WeVote

Bill

Bill

HR 9228

Health Data Access, Transparency, and Affordability Act of 2026

119th Congress

empowers ERISA health plans to obtain standardized, timely access to de-identified claims data and related information from providers and admins to audit pricing, detect overpaymen

Committee Consideration and Mark-up Session Held
0
WeVote Research Nonpartisan
Bill Summary · HR 9228

Overview

  • Bill: HR 9228
  • Session: 119th Congress
  • Title: Health Data Access, Transparency, and Affordability Act of 2026
  • Purpose: Amend the Employee Retirement Income Security Act of 1974 (ERISA) to ensure group health plan fiduciaries have broad access to de-identified health claims data and related information, with defined privacy protections and enforceable standards. The goal appears to enhance plan fiduciaries’ ability to access, audit, and analyze health claim information to improve transparency, pricing, and affordability.

Main purpose and intent

  • To increase access for group health plans to claims, encounter information, and related data held by network service providers and other entities involved in administering health benefits.
  • To require that this information be accessible in a standardized, timely, and privacy-protected manner, enabling fiduciaries, plan sponsors, and plan administrators to audit payments, assess pricing, and identify potential overpayments or fraud.
  • To bolster enforcement and deter non-compliance through civil penalties for violations and to void provisions in agreements that hinder data access.

Key provisions and changes

  1. Expanded Definition: Network Service Provider (NSP)

    • Adds a new definitional category for NSPs, including entities that provide services to a group health plan (providers, facilities, networks, third-party administrators, health insurers, pharmacy benefit managers, etc.), and intermediaries between plans and service providers.
    • Clarifies that a health care provider is not automatically treated as an NSP solely by virtue of providing health care services.
  2. Enhanced fiduciary access to data (ERISA § 408(b)(2))

    • Amends the approval standard for contracts/arrangements between a group health plan and any service provider (including NSPs) to be reasonable only if:
      • The plan fiduciary and designated agent have access to all applicable claims and encounter information and supporting documentation (e.g., medical records, policy documents).
      • Access is not unduly delayed or restricted beyond specified timeframes (default: no longer than 15 days, or a period set by the Secretary).
      • Restrictions are not placed on access to data such as pricing terms for alternative or capitated payment arrangements, including calculations, quality indicators, contract terms, and related payment methodologies.
      • Restrictions do not impede access to information about overpayments, audit rights, daily access capabilities, or disclosure of fees related to plan administration and claims processing.
      • No other limits impede access to extra-contractual terms used to determine reimbursement amounts.
  3. HIPAA-consistent information handling

    • Data provided under the new provisions must comply with HIPAA privacy and security regulations.
    • Disclosure of de-identified or aggregated information must also align with HIPAA rules, and standard privacy protections apply.
  4. Data delivery standards and format

    • Requires data to be provided in standardized formats:
      • Claims (institutional, professional, dental): ASC X12N 837 format (or Secretary-approved successors).
      • Pharmacy claims: NCPC (NCPDP) format (or Secretary-approved successors).
      • Non-claim costs: itemized and available in real time via web portal, API, or downloadable CSV (or Secretary-approved successors).
      • EFT/ERA and related notices: ASC X12N 835 files (or successors).
    • Files must be unmodified copies of data sent by the network service provider to the healthcare provider, and accessible at no cost to the group health plan.
  5. Enforcement and penalties

    • Allows the Secretary of Labor to assess civil penalties up to $10,000 per day for violations of the new data-access provisions (section 724-related). Penalties are in addition to other penalties.
  6. Public policy and contract provisions

    • Any contract provision that delays or limits access to claims/encounter data described in section 724(a)(1)(B) is void as against public policy.
    • Adds prohibitions on indemnification for civil penalties for service providers (with limited carve-outs), ensuring entities cannot pass liability for penalties back to plans.
  7. Annual attestation on pricing and quality (ERISA § 724(a)(3))

    • Requires group health plans or issuers to annually attest to compliance with data-access requirements.
    • Attestation must confirm availability of requested information in a timely manner and that no terms unduly restrict audits or access.
    • Prohibits submitting attestation through third-party administrators or other service providers (mandatory direct attestations by the plan/issuer).
    • If an attestation cannot be completed, plans may submit a written explanation detailing efforts to obtain information, gag clause removal efforts, and responsiveness of service providers.
  8. Effective date

    • Provisions take effect for first plan year beginning one year after enactment, regardless of existing contracts.

Who is affected

  • Group health plans (as defined in ERISA section 733(a)).
  • Plan sponsors and plan administrators.
  • Designated agents of fiduciaries (including business associates, but not the contracting party’s subsidiaries/affiliates for certain access purposes).
  • Network service providers and other service providers/administrative entities involved in health plan administration (e.g., TPA, PBMs, insurers, providers, facilities, networks).
  • Plan beneficiaries and providers indirectly through changes to pricing transparency and potential cost containment measures.

Procedural and timeline aspects

  • The bill would apply to plan years starting one year after enactment.
  • Requires rulemaking by the Secretary of Labor (in collaboration with HIPAA/privacy standards) to implement subparagraphs (C) through (F) regarding data access and formats.
  • Establishes an enforcement mechanism via civil penalties, with a specified daily maximum.
  • Includes a voiding clause for agreements that impede data access or violate the new requirements.

Potential impact and considerations

  • Improves transparency and data-driven oversight of health claim payments and pricing.
  • Aims to reduce overpayments and improve affordability by enabling fiduciaries to scrutinize payments, audits, and methods used by providers and administrators.
  • Balances data access with privacy protections by tying requirements to HIPAA regulations.
  • Could increase administrative compliance costs for NSPs and plan sponsors due to new data-sharing standards and penalties for non-compliance.
  • Might influence negotiation dynamics between plans and service providers, given stricter data-access rights and oversight.

Compiled from official sources — confirm details with the bill’s official record.

Sign in to ask a question.