[Senate Report 108-196]
[From the U.S. Government Publishing Office]
Calendar No. 387
108th Congress Report
SENATE
1st Session 108-196
======================================================================
PATIENT SAFETY AND QUALITY IMPROVEMENT ACT OF 2003
_______
November 17, 2003.--Ordered to be printed
_______
Mr. Gregg, from the Committee on Health, Education, Labor, and
Pensions, submitted the following
R E P O R T
together with
ADDITIONAL VIEWS
[To accompany S. 720]
The Committee on Health, Education, Labor, and Pensions, to
which was referred the bill (S. 720) to amend title IX of the
Public Health Service Act to provide for the improvement of
patient safety and to reduce the incidence of events that
adversely effect patient safety, having considered the same,
reports favorably thereon with an amendment in the nature of a
substitute and recommends that the bill (as amended) do pass.
CONTENTS
Page
I. Purpose and need for legislation............................. 2
II. Summary...................................................... 4
III. History of legislation and votes in committee................ 6
IV. Explanation of bill and committee views...................... 6
V. Regulatory impact statement.................................. 13
VI. Application of law to the legislative branch................. 13
VII. Cost estimate................................................ 14
VIII.Section-by-section analysis.................................. 16
IX. Additional views............................................. 21
X. Changes in existing law...................................... 23
I. Purpose and Need for Legislation
As many as 98,000 Americans die each year from preventable
medical errors, according to the Institute of Medicine in its
1999 report To Err Is Human: Building a Safer Health System.
This IOM report recognizes that health care professionals are
human, humans are prone to error and most human errors are
triggered by system failures. The report emphasizes the need to
make system improvements and advises that health care
information reporting systems must develop and implement
processes through which medical error information can be
identified, analyzed and utilized to prevent further medical
errors. In addition, the report highlights that society's long-
standing reliance on the threat of malpractice litigation
discourages health care professionals and organizations from
disclosing, sharing, and discussing information about medical
errors. As a result, medical errors too often do not get
identified and the same systems-oriented errors recur. The
availability of civil remedies for patients who have been
injured by negligence is important to redress patients'
injuries. To reduce errors and improve patient safety the IOM
recommended, among other things, that ``Congress should pass
legislation to extend peer review protections to data related
to patient safety and quality improvement that are collected
and analyzed by health care organizations for internal use or
shared with others solely for purposes of improving safety and
quality.'' The IOM acknowledged that a critical component of a
comprehensive strategy to improve patient safety is to create
an environment that encourages organizations to identify
errors, evaluate causes and design systems to prevent future
errors from occurring.
Reporting and analyzing errors is one component of the
comprehensive strategy recommended by the IOM to reduce errors
and improve patient safety and health care quality. In To Err
is Human and subsequent reports, the IOM recommends a tiered
approach to improve the quality of care: federal protections
for a voluntary error reporting system (which is the focus of
this bill); a narrowly focused mandatory reporting system to
collect standardized information by State governments about
adverse events that result in death or serious harm (about 20
States have implemented mandatory reporting statutes for
certain serious events); increased investment in information
technology; establishing a national focus to create leadership
and enhance the knowledge base about safety; raising standards
and expectations for improvements in safety; and creating
safety systems inside health care organizations through the
implementation of safe practices at the delivery level.
Enactment of S. 720 is a significant step in an ongoing effort
to improve the quality of care provided to all Americans. The
committee notes that HHS has undertaken a number of programs to
address medical errors and improve quality.
The committee has held five hearings concerning medical
error and patient safety since the release of To Err is Human
in 1999. In the course of this examination, the committee found
that efforts to improve patient safety could best be
strengthened by creating a learning environment characterized
by supportive, voluntary data gathering systems. Testimony
received during the committee's examination of this issue
complements the body of research calling for the creation of a
``safe harbor'' for the reporting of medical error information;
that is, a means of reporting and analyzing information
insulated from the risk of incurring additional liability and
that absent a new reporting system would not otherwise exist.
This committee finds that S. 720, the ``Patient Safety and
Quality Improvement Act of 2003'' will promote a learning
environment that is needed to move beyond the existing culture
of blame and punishment that suppresses information about
health care errors to a ``culture of safety'' that focuses on
information sharing, improved patient safety and quality and
the prevention of future medical errors. The committee believes
that it is important to shift the current focus from
culpability to a new paradigm of error reduction and quality
improvement. A new system and process--separate from but
parallel to complementary laws and regulations designed to
ensure accountability--is required to encourage the reporting
of errors and to create an environment in which errors become
opportunities for learning and improvement. This system and
process would be separate from, and parallel to, complementary
State, Federal, and local laws and regulations designed to
ensure accountability; these State, Federal, and local
reporting systems are independent of the system contemplated by
this bill. The Department of Veterans Affairs and the Federal
Aviation Administration, among others, have demonstrated that
establishing a confidential error reporting system encourages
reporting and results in substantial advances in safety. The
Veterans' Health Administration has not only instituted a
program for voluntary error reporting, but has also instituted
a comprehensive program to improve the quality of care provided
at VHA facilities. Integral to this program is the pervasive
use of information technology in clinical practice. Physicians
at VHA facilities can access patient records electronically and
can enter orders for tests or procedures via an integrated
computer system that provides alerts if an intended order is
contraindicated for a particular patient. Moreover, the VHA
electronic record system can issue reminders for specific
procedures or screening tests to be performed, so that needed
preventive care is not inadvertently omitted. It is far from
certain that voluntary reporting alone would have been
sufficient to cause the dramatic improvement in health care
quality seen at VHA facilities in recent years.
An indispensable element of the reporting system used by
the FAA is the collection and analysis of errors reports at a
central site. If problems that could endanger passenger safety
are found in any aspect of the federal aviation system, FAA
issues directives to rectify those problems. Compliance with
directives from the FAA is mandatory. The Aviation Safety
Reporting System (ASRS) receives about 30,000 reports annually
and has an operating budget of approximately $2 million. While
S. 720 adopts a similar voluntary and confidential approach to
improving patient safety, the committee believes that
collecting potentially a million error reports a year at a
central location would be impractical and prohibitively
expensive. Not only would the sheer number of reports be
overwhelming, but also the necessary expertise that would be
necessary to properly analyze reports would be prohibitive. A
preferred approach is to allow PSO's to report aggregated,
nonidentifiable information to national databases specifically
established to collect and disseminate information on improving
patient safety.
The committee finds that the entire health care delivery
system can benefit from a systems analysis of near misses and
errors that have resulted in adverse events for systems
improvement and corrective actions.
The purpose of this legislation is to encourage a ``culture
of safety'' and quality in the U.S. health care system by
providing for broad confidentiality and legal protections of
information collected and reported voluntarily for the purposes
of improving the quality of medical care and patient safety.
These protections will facilitate an environment in which
health care professionals and organizations report and evaluate
health care errors and share their experiences with others in
order to prevent similar occurrences. This legislation is
needed to address what may be as many as 98,000 preventable
deaths per year associated with medical errors and the
estimated $29 billion in national costs associated with such
preventable errors.
This bill accomplishes these purposes by establishing and
defining a specific class of information known as ``patient
safety data'' and according this new class of data legal
protections designed to promote its collection, reporting and
analysis. Patient safety data is not subject to a Federal,
State, or local civil, criminal, or administrative subpoena or
subject to discovery in a Federal, State, or local civil,
criminal, or administrative proceeding. Further, this bill will
not permit patient safety data to be disclosed under the
Freedom of Information Act (FOIA); admitted as evidence or
disclosed in a Federal, State, or local civil, criminal, or
administrative proceeding; or used in a disciplinary proceeding
against a provider. The bill also provides broad
confidentiality protections, which are necessary to engender
the trust and cooperation of the health care providers. Without
participation of health care providers the system cannot be
effective in collecting information.
During the past decade patient safety has emerged as a
major health policy issue. There has been a steadily growing
and forceful call for Congress to pass legislation that will
facilitate the development of a confidential and nonpunitive
system for reporting health care errors so that such errors can
be identified and analyzed to improve patient safety by
preventing future errors.
Members of this Committee have worked in a bi-partisan
fashion to draft Federal legislation that reflects the IOM's
recommendation for congressional action to establish a
confidential reporting system to encourage a cooperative effort
among providers and organizations geared to improving patient
safety. This committee has worked diligently and deliberately
to ensure that this legislation strikes the appropriate balance
between plaintiff rights and creating a new culture in the
health care industry that provides incentives to identify and
learn from errors.
II. Summary
The general intent of S. 720, ``The Patient Safety and
Quality Improvement Act of 2003'' is to establish a system to
encourage voluntary reporting of adverse medical events,
medical errors and incidents of ``near misses'' and to
facilitate the development and adoption of interventions and
solutions that will improve patient safety and the quality and
outcomes of health care. This legislation amends the Public
Health Service Act to establish protections that will foster
voluntary reporting.
This legislation will encourage ``providers'' (e.g.,
physicians, nurses, hospitals, nursing homes, and other health
care providers) to report information on errors, incidents of
``near misses'' and enhanced health care quality practices to
organizations known as Patient Safety Organizations (PSO's).
PSO's are organizations that collect and analyze ``patient
safety data'' and provide feedback to providers on strategies
to improve patient safety and quality of care, and that have
been listed by the Department of Health and Human Services
(HHS) as such. HHS maintains a network of databases to provide
an interactive evidence-based management resource for
providers, PSO's, and the public. Providers, PSO's, and others
may voluntarily submit nonidentifiable patient safety data to a
database(s) in the network. HHS, PSO's and providers may
disseminate information on recommended interventions and best
practices to other PSO's, providers and consumers to improve
quality of care and enhance patient safety.
The legislation grants an evidentiary privilege for
information collected and developed by providers and PSO's
through this voluntary reporting system. The privilege
encompasses not only the report to the patient safety
organization but also all aspects of the analysis of, and
subsequent corrective actions related to, adverse events,
medical errors, and ``near misses'' reported as patient safety
data. It covers all deliberations, including oral and written
communications, and work products that meet the requirements
for patient safety data. This legislation also establishes
confidentiality protections for this written and oral patient
safety data to promote the reporting of medical errors. As a
result, health care providers will be able to report and
analyze medical errors, without fear that these reports will
become public or be used in litigation. This nonpunitive
environment will foster the sharing of medical error
information that is a significant step in a process to improve
the safety, quality, and outcomes of medical care.
It is vital to note that these protections do not extend
backward to underlying factual information contained within or
referred to in patient safety data reported to a PSO. In other
words, the adverse event or the medical error itself is not
privileged; it is the analysis of and subsequent corrective
actions related to the adverse event or medical errors that are
privileged. The underlying information remains unprivileged and
available for reporting to authorities under mandatory or
voluntary reporting initiatives. In practice, however,
information that an adverse event or medical error has occurred
is available through other record keeping systems (such as the
patient's medical record, nursing notes, billing information,
insurance forms). Because such information of adverse events or
medical errors is available or can be collected or developed
independent of the reporting system contemplated by this
legislation, these protections do not preempt current or
preclude future Federal, State or local requirements for the
reporting or disclosure of information that ensures
accountability or furthers informed consumer choice (e.g.,
hospital-acquired infections, medical errors, adverse or
sentinel health care events, and medical outcomes) other than
patient safety data. These protections do not provide a basis
for providers to refuse to comply with such reporting
requirements simply because they have reported the same or
similar information through the reporting system contemplated
by this legislation nor do they preclude providers from
voluntarily reporting such information pursuant to voluntary
reporting initiatives. As long as there is another source of
the information reported to the PSO--even if it is the same
information as is reported--the protections in this legislation
will not operate to prevent its release or disclosure because
the information would come from the other sources, not from
patient safety data. The legislation does not affect privileges
or stronger confidentiality protections available under other
law. The rules, for instance, which, in certain circumstances,
require the Food and Drug Administration to protect the names
of patients, providers, and reporters would, where applicable,
continue to be in effect as they are now. This legislation
recognizes and preserves the protection of confidential patient
information under the Health Insurance Portability and
Accountability Act of 1996. It requires HHS to develop or adopt
voluntary national standards that promote the integration of
health care information technology systems, requires a study to
assess the impact of medical technologies on patient safety,
and does not preempt other State and Federal peer review laws.
This legislation recognizes that patient safety can best be
improved by fostering efforts to identify and fix errors while
ensuring that providers remain accountable for malpractice.
Such a balance was envisioned in the 1999 Institute of Medicine
(IOM) report, To Err is Human: Building a Safer Health System,
and has been corroborated as responsive by numerous patient
safety experts, the Department of Veterans Affairs, the Agency
for Healthcare Research and Quality, and a broad base of
medical and health care organizations. However, it is important
to note that numerous analyses indicate that voluntary
confidential reporting is but one part of a comprehensive
program to improve patient care. While an important component
of a program to improve health care quality, voluntary
reporting alone will not be sufficient to eliminate the serious
problem of medical errors that the Nation faces. This
conclusion too is supported by numerous patient safety experts,
the Department of Veterans Affairs, the Agency for Healthcare
Research and Quality, and a broad base of medical and health
care organizations. The committee notes that HHS has already
undertaken a number of programs to address medical errors and
improve quality.
III. History of Legislation and Votes in Committee
On March 26, 2003, Senator Jeffords, for himself and
Senators Frist, Breaux and Gregg introduced S. 720 to provide
for the improvement of patient safety and to reduce the
incidence of events that adversely effect patient safety.
On July 23, 2003, the committee held an executive session
to consider S. 720. Senator Gregg for himself and Senator
Jeffords offered a substitute amendment, as modified, that was
considered as original text by the committee. The committee
approved S. 720, as amended by unanimous vote.
IV. Explanation of Bill and Committee Views
1. Legal protections for patient safety data encourage
reporting.
This legislation provides broad confidentiality protections
and legal privileges for patient safety data. The committee
finds that broad protections are essential to encourage
reporting. Currently, there are few incentives and many
barriers for providers to collect and report information
regarding patient safety. The primary barrier relates to
concerns that information shared to promote patient safety
would expose providers to liability. Unless this information
can be freely shared, errors will continue to be hidden and
errors will be repeated. A more open, nonpunitive learning
environment is needed to encourage health care professionals
and organizations to identify, analyze, and report errors
without facing the threat of litigation and, at the same time,
without compromising plaintiffs' legal rights or affecting
existing and future public reporting initiatives with respect
to the underlying data.
This bill provides confidentiality and legal protections
for patient safety data, which are defined as information
collected or developed and reported to a patient safety
organization within a reasonable period of time. The committee
recognizes that the reasonableness of the time to report is
contingent upon many factors, including the complexity of the
facts and circumstances surrounding the analysis of a medical
error. Nonetheless, the committee intends that a reasonable
period of time be a period of 2 months or less from the
collection or development of the patient safety data. This
amount of time will allow providers to investigate and report
pertinent information to the patient safety organization. The
information qualifies as patient safety data during that period
if it is collected or developed for reporting and is reported
to the patient safety organization within the required time
frame. The definition of patient safety data also includes
``any deliberative work or process or oral communications with
respect to any patient safety data* * * .'' (Section
921(A)(ii)) Patient safety data would not be collected or
developed in a vacuum, and accordingly the bill includes
reports, records, memoranda analyses, oral and written
statements and thought processes (or mental impressions) in the
definition of patient safety data. For example, if an error
occurs, a health care professional must first, at a minimum,
evaluate what occurred so that relevant information is recorded
in a manner that promotes analysis. Typically, relevant
information would be reported on a ``data set'' or standard
form (or computer form) used for reporting such information to
a patient safety organization. It is likely that a standard
form would be required by a patient safety organization so that
only relevant information is collected. Mere inclusion in such
a form is not sufficient to establish privilege under the
definition of patient safety data. For example, data on
hospital-acquired infections may be required to be reported to
a State agency and later released to the public. If such data
happens to be reported on a standard form for reporting to a
PSO, it would not thereby be exempted from the requirement to
be reported to the State agency if that State requires such
reporting through a parallel but different process. However,
analysis or discussion of the data that constituted patient
safety data would be exempted.
In addition to protecting the actual information that is
submitted to the patient safety organization, it is essential
to extend confidentiality and legal protections to any
``deliberative work or process'' and ``oral or written
communications'' utilized in generating a report to a patient
safety organization. This bill includes such communications
within the definition of patient safety data to allow for more
accurate information to be transmitted to a patient safety
organization. As the Institute of Medicine (IOM) stated in its
1999 report, To Err is Human, ``The strongest legal protections
would cover the entire chain of custody of the information from
its initial generation to its ultimate use.''
Patient safety data does not include information that is
collected or developed and exists separately. For example, data
and information that is contained in medical records, hospital
claim or billing forms and facts of an adverse event (including
oral and written statements not relating to the collection or
development of patient safety data) cannot be shielded by being
attached to patient safety data and sent to a patient safety
organization. This means that medical information--including
medical error information--that is currently available under a
reporting requirement or initiative or that is available to a
patient will continue to be available under this legislation.
The bill also provides that patient safety data may be used in
a criminal case if the court in camera finds that it contains
evidence of certain intentional criminal acts. The legislation
respects the discovery rights of plaintiffs in malpractice
cases.
Many States extend privilege and confidentiality
protections to analyses of medical errors that take place
within the hospital, without restricting the right of a
plaintiff to other information, such as the medical record and
related information as well as the right to depose all health
care personnel involved in a patient's care regarding their
knowledge at the time of the alleged malpractice. This bill
follows a similar approach for the analysis and reporting of
adverse events, medical errors, and ``near misses.'' As the IOM
stated in To Err is Human, ``protecting data in a reporting
system * * * does not mean that the plaintiff in a lawsuit
could not try to obtain such information through other avenues
if it is important in securing redress for harm; it just means
that the plaintiff would not be assisted by the presence of a
reporting system designed specifically for other purposes
beneficial to society.'' Importantly, the bill does not alter
existing rights or remedies available to injured patients. Laws
that provide greater confidentiality or privilege protections
are also not affected by this legislation.
2. This legislation will not preempt Federal, State, or
local law governing accountability for a health care
professional's negligence, malfeasance, or criminal acts, or
that requires the collection and reporting of underlying data
on health care provider quality of care, other than patient
safety data.
In creating a nonpunitive and voluntary system for the
reporting and analyses of events that have led or could lead to
patient harm, the committee recognizes the importance of
separate systems of laws, regulations, accreditation and
licensing requirements that have been (or may in the future be)
established for the purpose of maintaining accountability in
the health care system. This legislation provides legal
protections for specified patient safety data. It is separate
from and independent of mandatory or voluntary reporting
systems that have been or may be established under Federal,
State or local law or regulation. Reporting an error or other
incident under this new system will not limit or affect the
reporting of information that is now or will in the future be
required to be made under existing Federal, State, or local law
to non-patient safety organizations. Information that must be
reported under Federal, State or local reporting requirements
(such as New York's incident reporting statute 10 NYCRR
Sec. 405.8)--even when those laws or regulations require the
reporting of the same or similar information regarding the type
of events also reported through the system contemplated by this
legislation--is not within the definition of patient safety
data because it is not ``collected or developed * * * for
reporting to a patient safety organization * * *'' (section
921(2)(A)(i)(I)). Conversely, information covered under state
reporting laws fall outside the definition of patient safety
data because such information is ``collected or developed
separately from and that exists separately from patient safety
data * * *'' (section 921(2)(B)).
There are numerous, well-established mechanisms by which
individuals and entities in the health care system are held
accountable. For example, criminal acts by providers that
seriously harm patients must be reported under State laws.
Hospitals and medical staffs must report such events to law
enforcement authorities and hospital licensing laws generally
require the reporting of such events as well as certain other
reportable events to licensing boards or accreditation
organizations. In addition to standard error event reporting
(such as wrong site surgery, error in medication, and
transfusion error), many States require reporting of adverse
events such as suspected abuse of a patient, rape, infant
abduction, unanticipated death not related to natural course of
patient's illness, suicide of patient, and events that lead to
patient harm. JCAHO's sentinel event policy includes an
extensive list of adverse events that must be reported. State
peer review statutes encourage health care professionals to
evaluate care provided by the members of the medical staff and
to take appropriate action. Moreover, medical staff bylaws
typically provide for an immediate summary suspension of health
care professionals in serious situations or other disciplinary
action against health care professionals even when peer review
activities are underway. Patient deaths are reportable to a
medical examiner, who generally has the discretion to conduct
an investigation of deaths. Impaired healthcare workers are
reported to a designated professional regulatory agency or
rehabilitation program pursuant to State licensing laws.
Federal, State, and local agencies may investigate and
prosecute individuals under their respective authorities. Many
States have laws that require a healthcare worker to report to
the authorities cases of suspected neglect or abuse, typically
applicable to children and senior citizens. Further, the state
and federal civil court systems are available to patients who
are injured, or their survivors if the patient dies, due to
negligence.
In addition, a number of employer organizations have
instituted (or are planning to institute) voluntary reporting
initiatives for providers that participate in their networks.
The operation of these legal requirements, or these voluntary
initiatives, is not preempted by this legislation but may not
afford the protections provided by this bill. This legislation
conveys legal protection only on those communications that are
sent to the PSO, or that the PSO prepares to send to a provider
(and related communications and materials)--not to the
underlying information contained within those communications
that is obtainable from other records or sources.
This legislation will not allow providers and patient
safety organizations to hide information about a crime by
reporting and analyzing the case using this system. The
confidentiality and legal protections in this bill would in no
way limit or affect the availability of any information or
evidence that does not meet the statutory definition of patient
safety data and is currently available under existing Federal,
State, or local law (section 922(j)(2)). Furthermore, this bill
specifically allows an exception to the confidentiality and
legal protections for patient safety data in a criminal
proceeding when a court makes an in camera determination that
the data includes evidence of an intentional act to harm a
patient (section 922(c)(1)). This bill specifically states that
nothing in the bill would prohibit a provider from reporting a
crime to law enforcement authorities (section 922(j)(5)).
3. Patient Safety Organizations analyze patient safety data
and provide recommendations, best practices and systems
improvements to improve patient safety and quality of care.
This legislation requires that information be reported to
or developed by a Patient Safety Organization (PSO) to qualify
as patient safety data. The primary purpose of a patient safety
organization is to continually work to improve the quality and
safety of care provided to patients. The breadth of data
available to PSO's, that are expected to enter into contracts
with multiple providers, will facilitate the identification and
analysis of patterns of organization and behavior that can lead
to errors. This broader, systemic perspective will provide an
important complement to the quality and safety improvement
initiatives of many health care providers and facilitate the
type of ``shared learning'' envisioned by the IOM report. PSO's
should provide guidance and direct feedback to the provider's
analysis of adverse events, medical errors, and ``near misses''
(or a provider may contract with a PSO to undertake the initial
analysis as well), undertake broader statistical pattern
analyses drawing upon data from two or more providers, and
assist health care professionals and organizations in
identifying and/or undertaking quality improvement initiatives
to minimize patient risk. A PSO may be a component of a larger
organization, as long as the component meets the criteria set
forth in the bill.
Reporting an error or other incident under this new system
will not limit or affect the reporting and disclosure of
information that is not patient safety data and that is
required to be made under existing or future Federal, State, or
local mandatory public reporting systems, whether or not that
organization also operates under this legislation as a patient
safety organization. For example, a State health agency or a
nongovernmental organization that collects and reports data
under State law may continue to report or disclose information
required by state law notwithstanding its designation and
operation as a patient safety organization under this bill. The
organization's collection and development, as a PSO, of patient
safety data would not place protections as envisioned by this
bill on nonpatient safety data handled by the organization for
other purposes. The multiple functions of this organization
under both this bill and Federal, State, or local law are to
continue independently of each other.
This legislation protects and encourages the sharing and
dissemination of information about improving patient safety. It
is the intent of this committee that interventions, protocols,
information about best practices and systems improvements that
are developed through the analysis of patient safety data be
shared by providers and PSO's to enable patient safety
improvements to occur throughout the health care delivery
system. Toward this end, the Agency for Health Research and
Quality (AHRQ) will maintain a network of databases of
nonidentifiable data to provide an interactive evidence-based
patient safety management resource for providers, PSO's, and
the public.
To allow the sharing of information to improve patient
safety, the bill provides for protected disclosures of
information (section 922(d)). For example, the bill permits
PSOs to share patient safety data with other PSO's. It also
permits providers or PSO's to use or disclose patient safety
data in connection with providing treatment, improving patient
safety, health care quality, administrative efficiency, or any
other customary activity of the provider. Disclosures of
information pursuant to this section do not waive the privilege
or confidentiality of the patient safety data (section 922(g))
and the patient safety data continues to be privileged and
confidential (section 922 (e)).
The bill also permits other disclosures (section 922(c)).
For example, patient safety data that does not identify the
patient or the provider may be disclosed by a provider or a PSO
on a voluntary basis (section 922(c)(3). This is the mechanism
in the bill that allows disclosure of information to AHRQ, to
nonhealthcare related entities, and to the public. For example,
under this section, a PSO could release nonidentifiable
information about best practices; aggregate data, such as
infection rates; or aggregate trend data, such as a decline in
a rate of wrong site surgery. In addition, a provider or PSO
could publish case studies, methods used to analyze systems
failures or factors that can help improve the quality of care.
The use and disclosure under this section--including
disclosure to the FDA (section 922(c)(2)) or to CDC (section
922(c)(4))--removes the privilege and confidentiality
protections for the information used or disclosed. However, the
balance of the patient safety data, which remains at the
provider or PSO, continues to be privileged and confidential
(section 922(e)). Moreover, even though disclosure to FDA or
CDC would remove the privilege and confidentiality protections
created under this law for the data disclosed, other statutes
and regulations governing confidential information disclosed to
the Government may continue to protect such information from
subsequent disclosure by FDA or CDC. In any event, this bill
does not require any disclosure to FDA or to CDC (or to any
other person). It is important to note that except in the case
of patient safety data associated with an intentional criminal
act (section 922(c)(1)), a PSO cannot be compelled to release
any information, whether it is patient safety data or not, even
if it has been voluntarily disclosed to others under sections
922(c)(2)-(4). This allows PSO's to focus their efforts on
quality improvement and patient safety.
The bill permits a PSO to make voluntary disclosures on
behalf of the provider. A provider may by contract with a PSO
determine what disclosures may be made by the PSO. For example,
a provider and PSO could agree by contract to distribute only
aggregate nonidentifiable patient safety data. The bill does
not affect any person's right to contract with respect to these
issues.
To enable the Agency for Healthcare Research and Quality
(AHRQ) to advance the science of patient safety analysis and
reporting and to meet its technical assistance requirements
under the bill, providers and patient safety organizations are
permitted to disclose patient safety data to grantees or
contractors carrying out research, evaluation, or demonstration
projects authorized by the Director. The committee intends for
such disclosures to be provided only to the components of such
entities that are actually carrying out the project in
question. Such disclosures do not waive privilege or
confidentiality and AHRQ grantees and contractors must observe
the strict confidentiality safeguards provided under this
title.
4. Patient Safety Organizations are subject to an expedited
certification process.
The legislation provides an efficient, minimally burdensome
certification process to help expedite implementation of a
patient safety system. S. 720 requires an organization to
certify that it intends to perform [certification]--or that it
performs [recertification]--the activities required of a
patient safety organization. The Secretary will list as PSO's
those organizations that certify that they meet the required
criteria.
The Secretary may examine any organization at any time to
see whether it in fact is performing those required activities.
The PSO would be subject to Federal law that provides sanctions
for false certification. Under the Federal False Claims Act,
those operating PSO's would be subject to fines or imprisonment
in a federal facility for up to 5 years. The committee believes
that this process strikes the proper balance of ensuring that
PSO's function as intended under S. 720 while ensuring that the
patient safety process is not unduly delayed by requiring that
the Secretary review the operations of each entity applying for
recognition as a PSO.
5. The system is voluntary and nonpunitive.
As an acknowledgment of the necessity to have a nonpunitive
environment, the bill contains ``whistle blower'' protections
for those reporting patient safety data. This bill directly
prohibits retaliation against an individual for making a report
in good faith to the provider for reporting to the PSO or
directly to the PSO, while still allowing employers the
opportunity to initiate disciplinary actions for other
permissible reasons. With respect to State employers, the
privilege shall not attach to the patient safety data unless
the employer consents to being subject to the legislation's
whistle blower protections. For this voluntary reporting system
to achieve its intended goal, its nonpunitive nature must
extend not only to health care organizations but also to health
care professionals and support staff.
6. The Secretary establishes standards for healthcare data.
The bill seeks to accelerate the pace of progress on
healthcare data exchange standards for electronic medical
records. Now, many providers are waiting to make significant
investments in critical technology. One of the primary
difficulties in establishing various information technology
systems is the fear that a system will need to be completely
replaced within a short period of time because it no longer has
the appropriate specifications for interacting with government
or other entities. Therefore, the bill directs the Secretary to
develop or adopt voluntary standards to facilitate the
development of the basic infrastructure, the National Health
Information Infrastructure recommended by the National
Committee on Vital and Health Statistics. In fulfilling this
requirement, the committee intends for the Secretary to take
into account existing standards and the ongoing activities of
other-standard-setting bodies both within and outside the
Federal Government.
V. Regulatory Impact Statement
The committee has determined that there will be minimal
increases in the regulatory burden imposed by this bill. The
bill does not mandate any new reporting system but provides
protection for data submitted to patient safety organizations
(PSO) to prevent medical errors from occurring and improve
quality of care for patients. Each PSO will certify to HHS that
it performs the functions stated in S. 720 and must recertify
every 3 years. The Secretary, on his own initiative, or on
complaint, could examine the PSO to determine whether the PSO
is in fact performing the required functions. HHS will also
maintain a network of databases and provide technical
assistance to PSO's to assist them with the certification
process and with improving patient safety. Accordingly, the
committee has determined that there will be minimal regulatory
burden imposed with respect to the certification process.
VI. Application of Law to the Legislative Branch
Section 102(b)(3) of Public Law 104-1, the Congressional
Accountability Act (CAA), requires a description of the
application of this bill to the legislative branch. S. 720
encourages a culture of safety and quality by providing for the
legal protection of voluntarily reported patient safety data.
Accordingly, the legislation limits permissible disclosures of
patient safety data and provides no special exception for
disclosure of identifiable patient safety data to the
legislative branch. The legislation requires the Department of
Health and Human Services to maintain a list of certified
PSO's, which collect patient safety data from providers and
provide strategic patient safety feedback to the providers. HHS
is also required by the legislation to maintain a network of
databases to provide an interactive evidence-based management
resource for providers, patient safety organizations and the
public; to develop or adopt voluntary national standards that
promote the integration of health care information technology
systems; and to assess the impact of medical technologies on
patient safety. As such, it has no application to the
legislative branch.
VII. Cost Estimate
U.S. Congress,
Congressional Budget Office,
Washington, DC, August 15, 2003.
Hon. Judd Gregg,
Chairman, Committee on Health, Education, Labor, and Pensions,
U.S. Senate, Washington, DC.
Dear Mr. Chairman: The Congressional Budget Office has
prepared the enclosed cost estimate for S. 720, the Patient
Safety and Quality Improvement Act.
If you wish further details on this estimate, we will be
pleased to provide them. The CBO staff contacts are Chris
Topoleski and Margaret Nowak.
Sincerely,
Douglas Holtz-Eakin,
Director.
Enclosure.
S. 720--Patient Safety and Quality Improvement Act of 2003
Summary: S. 720 would establish certification procedures
for patient safety organizations (PSOs) and require the
Secretary of Health and Human Services to maintain a list of
certified PSOs, which collect patient safety data voluntarily
submitted by health care providers for inclusion in a patient
safety network of databases. The bill also would establish
privacy protections and impose civil monetary penalties for
violations of those protections. The bill would require the
Secretary to report to the Congress on effective strategies for
reducing medical errors and increasing patient safety.
CBO estimates that implementing S. 720 would cost $4
million in 2004 and $51 million over the 2004-2008 period,
assuming the appropriation of the necessary amounts. CBO
estimates that receipts from fines for violation of the privacy
protections would amount to less than $500,000 a year.
The bill would require the Secretary of Health and Human
Services to develop methodologies for the collection of patient
safety data and provide technical assistance to PSOs. In
addition, the Secretary would develop voluntary national
standards that promote the comparability of medical information
technology systems.
S. 720 would preempt state laws that govern the disclosure
of information provided to patient safety organizations. While
that preemption would be intergovernmental mandates as defined
in the Unfunded Mandate Reform Act (UMRA), it would impose no
requirements on states that would result in additional
spending; thus, the threshold as established by UMRA would not
be exceeded ($59 million in 2003, adjusted annually for
inflation).
The bill would impose a private-sector mandate on health
care providers, as defined in UMRA, by not allowing them to use
the fact that an employer reported patient safety data in an
adverse employment action against the employee. This mandate
would not have any direct cost, however, because patient safety
data as defined in the bill does not exist under current law.
Estimated cost to the Federal Government: The estimated
cost of S. 720 is shown in the following table. The bill could
also result in an increase in revenues from fines, but CBO
estimates that any such increase would be less than $500,000 a
year. The costs of this legislation fall within budget function
550 (health).
----------------------------------------------------------------------------------------------------------------
By fiscal year, in millions of dollars--
--------------------------------------------
2004 2005 2006 2007 2008
----------------------------------------------------------------------------------------------------------------
CHANGES IN SPENDING SUBJECT TO APPROPRIATION
Estimated Authorization Level...................................... 12 13 12 13 13
Estimated Outlays.................................................. 4 9 12 13 13
----------------------------------------------------------------------------------------------------------------
Basis of estimate
Spending subject to appropriation
S. 720 would expand the current duties of the Agency for
Healthcare Research and Quality (AHRQ). Although not
specifically named, the AHRQ is the most likely and appropriate
agency within the Department of Health and Human Services to
carry out the provisions of the bill. The new duties would
include providing technical assistance to PSOs that have (or
are developing) systems for reporting medical errors. AHRQ also
would oversee the certification and listing of PSOs, which
collect patient safety data from health care providers. (PSOs
are private or public organizations that conduct activities to
improve patient safety and the quality of health care
delivery.) PSOs would not receive funding under this bill.
In addition, the bill would require AHRQ to maintain a
patient safety network of databases to collect, support, and
coordinate the analysis of patient safety data that is reported
on a voluntary basis. Based on information from AHRQ, CBO
expects that these tasks would require increased staff for
providing assistance to PSOs, oversight of PSOs, and collection
and maintenance of the patient safety database. CBO estimates
that the agency would need additional appropriations of $12
million in 2004 and $63 million over the 2004-2008 period to
carry out these responsibilities. We estimate that outlays
would total $51 million over the 2004-2008 period, assuming the
necessary amounts are appropriated. In 2004, we estimate that
the agency would spend about $4 million, primarily on
maintaining the patient safety database.
The bill would require the Secretary to develop
methodologies for collecting data on patient safety. In
addition, S. 720 would require the Secretary to develop
voluntary, national standards that promote the compatibility of
health care information technology systems across all health
care settings. CBO estimates that these efforts would cost less
than $500,000 a year.
Revenues
Because those prosecuted and convicted for violation of the
bill's privacy provisions could be subject to civil monetary
penalties, the federal government might collect additional
fines if the bill is enacted. Collections of civil fines are
recorded in the budget as governmental receipts (i.e.,
revenues). CBO estimates that any additional receipts would be
less than $500,000 a year.
Estimated impact on State, local, and tribal governments:
S. 720 would preempt any state freedom of information law or
other laws governing civil or administrative procedure that
require the disclosure of information provided by a health care
provider to a certified patient safety organization. This
preemption would be an intergovernmental mandate as defined in
UMRA, because it would limit the application of those state
laws. CBO estimates that this mandate would impose no
requirement on states that would result in additional spending;
thus, the threshold as established by UMRA would not be
exceeded ($59 million in 2003, adjusted annually for
inflation).
Estimated impacted on the private sector: The bill would
impose a private-sector mandate on health care providers, as
defined in UMRA, by not allowing them to use the fact that an
employee reported patient safety data in an adverse employment
action against the employee. This mandate would not have any
direct cost, however, because patient safety data as defined in
the bill does not exist under current law.
Previous CBO estimates: On March 3, 2003, CBO transmitted a
cost estimate for H.R. 663, the Patient Safety Quality
Improvement Act, as ordered reported by the House Committee on
Energy and Commerce on February 12, 2003. CBO estimated that
implementing the provisions of that bill would increase
discretionary spending by $104 million over five years. The
difference in the estimates for S. 720 and H.R. 663 is largely
due to the grant program for establishing an electronic
prescription program authorized by H.R. 663. In addition, H.R.
663 would require the inclusion of a unique product identifier
on packaging of a drug or biological product that is subject to
regulation by the FDA. This provision, which would be a
private-sector mandate, is not included in S. 720.
On March 5, 2003, CBO transmitted a cost estimate for H.R.
877, the Patient Safety Improvement Act, as ordered reported by
the House Committee on Ways and Means on February 27, 2003. CBO
estimated that implementing the provisions of that bill would
increase direct spending by $59 million and increase
discretionary spending by $4 million over five years. The
difference in the estimates for S. 720 and H.R. 877 is largely
due to the provision in H.R. 877 that would establish the
Medical Information Technology Board to provide recommendations
regarding medical information technology.
Estimate prepared by: Federal costs: Margaret Nowak and
Chris Topoleski; Impact on State, local, and tribal
governments: Leo Lex; Impact on the private sector: Dan
Wilmoth.
Estimate approved by: Peter H. Fontaine Deputy Assistant
Director for Budget Analysis.
VIII. Section-by-Section Analysis
The bill amends title IX of the Public Health Service Act
to provide for the improvement of patient safety and to reduce
the incidence of events that adversely effect patient safety.
Sec. 1. Short title
Section 1 entitles the Act the ``Patient Safety and Quality
Improvement Act of 2003.''
Sec. 2. Findings and purpose
Establishes a series of findings, which point to the
critical need for confidentiality and legal protections with
respect to information reported for the purposes of quality
improvement and patient safety. Specifies that the primary
purpose of the bill is to encourage a culture of safety and
quality in the health care system by providing for the legal
protection of information reported voluntarily for the purposes
of quality improvement and patient safety, and ensure
accountability by raising standards and expectations for
continuous quality improvements in patient safety.
Sec. 3. Amendments to Public Health Service Act
Amends title IX of the Public Health Service Act (42 U.S.C.
299 et seq.) by redesignating part C as part D, redesignating
section 921 through 928 as section 931 through 938, and
inserting the following sections under new Part C:
Section 921. Definitions.
Section 921(1): Defines the term ``non-identifiable'' as
information presented in a form and manner that prevents
identification of a provider, a patient or a reporter of
patient safety data.
Section 921(2): Defines ``Patient Safety Data'' as any
data, reports, records, memoranda, analyses (such as root cause
analyses), or statements that could result in improved patient
safety, quality, or outcomes that are collected or developed by
a ``provider'' for reporting to a PSO and are reported within a
reasonable period of time, requested by a PSO, reported to a
provider by a PSO, or collected from a provider or PSO or
developed by PSO. The definition includes any deliberative work
or process or oral communication with respect to patient safety
data. Patient safety data does not include information that is
collected or developed and exists separately from Patient
Safety Data (such as, medical records and copies of
``separate'' information).
Section 921(3): Defines ``Patient Safety Organization'' as
a public or private organization or component thereof that is
listed by the Secretary as a patient safety organization, after
the submission of a certification pursuant to section 924 (c).
A PSO will (A) conduct, as its primary activity, efforts to
improve patient safety and the quality of health care delivery;
(B) collection and analysis of ``patient safety data'' that are
submitted by more than one provider; (C) the development and
dissemination of information to providers to improve patient
safety; (D) utilization of ``patient safety data'' to encourage
a culture of safety and providing direct feedback and
assistance to providers to minimize patient risk; (E)
maintenance of procedures to preserve confidentiality of
patient safety data, and (F) provision of security measures for
``patient safety data.''
Section 921(4): ``Provider'' is broadly defined as a person
licensed or otherwise authorized under state law to provide
health care services. Includes physicians, physician offices,
hospitals, nurses, nursing facilities, pharmacists, pharmacies,
home health agencies, hospice, ambulatory surgical centers,
long term care facilities, clinical laboratories,
psychologists, or any other person specified in regulations
promulgated by the Secretary.
Section 922. Privilege and Confidentiality Protections.
Section 922(a): Patient Safety Data is privileged and shall
not be: subject to a federal, state, or local civil, criminal,
or administrative subpoena; subject to discovery in a federal,
state, or local civil, criminal, or administrative proceeding;
disclosed pursuant to the Freedom of Information Act (FOIA);
admitted as evidence or disclosed in a federal, state, or local
civil, criminal, or administrative proceeding; or utilized in a
disciplinary proceeding against a provider.
Section 922(b): Patient safety data shall be confidential
and shall not be disclosed, except as set forth in paragraphs
(c) and (d).
Section 922(c): The following disclosures and uses are
allowed: disclosure of relevant patient safety data by a
provider or PSO for use in a criminal proceeding only after a
court makes an in camera determination that such data contains
evidence of an intentional act to directly harm a patient;
voluntary disclosure by provider or PSO to the FDA or a person
subject to the FDA's jurisdiction regarding a FDA-regulated
product or activity; voluntary disclosures by provider to CDC
for public health surveillance, investigation, or other public
activities; and voluntary disclosure by provider or PSO of non-
identifiable data.
Section 922(d): The following disclosures are also allowed:
disclosure by a provider or PSO to carry out the activities of
the PSO; use or disclosure by a provider or PSO in connection
with providing treatment, improving patient safety, health care
quality or administrative efficiency, or other customary
activity of the provider or in obtaining payment; disclosure
among PSOs; disclosure by provider or PSO to grantees or
contractors carrying out patient safety research, evaluation,
or demonstration projects authorized by the Director; and
disclosure by a provider to an accrediting body that accredits
that provider.
Section 922(e): Patient safety data used or disclosed in
accordance with section 922(d) shall continue to be privileged
and confidential in accordance with sections 922(a) and (b) and
shall not be disclosed by an entity that possessed such
information before such use or disclosure, or by an entity to
which the information was disclosed, unless such additional
disclosure is permitted under section 922(d).
Section 922(f): Except as provided in section 922(c), no
action may be brought or process served against a patient
safety organization to compel disclosure of information
collected or developed under this part whether or not such
information is patient safety data. An accrediting body may not
require a provider to reveal its communications with a PSO.
Section 922(g): Except with respect to the specific patient
safety data that is used or disclosed, disclosure under
sections 922(c) and 922(d) is not treated as a waiver of any
privilege or protection, nor are protections waived when
patient safety data is inadvertently disclosed.
Section 922(h): A provider may not take an adverse
employment action against an individual based upon the fact
that the individual in good faith reported information to the
provider with the intention of having the information reported
to a PSO or directly to a PSO.
Section 922(i): Civil monetary penalty up to $10,000 may be
imposed for a negligent or intentional disclosure of patient
safety data. State employers must consent to being subject to
such penalties to invoke the privileges provided by this
legislation. If the disclosure was in violation of HIPAA, then
the HIPAA penalties apply instead of the civil monetary penalty
under this Act. A civil action may be brought by any aggrieved
individual to enjoin any act or practice that violates section
922(h) and to obtain other appropriate equitable relief
(including reinstatement, back pay, and restoration of
benefits) to redress such violation.
Section 922(j): This legislation does not: limit other
privileges and confidentiality protections available under
federal, state, or local laws that provide greater protection;
limit, alter, or affect the requirements of federal, state, or
local law pertaining to patient-related data that is not
privileged or confidential under this Title; affect the health
information privacy provisions under HIPAA; limit the authority
of any provider, PSO, or other person to enter into a contract
requiring greater confidentiality protections than provided in
this Title or delegating authority to make a disclosure or use
in accordance with the Title; or prohibit a provider from
reporting a crime to law enforcement authorities.
Section 923. Patient Safety Network of Databases.
The Secretary shall maintain a network of databases that
provides an interactive evidence-based management resource for
providers, PSOs, and others. Providers, PSOs, and others may
voluntarily submit non-identifiable patient safety data to a
database(s) in the network. The Secretary may also determine
common formats for the reporting to the patient safety network
of databases of non-identifiable patient safety data, including
necessary data elements, common and consistent definitions, and
a standardized computer interface for the processing of such
data.
Section 924. Patient Safety Organization Certification and
Listing.
A PSO must certify to the Secretary that it satisfies the
criteria in the definition of PSO. A PSO may receive initial
certification without meeting the activity of collecting and
analyzing patient safety data submitted by more than one
provider, but must file supplemental certification within 2
years that the PSO performs such activity. The Secretary shall
notify a PSO if its certification is accepted or will provide
the reasons for non-acceptance. The Secretary must compile and
maintain a current list of certified PSOs. The Secretary may
revoke a PSOs certification after notice and hearing, must
publish a notice of revocation in Federal Register, and require
the PSO to notify providers of revocation. Certification
expires after 3 years and may be renewed. Patient safety data
held by a PSO that loses its certification remains privileged
and confidential. If the Secretary removes an organization from
the PSO listing--due to revocation of certification or because
the PSO has ceased operation for any reason--the decertified
PSO must transfer patient safety data to another certified PSO,
return the data to the provider, or destroy the data if
returning the data is not practicable.
Section 925. Technical Assistance.
AHRQ may provide technical assistance to PSOs, including
convening meetings to discuss methodology, communication, data
collection, or privacy concerns.
Section 926. Promoting the Interoperability of Health Care
Information Technology Systems.
Within 3 years, HHS must develop or adopt (and review and
periodically update) voluntary national standards that promote
the integration of health care information technology systems.
Section 927. Authorization of Appropriations.
Authorizes for appropriations such sums as necessary.
Sec. 4. Studies and reports
Requires the Secretary to contract with a research
organization to assess the impact of medical technologies and
therapies on patient safety, patient benefit, health care
quality, cost of care, and productivity growth. The Secretary
must report the results to Congress within 18 months.
IX. ADDITIONAL VIEWS OF SENATORS KENNEDY, DODD AND CLINTON
The signatories of these ``Additional Views'' fully support
the goal of establishing a voluntary national patient safety
reporting program with a legal privilege to adhere to any
information newly created for that program. Such a program
would be the first step in a comprehensive effort to reduce
errors and enhance the quality of health care. The signatories
believe, however, that enhanced use of information technology
should be an integral part of any effort to improve health care
quality and reduce errors.
Improved use of information technology (IT) is an integral
part of reducing medical errors and improving patient care.
Over one million serious medication errors are made in American
hospitals every year, resulting in over 7,000 deaths. The
economic costs of medication errors are also staggering. Each
serious medication error adds $2,000 to the cost of a hospital
stay. The total cost of medication errors is over $2 billion
annually.
Dramatic decreases in medication errors are seen
consistently when computerized systems are installed and used.
To cite but a few examples, use of a computerized prescription
order entry system was shown to reduce hospital length of stay
by 0.89 days per patient and to reduce costs by 12.7%,
according to a study by Tierney and colleagues published in the
Journal of the American Medical Association.
In a study of a computerized prescription order entry
system for patients with infectious disease, Evans and
colleagues found that use of the system reduced by 76%
prescriptions of drugs to which patients were allergic, reduced
excess drug dosages by 78% and reduced adverse reactions by
86%. The same study showed that the system reduced the cost per
patient of drugs prescribed by over 75% and reduced hospital
costs per patient by 41%.
Computerized records also allow doctors to look at a
patient's entire medical records at once--making proper care
coordination a real possibility. According to the Institute of
Medicine, ``Health information is dispersed in a collection of
paper records that are poorly organized and often illegible,
and frequently cannot be retrieved in a timely fashion, making
it nearly impossible to manage many forms of chronic illness
that require frequent monitoring and ongoing patient support.''
IT systems can transform this sorry state of affairs and help
patients get the type of coordinated care they need. The
Institute of Medicine, in its recent report Leadership by
Example, concluded that, ``the Federal government should take
steps immediately to encourage and facilitate the development
of information technology infrastructure that is critical to
health care quality and safety enhancement.''
IT also enables the provision of health quality information
to providers, purchasers, and consumers. Certain model
information technologies, such as the personal health record,
which is an electronic medical record that patients can access,
append to, and share with their providers, build in the concept
of informing consumers to improve health quality and encourage
informed patient choice and decisionmaking.
Average IT spending per employee per year among all U.S.
industries is nearly $7,000 per year, and the banking sector
spends almost $125,000 per employee. Yet health care invests
only $3000 per employee per year on IT. Despite evidence that
greater investments could yield monetary returns for society at
large, as well as individual providers, the health care
providers have been slow to adopt.
The signatories of these views strongly believe that the
federal government should assist the health care sector in
enhancing its use of IT. We believe that IT is inherently a
patient safety issue, and therefore that this legislation is an
appropriate vehicle for IT provisions. However, we are willing
to work with Chairman Gregg and other members of the Committee
to ensure that this issue is addressed soon.
Ted Kennedy.
Hillary Rodham Clinton.
Christopher J. Dodd.
X. Changes in Existing Law
In compliance with rule XXVI paragraph 12 of the Standing
Rules of the Senate, the following provides a print of the
statute or the part or section thereof to be amended or
replaced (existing law proposed to be omitted is enclosed in
black brackets, new matter is printed in italic, existing law
in which no change is proposed is shown in roman):
PUBLIC HEALTH SERVICE ACT
* * * * * * *
TITLE IX--AGENCY FOR HEALTHCARE RESEARCH AND QUALITY
PART A--ESTABLISHMENT AND GENERAL DUTIES
SEC. 901. MISSION AND DUTIES.
(a) In General.--* * *
* * * * * * *
PART B--HEALTH CARE IMPROVEMENT RESEARCH
SEC. 911. HEALTH CARE OUTCOME IMPROVEMENT RESEARCH.
(a) Evidence Rating Systems.--* * *
* * * * * * *
SEC. 912. PRIVATE-PUBLIC PARTNERSHIPS TO IMPROVE ORGANIZATION AND
DELIVERY.
(a) Support for Efforts To Develop Information on
Quality.--
(1) Scientific and technical support.--* * *
* * * * * * *
(c) Reducing Errors in Medicine.--The Director, in
accordance with part C, shall conduct and support research and
build private-public partnerships to--
PART C--PATIENT SAFETY IMPROVEMENT
SEC. 921. DEFINITIONS.
In this part:
(1) Non-identifiable information.--
(A) In general.--The term ``non-identifiable
information'' means information that is
presented in a form and manner that prevents
the identification of a provider, a patient, or
a reporter of patient safety data.
(B) Identifiability of patient.--For purposes
of subparagraph (A), the term ``presented in a
form and manner that prevents the
identification of a patient'' means, with
respect to information that has been subject to
rules promulgated pursuant to section 264(c) of
Health Insurance Portability and Accountability
Act of 1996 (42 U.S.C. 1320d-2 note), that the
information has been de-identified so that it
is no longer individually identifiable health
information as defined in such rules.
(2) Patient safety data.--
(A) In general.--The term ``patient safety
data'' means--
(i) any data, reports, records,
memoranda, analyses (such as root cause
analyses), or statements that could
result in improved patient safety or
health care quality or health care
outcomes, that are--
(I) collected or developed by
a provider for reporting to a
patient safety organization,
provided that they are reported
to the patient safety
organization within a
reasonable period of time;
(II) requested by a patient
safety organization (including
the contents of such request);
(III) reported to a provider
by a patient safety
organization; or
(IV) collected from a
provider or patient safety
organization or developed by a
patient safety organization; or
(ii) any deliberative work or process
or oral communications with respect to
any patient safety data described in
clause (i).
(B) Limitation.--The term ``patient safety
data'' shall not include information (including
a patient's medical record) that is collected
or developed separately from and that exists
separately from patient safety data. Such
separate information or a copy thereof
submitted to a patient safety organization
shall not itself be considered as patient
safety data.
(3) Patient safety organization.--The term ``patient
safety organization'' means a private or public
organization or component thereof that performs all of
the following activities (which are deemed to be
necessary for the proper management and administration
of such organization or component thereof), and that is
currently listed by the Secretary as a patient safety
organization pursuant to section 924(c):
(A) The conduct, as its primary activity, of
efforts to improve patient safety and the
quality of health care delivery.
(B) The collection and analysis of patient
safety data that are submitted by more than one
provider.
(C) The development and dissemination of
information to providers with respect to
improving patient safety, such as
recommendations, protocols, or information
regarding best practices.
(D) The utilization of patient safety data
for the purposes of encouraging a culture of
safety and of providing direct feedback and
assistance to providers to effectively minimize
patient risk.
(E) The maintenance of a process to preserve
confidentiality with respect to the information
that is not non-identifiable.
(F) The provision of appropriate security
measures with respect to patient safety data.
(G) The submittal to the Secretary of a
certification pursuant to section 924.
(4) Provider.--The term ``provider'' means--
(A) a person licensed or otherwise authorized
under State law to provide health care
services, including--
(i) a hospital, nursing facility,
comprehensive outpatient rehabilitation
facility, home health agency, hospice
program, renal dialysis facility,
ambulatory surgical center, pharmacy,
physician or health care practitioner's
office, long term care facility,
behavior health residential treatment
facility, clinical laboratory, or
health center; or
(ii) a physician, physician
assistant, nurse practitioner, clinical
nurse specialist, certified registered
nurse anesthetist, certified nurse
midwife, psychologist, certified social
worker, registered dietition or
nutrition professional, physical or
occupational therapist, pharmacist, or
other individual health care
practitioner; or
(B) any other person specified in regulations
promulgated by the Secretary.
SEC. 922. PRIVILEGE AND CONFIDENTIALITY PROTECTIONS.
(a) Privilege.--Notwithstanding any other provision of
Federal, State, or local law, patient safety data shall be
privileged and, subject to the provisions of subsection (c),
shall not be--
(1) subject to a Federal, State, or local civil,
criminal, or administrative subpoena;
(2) subject to discovery in connection with a
Federal, State, or local civil, criminal, or
administrative proceeding;
(3) disclosed pursuant to section 552 of title 5,
United States Code (commonly known as the Freedom of
Information Act) or any other similar Federal, State,
or local law;
(4) admitted as evidence or otherwise disclosed in
any Federal, State, or local civil, criminal, or
administrative proceeding; or
(5) utilized in a disciplinary proceeding against a
provider.
(b) Confidentiality.--Notwithstanding any other provision
of Federal, State, or local law, and subject to the provisions
of subsections (c) and (d), patient safety data shall be
confidential and shall not be disclosed.
(c) Exceptions to Privilege and Confidentiality.--Nothing
in this section shall be construed to prohibit one or more of
the following uses or disclosures:
(1) Disclosure by a provider or patient safety
organization of relevant patient safety data for use in
a criminal proceeding only after a court makes an in
camera determination that such patient safety data
contains evidence of an intentional act to directly
harm the patient.
(2) Voluntary disclosure by a provider or patient
safety organization of information to the Food and Drug
Administration, or to a person that is subject to the
jurisdiction of the Food and Drug Administration, with
respect to a Food and Drug Administration-regulated
product or activity for which that entity has
responsibility, for the purposes of activities related
to the quality, safety, or effectiveness of a Food and
Drug Administration-regulated product or activity or a
Food and Drug Administration proceeding.
(3) Voluntary disclosure of non-identifiable patient
safety data by a provider or a provider patient safety
organization.
(4) Voluntary disclosure by a provider of patient
safety data to the Centers for Disease Control and
Prevention for public health surveillance,
investigation, or other public health activities.
(d) Protected Disclosure and Use of Information.--Nothing
in this section shall be construed to prohibit one or more of
the following uses or disclosures:
(1) Disclosure by a provider or patient safety
organization of information to which subsections (a) or
(b) applies to carry out activities described in
paragraph (2) or (3) of section 921.
(2) Use or disclosure by a provider or patient safety
organization of patient safety data in connection with
providing treatment, improving patient safety, health
care quality or administrative efficiency, or any other
customary activity of the provider or in obtaining
payment.
(3) Disclosure of patient safety data among patient
safety organizations.
(4) Disclosure of patient safety data by a provider
or patient safety organization to grantees or
contractors carrying out patient safety research,
evaluation, or demonstration projects authorized by the
Director.
(5) Disclosure of patient safety data by a provider
to an accrediting body that accredits that provider.
(e) Continued Protection of Information.--Patient safety
data used or disclosed in accordance with subsection (d) shall
continue to be privileged and confidential in accordance with
subsections (a) and (b) and shall not be disclosed--
(1) by an entity that possessed such information
before such use or disclosure; or
(2) by an entity to which the information was
disclosed;
unless such additional disclosure is permitted under subsection
(d).
(f) Limitation on Actions.--
(1) Patient safety organizations.--Except as provided
in subsection (c), no action may be brought or process
served against a patient safety organization to compel
disclosure of information collected or developed under
this part whether or not such information is patient
safety data.
(2) Providers.--An accrediting body shall not take an
accrediting action against a provider based on the good
faith participation of the provider in the collection,
development, reporting, or maintenance of patient
safety data in accordance with this part. An
accrediting body may not require a provider to reveal
its communications with any patient safety organization
established in accordance with this part.
(g) Disclosure or Use of Information.--
(1) In general.--Except with respect to the specific
patient safety data that is used or disclosed, the
disclosure or use of any patient safety data in
accordance with subsection (c) or (d) shall not be
treated as a waiver of any privilege or protection
established under this part.
(2) Inadvertent disclosure or use.--The inadvertent
disclosure or use of patient safety data shall not
waive any privilege or protection established under
this part with respect to such data.
(h) Reporter Protection.--
(1) In general.--A provider may not take an adverse
employment action, as described in paragraph (2),
against an individual based upon the fact that the
individual in good faith reported information--
(A) to the provider with the intention of
having the information reported to a patient
safety organization; or
(B) directly to a patient safety
organization.
(2) Adverse employment action.--For purposes of this
subsection, an ``adverse employment action'' includes--
(A) loss of employment, the failure to
promote an individual, or the failure to
provide any other employment-related benefit
for which the individual would otherwise be
eligible; or
(B) an adverse evaluation or decision made in
relation to accreditation, certification,
credentialing, or licensing of the individual.
(i) Enforcement.--
(1) Prohibition.--Except as provided in subsections
(c) and (d) and as otherwise provided for in this
section, it shall be unlawful for any person to
negligently or intentionally disclose any patient
safety data described in subsection (a) and any such
person shall, upon adjudication, be assessed in
accordance with section 934(d).
(2) Relation to hipaa.--The penalty provided for
under paragraph (1) shall not apply if the defendant
would otherwise be subject to a penalty under the
regulations promulgated under section 264(c) of the
Health Insurance Portability and Accountability Act of
1996 (42 U.S.C. 1320d-2 note) or under section 1176 of
the Social Security Act (42 U.S.C. 1320d-5) for the
same disclosure.
(3) Equitable relief.--Without limiting remedies
available to other parties, a civil action may be
brought by any aggrieved individual to enjoin any act
or practice that violates subsection (h) and to obtain
other appropriate equitable relief (including
reinstatement, back pay, and restoration of benefits)
to redress such violation.
(4) Actions against state employees.--Notwithstanding
subsection (a), with respect to a State employer, the
privilege described in such subsection shall not apply
to such employer unless the employer consents, in
advance, to be subject to a civil action under
paragraph (3).
(j) Rule of Construction.--Nothing in this section shall be
construed to--
(1) limit other privileges that are available under
Federal, State, or local laws that provide greater
confidentiality protections or privileges than the
privilege and confidentiality protections provided for
in this section;
(2) limit, alter, or affect the requirements of
Federal, State, or local law pertaining to patient-
related data that is not privileged or confidential
under this section;
(3) alter or affect the implementation of any
provision of section 264(c) of the Health Insurance
Portability and Accountability Act of 1996 (Public Law
104-191; 110 Stat. 2033), section 1176 of the Social
Security Act (42 U.S.C. 1320d-5), or any regulation
promulgated under such sections;
(4) limit the authority of any provider, patient
safety organization, or other person to enter into a
contract requiring greater confidentiality or
delegating authority to make a disclosure or use in
accordance with subsection (c) or (d); and
(5) prohibit a provider from reporting crime to law
enforcement authorities.
SEC. 923. PATIENT SAFETY NETWORK OF DATABASES.
(a) In General.--The Secretary shall maintain a patient
safety network of databases that provides an interactive
evidence-based management resource for providers, patient
safety organizations, and other persons. The network of
databases shall have the capacity to accept, aggregate, and
analyze nonidentifiable patient safety data voluntarily
reported by patient safety organizations, providers, or other
persons.
(b) Network of Database Standards.--The Secretary may
determine common formats for the reporting to the patient
safety network of databases maintained under subsection (a) of
nonidentifiable patient safety data, including necessary data
elements, common and consistent definitions, and a standardized
computer interface for the processing of such data. To the
extent practicable, such standards shall be consistent with the
administrative simplification provisions of Part C of title XI
of the Social Security Act.
SEC. 924. PATIENT SAFETY ORGANIZATION CERTIFICATION AND LISTING.
(a) Certification.--
(1) Initial Certification.--Except as provided in
paragraph (2), an entity that seeks to be a patient
safety organization shall submit an initial
certification to the Secretary that the entity intends
to perform the activities described in subparagraphs
(A) through (F) of section 921(3).
(2) Delayed certification of collection from more
than one provider.--An entity that seeks to be a
patient safety organization may--
(A) submit an initial certification that it
intends to perform the activities described in
subparagraph (A) through (F) of section 921(3)
other than the activities described in
subparagraph (B) of such section; and
(B) within 2 years of submitting the initial
certification under subparagraph (A), submit a
supplemental certification that it performs the
activities described in section 921(3)(B).
(3) Expiration and renewal.--
(A) Expiration.--An initial certification
under paragraph (1) or (2)(A) shall expire on
the date that is 3 years after it is submitted.
(B) Renewal.--
(i) In general.--An entity that seeks
to remain a patient safety organization
after the expiration of an initial
certification under paragraph (1) or
(2)(A) shall, within the 3-year period
described in subparagraph (A), submit a
renewal certification to the Secretary
that the entity satisfies the criteria
described in subparagraphs (A) through
(F) of section 921(3).
(ii) Term of renewal.--A renewal
certification under clause (i) shall
expire on the date that is 3 years
after that date on which it is
submitted, and may be renewed in the
same manner as an initial
certification.
(b) Acceptance of Certification.--Upon the submission by an
organization of an initial certification pursuant to subsection
(a)(1) or (a)(2)(A), a supplemental certification pursuant to
subsection (a)(2)(B), or a renewal certification pursuant to
subsection (a)(3)(B), the Secretary shall review such
certification and--
(1) if such certification meets the requirements of
subsection (a)(1) or (a)(2)(A), (a)(2)(B), or
(a)(3)(B), as applicable, the Secretary shall notify
the organization that such certification is accepted;
or
(2) if such certification does not meet such
requirements, as applicable, the Secretary shall notify
the organization that such certification is not
accepted and the reasons therefore.
(c) Listing.--
(1) In general.--Except as otherwise provided in this
subsection, the Secretary shall compile and maintain a
current listing of patient safety organizations with
respect to which the Secretary has accepted a
certification pursuant to subsection (b).
(2) Removal from listing.--The Secretary shall remove
from the listing under paragraph (1)--
(A) an entity with respect to which the
Secretary has accepted an initial certification
pursuant to subsection (a)(2)(A) and which does
not submit a supplemental certification
pursuant to subsection (a)(2)(B) that is
accepted by the Secretary;
(B) an entity whose certification expires and
which does not submit a renewal application
that is accepted by the Secretary; and
(C) an entity with respect to which the
Secretary revokes the Secretary's acceptance of
the entity's certification, pursuant to
subsection (d).
(d) Revocation of Acceptance.--
(1) In general.--Except as provided in paragraph (2),
if the Secretary determines that a patient safety
organization does not perform any activity described in
subparagraphs (a) through (f) of section 921(3), the
Secretary may, after notice and an opportunity for a
hearing, revoke the Secretary's acceptance of the
certification of such organization.
(2) Delayed certification of collection from more
than one provider.--A revocation under paragraph (1)
may not be based on a determination that the
organization does not perform the activity described in
section 921(3)(B) if--
(A) the listing of the organization is based
on its submittal of an initial certification
under subsection (a)(2)(A);
(B) the organization has not submitted a
supplemental certification under subsection
(a)(2)(B); and
(C) the 2-year period described in subsection
(a)(2)(B) has not expired.
(e) Notification of Revocation or Removal from Listing.--
(1) Supplying confirmation of notification to
providers.--Within 15 days of a revocation under
subsection (d)(1), a patient safety organization shall
submit to the Secretary a confirmation that the
organization has taken all reasonable actions to notify
each provider whose patient safety data is collected or
analyzed by the organization of such revocation.
(2) Publication.--Upon the revocation of an
acceptance of an organization's certification under
subsection (d)(1), or upon the removal of an
organization from the listing under subsection (c)(2),
the Secretary shall publish notice of the revocation or
removal in the Federal Register.
(f) Status of Data After Removal From Listing.--
(1) New data.--With respect to the privilege and
confidentiality protections described in section 922,
data submitted to an organization within 30 days after
the organization is removed from the listing under
subsection (c)(2) shall have the same status as data
submitted while the organization was still listed.
(2) Protection to continue to apply.--If the
privilege and confidentiality protections described in
section 922 applied to data while an organization was
listed, or during the 30-day period described in
paragraph (1), such protections shall continue to apply
to such data after the organization is removed from the
listing under subsection (c)(2).
(g) Disposition of Data.--If the Secretary revokes the
acceptance of an organization's certification under subsection
(d)(1) and removes the organization from the listing as
provided for in subsection (c)(2), with respect to the patient
safety data that the organization received from providers, the
organization shall--
(1) with the approval of the provider and another
patient safety organization, transfer such data to such
other organization;
(2) return such data to the provider of that patient
safety data; or
(3) if returning such data to the provider is not
practicable, destroy such data.
SEC. 925. TECHNICAL ASSISTANCE.
The Secretary, acting through the Director, may provide
technical assistance to patient safety organizations, including
annual meetings for patient safety organizations to discuss
methodology, communication, data collection, or privacy
concerns.
SEC. 926. PROMOTING THE INTEROPERABILITY OF HEALTH CARE INFORMATION
TECHNOLOGY SYSTEMS.
(a) Development.--Not later than 36 months after the date
of enactment of the Patient Safety and Quality Improvement Act
of 2003, the Secretary shall develop or adopt voluntary
national standards that promote the electronic exchange of
health care information.
(b) Updates.--The Secretary shall provide for the ongoing
review and periodic updating of the standards developed under
subsection (a).
(c) Dissemination.--The Secretary shall provide for the
dissemination of the standards developed and updated under this
section.
SEC. 927. AUTHORIZATION OF APPROPRIATIONS.
There is authorized to be appropriated such sums as may be
necessary to carry out this part.
* * * * * * *
PART [C] D--GENERAL PROVISIONS
SEC. [921] 931. ADVISORY COUNCIL FOR HEALTHCARE RESEARCH AND QUALITY.
(a) Establishment.--* * *
* * * * * * *
SEC. [922] 932. PEER REVIEW WITH RESPECT TO GRANTS AND CONTRACTS.
(a) Requirement of Review.--
(1) In general.--* * *
* * * * * * *
SEC. [923] 933. CERTAIN PROVISIONS WITH RESPECT TO DEVELOPMENT,
COLLECTION, AND DISSEMINATION OF DATA.
(a) Standards With Respect to Utility of Data.--
(1) In general.--* * *
* * * * * * *
SEC. [924] 934. DISSEMINATION OF INFORMATION.
(a) In General.--The Director shall--
(1) * * *
* * * * * * *
(d) Penalty.--Any person who violates subsection (c) shall
be subject to a civil monetary penalty of not more than $10,000
for each such violation involved. [Such penalty shall be
imposed and collected in the same manner as civil money
penalties under subsection (a) of section 1128A of the Social
Security Act are imposed and collected.] Penalties provided for
under this section shall be imposed and collected by the
Secretary using the administrative and procedural processes
used to impose and collect civil money penalties under section
1128A of the Social Security Act (other than subsections (a)
and (b), the second sentence of subsection (f), and subsections
(i), (m), and (n)), unless the Secretary determines that a
modification of procedures would be more suitable or reasonable
to carry out this subsection and provides for such modification
by regulation.
* * * * * * *
SEC. [925] 935. ADDITIONAL PROVISIONS WITH RESPECT TO GRANTS AND
CONTRACTS.
(a) Financial Conflicts of Interest.--* * *
* * * * * * *
SEC. [926] 936. CERTAIN ADMINISTRATIVE AUTHORITIES.
(a) Deputy Director and Other Officers and Employees.--
(1) Deputy director.--* * *
* * * * * * *
SEC. [927] 937. FUNDING.
(a) Intent.--* * *
* * * * * * *
SEC. [928] 938. DEFINITIONS.
In this title:
(1) Advisory council.--The term ``Advisory Council''
means the National Advisory Council on Healthcare
Research and Quality established under section [921]
931.
* * * * * * *
�