and then referred to the Committee on Energy and Commerce and the Committee on Ways and Means. On May 23, the Committee on Energy and Commerce referred the bill to the Subcommittee on Health.
Summary: HR 2234 authorizes the Secretary of Health and Human Services (HHS) to create grants that will assist in establishing regional health information organizations; these organizations will create a network of integrated health information technology. The bill contains no explicit security standards, but requires each recipient of an HHS grant to submit a plan detailing the proposed network and how the network will be supported and secured. H.R. 2234 places itself squarely within the confines of HIPAA's privacy and security rules, so there are no new standards; however it does include language regarding certification the systems will require prior to being eligible for purchase with government grant money. Also of note, the bill requires the operators of these regional health information organizations to report both to the secretary of HHS and to the individual affected if personally identifiable information is compromised or if unauthorized access occurs. The operator must report the conditions of such unauthorized access to the Secretary but merely notify the individual.
H.R. 2762 – Demonstration Project: Internet-Based Submission Form – Rep. Rob Andrews (D-NJ)
Latest Update: On June 7, H.R. 2762 was introduced and referred to the Committee on Ways and Means, and the Committee on Energy and Commerce. On June 17, the Committee on Energy and Commerce then referred the bill to the Subcommittee on Health.
Summary: HR 2762 directs the Secretary of Health and Human Services to implement a three-year demonstration project to provide for the use of the Internet for the electronic submission of claims by providers of services under the Medicare program for which the HCFA-1500 claim form is utilized. The Secretary may carry out the project directly or through a third-party contractor. Additionally, the Secretary is directed to ensure that a third-party contractor participating under the project shall protect the confidentiality of individually identifiable health information consistent with the standards for the privacy of such information promulgated by the Secretary under the Health Insurance Portability and Accountability Act of 1996, or any subsequent comprehensive and more protective set of confidentiality standards enacted into law or promulgated by the Secretary. Finally, third-party contractors are prohibited from selling any individually identifiable health information collected under the project. The Secretary shall periodically submit reports to the Congress providing:
- Analysis of the overall effectiveness of the project; findings with respect to the increase or reduction in funds lost to fraud, abuse, misuse, mistakes, and any other factor the Secretary determines to be appropriate
- Changes in efficiency in processing claims submitted by electronic means compared with claims not submitted electronically
- Recommendations on continuation of the project, and extension or expansion of the use of Internet-based electronic claims submission under the Medicare program
VoIP
H.R. 2418 – I.P.-Enabled Voice Communications and Public Safety Act – Rep. Bart Gordon (D-TN)
Latest Update: On May 18, Rep. Bart Gordon introduced HR 2418, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was introduced in the House Energy and Commerce Committee, which has jurisdiction over telecommunications, as well as Internet, issues. On June 3, it was then referred to the Subcommittee on Telecommunications and the Internet. Senator Bill Nelson of Florida introduced a companion bill in the Senate, S. 1063, on May 19.
Summary: H.R. 2418 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
S. 1063 – I.P.-Enabled Voice Communications and Public Safety Act – Senator Bill Nelson (D-FL)
Latest Update: On May 18, Senator Bill Nelson introduced S. 1063, the I.P.-Enabled Voice Communications and Public Safety Act. The bill was referred to the Committee on Commerce, Science, and Transportation. Rep. Bart Gordon of Tennessee introduced a companion bill in the House, H.R. 2418, on May 18.
Summary: S. 1063 requires all Internet telephone providers (VoIP) to connect emergency 911 calls made by their customers by requiring traditional telephone companies to give VOIP companies access to their 911 networks. Additionally, the bill requires VOIP companies to provide enhanced 911 services, allowing emergency personnel to determine physical locations of a call and other related information. The legislation states that any VOIP service provider that cannot comply with these requirements must give customers clear and conspicuous notice that 911 and E911 services are not available to them. This clear notice must be given when the customer purchases the service.
Energy
H.R. 6 – Energy Policy Act of 2005 – Rep. Joe Barton (R-TX)
Latest Update: On April 18, H.R. 6 was introduced and referred to the following Committees: Energy and Commerce; Education and the Workforce; Financial Services; Agriculture; Resources; Science; Ways and Means; and Transportation and Infrastructure. The House Energy and Commerce Committee then referred it to the Subcommittee on Energy and Air Quality, and the House Resources Committee held Committee Consideration and Mark-up Session on April 13, prior to introduction. On April 19, the Rules Committee Resolution (H. Res. 219) was reported to the House, which subsequently passed the House on April 20. On April 20 and 21, the House debated several amendments, passed by a vote of 249-183, and on April 26, it was received in the Senate. On June 9, H.R. 6 was placed on the Senate Legislative Calendar. It appears that the companion bill in the Senate, S. 10, does not contain any provisions relating to cyber security.
On June 14, the Senate received the bill, and on June 28, it passed by a vote of 85-12. A conference was held in late July to reconcile H.R. 6 and S. 10.
Summary: H.R. 6 sets forth an energy research and development program, including: (1) energy efficiency; (2) renewable energy; (3) oil and gas; (4) coal; (5) Indian energy; (6) nuclear matters and security; (7) vehicles and motor fuels, including ethanol; (8) hydrogen; (9) electricity; and (10) energy tax incentives. Two prevalent cyber security-related measures in this bill include: a provision for the President, the Nuclear Regulatory Commission, and other appropriate Federal, State, and local agencies and private entities, to conduct a study of nuclear facility threats, including an assessment of physical, cyber, biochemical, and other terrorist threats; and an amendment regarding electric reliability standards, which is defined as providing for reliable operation of bulk-power system facilities, including cybersecurity protection. In reference to electric reliability standards, H.R. 6 includes cybersecurity threats when defining “reliable operation” to mean: “operating the elements of the bulk-power system within equipment and electric system thermal, voltage, and stability limits so that instability, uncontrolled separation, or cascading failures of such system will not occur as a result of a sudden disturbance, including a cybersecurity incident, or unanticipated failure of system elements.” And finally, “cybersecurity incident” is defined as “a malicious act or suspicious event that disrupts, or was an attempt to disrupt, the operation of those programmable electronic devices and communication networks including hardware, software and data that are essential to the reliable operation of the bulk power system.”