[House Report 108-28]
[From the U.S. Government Publishing Office]



108th Congress                                                   Report
                        HOUSE OF REPRESENTATIVES
 1st Session                                                     108-28

======================================================================



 
               PATIENT SAFETY AND QUALITY IMPROVEMENT ACT

                                _______
                                

 March 6, 2003.--Committed to the Committee of the Whole House on the 
              State of the Union and ordered to be printed

                                _______
                                

 Mr. Tauzin, from the Committee on Energy and Commerce, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 663]

      [Including cost estimate of the Congressional Budget Office]

  The Committee on Energy and Commerce, to whom was referred 
the bill (H.R. 663) to amend title IX of the Public Health 
Service Act to provide for the improvement of patient safety 
and to reduce the incidence of events that adversely affect 
patient safety, and for other purposes, having considered the 
same, report favorably thereon with an amendment and recommend 
that the bill as amended do pass.

                                CONTENTS

                                                                   Page
Amendment........................................................     1
Purpose and Summary..............................................    11
Background and Need for Legislation..............................    11
Hearings.........................................................    12
Committee Consideration..........................................    12
Committee Votes..................................................    12
Committee Oversight Findings.....................................    12
Statement of General Performance Goals and Objectives............    12
New Budget Authority, Entitlement Authority, and Tax Expenditures    13
Committee Cost Estimate..........................................    13
Congressional Budget Office Estimate.............................    13
Federal Mandates Statement.......................................    17
Advisory Committee Statement.....................................    17
Constitutional Authority Statement...............................    17
Applicability to Legislative Branch..............................    17
Section-by-Section Analysis of the Legislation...................    17
Changes in Existing Law Made by the Bill, as Reported............    23

                               Amendment

  The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE.

  This Act may be cited as the ``Patient Safety and Quality Improvement 
Act''.

SEC. 2. FINDINGS AND PURPOSES.

  (a) Findings.--The Congress finds as follows:
          (1) In 1999, the Institute of Medicine released a report 
        entitled ``To Err Is Human'' that described medical errors as 
        the 8th leading cause of death in the United States, with as 
        many as 98,000 people dying as a result of medical errors each 
        year.
          (2) To address these deaths and injuries due to medical 
        errors, the health care system must identify and learn from 
        such errors so that systems of care can be improved.
          (3) Myriad public and private patient safety initiatives have 
        begun. The Quality Interagency Coordination Task Force has 
        recommended steps to improve patient safety that may be taken 
        by each Federal agency involved in health care and activities 
        relating to these steps are ongoing.
          (4) The Department of Health and Human Services has initiated 
        several patient safety projects. The Joint Commission on 
        Accreditation of Healthcare Organizations issued a patient 
        safety standard that went into effect on July 1, 2001, and the 
        peer review organizations are conducting ongoing studies of 
        clinical performance measurement of care delivered to 
        beneficiaries under the medicare program under title XVIII of 
        the Social Security Act.
          (5) Several steps can be taken now to improve patient safety. 
        For example, according to the Centers for Disease Control and 
        Prevention, hand washing is the single most important means of 
        preventing the spread of infection. Repeated studies indicate 
        that lack of or improper hand washing still contributes 
        significantly to disease transmission in health care settings. 
        Working with experts from the private sector, the Centers for 
        Disease Control and Prevention has drafted ``Guidelines for 
        Hand Hygiene in Healthcare Settings'' setting forth 
        recommendations to promote improved hand hygiene practices and 
        reduce transmission of pathogenic microorganisms to patients 
        and personnel in health care settings.
          (6) According to the Centers for Disease Control and 
        Prevention, nosocomial infections affect approximately 2 
        million patients annually in acute care facilities in the 
        United States at an estimated direct patient care cost of 
        approximately $3.5 billion each year.
          (7) The Congress encourages the continuation and acceleration 
        of private sector efforts to take immediate steps to improve 
        patient safety and recognizes the need for action in the public 
        sector to complement these efforts.
          (8) The research on patient safety unequivocally calls for a 
        learning environment, where providers will feel safe to report 
        health care errors, in order to improve patient safety.
          (9) Voluntary data gathering systems are more supportive than 
        mandatory systems in creating the learning environment referred 
        to in paragraph (8) as stated in the Institute of Medicine's 
        report.
          (10) Promising patient safety reporting systems have been 
        established throughout the United States, and the best ways to 
        structure and use these systems are currently being determined, 
        largely through projects funded by the Agency for Healthcare 
        Research and Quality.
          (11) Many organizations currently collecting patient safety 
        information have expressed a need for protections that will 
        allow them to review protected information so that they may 
        collaborate in the development and implementation of patient 
        safety improvement strategies. Currently, the State peer review 
        protections provide inadequate conditions to allow the sharing 
        of information to promote patient safety.
          (12) In 2001, the Institute of Medicine released a report 
        entitled ``Crossing the Quality Chasm'' that found that the 
        United States health care system does not consistently deliver 
        high-quality care to patients.
  (b) Purposes.--The purposes of this Act are--
          (1) to encourage a culture of safety and quality in the 
        United States health care system by providing for a health care 
        errors reporting system that both protects information and 
        improves patient safety and quality of health care; and
          (2) to ensure accountability by raising standards and 
        expectations for continuous quality improvements in patient 
        safety through the actions of the Secretary of Health and Human 
        Services.

SEC. 3. AMENDMENTS TO PUBLIC HEALTH SERVICE ACT.

  (a) In General.--Title IX of the Public Health Service Act (42 U.S.C. 
299 et seq.) is amended--
          (1) in section 912(c), by inserting ``, in accordance with 
        part C,'' after ``The Director shall'';
          (2) by redesignating part C as part D;
          (3) by redesignating sections 921 through 928, as sections 
        931 through 938, respectively;
          (4) in section 938(1) (as so redesignated), by striking 
        ``921'' and inserting ``931''; and
          (5) by inserting after part B the following:

                  ``PART C--PATIENT SAFETY IMPROVEMENT

``SEC. 921. DEFINITIONS.

  ``In this part:
          ``(1) Identifiable information.--The term `identifiable 
        information' means information that is presented in a form and 
        manner that allows the identification of any provider, patient, 
        or reporter of patient safety work product. With respect to 
        patients, such information includes any individually 
        identifiable health information as that term is defined in the 
        regulations promulgated pursuant to section 264(c) of the 
        Health Insurance Portability and Accountability Act of 1996 
        (Public Law 104-191; 110 Stat. 2033).
          ``(2) Nonidentifiable information.--The term `nonidentifiable 
        information' means information that is presented in a form and 
        manner that prevents the identification of any provider, 
        patient, or reporter of patient safety work product. With 
        respect to patients, such information must be de-identified 
        consistent with the regulations promulgated pursuant to section 
        264(c) of the Health Insurance Portability and Accountability 
        Act of 1996 (Public Law 104-191; 110 Stat. 2033).
          ``(3) Patient safety evaluation system.--The term `patient 
        safety evaluation system' means a process that involves the 
        collection, management, or analysis of information for 
        submission to or by a patient safety organization.
          ``(4) Patient safety organization.--The term `patient safety 
        organization' means a private or public organization or 
        component thereof that is certified, through a process to be 
        determined by the Secretary under section 925, to perform each 
        of the following activities:
                  ``(A) The conduct, as the organization or component's 
                primary activity, of efforts to improve patient safety 
                and the quality of health care delivery.
                  ``(B) The collection and analysis of patient safety 
                work product that is submitted by providers.
                  ``(C) The development and dissemination of evidence-
                based information to providers with respect to 
                improving patient safety, such as recommendations, 
                protocols, or information regarding best practices.
                  ``(D) The utilization of patient safety work product 
                to carry out activities limited to those described 
                under this paragraph and for the purposes of 
                encouraging a culture of safety and of providing direct 
                feedback and assistance to providers to effectively 
                minimize patient risk.
                  ``(E) The maintenance of confidentiality with respect 
                to identifiable information.
                  ``(F) The provision of appropriate security measures 
                with respect to patient safety work product.
                  ``(G) The submission of nonidentifiable information 
                to the Agency consistent with standards established by 
                the Secretary under section 923(b) for any National 
                Patient Safety Database.
          ``(5) Patient safety work product.--
                  ``(A) The term `patient safety work product' means 
                any document or communication (including any 
                information, report, record, memorandum, analysis, 
                deliberative work, statement, or root cause analysis) 
                that--
                          ``(i) except as provided in subparagraph (B), 
                        is developed by a provider for the purpose of 
                        reporting to a patient safety organization, and 
                        is reported to a patient safety organization;
                          ``(ii) is created by a patient safety 
                        organization; or
                          ``(iii) would reveal the deliberations or 
                        analytic process of a patient safety evaluation 
                        system (as defined in paragraph (3)).
                  ``(B)(i) Patient safety work product described in 
                subparagraph (A)(i)--
                          ``(I) does not include any separate 
                        information described in clause (ii); and
                          ``(II) shall not be construed to include such 
                        separate information merely by reason of 
                        inclusion of a copy of the document or 
                        communication involved in a submission to, or 
                        the fact of submission of such a copy to, a 
                        patient safety organization.
                  ``(ii) Separate information described in this clause 
                is a document or communication (including a patient's 
                medical record or any other patient or hospital record) 
                that is developed or maintained, or exists, separately 
                from any patient safety evaluation system.
                  ``(C) Information available from sources other than a 
                patient safety work product under this section may be 
                discovered or admitted in a civil or administrative 
                proceeding, if discoverable or admissible under 
                applicable law.
          ``(6) Provider.--The term `provider' means--
                  ``(A) an individual or entity licensed or otherwise 
                authorized under State law to provide health care 
                services, including--
                          ``(i) a hospital, nursing facility, 
                        comprehensive outpatient rehabilitation 
                        facility, home health agency, and hospice 
                        program;
                          ``(ii) a physician, physician assistant, 
                        nurse practitioner, clinical nurse specialist, 
                        certified nurse midwife, psychologist, 
                        certified social worker, registered dietitian 
                        or nutrition professional, physical or 
                        occupational therapist, or other individual 
                        health care practitioner;
                          ``(iii) a pharmacist; and
                          ``(iv) a renal dialysis facility, ambulatory 
                        surgical center, pharmacy, physician or health 
                        care practitioner's office, long-term care 
                        facility, behavioral health residential 
                        treatment facility, clinical laboratory, or 
                        community health center; or
                  ``(B) any other person or entity specified in 
                regulations by the Secretary after public notice and 
                comment.

``SEC. 922. PRIVILEGE FOR PATIENT SAFETY WORK PRODUCT.

  ``(a) Privilege.--Notwithstanding any other provision of law and 
subject to subsection (c), patient safety work product shall not be--
          ``(1) subject to a civil or administrative subpoena or order;
          ``(2) subject to discovery in connection with a civil or 
        administrative proceeding;
          ``(3) subject to disclosure pursuant to section 552 of title 
        5, United States Code (commonly known as the Freedom of 
        Information Act), or any other similar Federal or State law;
          ``(4) required to be admitted as evidence or otherwise 
        disclosed in any State or Federal civil or administrative 
        proceeding; or
          ``(5) if the patient safety work product is identifiable 
        information and is received by a national accreditation 
        organization in its capacity as a patient safety organization--
                  ``(A) used by a national accreditation organization 
                in an accreditation action against the provider that 
                reported the information;
                  ``(B) shared by such organization with its survey 
                team; or
                  ``(C) required as a condition of accreditation by a 
                national accreditation association.
  ``(b) Reporter Protection.--
          ``(1) In general.--A provider may not use against an 
        individual in an adverse employment action described in 
        paragraph (2) the fact that the individual in good faith 
        reported information--
                  ``(A) to the provider with the intention of having 
                the information reported to a patient safety 
                organization; or
                  ``(B) directly to a patient safety organization.
          ``(2) Adverse employment action.--For purposes of this 
        subsection, an `adverse employment action' includes--
                  ``(A) the failure to promote an individual or provide 
                any other employment-related benefit for which the 
                individual would otherwise be eligible;
                  ``(B) an adverse evaluation or decision made in 
                relation to accreditation, certification, 
                credentialing, or licensing of the individual; and
                  ``(C) a personnel action that is adverse to the 
                individual concerned.
          ``(3) Remedies.--Any provider that violates this subsection 
        shall be subject to a civil monetary penalty of not more than 
        $20,000 for each such violation involved. Such penalty shall be 
        imposed and collected in the same manner as civil money 
        penalties under subsection (a) of section 1128A of the Social 
        Security Act are imposed and collected.
  ``(c) Disclosures.--Nothing in this section prohibits any of the 
following disclosures:
          ``(1) Voluntary disclosure of nonidentifiable information.
          ``(2) Voluntary disclosure of identifiable information by a 
        provider or patient safety organization, if such disclosure--
                  ``(A) is authorized by the provider for the purposes 
                of improving quality and safety;
                  ``(B) is to an entity or person subject to the 
                requirements of section 264(c) of the Health Insurance 
                Portability and Accountability Act of 1996 (Public Law 
                104-191; 110 Stat. 2033), or any regulation promulgated 
                under such section; and
                  ``(C) is not in conflict with such section or any 
                regulation promulgated under such section.
          ``(3) Disclosure as required by law by a provider to the Food 
        and Drug Administration, or on a voluntary basis by a provider 
        to a federally established patient safety program, with respect 
        to an Administration-regulated product or activity for which 
        that entity has responsibility, for the purposes of activities 
        related to the quality, safety, or effectiveness of such 
        Administration-regulated product or activity.
          ``(4) Disclosures of patient safety work product in 
        accordance with this part by a provider to a patient safety 
        organization.
  ``(d) Effect of Transfer, Disclosure.--The following shall not be 
treated as a waiver of any privilege or protection established under 
this part:
          ``(1) The transfer of any patient safety work product between 
        a provider and a patient safety organization.
          ``(2) Disclosure of patient safety work product as described 
        in subsection (c).
          ``(3) The unauthorized disclosure of patient safety work 
        product.
  ``(e) Penalty.--
          ``(1) Prohibition.--Except as provided in this part, and 
        subject to paragraphs (2) and (4), it shall be unlawful for any 
        person to disclose patient safety work product in violation of 
        this section, if such disclosure constitutes a negligent or 
        knowing breach of confidentiality.
          ``(2) Relation to HIPAA.--The penalty under paragraph (3) for 
        a disclosure in violation of paragraph (1) does not apply if 
        the person would be subject to a penalty under section 264(c) 
        of the Health Insurance Portability and Accountability Act of 
        1996 (Public Law 104-191; 110 Stat. 2033), or any regulation 
        promulgated under such section, for the same disclosure.
          ``(3) Amount.--Any person who violates paragraph (1) shall be 
        subject to a civil monetary penalty of not more than $10,000 
        for each such violation involved. Such penalty shall be imposed 
        and collected in the same manner as civil money penalties under 
        subsection (a) of section 1128A of the Social Security Act are 
        imposed and collected.
          ``(4) Subsequent disclosure.--Paragraph (1) applies only to 
        the first person that breaches confidentiality with respect to 
        particular patient safety work product.
  ``(f) Relation to HIPAA.--
          ``(1) In general.--For purposes of applying the regulations 
        promulgated pursuant to section 264(c) of the Health Insurance 
        Portability and Accountability Act of 1996 (Public Law 104-191; 
        110 Stat. 2033)--
                  ``(A) patient safety organizations shall be treated 
                as business associates; and
                  ``(B) activities of such organizations described in 
                section 921(4) in relation to a provider are deemed to 
                be health care operations (as defined in such 
                regulations) of the provider.
          ``(2) Rule of construction.--Nothing in this section shall be 
        construed to alter or affect the implementation of such 
        regulations or such section 264(c).
  ``(g) No Limitation of Other Privileges.--Nothing in this section 
shall be construed to affect privileges, including peer review and 
confidentiality protections, that are otherwise available under Federal 
or State laws.
  ``(h) No Limitation on Contracts.--Nothing in this section shall be 
construed to limit the power of a provider and a patient safety 
organization, or a patient safety organization and the Agency or any 
National Patient Safety Database, consistent with the provisions of 
this Act and other applicable law, to enter into a contract requiring 
greater confidentiality or delegating authority to make an authorized 
disclosure.
  ``(i) Relation to State Reporting Requirements.--Nothing in this part 
shall be construed as preempting or otherwise affecting any State law 
requiring a provider to report information, including information 
described in section 921(5)(B), that is not patient safety work 
product.
  ``(j) Continuation of Privilege.--Patient safety work product of an 
organization that is certified as a patient safety organization shall 
continue to be privileged and confidential, in accordance with this 
section, if the organization's certification is terminated or revoked 
or if the organization otherwise ceases to qualify as a patient safety 
organization.
  ``(k) Reports on Strategies To Improve Patient Safety.--
          ``(1) Draft report.--Not later than the date that is 18 
        months after any National Patient Safety Database is 
        operational, the Secretary, in consultation with the Director, 
        shall prepare a draft report on effective strategies for 
        reducing medical errors and increasing patient safety. The 
        draft report shall include any measure determined appropriate 
        by the Secretary to encourage the appropriate use of such 
        strategies, including use in any federally funded programs. The 
        Secretary shall make the draft report available for public 
        comment and submit the draft report to the Institute of 
        Medicine for review.
          ``(2) Final report.--Not later than 1 year after the date 
        described in paragraph (1), the Secretary shall submit a final 
        report to the Congress that includes, in an appendix, any 
        findings by the Institute of Medicine concerning research on 
        the strategies discussed in the draft report and any 
        modifications made by the Secretary based on such findings.

``SEC. 923. NATIONAL DATABASE.

  ``(a) Authority.--
          ``(1) In general.--In conducting activities under this part, 
        the Secretary shall provide for the establishment and 
        maintenance of a database to receive relevant nonidentifiable 
        patient safety work product, and may designate entities to 
        collect relevant nonidentifiable patient safety work product 
        that is voluntarily reported by patient safety organizations 
        upon the request of the Secretary. Any database established or 
        designated under this paragraph may be referred to as a 
        `National Patient Safety Database'.
          ``(2) Use of information.--Information reported to any 
        National Patient Safety Database shall be used to analyze 
        national and regional statistics, including trends and patterns 
        of health care errors. The information resulting from such 
        analyses may be included in the annual quality reports prepared 
        under section 913(b)(2).
          ``(3) Advisory role.--The Secretary shall provide scientific 
        support to patient safety organizations, including the 
        dissemination of methodologies and evidence-based information 
        related to root causes and quality improvement.
  ``(b) Standards.--In establishing or designating a database under 
subsection (a)(1), the Secretary shall, in consultation with 
representatives of patient safety organizations, the provider 
community, and the health information technology industry, determine 
common formats for the voluntary reporting of nonidentifiable patient 
safety work product, including necessary elements, common and 
consistent definitions, and a standardized computer interface for the 
processing of the work product. To the extent practicable, such 
standards shall be consistent with the administrative simplification 
provisions of part C of title XI of the Social Security Act.
  ``(c) Certain Methodologies for Collection.--The Secretary shall 
ensure that the methodologies for the collection of nonidentifiable 
patient safety work product for any National Patient Safety Database 
include the methodologies developed or recommended by the Patient 
Safety Task Force of the Department of Health and Human Services.
  ``(d) Facilitation of Information Exchange.--To the extent 
practicable, the Secretary may facilitate the direct link of 
information between providers and patient safety organizations and 
between patient safety organizations and any National Patient Safety 
Database.
  ``(e) Restriction on Transfer.--Only nonidentifiable information may 
be transferred to any National Patient Safety Database.

``SEC. 924. TECHNICAL ASSISTANCE.

  ``(a) In General.--The Secretary, acting through the Director, may--
          ``(1) provide technical assistance to patient safety 
        organizations, and to States with reporting systems for health 
        care errors; and
          ``(2) provide guidance on the type of data to be voluntarily 
        submitted to any National Patient Safety Database.
  ``(b) Annual Meetings.--Assistance provided under subsection (a) may 
include annual meetings for patient safety organizations to discuss 
methodology, communication, information collection, or privacy 
concerns.

``SEC. 925. CERTIFICATION OF PATIENT SAFETY ORGANIZATIONS.

  ``(a) In General.--Not later than 6 months after the date of 
enactment of the Patient Safety and Quality Improvement Act, the 
Secretary shall establish a process for certifying patient safety 
organizations.
  ``(b) Process.--The process established under subsection (a) shall 
include the following:
          ``(1) Certification of patient safety organizations by the 
        Secretary or by such other national or State governmental 
        organizations as the Secretary determines appropriate.
          ``(2) If the Secretary allows other governmental 
        organizations to certify patient safety organizations under 
        paragraph (1), the Secretary shall establish a process for 
        approving such organizations. Any such approved organization 
        shall conduct certifications and reviews in accordance with 
        this section.
          ``(3) A review of each certification under paragraph (1) 
        (including a review of compliance with each criterion in this 
        section and any related implementing standards as determined by 
        the Secretary through rulemaking) not less often than every 3 
        years, as determined by the Secretary.
          ``(4) Revocation of any such certification by the Secretary 
        or other such governmental organization that issued the 
        certification, upon a showing of cause.
  ``(c) Criteria.--A patient safety organization must meet the 
following criteria as conditions of certification:
          ``(1) The mission of the patient safety organization is to 
        conduct activities that are to improve patient safety and the 
        quality of health care delivery and is not in conflict of 
        interest with the providers that contract with the patient 
        safety organization.
          ``(2) The patient safety organization has appropriately 
        qualified staff, including licensed or certified medical 
        professionals.
          ``(3) The patient safety organization, within any 2 year 
        period, contracts with more than 1 provider for the purpose of 
        receiving and reviewing patient safety work product.
          ``(4) The patient safety organization is not a component of a 
        health insurer or other entity that offers a group health plan 
        or health insurance coverage.
          ``(5) The patient safety organization is managed, controlled, 
        and operated independently from any provider that contracts 
        with the patient safety organization for reporting patient 
        safety work product.
          ``(6) To the extent practical and appropriate, the patient 
        safety organization collects patient safety work product from 
        providers in a standardized manner that permits valid 
        comparisons of similar cases among similar providers.
  ``(d) Additional Criteria for Component Organizations.--If a patient 
safety organization is a component of another organization, the patient 
safety organization must, in addition to meeting the criteria described 
in subsection (c), meet the following criteria as conditions of 
certification:
          ``(1) The patient safety organization maintains patient 
        safety work product separately from the rest of the 
        organization, and establishes appropriate security measures to 
        maintain the confidentiality of the patient safety work 
        product.
          ``(2) The patient safety organization does not make an 
        unauthorized disclosure under this Act of patient safety work 
        product to the rest of the organization in breach of 
        confidentiality.
          ``(3) The mission of the patient safety organization does not 
        create a conflict of interest with the rest of the 
        organization.''.
  (b) Authorization of Appropriations.--Section 937 of the Public 
Health Service Act (as redesignated by subsection (a)) is amended by 
adding at the end the following:
  ``(e) Patient Safety and Quality Improvement.--For the purpose of 
carrying out part C, there are authorized to be appropriated such sums 
as may be necessary for each of the fiscal years 2004 through 2008.''.

SEC. 4. PROMOTING THE DIFFUSION AND INTEROPERABILITY OF INFORMATION 
                    TECHNOLOGY SYSTEMS INVOLVED WITH HEALTH CARE 
                    DELIVERY.

  (a) Voluntary Standards.--
          (1) In general.--Not later than 18 months after the date of 
        the enactment of this Act, the Secretary of Health and Human 
        Services (in this section referred to as the ``Secretary'') 
        shall--
                  (A) develop or adopt voluntary national standards 
                that promote the interoperability of information 
                technology systems involved with health care delivery, 
                including but not limited to computerized physician 
                order entry;
                  (B) in developing or adopting such standards, take 
                into account--
                          (i) the ability of such systems to capture 
                        and aggregate clinically specific data to 
                        enable evidence-based medicine and other 
                        applications that promote the electronic 
                        exchange of patient medical record information; 
                        and
                          (ii) the cost that meeting such standards 
                        would have on providing health care in the 
                        United States and the increased efficiencies in 
                        providing such care achieved under the 
                        standards;
                  (C) in developing or adopting such standards and to 
                the extent practicable, test the efficacy, usability, 
                and scalability of proposed interoperability standards 
                within a variety of clinical settings, including an 
                urban academic medical center, a rural hospital, a 
                community health center, and a community hospital; and
                  (D) submit a report to the Congress containing 
                recommendations on such standards.
          (2) Consultation.--In developing or adopting standards under 
        paragraph (1)(A), the Secretary shall consider the 
        recommendations of the National Committee on Vital Health 
        Statistics for the standardization of message formatting, 
        coding, and vocabulary for interoperability of information 
        technology systems involved with health care delivery. The 
        Secretary shall consult with representatives of the health 
        information technology industry and the provider community who 
        are involved with the development of interoperability 
        standards.
  (b) Updates.--The Secretary shall provide for the ongoing review and 
periodic updating of the standards developed under subsection (a).

SEC. 5. REQUIRED USE OF PRODUCT IDENTIFICATION TECHNOLOGY.

  The Federal Food, Drug, and Cosmetic Act (21 U.S.C. 301 et seq.) is 
amended--
          (1) in section 502, by adding at the end the following:
  ``(w) If it is a drug or biological product, unless it includes a 
unique product identifier for the drug or biological product as 
required by regulations under section 510(q).''; and
          (2) in section 510, by adding at the end the following:
  ``(q)(1) The Secretary shall issue, and may periodically revise, 
regulations requiring the manufacturer of any drug or biological 
product that is subject to regulation by the Food and Drug 
Administration, or the packager or labeler of a drug or biological 
product that is subject to regulation by the Food and Drug 
Administration, to include a unique product identifier on the packaging 
of the drug or biological product.
  ``(2) For purposes of this subsection, the term `unique product 
identifier' means an identification that--
          ``(A) is affixed by the manufacturer, labeler, or packager to 
        each drug or biological product described in paragraph (1) at 
        each packaging level;
          ``(B) uniquely identifies the item and meets the standards 
        required by this section; and
          ``(C) can be read by a scanning device or other technology 
        acceptable to the Secretary.
  ``(3) A unique product identifier required by regulations issued or 
revised under paragraph (1) shall be based on--
          ``(A) the National Drug Code maintained by the Food and Drug 
        Administration;
          ``(B) commercially accepted standards established by 
        organizations that are accredited by the American National 
        Standards Institute, such as the Health Industry Business 
        Communication Council or the Uniform Code Council; or
          ``(C) other identification formats that the Secretary deems 
        appropriate.
  ``(4) The Secretary may, at the Secretary's discretion, waive the 
requirements of this section, or add additional provisions that are 
necessary to safeguard the public health.''.

SEC. 6. GRANTS FOR ELECTRONIC PRESCRIPTION PROGRAMS.

  (a) Grants.--
          (1) In general.--The Secretary of Health and Human Services 
        (in this section referred to as the ``Secretary'') may make 
        grants to qualified practitioners for the purpose of 
        establishing electronic prescription programs.
          (2) Matching funds.--
                  (A) In general.--With respect to the costs of 
                establishing an electronic prescription program, a 
                condition for the receipt of a grant under paragraph 
                (1) is that the qualified practitioner involved agree 
                to make available (directly or through donations from 
                public or private entities) non-Federal contributions 
                toward such costs in an amount that is not less than 50 
                percent of such costs.
                  (B) Determination of amount contributed.--Non-Federal 
                contributions required in subparagraph (A) may be in 
                cash or in kind, fairly evaluated, including equipment 
                or services. Amounts provided by the Federal 
                Government, or services assisted or subsidized to any 
                significant extent by the Federal Government, may not 
                be included in determining the amount of such non-
                Federal contributions.
  (b) Study.--
          (1) In general.--The Secretary, acting through the Director 
        of the Agency for Healthcare Research and Quality, shall 
        support a study to assess existing scientific evidence 
        regarding the effectiveness and cost-effectiveness of the use 
        of electronic prescription programs intended to improve the 
        efficiency of prescription ordering and the safe and effective 
        use of prescription drugs. The study shall address the 
        following:
                  (A) The ability of such programs to reduce medical 
                errors and improve the quality and safety of patient 
                care.
                  (B) The impact of the use of such programs on 
                physicians, pharmacists, and patients, including such 
                factors as direct and indirect costs, changes in 
                productivity, and satisfaction.
                  (C) The effectiveness of strategies for overcoming 
                barriers to the use of electronic prescription 
                programs.
          (2) Report.--The Secretary shall ensure that, not later than 
        18 months after the date of the enactment of this Act, a report 
        containing the findings of the study under paragraph (1) is 
        submitted to the appropriate committees of the Congress.
          (3) Dissemination of findings.--The Secretary shall 
        disseminate the findings of the study under paragraph (1) to 
        appropriate public and private entities.
  (c) Development of Model.--The Secretary, acting through the Director 
of the Agency for Healthcare Research and Quality, may develop an 
Internet-based mathematical model that simulates the cost and 
effectiveness of electronic prescription programs for qualified 
practitioners. The model may be designed to allow qualified 
practitioners to estimate, through an interactive interface, the impact 
of electronic prescribing on their practices, including the reduction 
in drug-related health care errors.
  (d) Definitions.--For purposes of this section:
          (1) The term ``electronic prescription program''--
                  (A) means a program for the electronic submission and 
                processing of prescriptions; and
                  (B) includes the hardware (including computers and 
                other electronic devices) and software programs for the 
                electronic submission of prescriptions to pharmacies, 
                the processing of such submissions by pharmacies, and 
                decision-support programs.
          (2) The term ``qualified practitioner'' means a practitioner 
        licensed by law to administer or dispense prescription drugs.

SEC. 7. GRANTS TO HOSPITALS AND OTHER HEALTH CARE PROVIDERS FOR 
                    INFORMATION TECHNOLOGIES.

  (a) In General.--The Secretary of Health and Human Services (in this 
section referred to as the ``Secretary'') shall make grants to 
hospitals and other health care providers (but not more than 1 grant to 
any 1 hospital or provider) to pay the costs of acquiring or 
implementing information technologies whose purposes are--
          (1) to improve quality of care and patient safety; and
          (2) to reduce adverse events and health care complications 
        resulting from medication errors.
  (b) Special Consideration.--In making grants under subsection (a), 
the Secretary shall give special consideration to applicants who seek 
to promote the following:
          (1) Interoperability across hospital services or departments 
        using standards developed or adopted by the Secretary under 
        section 4.
          (2) Electronic communication of patient data across the 
        spectrum of health care delivery.
          (3) Computerized physician order entry or bar coding 
        applications.
          (4) Electronic communication of patient data in hospitals 
        that provide services to underserved or low-income populations.
          (5) Improved clinical decisionmaking through acquisition and 
        implementation of decision-support technologies.
  (c) Certain Grant Conditions.--A condition for the receipt of a grant 
under subsection (a) is that the applicant involved meet the following 
requirements:
          (1) The applicant agrees to carry out a program to measure, 
        analyze, and report patient safety and medical errors at the 
        hospital or other health care provider involved, to submit to 
        the Secretary a description of the methodology that will be 
        used, and to have such program in effect as soon as practicable 
        after the application for the grant is approved, without regard 
        to whether information technologies under the grant have been 
        implemented.
          (2) The applicant has arranged for an evaluation that 
        addresses the effectiveness and cost-effectiveness of the 
        information technology for which the grant is provided and its 
        impact on the quality and safety of patient care, submitted the 
        evaluation plan to the Secretary, and received approval from 
        the Secretary of the applicant's methodology.
          (3) The applicant has or is developing a patient safety 
        evaluation system (as that term is defined in section 921 of 
        the Public Health Service Act (as amended by section 3)) for 
        reporting health care errors to a patient safety organization.
          (4) The applicant agrees to provide the Secretary with such 
        information as the Secretary may require regarding the use of 
        funds under this program or its impact.
          (5) The applicant provides assurances satisfactory to the 
        Secretary that any information technology planned, acquired, or 
        implemented with grant funds under this section will be part of 
        an information program that--
                  (A) carries out the purposes described in subsection 
                (a); and
                  (B) is comprehensive or will be expanded to become 
                comprehensive, regardless of whether Federal assistance 
                is available for such expansion.
  (d) Technical Assistance to Grantees.--The Secretary, acting through 
the Director of the Agency for Healthcare Research and Quality, shall 
provide technical assistance to applicants and grantees to ensure the 
appropriate evaluation of the information technologies for which grants 
are awarded under this section, such as--
          (1) reviewing and providing technical assistance on the 
        applicant's proposed evaluation;
          (2) developing mechanisms to ensure ongoing communications 
        between grantees and evaluators to facilitate the 
        identification and resolution of problems as they arise, ensure 
        mutual learning, and promote the rapid dissemination of 
        information;
          (3) reviewing the interim and final reports required under 
        subsection (e); and
          (4) disseminating evidence-based information in interim and 
        final reports to patient safety organizations, as appropriate.
  (e) Evaluation Reports by Grantee.--A condition for the receipt of a 
grant under subsection (a) is that the applicant agree to submit an 
interim and a final report to the Secretary in accordance with this 
subsection.
          (1) Interim report.--Not later than 1 year after the 
        implementation of information technologies under the grant is 
        completed, the applicant will submit an interim report to the 
        Secretary describing the initial effectiveness of such 
        technologies in carrying out the purposes described in 
        subsection (a).
          (2) Final report.--Not later than 3 years after the 
        implementation of information technologies under the grant is 
        completed, the applicant will submit a final report to the 
        Secretary describing the effectiveness and cost-effectiveness 
        of such technologies and addressing other issues determined to 
        be important in carrying out the purposes described in 
        subsection (a).
          (3) Relation to disbursement of grant.--In disbursing a grant 
        under subsection (a), the Secretary shall withhold \1/3\ of the 
        grant until the grantee submits to the Secretary the report 
        required in paragraph (1).
  (f) Reports by Secretary.--
          (1) Interim reports.--
                  (A) In general.--Through the fiscal year preceding 
                the fiscal year in which the final report under 
                paragraph (2) is prepared, the Secretary shall submit 
                to the Committee on Energy and Commerce of the House of 
                Representatives and the Committee on Health, Education, 
                Labor, and Pensions of the Senate periodic reports on 
                the grant program under subsection (a). Such reports 
                shall be submitted not less frequently than once each 
                fiscal year, beginning with fiscal year 2004.
                  (B) Contents.--A report under subparagraph (A) shall 
                include information on--
                          (i) the number of grants made;
                          (ii) the nature of the projects for which 
                        funding is provided under the grant program;
                          (iii) the geographic distribution of grant 
                        recipients; and
                          (iv) such other matters as the Secretary 
                        determines appropriate.
          (2) Final report.--Not later than 180 days after the date on 
        which the last of the reports is due under subsection (e)(2), 
        the Secretary shall submit a final report to the committees 
        referred to in paragraph (1)(A) on the grant program under 
        subsection (a), together with such recommendations for 
        legislation and administrative action as the Secretary 
        determines appropriate.
  (g) Definitions.--For purposes of this section:
          (1) The term ``costs'', with respect to information 
        technologies referred to in subsection (a), includes total 
        expenditures incurred for--
                  (A) purchasing, leasing, and installing computer 
                software and hardware, including hand-held computer 
                technologies;
                  (B) making improvements to existing computer software 
                and hardware; and
                  (C) purchasing or leasing communications capabilities 
                necessary for clinical data access, storage, and 
                exchange.
          (2) The term ``health care provider'' has the same meaning 
        given to the term ``provider'' in section 921 of the Public 
        Health Services Act (as amended by this Act).
  (h) Termination of Grant Authorities.--The authority of the Secretary 
to make grants under subsection (a) terminates upon the expiration of 
fiscal year 2011.
  (i) Matching Funds.--
          (1) In general.--With respect to the costs of a grant to be 
        carried out under this section, such grant may be made only if 
        the applicant agrees to make available (directly or through 
        donations from public or private entities) non-Federal 
        contributions toward such costs in an amount that is not less 
        than 50 percent of such costs ($1 for each $1 of Federal funds 
        provided in the grant).
          (2) Determination of amounts contributed.--Amounts provided 
        by the Federal Government, or services assisted or subsidized 
        to any significant extent by the Federal Government, may not be 
        included in determining the amount of such non-Federal 
        contributions.

SEC. 8. AUTHORIZATION OF APPROPRIATIONS FOR GRANTS UNDER SECTIONS 6 AND 
                    7.

  For the purpose of carrying out sections 6 and 7, there are 
authorized to be appropriated $25,000,000 for each of fiscal years 2004 
and 2005.

                          Purpose and Summary

    H.R. 663 is intended to create a ``culture of safety'' by 
providing peer review protections for information reported on 
health care errors for the purpose of quality improvement and 
patient safety.

                  Background and Need for Legislation

    In its 1999 report, ``To Err Is Human,'' the Institute of 
Medicine (IOM) estimated that 44,000 to 98,000 Americans die 
each year as a result of medical errors; however, providers 
have little to no incentive to report or analyze errors to 
improve the quality of health care. The IOM offered several 
recommendations to improve patient safety and reduce medical 
errors, including that Congress pass legislation to extend peer 
review protections to data related to patient safety and 
quality improvement that are developed and analyzed by health 
care organizations for internal use or share with others solely 
for the purposes of improving safety and quality.
    This bill is intended to encourage the reporting and 
analysis of medical errors by providing peer review protection 
of information reported to patient safety organizations for the 
purposes of quality improvement and patient safety. These 
protections will facilitate an environment in which health care 
providers are able to discuss errors openly and learn from 
them. The protections apply to certain categories of documents 
and communications termed ``patient safety work product'' that 
are developed in connection with newly created patient safety 
organizations. This patient safety work product is considered 
privileged and, therefore, cannot be subject to civil or 
administrative proceedings, disclosed pursuant to the Freedom 
of Information Act, or utilized to carry out an adverse 
personnel action. Patient safety organizations will analyze 
information reported from providers and disseminate information 
back to providers in an effort to improve quality and patient 
safety. It is intended that providers, with the assistance of 
patient safety organizations, will determine the causes of 
these errors, identify what changes need to be made in the 
health care delivery system in order to prevent these errors, 
and then implement these changes.
    These new protections do not, however, prevent a provider 
from complying with authorized requests for information that 
has been developed, maintained, or which exists separately from 
patient safety work product. In general, information that is 
available to the public today will continue to be available; 
only new information created for patient safety organizations 
will be protected. Providers can also voluntarily disclose non-
identifiable information, and upon authorized request, they can 
also disclose identifiable information for purposes of 
improving safety and quality to entities required to comply 
with the Health Insurance Portability and Accountability Act 
(HIPAA). Violations of these provisions are subject to existing 
penalties under the Public Health Service Act, including a 
civil monetary penalty or penalties under HIPAA for violations 
related to individually identifiable health information.
    The Patient Safety and Quality Improvement Act requires the 
Secretary of HHS to establish a national database to analyze 
health care errors. The Secretary of HHS is also required to 
develop and adopt voluntary national standards to promote the 
compatibility of health information technology systems. 
Finally, this bill creates grant programs for hospitals and 
other health care providers for establishing electronic 
prescribing programs and implementing information technologies. 
These grants will allow physicians and other types of providers 
who lack the necessary resources to adopt the latest 
technologies that have been proven to significantly reduce the 
incidence of medical errors.

                                Hearings

    The Committee on Energy and Commerce has not held any 
hearings on this legislation.

                        Committee Consideration

    On Wednesday, February 12, 2003, the Full Committee on 
Energy and Commerce met in open markup session and ordered H.R. 
663 favorably reported to the House, as amended, by a voice 
vote, a quorum being present.

                            Committee Votes

    Clause 3(b) of rule XIII of the Rules of the House of 
Representatives requires the Committee to list the record votes 
on the motion to report legislation and amendments thereto. 
There are no record votes taken in connection with ordering 
H.R. 663 reported. A motion by Mr. Tauzin to order H.R. 663 
reported to the House, as amended, was agreed to by a voice 
vote.

                      Committee Oversight Findings

    Pursuant to clause 3(c)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee has not held oversight 
or legislative hearings on this legislation.

         Statement of General Performance Goals and Objectives

    The goal of H.R. 663 is to provide for a health care error 
reporting system that both protects information and improves 
patient safety and the quality of health care, and to ensure 
accountability by raising standards and expectation for 
continuous quality improvements in patient safety.

   New Budget Authority, Entitlement Authority, and Tax Expenditures

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee finds that H.R. 
663, the Patient Safety and Quality Improvement Act, would 
result in no new or increased budget authority, or tax 
expenditures or revenues.

                        Committee Cost Estimate

    The Committee adopts as its own the cost estimate prepared 
by the Director of the Congressional Budget Office pursuant to 
section 402 of the Congressional Budget Act of 1974.

                  Congressional Budget Office Estimate

    Pursuant to clause 3(c)(3) of rule XIII of the Rules of the 
House of Representatives, the following is the cost estimate 
provided by the Congressional Budget Office pursuant to section 
402 of the Congressional Budget Act of 1974:

                                     U.S. Congress,
                               Congressional Budget Office,
                                     Washington, DC, March 3, 2003.
Hon. W.J. ``Billy'' Tauzin,
Chairman, Committee on Energy and Commerce,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 663, the Patient 
Safety and Quality Improvement Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Chris 
Topoleski and Margaret Nowak.
            Sincerely,
                                               Douglas Holtz-Eakin.
    Enclosure.

H.R 663--Patient Safety and Quality Improvement Act

    Summary: H.R. 663 would require the Secretary of Health and 
Human Services to establish credentialing procedures for 
patient safety organizations (PSOs), which collect patient 
safety data voluntarily submitted by health care providers for 
inclusion in a patient safety database. The bill also would 
establish privacy protections and impose civil monetary 
penalties for violations of those protections. The Secretary 
would be required to report to the Congress on effective 
strategies for reducing medical errors and increasing patient 
safety.
    CBO estimates that implementing H.R. 663 would cost $20 
million in 2004 and $104 million over the 2004-2008 period, 
assuming the appropriation of the necessary amounts. CBO 
estimates that receipts from fines for violation of the privacy 
protections would amount to less than $500,000 a year.
    The bill would require the Secretary of Health and Human 
Services to develop methodologies for the collection of patient 
safety data and provide technical assistance to PSOs and 
states. In addition, the Secretary would, with the National 
Committee for Vital and Health Statistics, develop voluntary 
national standards that promote the comparability of medical 
information technology systems.
    H.R. 663 would authorize grants to qualified practitioners 
for the purpose of establishing electronic prescription 
programs, and would authorize the Health Resources and Services 
Administration (HRSA) to make grants to hospitals and other 
health care providers for acquiring or implementing information 
technologies. The bill would require the inclusion of a unique 
product identifier on packaging of a drug or biological product 
that is subject to regulation by the Food and Drug 
Administration (FDA). Drugs and biological products that do not 
comply with FDA's labeling requirements would be deemed 
misbranded, and their manufacturers and packagers would be 
subject to civil penalties.
    H.R. 663 would preempt state laws that would govern the 
disclosure of information provided to patient safety 
organizations, and it would prevent health care providers from 
taking certain actions against employees because the employee 
provided information to patient safety organizations. While 
these provisions would be intergovernmental mandates as defined 
in the Unfunded Mandates Reform Act (UMRA), they would impose 
no requirements on states that would result in additional 
spending; thus, the threshold as established by UMRA would not 
be exceeded ($59 million in 2003, adjusted annually for 
inflation).
    The bill would impose private-sector mandates, as defined 
in UMRA, on health care providers and on manufacturers, 
packagers, and labelers of drugs and biological products. 
Because the specific requirements of the bill would depend on 
future actions by the Secretary of Health and Human Services, 
however, CBO cannot determine whether the direct cost of the 
mandates would exceed the annual threshold specified in UMRA 
($117 million in 2003, adjusted annually for inflation).
    Estimated cost to the federal government: The estimated 
cost of H.R. 663 is shown in the following table. The bill 
could also result in an increase in revenues from fines, but 
CBO estimates that any such increase would be less than 
$500,000 a year. The costs of this legislation fall within 
budget function 550 (health).

----------------------------------------------------------------------------------------------------------------
                                                                  By fiscal year, in millions of dollars--
                                                          ------------------------------------------------------
                                                              2004       2005       2006       2007       2008
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Estimated Authorization Level............................         39         38         13         13         13
Estimated Outlays........................................         20         39         20         13         13
----------------------------------------------------------------------------------------------------------------

Basis of estimate

            Spending subject to appropriation
    H.R. 663 would expand the current duties of the Agency for 
Healthcare Research and Quality (AHRQ). Although not 
specifically named, the AHRQ is the most likely and appropriate 
agency within the Department of Health and Human Services to 
carry out theprovisions of the bill. The new duties would 
include providing technical assistance to states that have (or are 
developing) systems for reporting medical errors. AHRQ also would 
oversee the certification and recertification of PSOs, which collect 
patient safety data from health care providers. (PSOs are private or 
public organizations that conduct activities to improve patient safety 
and the quality of health care delivery.) PSOs would not receive 
funding under this bill.
    In addition, the bill would require AHRQ to establish a 
patient safety database to collect, support, and coordinate the 
analysis of patient safety data that is reported on a voluntary 
basis. AHRQ also would develop an Internet-based mathematical 
model that simulates the cost and effectiveness of electronic 
prescription programs. Based on information from AHRQ, CBO 
expects that these tasks would require increased staff for 
providing assistance to states, oversight of PSOs, and 
collection and maintenance of the patient safety database. They 
would also require additional computer resources for the 
database. CBO estimates that the agency would need additional 
appropriations of $14 million in 2004 and $64 million over the 
2004-2008 period to carry out these responsibilities. We 
estimate that outlays would total $54 million over the 2004-
2008 period, assuming the necessary amounts are appropriated. 
In 2004, we estimate that the agency would spend about $5 
million, primarily on developing and maintaining the patient 
safety database.
    The bill would require the Secretary to provide scientific 
support to PSOs and to develop methodologies for collecting 
data on patient safety. In addition, H.R. 663 would require the 
Secretary to develop voluntary, national standards that promote 
the compatibility of health care information technology systems 
across all health care settings. CBO estimates that these 
efforts would cost less than $500,000 a year.
    H.R. 663 would allow the Secretary to make grants to 
qualified practitioners for the purpose of establishing 
electronic prescription programs. AHRQ would conduct a study 
and report to the Congress on the effectiveness of electronic 
prescription programs. HRSA would make grants available to 
hospitals and other health care providers for acquisition or 
implementation of information technology systems.
    CBO assumes that grants would be awarded starting in 2004. 
The bill would authorize appropriations for these grants at $25 
million in fiscal year 2004 and $50 million over the 2004-2008 
period. Based on historical spending patterns for similar 
activities, CBO estimates that outlays would total $50 million 
over the 2004-2008 period, assuming appropriation of the 
authorized amounts.
    The bill would require the inclusion of a unique product 
identifier on packaging of a drug or biological product that is 
subject to regulation by the Food and Drug Administration. This 
provision would cost the FDA less than $500,000 per year to 
implement.

Revenues

    Because those prosecuted and convicted for violation of the 
bill's privacy provisions could be subject to civil monetary 
penalties, the federal government might collect additional 
fines if the bill is enacted. Drugs and biological products 
that do not comply with FDA's labeling requirements would be 
deemed misbranded, and their manufacturers and packagers would 
be subject to civil penalties. Collection of civil fines are 
recorded in the budget as governmental receipts (i.e., 
revenues). CBO estimates that any additional receipts would be 
less than $500,000 a year.
    Estimated impact on state, local, and tribal governments: 
H.R. 663 would preempt any state freedom of information law or 
other laws governing civil or administrative procedure that 
would require the disclosure of information provided by a 
health care provider to a certified patient safety 
organization. This preemption would be an intergovernmental 
mandate as defined in UMRA because it would limit the 
application of those state laws. Another intergovernmental 
mandate in the bill would prohibit health care providers 
(including public entities) from using the fact that an 
employee reported patient safety data in an adverse employment 
action against the employee. CBO estimates that these mandates 
would impose no requirements on states that would result in 
additional spending; thus, the threshold as established by UMRA 
would not be exceeded ($59 million in 2003, adjusted annually 
for inflation).
    Estimated impact on the private sector: The bill contains 
private-sector mandates, as defined in UMRA, on manufacturers, 
packagers, and labelers of drugs and biological products and on 
health care providers. Because the specific requirements of the 
bill would depend on the future actions of the Secretary of 
Health and Human Services, however, CBO cannot determine 
whether the direct cost of the mandates would exceed the annual 
threshold specified in UMRA ($117 million in 2003, adjusted 
annually for inflation).
    Under the bill, manufacturers, packagers, and labelers 
would be required to include a computer-scannable unique 
product identifier on the packaging of drugs and biological 
products. Many drug products are currently labeled with such 
identifiers, but many are not. Of the approximately 200,000 
over-the-counter and prescription drug products currently on 
the market, over one quarter are over-the-counter drugs--nearly 
all of which already contain universal product codes at the 
shelf-keeping unit level. In addition, a growing percentage of 
prescription drugs administered in hospitals are labeled with 
computer-scannable unique product identifiers. It is unclear 
whether existing identifiers would meet the requirements of the 
Secretary.
    Adding unique product identifiers would impose costs for 
products that do not now contain them, and potentially for 
products that already contain similar information. Under the 
bill, the Secretary would determine how much standardization of 
identifiers would be required. The Secretary also would 
determine what information would have to be included on the 
identifiers. If identifiers were required to include only the 
National Drug Code associated with that product, for example, 
industry costs would be lower than if the identifiers also had 
to include the lot number and expiration date of the product. 
The specific details of the requirements imposed by the 
Secretary, including how quickly the new requirements would 
have to be implemented, would determine whether the cost of 
this mandate would exceed the threshold specified in UMRA.
    The bill also would impose a mandate on health care 
providers, by not allowing them to use the fact that an 
employee reported patient safety data in an adverse employment 
action against the employee. This mandate would not have any 
direct cost, however, because there are no activities that 
health care providers would undertake under current law that 
they would be prohibited from undertaking under the bill 
(because patient safety data, as defined in the bill, do not 
exist under current law).
    Estimate prepared by: Federal revenues and outlays: Alexis 
Ahlstrom, Julia Christensen, Margaret Nowak, and Chris 
Topoleski; impact on state, local, and tribal governments: Leo 
Lex; impact on the private sector: Dan Wilmoth.
    Estimate approved by: Peter H. Fontaine, Deputy Assistant 
Director for Budget Analysis.

                       Federal Mandates Statement

    The Committee adopts as its own the estimate of Federal 
mandates prepared by the Director of the Congressional Budget 
Office pursuant to section 423 of the Unfunded Mandates Reform 
Act.

                      Advisory Committee Statement

    No advisory committees within the meaning of section 5(b) 
of the Federal Advisory Committee Act were created by this 
legislation.

                   Constitutional Authority Statement

    Pursuant to clause 3(d)(1) of rule XIII of the Rules of the 
House of Representatives, the Committee finds that the 
Constitutional authority for this legislation is provided in 
Article I, section 8, clause 3, which grants Congress the power 
to regulate commerce with foreign nations, among the several 
States, and with the Indian tribes.

                  Applicability to Legislative Branch

    The Committee finds that the legislation does not relate to 
the terms and conditions of employment or access to public 
services or accommodations with the meaning of section 
102(b)(3) of the Congressional Accountability Act.

             Section-by-Section Analysis of the Legislation


Section 1. Short title

    Section 1 establishes the short title as the Patient Safety 
and Quality Improvement Act.

Section 2. Findings and purposes

    Section 2. sets out a number of findings and purposes 
related to patient safety and initiatives to improve patient 
safety.

Section 3. Amendments to Public Health Service Act

    Section 3 would establish a new Part C in Title IX of the 
Public Health Service Act to encourage a voluntary reporting 
system for patient safety data as set out below.
            Section 921. Definitions
    The bill would add a new section 921 to identify and define 
the elements of a new voluntary reporting system, including the 
terms ``identifiable information,'' ``non-identifiable 
information,'' ``patient safety evaluation system,'' ``patient 
safety organization,'' ``patient safety work product,'' and 
``provider.''
    Identifiable information is defined as information that 
reveals the patient, individual provider, and/or the provider 
organization. With respect to patients, the term includes 
individually identifiable health information as defined in the 
Health Insurance Portability and Accountability Act of 1996 
(HIPAA). Non-identifiable information includes de-identified 
patient level information as specified in HIPAA as well as 
information that does not reveal the individual provider or 
provider organization.
    A patient safety organization is defined as requiring a 
certification under new section 925. Once a certification of a 
patient safety organization is provided by a state or federal 
governmental organization, a provider may rely on that 
certification with respect to privileges available for patient 
safety work product. The activities listed in the definition 
are general categories of activities or functions the patient 
safety organization is required to perform in order to receive 
a safety and quality; (2) the collection and analysis of 
information submitted by providers; (3) the development and 
dissemination of recommendations, protocols, or best practices; 
(4) the utilization of reported information limited to the 
activities described; (5) the maintenance of confidentially 
with respect to individually-identifiable information; (6) the 
provision of appropriate security measures with respect to 
reported information; and, (7) the submission of non-
identifiable information to the Agency for Health Research and 
Quality consistent with standard established by the Secretary 
for any National Patient Safety Database.
    The definition of patient safety work product contains 
several parts, and a document or communication is patient 
safety work product if it fall into any of the categories in 
clauses (5)(A)(i)-(iii). A document may be patient safety work 
product for multiple reasons. For example, a patient safety 
organization may prepare a memorandum describing its request 
for further collection of information from the reporting 
provider. The memorandum of the patient safety organization is 
both a document created by the patient safety organization and 
a document that would reveal the deliberations or analytic 
process of a patient safety evaluation system. Any memorandum 
of the provider that reveals the deliberations or analytic 
process of a patient safety evaluation system would also be 
patient safety work product.
    Subparagraph 5(B) explains documents or communications that 
are not covered under clause (5)(A)(i). The Committee 
understands that it is likely and appropriate for a provider to 
keep a copy of documents and possible logs of communications 
under (5)(A)(i) that are reported to the patient safety 
organization. Generally, such copies are also patient safety 
work product.
    On the other hand, there may be documents or communications 
that are part of traditional medical record keeping (such as 
patients' medical records, billing records, guidance and 
procedures, hospital policies, logs of operations, records of 
drug deliveries, primary information on the time of events), 
all of which may be sent to a patient safety organization, but 
the originals or copies of such documents are developed 
maintained or exist separately from any patient safety 
evaluation system. These documents may be relevant to a patient 
safety evaluation system but also are available for other 
purposes and are not covered under 5(A)(i). In such 
circumstances, such documents or communications at the provider 
are not patient safety work product.
            Section 922. Privilege for patient safety work product
    New section 922 creates a privilege for patient safety work 
product. The owner of the privilege may not be coerced into 
waiving such privilege.
    New paragraph 922(a)(5) sets out some points with respect 
to the possibility that a patient safety organization is a 
component of a national accreditation organization. This 
paragraph is essentially a clarification of some general rules 
elsewhere in the Act that require patient safety organizations 
that are components to maintain patient safety work product 
separately from the rest of the organization. The paragraph 
also clarifies that no one may coerce a provider into 
contracting with or reporting to a patient safety organization. 
Contracting with a patient safety organization must at all 
times be a voluntary decision on the part of a provider.
    Subsection 922(b) sets out protections for individuals who 
report information to providers, with the intent that the 
information is reported to a patient safety organization, or 
who report directly to a patient safety organization. A 
provider may not use the fact that an individual reported 
against the individual in any adverse employment action. An 
adverse employment action includes traditional actions such as 
firing the individual. The term also includes other adverse 
actions, such as a failure to promote an individual, an adverse 
evaluation, or any adverse accreditation, licensing, or 
certification decision.
    Subsection 922(c) states that nothing in this section 
prohibits any of a number of categories of disclosures. Under 
new paragraph 922(c)(2), nothing in the section prohibits the 
voluntary disclosure of identifiable information by a provider 
or patient safety organization provided such disclosure meets 3 
tests. First, the provider must authorize the disclosure for 
the purposes of improving quality and safety. The term 
improving quality and safety can also include voluntarily 
providing useful information for improving quality and safety 
through accreditation systems. Second, under subparagraph 
922(c)(2), such voluntary disclosure must be an entity or 
person subject to the requirements of section 264(c) of HIPAA, 
or any regulations promulgated under that section. Finally, the 
disclosure must not be in conflict with such section or any 
regulation promulgated under such section of HIPAA.
    The Committee intends this approach to ensure that 
individually identifiable health information as that term is 
used under regulations under section 264(c) of HIPAA remain 
subject to those provisions and that nothing in the new law 
removes any confidentiality protection otherwise available for 
individually identifiable health information of patients.
    Voluntary disclosure of non-identifiable information in 
patient safety work product is always allowable and does not 
itself, under subsection 992(d), waive any privilege. 
Subsection 922(d) sets out that the privilege is not waived 
based on disclosures listed in the subsection. The Committee 
understands that non-identifiable information may be 
voluntarily disclosed and subsequently incorporated in other 
publicly available documents or studies. Those subsequent 
documents or studied are not the subject of the privilege under 
this section because they are publicly available and involve 
voluntary disclosure.
    Subsection (e) sets out a penalty for disclosures of 
patient safety work product in violation of section 922, if 
such disclosure constitutes a negligent or knowing breach of 
confidentiality.
    The protections of enforcement provisions of HIPAA and 
ensuring regulations continue to apply. Where a party would be 
subject to sanctions under the HIPAA scheme, those sanctions 
are exclusive for the same disclosure. The new penalty 
provisions in new section 992(e) would not apply. In addition, 
the new penalty only applies to the first person who breaches 
confidentiality with respect to particular patient safety work 
product.
    New subsection 922(f) deems that a patient safety 
organization shall be treated as a business associate for 
purposes of section 264(c) of HIPAA. The activities of such 
organization described in section 921(4) are deemed to be 
health care operations of the provider. Other than on these two 
points, nothing alters or effects the implementation of section 
264(c) of HIPAA or regulations under section 264(c).
    New subsection 922(g) is a savings clause for privileges, 
including peer-review and confidentiality protections that are 
otherwise available under Federal or State laws.
    New subsection 922(h) is also a savings clause. Providers 
and patient safety organizations can enter contracts that 
increase confidentiality or restrict the use of information for 
purposes of the relationship between the contracting parties, 
so long as the contracts do not conflict with this Act or any 
other laws. Parties may, by contract, delegate the authority to 
make an authorized disclosure that is otherwise permissible 
under the Act.
    New subsection 922(i) is a savings clause concerning state 
reporting requirements. State reporting requirements cannot 
require reporting of patient safety work product but can 
require reporting of primary medical information and other 
documents or communications that are not patient safety work 
product. Such reporting requirements may even require providers 
to produce reports that are similar in basic function to 
reports being provided to a patient safety organization. 
However, patient safety work product itself, as defined in this 
Act, remains privileged.
    New subsection 922(j) explains that patient safety work 
product remains privileged and confidential, in accordance with 
this section, even where a patient safety organization has its 
certification terminated or revoked or otherwise ceases to 
qualify as a patient safety organization.
    New subsection 922(k) requires the Secretary to provide a 
report on effective strategies for reducing medical errors and 
increasing patient safety, including any appropriate measures 
to encourage the use of these strategies in federally funded 
programs.
            Section 923. National database
    New section 923 requires the Secretary to: (1) establish a 
National Patient Safety Database to collect reported, non-
identifiable information concerning patient safety; (2) analyze 
national and regional statistics on health care errors; (3) 
offer technical assistance to patient safety organizations 
including dissemination of methodologies and evidence-based 
information on quality improvement; and, (4) establish 
commonformats for reporting data to the National Patient Safety 
Database in consultation with representatives from patient safety 
organizations, the provider community, and health care information 
technology industry. The Secretary would also be permitted to enter 
into contracts with private and public entities to administer the 
Database. The database will contain only non-identifiable information 
that precludes the identification of any provider, patient, or reporter 
of the information. Identifiable information will not be transferred to 
the database. The Secretary will ensure that methods of data collection 
recommended by the interagency Patient Safety Task Force in the 
Department of Health and Human Services are utilized in effort to 
maximize the efficiency and utility of common data collection efforts 
across agencies. If feasible, the Secretary will also facilitate a 
direct link between patient safety organizations and the National 
Patient Safety Database to allow for real time exchange of non-
identifiable information. There are authorized to be appropriated such 
sums as may be necessary for each fiscal year to carry out this 
section.
            Section 924. Technical assistance
    New section 924 states that the Secretary may provide 
technical assistance to patient safety organizations and states 
with reporting systems and may provide guidance on the type of 
data to submit to the National Patient Safety Database. This 
assistance may include annual meetings to share methods and any 
concerns regarding confidentiality.
            Section 925. Certification of patient safety organizations
    New section 925 requires the Secretary to set up a process 
for certification of patient safety organizations that includes 
a number of elements. Certifications must be performed by the 
Secretary or by state or federal governmental organizations 
that have been approved by the Secretary. Certifications must 
be reviewed by the appropriate certifying organization every 
three years. The certifying organization has the authority to 
revoke certifications upon a showing of cause.
    New subsection 925(c) sets out criteria a patient safety 
organization must meet as conditions of certification. 
Paragraph 925(c)(5) states that the mission of a patient safety 
organization must be to conduct activities to improve quality 
and safety and must not create a conflict of interest with the 
providers contracting with it. A patient safety organization 
must be managed, controlled, and operated independently from 
any provider that contracts with the patient safety 
organization for reporting patient safety work product. Patient 
safety organizations may not, for example, be subsidiaries or 
partners of providers that contract with them. The contract 
hiring the patient safety organization, terms therein, or 
requests for analyses do not form a basis for a violation of 
this paragraph. It is not the intent of the Committee to 
disqualify a patient safety organization that meets the 
independence requirements and is established by a broader-based 
alliance or organization of providers in which no single or 
subset of providers can influence (through ownership or other 
interest) the policies or activities of the alliance or 
organization or of the patient safety organization.
    New paragraph 925(d) sets out certain additional 
requirements for patient safety organizations that are 
components of other organizations. For example, the patient 
safety component must maintain patient safety work product 
separately from the rest of the organization and establish 
appropriate security measures to safeguard the confidentiality 
of the patient safety work product. Also, the mission of the 
patient safety component must not create a conflict of interest 
with the rest of the organization.

Section 4. Promoting the diffusion and interoperability of health care 
        information technology systems involved with health care 
        delivery

    Section 4 requires the Secretary within 18 months of 
enactment to develop or adopt (and periodically review and 
update) voluntary, national standards that promote the 
interoperability of health care information technology systems 
across all health care settings, including but not limited to 
computer physician order entry. The Secretary must take into 
account (1) the ability of the standards to promote the 
aggregation of clinical data, electronic exchange of medical 
records, and evidence based medicine and (2) the costs to the 
health care system and any efficiencies that result from the 
adoption of these standards. These standards would be developed 
with consideration of reports and opinions of the National 
Committee for Vital and Health Statistics and in consultation 
with health information technology industry and providers. The 
Secretary is required to report to Congress on the 
interoperability standards but there is no requirement to issue 
regulations. The Secretary, to the extent practicable, shall 
test the efficiency, usability, and scalability of proposed 
interoperability standards within a variety of clinical 
settings, including an urban academic medical center, a rural 
hospital, a community health center, and a community hospital. 
It is the intent of the Committee that this testing would 
demonstrate the effectiveness of the voluntary national 
standards and encourage industry to comply with them.

Section 5. Required use of product identification technology

    Section 5 amends the Federal Food, Drug, and Cosmetic Act 
by adding to section 510 a requirement for the Secretary to 
issue regulations for unique product identification for drug 
and biological products. These regulations would require 
manufacturers and entities that label and package drugs and 
biological products to use unique product identifiers on the 
packaging of each product. This includes bar codes that can be 
read by scanners and other unique identifiers that can be read 
through other technologies as deemed acceptable by the 
Secretary. Identifiers will be based on the national Drug Code 
or other standards that are either commercially acceptable or 
deemed appropriate by the Secretary. The Secretary will have 
the authority to waive these regulatory requirements or add 
provisions in order to safeguard the public health.
    Under this section, the FFDCA is also amended by adding to 
section 502 that a drug or biological product without a unique 
product identifier, as required by regulations under section 
510, is considered misbranded.

Section 6. Grants for electronic prescribing

    Section 6 would make grants available to physicians and 
other health care professionals licensed to prescribe 
prescription drugs for technology or services necessary to 
establish electronic prescription programs in their practices. 
Grantees would have to fund 50 percent of the cost of the 
electronic prescription program in order to receive a grant.
    Under this section, the Agency for Healthcare Research and 
Quality would conduct a study of the cost-effectiveness of 
electronic prescription programs based on the available 
scientific evidence. the study would evaluate (1) effectiveness 
of electronic prescribing in reducing medical errors, (2) 
strategies used to overcome barriers to electronic prescribing, 
and, (3) the impact of electronic prescribing on physicians, 
pharmacists, and patients. A report would be presented to 
Congress within 18 months of enactment and made available to 
relevant public and private entities.
    Under this section, the Agency would also be allowed to 
develop an Internet-based decision analytic model to allow 
prescribing clinicians to simulate the health and economic 
impact of electronic prescribing on their individual practices. 
This model would assist clinicians in making informed decisions 
regarding the use of electronic prescription programs.

Section 7. Grants for hospitals and other health care providers for 
        information technologies

    Under section 7, matching grants would be available to 
hospitals and other health care providers who apply to obtain 
new or improved computer hardware and software for the purposes 
of improving patient safety, health care quality, and reducing 
adverse events and health care complications resulting from 
medication errors. Grants would cover 50 percent of the costs 
of information technologies and would only be available once to 
grantees. Grantees would be required to measure, analyze, and 
report the effect of the information technologies on medical 
errors. Interim and final reports would be required at 1 and 3 
years, respectively. The final \1/3\ of each grant would not be 
disbursed until the grantee submitted the interim report at 1 
year. Any sums necessary for this grant program would be 
authorized for appropriations until 2011.

Section 8. Grants for hospitals and other health care providers for 
        information technologies

    Section 8 authorizes $25,000,000 to be appropriated for 
each of fiscal years 2004 and 2005 for the purpose of carrying 
out sections 6 and 7.

         Changes in Existing Law Made by the Bill, as Reported

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (existing law 
proposed to be omitted is enclosed in black brackets, new 
matter is printed in italic, existing law in which no change is 
proposed is shown in roman):

               TITLE IX OF THE PUBLIC HEALTH SERVICE ACT


TITLE IX--AGENCY FOR HEALTHCARE RESEARCH AND QUALITY

           *       *       *       *       *       *       *


PART B--HEALTH CARE IMPROVEMENT RESEARCH

           *       *       *       *       *       *       *


SEC. 912. PRIVATE-PUBLIC PARTNERSHIPS TO IMPROVE ORGANIZATION AND 
                    DELIVERY.

  (a) * * *

           *       *       *       *       *       *       *

  (c) Reducing Errors in Medicine.--The Director shall, in 
accordance with part C, conduct and support research and build 
private-public partnerships to--
          (1) * * *

           *       *       *       *       *       *       *


                   PART C--PATIENT SAFETY IMPROVEMENT

SEC. 921. DEFINITIONS.

  In this part:
          (1) Identifiable information.--The term 
        ``identifiable information'' means information that is 
        presented in a form and manner that allows the 
        identification of any provider, patient, or reporter of 
        patient safety work product. With respect to patients, 
        such information includes any individually identifiable 
        health information as that term is defined in the 
        regulations promulgated pursuant to section 264(c) of 
        the Health Insurance Portability and Accountability Act 
        of 1996 (Public Law 104-191; 110 Stat. 2033).
          (2) Nonidentifiable information.--The term 
        ``nonidentifiable information'' means information that 
        is presented in a form and manner that prevents the 
        identification of any provider, patient, or reporter of 
        patient safety work product. With respect to patients, 
        such information must be de-identified consistent with 
        the regulations promulgated pursuant to section 264(c) 
        of the Health Insurance Portability and Accountability 
        Act of 1996 (Public Law 104-191; 110 Stat. 2033).
          (3) Patient safety evaluation system.--The term 
        ``patient safety evaluation system'' means a process 
        that involves the collection, management, or analysis 
        of information for submission to or by a patient safety 
        organization.
          (4) Patient safety organization.--The term ``patient 
        safety organization'' means a private or public 
        organization or component thereof that is certified, 
        through a process to be determined by the Secretary 
        under section 925, to perform each of the following 
        activities:
                  (A) The conduct, as the organization or 
                component's primary activity, of efforts to 
                improve patient safety and the quality of 
                health care delivery.
                  (B) The collection and analysis of patient 
                safety work product that is submitted by 
                providers.
                  (C) The development and dissemination of 
                evidence-based information to providers with 
                respect to improving patient safety, such as 
                recommendations, protocols, or information 
                regarding best practices.
                  (D) The utilization of patient safety work 
                product to carry out activities limited to 
                those described under this paragraph and for 
                the purposes of encouraging a culture of safety 
                and of providing direct feedback and assistance 
                to providers to effectively minimize patient 
                risk.
                  (E) The maintenance of confidentiality with 
                respect to identifiable information.
                  (F) The provision of appropriate security 
                measures with respect to patient safety work 
                product.
                  (G) The submission of nonidentifiable 
                information to the Agency consistent with 
                standards established by the Secretary under 
                section 923(b) for any National Patient Safety 
                Database.
          (5) Patient safety work product.--
                  (A) The term ``patient safety work product'' 
                means any document or communication (including 
                any information, report, record, memorandum, 
                analysis, deliberative work, statement, or root 
                cause analysis) that--
                          (i) except as provided in 
                        subparagraph (B), is developed by a 
                        provider for the purpose of reporting 
                        to a patient safety organization, and 
                        is reported to a patient safety 
                        organization;
                          (ii) is created by a patient safety 
                        organization; or
                          (iii) would reveal the deliberations 
                        or analytic process of a patient safety 
                        evaluation system (as defined in 
                        paragraph (3)).
                  (B)(i) Patient safety work product described 
                in subparagraph (A)(i)--
                          (I) does not include any separate 
                        information described in clause (ii); 
                        and
                          (II) shall not be construed to 
                        include such separate information 
                        merely by reason of inclusion of a copy 
                        of the document or communication 
                        involved in a submission to, or the 
                        fact of submission of such a copy to, a 
                        patient safety organization.
                  (ii) Separate information described in this 
                clause is a document or communication 
                (including a patient's medical record or any 
                other patient or hospital record) that is 
                developed or maintained, or exists, separately 
                from any patient safety evaluation system.
                  (C) Information available from sources other 
                than a patient safety work product under this 
                section may be discovered or admitted in a 
                civil or administrative proceeding, if 
                discoverable or admissible under applicable 
                law.
          (6) Provider.--The term ``provider'' means--
                  (A) an individual or entity licensed or 
                otherwise authorized under State law to provide 
                health care services, including--
                          (i) a hospital, nursing facility, 
                        comprehensive outpatient rehabilitation 
                        facility, home health agency, and 
                        hospice program;
                          (ii) a physician, physician 
                        assistant, nurse practitioner, clinical 
                        nurse specialist, certified nurse 
                        midwife, psychologist, certified social 
                        worker, registered dietitian or 
                        nutrition professional, physical or 
                        occupational therapist, or other 
                        individual health care practitioner;
                          (iii) a pharmacist; and
                          (iv) a renal dialysis facility, 
                        ambulatory surgical center, pharmacy, 
                        physician or health care practitioner's 
                        office, long-term care facility, 
                        behavioral health residential treatment 
                        facility, clinical laboratory, or 
                        community health center; or
                  (B) any other person or entity specified in 
                regulations by the Secretary after public 
                notice and comment.

SEC. 922. PRIVILEGE FOR PATIENT SAFETY WORK PRODUCT.

  (a) Privilege.--Notwithstanding any other provision of law 
and subject to subsection (c), patient safety work product 
shall not be--
          (1) subject to a civil or administrative subpoena or 
        order;
          (2) subject to discovery in connection with a civil 
        or administrative proceeding;
          (3) subject to disclosure pursuant to section 552 of 
        title 5, United States Code (commonly known as the 
        Freedom of Information Act), or any other similar 
        Federal or State law;
          (4) required to be admitted as evidence or otherwise 
        disclosed in any State or Federal civil or 
        administrative proceeding; or
          (5) if the patient safety work product is 
        identifiable information and is received by a national 
        accreditation organization in its capacity as a patient 
        safety organization--
                  (A) used by a national accreditation 
                organization in an accreditation action against 
                the provider that reported the information;
                  (B) shared by such organization with its 
                survey team; or
                  (C) required as a condition of accreditation 
                by a national accreditation association.
  (b) Reporter Protection.--
          (1) In general.--A provider may not use against an 
        individual in an adverse employment action described in 
        paragraph (2) the fact that the individual in good 
        faith reported information--
                  (A) to the provider with the intention of 
                having the information reported to a patient 
                safety organization; or
                  (B) directly to a patient safety 
                organization.
          (2) Adverse employment action.--For purposes of this 
        subsection, an ``adverse employment action'' includes--
                  (A) the failure to promote an individual or 
                provide any other employment-related benefit 
                for which the individual would otherwise be 
                eligible;
                  (B) an adverse evaluation or decision made in 
                relation to accreditation, certification, 
                credentialing, or licensing of the individual; 
                and
                  (C) a personnel action that is adverse to the 
                individual concerned.
          (3) Remedies.--Any provider that violates this 
        subsection shall be subject to a civil monetary penalty 
        of not more than $20,000 for each such violation 
        involved. Such penalty shall be imposed and collected 
        in the same manner as civil money penalties under 
        subsection (a) of section 1128A of the Social Security 
        Act are imposed and collected.
  (c) Disclosures.--Nothing in this section prohibits any of 
the following disclosures:
          (1) Voluntary disclosure of nonidentifiable 
        information.
          (2) Voluntary disclosure of identifiable information 
        by a provider or patient safety organization, if such 
        disclosure--
                  (A) is authorized by the provider for the 
                purposes of improving quality and safety;
                  (B) is to an entity or person subject to the 
                requirements of section 264(c) of the Health 
                Insurance Portability and Accountability Act of 
                1996 (Public Law 104-191; 110 Stat. 2033), or 
                any regulation promulgated under such section; 
                and
                  (C) is not in conflict with such section or 
                any regulation promulgated under such section.
          (3) Disclosure as required by law by a provider to 
        the Food and Drug Administration, or on a voluntary 
        basis by a provider to a federally established patient 
        safety program, with respect to an Administration-
        regulated product or activity for which that entity has 
        responsibility, for the purposes of activities related 
        to the quality, safety, or effectiveness of such 
        Administration-regulated product or activity.
          (4) Disclosures of patient safety work product in 
        accordance with this part by a provider to a patient 
        safety organization.
  (d) Effect of Transfer, Disclosure.--The following shall not 
be treated as a waiver of any privilege or protection 
established under this part:
          (1) The transfer of any patient safety work product 
        between a provider and a patient safety organization.
          (2) Disclosure of patient safety work product as 
        described in subsection (c).
          (3) The unauthorized disclosure of patient safety 
        work product.
  (e) Penalty.--
          (1) Prohibition.--Except as provided in this part, 
        and subject to paragraphs (2) and (4), it shall be 
        unlawful for any person to disclose patient safety work 
        product in violation of this section, if such 
        disclosure constitutes a negligent or knowing breach of 
        confidentiality.
          (2) Relation to HIPAA.--The penalty under paragraph 
        (3) for a disclosure in violation of paragraph (1) does 
        not apply if the person would be subject to a penalty 
        under section 264(c) of the Health Insurance 
        Portability and Accountability Act of 1996 (Public Law 
        104-191; 110 Stat. 2033), or any regulation promulgated 
        under such section, for the same disclosure.
          (3) Amount.--Any person who violates paragraph (1) 
        shall be subject to a civil monetary penalty of not 
        more than $10,000 for each such violation involved. 
        Such penalty shall be imposed and collected in the same 
        manner as civil money penalties under subsection (a) of 
        section 1128A of the Social Security Act are imposed 
        and collected.
          (4) Subsequent disclosure.--Paragraph (1) applies 
        only to the first person that breaches confidentiality 
        with respect to particular patient safety work product.
  (f) Relation to HIPAA.--
          (1) In general.--For purposes of applying the 
        regulations promulgated pursuant to section 264(c) of 
        the Health Insurance Portability and Accountability Act 
        of 1996 (Public Law 104-191; 110 Stat. 2033)--
                  (A) patient safety organizations shall be 
                treated as business associates; and
                  (B) activities of such organizations 
                described in section 921(4) in relation to a 
                provider are deemed to be health care 
                operations (as defined in such regulations) of 
                the provider.
          (2) Rule of construction.--Nothing in this section 
        shall be construed to alter or affect the 
        implementation of such regulations or such section 
        264(c).
  (g) No Limitation of Other Privileges.--Nothing in this 
section shall be construed to affect privileges, including peer 
review and confidentiality protections, that are otherwise 
available under Federal or State laws.
  (h) No Limitation on Contracts.--Nothing in this section 
shall be construed to limit the power of a provider and a 
patient safety organization, or a patient safety organization 
and the Agency or any National Patient Safety Database, 
consistent with the provisions of this Act and other applicable 
law, to enter into a contract requiring greater confidentiality 
or delegating authority to make an authorized disclosure.
  (i) Relation to State Reporting Requirements.--Nothing in 
this part shall be construed as preempting or otherwise 
affecting any State law requiring a provider to report 
information, including information described in section 
921(5)(B), that is not patient safety work product.
  (j) Continuation of Privilege.--Patient safety work product 
of an organization that is certified as a patient safety 
organization shall continue to be privileged and confidential, 
in accordance with this section, if the organization's 
certification is terminated or revoked or if the organization 
otherwise ceases to qualify as a patient safety organization.
  (k) Reports on Strategies To Improve Patient Safety.--
          (1) Draft report.--Not later than the date that is 18 
        months after any National Patient Safety Database is 
        operational, the Secretary, in consultation with the 
        Director, shall prepare a draft report on effective 
        strategies for reducing medical errors and increasing 
        patient safety. The draft report shall include any 
        measure determined appropriate by the Secretary to 
        encourage the appropriate use of such strategies, 
        including use in any federally funded programs. The 
        Secretary shall make the draft report available for 
        public comment and submit the draft report to the 
        Institute of Medicine for review.
          (2) Final report.--Not later than 1 year after the 
        date described in paragraph (1), the Secretary shall 
        submit a final report to the Congress that includes, in 
        an appendix, any findings by the Institute of Medicine 
        concerning research on the strategies discussed in the 
        draft report and any modifications made by the 
        Secretary based on such findings.

SEC. 923. NATIONAL DATABASE.

  (a) Authority.--
          (1) In general.--In conducting activities under this 
        part, the Secretary shall provide for the establishment 
        and maintenance of a database to receive relevant 
        nonidentifiable patient safety work product, and may 
        designate entities to collect relevant nonidentifiable 
        patient safety work product that is voluntarily 
        reported by patient safety organizations upon the 
        request of the Secretary. Any database established or 
        designated under this paragraph may be referred to as a 
        ``National Patient Safety Database''.
          (2) Use of information.--Information reported to any 
        National Patient Safety Database shall be used to 
        analyze national and regional statistics, including 
        trends and patterns of health care errors. The 
        information resulting from such analyses may be 
        included in the annual quality reports prepared under 
        section 913(b)(2).
          (3) Advisory role.--The Secretary shall provide 
        scientific support to patient safety organizations, 
        including the dissemination of methodologies and 
        evidence-based information related to root causes and 
        quality improvement.
  (b) Standards.--In establishing or designating a database 
under subsection (a)(1), the Secretary shall, in consultation 
with representatives of patient safety organizations, the 
provider community, and the health information technology 
industry, determine common formats for the voluntary reporting 
of nonidentifiable patient safety work product, including 
necessary elements, common and consistent definitions, and a 
standardized computer interface for the processing of the work 
product. To the extent practicable, such standards shall be 
consistent with the administrative simplification provisions of 
part C of title XI of the Social Security Act.
  (c) Certain Methodologies for Collection.--The Secretary 
shall ensure that the methodologies for the collection of 
nonidentifiable patient safety work product for any National 
Patient Safety Database include the methodologies developed or 
recommended by the Patient Safety Task Force of the Department 
of Health and Human Services.
  (d) Facilitation of Information Exchange.--To the extent 
practicable, the Secretary may facilitate the direct link of 
information between providers and patient safety organizations 
and between patient safety organizations and any National 
Patient Safety Database.
  (e) Restriction on Transfer.--Only nonidentifiable 
information may be transferred to any National Patient Safety 
Database.

SEC. 924. TECHNICAL ASSISTANCE.

  (a) In General.--The Secretary, acting through the Director, 
may--
          (1) provide technical assistance to patient safety 
        organizations, and to States with reporting systems for 
        health care errors; and
          (2) provide guidance on the type of data to be 
        voluntarily submitted to any National Patient Safety 
        Database.
  (b) Annual Meetings.--Assistance provided under subsection 
(a) may include annual meetings for patient safety 
organizations to discuss methodology, communication, 
information collection, or privacy concerns.

SEC. 925. CERTIFICATION OF PATIENT SAFETY ORGANIZATIONS.

  (a) In General.--Not later than 6 months after the date of 
enactment of the Patient Safety and Quality Improvement Act, 
the Secretary shall establish a process for certifying patient 
safety organizations.
  (b) Process.--The process established under subsection (a) 
shall include the following:
          (1) Certification of patient safety organizations by 
        the Secretary or by such other national or State 
        governmental organizations as the Secretary determines 
        appropriate.
          (2) If the Secretary allows other governmental 
        organizations to certify patient safety organizations 
        under paragraph (1), the Secretary shall establish a 
        process for approving such organizations. Any such 
        approved organization shall conduct certifications and 
        reviews in accordance with this section.
          (3) A review of each certification under paragraph 
        (1) (including a review of compliance with each 
        criterion in this section and any related implementing 
        standards as determined by the Secretary through 
        rulemaking) not less often than every 3 years, as 
        determined by the Secretary.
          (4) Revocation of any such certification by the 
        Secretary or other such governmental organization that 
        issued the certification, upon a showing of cause.
  (c) Criteria.--A patient safety organization must meet the 
following criteria as conditions of certification:
          (1) The mission of the patient safety organization is 
        to conduct activities that are to improve patient 
        safety and the quality of health care delivery and is 
        not in conflict of interest with the providers that 
        contract with the patient safety organization.
          (2) The patient safety organization has appropriately 
        qualified staff, including licensed or certified 
        medical professionals.
          (3) The patient safety organization, within any 2 
        year period, contracts with more than 1 provider for 
        the purpose of receiving and reviewing patient safety 
        work product.
          (4) The patient safety organization is not a 
        component of a health insurer or other entity that 
        offers a group health plan or health insurance 
        coverage.
          (5) The patient safety organization is managed, 
        controlled, and operated independently from any 
        provider that contracts with the patient safety 
        organization for reporting patient safety work product.
          (6) To the extent practical and appropriate, the 
        patient safety organization collects patient safety 
        work product from providers in a standardized manner 
        that permits valid comparisons of similar cases among 
        similar providers.
  (d) Additional Criteria for Component Organizations.--If a 
patient safety organization is a component of another 
organization, the patient safety organization must, in addition 
to meeting the criteria described in subsection (c), meet the 
following criteria as conditions of certification:
          (1) The patient safety organization maintains patient 
        safety work product separately from the rest of the 
        organization, and establishes appropriate security 
        measures to maintain the confidentiality of the patient 
        safety work product.
          (2) The patient safety organization does not make an 
        unauthorized disclosure under this Act of patient 
        safety work product to the rest of the organization in 
        breach of confidentiality.
          (3) The mission of the patient safety organization 
        does not create a conflict of interest with the rest of 
        the organization.

                     PART [C] D--GENERAL PROVISIONS

SEC. [921] 931. ADVISORY COUNCIL FOR HEALTHCARE RESEARCH AND QUALITY.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [922] 932. PEER REVIEW WITH RESPECT TO GRANTS AND CONTRACTS.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [923] 933. CERTAIN PROVISIONS WITH RESPECT TO DEVELOPMENT, 
                    COLLECTION, AND DISSEMINATION OF DATA.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [924] 934. DISSEMINATION OF INFORMATION.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [925] 935. ADDITIONAL PROVISIONS WITH RESPECT TO GRANTS AND 
                    CONTRACTS.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [926] 936. CERTAIN ADMINISTRATIVE AUTHORITIES.

  (a) * * *

           *       *       *       *       *       *       *


SEC. [927] 937. FUNDING.

  (a) * * *

           *       *       *       *       *       *       *

  (e) Patient Safety and Quality Improvement.--For the purpose 
of carrying out part C, there are authorized to be appropriated 
such sums as may be necessary for each of the fiscal years 2004 
through 2008.

SEC. [928] 938. DEFINITIONS.

  In this title:
          (1) Advisory council.--The term ``Advisory Council'' 
        means the National Advisory Council on Healthcare 
        Research and Quality established under section [921] 
        931.

           *       *       *       *       *       *       *

                              ----------                              


FEDERAL FOOD, DRUG, AND COSMETIC ACT

           *       *       *       *       *       *       *


                      CHAPTER V--DRUGS AND DEVICES

Subchapter A--Drugs and Devices

           *       *       *       *       *       *       *


                      misbranded drugs and devices

  Sec. 502. A drug or device shall be deemed to be misbranded--
  (a) * * *

           *       *       *       *       *       *       *

  (w) If it is a drug or biological product, unless it includes 
a unique product identifier for the drug or biological product 
as required by regulations under section 510(q).

           *       *       *       *       *       *       *


             registration of producers of drugs and devices

  Sec. 510. (a) * * *

           *       *       *       *       *       *       *

  (q)(1) The Secretary shall issue, and may periodically 
revise, regulations requiring the manufacturer of any drug or 
biological product that is subject to regulation by the Food 
and Drug Administration, or the packager or labeler of a drug 
or biological product that is subject to regulation by the Food 
and Drug Administration, to include a unique product identifier 
on the packaging of the drug or biological product.
  (2) For purposes of this subsection, the term ``unique 
product identifier'' means an identification that--
          (A) is affixed by the manufacturer, labeler, or 
        packager to each drug or biological product described 
        in paragraph (1) at each packaging level;
          (B) uniquely identifies the item and meets the 
        standards required by this section; and
          (C) can be read by a scanning device or other 
        technology acceptable to the Secretary.
  (3) A unique product identifier required by regulations 
issued or revised under paragraph (1) shall be based on--
          (A) the National Drug Code maintained by the Food and 
        Drug Administration;
          (B) commercially accepted standards established by 
        organizations that are accredited by the American 
        National Standards Institute, such as the Health 
        Industry Business Communication Council or the Uniform 
        Code Council; or
          (C) other identification formats that the Secretary 
        deems appropriate.
  (4) The Secretary may, at the Secretary's discretion, waive 
the requirements of this section, or add additional provisions 
that are necessary to safeguard the public health.

           *       *       *       *       *       *       *


                                
