HouseH.R. 9486119th Congress

Health DATA Act of 2026

Full Text

Official text as published. Use Ctrl+F / Cmd+F to search within the document.

[Congressional Bills 119th Congress]
[From the U.S. Government Publishing Office]
[H.R. 9486 Introduced in House (IH)]

<DOC>

119th CONGRESS
  2d Session
                                H. R. 9486

    To amend the Employee Retirement Income Security Act of 1974 to 
       increase transparency of group health plan data, prevent 
                discrimination, and for other purposes.

_______________________________________________________________________

                    IN THE HOUSE OF REPRESENTATIVES

                             June 25, 2026

  Mr. Takano introduced the following bill; which was referred to the 
                  Committee on Education and Workforce

_______________________________________________________________________

                                 A BILL

 
    To amend the Employee Retirement Income Security Act of 1974 to 
       increase transparency of group health plan data, prevent 
                discrimination, and for other purposes.

    Be it enacted by the Senate and House of Representatives of the 
United States of America in Congress assembled,

SECTION 1. SHORT TITLE.

    This Act may be cited as the ``Health Data Access, Transparency, 
and Affordability Act of 2026'' or ``Health DATA Act of 2026''.

SEC. 2. INCREASING TRANSPARENCY OF GROUP HEALTH PLAN DATA.

    (a) Group Health Plan Audit Rights.--
            (1) In general.--Section 408(b)(2) of the Employee 
        Retirement Income Security Act of 1974 (29 U.S.C. 1108(b)(2)) 
        is amended by inserting after subparagraph (C) the following:
                    ``(D) No contract or arrangement for services, and 
                no extension or renewal of such a contract or 
                arrangement, between a group health plan (as defined in 
                section 733(a)) and any other entity, including a 
                health care provider (including a health care 
                facility), network or association of providers, service 
                provider offering access to a network of providers, 
                third-party administrator, or entity providing pharmacy 
                benefit management services, is reasonable within the 
                meaning of this paragraph unless such contract or 
                arrangement--
                            ``(i) allows the group health plan to audit 
                        all de-identified claims and encounter 
                        information or data described in section 
                        724(a)(1)(B), provided that such information or 
                        data has been deidentified in accordance with 
                        section 164.514 of title 45, Code of Federal 
                        Regulations (or successor regulations), to--
                                    ``(I) ensure that such entity 
                                complies with the terms of the plan, 
                                the terms of the contract or 
                                arrangement for services, and the 
                                requirements of this title; and
                                    ``(II) determine the reasonableness 
                                of compensation received by such 
                                entity; and
                            ``(ii) does not--
                                    ``(I) unreasonably limit the number 
                                of audits permitted during a given 
                                period of time;
                                    ``(II) limit the number of de-
                                identified claims and encounter 
                                information or data that the group 
                                health plan may access during an audit;
                                    ``(III) limit the disclosure of 
                                pricing terms for value-based payment 
                                arrangements or capitated payment 
                                arrangements, including--
                                            ``(aa) payment calculations 
                                        and formulas;
                                            ``(bb) quality measures;
                                            ``(cc) contract terms;
                                            ``(dd) payment amounts;
                                            ``(ee) measurement periods 
                                        for all incentives; and
                                            ``(ff) other payment 
                                        methodologies used by an 
                                        entity, including a health care 
                                        provider (including a health 
                                        care facility), network or 
                                        association of providers, 
                                        service provider offering 
                                        access to a network of 
                                        providers, third-party 
                                        administrator, or entity 
                                        providing pharmacy benefit 
                                        management services;
                                    ``(IV) limit the disclosure of 
                                overpayments and overpayment recovery 
                                terms;
                                    ``(V) limit the right of the group 
                                health plan to select an auditor;
                                    ``(VI) otherwise limit or unduly 
                                delay by greater than 60 calendar days 
                                after the date of request the group 
                                health plan from auditing any such de-
                                identified claims and encounter 
                                information or data; or
                                    ``(VII) permit the entity to charge 
                                a fee beyond the reasonable direct 
                                costs to provide the required 
                                information and otherwise comply and 
                                assist with an audit request.''.
            (2) Privacy requirements.--
                    (A) In general.--Section 408(b)(2) of the Employee 
                Retirement Income Security Act of 1974 (29 U.S.C. 
                1108(b)(2)), as amended by paragraph (1), is further 
                amended by adding at the end the following:
                    ``(E) Privacy requirements.--
                            ``(i) In general.--An entity shall--
                                    ``(I) provide data or information 
                                under subparagraph (D) in a manner 
                                consistent with--
                                            ``(aa) the privacy 
                                        regulations promulgated under 
                                        section 13402(a) of the Health 
                                        Information Technology for 
                                        Clinical Health Act (42 U.S.C. 
                                        17932(a)); and
                                            ``(bb) the privacy 
                                        regulations promulgated under 
                                        the Health Insurance 
                                        Portability and Accountability 
                                        Act of 1996 in part 160 and 
                                        subparts A and E of part 164 of 
                                        title 45, Code of Federal 
                                        Regulations (or successor 
                                        regulations); and
                                    ``(II) to the extent such data or 
                                information constitutes protected 
                                health information, restrict the use 
                                and disclosure of such information for 
                                purposes of such privacy regulations.
                            ``(ii) Restriction.--A group health plan 
                        shall comply with section 164.504(f) of title 
                        45, Code of Federal Regulations (or a successor 
                        regulation), and a plan sponsor shall act in 
                        accordance with the terms of the agreement 
                        described in such section.''.
    (b) Civil Enforcement.--
            (1) In general.--Subsection (c) of section 502 of such Act 
        (29 U.S.C. 1132) is amended by adding at the end the following:
            ``(14) In the case of an agreement between a group health 
        plan and a health care provider (including a health care 
        facility), network or association of providers, service 
        provider offering access to a network of providers, third-party 
        administrator, entity providing pharmacy benefit management 
        services, or other service provider that violates the 
        provisions of section 724, the Secretary may assess a civil 
        penalty against such provider, network or association of 
        providers, service provider offering access to a network of 
        providers, third-party administrator, entity providing pharmacy 
        benefit management services, or other service provider in the 
        amount of $10,000 for each day during which such violation 
        continues. Such penalty shall be in addition to other penalties 
        as may be prescribed by law.''.
            (2) Penalty collection.--Paragraph (6) of section 502(a) of 
        such Act, is amended to read as follows:
            ``(6) by the Secretary to collect any civil penalty that 
        the Secretary has imposed or assessed pursuant to this 
        title;''.
    (c) Improving Collection of Gag Clause Attestations.--
            (1) In general.--Section 506 of such Act (29 U.S.C. 1136) 
        is amended by adding at the end the following:
    ``(d) Attestations Relating to Group Health Plan Data.--
Notwithstanding subsection (a) of this section, the Secretary shall 
collect the attestations required to be submitted under section 
724(a)(3). The Secretary shall ensure that any service provider 
submitting such an attestation on behalf of a group health plan does 
not have any conflicts of interest with regard to such attestation.''.
            (2) Conforming amendment.--Section 506(a) of such Act (29 
        U.S.C. 1136(a)) is amended by striking ``In order'' and 
        inserting ``Subject to subsection (d), in order''.

SEC. 3. FIDUCIARY DUTY WITH RESPECT TO PLAN DATA.

    Section 3(21)(A)(iii) of the Employee Retirement Income Security 
Act (29 U.S.C. 1002(21)(A)(iii)) is amended by striking ``such plan.'' 
and inserting the following: ``such plan, including any authority over 
the use, management, disposition, or safeguarding of data generated, 
used, or maintained by the plan or a service provider to the plan in 
connection with the administration of benefits or management of plan 
assets.''.

SEC. 4. PREVENTING DISCRIMINATION BASED ON PLAN DATA.

    (a) In General.--Part 5 of subtitle B of title I of the Employee 
Retirement Income Security Act of 1974 (29 U.S.C. 1131 et seq.) is 
amended by adding at the end the following:

``SEC. 524. PREVENTING DISCRIMINATION BASED ON PLAN DATA.

    ``(a) In General.--It shall be unlawful for a person specified in 
subsection (c) to discharge, fine, suspend, expel, discipline, or 
discriminate against, including by failing to meet the requirements of 
subsection (a) or (b) of section 702 (related to discrimination in 
eligibility and premiums for participation in group health plans), a 
participant or beneficiary on the basis of information or data 
described in section 724.
    ``(b) Enforcement.--
            ``(1) In general.--The provisions of section 502 shall be 
        applicable in the enforcement of this section, except that in 
        any action brought under subsection (a)(1)(B) of such section 
        in relation to data or information described in section 724, a 
        participant or beneficiary may not be required to exhaust 
        administrative remedies prior to bringing such action.
            ``(2) Equitable relief.--In applying section 502 for the 
        purposes of this section, the term `equitable relief' shall 
        include any relief necessary to restore a participant or 
        beneficiary to the position they would have occupied but for a 
        violation of subsection (a).
            ``(3) Civil monetary penalty.--
                    ``(A) In general.--In the case of a violation of 
                subsection (a) by a person, the Secretary may assess a 
                civil monetary penalty against such person.
                    ``(B) Amount.--The amount of the civil monetary 
                penalty imposed by subparagraph (A) shall be $100 for 
                each day in the noncompliance period with respect to 
                each participant or beneficiary to whom such violation 
                of subsection (a) relates.
                    ``(C) Noncompliance period.--For the purposes of 
                this subparagraph, the term `noncompliance period' 
                means, with respect to any violation of subsection (a), 
                the period--
                            ``(i) beginning on the date such violation 
                        occurs; and
                            ``(ii) ending on the date such violation is 
                        corrected.
    ``(c) Specified Person.--A person specified in this subsection is 
any of the following:
            ``(1) An employer.
            ``(2) A plan sponsor.
            ``(3) A plan administrator.
            ``(4) A plan fiduciary.''.
    (b) Rule of Construction.--Nothing in this Act, or the amendments 
made by this Act, shall be construed to limit the application of any 
Federal or State privacy or civil rights law, including the HIPAA 
privacy regulations, the Genetic Information Nondiscrimination Act of 
2008 (Public Law 110-233) (including the amendments made by such Act), 
the Americans with Disabilities Act of 1990 (42 U.S.C. 12101 et seq.), 
section 504 of the Rehabilitation Act of 1973 (29 U.S.C. 794), section 
1557 of the Patient Protection and Affordable Care Act (42 U.S.C. 
18116), title VI of the Civil Rights Act of 1964 (42 U.S.C. 2000d), and 
title VII of the Civil Rights Act of 1964 (42 U.S.C. 2000e).
    (c) Clerical Amendment.--The table of contents in section 1 of the 
Employee Retirement Income Security Act of 1974 (29 U.S.C. 1001 et 
seq.) is amended by inserting after the item relating to section 523 
the following:

``Sec. 524. Preventing discrimination based on plan data.''.
                                 <all>