HouseH.R. 9228119th Congress
Health Data Access, Transparency, and Affordability Act of 2026
Full Text
Official text as published. Use Ctrl+F / Cmd+F to search within the document.
[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9228 Introduced in House (IH)]
<DOC>
119th CONGRESS
2d Session
H. R. 9228
To amend the Employee Retirement Income Security Act of 1974 to ensure
plan fiduciaries have access to de-identified information relating to
health claims, and for other purposes.
_______________________________________________________________________
IN THE HOUSE OF REPRESENTATIVES
June 9, 2026
Mr. Onder introduced the following bill; which was referred to the
Committee on Education and Workforce
_______________________________________________________________________
A BILL
To amend the Employee Retirement Income Security Act of 1974 to ensure
plan fiduciaries have access to de-identified information relating to
health claims, and for other purposes.
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress assembled,
SECTION 1. SHORT TITLE.
This Act may be cited as the ``Health Data Access, Transparency,
and Affordability Act of 2026''.
SEC. 2. INCREASING GROUP HEALTH PLAN ACCESS TO HEALTH DATA.
(a) Group Health Plan Access to Information.--
(1) Definition.--Section 3 of the Employee Retirement
Income Security Act of 1974 (29 U.S.C. 1002) is amended by
adding at the end the following:
``(46) Network service provider.--
``(A) In general.--The term `network service
provider' means--
``(i) any person or entity that has an
arrangement or contract, direct or indirect, to
provide services to a group health plan (as
defined in section 733(a)), including a health
care provider, health care facility, network or
association of providers, service provider
offering access to a network of providers,
third party administrator, health insurance
issuer (as defined in section 733(b)), entity
providing pharmacy benefit management services,
or any other service provider; and
``(ii) any person or entity acting as an
intermediary between the group health plan and
a person or entity described in subparagraph
(A).
``(B) Health care provider.--Notwithstanding
subparagraph (A), no health care provider shall be
considered a network service provider solely in its
capacity as a provider of health care services.''.
(2) In general.--Section 408(b)(2) of such Act (29 U.S.C.
1108(b)(2)) is amended by adding at the end the following:
``(D) No contract or arrangement for services, whether
direct or indirect, and no extension or renewal of such
contract or arrangement, between a group health plan (as
defined in section 733(a)) and any other person or entity,
including a network service provider, is reasonable within the
meaning of this paragraph unless such contract or arrangement--
``(i) allows the responsible plan fiduciary (as
that term is defined in subparagraph (B)(ii)(I)) and
the designated agent (which may include the plan
sponsor, the plan administrator, or a business
associate (other than such other party or entity (or
its subsidiaries or affiliates))) of such fiduciary
access to all claims and encounter information
described in section 724(a)(1)(B), and any
documentation, including medical records and policy
documents, supporting claim payments; and
``(ii) does not--
``(I) limit or delay access by the
responsible plan fiduciary or designated agent
to claims and encounter information or data for
longer than 15 days or a period determined
appropriate by the Secretary, whichever is
shorter;
``(II) limit the amount of claims and
encounter information or data that the
responsible plan fiduciary or designated agent
may access pursuant to any request for such
information or data;
``(III) limit access by the responsible
plan fiduciary or designated agent to pricing
terms for alternative payment arrangements or
capitated payment arrangements, including--
``(aa) payment calculations and
formulas;
``(bb) quality measurements or
indicators;
``(cc) contract terms;
``(dd) payment amounts;
``(ee) measurement periods for all
incentives; and
``(ff) other payment methodologies;
``(IV) limit access by the responsible plan
fiduciary or designated agent to information
regarding overpayments, including terms for
recovery of overpayments;
``(V) limit the ability of the group health
plan, the plan sponsor, or the plan
administrator of such plan to select an auditor
and define the scope and frequency of audits;
``(VI) otherwise limit or delay the
responsible plan fiduciary or designated agent
from accessing such claims and encounter
information or data in a daily batch or on a
daily basis;
``(VII) limit the disclosure to the
responsible plan fiduciary or designated agent
of fees charged to the group health plan
related to plan administration and claims
processing, including renegotiation fees,
access fees, repricing fees, or enhanced review
fees;
``(VIII) limit the ability of the
responsible plan fiduciary or designated agent
to request action on any claims or claim
payments that such fiduciary or agent
identifies as potentially erroneous or
fraudulent;
``(IX) limit public disclosure of de-
identified or aggregated information; or
``(X) limit access by the responsible plan
fiduciary or designated agent to any extra-
contractual terms containing claims payment
calculations and formulas, pricing
methodologies, and other information used to
determine the dollar value of provider
reimbursement.
``(E)(i) A person or entity shall provide information or
data under this paragraph in a manner consistent with the
privacy and security regulations promulgated under the Health
Insurance Portability and Accountability Act (referred to in
this paragraph as `HIPAA').
``(ii) A group health plan that receives a disclosure
pursuant to subparagraph (B) or (C) shall comply with the
privacy and security regulations promulgated under HIPAA.
``(iii) Nothing in this subparagraph shall be construed to
modify the requirements for the creation, receipt, maintenance,
or transmission of protected health information under the HIPAA
privacy regulation (as defined in section 1180(b)(3) of the
Social Security Act) as they apply directly or indirectly to a
person or an entity pursuant to this paragraph.
``(iv) This subparagraph shall not be read to abridge or
limit the disclosure requirements under this paragraph or to
impose additional privacy or security requirements on network
service providers or plan sponsors.
``(F) A group health plan receiving information or data
under this paragraph may disclose such information only in a
manner that is consistent with HIPAA and the privacy and
security regulations promulgated thereunder, regardless of
their direct or indirect applicability to the plan or any
persons or entities that could be or are business associates.
``(G) Information made available under this subparagraph
shall conform to the following standards:
``(i) All claims from a healthcare provider shall
be provided to the group health plan in accordance with
transaction standards adopted by regulation under
HIPAA, as follows:
``(I) Institutional, professional, and
dental claims shall be in ASC X12N 837 format
or any subsequent standard approved by the
Secretary.
``(II) Pharmacy claims shall be in the
National Council for Prescription Drug Programs
format or any subsequent standard approved by
the Secretary.
``(III) The files shall contain unmodified
data taken directly from the files sent from
the provider. In the event that paper claims
are sent by the provider, they shall be
converted to the appropriate standard
electronic format. The files shall be
accessible to the plan at no cost to the group
health plan.
``(ii) All claim payment (or electronic funds
transfer (EFT)) and electronic remittance advice (ERA)
notices sent by a network service provider shall be
made available to the group health plan as ASC X12N 835
files, or any subsequent standard approved by the
Secretary, in accordance with standards adopted by
regulation under HIPAA. The files shall be unmodified
copies of the files sent by the network service
provider to the healthcare provider. Files shall be
accessible at no cost to the group health plan.
``(iii) All non-claim costs shall be itemized and
made available to the group health plan in real time
through a web-based portal, through an Application
Programming Interface and through a downloadable Comma
Separated Value file, or any subsequent standards
approved by the Secretary.
``(H) The Secretary shall have authority to implement
subparagraphs (C) through (F) through notice and comment
rulemaking in accordance with section 553 of title 5, United
States Code.''.
(3) Civil enforcement.--Section 502(c) of such Act (29
U.S.C. 1132(c)) is amended by adding at the end the following:
``(14) In the case of an agreement between a group health plan (as
defined in section 733(a)), or the responsible plan fiduciary, the plan
sponsor, or the plan administrator of such plan, and any other person
or entity, including a network service provider that violates section
724, the Secretary of Labor may assess a civil penalty against such
other person or entity in the amount of up to $10,000 for each day
during which such violation continues. Such penalty shall be in
addition to other penalties as may be prescribed by law.''.
(4) Existing provisions void.--Section 410 of such Act (29
U.S.C. 1110) is amended by adding at the end the following:
``(c) Any provision in an agreement or instrument shall be void as
against public policy if such provision--
``(1) delays or limits a group health plan (as defined in
section 733(a)), or the responsible plan fiduciary, the plan
sponsor, or the plan administrator of such plan, from accessing
the claims and encounter information or data described in
section 724(a)(1)(B); or
``(2) violates the requirements of section 408(b)(2).''.
(5) Prohibition on indemnification of service providers for
civil penalties.--Section 410(a) of such Act (29 U.S.C.
1110(a)) is amended--
(A) by striking ``Except'' and inserting ``(1)
Except''; and
(B) by adding at the end the following:
``(2) Except as provided in subsection 410(b)(2), no person
or entity subject to a civil enforcement penalty under section
502(a)(13), 502(a)(14), 502(a)(15) or section 727(d) may be
indemnified, directly or indirectly, or otherwise relieved from
liability for any penalty, responsibility, obligation, or duty
of such person or entity under this title.
``(3) Any provision of a contract or agreement in violation
of paragraph (2) shall be void as against public policy.''.
(b) Updated Attestation for Price and Quality Information.--Section
724(a)(3) of such Act (29 U.S.C. 1185m(a)(3)) is amended to read as
follows:
``(3) Attestation.--
``(A) In general.--Subject to subparagraph (C), a
group health plan or health insurance issuer offering
group health insurance coverage shall annually submit
to the Secretary an attestation that such plan or
issuer of such coverage is in compliance with the
requirements of this subsection. Such attestation shall
also include a statement verifying that--
``(i) the information or data described
under subparagraphs (A) and (B) of paragraph
(1) is available upon request and provided to
the group health plan, the plan sponsor, the
plan administrator, or the business associate
(other than the contracting party or entity or
its subsidiaries or affiliates) of such plan,
or the issuer in a timely manner; and
``(ii) there are no terms in the agreement
under such paragraph (1) that directly or
indirectly restrict or unduly delay a group
health plan, the plan sponsor, the plan
administrator, a business associate (other than
the contracting party or entity or its
subsidiaries or affiliates) of such plan, or
the issuer from auditing, reviewing, or
otherwise accessing such information.
``(B) Limitation on submission.--A group health
plan or issuer offering group health insurance coverage
may not enter into an agreement with a third-party
administrator or other service provider to submit the
attestation required under subparagraph (A).
``(C) Exception.--In the case of a group health
plan or issuer offering group health insurance coverage
that is unable to obtain the information or data needed
to submit the attestation required under subparagraph
(A), such plan or issuer may submit a written statement
in lieu of such attestation that includes--
``(i) an explanation of why such plan or
issuer was unsuccessful in obtaining such
information or data, including whether such
plan, the plan sponsor, or the plan
administrator or issuer was limited or
prevented from auditing, reviewing, or
otherwise accessing such information or data;
``(ii) a description of the efforts made by
the group health plan, the plan sponsor, or the
plan administrator to remove any gag clause
provisions from the agreement under paragraph
(1); and
``(iii) a description of any response by
the third-party administrator or other service
provider with respect to efforts to comply with
the attestation requirement under subparagraph
(A), including the name of the third-party
administrator or other service provider.''.
(c) Effective Date.--The amendments made by subsections (a) and (b)
shall apply with respect to a plan beginning with the first plan year
that begins on or after the date that is 1 year after the date of
enactment of this Act regardless of the date of execution of any
contact with a network service provider.
<all>