[Senate Report 108-196]
[From the U.S. Government Publishing Office]



                                                       Calendar No. 387
108th Congress                                                   Report
                                 SENATE
 1st Session                                                    108-196
======================================================================

 
           PATIENT SAFETY AND QUALITY IMPROVEMENT ACT OF 2003

                                _______
                                

               November 17, 2003.--Ordered to be printed

                                _______
                                

    Mr. Gregg, from the Committee on Health, Education, Labor, and 
                   Pensions, submitted the following

                              R E P O R T

                             together with

                            ADDITIONAL VIEWS

                         [To accompany S. 720]

    The Committee on Health, Education, Labor, and Pensions, to 
which was referred the bill (S. 720) to amend title IX of the 
Public Health Service Act to provide for the improvement of 
patient safety and to reduce the incidence of events that 
adversely effect patient safety, having considered the same, 
reports favorably thereon with an amendment in the nature of a 
substitute and recommends that the bill (as amended) do pass.

                                CONTENTS

                                                                   Page
  I. Purpose and need for legislation.............................    2
 II. Summary......................................................    4
III. History of legislation and votes in committee................    6
 IV. Explanation of bill and committee views......................    6
  V. Regulatory impact statement..................................   13
 VI. Application of law to the legislative branch.................   13
VII. Cost estimate................................................   14
VIII.Section-by-section analysis..................................   16

 IX. Additional views.............................................   21
  X. Changes in existing law......................................   23

                  I. Purpose and Need for Legislation

    As many as 98,000 Americans die each year from preventable 
medical errors, according to the Institute of Medicine in its 
1999 report To Err Is Human: Building a Safer Health System. 
This IOM report recognizes that health care professionals are 
human, humans are prone to error and most human errors are 
triggered by system failures. The report emphasizes the need to 
make system improvements and advises that health care 
information reporting systems must develop and implement 
processes through which medical error information can be 
identified, analyzed and utilized to prevent further medical 
errors. In addition, the report highlights that society's long-
standing reliance on the threat of malpractice litigation 
discourages health care professionals and organizations from 
disclosing, sharing, and discussing information about medical 
errors. As a result, medical errors too often do not get 
identified and the same systems-oriented errors recur. The 
availability of civil remedies for patients who have been 
injured by negligence is important to redress patients' 
injuries. To reduce errors and improve patient safety the IOM 
recommended, among other things, that ``Congress should pass 
legislation to extend peer review protections to data related 
to patient safety and quality improvement that are collected 
and analyzed by health care organizations for internal use or 
shared with others solely for purposes of improving safety and 
quality.'' The IOM acknowledged that a critical component of a 
comprehensive strategy to improve patient safety is to create 
an environment that encourages organizations to identify 
errors, evaluate causes and design systems to prevent future 
errors from occurring.
    Reporting and analyzing errors is one component of the 
comprehensive strategy recommended by the IOM to reduce errors 
and improve patient safety and health care quality. In To Err 
is Human and subsequent reports, the IOM recommends a tiered 
approach to improve the quality of care: federal protections 
for a voluntary error reporting system (which is the focus of 
this bill); a narrowly focused mandatory reporting system to 
collect standardized information by State governments about 
adverse events that result in death or serious harm (about 20 
States have implemented mandatory reporting statutes for 
certain serious events); increased investment in information 
technology; establishing a national focus to create leadership 
and enhance the knowledge base about safety; raising standards 
and expectations for improvements in safety; and creating 
safety systems inside health care organizations through the 
implementation of safe practices at the delivery level. 
Enactment of S. 720 is a significant step in an ongoing effort 
to improve the quality of care provided to all Americans. The 
committee notes that HHS has undertaken a number of programs to 
address medical errors and improve quality.
    The committee has held five hearings concerning medical 
error and patient safety since the release of To Err is Human 
in 1999. In the course of this examination, the committee found 
that efforts to improve patient safety could best be 
strengthened by creating a learning environment characterized 
by supportive, voluntary data gathering systems. Testimony 
received during the committee's examination of this issue 
complements the body of research calling for the creation of a 
``safe harbor'' for the reporting of medical error information; 
that is, a means of reporting and analyzing information 
insulated from the risk of incurring additional liability and 
that absent a new reporting system would not otherwise exist.
    This committee finds that S. 720, the ``Patient Safety and 
Quality Improvement Act of 2003'' will promote a learning 
environment that is needed to move beyond the existing culture 
of blame and punishment that suppresses information about 
health care errors to a ``culture of safety'' that focuses on 
information sharing, improved patient safety and quality and 
the prevention of future medical errors. The committee believes 
that it is important to shift the current focus from 
culpability to a new paradigm of error reduction and quality 
improvement. A new system and process--separate from but 
parallel to complementary laws and regulations designed to 
ensure accountability--is required to encourage the reporting 
of errors and to create an environment in which errors become 
opportunities for learning and improvement. This system and 
process would be separate from, and parallel to, complementary 
State, Federal, and local laws and regulations designed to 
ensure accountability; these State, Federal, and local 
reporting systems are independent of the system contemplated by 
this bill. The Department of Veterans Affairs and the Federal 
Aviation Administration, among others, have demonstrated that 
establishing a confidential error reporting system encourages 
reporting and results in substantial advances in safety. The 
Veterans' Health Administration has not only instituted a 
program for voluntary error reporting, but has also instituted 
a comprehensive program to improve the quality of care provided 
at VHA facilities. Integral to this program is the pervasive 
use of information technology in clinical practice. Physicians 
at VHA facilities can access patient records electronically and 
can enter orders for tests or procedures via an integrated 
computer system that provides alerts if an intended order is 
contraindicated for a particular patient. Moreover, the VHA 
electronic record system can issue reminders for specific 
procedures or screening tests to be performed, so that needed 
preventive care is not inadvertently omitted. It is far from 
certain that voluntary reporting alone would have been 
sufficient to cause the dramatic improvement in health care 
quality seen at VHA facilities in recent years.
    An indispensable element of the reporting system used by 
the FAA is the collection and analysis of errors reports at a 
central site. If problems that could endanger passenger safety 
are found in any aspect of the federal aviation system, FAA 
issues directives to rectify those problems. Compliance with 
directives from the FAA is mandatory. The Aviation Safety 
Reporting System (ASRS) receives about 30,000 reports annually 
and has an operating budget of approximately $2 million. While 
S. 720 adopts a similar voluntary and confidential approach to 
improving patient safety, the committee believes that 
collecting potentially a million error reports a year at a 
central location would be impractical and prohibitively 
expensive. Not only would the sheer number of reports be 
overwhelming, but also the necessary expertise that would be 
necessary to properly analyze reports would be prohibitive. A 
preferred approach is to allow PSO's to report aggregated, 
nonidentifiable information to national databases specifically 
established to collect and disseminate information on improving 
patient safety.
    The committee finds that the entire health care delivery 
system can benefit from a systems analysis of near misses and 
errors that have resulted in adverse events for systems 
improvement and corrective actions.
    The purpose of this legislation is to encourage a ``culture 
of safety'' and quality in the U.S. health care system by 
providing for broad confidentiality and legal protections of 
information collected and reported voluntarily for the purposes 
of improving the quality of medical care and patient safety. 
These protections will facilitate an environment in which 
health care professionals and organizations report and evaluate 
health care errors and share their experiences with others in 
order to prevent similar occurrences. This legislation is 
needed to address what may be as many as 98,000 preventable 
deaths per year associated with medical errors and the 
estimated $29 billion in national costs associated with such 
preventable errors.
    This bill accomplishes these purposes by establishing and 
defining a specific class of information known as ``patient 
safety data'' and according this new class of data legal 
protections designed to promote its collection, reporting and 
analysis. Patient safety data is not subject to a Federal, 
State, or local civil, criminal, or administrative subpoena or 
subject to discovery in a Federal, State, or local civil, 
criminal, or administrative proceeding. Further, this bill will 
not permit patient safety data to be disclosed under the 
Freedom of Information Act (FOIA); admitted as evidence or 
disclosed in a Federal, State, or local civil, criminal, or 
administrative proceeding; or used in a disciplinary proceeding 
against a provider. The bill also provides broad 
confidentiality protections, which are necessary to engender 
the trust and cooperation of the health care providers. Without 
participation of health care providers the system cannot be 
effective in collecting information.
    During the past decade patient safety has emerged as a 
major health policy issue. There has been a steadily growing 
and forceful call for Congress to pass legislation that will 
facilitate the development of a confidential and nonpunitive 
system for reporting health care errors so that such errors can 
be identified and analyzed to improve patient safety by 
preventing future errors.
    Members of this Committee have worked in a bi-partisan 
fashion to draft Federal legislation that reflects the IOM's 
recommendation for congressional action to establish a 
confidential reporting system to encourage a cooperative effort 
among providers and organizations geared to improving patient 
safety. This committee has worked diligently and deliberately 
to ensure that this legislation strikes the appropriate balance 
between plaintiff rights and creating a new culture in the 
health care industry that provides incentives to identify and 
learn from errors.

                              II. Summary

    The general intent of S. 720, ``The Patient Safety and 
Quality Improvement Act of 2003'' is to establish a system to 
encourage voluntary reporting of adverse medical events, 
medical errors and incidents of ``near misses'' and to 
facilitate the development and adoption of interventions and 
solutions that will improve patient safety and the quality and 
outcomes of health care. This legislation amends the Public 
Health Service Act to establish protections that will foster 
voluntary reporting.
    This legislation will encourage ``providers'' (e.g., 
physicians, nurses, hospitals, nursing homes, and other health 
care providers) to report information on errors, incidents of 
``near misses'' and enhanced health care quality practices to 
organizations known as Patient Safety Organizations (PSO's). 
PSO's are organizations that collect and analyze ``patient 
safety data'' and provide feedback to providers on strategies 
to improve patient safety and quality of care, and that have 
been listed by the Department of Health and Human Services 
(HHS) as such. HHS maintains a network of databases to provide 
an interactive evidence-based management resource for 
providers, PSO's, and the public. Providers, PSO's, and others 
may voluntarily submit nonidentifiable patient safety data to a 
database(s) in the network. HHS, PSO's and providers may 
disseminate information on recommended interventions and best 
practices to other PSO's, providers and consumers to improve 
quality of care and enhance patient safety.
    The legislation grants an evidentiary privilege for 
information collected and developed by providers and PSO's 
through this voluntary reporting system. The privilege 
encompasses not only the report to the patient safety 
organization but also all aspects of the analysis of, and 
subsequent corrective actions related to, adverse events, 
medical errors, and ``near misses'' reported as patient safety 
data. It covers all deliberations, including oral and written 
communications, and work products that meet the requirements 
for patient safety data. This legislation also establishes 
confidentiality protections for this written and oral patient 
safety data to promote the reporting of medical errors. As a 
result, health care providers will be able to report and 
analyze medical errors, without fear that these reports will 
become public or be used in litigation. This nonpunitive 
environment will foster the sharing of medical error 
information that is a significant step in a process to improve 
the safety, quality, and outcomes of medical care.
    It is vital to note that these protections do not extend 
backward to underlying factual information contained within or 
referred to in patient safety data reported to a PSO. In other 
words, the adverse event or the medical error itself is not 
privileged; it is the analysis of and subsequent corrective 
actions related to the adverse event or medical errors that are 
privileged. The underlying information remains unprivileged and 
available for reporting to authorities under mandatory or 
voluntary reporting initiatives. In practice, however, 
information that an adverse event or medical error has occurred 
is available through other record keeping systems (such as the 
patient's medical record, nursing notes, billing information, 
insurance forms). Because such information of adverse events or 
medical errors is available or can be collected or developed 
independent of the reporting system contemplated by this 
legislation, these protections do not preempt current or 
preclude future Federal, State or local requirements for the 
reporting or disclosure of information that ensures 
accountability or furthers informed consumer choice (e.g., 
hospital-acquired infections, medical errors, adverse or 
sentinel health care events, and medical outcomes) other than 
patient safety data. These protections do not provide a basis 
for providers to refuse to comply with such reporting 
requirements simply because they have reported the same or 
similar information through the reporting system contemplated 
by this legislation nor do they preclude providers from 
voluntarily reporting such information pursuant to voluntary 
reporting initiatives. As long as there is another source of 
the information reported to the PSO--even if it is the same 
information as is reported--the protections in this legislation 
will not operate to prevent its release or disclosure because 
the information would come from the other sources, not from 
patient safety data. The legislation does not affect privileges 
or stronger confidentiality protections available under other 
law. The rules, for instance, which, in certain circumstances, 
require the Food and Drug Administration to protect the names 
of patients, providers, and reporters would, where applicable, 
continue to be in effect as they are now. This legislation 
recognizes and preserves the protection of confidential patient 
information under the Health Insurance Portability and 
Accountability Act of 1996. It requires HHS to develop or adopt 
voluntary national standards that promote the integration of 
health care information technology systems, requires a study to 
assess the impact of medical technologies on patient safety, 
and does not preempt other State and Federal peer review laws.
    This legislation recognizes that patient safety can best be 
improved by fostering efforts to identify and fix errors while 
ensuring that providers remain accountable for malpractice. 
Such a balance was envisioned in the 1999 Institute of Medicine 
(IOM) report, To Err is Human: Building a Safer Health System, 
and has been corroborated as responsive by numerous patient 
safety experts, the Department of Veterans Affairs, the Agency 
for Healthcare Research and Quality, and a broad base of 
medical and health care organizations. However, it is important 
to note that numerous analyses indicate that voluntary 
confidential reporting is but one part of a comprehensive 
program to improve patient care. While an important component 
of a program to improve health care quality, voluntary 
reporting alone will not be sufficient to eliminate the serious 
problem of medical errors that the Nation faces. This 
conclusion too is supported by numerous patient safety experts, 
the Department of Veterans Affairs, the Agency for Healthcare 
Research and Quality, and a broad base of medical and health 
care organizations. The committee notes that HHS has already 
undertaken a number of programs to address medical errors and 
improve quality.

           III. History of Legislation and Votes in Committee

    On March 26, 2003, Senator Jeffords, for himself and 
Senators Frist, Breaux and Gregg introduced S. 720 to provide 
for the improvement of patient safety and to reduce the 
incidence of events that adversely effect patient safety.
    On July 23, 2003, the committee held an executive session 
to consider S. 720. Senator Gregg for himself and Senator 
Jeffords offered a substitute amendment, as modified, that was 
considered as original text by the committee. The committee 
approved S. 720, as amended by unanimous vote.

              IV. Explanation of Bill and Committee Views

    1. Legal protections for patient safety data encourage 
reporting.
    This legislation provides broad confidentiality protections 
and legal privileges for patient safety data. The committee 
finds that broad protections are essential to encourage 
reporting. Currently, there are few incentives and many 
barriers for providers to collect and report information 
regarding patient safety. The primary barrier relates to 
concerns that information shared to promote patient safety 
would expose providers to liability. Unless this information 
can be freely shared, errors will continue to be hidden and 
errors will be repeated. A more open, nonpunitive learning 
environment is needed to encourage health care professionals 
and organizations to identify, analyze, and report errors 
without facing the threat of litigation and, at the same time, 
without compromising plaintiffs' legal rights or affecting 
existing and future public reporting initiatives with respect 
to the underlying data.
    This bill provides confidentiality and legal protections 
for patient safety data, which are defined as information 
collected or developed and reported to a patient safety 
organization within a reasonable period of time. The committee 
recognizes that the reasonableness of the time to report is 
contingent upon many factors, including the complexity of the 
facts and circumstances surrounding the analysis of a medical 
error. Nonetheless, the committee intends that a reasonable 
period of time be a period of 2 months or less from the 
collection or development of the patient safety data. This 
amount of time will allow providers to investigate and report 
pertinent information to the patient safety organization. The 
information qualifies as patient safety data during that period 
if it is collected or developed for reporting and is reported 
to the patient safety organization within the required time 
frame. The definition of patient safety data also includes 
``any deliberative work or process or oral communications with 
respect to any patient safety data* * * .'' (Section 
921(A)(ii)) Patient safety data would not be collected or 
developed in a vacuum, and accordingly the bill includes 
reports, records, memoranda analyses, oral and written 
statements and thought processes (or mental impressions) in the 
definition of patient safety data. For example, if an error 
occurs, a health care professional must first, at a minimum, 
evaluate what occurred so that relevant information is recorded 
in a manner that promotes analysis. Typically, relevant 
information would be reported on a ``data set'' or standard 
form (or computer form) used for reporting such information to 
a patient safety organization. It is likely that a standard 
form would be required by a patient safety organization so that 
only relevant information is collected. Mere inclusion in such 
a form is not sufficient to establish privilege under the 
definition of patient safety data. For example, data on 
hospital-acquired infections may be required to be reported to 
a State agency and later released to the public. If such data 
happens to be reported on a standard form for reporting to a 
PSO, it would not thereby be exempted from the requirement to 
be reported to the State agency if that State requires such 
reporting through a parallel but different process. However, 
analysis or discussion of the data that constituted patient 
safety data would be exempted.
    In addition to protecting the actual information that is 
submitted to the patient safety organization, it is essential 
to extend confidentiality and legal protections to any 
``deliberative work or process'' and ``oral or written 
communications'' utilized in generating a report to a patient 
safety organization. This bill includes such communications 
within the definition of patient safety data to allow for more 
accurate information to be transmitted to a patient safety 
organization. As the Institute of Medicine (IOM) stated in its 
1999 report, To Err is Human, ``The strongest legal protections 
would cover the entire chain of custody of the information from 
its initial generation to its ultimate use.''
    Patient safety data does not include information that is 
collected or developed and exists separately. For example, data 
and information that is contained in medical records, hospital 
claim or billing forms and facts of an adverse event (including 
oral and written statements not relating to the collection or 
development of patient safety data) cannot be shielded by being 
attached to patient safety data and sent to a patient safety 
organization. This means that medical information--including 
medical error information--that is currently available under a 
reporting requirement or initiative or that is available to a 
patient will continue to be available under this legislation. 
The bill also provides that patient safety data may be used in 
a criminal case if the court in camera finds that it contains 
evidence of certain intentional criminal acts. The legislation 
respects the discovery rights of plaintiffs in malpractice 
cases.
    Many States extend privilege and confidentiality 
protections to analyses of medical errors that take place 
within the hospital, without restricting the right of a 
plaintiff to other information, such as the medical record and 
related information as well as the right to depose all health 
care personnel involved in a patient's care regarding their 
knowledge at the time of the alleged malpractice. This bill 
follows a similar approach for the analysis and reporting of 
adverse events, medical errors, and ``near misses.'' As the IOM 
stated in To Err is Human, ``protecting data in a reporting 
system * * * does not mean that the plaintiff in a lawsuit 
could not try to obtain such information through other avenues 
if it is important in securing redress for harm; it just means 
that the plaintiff would not be assisted by the presence of a 
reporting system designed specifically for other purposes 
beneficial to society.'' Importantly, the bill does not alter 
existing rights or remedies available to injured patients. Laws 
that provide greater confidentiality or privilege protections 
are also not affected by this legislation.
    2. This legislation will not preempt Federal, State, or 
local law governing accountability for a health care 
professional's negligence, malfeasance, or criminal acts, or 
that requires the collection and reporting of underlying data 
on health care provider quality of care, other than patient 
safety data.
    In creating a nonpunitive and voluntary system for the 
reporting and analyses of events that have led or could lead to 
patient harm, the committee recognizes the importance of 
separate systems of laws, regulations, accreditation and 
licensing requirements that have been (or may in the future be) 
established for the purpose of maintaining accountability in 
the health care system. This legislation provides legal 
protections for specified patient safety data. It is separate 
from and independent of mandatory or voluntary reporting 
systems that have been or may be established under Federal, 
State or local law or regulation. Reporting an error or other 
incident under this new system will not limit or affect the 
reporting of information that is now or will in the future be 
required to be made under existing Federal, State, or local law 
to non-patient safety organizations. Information that must be 
reported under Federal, State or local reporting requirements 
(such as New York's incident reporting statute 10 NYCRR 
Sec. 405.8)--even when those laws or regulations require the 
reporting of the same or similar information regarding the type 
of events also reported through the system contemplated by this 
legislation--is not within the definition of patient safety 
data because it is not ``collected or developed * * * for 
reporting to a patient safety organization * * *'' (section 
921(2)(A)(i)(I)). Conversely, information covered under state 
reporting laws fall outside the definition of patient safety 
data because such information is ``collected or developed 
separately from and that exists separately from patient safety 
data * * *'' (section 921(2)(B)).
    There are numerous, well-established mechanisms by which 
individuals and entities in the health care system are held 
accountable. For example, criminal acts by providers that 
seriously harm patients must be reported under State laws. 
Hospitals and medical staffs must report such events to law 
enforcement authorities and hospital licensing laws generally 
require the reporting of such events as well as certain other 
reportable events to licensing boards or accreditation 
organizations. In addition to standard error event reporting 
(such as wrong site surgery, error in medication, and 
transfusion error), many States require reporting of adverse 
events such as suspected abuse of a patient, rape, infant 
abduction, unanticipated death not related to natural course of 
patient's illness, suicide of patient, and events that lead to 
patient harm. JCAHO's sentinel event policy includes an 
extensive list of adverse events that must be reported. State 
peer review statutes encourage health care professionals to 
evaluate care provided by the members of the medical staff and 
to take appropriate action. Moreover, medical staff bylaws 
typically provide for an immediate summary suspension of health 
care professionals in serious situations or other disciplinary 
action against health care professionals even when peer review 
activities are underway. Patient deaths are reportable to a 
medical examiner, who generally has the discretion to conduct 
an investigation of deaths. Impaired healthcare workers are 
reported to a designated professional regulatory agency or 
rehabilitation program pursuant to State licensing laws. 
Federal, State, and local agencies may investigate and 
prosecute individuals under their respective authorities. Many 
States have laws that require a healthcare worker to report to 
the authorities cases of suspected neglect or abuse, typically 
applicable to children and senior citizens. Further, the state 
and federal civil court systems are available to patients who 
are injured, or their survivors if the patient dies, due to 
negligence.
    In addition, a number of employer organizations have 
instituted (or are planning to institute) voluntary reporting 
initiatives for providers that participate in their networks. 
The operation of these legal requirements, or these voluntary 
initiatives, is not preempted by this legislation but may not 
afford the protections provided by this bill. This legislation 
conveys legal protection only on those communications that are 
sent to the PSO, or that the PSO prepares to send to a provider 
(and related communications and materials)--not to the 
underlying information contained within those communications 
that is obtainable from other records or sources.
    This legislation will not allow providers and patient 
safety organizations to hide information about a crime by 
reporting and analyzing the case using this system. The 
confidentiality and legal protections in this bill would in no 
way limit or affect the availability of any information or 
evidence that does not meet the statutory definition of patient 
safety data and is currently available under existing Federal, 
State, or local law (section 922(j)(2)). Furthermore, this bill 
specifically allows an exception to the confidentiality and 
legal protections for patient safety data in a criminal 
proceeding when a court makes an in camera determination that 
the data includes evidence of an intentional act to harm a 
patient (section 922(c)(1)). This bill specifically states that 
nothing in the bill would prohibit a provider from reporting a 
crime to law enforcement authorities (section 922(j)(5)).
    3. Patient Safety Organizations analyze patient safety data 
and provide recommendations, best practices and systems 
improvements to improve patient safety and quality of care.
    This legislation requires that information be reported to 
or developed by a Patient Safety Organization (PSO) to qualify 
as patient safety data. The primary purpose of a patient safety 
organization is to continually work to improve the quality and 
safety of care provided to patients. The breadth of data 
available to PSO's, that are expected to enter into contracts 
with multiple providers, will facilitate the identification and 
analysis of patterns of organization and behavior that can lead 
to errors. This broader, systemic perspective will provide an 
important complement to the quality and safety improvement 
initiatives of many health care providers and facilitate the 
type of ``shared learning'' envisioned by the IOM report. PSO's 
should provide guidance and direct feedback to the provider's 
analysis of adverse events, medical errors, and ``near misses'' 
(or a provider may contract with a PSO to undertake the initial 
analysis as well), undertake broader statistical pattern 
analyses drawing upon data from two or more providers, and 
assist health care professionals and organizations in 
identifying and/or undertaking quality improvement initiatives 
to minimize patient risk. A PSO may be a component of a larger 
organization, as long as the component meets the criteria set 
forth in the bill.
    Reporting an error or other incident under this new system 
will not limit or affect the reporting and disclosure of 
information that is not patient safety data and that is 
required to be made under existing or future Federal, State, or 
local mandatory public reporting systems, whether or not that 
organization also operates under this legislation as a patient 
safety organization. For example, a State health agency or a 
nongovernmental organization that collects and reports data 
under State law may continue to report or disclose information 
required by state law notwithstanding its designation and 
operation as a patient safety organization under this bill. The 
organization's collection and development, as a PSO, of patient 
safety data would not place protections as envisioned by this 
bill on nonpatient safety data handled by the organization for 
other purposes. The multiple functions of this organization 
under both this bill and Federal, State, or local law are to 
continue independently of each other.
    This legislation protects and encourages the sharing and 
dissemination of information about improving patient safety. It 
is the intent of this committee that interventions, protocols, 
information about best practices and systems improvements that 
are developed through the analysis of patient safety data be 
shared by providers and PSO's to enable patient safety 
improvements to occur throughout the health care delivery 
system. Toward this end, the Agency for Health Research and 
Quality (AHRQ) will maintain a network of databases of 
nonidentifiable data to provide an interactive evidence-based 
patient safety management resource for providers, PSO's, and 
the public.
    To allow the sharing of information to improve patient 
safety, the bill provides for protected disclosures of 
information (section 922(d)). For example, the bill permits 
PSOs to share patient safety data with other PSO's. It also 
permits providers or PSO's to use or disclose patient safety 
data in connection with providing treatment, improving patient 
safety, health care quality, administrative efficiency, or any 
other customary activity of the provider. Disclosures of 
information pursuant to this section do not waive the privilege 
or confidentiality of the patient safety data (section 922(g)) 
and the patient safety data continues to be privileged and 
confidential (section 922 (e)).
    The bill also permits other disclosures (section 922(c)). 
For example, patient safety data that does not identify the 
patient or the provider may be disclosed by a provider or a PSO 
on a voluntary basis (section 922(c)(3). This is the mechanism 
in the bill that allows disclosure of information to AHRQ, to 
nonhealthcare related entities, and to the public. For example, 
under this section, a PSO could release nonidentifiable 
information about best practices; aggregate data, such as 
infection rates; or aggregate trend data, such as a decline in 
a rate of wrong site surgery. In addition, a provider or PSO 
could publish case studies, methods used to analyze systems 
failures or factors that can help improve the quality of care.
    The use and disclosure under this section--including 
disclosure to the FDA (section 922(c)(2)) or to CDC (section 
922(c)(4))--removes the privilege and confidentiality 
protections for the information used or disclosed. However, the 
balance of the patient safety data, which remains at the 
provider or PSO, continues to be privileged and confidential 
(section 922(e)). Moreover, even though disclosure to FDA or 
CDC would remove the privilege and confidentiality protections 
created under this law for the data disclosed, other statutes 
and regulations governing confidential information disclosed to 
the Government may continue to protect such information from 
subsequent disclosure by FDA or CDC. In any event, this bill 
does not require any disclosure to FDA or to CDC (or to any 
other person). It is important to note that except in the case 
of patient safety data associated with an intentional criminal 
act (section 922(c)(1)), a PSO cannot be compelled to release 
any information, whether it is patient safety data or not, even 
if it has been voluntarily disclosed to others under sections 
922(c)(2)-(4). This allows PSO's to focus their efforts on 
quality improvement and patient safety.
    The bill permits a PSO to make voluntary disclosures on 
behalf of the provider. A provider may by contract with a PSO 
determine what disclosures may be made by the PSO. For example, 
a provider and PSO could agree by contract to distribute only 
aggregate nonidentifiable patient safety data. The bill does 
not affect any person's right to contract with respect to these 
issues.
    To enable the Agency for Healthcare Research and Quality 
(AHRQ) to advance the science of patient safety analysis and 
reporting and to meet its technical assistance requirements 
under the bill, providers and patient safety organizations are 
permitted to disclose patient safety data to grantees or 
contractors carrying out research, evaluation, or demonstration 
projects authorized by the Director. The committee intends for 
such disclosures to be provided only to the components of such 
entities that are actually carrying out the project in 
question. Such disclosures do not waive privilege or 
confidentiality and AHRQ grantees and contractors must observe 
the strict confidentiality safeguards provided under this 
title.
    4. Patient Safety Organizations are subject to an expedited 
certification process.
    The legislation provides an efficient, minimally burdensome 
certification process to help expedite implementation of a 
patient safety system. S. 720 requires an organization to 
certify that it intends to perform [certification]--or that it 
performs [recertification]--the activities required of a 
patient safety organization. The Secretary will list as PSO's 
those organizations that certify that they meet the required 
criteria.
    The Secretary may examine any organization at any time to 
see whether it in fact is performing those required activities. 
The PSO would be subject to Federal law that provides sanctions 
for false certification. Under the Federal False Claims Act, 
those operating PSO's would be subject to fines or imprisonment 
in a federal facility for up to 5 years. The committee believes 
that this process strikes the proper balance of ensuring that 
PSO's function as intended under S. 720 while ensuring that the 
patient safety process is not unduly delayed by requiring that 
the Secretary review the operations of each entity applying for 
recognition as a PSO.
    5. The system is voluntary and nonpunitive.
    As an acknowledgment of the necessity to have a nonpunitive 
environment, the bill contains ``whistle blower'' protections 
for those reporting patient safety data. This bill directly 
prohibits retaliation against an individual for making a report 
in good faith to the provider for reporting to the PSO or 
directly to the PSO, while still allowing employers the 
opportunity to initiate disciplinary actions for other 
permissible reasons. With respect to State employers, the 
privilege shall not attach to the patient safety data unless 
the employer consents to being subject to the legislation's 
whistle blower protections. For this voluntary reporting system 
to achieve its intended goal, its nonpunitive nature must 
extend not only to health care organizations but also to health 
care professionals and support staff.
    6. The Secretary establishes standards for healthcare data.
    The bill seeks to accelerate the pace of progress on 
healthcare data exchange standards for electronic medical 
records. Now, many providers are waiting to make significant 
investments in critical technology. One of the primary 
difficulties in establishing various information technology 
systems is the fear that a system will need to be completely 
replaced within a short period of time because it no longer has 
the appropriate specifications for interacting with government 
or other entities. Therefore, the bill directs the Secretary to 
develop or adopt voluntary standards to facilitate the 
development of the basic infrastructure, the National Health 
Information Infrastructure recommended by the National 
Committee on Vital and Health Statistics. In fulfilling this 
requirement, the committee intends for the Secretary to take 
into account existing standards and the ongoing activities of 
other-standard-setting bodies both within and outside the 
Federal Government.

                     V. Regulatory Impact Statement

    The committee has determined that there will be minimal 
increases in the regulatory burden imposed by this bill. The 
bill does not mandate any new reporting system but provides 
protection for data submitted to patient safety organizations 
(PSO) to prevent medical errors from occurring and improve 
quality of care for patients. Each PSO will certify to HHS that 
it performs the functions stated in S. 720 and must recertify 
every 3 years. The Secretary, on his own initiative, or on 
complaint, could examine the PSO to determine whether the PSO 
is in fact performing the required functions. HHS will also 
maintain a network of databases and provide technical 
assistance to PSO's to assist them with the certification 
process and with improving patient safety. Accordingly, the 
committee has determined that there will be minimal regulatory 
burden imposed with respect to the certification process.

            VI. Application of Law to the Legislative Branch

    Section 102(b)(3) of Public Law 104-1, the Congressional 
Accountability Act (CAA), requires a description of the 
application of this bill to the legislative branch. S. 720 
encourages a culture of safety and quality by providing for the 
legal protection of voluntarily reported patient safety data. 
Accordingly, the legislation limits permissible disclosures of 
patient safety data and provides no special exception for 
disclosure of identifiable patient safety data to the 
legislative branch. The legislation requires the Department of 
Health and Human Services to maintain a list of certified 
PSO's, which collect patient safety data from providers and 
provide strategic patient safety feedback to the providers. HHS 
is also required by the legislation to maintain a network of 
databases to provide an interactive evidence-based management 
resource for providers, patient safety organizations and the 
public; to develop or adopt voluntary national standards that 
promote the integration of health care information technology 
systems; and to assess the impact of medical technologies on 
patient safety. As such, it has no application to the 
legislative branch.

                           VII. Cost Estimate

                                     U.S. Congress,
                               Congressional Budget Office,
                                   Washington, DC, August 15, 2003.
Hon. Judd Gregg,
Chairman, Committee on Health, Education, Labor, and Pensions,
U.S. Senate, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for S. 720, the Patient 
Safety and Quality Improvement Act.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Chris 
Topoleski and Margaret Nowak.
            Sincerely,
                                       Douglas Holtz-Eakin,
                                                          Director.
    Enclosure.

S. 720--Patient Safety and Quality Improvement Act of 2003

    Summary: S. 720 would establish certification procedures 
for patient safety organizations (PSOs) and require the 
Secretary of Health and Human Services to maintain a list of 
certified PSOs, which collect patient safety data voluntarily 
submitted by health care providers for inclusion in a patient 
safety network of databases. The bill also would establish 
privacy protections and impose civil monetary penalties for 
violations of those protections. The bill would require the 
Secretary to report to the Congress on effective strategies for 
reducing medical errors and increasing patient safety.
    CBO estimates that implementing S. 720 would cost $4 
million in 2004 and $51 million over the 2004-2008 period, 
assuming the appropriation of the necessary amounts. CBO 
estimates that receipts from fines for violation of the privacy 
protections would amount to less than $500,000 a year.
    The bill would require the Secretary of Health and Human 
Services to develop methodologies for the collection of patient 
safety data and provide technical assistance to PSOs. In 
addition, the Secretary would develop voluntary national 
standards that promote the comparability of medical information 
technology systems.
    S. 720 would preempt state laws that govern the disclosure 
of information provided to patient safety organizations. While 
that preemption would be intergovernmental mandates as defined 
in the Unfunded Mandate Reform Act (UMRA), it would impose no 
requirements on states that would result in additional 
spending; thus, the threshold as established by UMRA would not 
be exceeded ($59 million in 2003, adjusted annually for 
inflation).
    The bill would impose a private-sector mandate on health 
care providers, as defined in UMRA, by not allowing them to use 
the fact that an employer reported patient safety data in an 
adverse employment action against the employee. This mandate 
would not have any direct cost, however, because patient safety 
data as defined in the bill does not exist under current law.
    Estimated cost to the Federal Government: The estimated 
cost of S. 720 is shown in the following table. The bill could 
also result in an increase in revenues from fines, but CBO 
estimates that any such increase would be less than $500,000 a 
year. The costs of this legislation fall within budget function 
550 (health).

----------------------------------------------------------------------------------------------------------------
                                                                       By fiscal year, in millions of dollars--
                                                                    --------------------------------------------
                                                                       2004     2005     2006     2007     2008
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Estimated Authorization Level......................................       12       13       12       13       13
Estimated Outlays..................................................        4        9       12       13       13
----------------------------------------------------------------------------------------------------------------

Basis of estimate

            Spending subject to appropriation
    S. 720 would expand the current duties of the Agency for 
Healthcare Research and Quality (AHRQ). Although not 
specifically named, the AHRQ is the most likely and appropriate 
agency within the Department of Health and Human Services to 
carry out the provisions of the bill. The new duties would 
include providing technical assistance to PSOs that have (or 
are developing) systems for reporting medical errors. AHRQ also 
would oversee the certification and listing of PSOs, which 
collect patient safety data from health care providers. (PSOs 
are private or public organizations that conduct activities to 
improve patient safety and the quality of health care 
delivery.) PSOs would not receive funding under this bill.
    In addition, the bill would require AHRQ to maintain a 
patient safety network of databases to collect, support, and 
coordinate the analysis of patient safety data that is reported 
on a voluntary basis. Based on information from AHRQ, CBO 
expects that these tasks would require increased staff for 
providing assistance to PSOs, oversight of PSOs, and collection 
and maintenance of the patient safety database. CBO estimates 
that the agency would need additional appropriations of $12 
million in 2004 and $63 million over the 2004-2008 period to 
carry out these responsibilities. We estimate that outlays 
would total $51 million over the 2004-2008 period, assuming the 
necessary amounts are appropriated. In 2004, we estimate that 
the agency would spend about $4 million, primarily on 
maintaining the patient safety database.
    The bill would require the Secretary to develop 
methodologies for collecting data on patient safety. In 
addition, S. 720 would require the Secretary to develop 
voluntary, national standards that promote the compatibility of 
health care information technology systems across all health 
care settings. CBO estimates that these efforts would cost less 
than $500,000 a year.
            Revenues
    Because those prosecuted and convicted for violation of the 
bill's privacy provisions could be subject to civil monetary 
penalties, the federal government might collect additional 
fines if the bill is enacted. Collections of civil fines are 
recorded in the budget as governmental receipts (i.e., 
revenues). CBO estimates that any additional receipts would be 
less than $500,000 a year.
    Estimated impact on State, local, and tribal governments: 
S. 720 would preempt any state freedom of information law or 
other laws governing civil or administrative procedure that 
require the disclosure of information provided by a health care 
provider to a certified patient safety organization. This 
preemption would be an intergovernmental mandate as defined in 
UMRA, because it would limit the application of those state 
laws. CBO estimates that this mandate would impose no 
requirement on states that would result in additional spending; 
thus, the threshold as established by UMRA would not be 
exceeded ($59 million in 2003, adjusted annually for 
inflation).
    Estimated impacted on the private sector: The bill would 
impose a private-sector mandate on health care providers, as 
defined in UMRA, by not allowing them to use the fact that an 
employee reported patient safety data in an adverse employment 
action against the employee. This mandate would not have any 
direct cost, however, because patient safety data as defined in 
the bill does not exist under current law.
    Previous CBO estimates: On March 3, 2003, CBO transmitted a 
cost estimate for H.R. 663, the Patient Safety Quality 
Improvement Act, as ordered reported by the House Committee on 
Energy and Commerce on February 12, 2003. CBO estimated that 
implementing the provisions of that bill would increase 
discretionary spending by $104 million over five years. The 
difference in the estimates for S. 720 and H.R. 663 is largely 
due to the grant program for establishing an electronic 
prescription program authorized by H.R. 663. In addition, H.R. 
663 would require the inclusion of a unique product identifier 
on packaging of a drug or biological product that is subject to 
regulation by the FDA. This provision, which would be a 
private-sector mandate, is not included in S. 720.
    On March 5, 2003, CBO transmitted a cost estimate for H.R. 
877, the Patient Safety Improvement Act, as ordered reported by 
the House Committee on Ways and Means on February 27, 2003. CBO 
estimated that implementing the provisions of that bill would 
increase direct spending by $59 million and increase 
discretionary spending by $4 million over five years. The 
difference in the estimates for S. 720 and H.R. 877 is largely 
due to the provision in H.R. 877 that would establish the 
Medical Information Technology Board to provide recommendations 
regarding medical information technology.
    Estimate prepared by: Federal costs: Margaret Nowak and 
Chris Topoleski; Impact on State, local, and tribal 
governments: Leo Lex; Impact on the private sector: Dan 
Wilmoth.
    Estimate approved by: Peter H. Fontaine Deputy Assistant 
Director for Budget Analysis.

                   VIII. Section-by-Section Analysis

    The bill amends title IX of the Public Health Service Act 
to provide for the improvement of patient safety and to reduce 
the incidence of events that adversely effect patient safety.

Sec. 1. Short title

    Section 1 entitles the Act the ``Patient Safety and Quality 
Improvement Act of 2003.''

Sec. 2. Findings and purpose

    Establishes a series of findings, which point to the 
critical need for confidentiality and legal protections with 
respect to information reported for the purposes of quality 
improvement and patient safety. Specifies that the primary 
purpose of the bill is to encourage a culture of safety and 
quality in the health care system by providing for the legal 
protection of information reported voluntarily for the purposes 
of quality improvement and patient safety, and ensure 
accountability by raising standards and expectations for 
continuous quality improvements in patient safety.

Sec. 3. Amendments to Public Health Service Act

    Amends title IX of the Public Health Service Act (42 U.S.C. 
299 et seq.) by redesignating part C as part D, redesignating 
section 921 through 928 as section 931 through 938, and 
inserting the following sections under new Part C:
    Section 921. Definitions.
    Section 921(1): Defines the term ``non-identifiable'' as 
information presented in a form and manner that prevents 
identification of a provider, a patient or a reporter of 
patient safety data.
    Section 921(2): Defines ``Patient Safety Data'' as any 
data, reports, records, memoranda, analyses (such as root cause 
analyses), or statements that could result in improved patient 
safety, quality, or outcomes that are collected or developed by 
a ``provider'' for reporting to a PSO and are reported within a 
reasonable period of time, requested by a PSO, reported to a 
provider by a PSO, or collected from a provider or PSO or 
developed by PSO. The definition includes any deliberative work 
or process or oral communication with respect to patient safety 
data. Patient safety data does not include information that is 
collected or developed and exists separately from Patient 
Safety Data (such as, medical records and copies of 
``separate'' information).
    Section 921(3): Defines ``Patient Safety Organization'' as 
a public or private organization or component thereof that is 
listed by the Secretary as a patient safety organization, after 
the submission of a certification pursuant to section 924 (c). 
A PSO will (A) conduct, as its primary activity, efforts to 
improve patient safety and the quality of health care delivery; 
(B) collection and analysis of ``patient safety data'' that are 
submitted by more than one provider; (C) the development and 
dissemination of information to providers to improve patient 
safety; (D) utilization of ``patient safety data'' to encourage 
a culture of safety and providing direct feedback and 
assistance to providers to minimize patient risk; (E) 
maintenance of procedures to preserve confidentiality of 
patient safety data, and (F) provision of security measures for 
``patient safety data.''
    Section 921(4): ``Provider'' is broadly defined as a person 
licensed or otherwise authorized under state law to provide 
health care services. Includes physicians, physician offices, 
hospitals, nurses, nursing facilities, pharmacists, pharmacies, 
home health agencies, hospice, ambulatory surgical centers, 
long term care facilities, clinical laboratories, 
psychologists, or any other person specified in regulations 
promulgated by the Secretary.
    Section 922. Privilege and Confidentiality Protections.
    Section 922(a): Patient Safety Data is privileged and shall 
not be: subject to a federal, state, or local civil, criminal, 
or administrative subpoena; subject to discovery in a federal, 
state, or local civil, criminal, or administrative proceeding; 
disclosed pursuant to the Freedom of Information Act (FOIA); 
admitted as evidence or disclosed in a federal, state, or local 
civil, criminal, or administrative proceeding; or utilized in a 
disciplinary proceeding against a provider.
    Section 922(b): Patient safety data shall be confidential 
and shall not be disclosed, except as set forth in paragraphs 
(c) and (d).
    Section 922(c): The following disclosures and uses are 
allowed: disclosure of relevant patient safety data by a 
provider or PSO for use in a criminal proceeding only after a 
court makes an in camera determination that such data contains 
evidence of an intentional act to directly harm a patient; 
voluntary disclosure by provider or PSO to the FDA or a person 
subject to the FDA's jurisdiction regarding a FDA-regulated 
product or activity; voluntary disclosures by provider to CDC 
for public health surveillance, investigation, or other public 
activities; and voluntary disclosure by provider or PSO of non-
identifiable data.
    Section 922(d): The following disclosures are also allowed: 
disclosure by a provider or PSO to carry out the activities of 
the PSO; use or disclosure by a provider or PSO in connection 
with providing treatment, improving patient safety, health care 
quality or administrative efficiency, or other customary 
activity of the provider or in obtaining payment; disclosure 
among PSOs; disclosure by provider or PSO to grantees or 
contractors carrying out patient safety research, evaluation, 
or demonstration projects authorized by the Director; and 
disclosure by a provider to an accrediting body that accredits 
that provider.
    Section 922(e): Patient safety data used or disclosed in 
accordance with section 922(d) shall continue to be privileged 
and confidential in accordance with sections 922(a) and (b) and 
shall not be disclosed by an entity that possessed such 
information before such use or disclosure, or by an entity to 
which the information was disclosed, unless such additional 
disclosure is permitted under section 922(d).
    Section 922(f): Except as provided in section 922(c), no 
action may be brought or process served against a patient 
safety organization to compel disclosure of information 
collected or developed under this part whether or not such 
information is patient safety data. An accrediting body may not 
require a provider to reveal its communications with a PSO.
    Section 922(g): Except with respect to the specific patient 
safety data that is used or disclosed, disclosure under 
sections 922(c) and 922(d) is not treated as a waiver of any 
privilege or protection, nor are protections waived when 
patient safety data is inadvertently disclosed.
    Section 922(h): A provider may not take an adverse 
employment action against an individual based upon the fact 
that the individual in good faith reported information to the 
provider with the intention of having the information reported 
to a PSO or directly to a PSO.
    Section 922(i): Civil monetary penalty up to $10,000 may be 
imposed for a negligent or intentional disclosure of patient 
safety data. State employers must consent to being subject to 
such penalties to invoke the privileges provided by this 
legislation. If the disclosure was in violation of HIPAA, then 
the HIPAA penalties apply instead of the civil monetary penalty 
under this Act. A civil action may be brought by any aggrieved 
individual to enjoin any act or practice that violates section 
922(h) and to obtain other appropriate equitable relief 
(including reinstatement, back pay, and restoration of 
benefits) to redress such violation.
    Section 922(j): This legislation does not: limit other 
privileges and confidentiality protections available under 
federal, state, or local laws that provide greater protection; 
limit, alter, or affect the requirements of federal, state, or 
local law pertaining to patient-related data that is not 
privileged or confidential under this Title; affect the health 
information privacy provisions under HIPAA; limit the authority 
of any provider, PSO, or other person to enter into a contract 
requiring greater confidentiality protections than provided in 
this Title or delegating authority to make a disclosure or use 
in accordance with the Title; or prohibit a provider from 
reporting a crime to law enforcement authorities.
    Section 923. Patient Safety Network of Databases.
    The Secretary shall maintain a network of databases that 
provides an interactive evidence-based management resource for 
providers, PSOs, and others. Providers, PSOs, and others may 
voluntarily submit non-identifiable patient safety data to a 
database(s) in the network. The Secretary may also determine 
common formats for the reporting to the patient safety network 
of databases of non-identifiable patient safety data, including 
necessary data elements, common and consistent definitions, and 
a standardized computer interface for the processing of such 
data.
    Section 924. Patient Safety Organization Certification and 
Listing.
    A PSO must certify to the Secretary that it satisfies the 
criteria in the definition of PSO. A PSO may receive initial 
certification without meeting the activity of collecting and 
analyzing patient safety data submitted by more than one 
provider, but must file supplemental certification within 2 
years that the PSO performs such activity. The Secretary shall 
notify a PSO if its certification is accepted or will provide 
the reasons for non-acceptance. The Secretary must compile and 
maintain a current list of certified PSOs. The Secretary may 
revoke a PSOs certification after notice and hearing, must 
publish a notice of revocation in Federal Register, and require 
the PSO to notify providers of revocation. Certification 
expires after 3 years and may be renewed. Patient safety data 
held by a PSO that loses its certification remains privileged 
and confidential. If the Secretary removes an organization from 
the PSO listing--due to revocation of certification or because 
the PSO has ceased operation for any reason--the decertified 
PSO must transfer patient safety data to another certified PSO, 
return the data to the provider, or destroy the data if 
returning the data is not practicable.
    Section 925. Technical Assistance.
    AHRQ may provide technical assistance to PSOs, including 
convening meetings to discuss methodology, communication, data 
collection, or privacy concerns.
    Section 926. Promoting the Interoperability of Health Care 
Information Technology Systems.
    Within 3 years, HHS must develop or adopt (and review and 
periodically update) voluntary national standards that promote 
the integration of health care information technology systems.
    Section 927. Authorization of Appropriations.
    Authorizes for appropriations such sums as necessary.

Sec. 4. Studies and reports

    Requires the Secretary to contract with a research 
organization to assess the impact of medical technologies and 
therapies on patient safety, patient benefit, health care 
quality, cost of care, and productivity growth. The Secretary 
must report the results to Congress within 18 months.

       IX. ADDITIONAL VIEWS OF SENATORS KENNEDY, DODD AND CLINTON

    The signatories of these ``Additional Views'' fully support 
the goal of establishing a voluntary national patient safety 
reporting program with a legal privilege to adhere to any 
information newly created for that program. Such a program 
would be the first step in a comprehensive effort to reduce 
errors and enhance the quality of health care. The signatories 
believe, however, that enhanced use of information technology 
should be an integral part of any effort to improve health care 
quality and reduce errors.
    Improved use of information technology (IT) is an integral 
part of reducing medical errors and improving patient care. 
Over one million serious medication errors are made in American 
hospitals every year, resulting in over 7,000 deaths. The 
economic costs of medication errors are also staggering. Each 
serious medication error adds $2,000 to the cost of a hospital 
stay. The total cost of medication errors is over $2 billion 
annually.
    Dramatic decreases in medication errors are seen 
consistently when computerized systems are installed and used. 
To cite but a few examples, use of a computerized prescription 
order entry system was shown to reduce hospital length of stay 
by 0.89 days per patient and to reduce costs by 12.7%, 
according to a study by Tierney and colleagues published in the 
Journal of the American Medical Association.
    In a study of a computerized prescription order entry 
system for patients with infectious disease, Evans and 
colleagues found that use of the system reduced by 76% 
prescriptions of drugs to which patients were allergic, reduced 
excess drug dosages by 78% and reduced adverse reactions by 
86%. The same study showed that the system reduced the cost per 
patient of drugs prescribed by over 75% and reduced hospital 
costs per patient by 41%.
    Computerized records also allow doctors to look at a 
patient's entire medical records at once--making proper care 
coordination a real possibility. According to the Institute of 
Medicine, ``Health information is dispersed in a collection of 
paper records that are poorly organized and often illegible, 
and frequently cannot be retrieved in a timely fashion, making 
it nearly impossible to manage many forms of chronic illness 
that require frequent monitoring and ongoing patient support.'' 
IT systems can transform this sorry state of affairs and help 
patients get the type of coordinated care they need. The 
Institute of Medicine, in its recent report Leadership by 
Example, concluded that, ``the Federal government should take 
steps immediately to encourage and facilitate the development 
of information technology infrastructure that is critical to 
health care quality and safety enhancement.''
    IT also enables the provision of health quality information 
to providers, purchasers, and consumers. Certain model 
information technologies, such as the personal health record, 
which is an electronic medical record that patients can access, 
append to, and share with their providers, build in the concept 
of informing consumers to improve health quality and encourage 
informed patient choice and decisionmaking.
    Average IT spending per employee per year among all U.S. 
industries is nearly $7,000 per year, and the banking sector 
spends almost $125,000 per employee. Yet health care invests 
only $3000 per employee per year on IT. Despite evidence that 
greater investments could yield monetary returns for society at 
large, as well as individual providers, the health care 
providers have been slow to adopt.
    The signatories of these views strongly believe that the 
federal government should assist the health care sector in 
enhancing its use of IT. We believe that IT is inherently a 
patient safety issue, and therefore that this legislation is an 
appropriate vehicle for IT provisions. However, we are willing 
to work with Chairman Gregg and other members of the Committee 
to ensure that this issue is addressed soon.

                                   Ted Kennedy.
                                   Hillary Rodham Clinton.
                                   Christopher J. Dodd.

                       X. Changes in Existing Law

    In compliance with rule XXVI paragraph 12 of the Standing 
Rules of the Senate, the following provides a print of the 
statute or the part or section thereof to be amended or 
replaced (existing law proposed to be omitted is enclosed in 
black brackets, new matter is printed in italic, existing law 
in which no change is proposed is shown in roman):

PUBLIC HEALTH SERVICE ACT

           *       *       *       *       *       *       *


          TITLE IX--AGENCY FOR HEALTHCARE RESEARCH AND QUALITY

                PART A--ESTABLISHMENT AND GENERAL DUTIES

SEC. 901. MISSION AND DUTIES.

    (a) In General.--* * *

           *       *       *       *       *       *       *


                PART B--HEALTH CARE IMPROVEMENT RESEARCH

SEC. 911. HEALTH CARE OUTCOME IMPROVEMENT RESEARCH.

    (a) Evidence Rating Systems.--* * *

           *       *       *       *       *       *       *


SEC. 912. PRIVATE-PUBLIC PARTNERSHIPS TO IMPROVE ORGANIZATION AND 
                    DELIVERY.

    (a) Support for Efforts To Develop Information on 
Quality.--
          (1) Scientific and technical support.--* * *

           *       *       *       *       *       *       *

    (c) Reducing Errors in Medicine.--The Director, in 
accordance with part C, shall conduct and support research and 
build private-public partnerships to--

                   PART C--PATIENT SAFETY IMPROVEMENT

SEC. 921. DEFINITIONS.

    In this part:
          (1) Non-identifiable information.--
                  (A) In general.--The term ``non-identifiable 
                information'' means information that is 
                presented in a form and manner that prevents 
                the identification of a provider, a patient, or 
                a reporter of patient safety data.
                  (B) Identifiability of patient.--For purposes 
                of subparagraph (A), the term ``presented in a 
                form and manner that prevents the 
                identification of a patient'' means, with 
                respect to information that has been subject to 
                rules promulgated pursuant to section 264(c) of 
                Health Insurance Portability and Accountability 
                Act of 1996 (42 U.S.C. 1320d-2 note), that the 
                information has been de-identified so that it 
                is no longer individually identifiable health 
                information as defined in such rules.
          (2) Patient safety data.--
                  (A) In general.--The term ``patient safety 
                data'' means--
                          (i) any data, reports, records, 
                        memoranda, analyses (such as root cause 
                        analyses), or statements that could 
                        result in improved patient safety or 
                        health care quality or health care 
                        outcomes, that are--
                                  (I) collected or developed by 
                                a provider for reporting to a 
                                patient safety organization, 
                                provided that they are reported 
                                to the patient safety 
                                organization within a 
                                reasonable period of time;
                                  (II) requested by a patient 
                                safety organization (including 
                                the contents of such request);
                                  (III) reported to a provider 
                                by a patient safety 
                                organization; or
                                  (IV) collected from a 
                                provider or patient safety 
                                organization or developed by a 
                                patient safety organization; or
                          (ii) any deliberative work or process 
                        or oral communications with respect to 
                        any patient safety data described in 
                        clause (i).
                  (B) Limitation.--The term ``patient safety 
                data'' shall not include information (including 
                a patient's medical record) that is collected 
                or developed separately from and that exists 
                separately from patient safety data. Such 
                separate information or a copy thereof 
                submitted to a patient safety organization 
                shall not itself be considered as patient 
                safety data.
          (3) Patient safety organization.--The term ``patient 
        safety organization'' means a private or public 
        organization or component thereof that performs all of 
        the following activities (which are deemed to be 
        necessary for the proper management and administration 
        of such organization or component thereof), and that is 
        currently listed by the Secretary as a patient safety 
        organization pursuant to section 924(c):
                  (A) The conduct, as its primary activity, of 
                efforts to improve patient safety and the 
                quality of health care delivery.
                  (B) The collection and analysis of patient 
                safety data that are submitted by more than one 
                provider.
                  (C) The development and dissemination of 
                information to providers with respect to 
                improving patient safety, such as 
                recommendations, protocols, or information 
                regarding best practices.
                  (D) The utilization of patient safety data 
                for the purposes of encouraging a culture of 
                safety and of providing direct feedback and 
                assistance to providers to effectively minimize 
                patient risk.
                  (E) The maintenance of a process to preserve 
                confidentiality with respect to the information 
                that is not non-identifiable.
                  (F) The provision of appropriate security 
                measures with respect to patient safety data.
                  (G) The submittal to the Secretary of a 
                certification pursuant to section 924.
          (4) Provider.--The term ``provider'' means--
                  (A) a person licensed or otherwise authorized 
                under State law to provide health care 
                services, including--
                          (i) a hospital, nursing facility, 
                        comprehensive outpatient rehabilitation 
                        facility, home health agency, hospice 
                        program, renal dialysis facility, 
                        ambulatory surgical center, pharmacy, 
                        physician or health care practitioner's 
                        office, long term care facility, 
                        behavior health residential treatment 
                        facility, clinical laboratory, or 
                        health center; or
                          (ii) a physician, physician 
                        assistant, nurse practitioner, clinical 
                        nurse specialist, certified registered 
                        nurse anesthetist, certified nurse 
                        midwife, psychologist, certified social 
                        worker, registered dietition or 
                        nutrition professional, physical or 
                        occupational therapist, pharmacist, or 
                        other individual health care 
                        practitioner; or
                  (B) any other person specified in regulations 
                promulgated by the Secretary.

SEC. 922. PRIVILEGE AND CONFIDENTIALITY PROTECTIONS.

    (a) Privilege.--Notwithstanding any other provision of 
Federal, State, or local law, patient safety data shall be 
privileged and, subject to the provisions of subsection (c), 
shall not be--
          (1) subject to a Federal, State, or local civil, 
        criminal, or administrative subpoena;
          (2) subject to discovery in connection with a 
        Federal, State, or local civil, criminal, or 
        administrative proceeding;
          (3) disclosed pursuant to section 552 of title 5, 
        United States Code (commonly known as the Freedom of 
        Information Act) or any other similar Federal, State, 
        or local law;
          (4) admitted as evidence or otherwise disclosed in 
        any Federal, State, or local civil, criminal, or 
        administrative proceeding; or
          (5) utilized in a disciplinary proceeding against a 
        provider.
    (b) Confidentiality.--Notwithstanding any other provision 
of Federal, State, or local law, and subject to the provisions 
of subsections (c) and (d), patient safety data shall be 
confidential and shall not be disclosed.
    (c) Exceptions to Privilege and Confidentiality.--Nothing 
in this section shall be construed to prohibit one or more of 
the following uses or disclosures:
          (1) Disclosure by a provider or patient safety 
        organization of relevant patient safety data for use in 
        a criminal proceeding only after a court makes an in 
        camera determination that such patient safety data 
        contains evidence of an intentional act to directly 
        harm the patient.
          (2) Voluntary disclosure by a provider or patient 
        safety organization of information to the Food and Drug 
        Administration, or to a person that is subject to the 
        jurisdiction of the Food and Drug Administration, with 
        respect to a Food and Drug Administration-regulated 
        product or activity for which that entity has 
        responsibility, for the purposes of activities related 
        to the quality, safety, or effectiveness of a Food and 
        Drug Administration-regulated product or activity or a 
        Food and Drug Administration proceeding.
          (3) Voluntary disclosure of non-identifiable patient 
        safety data by a provider or a provider patient safety 
        organization.
          (4) Voluntary disclosure by a provider of patient 
        safety data to the Centers for Disease Control and 
        Prevention for public health surveillance, 
        investigation, or other public health activities.
    (d) Protected Disclosure and Use of Information.--Nothing 
in this section shall be construed to prohibit one or more of 
the following uses or disclosures:
          (1) Disclosure by a provider or patient safety 
        organization of information to which subsections (a) or 
        (b) applies to carry out activities described in 
        paragraph (2) or (3) of section 921.
          (2) Use or disclosure by a provider or patient safety 
        organization of patient safety data in connection with 
        providing treatment, improving patient safety, health 
        care quality or administrative efficiency, or any other 
        customary activity of the provider or in obtaining 
        payment.
          (3) Disclosure of patient safety data among patient 
        safety organizations.
          (4) Disclosure of patient safety data by a provider 
        or patient safety organization to grantees or 
        contractors carrying out patient safety research, 
        evaluation, or demonstration projects authorized by the 
        Director.
          (5) Disclosure of patient safety data by a provider 
        to an accrediting body that accredits that provider.
    (e) Continued Protection of Information.--Patient safety 
data used or disclosed in accordance with subsection (d) shall 
continue to be privileged and confidential in accordance with 
subsections (a) and (b) and shall not be disclosed--
          (1) by an entity that possessed such information 
        before such use or disclosure; or
          (2) by an entity to which the information was 
        disclosed;
unless such additional disclosure is permitted under subsection 
(d).
    (f) Limitation on Actions.--
          (1) Patient safety organizations.--Except as provided 
        in subsection (c), no action may be brought or process 
        served against a patient safety organization to compel 
        disclosure of information collected or developed under 
        this part whether or not such information is patient 
        safety data.
          (2) Providers.--An accrediting body shall not take an 
        accrediting action against a provider based on the good 
        faith participation of the provider in the collection, 
        development, reporting, or maintenance of patient 
        safety data in accordance with this part. An 
        accrediting body may not require a provider to reveal 
        its communications with any patient safety organization 
        established in accordance with this part.
    (g) Disclosure or Use of Information.--
          (1) In general.--Except with respect to the specific 
        patient safety data that is used or disclosed, the 
        disclosure or use of any patient safety data in 
        accordance with subsection (c) or (d) shall not be 
        treated as a waiver of any privilege or protection 
        established under this part.
          (2) Inadvertent disclosure or use.--The inadvertent 
        disclosure or use of patient safety data shall not 
        waive any privilege or protection established under 
        this part with respect to such data.
    (h) Reporter Protection.--
          (1) In general.--A provider may not take an adverse 
        employment action, as described in paragraph (2), 
        against an individual based upon the fact that the 
        individual in good faith reported information--
                  (A) to the provider with the intention of 
                having the information reported to a patient 
                safety organization; or
                  (B) directly to a patient safety 
                organization.
          (2) Adverse employment action.--For purposes of this 
        subsection, an ``adverse employment action'' includes--
                  (A) loss of employment, the failure to 
                promote an individual, or the failure to 
                provide any other employment-related benefit 
                for which the individual would otherwise be 
                eligible; or
                  (B) an adverse evaluation or decision made in 
                relation to accreditation, certification, 
                credentialing, or licensing of the individual.
    (i) Enforcement.--
          (1) Prohibition.--Except as provided in subsections 
        (c) and (d) and as otherwise provided for in this 
        section, it shall be unlawful for any person to 
        negligently or intentionally disclose any patient 
        safety data described in subsection (a) and any such 
        person shall, upon adjudication, be assessed in 
        accordance with section 934(d).
          (2) Relation to hipaa.--The penalty provided for 
        under paragraph (1) shall not apply if the defendant 
        would otherwise be subject to a penalty under the 
        regulations promulgated under section 264(c) of the 
        Health Insurance Portability and Accountability Act of 
        1996 (42 U.S.C. 1320d-2 note) or under section 1176 of 
        the Social Security Act (42 U.S.C. 1320d-5) for the 
        same disclosure.
          (3) Equitable relief.--Without limiting remedies 
        available to other parties, a civil action may be 
        brought by any aggrieved individual to enjoin any act 
        or practice that violates subsection (h) and to obtain 
        other appropriate equitable relief (including 
        reinstatement, back pay, and restoration of benefits) 
        to redress such violation.
          (4) Actions against state employees.--Notwithstanding 
        subsection (a), with respect to a State employer, the 
        privilege described in such subsection shall not apply 
        to such employer unless the employer consents, in 
        advance, to be subject to a civil action under 
        paragraph (3).
    (j) Rule of Construction.--Nothing in this section shall be 
construed to--
          (1) limit other privileges that are available under 
        Federal, State, or local laws that provide greater 
        confidentiality protections or privileges than the 
        privilege and confidentiality protections provided for 
        in this section;
          (2) limit, alter, or affect the requirements of 
        Federal, State, or local law pertaining to patient-
        related data that is not privileged or confidential 
        under this section;
          (3) alter or affect the implementation of any 
        provision of section 264(c) of the Health Insurance 
        Portability and Accountability Act of 1996 (Public Law 
        104-191; 110 Stat. 2033), section 1176 of the Social 
        Security Act (42 U.S.C. 1320d-5), or any regulation 
        promulgated under such sections;
          (4) limit the authority of any provider, patient 
        safety organization, or other person to enter into a 
        contract requiring greater confidentiality or 
        delegating authority to make a disclosure or use in 
        accordance with subsection (c) or (d); and
          (5) prohibit a provider from reporting crime to law 
        enforcement authorities.

SEC. 923. PATIENT SAFETY NETWORK OF DATABASES.

    (a) In General.--The Secretary shall maintain a patient 
safety network of databases that provides an interactive 
evidence-based management resource for providers, patient 
safety organizations, and other persons. The network of 
databases shall have the capacity to accept, aggregate, and 
analyze nonidentifiable patient safety data voluntarily 
reported by patient safety organizations, providers, or other 
persons.
    (b) Network of Database Standards.--The Secretary may 
determine common formats for the reporting to the patient 
safety network of databases maintained under subsection (a) of 
nonidentifiable patient safety data, including necessary data 
elements, common and consistent definitions, and a standardized 
computer interface for the processing of such data. To the 
extent practicable, such standards shall be consistent with the 
administrative simplification provisions of Part C of title XI 
of the Social Security Act.

SEC. 924. PATIENT SAFETY ORGANIZATION CERTIFICATION AND LISTING.

    (a) Certification.--
          (1) Initial Certification.--Except as provided in 
        paragraph (2), an entity that seeks to be a patient 
        safety organization shall submit an initial 
        certification to the Secretary that the entity intends 
        to perform the activities described in subparagraphs 
        (A) through (F) of section 921(3).
          (2) Delayed certification of collection from more 
        than one provider.--An entity that seeks to be a 
        patient safety organization may--
                  (A) submit an initial certification that it 
                intends to perform the activities described in 
                subparagraph (A) through (F) of section 921(3) 
                other than the activities described in 
                subparagraph (B) of such section; and
                  (B) within 2 years of submitting the initial 
                certification under subparagraph (A), submit a 
                supplemental certification that it performs the 
                activities described in section 921(3)(B).
          (3) Expiration and renewal.--
                  (A) Expiration.--An initial certification 
                under paragraph (1) or (2)(A) shall expire on 
                the date that is 3 years after it is submitted.
                  (B) Renewal.--
                          (i) In general.--An entity that seeks 
                        to remain a patient safety organization 
                        after the expiration of an initial 
                        certification under paragraph (1) or 
                        (2)(A) shall, within the 3-year period 
                        described in subparagraph (A), submit a 
                        renewal certification to the Secretary 
                        that the entity satisfies the criteria 
                        described in subparagraphs (A) through 
                        (F) of section 921(3).
                          (ii) Term of renewal.--A renewal 
                        certification under clause (i) shall 
                        expire on the date that is 3 years 
                        after that date on which it is 
                        submitted, and may be renewed in the 
                        same manner as an initial 
                        certification.
    (b) Acceptance of Certification.--Upon the submission by an 
organization of an initial certification pursuant to subsection 
(a)(1) or (a)(2)(A), a supplemental certification pursuant to 
subsection (a)(2)(B), or a renewal certification pursuant to 
subsection (a)(3)(B), the Secretary shall review such 
certification and--
          (1) if such certification meets the requirements of 
        subsection (a)(1) or (a)(2)(A), (a)(2)(B), or 
        (a)(3)(B), as applicable, the Secretary shall notify 
        the organization that such certification is accepted; 
        or
          (2) if such certification does not meet such 
        requirements, as applicable, the Secretary shall notify 
        the organization that such certification is not 
        accepted and the reasons therefore.
    (c) Listing.--
          (1) In general.--Except as otherwise provided in this 
        subsection, the Secretary shall compile and maintain a 
        current listing of patient safety organizations with 
        respect to which the Secretary has accepted a 
        certification pursuant to subsection (b).
          (2) Removal from listing.--The Secretary shall remove 
        from the listing under paragraph (1)--
                  (A) an entity with respect to which the 
                Secretary has accepted an initial certification 
                pursuant to subsection (a)(2)(A) and which does 
                not submit a supplemental certification 
                pursuant to subsection (a)(2)(B) that is 
                accepted by the Secretary;
                  (B) an entity whose certification expires and 
                which does not submit a renewal application 
                that is accepted by the Secretary; and
                  (C) an entity with respect to which the 
                Secretary revokes the Secretary's acceptance of 
                the entity's certification, pursuant to 
                subsection (d).
    (d) Revocation of Acceptance.--
          (1) In general.--Except as provided in paragraph (2), 
        if the Secretary determines that a patient safety 
        organization does not perform any activity described in 
        subparagraphs (a) through (f) of section 921(3), the 
        Secretary may, after notice and an opportunity for a 
        hearing, revoke the Secretary's acceptance of the 
        certification of such organization.
          (2) Delayed certification of collection from more 
        than one provider.--A revocation under paragraph (1) 
        may not be based on a determination that the 
        organization does not perform the activity described in 
        section 921(3)(B) if--
                  (A) the listing of the organization is based 
                on its submittal of an initial certification 
                under subsection (a)(2)(A);
                  (B) the organization has not submitted a 
                supplemental certification under subsection 
                (a)(2)(B); and
                  (C) the 2-year period described in subsection 
                (a)(2)(B) has not expired.
    (e) Notification of Revocation or Removal from Listing.--
          (1) Supplying confirmation of notification to 
        providers.--Within 15 days of a revocation under 
        subsection (d)(1), a patient safety organization shall 
        submit to the Secretary a confirmation that the 
        organization has taken all reasonable actions to notify 
        each provider whose patient safety data is collected or 
        analyzed by the organization of such revocation.
          (2) Publication.--Upon the revocation of an 
        acceptance of an organization's certification under 
        subsection (d)(1), or upon the removal of an 
        organization from the listing under subsection (c)(2), 
        the Secretary shall publish notice of the revocation or 
        removal in the Federal Register.
    (f) Status of Data After Removal From Listing.--
          (1) New data.--With respect to the privilege and 
        confidentiality protections described in section 922, 
        data submitted to an organization within 30 days after 
        the organization is removed from the listing under 
        subsection (c)(2) shall have the same status as data 
        submitted while the organization was still listed.
          (2) Protection to continue to apply.--If the 
        privilege and confidentiality protections described in 
        section 922 applied to data while an organization was 
        listed, or during the 30-day period described in 
        paragraph (1), such protections shall continue to apply 
        to such data after the organization is removed from the 
        listing under subsection (c)(2).
    (g) Disposition of Data.--If the Secretary revokes the 
acceptance of an organization's certification under subsection 
(d)(1) and removes the organization from the listing as 
provided for in subsection (c)(2), with respect to the patient 
safety data that the organization received from providers, the 
organization shall--
          (1) with the approval of the provider and another 
        patient safety organization, transfer such data to such 
        other organization;
          (2) return such data to the provider of that patient 
        safety data; or
          (3) if returning such data to the provider is not 
        practicable, destroy such data.

SEC. 925. TECHNICAL ASSISTANCE.

    The Secretary, acting through the Director, may provide 
technical assistance to patient safety organizations, including 
annual meetings for patient safety organizations to discuss 
methodology, communication, data collection, or privacy 
concerns.

SEC. 926. PROMOTING THE INTEROPERABILITY OF HEALTH CARE INFORMATION 
                    TECHNOLOGY SYSTEMS.

    (a) Development.--Not later than 36 months after the date 
of enactment of the Patient Safety and Quality Improvement Act 
of 2003, the Secretary shall develop or adopt voluntary 
national standards that promote the electronic exchange of 
health care information.
    (b) Updates.--The Secretary shall provide for the ongoing 
review and periodic updating of the standards developed under 
subsection (a).
    (c) Dissemination.--The Secretary shall provide for the 
dissemination of the standards developed and updated under this 
section.

SEC. 927. AUTHORIZATION OF APPROPRIATIONS.

    There is authorized to be appropriated such sums as may be 
necessary to carry out this part.

           *       *       *       *       *       *       *


                     PART [C] D--GENERAL PROVISIONS

SEC. [921] 931. ADVISORY COUNCIL FOR HEALTHCARE RESEARCH AND QUALITY.

    (a) Establishment.--* * *

           *       *       *       *       *       *       *


SEC. [922] 932. PEER REVIEW WITH RESPECT TO GRANTS AND CONTRACTS.

    (a) Requirement of Review.--
          (1) In general.--* * *

           *       *       *       *       *       *       *


SEC. [923] 933. CERTAIN PROVISIONS WITH RESPECT TO DEVELOPMENT, 
                    COLLECTION, AND DISSEMINATION OF DATA.

    (a) Standards With Respect to Utility of Data.--
          (1) In general.--* * *

           *       *       *       *       *       *       *


SEC. [924] 934. DISSEMINATION OF INFORMATION.

    (a) In General.--The Director shall--
          (1) * * *

           *       *       *       *       *       *       *

    (d) Penalty.--Any person who violates subsection (c) shall 
be subject to a civil monetary penalty of not more than $10,000 
for each such violation involved. [Such penalty shall be 
imposed and collected in the same manner as civil money 
penalties under subsection (a) of section 1128A of the Social 
Security Act are imposed and collected.] Penalties provided for 
under this section shall be imposed and collected by the 
Secretary using the administrative and procedural processes 
used to impose and collect civil money penalties under section 
1128A of the Social Security Act (other than subsections (a) 
and (b), the second sentence of subsection (f), and subsections 
(i), (m), and (n)), unless the Secretary determines that a 
modification of procedures would be more suitable or reasonable 
to carry out this subsection and provides for such modification 
by regulation.

           *       *       *       *       *       *       *


SEC. [925] 935. ADDITIONAL PROVISIONS WITH RESPECT TO GRANTS AND 
                    CONTRACTS.

    (a) Financial Conflicts of Interest.--* * *

           *       *       *       *       *       *       *


SEC. [926] 936. CERTAIN ADMINISTRATIVE AUTHORITIES.

    (a) Deputy Director and Other Officers and Employees.--
          (1) Deputy director.--* * *

           *       *       *       *       *       *       *


SEC. [927] 937. FUNDING.

    (a) Intent.--* * *

           *       *       *       *       *       *       *


SEC. [928] 938. DEFINITIONS.

    In this title:
          (1) Advisory council.--The term ``Advisory Council'' 
        means the National Advisory Council on Healthcare 
        Research and Quality established under section [921] 
        931.

           *       *       *       *       *       *       *


                                
