[House Report 109-197] [From the U.S. Government Publishing Office] 109th Congress Report HOUSE OF REPRESENTATIVES 1st Session 109-197 ====================================================================== PATIENT SAFETY AND QUALITY IMPROVEMENT ACT OF 2005 _______ July 27, 2005.--Committed to the Committee of the Whole House on the State of the Union and ordered to be printed _______ Mr. Barton of Texas, from the Committee on Energy and Commerce, submitted the following R E P O R T [To accompany H.R. 3205] [Including cost estimate of the Congressional Budget Office] The Committee on Energy and Commerce, to whom was referred the bill (H.R. 3205) to amend title IX of the Public Health Service Act to provide for the improvement of patient safety and to reduce the incidence of events that adversely affect patient safety, and for other purposes, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page Amendment........................................................ 2 Purpose and Summary.............................................. 9 Background and Need for Legislation.............................. 9 Hearings......................................................... 9 Committee Consideration.......................................... 10 Committee Votes.................................................. 10 Committee Oversight Findings..................................... 10 Statement of General Performance Goals and Objectives............ 10 New Budget Authority, Entitlement Authority, and Tax Expenditures 10 Committee Cost Estimate.......................................... 10 Congressional Budget Office Estimate............................. 10 Federal Mandates Statement....................................... 13 Advisory Committee Statement..................................... 13 Constitutional Authority Statement............................... 13 Applicability to Legislative Branch.............................. 13 Section-by-Section Analysis of the Legislation................... 13 Changes in Existing Law Made by the Bill, as Reported............ 18 Amendment The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) Short Title.--This Act may be cited as the ``Patient Safety and Quality Improvement Act of 2005''. (b) Table of Contents.--The table of contents for this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Amendments to Public Health Service Act. ``Part C--Patient Safety Improvement ``Sec. 921. Definitions. ``Sec. 922. Privilege and confidentiality protections. ``Sec. 923. Network of patient safety databases. ``Sec. 924. Patient safety organization certification and listing. ``Sec. 925. Technical assistance. ``Sec. 926. Severability. SEC. 2. AMENDMENTS TO PUBLIC HEALTH SERVICE ACT. (a) In General.--Title IX of the Public Health Service Act (42 U.S.C. 299 et seq.) is amended-- (1) in section 912(c), by inserting ``, in accordance with part C,'' after ``The Director shall''; (2) by redesignating part C as part D; (3) by redesignating sections 921 through 928, as sections 931 through 938, respectively; (4) in section 938(1) (as so redesignated), by striking ``921'' and inserting ``931''; and (5) by inserting after part B the following: ``PART C--PATIENT SAFETY IMPROVEMENT ``SEC. 921. DEFINITIONS. ``In this part: ``(1) HIPAA confidentiality regulations.--The term `HIPAA confidentiality regulations' means regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033). ``(2) Identifiable patient safety work product.--The term `identifiable patient safety work product' means patient safety work product that-- ``(A) is presented in a form and manner that allows the identification of any provider that is a subject of the work product, or any providers that participate in activities that are a subject of the work product; ``(B) constitutes individually identifiable health information as that term is defined in the HIPAA confidentiality regulations; or ``(C) is presented in a form and manner that allows the identification of an individual who reported information in the manner specified in section 922(e). ``(3) Nonidentifiable patient safety work product.--The term `nonidentifiable patient safety work product' means patient safety work product that is not identifiable patient safety work product (as defined in paragraph (2)). ``(4) Patient safety organization.--The term `patient safety organization' means a private or public entity or component thereof that is listed by the Secretary pursuant to section 924(d). ``(5) Patient safety activities.--The term `patient safety activities' means the following activities: ``(A) Efforts to improve patient safety and the quality of health care delivery. ``(B) The collection and analysis of patient safety work product. ``(C) The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices. ``(D) The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk. ``(E) The maintenance of procedures to preserve confidentiality with respect to patient safety work product. ``(F) The provision of appropriate security measures with respect to patient safety work product. ``(G) The utilization of qualified staff. ``(H) Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system. ``(6) Patient safety evaluation system.--The term `patient safety evaluation system' means the collection, management, or analysis of information for reporting to or by a patient safety organization. ``(7) Patient safety work product.-- ``(A) In general.--Except as provided in subparagraph (B), the term `patient safety work product' means any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements-- ``(i) which-- ``(I) are assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization; or ``(II) are developed by a patient safety organization for the conduct of patient safety activities; and which could result in improved patient safety, health care quality, or health care outcomes; or ``(ii) which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system. ``(B) Clarification.-- ``(i) Information described in subparagraph (A) does not include a patient's medical record, billing and discharge information, or any other original patient or provider record. ``(ii) Information described in subparagraph (A) does not include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a patient safety organization shall not by reason of its reporting be considered patient safety work product. ``(iii) Nothing in this part shall be construed to limit-- ``(I) the discovery of or admissibility of information described in this subparagraph in a criminal, civil, or administrative proceeding; ``(II) the reporting of information described in this subparagraph to a Federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes; or ``(III) a provider's recordkeeping obligation with respect to information described in this subparagraph under Federal, State, or local law. ``(8) Provider.--The term `provider' means-- ``(A) an individual or entity licensed or otherwise authorized under State law to provide health care services, including-- ``(i) a hospital, nursing facility, comprehensive outpatient rehabilitation facility, home health agency, hospice program, renal dialysis facility, ambulatory surgical center, pharmacy, physician or health care practitioner's office, long term care facility, behavior health residential treatment facility, clinical laboratory, or health center; or ``(ii) a physician, physician assistant, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist, certified nurse midwife, psychologist, certified social worker, registered dietitian or nutrition professional, physical or occupational therapist, pharmacist, or other individual health care practitioner; or ``(B) any other individual or entity specified in regulations promulgated by the Secretary. ``SEC. 922. PRIVILEGE AND CONFIDENTIALITY PROTECTIONS. ``(a) Privilege.--Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be privileged and shall not be-- ``(1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider; ``(2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider; ``(3) subject to disclosure pursuant to section 552 of title 5, United States Code (commonly known as the Freedom of Information Act) or any other similar Federal, State, or local law; ``(4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or ``(5) admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law. ``(b) Confidentiality of Patient Safety Work Product.-- Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be confidential and shall not be disclosed. ``(c) Exceptions.--Except as provided in subsection (g)(3)-- ``(1) Exceptions from privilege and confidentiality.-- Subsections (a) and (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures: ``(A) Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source. ``(B) Disclosure of patient safety work product to the extent required to carry out subsection (f)(4)(A). ``(C) Disclosure of identifiable patient safety work product if authorized by each provider identified in such work product. ``(2) Exceptions from confidentiality.--Subsection (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures: ``(A) Disclosure of patient safety work product to carry out patient safety activities. ``(B) Disclosure of nonidentifiable patient safety work product. ``(C) Disclosure of patient safety work product to grantees, contractors, or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed for such purpose under the HIPAA confidentiality regulations. ``(D) Disclosure by a provider to the Food and Drug Administration with respect to a product or activity regulated by the Food and Drug Administration. ``(E) Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider. ``(F) Disclosures that the Secretary may determine, by rule or other means, are necessary for business operations and are consistent with the goals of this part. ``(G) Disclosure of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes. ``(H) With respect to a person other than a patient safety organization, the disclosure of patient safety work product that does not include materials that-- ``(i) assess the quality of care of an identifiable provider; or ``(ii) describe or pertain to one or more actions or failures to act by an identifiable provider. ``(3) Exception from privilege.--Subsection (a) shall not apply to (and shall not be construed to prohibit) voluntary disclosure of nonidentifiable patient safety work product. ``(d) Continued Protection of Information After Disclosure.-- ``(1) In general.--Patient safety work product that is disclosed under subsection (c) shall continue to be privileged and confidential as provided for in subsections (a) and (b), and such disclosure shall not be treated as a waiver of privilege or confidentiality, and the privileged and confidential nature of such work product shall also apply to such work product in the possession or control of a person to whom such work product was disclosed. ``(2) Exception.--Notwithstanding paragraph (1), and subject to paragraph (3)-- ``(A) if patient safety work product is disclosed in a criminal proceeding, the confidentiality protections provided for in subsection (b) shall no longer apply to the work product so disclosed; and ``(B) if patient safety work product is disclosed as provided for in subsection (c)(2)(B) (relating to disclosure of nonidentifiable patient safety work product), the privilege and confidentiality protections provided for in subsections (a) and (b) shall no longer apply to such work product. ``(3) Construction.--Paragraph (2) shall not be construed as terminating or limiting the privilege or confidentiality protections provided for in subsection (a) or (b) with respect to patient safety work product other than the specific patient safety work product disclosed as provided for in subsection (c). ``(4) Limitations on actions.-- ``(A) Patient safety organizations.-- ``(i) In general.--A patient safety organization shall not be compelled to disclose information collected or developed under this part whether or not such information is patient safety work product unless such information is identified, is not patient safety work product, and is not reasonably available from another source. ``(ii) Nonapplication.--The limitation contained in clause (i) shall not apply in an action against a patient safety organization or with respect to disclosures pursuant to subsection (c)(1). ``(B) Providers.--An accrediting body shall not take an accrediting action against a provider based on the good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety work product in accordance with this part. An accrediting body may not require a provider to reveal its communications with any patient safety organization established in accordance with this part. ``(e) Reporter Protection.-- ``(1) In general.--A provider may not take an adverse employment action, as described in paragraph (2), against an individual based upon the fact that the individual in good faith reported information-- ``(A) to the provider with the intention of having the information reported to a patient safety organization; or ``(B) directly to a patient safety organization. ``(2) Adverse employment action.--For purposes of this subsection, an `adverse employment action' includes-- ``(A) loss of employment, the failure to promote an individual, or the failure to provide any other employment-related benefit for which the individual would otherwise be eligible; or ``(B) an adverse evaluation or decision made in relation to accreditation, certification, credentialing, or licensing of the individual. ``(f) Enforcement.-- ``(1) Civil monetary penalty.--Subject to paragraphs (2) and (3), a person who discloses identifiable patient safety work product in knowing or reckless violation of subsection (b) shall be subject to a civil monetary penalty of not more than $10,000 for each act constituting such violation. ``(2) Procedure.--The provisions of section 1128A of the Social Security Act, other than subsections (a) and (b) and the first sentence of subsection (c)(1), shall apply to civil money penalties under this subsection in the same manner as such provisions apply to a penalty or proceeding under section 1128A of the Social Security Act. ``(3) Relation to hipaa.--Penalties shall not be imposed both under this subsection and under the regulations issued pursuant to section 264(c)(1) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note) for a single act or omission. ``(4) Equitable relief.-- ``(A) In general.--Without limiting remedies available to other parties, a civil action may be brought by any aggrieved individual to enjoin any act or practice that violates subsection (e) and to obtain other appropriate equitable relief (including reinstatement, back pay, and restoration of benefits) to redress such violation. ``(B) Against state employees.--An entity that is a State or an agency of a State government may not assert the privilege described in subsection (a) unless before the time of the assertion, the entity or, in the case of and with respect to an agency, the State has consented to be subject to an action described in subparagraph (A), and that consent has remained in effect. ``(g) Rule of Construction.--Nothing in this section shall be construed-- ``(1) to limit the application of other Federal, State, or local laws that provide greater privilege or confidentiality protections than the privilege and confidentiality protections provided for in this section; ``(2) to limit, alter, or affect the requirements of Federal, State, or local law pertaining to information that is not privileged or confidential under this section; ``(3) except as provided in subsection (i), to alter or affect the implementation of any provision of the HIPAA confidentiality regulations or section 1176 of the Social Security Act (or regulations promulgated under such section); ``(4) to limit the authority of any provider, patient safety organization, or other entity to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this section; ``(5) as preempting or otherwise affecting any State law requiring a provider to report information that is not patient safety work product; or ``(6) to limit, alter, or affect any requirement for reporting to the Food and Drug Administration information regarding the safety of a product or activity regulated by the Food and Drug Administration. ``(h) Clarification.--Nothing in this part prohibits any person from conducting additional analysis for any purpose regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a patient safety organization or a patient safety evaluation system. ``(i) Clarification of application of hipaa confidentiality regulations to patient safety organizations.--For purposes of applying the HIPAA confidentiality regulations-- ``(1) patient safety organizations shall be treated as business associates; and ``(2) patient safety activities of such organizations in relation to a provider are deemed to be health care operations (as defined in such regulations) of the provider. ``(j) Reports on Strategies To Improve Patient Safety.-- ``(1) Draft report.--Not later than the date that is 18 months after any network of patient safety databases is operational, the Secretary, in consultation with the Director, shall prepare a draft report on effective strategies for reducing medical errors and increasing patient safety. The draft report shall include any measure determined appropriate by the Secretary to encourage the appropriate use of such strategies, including use in any federally funded programs. The Secretary shall make the draft report available for public comment and submit the draft report to the Institute of Medicine for review. ``(2) Final report.--Not later than 1 year after the date described in paragraph (1), the Secretary shall submit a final report to the Congress. ``SEC. 923. NETWORK OF PATIENT SAFETY DATABASES. ``(a) In General.--The Secretary shall facilitate the creation of, and maintain, a network of patient safety databases that provides an interactive evidence-based management resource for providers, patient safety organizations, and other entities. The network of databases shall have the capacity to accept, aggregate across the network, and analyze nonidentifiable patient safety work product voluntarily reported by patient safety organizations, providers, or other entities. The Secretary shall assess the feasibility of providing for a single point of access to the network for qualified researchers for information aggregated across the network and, if feasible, provide for implementation. ``(b) Data Standards.--The Secretary may determine common formats for the reporting to and among the network of patient safety databases maintained under subsection (a) of nonidentifiable patient safety work product, including necessary work product elements, common and consistent definitions, and a standardized computer interface for the processing of such work product. To the extent practicable, such standards shall be consistent with the administrative simplification provisions of part C of title XI of the Social Security Act. ``(c) Use of Information.--Information reported to and among the network of patient safety databases under subsection (a) shall be used to analyze national and regional statistics, including trends and patterns of health care errors. The information resulting from such analyses shall be made available to the public and included in the annual quality reports prepared under section 913(b)(2). ``SEC. 924. PATIENT SAFETY ORGANIZATION CERTIFICATION AND LISTING. ``(a) Certification.-- ``(1) Initial certification.--An entity that seeks to be a patient safety organization shall submit an initial certification to the Secretary that the entity-- ``(A) has policies and procedures in place to perform each of the patient safety activities described in section 921(5); and ``(B) upon being listed under subsection (d), will comply with the criteria described in subsection (b). ``(2) Subsequent certifications.--An entity that is a patient safety organization shall submit every 3 years after the date of its initial listing under subsection (d) a subsequent certification to the Secretary that the entity-- ``(A) is performing each of the patient safety activities described in section 921(5); and ``(B) is complying with the criteria described in subsection (b). ``(b) Criteria.-- ``(1) In general.--The following are criteria for the initial and subsequent certification of an entity as a patient safety organization: ``(A) The mission and primary activity of the entity are to conduct activities that are to improve patient safety and the quality of health care delivery. ``(B) The entity has appropriately qualified staff (whether directly or through contract), including licensed or certified medical professionals. ``(C) The entity, within each 24-month period that begins after the date of the initial listing under subsection (d), has bona fide contracts, each of a reasonable period of time, with more than 1 provider for the purpose of receiving and reviewing patient safety work product. ``(D) The entity is not, and is not a component of, a health insurance issuer (as defined in section 2791(b)(2)). ``(E) The entity shall fully disclose-- ``(i) any financial, reporting, or contractual relationship between the entity and any provider that contracts with the entity; and ``(ii) if applicable, the fact that the entity is not managed, controlled, and operated independently from any provider that contracts with the entity. ``(F) To the extent practical and appropriate, the entity collects patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers. ``(G) The utilization of patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk. ``(2) Additional criteria for component organizations.--If an entity that seeks to be a patient safety organization is a component of another organization, the following are additional criteria for the initial and subsequent certification of the entity as a patient safety organization: ``(A) The entity maintains patient safety work product separately from the rest of the organization, and establishes appropriate security measures to maintain the confidentiality of the patient safety work product. ``(B) The entity does not make an unauthorized disclosure under this part of patient safety work product to the rest of the organization in breach of confidentiality. ``(C) The mission of the entity does not create a conflict of interest with the rest of the organization. ``(c) Review of Certification.-- ``(1) In general.-- ``(A) Initial certification.--Upon the submission by an entity of an initial certification under subsection (a)(1), the Secretary shall determine if the certification meets the requirements of subparagraphs (A) and (B) of such subsection. ``(B) Subsequent certification.--Upon the submission by an entity of a subsequent certification under subsection (a)(2), the Secretary shall review the certification with respect to requirements of subparagraphs (A) and (B) of such subsection. ``(2) Notice of acceptance or non-acceptance.--If the Secretary determines that-- ``(A) an entity's initial certification meets requirements referred to in paragraph (1)(A), the Secretary shall notify the entity of the acceptance of such certification; or ``(B) an entity's initial certification does not meet such requirements, the Secretary shall notify the entity that such certification is not accepted and the reasons therefor. ``(3) Disclosures regarding relationship to providers.--The Secretary shall consider any disclosures under subsection (b)(1)(E) by an entity and shall make public findings on whether the entity can fairly and accurately perform the patient safety activities of a patient safety organization. The Secretary shall take those findings into consideration in determining whether to accept the entity's initial certification and any subsequent certification submitted under subsection (a) and, based on those findings, may deny, condition, or revoke acceptance of the entity's certification. ``(d) Listing.--The Secretary shall compile and maintain a listing of entities with respect to which there is an acceptance of a certification pursuant to subsection (c)(2)(A) that has not been revoked under subsection (e) or voluntarily relinquished. ``(e) Revocation of Acceptance of Certification.-- ``(1) In general.--If, after notice of deficiency, an opportunity for a hearing, and a reasonable opportunity for correction, the Secretary determines that a patient safety organization does not meet the certification requirements under subsection (a)(2), including subparagraphs (A) and (B) of such subsection, the Secretary shall revoke the Secretary's acceptance of the certification of such organization. ``(2) Supplying confirmation of notification to providers.-- Within 15 days of a revocation under paragraph (1), a patient safety organization shall submit to the Secretary a confirmation that the organization has taken all reasonable actions to notify each provider whose patient safety work product is collected or analyzed by the organization of such revocation. ``(3) Publication of decision.--If the Secretary revokes the certification of an organization under paragraph (1), the Secretary shall-- ``(A) remove the organization from the listing maintained under subsection (d); and ``(B) publish notice of the revocation in the Federal Register. ``(f) Status of Data After Removal From Listing.-- ``(1) New data.--With respect to the privilege and confidentiality protections described in section 922, data submitted to an entity within 30 days after the entity is removed from the listing under subsection (e)(3)(A) shall have the same status as data submitted while the entity was still listed. ``(2) Protection to continue to apply.--If the privilege and confidentiality protections described in section 922 applied to patient safety work product while an entity was listed, or to data described in paragraph (1), such protections shall continue to apply to such work product or data after the entity is removed from the listing under subsection (e)(3)(A). ``(g) Disposition of Work Product and Data.--If the Secretary removes a patient safety organization from the listing as provided for in subsection (e)(3)(A), with respect to the patient safety work product or data described in subsection (f)(1) that the patient safety organization received from another entity, such former patient safety organization shall-- ``(1) with the approval of the other entity and a patient safety organization, transfer such work product or data to such patient safety organization; ``(2) return such work product or data to the entity that submitted the work product or data; or ``(3) if returning such work product or data to such entity is not practicable, destroy such work product or data. ``SEC. 925. TECHNICAL ASSISTANCE. ``The Secretary, acting through the Director, may provide technical assistance to patient safety organizations, including convening annual meetings for patient safety organizations to discuss methodology, communication, data collection, or privacy concerns. ``SEC. 926. SEVERABILITY. ``If any provision of this part is held to be unconstitutional, the remainder of this part shall not be affected.''. (b) Authorization of Appropriations.--Section 937 of the Public Health Service Act (as redesignated by subsection (a)) is amended by adding at the end the following: ``(e) Patient Safety and Quality Improvement.--For the purpose of carrying out part C, there are authorized to be appropriated such sums as may be necessary for each of the fiscal years 2006 through 2010.''. (c) GAO Study on Implementation.-- (1) Study.--The Comptroller General of the United States shall conduct a study on the effectiveness of part C of title IX of the Public Health Service Act (as added by subsection (a)) in accomplishing the purposes of such part. (2) Report.--Not later than February 1, 2010, the Comptroller General shall submit a report on the study conducted under paragraph (1). Such report shall include such recommendations for changes in such part as the Comptroller General deems appropriate. Purpose and Summary H.R. 3205 is intended to help create a ``culture of safety'' by providing peer review protections for information reported on health care errors for the purposes of quality improvement and patient safety. Background and Need for Legislation In its 1999 report, To Err Is Human, the Institute of Medicine (IOM) estimated that 44,000 to 98,000 Americans die each year as a result of medical errors; however, providers have little to no incentive to report or analyze errors to improve the quality of health care. The IOM offered several recommendations to improve patient safety and reduce medical errors, including that Congress pass legislation to extend peer review protections to data related to patient safety and quality improvement that are developed and analyzed by health care organizations for internal use or shared with others solely for the purposes of improving safety and quality. This bill is intended to encourage the reporting and analysis of medical errors and health care systems by providing peer review protection of information reported to patient safety organizations for the purposes of quality improvement and patient safety. These protections will facilitate an environment in which health care providers are able to discuss errors openly and learn from them. The protections apply to certain categories of documents and communications termed ``patient safety work product'' that are developed in connection with newly created patient safety organizations. This patient safety work product is considered privileged and, therefore, cannot be subject to disclosures in certain civil, criminal, administrative, and disciplinary proceedings or disclosed pursuant to the Freedom of Information Act. Patient safety organizations will analyze information reported from providers and disseminate information back to providers in effort to improve quality and patient safety. Providers will work with patient safety organizations to determine the causes of these errors, identify what changes need to be made to prevent these errors, and then implement these changes. These new protections do not, however, prevent a provider from complying with authorized requests for information that has been collected, developed, maintained, or exists separately from a patient safety evaluation system. Additionally, all original patient or provider records are not patient safety work product. In general, information that is available to the public today will continue to be available. The Patient Safety and Quality Improvement Act requires the Secretary of Health and Human Services (HHS) to facilitate the creation of a network of databases to analyze health care errors. Hearings On Thursday, June 9, 2005, the Subcommittee on Health held an oversight hearing entitled ``Patient Safety and Quality Initiatives.'' The subcommittee received testimony from Dr. Carolyn M. Clancy, Director, Agency for Healthcare Research and Quality; Dr. Dennis O'Leary, President, Joint Commission on Accreditation of Healthcare Organizations; Dr. F. Dean Griffen, MD, FACS, American College of Surgeons; Dr. William A. Bornstein, MD, PhD, Medical Association of Georgia; and, Dr. Jane Loewenson, Director, Health Policy, National Partnership for Women & Families. Committee Consideration On Thursday, July 14, 2005, the Subcommittee on Health met in open markup session and approved H.R. 3205 for full Committee consideration, by a voice vote, a quorum being present. On Wednesday, July 20, 2005, the full Committee met in open markup session and ordered H.R. 3205 favorably reported to the House, amended, by a voice vote, a quorum being present. Committee Votes Clause 3(b) of rule XIII of the Rules of the House of Representatives requires the Committee to list the record votes on the motion to report legislation and amendments thereto. There were no record votes taken in connection with ordering H.R. 3205 reported. A motion by Mr. Barton to order H.R. 3205 reported to the House, amended, was agreed to by a voice vote. Committee Oversight Findings Pursuant to clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the Committee has not held oversight or legislative hearings on this legislation. Statement of General Performance Goals and Objectives The goal of H.R. 3205 is to provide for a health care error reporting system that both protects information and improves patient safety and the quality of health care, and to ensure accountability by raising standards and expectation for continuous quality improvements in patient safety. New Budget Authority, Entitlement Authority, and Tax Expenditures In compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee finds that H.R. 3205, the Patient Safety and Quality Improvement Act, would result in no new or increased budget authority, entitlement authority, or tax expenditures or revenues. Committee Cost Estimate The Committee adopts as its own the cost estimate prepared by the Director of the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974. Congressional Budget Office Estimate Pursuant to clause 3(c)(3) of rule XIII of the Rules of the House of Representatives, the following is the cost estimate provided by the Congressional Budget Office pursuant to section 402 of the Congressional Budget Act of 1974: U.S. Congress, Congressional Budget Office, Washington, DC, July 27, 2005. Hon. Joe Barton, Chairman, Committee on Energy and Commerce, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 3205, the Patient Safety and Quality Improvement Act of 2005. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contact is Julia Christensen. Sincerely, Elizabeth M. Robinson (For Douglas Holtz-Eakin, Director). Enclosure. H.R. 3205--Patient Safety and Quality Improvement Act of 2005 Summary: H.R. 3205 would establish certification procedures for patient safety organizations (PSOs) and require the Secretary of Health and Human Services to maintain a list of certified PSOs. Those PSOs would collect patient safety data voluntarily submitted by health care providers for inclusion in a network of databases. The bill would require the Secretary to develop a uniform database, establish national standards for the collection and maintenance of patient safety data, and provide technical assistance to PSOs. The bill also would establish privacy protections and impose civil monetary penalties for violations of those protections. The bill would require two reports, including a report by the Government Accountability Office (GAO) on the overall effectiveness of the program and a report by the Secretary on effective strategies for increasing patient safety. CBO estimates that implementing H.R. 3205 would cost $5 million in 2006 and $58 million over the 2006-2010 period, assuming the appropriation of the necessary amounts. CBO estimates that receipts from fines for violation of the privacy protections, which are recorded as federal revenues, would amount to less than $500,000 a year. H.R. 3205 would preempt state laws that govern the disclosure of information provided to patient safety organizations. While that preemption would be an intergovernmental mandate as defined in the Unfunded Mandates Reform Act (UMRA), it would impose no requirements on states that would result in additional spending; thus, the threshold established by UMRA would not be exceeded ($62 million in 2005, adjusted annually for inflation). The bill would impose a private-sector mandate on health care providers, as defined in UMRA, by not allowing them to use the fact that an employee reported patient safety data in an adverse employment action against an employee. That mandate would not have any direct cost, however, because patient safety data as defined in the bill does not exist under current law. Estimated cost to the Federal Government: The estimated cost of H.R. 3205 is shown in the following table. The bill could also result in an increase in revenues from fines, but CBO estimates that any such increase would be less than $500,000 a year. The costs of this legislation fall within budget functions 550 (health) and 800 (general government). ------------------------------------------------------------------------ By fiscal year, in millions of dollars-- --------------------------------------- 2006 2007 2008 2009 2010 ------------------------------------------------------------------------ CHANGES IN SPENDING SUBJECT TO APPROPRIATION Estimated authorization level... 15 13 14 14 14 Estimated outlays............... 5 11 14 14 14 ------------------------------------------------------------------------ Basis of estimate Spending subject to appropriation H.R. 3205 would expand the current duties of the Agency for Healthcare Research and Quality (AHRQ). Although not specifically named, the AHRQ is the most likely agency within the Department of Health and Human Services to carry out the provisions of the bill. The new duties would include providing technical assistance to PSOs that have (or are developing) systems for reporting medical errors. AHRQ also would oversee the certification and listing of PSOs, which collect patient safety data from health care providers. (PSOs are private or public organizations that conduct activities to improve patient safety and the quality of health care delivery.) PSOs would not receive funding under this bill. In addition, the bill would require AHRQ to develop and maintain a network of databases to collect, support, and coordinate the analysis of patient safety data that is reported on a voluntary basis. Based on information from AHRQ, CBO expects that these tasks would require increased staff for providing assistance to PSOs, oversight of PSOs, and maintenance of the patient safety database. CBO estimates that the agency would need appropriations of$15 million in 2006 and about $70 million over the 2006-2010 period to carry out those responsibilities. We estimate that the agency would spend about $5 million in 2006 (primarily on the development of the patient safety database) and $58 million over the 2006-2010 period, assuming the necessary amounts are appropriated. Revenues Because those prosecuted and convicted for violation of the bill's privacy provisions could be subject to civil monetary penalties, the federal government might collect additional fines if the bill is enacted. Collections of civil fines are recorded in the budget as governmental receipts (i.e., revenues). CBO estimates that any additional receipts would be less than $500,000 a year. Estimated Impact on State, Local, and Tribal Governments: H.R. 3205 would preempt any state freedom of information law or other laws governing subpoena power or civil or administrative procedure that require the disclosure of information provided by a health care provider to a certified patient safety organization. That preemption would be an intergovernmental mandate as deemed in UMRA because it would limit the application of those state laws. The bill also would establish a number of exceptions to the preemption of state and local laws, thus narrowing the scope of the mandate. CBO estimates that this mandate would impose no requirement on states that would result in additional spending; thus, the threshold as established by UMRA would not be exceeded ($62 million in 2005, adjusted annually for inflation). Estimated Impact on the Private Sector: The bill would impose a private-sector mandate on health care providers, as deemed in UMRA, by not allowing them to use the fact that an employee reported patient safety data in an adverse employment action against the employee. This mandate would not have any direct cost, however, because patient safety data as defined in the bill does not exist under current law. Previous CBO estimate: On March 31, 2005, CBO transmitted an estimate for S. 544, the Patient Safety and Quality Improvement Act of 2005, as ordered reported by the Senate Committee on Health, Education, Labor, and Pensions. The scope of work under S. 544 is similar to H.R. 3205, and CBO's two cost estimates are nearly identical. Estimate prepared by: Federal Costs: Julia M. Christensen and Camite Williams. Impact on State, Local, and Tribal Governments: Leo Lex. Impact on the Private Sector: Peter Richmond. Estimate Approved by: Peter H. Fontaine, Deputy Assistant Director for Budget Analysis. Federal Mandates Statement The Committee adopts as its own the estimate of Federal mandates prepared by the Director of the Congressional Budget Office pursuant to section 423 of the Unfunded Mandates Reform Act. Advisory Committee Statement No advisory committees within the meaning of section 5(b) of the Federal Advisory Committee Act were created by this legislation. Constitutional Authority Statement Pursuant to clause 3(d)(1) of rule XIII of the Rules of the House of Representatives, the Committee finds that the Constitutional authority for this legislation is provided in Article I, section 8, clause 3, which grants Congress the power to regulate commerce with foreign nations, among the several States, and with the Indian tribes. Applicability to Legislative Branch The Committee finds that the legislation does not relate to the terms and conditions of employment or access to public services or accommodations within the meaning of section 102(b)(3) of the Congressional Accountability Act. Section-by-Section Analysis of the Legislation Section 1. Short title Section 1 establishes the short title as the ``Patient Safety and Quality Improvement Act of 2005.'' Section 2. Amendments to the Public Health Service Act Section 2(a) would establish a new Part C in Title IX of the Public Health Service Act to encourage a voluntary reporting system for patient safety data as set out below. Section 921. Definitions The bill would add a new section 921 to identify and define the elements of a new voluntary reporting system, including the terms ``identifiable information,'' ``non-identifiable information,'' ``patient safety activities,'' ``patient safety evaluation system,'' ``patient safety organization,'' ``patient safety work product,'' and ``provider.'' The definition of patient safety work product contains several parts,and a document or communication is patient safety work product if it falls into any of the categories in clauses (7)(A)(i)-(iii). A document may be patient safety work product for multiple reasons. For example, a patient safety organization may prepare a memorandum describing its request for further collection of information from the reporting provider. The memorandum of the patient safety organization is both a document developed by the patient safety organization and a document that would identify the deliberations of a patient safety evaluation system. A memorandum of the provider that identifies the deliberations of a patient safety evaluation system would also be patient safety work product. Paragraphs 7(B)(i) and (ii) explains documents or communications that are not included under clause (7)(A). The Committee understands that it is likely and appropriate for a provider to keep a copy of documents and possible logs of communications that are reported to the patient safety organization. Generally, such copies are also patient safety work product because they are part of the patient safety evaluation system. Such items would not be considered original provider records as set out under 7(B)(i). On the other hand, there may be documents or communications that are part of traditional health care operations or record keeping (including but not limited to medical records, billing records, guidance on procedures, physician notes, hospital policies, logs of operations, records of drug deliveries, and primary information at the time of events). Such information may be in communications or copies of documents sent to a patient safety organization. Originals or copies of such documents are both original provider records and separate information that is developed, collected, maintained or exist separately from any patient safety evaluation system. Both these original documents and ordinary information about health care operations may be relevant to a patient safety evaluation system but are not themselves patient safety work product. Once something is patient safety work product, a person may disclose such work product for a variety of purposes under subsection 922(c). Subsection 922(d) provides that, despite such a disclosure, such work product remains confidential and privileged and does not lose its status as patient safety work product. Thus, clause 921(7)(B)(ii) would not operate to change the status of the patient safety work product in this circumstance. For example, assume material otherwise meets the definition of patient safety work product. If the provider voluntarily discloses such work product to an accrediting organization under subsection 922(c)(2)(E), the privileged and confidential nature of the work product remains. On the other hand, nothing requires a provider to disclose such patient safety work product to an accrediting organization. A provider may choose to collect, develop, or maintain information separately from a patient safety evaluation system. That separate information or analysis may be similar or identical in substance or subject matter to patient safety work product. A provider may choose this route in disclosing such separate material to an accrediting organization. A similar approach would apply to material given to researchers or for patient safety activities. Information provided for research or patient safety activities may be patient safety work product or it may not be patient safety work product. There is further discussion of the term ``patient safety work product'' in the context of section 922. Section 922. Privilege and confidentiality protections New subsection 922(a) creates a privilege for patient safety work product for certain proceedings and forums. Paragraphs 922(c)(1) and (3) contain exceptions to the prohibitions in 922(a). Nothing in this legislation changes other requirements that may exist for evidence. Here are a few examples of the privilege. Assume a trial lawyer asks a provider what communications has the provider had with other parties concerning the medical procedures that took place during the month of August 2006. Communications that identify or constitute the deliberations of or analyses of, or identify the fact or reporting to, a patient safety evaluation system under 921(7)(A)(ii) are patient safety work product. Such information would not be discoverable. Communications with other parties, however, would be discoverable. Assume a trial lawyer asks what a specific practitioner understood about how a certain piece of medical equipment operated. Even if this same information was reported to a patient safety organization, such information ``exists separately'' from a patient safety evaluation system under 921(7)(B)(ii). Under such a circumstance, the provider should respond to the interrogatory but not reveal that similar or the same information was being reviewed within the context of a patient safety evaluation system. Assume an expert analysis is relevant to a legal proceeding and a patient safety organization had developed such an analysis. The fact that a patient safety organization has developed such an analysis does not mean a party could not obtain a separate analysis on the same subject matter from a different expert or prepare a separate analysis on the same subject matter in-house. Such analysis may be separate from a patient safety evaluation system both under the meaning of 921(7)(b)(ii) and under 922(h). New subsection 922(b) provides that patient safety work product shall not be disclosed except as provided for in 922(c)(1) and (2). A person may rely on any of the exceptions to justify a permissible disclosure. The same disclosure may fall under multiple exceptions. For example, patient safety work product may be provided, under appropriate circumstances, to a researcher under multiple exceptions, including but not limited to 922(c)(2)(C). There are more exceptions to 922(b) under subsection (c) than thereare to 922(a). For example, a discovery order cannot request the dates of meetings held between a patient safety organization and other parties. On the other hand, schedulers for parties may disclose dates of such individual meetings relevant to that party for ordinary purposes such as contacting other schedulers, setting out travel vouchers, or other purposes. Such disclosure could be a disclosure of patient safety work product under 922(c)(2)(H). Such a disclosure would neither assess the quality of care of an identifiable provider nor describe or pertain to one or more actions or failures to act by an identifiable provider. Subsection 922(d)(1) states that the fact of disclosure of information under one of the exceptions under subsection (c) shall not be treated as a waiver of privilege or confidentiality. Nor can such a disclosure change the privileged or confidential status of such work product. Subparagraph 922(d)(4)(A) provides that a patient safety organization shall not be compelled to disclose information collected or developed under this part whether or not such information is patient safety work product unless such information is identified, is not patient safety work product, and is not reasonably available from another source. This limitation does not apply to actions against the patient safety organization or with respect to disclosures under subsection (c)(1). The basic idea is that patient safety organizations may be collecting or developing material that is based on underlying material that is available at the provider's office or through another party. In such circumstances, discovery orders should be made to other parties and not the patient safety organization. Subsection (e) sets out protections for individuals who in good faith report information to providers, with the intent that the information is reported to a patient safety organization, or who report directly to a patient safety organization. A provider may not use the fact that an individual reported to a patient safety organization or that provider against the individual in any adverse employment action. Paragraph (f)(1) provides monetary penalties for a knowing or reckless violation of subsection (b). Subsection 922(a) is not enforceable under paragraph (f)(1) but rather should be administered in the context of the relevant proceeding. To be held liable under paragraph (f)(1) a person should at least know, or be reckless in not knowing, that the information was indeed confidential patient safety work product. Paragraph (f)(3) provides that penalties shall not be imposed under (f)(1) and pursuant to HIPAA confidentiality regulations for a single act or omission. Under paragraph (g)(3) the provisions of the HIPAA confidentiality regulations continue to apply, except as provided in subsection (i). Under paragraph (g)(4), providers, patient safety organizations, or other entities, can enter contracts that increase confidentiality or restrict the use of information for purposes of the relationship between the contracting parties, so long as the contracts do not conflict with this Act or any other laws. Parties may also, by contract, delegate the authority to make an authorized disclosure that is otherwise permissible under the Act for that person. Paragraph (g)(5) is a savings clause concerning state reporting requirements. State reporting requirements cannot require reporting of patient safety work product but can require reporting of primary medical information and other documents or communications that are not patient safety work product. Such reporting requirements may even require providers to produce reports that are similar in basic function to reports being provided to a patient safety organization. However, patient safety work product itself, as defined in this Act, remains privileged. Subsection (h) was discussed in part above. Nothing in this part prohibits any person from conducting additional analysis for any purpose regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a patient safety organization or a patient safety evaluation system. Such additional analysis is separate and not patient safety work product. Under subsection (i) a patient safety organization shall be treated as a business associate for purposes of section 264(c) of HIPAA. The patient safety activities of such organization are deemed to be health care operations of the provider. A patient safety organization can be a covered entity for other purposes, but also a business associate in its role as a patient safety organization. Subsection (j) requires the Secretary to provide a report on effective strategies for reducing medical errors and increasing patient safety. Section 923. Network of patient safety databases New section 923 requires the Secretary to facilitate the creation of, and maintain, a network of patient safety databases that provides an interactive evidence-based management resource for providers, patient safety organizations, and other entities. The Secretary may establish common formats for reporting data to and among the network of patient safety databases to enable ease of use and communication to and among the databases. The Secretary should build upon existing databases and work already done by the Office of the National Coordinator for Health Information Technology and other parts of the Department in an effort to maximize the efficiency and utility of common data collection efforts across agencies. Each database in the network shall be able to accept nonidentifiable information, aggregate all the nonidentifiable information within the network, and analyze such information. The Secretary shall make the information available to providers, patient safety organizations and the public and, if feasible, the Secretary shall also provide for implementation of a single point of access to the individual and aggregated data in the network of databases. Section 924. Certification of patient safety organizations Subsection (a) of new section 924 sets out certain requirements for initial and subsequent certifications for patient safety organizations. Paragraph (b)(1) sets out criteria a patient safety organization must meet as conditions of certification. New paragraph 924(b)(2) sets out certain additional requirements for patient safety organizations that are components of other organizations. Subsection (c) provides procedures for the review of certifications. Subsection (d) provides for the listing of certifications that have been accepted and not revoked. Subsection (e) provides for revocation procedures for certain causes. Subsection (f) maintains the confidential and privileged status of information even where a patient safety organizations listing has been revoked. Section 925. Technical assistance New section 925 states that the Secretary may provide certain technical assistance to patient safety organizations. Section 926. Severability New section 926 provides that if any provision of this part is held to be unconstitutional, the remainder of this part shall not be affected. Subsection (2)(b) of the Act would modify existing section 937 of the Public Health Service Act to authorize such sums as may be necessary for each of the fiscal years 2006-2010. Subsection (2)(c) of the Act provides for study from the General Accounting Office regarding implementation of the Act. Changes in Existing Law Made by the Bill, as Reported In compliance with clause 3(e) of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (existing law proposed to be omitted is enclosed in black brackets, new matter is printed in italic, existing law in which no change is proposed is shown in roman): PUBLIC HEALTH SERVICE ACT * * * * * * * TITLE IX--AGENCY FOR HEALTHCARE RESEARCH AND QUALITY * * * * * * * PART B--HEALTH CARE IMPROVEMENT RESEARCH * * * * * * * SEC. 912. PRIVATE-PUBLIC PARTNERSHIPS TO IMPROVE ORGANIZATION AND DELIVERY. (a) * * * * * * * * * * (c) Reducing Errors in Medicine.--The Director shall, in accordance with part C, conduct and support research and build private-public partnerships to-- (1) * * * * * * * * * * PART C--PATIENT SAFETY IMPROVEMENT SEC. 921. DEFINITIONS. In this part: (1) HIPAA confidentiality regulations.--The term ``HIPAA confidentiality regulations'' means regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033). (2) Identifiable patient safety work product.--The term ``identifiable patient safety work product'' means patient safety work product that-- (A) is presented in a form and manner that allows the identification of any provider that is a subject of the work product, or any providers that participate in activities that are a subject of the work product; (B) constitutes individually identifiable health information as that term is defined in the HIPAA confidentiality regulations; or (C) is presented in a form and manner that allows the identification of an individual who reported information in the manner specified in section 922(e). (3) Nonidentifiable patient safety work product.--The term ``nonidentifiable patient safety work product'' means patient safety work product that is not identifiable patient safety work product (as defined in paragraph (2)). (4) Patient safety organization.--The term ``patient safety organization'' means a private or public entity or component thereof that is listed by the Secretary pursuant to section 924(d). (5) Patient safety activities.--The term ``patient safety activities'' means the following activities: (A) Efforts to improve patient safety and the quality of health care delivery. (B) The collection and analysis of patient safety work product. (C) The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices. (D) The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk. (E) The maintenance of procedures to preserve confidentiality with respect to patient safety work product. (F) The provision of appropriate security measures with respect to patient safety work product. (G) The utilization of qualified staff. (H) Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system. (6) Patient safety evaluation system.--The term ``patient safety evaluation system'' means the collection, management, or analysis of information for reporting to or by a patient safety organization. (7) Patient safety work product.-- (A) In general.--Except as provided in subparagraph (B), the term ``patient safety work product'' means any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements-- (i) which-- (I) are assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization; or (II) are developed by a patient safety organization for the conduct of patient safety activities; and which could result in improved patient safety, health care quality, or health care outcomes; or (ii) which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system. (B) Clarification.-- (i) Information described in subparagraph (A) does not include a patient's medical record, billing and discharge information, or any other original patient or provider record. (ii) Information described in subparagraph (A) does not include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a patient safety organization shall not by reason of its reporting be considered patient safety work product. (iii) Nothing in this part shall be construed to limit-- (I) the discovery of or admissibility of information described in this subparagraph in a criminal, civil, or administrative proceeding; (II) the reporting of information described in this subparagraph to a Federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes; or (III) a provider's recordkeeping obligation with respect to information described in this subparagraph under Federal, State, or local law. (8) Provider.--The term ``provider'' means-- (A) an individual or entity licensed or otherwise authorized under State law to provide health care services, including-- (i) a hospital, nursing facility, comprehensive outpatient rehabilitation facility, home health agency, hospice program, renal dialysis facility, ambulatory surgical center, pharmacy, physician or health care practitioner's office, long term care facility, behavior health residential treatment facility, clinical laboratory, or health center; or (ii) a physician, physician assistant, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist, certified nurse midwife, psychologist, certified social worker, registered dietitian or nutrition professional, physical or occupational therapist, pharmacist, or other individual health care practitioner; or (B) any other individual or entity specified in regulations promulgated by the Secretary. SEC. 922. PRIVILEGE AND CONFIDENTIALITY PROTECTIONS. (a) Privilege.--Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be privileged and shall not be-- (1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider; (2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider; (3) subject to disclosure pursuant to section 552 of title 5, United States Code (commonly known as the Freedom of Information Act) or any other similar Federal, State, or local law; (4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or (5) admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law. (b) Confidentiality of Patient Safety Work Product.-- Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be confidential and shall not be disclosed. (c) Exceptions.--Except as provided in subsection (g)(3)-- (1) Exceptions from privilege and confidentiality.-- Subsections (a) and (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures: (A) Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source. (B) Disclosure of patient safety work product to the extent required to carry out subsection (f)(4)(A). (C) Disclosure of identifiable patient safety work product if authorized by each provider identified in such work product. (2) Exceptions from confidentiality.--Subsection (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures: (A) Disclosure of patient safety work product to carry out patient safety activities. (B) Disclosure of nonidentifiable patient safety work product. (C) Disclosure of patient safety work product to grantees, contractors, or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed for such purpose under the HIPAA confidentiality regulations. (D) Disclosure by a provider to the Food and Drug Administration with respect to a product or activity regulated by the Food and Drug Administration. (E) Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider. (F) Disclosures that the Secretary may determine, by rule or other means, are necessary for business operations and are consistent with the goals of this part. (G) Disclosure of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes. (H) With respect to a person other than a patient safety organization, the disclosure of patient safety work product that does not include materials that-- (i) assess the quality of care of an identifiable provider; or (ii) describe or pertain to one or more actions or failures to act by an identifiable provider. (3) Exception from privilege.--Subsection (a) shall not apply to (and shall not be construed to prohibit) voluntary disclosure of nonidentifiable patient safety work product. (d) Continued Protection of Information After Disclosure.-- (1) In general.--Patient safety work product that is disclosed under subsection (c) shall continue to be privileged and confidential as provided for in subsections (a) and (b), and such disclosure shall not be treated as a waiver of privilege or confidentiality, and the privileged and confidential nature of such work product shall also apply to such work product in the possession or control of a person to whom such work product was disclosed. (2) Exception.--Notwithstanding paragraph (1), and subject to paragraph (3)-- (A) if patient safety work product is disclosed in a criminal proceeding, the confidentiality protections provided for in subsection (b) shall no longer apply to the work product so disclosed; and (B) if patient safety work product is disclosed as provided for in subsection (c)(2)(B) (relating to disclosure of nonidentifiable patient safety work product), the privilege and confidentiality protections provided for in subsections (a) and (b) shall no longer apply to such work product. (3) Construction.--Paragraph (2) shall not be construed as terminating or limiting the privilege or confidentiality protections provided for in subsection (a) or (b) with respect to patient safety work product other than the specific patient safety work product disclosed as provided for in subsection (c). (4) Limitations on actions.-- (A) Patient safety organizations.-- (i) In general.--A patient safety organization shall not be compelled to disclose information collected or developed under this part whether or not such information is patient safety work product unless such information is identified, is not patient safety work product, and is not reasonably available from another source. (ii) Nonapplication.--The limitation contained in clause (i) shall not apply in an action against a patient safety organization or with respect to disclosures pursuant to subsection (c)(1). (B) Providers.--An accrediting body shall not take an accrediting action against a provider based on the good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety work product in accordance with this part. An accrediting body may not require a provider to reveal its communications with any patient safety organization established in accordance with this part. (e) Reporter Protection.-- (1) In general.--A provider may not take an adverse employment action, as described in paragraph (2), against an individual based upon the fact that the individual in good faith reported information-- (A) to the provider with the intention of having the information reported to a patient safety organization; or (B) directly to a patient safety organization. (2) Adverse employment action.--For purposes of this subsection, an ``adverse employment action'' includes-- (A) loss of employment, the failure to promote an individual, or the failure to provide any other employment-related benefit for which the individual would otherwise be eligible; or (B) an adverse evaluation or decision made in relation to accreditation, certification, credentialing, or licensing of the individual. (f) Enforcement.-- (1) Civil monetary penalty.--Subject to paragraphs (2) and (3), a person who discloses identifiable patient safety work product in knowing or reckless violation of subsection (b) shall be subject to a civil monetary penalty of not more than $10,000 for each act constituting such violation. (2) Procedure.--The provisions of section 1128A of the Social Security Act, other than subsections (a) and (b) and the first sentence of subsection (c)(1), shall apply to civil money penalties under this subsection in the same manner as such provisions apply to a penalty or proceeding under section 1128A of the Social Security Act. (3) Relation to hipaa.--Penalties shall not be imposed both under this subsection and under the regulations issued pursuant to section 264(c)(1) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note) for a single act or omission. (4) Equitable relief.-- (A) In general.--Without limiting remedies available to other parties, a civil action may be brought by any aggrieved individual to enjoin any act or practice that violates subsection (e) and to obtain other appropriate equitable relief (including reinstatement, back pay, and restoration of benefits) to redress such violation. (B) Against state employees.--An entity that is a State or an agency of a State government may not assert the privilege described in subsection (a) unless before the time of the assertion, the entity or, in the case of and with respect to an agency, the State has consented to be subject to an action described in subparagraph (A), and that consent has remained in effect. (g) Rule of Construction.--Nothing in this section shall be construed-- (1) to limit the application of other Federal, State, or local laws that provide greater privilege or confidentiality protections than the privilege and confidentiality protections provided for in this section; (2) to limit, alter, or affect the requirements of Federal, State, or local law pertaining to information that is not privileged or confidential under this section; (3) except as provided in subsection (i), to alter or affect the implementation of any provision of the HIPAA confidentiality regulations or section 1176 of the Social Security Act (or regulations promulgated under such section); (4) to limit the authority of any provider, patient safety organization, or other entity to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this section; (5) as preempting or otherwise affecting any State law requiring a provider to report information that is not patient safety work product; or (6) to limit, alter, or affect any requirement for reporting to the Food and Drug Administration information regarding the safety of a product or activity regulated by the Food and Drug Administration. (h) Clarification.--Nothing in this part prohibits any person from conducting additional analysis for any purpose regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a patient safety organization or a patient safety evaluation system. (i) Clarification of Application of HIPAA Confidentiality Regulations to Patient Safety Organizations.--For purposes of applying the HIPAA confidentiality regulations-- (1) patient safety organizations shall be treated as business associates; and (2) patient safety activities of such organizations in relation to a provider are deemed to be health care operations (as defined in such regulations) of the provider. (j) Reports on Strategies To Improve Patient Safety.-- (1) Draft report.--Not later than the date that is 18 months after any network of patient safety databases is operational, the Secretary, in consultation with the Director, shall prepare a draft report on effective strategies for reducing medical errors and increasing patient safety. The draft report shall include any measure determined appropriate by the Secretary to encourage the appropriate use of such strategies, including use in any federally funded programs. The Secretary shall make the draft report available for public comment and submit the draft report to the Institute of Medicine for review. (2) Final report.--Not later than 1 year after the date described in paragraph (1), the Secretary shall submit a final report to the Congress. SEC. 923. NETWORK OF PATIENT SAFETY DATABASES. (a) In General.--The Secretary shall facilitate the creation of, and maintain, a network of patient safety databases that provides an interactive evidence-based management resource for providers, patient safety organizations, and other entities. The network of databases shall have the capacity to accept, aggregate across the network, and analyze nonidentifiable patient safety work product voluntarily reported by patient safety organizations, providers, or other entities. The Secretary shall assess the feasibility of providing for a single point of access to the network for qualified researchers for information aggregated across the network and, if feasible, provide for implementation. (b) Data Standards.--The Secretary may determine common formats for the reporting to and among the network of patient safety databases maintained under subsection (a) of nonidentifiable patient safety work product, including necessary work product elements, common and consistent definitions, and a standardized computer interface for the processing of such work product. To the extent practicable, such standards shall be consistent with the administrative simplification provisions of part C of title XI of the Social Security Act. (c) Use of Information.--Information reported to and among the network of patient safety databases under subsection (a) shall be used to analyze national and regional statistics, including trends and patterns of health care errors. The information resulting from such analyses shall be made available to the public and included in the annual quality reports prepared under section 913(b)(2). SEC. 924. PATIENT SAFETY ORGANIZATION CERTIFICATION AND LISTING. (a) Certification.-- (1) Initial certification.--An entity that seeks to be a patient safety organization shall submit an initial certification to the Secretary that the entity-- (A) has policies and procedures in place to perform each of the patient safety activities described in section 921(5); and (B) upon being listed under subsection (d), will comply with the criteria described in subsection (b). (2) Subsequent certifications.--An entity that is a patient safety organization shall submit every 3 years after the date of its initial listing under subsection (d) a subsequent certification to the Secretary that the entity-- (A) is performing each of the patient safety activities described in section 921(5); and (B) is complying with the criteria described in subsection (b). (b) Criteria.-- (1) In general.--The following are criteria for the initial and subsequent certification of an entity as a patient safety organization: (A) The mission and primary activity of the entity are to conduct activities that are to improve patient safety and the quality of health care delivery. (B) The entity has appropriately qualified staff (whether directly or through contract), including licensed or certified medical professionals. (C) The entity, within each 24-month period that begins after the date of the initial listing under subsection (d), has bona fide contracts, each of a reasonable period of time, with more than 1 provider for the purpose of receiving and reviewing patient safety work product. (D) The entity is not, and is not a component of, a health insurance issuer (as defined in section 2791(b)(2)). (E) The entity shall fully disclose-- (i) any financial, reporting, or contractual relationship between the entity and any provider that contracts with the entity; and (ii) if applicable, the fact that the entity is not managed, controlled, and operated independently from any provider that contracts with the entity. (F) To the extent practical and appropriate, the entity collects patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers. (G) The utilization of patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk. (2) Additional criteria for component organizations.--If an entity that seeks to be a patient safety organization is a component of another organization, the following are additional criteria for the initial and subsequent certification of the entity as a patient safety organization: (A) The entity maintains patient safety work product separately from the rest of the organization, and establishes appropriate security measures to maintain the confidentiality of the patient safety work product. (B) The entity does not make an unauthorized disclosure under this part of patient safety work product to the rest of the organization in breach of confidentiality. (C) The mission of the entity does not create a conflict of interest with the rest of the organization. (c) Review of Certification.-- (1) In general.-- (A) Initial certification.--Upon the submission by an entity of an initial certification under subsection (a)(1), the Secretary shall determine if the certification meets the requirements of subparagraphs (A) and (B) of such subsection. (B) Subsequent certification.--Upon the submission by an entity of a subsequent certification under subsection (a)(2), the Secretary shall review the certification with respect to requirements of subparagraphs (A) and (B) of such subsection. (2) Notice of acceptance or non-acceptance.--If the Secretary determines that-- (A) an entity's initial certification meets requirements referred to in paragraph (1)(A), the Secretary shall notify the entity of the acceptance of such certification; or (B) an entity's initial certification does not meet such requirements, the Secretary shall notify the entity that such certification is not accepted and the reasons therefor. (3) Disclosures regarding relationship to providers.--The Secretary shall consider any disclosures under subsection (b)(1)(E) by an entity and shall make public findings on whether the entity can fairly and accurately perform the patient safety activities of a patient safety organization. The Secretary shall take those findings into consideration in determining whether to accept the entity's initial certification and any subsequent certification submitted under subsection (a) and, based on those findings, may deny, condition, or revoke acceptance of the entity's certification. (d) Listing.--The Secretary shall compile and maintain a listing of entities with respect to which there is an acceptance of a certification pursuant to subsection (c)(2)(A) that has not been revoked under subsection (e) or voluntarily relinquished. (e) Revocation of Acceptance of Certification.-- (1) In general.--If, after notice of deficiency, an opportunity for a hearing, and a reasonable opportunity for correction, the Secretary determines that a patient safety organization does not meet the certification requirements under subsection (a)(2), including subparagraphs (A) and (B) of such subsection, the Secretary shall revoke the Secretary's acceptance of the certification of such organization. (2) Supplying confirmation of notification to providers.--Within 15 days of a revocation under paragraph (1), a patient safety organization shall submit to the Secretary a confirmation that the organization has taken all reasonable actions to notify each provider whose patient safety work product is collected or analyzed by the organization of such revocation. (3) Publication of decision.--If the Secretary revokes the certification of an organization under paragraph (1), the Secretary shall-- (A) remove the organization from the listing maintained under subsection (d); and (B) publish notice of the revocation in the Federal Register. (f) Status of Data After Removal From Listing.-- (1) New data.--With respect to the privilege and confidentiality protections described in section 922, data submitted to an entity within 30 days after the entity is removed from the listing under subsection (e)(3)(A) shall have the same status as data submitted while the entity was still listed. (2) Protection to continue to apply.--If the privilege and confidentiality protections described in section 922 applied to patient safety work product while an entity was listed, or to data described in paragraph (1), such protections shall continue to apply to such work product or data after the entity is removed from the listing under subsection (e)(3)(A). (g) Disposition of Work Product and Data.--If the Secretary removes a patient safety organization from the listing as provided for in subsection (e)(3)(A), with respect to the patient safety work product or data described in subsection (f)(1) that the patient safety organization received from another entity, such former patient safety organization shall-- (1) with the approval of the other entity and a patient safety organization, transfer such work product or data to such patient safety organization; (2) return such work product or data to the entity that submitted the work product or data; or (3) if returning such work product or data to such entity is not practicable, destroy such work product or data. SEC. 925. TECHNICAL ASSISTANCE. The Secretary, acting through the Director, may provide technical assistance to patient safety organizations, including convening annual meetings for patient safety organizations to discuss methodology, communication, data collection, or privacy concerns. SEC. 926. SEVERABILITY. If any provision of this part is held to be unconstitutional, the remainder of this part shall not be affected. PART [C] D--GENERAL PROVISIONS SEC. [921] 931. ADVISORY COUNCIL FOR HEALTHCARE RESEARCH AND QUALITY. (a) * * * * * * * * * * SEC. [922] 932. PEER REVIEW WITH RESPECT TO GRANTS AND CONTRACTS. (a) * * * * * * * * * * SEC. [923] 933. CERTAIN PROVISIONS WITH RESPECT TO DEVELOPMENT, COLLECTION, AND DISSEMINATION OF DATA. (a) * * * * * * * * * * SEC. [924] 934. DISSEMINATION OF INFORMATION. (a) * * * * * * * * * * SEC. [925] 935. ADDITIONAL PROVISIONS WITH RESPECT TO GRANTS AND CONTRACTS. (a) * * * * * * * * * * SEC. [926] 936. CERTAIN ADMINISTRATIVE AUTHORITIES. (a) * * * * * * * * * * SEC. [927] 937. FUNDING. (a) * * * * * * * * * * (e) Patient Safety and Quality Improvement.--For the purpose of carrying out part C, there are authorized to be appropriated such sums as may be necessary for each of the fiscal years 2006 through 2010. SEC. [928] 938. DEFINITIONS. In this title: (1) Advisory council.--The term ``Advisory Council'' means the National Advisory Council on Healthcare Research and Quality established under section [921] 931. * * * * * * *