[Federal Register Volume 59, Number 204 (Monday, October 24, 1994)]
[Unknown Section]
[Page 0]
From the Federal Register Online via the Government Publishing Office [www.gpo.gov]
[FR Doc No: 94-26210]


[[Page Unknown]]

[Federal Register: October 24, 1994]


=======================================================================
-----------------------------------------------------------------------

DEPARTMENT OF VETERANS AFFAIRS

38 CFR Part 17

RIN 2900-AG01

 

Confidentiality of Healthcare Quality Assurance Reviews

AGENCY: Department of Veterans Affairs.

ACTION: Final rule.

-----------------------------------------------------------------------

SUMMARY: The Department of Veterans Affairs (VA) is amending its 
regulations which govern the confidentiality of documents produced in 
VA healthcare quality assurance programs. These regulations specify and 
provide for the limited disclosure of those quality assurance documents 
which are confidential under the provisions of the Dept. of Veterans 
Affairs Confidentiality of Medical Quality Assurance Records Act of 
1980, 38 U.S.C. 5705.

EFFECTIVE DATE: This amendment is effective January 23, 1995.

FOR FURTHER INFORMATION CONTACT: Galen L. Barbour, M.D. Associate CMD 
for Quality Management (15), 810 Vermont Avenue N.W., Washington, D.C. 
20420.

SUPPLEMENTARY INFORMATION: VA published a proposal to amend 38 CFR part 
17 in the Federal Register of August 20, 1993 (58 FR 44313). Interested 
persons were invited to submit written comments, suggestions or 
objections on or before September 20, 1993. We received one comment 
from the American Psychiatric Association.
    The commenter noted that the standards for disclosure of medical 
quality assurance records protected by section 5705 do not mirror the 
standards recently proposed by the VA regarding the confidentiality of 
patient records related to drug abuse, alcoholism or alcohol abuse, 
infection with the human immunodeficiency virus (HIV) and sickle cell 
anemia. The commenter asked that VA articulate any statutory or public 
policy difference regarding the protection of these two categories of 
records.
    Each category of records is protected by a statute which 
specifically provides that records subject to it may be released 
outside the agency only as authorized by that particular section of 
title 38. Section 5705 applies to medical quality assurance records, 
and section 7332 applies to drug abuse, alcoholism or alcohol abuse, 
HIV infection and sickle cell anemia. The VA regulations in each case 
reflect the protection and the disclosure authority specified by 
Congress in each statute.
    This revision of the regulations in 38 CFR part 17 applies to 
healthcare quality assurance records and documents created after the 
date on which the revision becomes effective. The previous regulations 
are still applicable to records and documents created prior to that 
date and remain protected by 38 U.S.C. 5705 (formerly 38 U.S.C. 3305), 
Confidentiality of Medical Quality-Assurance Records. Records generated 
for reviews which are initiated prior to the effective date of this 
revision and are in accordance with the previous regulations are 
protected by the previous regulations even if the records are completed 
after the effective date of this revision.
    This revision is necessary to update the previous regulations which 
were published in 1982. Much of the language in those regulations no 
longer reflects the practice and terminology of quality assurance.
    These revised regulations describe the conditions determining the 
confidentiality of documents produced in quality assurance programs.
    They do not specify the quality assurance program requirements for 
VA medical facilities; the rapidly changing environment to which 
quality assurance programs respond requires that policy guidance on 
this subject be presented in a more flexible and readily modifiable 
format. Consequently, the Veterans Health Administration (VHA) is 
simultaneously publishing a directive delineating the specific quality 
assurance requirements for VA medical facilities and the oversight 
responsibilities of VHA regarding these requirements.
    To be confidential and privileged under 38 U.S.C. 5705 and these 
regulations, a document or part of a document must meet all four of the 
following criteria:
    1. The quality assurance activity which generated the document must 
fall under one of the four classes listed in 17.501(a).
    2. In accordance with 17.501(b), the activity which generated the 
document must have been previously designated in writing as an activity 
which produces confidential quality assurance documents.
    3. The document or part of document must meet one of the five 
conditions described in 17.501(c).
    4. The document or part of document must not meet any of the 
conditions in 17.501(g).
    The revised regulations allow confidential information concerning a 
provider to be seen by that provider for educational and quality 
improvement purposes. To protect the integrity of the peer review 
process, the identities of the peer reviewers involved in the creation 
of the data will not be disclosed to the provider, to the extent 
practicable. We believe these changes will permit a flow of information 
conducive to continuous quality improvement by making information on 
their practice readily available to clinicians.
    Information concerning the number of cases treated and procedures 
performed by individual providers will no longer be confidential and 
protected by 38 U.S.C. 5705 and these regulations. Consequently, 38 
U.S.C. 5705 no longer constitutes a bar to VA facilities placing this 
information in a practitioner's credentialing and privileging folder. 
Since this information is important to the evaluation of a 
practitioner's request for renewal of clinical privileges, making it 
more readily available should increase the effectiveness of that 
process.
    The specific examples of programs and activities cited in 17.501(a) 
are included to provide guidance to VA facilities in classifying their 
review documents to simplify coverage under these regulations. 
Documents from other systematic healthcare quality assurance reviews 
which meet the criteria in 17.501 are also confidential.
    It is expected that VA facilities will indicate on all confidential 
review documents created after the publication of these regulations 
that the document is confidential under 38 U.S.C. 5705 and these 
regulations and also will designate the specific program or activity 
within which the review is included. The program and activity names 
used should be from the policy documents referred to in 17.501(b). 
However, it is not necessary for the facility to have taken these steps 
for a document which meets the criteria in 17.501 to be confidential 
and privileged.
    These regulations recognize that there are two types of external 
reviews of care conducted by VA Central Office and the Regions. One 
type generates documents which are made confidential and privileged by 
38 U.S.C. 5705 while the documents resulting from the second type of 
external review are not protected by that statute. Sections 
17.501(a)(2), 17.501(a)(3) and 17.501(g)(9) clarify existing agency 
procedures in this respect.
    This revision does not address the filing of confidential quality 
assurance documents by individual identifiers. This change from the 
previous regulations does not mean that it is now legal to file 
documents in this manner. Guidelines will be provided to the field when 
this issue is resolved.
    The revised regulations no longer specify the manner in which VA 
facilities will maintain and protect records containing information 
protected by 38 U.S.C. 5705. However, all VA facilities are expected to 
provide the level of protection reasonably necessary to ensure that 
access to and disclosure of all records containing information 
protected by 38 U.S.C. 5705 will occur only as authorized by the 
statute and implementing regulations.
    Under these regulations, quality assurance investigations may be 
initiated as needed by facilities as focused reviews. Focused reviews 
can be used to study both specific incidents and specific issues. 
Records and documents relating to focused reviews will be confidential 
and privileged if they meet the criteria in 17.501.
    As in the past, information and records derived from patient 
medical records or facility administrative records, which are not 
protected by 38 U.S.C. 5705 and these regulations, may be sent or 
communicated to a third party payor who has asked for this information 
in response to a VA request for reimbursement based on Public Law 99-
272 and Public Law 101-508. Reviews conducted at the request of the 
third party payor do not generate records protected by 38 U.S.C. 5705 
and these regulations since the reviews are not undertaken as part of 
the VA's quality assurance program. Compliance with applicable patient 
record confidentiality statutes is, of course, necessary.
    The Secretary hereby certifies that this proposed regulatory 
amendment will not, if promulgated, have a significant economic impact 
on a substantial number of small entities as they are defined in the 
Regulatory Flexibility Act, 5 U.S.C. SS 601-612. The reasons for this 
certification are that the proposed regulatory amendment is for the 
express purpose of implementing 38 U.S.C. 5705 which protects 
particular records generated by the VA medical quality assurance 
program; affects only confidential VA records; and imposes no 
regulatory burdens on small entities. Pursuant to 5 U.S.C. S 605(b), 
this proposed regulatory amendment is therefore exempt from the initial 
and final regulatory-flexibility analyses requirements of sections 603 
and 604.
    There is no Catalog of Federal Domestic Assistant Number.

List of Subjects in 38 CFR Part 17

    Alcoholism, Claims, Dental health, Drug abuse, Foreign relations, 
Government contracts, Grant programs-health, Health care, Health 
facilities, Health professions, Medical devices, Medical research, 
Mental health programs, Nursing homes, Philippines, Veterans.

    Approved: October 4, 1994.
Jesse Brown,
Secretary of Veterans Affairs.

    For the reasons set forth in the preamble, VA amends 38 CFR Part 17 
as follows:

PART 17--MEDICAL

    1. The authority citation for Part 17 is revised to read as 
follows:

    Authority: 38 U.S.C. 501, 5705.

    2. Sections 17.500 and 17.501 and the undesignated centerheading 
preceding Sec. 17.500 are revised; Sec. 17.502 is added; Secs. 17.503 
through 17.510 are revised; Sec. 17.511 is added; and Secs. 17.512 
through 17.541 are removed as follows:

Confidentiality of Healthcare Quality Assurance Review Records


Sec. 17.500  General.

    (a) Section 5705, title 38, United States Code was enacted to 
protect the integrity of the VA's medical quality assurance program by 
making confidential and privileged certain records and documents 
generated by this program and information contained therein. Disclosure 
of quality assurance records and documents made confidential and 
privileged by 38 U.S.C. 5705 and the regulations in Secs. 17.500 
through 17.511 may only be made in accordance with the provisions of 38 
U.S.C. 5705 and those regulations.
    (b) The purpose of the regulations in Secs. 17.500 through 17.511 
is to specify and provide for the limited disclosure of those quality 
assurance documents which are confidential under the provisions of 38 
U.S.C. 5705.
    (c) For purposes of the regulations in Secs. 17.500 through 17.511, 
the VA's medical quality assurance program consists of systematic 
healthcare reviews carried out by or for VA for the purpose of 
improving the quality of medical care or improving the utilization of 
healthcare resources in VA medical facilities. These review activities 
may involve continuous or periodic data collection and may relate to 
either the structure, process, or outcome of health care provided in 
the VA.
    (d) Nothing in the regulations in Secs. 17.500 through 17.511 shall 
be construed as authority to withhold any record or document from a 
committee or subcommittee of either House of Congress or any joint 
committee or subcommittee of Congress, if such record or document 
pertains to any matter within the jurisdiction of such committee or 
joint committee.
    (e) The regulations in Secs. 17.500 through 17.511 do not waive the 
sovereign immunity of the United States, and do not waive the 
confidentiality provisions and disclosure restrictions of 38 U.S.C. 
5705.

(Authority: 38 U.S.C. 5705)


Sec. 17.501  Confidential and privileged documents.

    (a) Documents and parts of documents are considered confidential 
and privileged if they were produced by or for the VA in the process of 
conducting systematic healthcare reviews for the purpose of improving 
the quality of health care or improving the utilization of healthcare 
resources in VA healthcare facilities and meet the criteria in 
paragraphs (b) and (c) of this section. The four classes of healthcare 
quality assurance reviews with examples are:
    (1) Monitoring and evaluation reviews conducted by a facility:
    (i) Medical records reviews,
    (ii) Drug usage evaluations,
    (iii) Blood usage reviews,
    (iv) Surgical case/invasive procedure reviews,
    (v) Service and program monitoring including monitoring performed 
by individual services or programs, several services or programs 
working together, or individuals from several services or programs 
working together as a team,
    (vi) Mortality and morbidity reviews,
    (vii) Infection control review and surveillance,
    (viii) Occurrence screening,
    (ix) Tort claims peer reviews (except reviews performed to satisfy 
the requirements of a governmental body or a professional health care 
organization which is licensing practitioners or monitoring their 
professional performance),
    (x) Admission and continued stay reviews,
     (xi) Diagnostic studies utilization reviews,
    (xii) Reports of special incidents (VA Form 10-2633 or similar 
forms) and follow-up documents unless developed during or as a result 
of a Board of Investigation;
     (2) Focused reviews which address specific issues or incidents and 
which are designated by the reviewing office at the outset of the 
review as protected by 38 U.S.C. 5705 and the regulations in 
Secs. 17.500 through 17.511; focused reviews may be either:
    (i) Facility focused reviews;
    (ii) VA Central Office or Regional focused reviews;
    (3) VA Central Office or Regional general oversight reviews to 
assess facility compliance with VA program requirements if the reviews 
are designated by the reviewing office at the outset of the review as 
protected by 38 U.S.C. 5705 and the regulations in Secs. 17.500 through 
17.511; and
    (4) Contracted external reviews of care, specifically designated in 
the contract or agreement as reviews protected by 38 U.S.C. 5705 and 
the regulations in Secs. 17.500 through 17.511.
    (b) The Under Secretary for Health, Regional Director or facility 
Director will describe in advance in writing those quality assurance 
activities included under the classes of healthcare quality assurance 
reviews listed in paragraph (a) of this section. Only documents and 
parts of documents resulting from those activities which have been so 
described are protected by 38 U.S.C. 5705 and the regulations in 
Secs. 17.500 through 17.511. If an activity is not described in a VA 
Central Office or Regional policy document, this requirement may be 
satisfied at the facility level by description in advance of the 
activity and its designation as protected in the facility quality 
assurance plan or other policy document.
    (c) Documents and parts of documents generated by activities which 
meet the criteria in paragraphs (a) and (b) of this section shall be 
confidential and privileged only if they:
    (1) Identify, either implicitly or explicitly, individual 
practitioners, patients, or reviewers except as provided in paragraph 
(g)(6) of this section; or
    (2) Contain discussions relating to the quality of VA medical care 
or utilization of VA medical resources by healthcare evaluators during 
the course of a review of quality assurance information or data, even 
if they do not identify practitioners, patients, or reviewers; or
    (3) Are individual committee, service, or study team minutes, 
notes, reports, memoranda, or other documents either produced by 
healthcare evaluators in deliberating on the findings of healthcare 
reviews, or prepared for purposes of discussion or consideration by 
healthcare evaluators during a quality assurance review; or
    (4) Are memoranda, letters, or other documents from the medical 
facility to the Regional Director or VA Central Office which contain 
information generated by a quality assurance activity meeting the 
criteria in Sec. 17.501 (a) and (b); or
     (5) Are memoranda, letters, or other documents produced by the 
Regional Director or VA Central Office which either respond to or 
contain information generated by a quality assurance activity meeting 
the criteria in Sec. 17.501 (a) and (b).
    (d) Documents which meet the criteria in this section are 
confidential and privileged whether they are produced at the medical 
facility, Regional or VA Central Office levels, or by external 
contractors performing healthcare quality assurance reviews.
    (e) Documents which are confidential and privileged may be in 
written, computer, electronic, photographic or any other form.
    (f) Documents which contain confidential and privileged material in 
one part, but not in others, such as Clinical Executive Board minutes, 
should be filed and maintained as if the entire document was protected 
by 38 U.S.C. 5705. This is not required if the confidential and 
privileged material is deleted.
    (g) The following records and documents and parts of records and 
documents are not confidential even if they meet the criteria in 
paragraphs (a) through (c) of this section:
     (1) Statistical information regarding VA healthcare programs or 
activities that does not implicitly or explicitly identify individual 
VA patients or VA employees or individuals involved in the quality 
assurance process;
    (2) Summary documents or records which only identify study topics, 
the period of time covered by the study, criteria, norms, and/or major 
overall findings, but which do not identify individual healthcare 
practitioners, even by implication;
    (3) The contents of Credentialing and Privileging folders as 
described in VACO policy documents (38 U.S.C. 5705-protected records 
shall not be filed in Credentialing and Privileging folders);
    (4) Records and documents developed during or as a result of Boards 
of Investigations;
    (5) Completed patient satisfaction survey questionnaires and 
findings from patient satisfaction surveys;
    (6) Records and documents which only indicate the number of 
patients treated by a practitioner, either by diagnosis or in 
aggregate, or number of procedures performed by a practitioner, either 
by procedure or in aggregate;
    (7) Records and documents developed during or as a result of 
reviews performed to satisfy the requirements of a governmental body or 
a professional healthcare organization which is licensing practitioners 
or monitoring their professional performance, e.g., National 
Practitioner Data Bank, Federation of State Medical Boards, and 
National Council of State Boards of Nursing;
    (8) Documents and reports developed during or as a result of site 
visits by the Office of the Medical Inspector except to the extent that 
the documents and reports contain information that meets the criteria 
described in this section and are produced by or for VA by other than 
the Office of Medical Inspector;
    (9) External reviews conducted by VA Central Office or a Region 
other than those designated by the reviewing office under paragraph 
(a)(2) or (a)(3) of this section as protected by 38 U.S.C. 5705 and the 
regulations in Secs. 17.500 through 17.511;
    (10) Documents and reports of Professional Standards Boards, 
Credentialing Committees, Executive Committees of Medical Staff, and 
similar bodies, insofar as the documents relate to the credentialing 
and privileging of practitioners;
    (11) Documents and reports developed during or as a result of data 
validation activities;
    (12) Documents and reports developed during or as a result of 
occupational health monitoring;
    (13) Documents and reports developed during or as a result of 
safety monitoring not directly related to the care of specified 
individual patients;
    (14) Documents and reports developed during or as a result of 
resource management activities not directly related to the care of 
specified individual patients; and
    (15) Information and records derived from patient medical records 
or facility administrative records, which are not protected by 38 
U.S.C. 5705 and the regulations in Secs. 17.500 through 17.511, may be 
sent or communicated to a third party payor who has asked for this 
information in response to a VA request for reimbursement based on 
Public Law 99-272 and Public Law 101-508. Reviews conducted at the 
request of the third party payor do not generate records protected by 
38 U.S.C. 5705 and the regulations in Secs. 17.500 through 17.511 since 
the reviews are not undertaken as part of the VA's quality assurance 
program.

(Authority: 38 U.S.C. 5705)


Sec. 17.502  Applicability of other statutes.

    (a) Disclosure of quality assurance records and documents which are 
not confidential and privileged under 38 U.S.C. 5705 and the 
confidentiality regulations in Secs. 17.500 through 17.511 will be 
governed by the provisions of the Freedom of Information Act, and, if 
applicable, the Privacy Act and any other VA or federal confidentiality 
statutes.
    (b) When included in a quality assurance review, confidential 
records protected by other confidentiality statutes such as 5 U.S.C. 
552a (the Privacy Act), 38 U.S.C. 7332 (drug and alcohol abuse, sickle 
cell anemia, HIV infection), and 38 U.S.C. 5701 (veterans' names and 
addresses) retain whatever confidentiality protection they have under 
these laws and applicable regulations and will be handled accordingly. 
To the extent that information protected by 38 U.S.C. 5701 or 7332 or 
the Privacy Act is incorporated into quality assurance records, the 
information in the quality assurance records is still protected by 
these statutes.

(Authority: 38 U.S.C. 5705)


Sec. 17.503  Improper disclosure.

    (a) Improper disclosure is the disclosure of confidential and 
privileged healthcare quality assurance review records or documents (or 
information contained therein), as defined in Sec. 17.501, to any 
person who is not authorized access to the records or documents under 
the statute and the regulations in Secs. 17.500 through 17.511.
    (b) ``Disclosure'' means the communication, transmission, or 
conveyance in any way of any confidential and privileged quality 
assurance records or documents or information contained in them to any 
individual or organization in any form by any means.

(Authority: 38 U.S.C. 5705)


Sec. 17.504  Disclosure methods.

    (a) Disclosure of confidential and privileged quality assurance 
records and documents or the information contained therein outside VA, 
where permitted by the statute and the regulations in Secs. 17.500 
through 17.511, will always be by copies, abstracts, summaries, or 
similar records or documents prepared by the Department of Veterans 
Affairs and released to the requestor. The original confidential and 
privileged quality assurance records and documents will not be removed 
from the VA facility by any person, VA employee or otherwise, except in 
accordance with Sec. 17.508(c) or where otherwise legally required.
    (b) Disclosure of confidential and privileged quality assurance 
records and documents to authorized individuals under either 
Sec. 17.508 or Sec. 17.509 shall bear the following statement: ``These 
documents or records (or information contained herein) are confidential 
and privileged under the provisions of 38 U.S.C. 5705, which provide 
for fines up to $20,000 for unauthorized disclosures thereof, and the 
implementing regulations. This material shall not be disclosed to 
anyone without authorization as provided for by that law or the 
regulations in Secs. 17.500 through 17.511.''

(Authority: 38 U.S.C. 5705)


Sec. 17.505  Disclosure authorities.

    The VA medical facility Director, Regional Director, Under 
Secretary for Health, or their designees are authorized to disclose any 
confidential and privileged quality assurance records or documents 
under their control to other agencies, organizations, or individuals 
where 38 U.S.C. 5705 or the regulations in Secs. 17.500 through 17.511 
expressly provide for disclosure.

(Authority: 38 U.S.C. 5705)


Sec. 17.506  Appeal of decision by Veterans Health Administration to 
deny disclosure.

    When a request for records or documents subject to the regulations 
in Secs. 17.500 through 17.511 is denied in whole or in part by the VA 
medical facility Director, Regional Director or Under Secretary for 
Health, the VA official denying the request in whole or in part will 
notify the requestor in writing of the right to appeal this decision to 
the General Counsel of the Department of Veterans Affairs within 60 
days of the date of the denial letter. The final Department decision 
will be made by the General Counsel or the Deputy General Counsel.

(Authority: 38 U.S.C. 5705)


Sec. 17.507  Employee responsibilities.

    (a) All VA employees and other individuals who have access to 
records designated as confidential and privileged under 38 U.S.C. 5705 
and the regulations in Secs. 17.500 through 17.511 will treat the 
findings, views, and actions relating to quality assurance in a 
confidential manner.
    (b) All individuals who have had access to records designated as 
confidential and privileged under 38 U.S.C. 5705 and the regulations in 
Secs. 17.500 through 17.511 will not disclose such records or 
information therein to any person or organization after voluntary or 
involuntary termination of their relationship to the VA.

(Authority: 38 U.S.C. 5705)


Sec. 17.508  Access to quality assurance records and documents within 
the agency.

    (a) Access to confidential and privileged quality assurance records 
and documents within the Department pursuant to this section is 
restricted to VA employees (including consultants and contractors of 
VA) who have a need for such information to perform their government 
duties or contractual responsibilities and who are authorized access by 
the VA medical facility Director, Regional Director, the Under 
Secretary for Health, or their designees or by the regulations in 
Secs. 17.500 through 17.511.
    (b) To foster continuous quality improvement, practitioners on VA 
rolls, whether paid or not, will have access to confidential and 
privileged quality assurance records and documents relating to 
evaluation of the care they provided.
    (c) Any quality assurance record or document, whether confidential 
and privileged or not, may be provided to the General Counsel or any 
attorney within the Office of General Counsel, wherever located. These 
documents may also be provided to a Department of Justice (DOJ) 
attorney who is investigating a claim or potential claim against the VA 
or who is preparing for litigation involving the VA. If necessary, such 
a record or document may be removed from the VA medical facility to the 
site where the General Counsel or any attorney within the Office of 
General Counsel or the DOJ attorney is conducting an investigation or 
preparing for litigation.
    (d) Any quality assurance record or document or the information 
contained therein, whether confidential and privileged or not, will be 
provided to the Department of Veterans Affairs Office of Inspector 
General upon request. A written request is not required.
    (e) To the extent practicable, documents accessed under paragraph 
(b) of this section will not include the identity of peer reviewers. 
Reasonable efforts will be made to edit documents so as to protect the 
identities of reviewers, but the inability to completely do so will not 
bar access under paragraph (b).
    (f) No individual shall be permitted access to confidential and 
privileged quality assurance records and documents identified in 
Sec. 17.501 unless such individual has been informed of the penalties 
for unauthorized disclosure. Any misuse of confidential and privileged 
quality assurance records or documents shall be reported to the 
appropriate VHA official, e.g., Service Chief, Medical Center Director.
    (g) In general, confidential and privileged quality assurance 
records and documents will be maintained for a minimum of 3 years and 
may be held longer if needed for research studies or quality assurance 
or legal purposes.

(Authority: 38 U.S.C. 5705)


Sec. 17.509  Authorized disclosure: Non-Department of Veterans Affairs 
requests.

    (a) Requests for confidential and privileged quality assurance 
records and documents from organizations or individuals outside VA must 
be made to the Department and must specify the nature and content of 
the information requested, to whom the information should be 
transmitted or disclosed, and the purpose listed in paragraphs (b) 
through (j) of this section for which the information requested will be 
used. In addition, the requestor will specify to the extent possible 
the beginning and final dates of the period for which disclosure or 
access is requested. The request must be in writing and signed by the 
requestor. Except as specified in paragraphs (b) and (c) of this 
section, these requests should be forwarded to the Director of the 
facility in possession of the records or documents for response. The 
procedures outlined in 38 CFR 1.500 through 1.584 will be followed 
where applicable.
    (b) Disclosure shall be made to Federal agencies upon their written 
request to permit VA's participation in healthcare programs including 
healthcare delivery, research, planning, and related activities with 
the requesting agencies. Any Federal agency may apply to the Under 
Secretary for Health for approval. If the VA decides to participate in 
the healthcare program with the requestor, the requesting agency will 
enter into an agreement with VA to ensure that the agency and its staff 
will ensure the confidentiality of any quality assurance records or 
documents shared with the agency.
    (c) Qualified persons or organizations, including academic 
institutions, engaged in healthcare program activities shall, upon 
request to and approval by the Under Secretary for Health, Regional 
Director, medical facility Director, or their designees, have access to 
confidential and privileged medical quality assurance records and 
documents to permit VA participation in a healthcare activity with the 
requestor, provided that no records or documents are removed from the 
VA facility in possession of the records.
    (d) When a request under paragraphs (b) or (c) of this section 
concerns access for research purposes, the request, together with the 
research plan or protocol, shall first be submitted to and approved by 
an appropriate VA medical facility Research and Development Committee 
and then approved by the Director of the VA medical facility. The VA 
medical facility staff together with the qualified person(s) conducting 
the research shall be responsible for the preservation of the anonymity 
of the patients, clients, and providers and shall not disseminate any 
records or documents which identify such individuals directly or 
indirectly without the individual's consent. This applies to the 
handling of data or information as well as reporting or publication of 
findings. These requirements are in addition to other applicable 
protections for the research.
    (e) Individually identified patient medical record information 
which is protected by another statute as provided in Sec. 17.502 may 
not be disclosed to a non-VA person or organization, including 
disclosures for research purposes under paragraph (d), except as 
provided in that statute.
    (f) Under paragraph (b), the Under Secretary for Health or designee 
or under paragraph (c), the Under Secretary for Health, Regional 
Director, medical facility Director, or their designees may approve a 
written request if it meets the following criteria:
    (1) Participation by VA will benefit VA patient care; or
    (2) Participation by VA will enhance VA medical research; or
    (3) Participation by VA will enhance VA health services research; 
or
    (4) Participation by VA will enhance VA healthcare planning or 
program development activities; or
    (5) Participation by VA will enhance related VA healthcare program 
activities; and
    (6) Access to the record by the requester is required for VA to 
participate in a healthcare program with the requester.
    (g) Protected quality assurance records or documents, including 
records pertaining to a specific individual, will for purposes 
authorized under law be disclosed to a civil or criminal law 
enforcement governmental agency or instrumentality charged under 
applicable law with the protection of public health or safety, 
including state licensing and disciplinary agencies, if a written 
request for such records or documents is received from an official of 
such an organization. The request must state the purpose authorized by 
law for which the records will be used. The Under Secretary for Health, 
Regional Director, medical facility Director, or their designees will 
determine the extent to which the information is disclosable.
    (h) Federal agencies charged with protecting the public health and 
welfare, federal and private agencies which engage in various 
monitoring and quality control activities, agencies responsible for 
licensure of individual health care facilities or programs, and similar 
organizations will be provided confidential and privileged quality 
assurance records and documents if a written request for such records 
or documents is received from an official of such an organization. The 
request must state the purpose for which the records will be used. The 
Under Secretary for Health, Regional Director, medical facility 
Director, or their designees will determine the extent to which the 
information is disclosable.
    (i) JCAHO (Joint Commission on Accreditation of Healthcare 
Organizations) survey teams and similar national accreditation agencies 
or boards and other organizations requested by VA to assess the 
effectiveness of quality assurance program activities or to consult 
regarding these programs are entitled to disclosure of confidential and 
privileged quality assurance documents with the following 
qualifications:
    (1) Accreditation agencies which are charged with assessing all 
aspects of medical facility patient care, e.g., JCAHO, may have access 
to all confidential and privileged quality assurance records and 
documents.
    (2) Accreditation agencies charged with more narrowly focused 
review (e.g., College of American Pathologists, American Association of 
Blood Banks, Nuclear Regulatory Commission, etc.) may have access only 
to such confidential and privileged records and documents as are 
relevant to their respective focus.
    (j) Confidential and privileged quality assurance records and 
documents shall be released to the General Accounting Office if such 
records or documents pertain to any matter within its jurisdiction.
    (k) Confidential and privileged quality assurance records and 
documents shall be released to both VA and non-VA healthcare personnel 
upon request to the extent necessary to meet a medical emergency 
affecting the health or safety of any individual.
    (l) For any disclosure made under paragraphs (a) through (i) of 
this section, the name of and other identifying information regarding 
any individual VA patient, employee, or other individual associated 
with VA shall be deleted from any confidential and privileged quality 
assurance record or document before any disclosure under these quality 
assurance regulations in Secs. 17.500 through 17.511 is made, if 
disclosure of such name and identifying information would constitute a 
clearly unwarranted invasion of personal privacy.
    (m) Disclosure of the confidential and privileged quality assurance 
records and documents identified in Sec. 17.501 will not be made to any 
individual or agency until that individual or agency has been informed 
of the penalties for unauthorized disclosure or redisclosure.

(Authority: 38 U.S.C. 5705)


Sec. 17.510  Redisclosure.

    No person or entity to whom a quality assurance record or document 
has been disclosed under Sec. 17.508 or Sec. 17.509 shall make further 
disclosure of such record or document except as provided for in 38 
U.S.C. 5705 and the regulations in Secs. 17.500 through 17.511.

(Authority: 38 U.S.C. 5705)


Sec. 17.511  Penalties for violations.

    Any person who knows that a document or record is a confidential 
and privileged quality assurance document or record described in 
Secs. 17.500 through 17.511 and willfully discloses such confidential 
and privileged quality assurance record or document or information 
contained therein, except as authorized by 38 U.S.C. 5705 or the 
regulations in Secs. 17.500 through 17.511, shall be fined not more 
than $5,000 in the case of a first offense and not more than $20,000 in 
the case of each subsequent offense.

(Authority: 38 U.S.C. 5705)

[FR Doc. 94-26210 Filed 10-21-94; 8:45 am]
BILLING CODE 8320-01-P