Sponsors (38)
The bill improves electronic prescription transmission and PHI protections for contact lens buyers while clarifying rules for automated calls, but it imposes new HIPAA‑style compliance and liability burdens that may raise costs and complicate verification for some sellers and customers.
Online buyers of contact lenses (including uninsured individuals) can transmit prescriptions electronically for refills and purchases, making ordering more convenient and reducing friction accessing needed lenses.
Patients (including those with chronic conditions) benefit from required encryption of protected health information sent by email, lowering the risk of unauthorized disclosure of medical data.
Sellers and prescribers of contact lenses get clearer rules that prerecorded or artificial-voice calls are not treated as "direct communication," reducing regulatory uncertainty and easing compliance for automated communications.
Online contact lens sellers — especially small businesses — face new compliance costs to implement HIPAA‑compliant transmission and email encryption, which could raise prices or reduce small sellers' competitiveness.
Tying these requirements to HIPAA standards may create legal complexity and increase liability risk for online sellers who were previously outside HIPAA's coverage, exposing them to new compliance risk.
Narrowing the definition of "direct communication" to exclude prerecorded/artificial-voice calls could make some automated verification workflows less effective, potentially delaying order fulfillment for patients and sellers.
Based on analysis of 2 sections of legislative text.
Requires online contact lens sellers to accept HIPAA-compliant electronic prescriptions and encrypt PHI sent by email, and excludes prerecorded/artificial-voice calls from "direct communication."
Introduced July 2, 2025 by H. Morgan Griffith · Last progress July 2, 2025
Requires online contact lens sellers to provide a HIPAA-compliant electronic way for patients to send their contact lens prescriptions and to encrypt any protected health information sent by email. It also tightens what counts as a "direct communication" by excluding calls made with an artificial or prerecorded voice and makes minor wording/formatting edits to the existing prescriber verification rule. The bill adds an affirmative privacy and transmission duty for online sellers (including small online retailers), aligns part of the rule with HIPAA encryption expectations, and may create new compliance costs and technical requirements for sellers even if they are not already HIPAA-covered entities. No new funding or deadlines are included.