Report text available as:

  • TXT
  • PDF   (PDF provides a complete and accurate display of this text.) Tip ?

107th Congress                                            Rept. 107-714
                        HOUSE OF REPRESENTATIVES
 2d Session                                                      Part 1

======================================================================



 
                 PATIENT SAFETY IMPROVEMENT ACT OF 2002

                                _______
                                

                October 1, 2002.--Ordered to be printed

                                _______
                                

    Mr. Thomas, from the Committee on Ways and Means, submitted the 
                               following

                              R E P O R T

                        [To accompany H.R. 4889]

      [Including cost estimate of the Congressional Budget Office]

  The Committee on Ways and Means, to whom was referred the 
bill (H.R. 4889) to amend title XI of the Social Security Act 
to improve patient safety, having considered the same, report 
favorably thereon with an amendment and recommend that the bill 
as amended do pass.

                                CONTENTS

                                                                   Page
 I. Introduction......................................................9
        A. Purpose and Summary...................................     9
        B. Legislative History...................................    10
II. Explanation of Provisions........................................11
        A. Analysis of Legislation and Comparison With Present 
            Law..................................................    11
            a. Section 1, Short Title, Table of Contents.........    11
            b. Section 2, Patient Safety Improvements............    11
            c. Section 3, Medical Information Technology Advisory 
                Board............................................    16
III.Votes of the Committee...........................................18

IV. Budget Effects of the Bill.......................................19
        A. Committee Estimate of Budgetary Effects...............    19
        B. Statement Regarding New Budget Authority and Tax 
            Expenditures.........................................    19
        C. Cost Estimate Prepared by the Congressional Budget 
            Office...............................................    19
 V. Other Matters To Be Discussed Under the Rules of the House.......22
        A. Committee Oversight Findings and Recommendations......    22
        B. Constitutional Authority Statement....................    22
        C. Information Relating to Unfunded Mandates.............    22
        D. Summary of General Performance Goals and Objectives...    22
VI. Changes in Existing Law Made by the Bill as Reported.............23

  The amendment is as follows:
  Strike all after the enacting clause and insert the 
following:

SECTION 1. SHORT TITLE; TABLE OF CONTENTS.

  (a) Short Title.--This Act may be cited as the ``Patient Safety 
Improvement Act of 2002''.
  (b) Table of Contents.--The table of contents of this Act is as 
follows:

Sec. 1. Short title; table of contents.
Sec. 2. Patient safety improvements.

                 ``Part D--Patient Safety Improvements

        ``Sec. 1181. Voluntary reporting of patient safety data; 
                        definitions.
        ``Sec. 1182. Confidentiality and peer review protections.
        ``Sec. 1183. Center for Quality Improvement and Patient Safety.
        ``Sec. 1184. Interoperability standards for health care 
                        information technology systems.
        ``Sec. 1185. Voluntary adoption of methods to improve patient 
                        safety.
        ``Sec. 1186. Evaluation and report.
Sec. 3. Medical Information Technology Advisory Board.

SEC. 2. PATIENT SAFETY IMPROVEMENTS.

  Title XI of the Social Security Act is amended by adding at the end 
the following new part:

                 ``Part D--Patient Safety Improvements

       ``voluntary reporting of patient safety data; definitions
  ``Sec. 1181. (a) Collection and Voluntary Reporting of Patient Safety 
Data.--In order to improve patient safety and the quality of health 
care delivery, a health care provider (as defined in subsection (d)) 
may voluntarily collect and develop patient safety data (as defined in 
subsection (e)) and report such data to one or more patient safety 
organizations (as defined in subsection (f)) in a manner that is 
confidential and privileged (as described in section 1182).
  ``(b) Use of Patient Safety Data by Patient Safety Organizations.--
Patient safety organizations shall analyze the patient safety data 
reported and develop (and report back to health care providers) 
information to improve patient safety and the quality of health care 
delivery and shall submit non-identifiable information derived from 
such data in a uniform manner to the Center for Quality Improvement and 
Patient Safety (for inclusion in the Patient Safety Database, if 
applicable). Such non-identifiable information may be disclosed and 
shared with other patient safety organizations. Identifiable patient 
safety data may be disclosed to other patient safety organizations with 
the explicit authorization for each such disclosure by the reporting 
provider involved.
  ``(c) Functions of Center.--The Center for Quality Improvement and 
Patient Safety conducts patient safety activities consistent with 
section 1183.
  ``(d) Health Care Providers Covered.--For purposes of this part, the 
term `health care provider' means--
          ``(1) a provider of services (as defined in section 1861(u) 
        and including a hospital, skilled nursing facility, home health 
        agency, and hospice program) that provides services for which 
        payment may be made under part A of title XVIII and the 
        provider's employees;
          ``(2) a health care entity or individual that furnishes 
        medical or other health services (as defined in section 
        1861(s)), other services described in section 1832(a)(2), or 
        other items and services for which payment may be made under 
        such title, including a physician (as defined in section 
        1861(r)); and
          ``(3) an organization offering a plan under part C of title 
        XVIII.
  ``(e) Patient Safety Data Covered.--
          ``(1) In general.--For purposes of this part, the term 
        `patient safety data' means any data, reports, records, 
        memoranda, analyses, deliberative work, statements, or root 
        cause analyses that are collected or developed to improve 
        patient safety or health care quality and that--
                  ``(A) are collected or developed by a health care 
                provider for the purpose of reporting to a patient 
                safety organization and that are reported on a timely 
                basis to such an organization;
                  ``(B) are collected or developed by a patient safety 
                organization or by (or on behalf of) the Center for 
                Quality Improvement and Patient Safety, regardless of 
                whether the data are transmitted to the health care 
                provider that reported the original data; or
                  ``(C) describes corrective actions taken by a health 
                care provider in response to the provider's reporting 
                of data to that organization, regardless of whether the 
                organization has transmitted under subsection (f)(2) 
                information to the health care provider that reported 
                the original data, and that are reported on a timely 
                basis to such an organization.
          ``(2) Construction regarding use of data.--
                  ``(A) Internal use permitted to improve patient 
                safety, quality, and efficiency.--Nothing in this part 
                shall be construed to limit or discourage a health care 
                provider from developing and using patient safety data 
                within the provider to improve patient safety, health 
                care quality, or administrative efficiency of the 
                provider.
                  ``(B) Treatment.--Information that is collected or 
                developed as patient safety data is not disqualified 
                from being treated as patient safety data because of 
                its development or use for the purposes described in 
                subparagraph (A) and such development or use shall not 
                constitute a waiver of any privilege or protection 
                established under section 1182 or under State law.
  ``(f) Qualifications of Patient Safety Organizations.--
          ``(1) In general.--For purposes of this part, the term 
        `patient safety organization' means a private or public 
        organization that conducts activities to improve patient safety 
        and the quality of health care delivery by assisting health 
        care providers that report to such organizations and that has 
        been certified by the Secretary as--
                  ``(A) performing each of the activities described in 
                paragraph (2); and
                  ``(B) meets the other requirements of paragraphs (3) 
                through (5).
          ``(2) Activities described.--The activities referred to in 
        paragraph (1)(A) are the following:
                  ``(A) The collection and analysis of patient safety 
                data that are voluntarily reported by more than one 
                health care provider on a local, regional, State, or 
                national basis.
                  ``(B) The development and dissemination of 
                information to health care providers and other patient 
                safety organizations with respect to improving patient 
                safety, such as recommendations, protocols, or 
                information regarding best practices.
                  ``(C) The utilization of patient safety data to carry 
                out activities under this paragraph to improve patient 
                safety and to provide assistance to health care 
                providers to minimize patient risk.
          ``(3) Conduct of activities.--In conducting activities under 
        paragraph (2), a patient safety organization shall--
                  ``(A) maintain confidentiality with respect to 
                individually identifiable health information;
                  ``(B) submit non-identifiable information to the 
                Center for Quality Improvement and Patient Safety in a 
                format established by the Secretary; and
                  ``(C) maintain appropriate security measures with 
                respect to patient safety data.
          ``(4) Organization requirements.--The requirements of this 
        paragraph for an organization are that--
                  ``(A) the organization is managed, controlled, and 
                operated independently from health care providers which 
                report patient safety data to it under this part;
                  ``(B) if the organization no longer qualifies as a 
                patient safety organization, with respect to any 
                patient safety data that it received from a health care 
                provider, the organization shall do one of the 
                following:
                          ``(i) with the approval of the provider and 
                        another patient safety organization, transfer 
                        such data to such other organization;
                          ``(ii) if practicable, return the data to the 
                        provider; or
                          ``(iii) destroy the patient safety data;
                  ``(C) if the organization charges a fee for the 
                activities it performs with respect to health care 
                providers, the fee shall be uniform among all classes 
                or types of health care providers (taking into account 
                the size of the health care provider);
                  ``(D) the organization seeks to collect data from 
                health care providers in a standardized manner that 
                permits valid comparisons of similar cases among 
                similar health care providers; and
                  ``(E) the organization meets such other requirements 
                as the Secretary may by regulation require.
        For purposes of subparagraph (A), an organization is controlled 
        by a health care provider if the provider is able to 
        significantly influence or direct the actions or policies of 
        the organization.
          ``(5) Limitation on use of patient safety data by patient 
        safety organizations.--A patient safety organization may not 
        use patient safety data reported by a health care provider in 
        accordance with this part to take regulatory or enforcement 
        actions it otherwise performs (or is responsible for 
        performing) in relation to such provider.
          ``(6) Technical assistance.--The Secretary may provide 
        technical assistance to patient safety organizations in 
        providing recommendations and advice to health care providers 
        reporting patient safety data under this part. Such assistance 
        shall include advice with respect to methodology, 
        communication, dissemination of information, data collection, 
        security, and confidentiality concerns.
  ``(g) Construction.--Nothing in this part shall be construed to limit 
or discourage the reporting of information relating to patient safety 
within a health care provider.
             ``confidentiality and peer review protections
  ``Sec. 1182. (a) In General.--Notwithstanding any other provision of 
law, patient safety data shall be privileged and confidential in 
accordance with this section.
  ``(b) Scope of Privilege.--Subject to the succeeding provisions of 
this section, such data shall not be--
          ``(1) subject to a civil or administrative subpoena;
          ``(2) subject to discovery in connection with a civil or 
        administrative proceeding;
          ``(3) disclosed pursuant to section 552 of title 5, United 
        States Code (commonly known as the Freedom of Information Act) 
        or any other similar Federal or State law; or
          ``(4) admitted as evidence or otherwise disclosed in any 
        civil or administrative proceeding.
  ``(c) Clarification of Scope.--The privilege established by this 
section with respect to patient safety data described in section 
1181(e)(1)(A) shall apply to information, such as records of a 
patient's medical diagnosis and treatment, other primary health care 
information, and other information, to the extent that such information 
was collected or developed for the purpose specified in such section 
and is reported in accordance with such section. Such privilege shall 
not apply to information merely by reason of its inclusion, or the fact 
of its submission, in a report under such section. Information 
available from sources other than a report made under such section may 
be discovered or admitted in a civil or administrative proceeding, if 
discoverable or admissible under applicable state law.
  ``(d) Information Not Subject to Privilege.--The privilege 
established by this section shall not apply to one or more of the 
following:
          ``(1) Medical records and other primary health records.--
        Records of a patient's medical diagnosis and treatment and 
        other primary health records of a health care provider. Such 
        privilege shall not apply to such information by reason of its 
        inclusion within patient safety data.
          ``(2) FDA.--Relevant information disclosed by a health care 
        provider or patient safety organization to the Food and Drug 
        Administration, or to a person that is subject to the 
        jurisdiction of such Administration, with respect to an 
        Administration-regulated product or activity for which that 
        entity has responsibility, for the purposes of activities 
        related to quality, safety, or effectiveness of such 
        Administration-regulated product or activity, subject to 
        section 520(c) of the Federal Food, Drug, and Cosmetic Act.
          ``(3) Non-identifiable information used by database.--Non-
        identifiable information from a patient safety organization to 
        the Patient Safety Database and the further disclosure of such 
        data by the Center for Quality Improvement and Patient Safety.
  ``(e) Reporter Protection.--
          ``(1) In general.--A health care provider may not use against 
        an individual in an adverse employment action described in 
        paragraph (2) the fact that the individual in good faith 
        reported--
                  ``(A) to the provider with the intention of having it 
                reported to a patient safety organization, or
                  ``(B) directly to a patient safety organization,
        information that would constitute patient safety data under 
        section 1181(e)(1)(A) if the provider were to have submitted it 
        on a timely basis to a patient safety organization in 
        accordance with such section.
          ``(2) Adverse employment action.--For purposes of this 
        subsection, an `adverse employment action' includes--
                  ``(A) the failure to promote an individual or provide 
                any other employment-related benefit for which the 
                individual would otherwise be eligible;
                  ``(B) an evaluation or decision made in relation to 
                accreditation, certification, credentialing or 
                licensing of the individual; and
                  ``(C) a personnel action that is adverse to the 
                individual concerned.
          ``(3) Remedies.--The provisions of the first sentence of 
        section 1128A(a) shall apply with respect to a health care 
        provider's violation of paragraph (1) in the same manner as 
        they apply to an act referred to in section 1128A(a)(7).
  ``(f) Penalty.--It is unlawful for any person to disclose any patient 
safety data in violation of the provisions of this section. Any person 
violating such provisions shall subject to the same sanctions under 
section 1160(c) (relating to, upon conviction, a fine of not more than 
$1,000, imprisonment for not more than 6 months, or both, per 
disclosure and payment of the costs of prosecution) as a person who 
discloses any information described in section 1160(a).
  ``(g) Rules of Construction.--
          ``(1) No limitation of other privileges.--Subject to 
        paragraph (2), nothing in this section shall be construed as 
        affecting other privileges that are available under Federal or 
        State laws that provide greater peer review or confidentiality 
        protections than the peer review and confidentiality 
        protections provided for in this section.
          ``(2) No effect on state mandatory reporting requirements.--
        Nothing in this part shall be construed as preempting or 
        otherwise affecting any State law mandatory reporting 
        requirement for health care providers.
  ``(h) Application of Privacy Regulations.--For purposes of applying 
the regulations promulgated pursuant to section 264(c) of the Health 
Insurance Portability and Accountability Act of 1996 (Public Law 104-
191; 110 Stat. 2033)--
          ``(1) patient safety organizations shall be treated as 
        business associates;
          ``(2) activities of such organizations described in section 
        1181(f)(2)(A) in relation to a health care provider are deemed 
        to be health care operations of the provider; and
          ``(3) the disclosure of identifiable information under the 
        voluntary program under this part by such an organization shall 
        be treated as necessary for the proper management and 
        administration of the organization.
Nothing in this section shall be construed to alter or affect the 
implementation of such regulation or such section 264(c).
  ``(i) Waivers.--Nothing in this part shall be construed as precluding 
a health care provider from waiving the privilege or confidentiality 
protections under this section. Disclosure of patient safety data under 
subsection (d)(2) shall not constitute a waiver of any privilege or 
protection established under this section or under State law.
  ``(j) Continuation of Privilege.--Patient safety data of an 
organization that is certified as a patient safety organization shall 
continue to be privileged and confidential, in accordance with this 
section, if the organization's certification is terminated or revoked 
or if the organization otherwise ceases to qualify as a patient safety 
organization until the data are otherwise disposed of in accordance 
with section 1181(f)(4).
  ``(k) Survey and Report.-- --
          ``(1) Survey.--The Comptroller General of the United States 
        shall conduct a survey of State laws that relate to patient 
        safety data peer review systems, including laws that establish 
        an evidentiary privilege applicable to data developed in such 
        systems, and shall review the manner in which such laws have 
        been interpreted by the courts and the effectiveness of such 
        laws in promoting patient safety.
          ``(2) Report.--Not later than 9 months after the date of 
        enactment of this section, the Comptroller General shall 
        prepare and submit to Congress a report concerning the results 
        of the survey conducted under paragraph (1).
          ``center for quality improvement and patient safety
  ``Sec. 1183. (a) In General.--The Secretary, acting through the 
Director of the Agency for Healthcare Research and Quality, shall 
ensure that the Center for Quality Improvement and Patient Safety (in 
this section referred to as the `Center') supports public and private 
sector initiatives to improve patient safety for items and services 
furnished through health care providers.
  ``(b) Duties.--
          ``(1) In general.--The Secretary, acting through the 
        Director, shall ensure that the Center carries out the 
        following duties:
                  ``(A) Provide for the certification and 
                recertification of patient safety organizations in 
                accordance subsection (d).
                  ``(B) Collect and disseminate information related to 
                patient safety.
                  ``(C) Establish a Patient Safety Database to collect, 
                support, and coordinate the analysis of non-
                identifiable information submitted to the Database in 
                accordance with subsection (e).
                  ``(D) Facilitate the development of consensus among 
                health care providers, patients, and other interested 
                parties concerning patient safety and recommendations 
                to improve patient safety.
                  ``(E) Provide technical assistance to States that 
                have (or are developing) medical errors reporting 
                systems, assist States in developing standardized 
                methods for data collection, and collect data from 
                State reporting systems for inclusion in the Patient 
                Safety Database.
          ``(2) Consultation.--In carrying out the duties under 
        paragraph (1) (including the establishment of the Database), 
        the Secretary shall consult with and develop partnerships, as 
        appropriate, with health care organizations, health care 
        providers, public and private sector entities, patient safety 
        organizations, health care consumers, and other relevant 
        experts to improve patient safety.
  ``(c) Certification and Recertification Process.--
          ``(1) In general.--The initial certification and 
        recertification of a patient safety organization under 
        subsection (b)(1)(A) shall be made under a process that is 
        approved by the Secretary and is consistent with criteria 
        published by the Secretary.
          ``(2) Revocation.--Such a certification or recertification 
        may be revoked by the Secretary upon a showing of cause 
        (including the disclosure of data in violation of section 
        1182).
          ``(3) Termination.--Such a certification provided for a 
        patient safety organization shall terminate (subject to 
        recertification) on the earlier of--
                  ``(A) the date that is 3 years after the date on 
                which such certification was provided; or
                  ``(B) the date on which the Secretary revokes the 
                certification.
  ``(d) Implementation and Consultation.--In carrying out subsection 
(c)(1), the Secretary shall--
          ``(1) facilitate the development of patient safety goals and 
        track the progress made in meeting those goals; and
          ``(2) ensure that data submitted by a patient safety 
        organization to the Patient Safety Database, as provided for 
        under subsection (e), are comparable and useful for research 
        and analysis and that the research findings and patient safety 
        alerts that result from such analyses are presented in clear 
        and consistent formats that enhance the usefulness of such 
        alerts.
  ``(e) Patient Safety Database.--
          ``(1) In general.--The Secretary, acting through the 
        Director, shall--
                  ``(A) establish a Patient Safety Database to collect 
                non-identifiable information concerning patient safety 
                that is reported on a voluntary basis; and
                  ``(B) establish common formats for the voluntary 
                reporting of data under subparagraph (A), including the 
                establishment of necessary data elements, common and 
                consistent definitions, and a standardized computer 
                interface for the processing of such data.
          ``(2) Database.--In carrying out this subsection, the 
        Secretary--
                  ``(A) shall establish and modify as necessary 
                criteria to determine the organizations that may 
                voluntarily contribute to, and the data that comprises, 
                the Patient Safety Database;
                  ``(B) shall ensure that the Patient Safety Database 
                is only used by qualified entities or individuals as 
                determined appropriate by the Secretary in accordance 
                with criteria applied by the Secretary; and
                  ``(C) may enter into contracts for the administration 
                of the Database with private and public entities with 
                experience in the administration of similar databases.
          ``(3) Non-identifiable information.--For purposes of this 
        part, the term `non-identifiable information' means information 
        that is presented in a form and manner that prevents the 
        identification of any health care provider, patient, and the 
        reporter of the information.
  ``(f) Authorization of Appropriations.--There are authorized to be 
appropriated such sums as may be necessary for each fiscal year to 
carry out this section.
  ``interoperability standards for health care information technology 
                                systems
  ``Sec. 1184. (a) In General.--By not later than 2 years after the 
date of the enactment of this part, the Secretary shall develop or 
adopt (and shall periodically review and update) voluntary, national 
standards that promote the interoperability of health care information 
technology systems across all health care settings. In promulgating 
regulations to carry out this section, the Secretary shall take into 
account the cost that meeting such standards would have on providing 
health care in the United States and the increased efficiencies in 
providing such care achieved under the standards.
  ``(b) Consultation and Coordination.--The Secretary shall develop and 
update such standards in consultation with (and with coordination 
between)--
          ``(1) the National Committee for Vital and Health Statistics, 
        and
          ``(2) the Medical Information Technology Advisory Board 
        (established under section 3 of the Patient Safety Improvement 
        Act of 2002).
  ``(c) Dissemination.--The Secretary shall provide for the 
dissemination of the standards developed and updated under this 
section.
  ``(d) Authorization of Appropriations.--There are authorized to be 
appropriated such sums as may be necessary for each fiscal year to 
carry out this section.
       ``voluntary adoption of methods to improve patient safety
  ``Sec. 1185. The Secretary shall encourage health care providers to 
adopt appropriate evidence-based methods to improve patient safety. 
Such methods shall not constitute national practice guidelines.
                        ``evaluation and report
  ``Sec. 1186. (a) Evaluation.--The Comptroller General of the United 
States shall conduct a comprehensive evaluation of the implementation 
of this part. Such evaluation shall include an examination of the 
following:
          ``(1) The health care providers that reported patient safety 
        data under this part and the patient safety organizations to 
        which they reported the information.
          ``(2) What types of events were so reported on.
          ``(3) The usefulness of the analyses, information, and 
        recommendations provided by patient safety organizations in 
        response to such reported information.
          ``(4) The response of health care providers to such analyses, 
        information, and recommendations, including a survey of 
        providers to obtain estimates of the percentage of providers by 
        category who have adopted specific error-reduction methods and, 
        if applicable, reasons for not adopting specific practices.
          ``(5) The effectiveness of the program under this part in 
        reducing medical errors.
  ``(b) Report.--Not later than 5 years after the date the provisions 
of this part are first implemented, the Comptroller General shall 
submit to Congress a report on the evaluation conducted under 
subsection (a).''.

SEC. 3. MEDICAL INFORMATION TECHNOLOGY ADVISORY BOARD.

  (a) Establishment.--
          (1) In general.--Not later than 3 months after the date of 
        the enactment of this Act, the Secretary of Health and Human 
        Services (in this section referred to as the ``Secretary'') 
        shall appoint an advisory board to be known as the ``Medical 
        Information Technology Advisory Board'' (in this section 
        referred to as the ``MITAB'').
          (2) Chairman.--The Secretary shall designate one member as 
        chairman. The chairman shall be an individual affiliated with 
        an organization having expertise creating American National 
        Standards Institute (ANSI) accepted standards in health care 
        information technology and a member of the National Committee 
        for Vital and Health Statistics.
  (b) Composition.--
          (1) In general.--The MITAB shall consist of not more than 17 
        members that include--
                  (A) experts from the fields of medical information, 
                information technology, medical continuous quality 
                improvement, medical records security and privacy, 
                individual and institutional health care clinical 
                providers, health researchers, and health care 
                purchasers;
                  (B) one or more staff experts from each of the 
                following: the Centers for Medicare & Medicaid 
                Services, the Agency for Healthcare Research and 
                Quality, and the Institute of Medicine of the National 
                Academy of Sciences;
                  (C) representatives of private organizations with 
                expertise in medical infomatics;
                  (D) a representative of a teaching hospital; and
                  (E) one or more representatives of the health care 
                information technology industry.
          (2) Terms of appointment.--The term of any appointment under 
        paragraph (1) to the MITAB shall be for the life of the MITAB.
          (3) Meetings.--The MITAB shall meet at the call of its 
        chairman or a majority of its members.
          (4) Vacancies.--A vacancy on the MITAB shall be filled in the 
        same manner in which the original appointment was made not 
        later than 30 days after the MITAB is given notice of the 
        vacancy and shall not affect the power of the remaining members 
        to execute the duties of the MITAB.
          (5) Compensation.--Members of the MITAB shall receive no 
        additional pay, allowances, or benefits by reason of their 
        service on the MITAB.
          (6) Expenses.--Each member of the MITAB shall receive travel 
        expenses and per diem in lieu of subsistence in accordance with 
        sections 5702 and 5703 of title 5, United States Code.
  (c) Duties.--
          (1) In general.--The MITAB shall on an ongoing basis advise, 
        and make recommendations to, the Secretary regarding medical 
        information technology, including the following:
                  (A) The best current practices in medical information 
                technology.
                  (B) Methods for the adoption (not later than 2 years 
                after the date of the enactment of this section) of a 
                uniform health care information system interface 
                between and among old and new computer systems.
                  (C) Recommendations for health care vocabulary, 
                messaging, and other technology standards (including a 
                common lexicon for computer technology) necessary to 
                achieve the interoperability of health care information 
                systems for the purposes described in subparagraph (E).
                  (D) Methods of implementing--
                          (i) health care information technology 
                        interoperability standardization; and
                          (ii) records security.
                  (E) Methods to promote information exchange among 
                health care providers so that long-term compatibility 
                among information systems is maximized, in order to do 
                one or more of the following:
                          (i) To maximize positive outcomes in clinical 
                        care--
                                  (I) by providing decision support for 
                                diagnosis and care; and
                                  (II) by assisting in the emergency 
                                treatment of a patient presenting at a 
                                facility where there is no medical 
                                record for the patient.
                          (ii) To contribute to (and be consistent 
                        with) the development of the patient assessment 
                        instrument provided for under section 545 of 
                        the Medicare, Medicaid, and SCHIP Benefits 
                        Improvement and Protection Act of 2000, and to 
                        assist in minimizing the need for new and 
                        different records as patients move from 
                        provider to provider.
                          (iii) To reduce or eliminate the need for 
                        redundant records, paperwork, and the 
                        repetitive taking of patient histories and 
                        administering of tests.
                          (iv) To minimize medical errors, such as 
                        administration of contraindicated drugs.
                          (v) To provide a compatible information 
                        technology architecture that facilitates future 
                        quality and cost-saving needs and that avoids 
                        the financing and development of information 
                        technology systems that are not readily 
                        compatible.
          (2) Reports.--
                  (A) Initial report.--No later than 18 months after 
                the date of the enactment of this Act, the MITAB shall 
                submit to Congress and the Secretary an initial report 
                concerning the matters described in paragraph (1). The 
                report shall include--
                          (i) the practices described in paragraph 
                        (1)(A), including the status of health care 
                        information technology standards being 
                        developed by private sector and public-private 
                        groups;
                          (ii) recommendations for accelerating the 
                        development of common health care terminology 
                        standards;
                          (iii) recommendations for completing 
                        development of health care information system 
                        messaging standards; and
                          (iv) progress toward meeting the deadline 
                        described in paragraph (1)(B) for adoption of 
                        methods described in such paragraph.
                  (B) Subsequent reports.--During each of the 2 years 
                after the year in which the report is submitted under 
                subparagraph (A), the MITAB shall submit to Congress 
                and the Secretary an annual report relating to 
                additional recommendations, best practices, results of 
                information technology improvements, analyses of 
                private sector efforts to implement the 
                interoperability standards established in section 1184 
                of the Social Security Act, and such other matters as 
                may help ensure the most rapid dissemination of best 
                practices in health care information technology.
  (d) Staff and Support Services.--
          (1) Executive director.--
                  (A) Appointment.--The Chairman shall appoint an 
                executive director of the MITAB.
                  (B) Compensation.--The executive director shall be 
                paid the rate of basic pay for level V of the Executive 
                Schedule.
          (2) Staff.--With the approval of the MITAB, the executive 
        director may appoint such personnel as the executive director 
        considers appropriate.
          (3) Applicability of civil service laws.--The staff of the 
        MITAB shall be appointed without regard to the provisions of 
        title 5, United States Code, governing appointments in the 
        competitive service, and shall be paid without regard to the 
        provisions of chapter 51 and subchapter III of chapter 53 of 
        such title (relating to classification and General Schedule pay 
        rates).
          (4) Experts and consultants.--With the approval of the MITAB, 
        the executive director may procure temporary and intermittent 
        services under section 3109(b) of title 5, United States Code.
  (e) Powers.--
          (1) Hearings and other activities.--For the purpose of 
        carrying out its duties, the MITAB may hold such hearings and 
        undertake such other activities as the MITAB determines to be 
        necessary to carry out its duties.
          (2) Detail of federal employees.--Upon the request of the 
        MITAB, the head of any Federal agency is authorized to detail, 
        without reimbursement, any of the personnel of such agency to 
        the MITAB to assist the MITAB in carrying out its duties. Any 
        such detail shall not interrupt or otherwise affect the civil 
        service status or privileges of the Federal employee.
          (3) Technical assistance.--Upon the request of the MITAB, the 
        head of a Federal agency shall provide such technical 
        assistance to the MITAB as the MITAB determines to be necessary 
        to carry out its duties.
          (4) Obtaining information.--The MITAB may secure directly 
        from any Federal agency information necessary to enable it to 
        carry out its duties, if the information may be disclosed under 
        section 552 of title 5, United States Code. Upon request of the 
        Chairman of the MITAB, the head of such agency shall furnish 
        such information to the MITAB.
  (f) Termination.--The MITAB shall terminate 30 days after the date of 
submission of its final report under subsection (c)(2)(B).
  (g) Applicability of FACA.--The provisions of the Federal Advisory 
Committee Act (5 U.S.C. App.) shall apply to the MITAB.
  (h) Authorization of Appropriations.--There are authorized to be 
appropriated to the Secretary of Health and Human Services such sums as 
are necessary to carry out this section.

                            I. INTRODUCTION


                         A. Purpose and Summary


                                PURPOSE

    More than three years ago, the Institute of Medicine (IOM) 
reported that preventable medical errors are the eighth leading 
cause of death in America--ahead of breast cancer, AIDS, and 
traffic deaths. Up to 100,000 patients die in hospitals each 
year as a result of preventable mistakes. The number of injured 
is far greater.
    A recent report by Auburn University analyzed data from 36 
hospitals and nursing homes in Colorado and Georgia over an 81-
day period and found medication errors in about 20 percent of 
the doses administered in a ``typical'' 300-bed facility; 
researchers considered seven percent of the errors 
``potentially harmful.''
    Not only can avoidable patient errors result in poorer 
health outcomes--the most dramatic being death--they often 
drive up health costs by requiring expensive medical 
interventions to correct the subsequent medical problems. For 
example, adverse drug events (ADEs) and interactions in 
hospitals are prevalent and costly, yet could be dramatically 
reduced by adopting technology to reduce prescribing errors.
    According to the Pittsburgh Regional Healthcare Initiative, 
medication errors result in $3,500 to $4,000 in additional 
costs per incident. According to estimates from Cardinal 
Health, Inc., there were more than 625,000 preventable ADEs in 
hospitals in 2000 at a cost of $2.9 billion. The IOM also 
estimates that medical errors cost the economy about $38 
billion each year, of which $17 billion is the result of 
preventable errors.
    These unacceptable financial costs are borne by providers, 
individuals, insurers and employers and public programs such as 
Medicare.
    The purpose of the bill is to provide for the improvement 
of patient safety and to reduce the incidence of events that 
adversely affect health outcomes. Specifically, this act will 
encourage a culture of safety by providing for the legal 
protection of information reported voluntarily for the purposes 
of quality improvement and the reduction of medical errors.

                         B. Legislative History

    In the 106th Congress, the Subcommittee on Health held a 
hearing on the prevalence and nature of medical errors on 
February 10, 2002. During the 107th Congress, the Subcommittee 
on Health held a hearing on March 7, 2002 (107-76), on 
improving health quality by reducing the incidence and 
prevalence of medical errors. At that hearing, a number of 
experts testified to the Committee. Specifically, Dr. James 
Bagian, Director, National Center for Patient Safety, 
Department of Veterans Affairs, testified the VA has adopted a 
successful reporting system that has improved patient safety. 
Also, Dr. Karen Wolk Feinstein, Chair of the Pittsburgh 
Regional Healthcare Initiative, testified as to the 
Initiative's success in implementing an ambitious zero 
tolerance policy for medical errors and how a voluntary, 
confidential reporting system will help reduce medical errors 
by promoting a culture of safety.
    Academic expert Donald M. Berwick, the President and CEO of 
the Institute for Healthcare Improvement testified limited 
reporter protections and new information technology standards 
will promote better clinical outcomes, and the adoption of 
computerized physician order entry technology for electronic 
prescribing is critical to reduce avoidable medication errors. 
Dr. Matthew Alan Miller from Danbury Hospital (Connecticut), 
testified on behalf of the American Hospital Association on 
their perspectives to improve health outcomes and patient 
safety. Dr. Miller testified additional resources should be 
added to Medicare to encourage the purchase of information 
technology. Lastly, Mary Foley, President of the American 
Nurses Association, focused her testimony on mandatory overtime 
and dangerous working conditions in health facilities that lead 
to medical errors.
    The information gained from that hearing led to the 
introduction of H.R. 4889, the ``Patient Safety Improvement Act 
of 2002,'' that would provide incentives to report error 
information and glean knowledge about medical mistakes and 
system failures in order to reduce medical errors.
    On September 10, 2002, the Subcommittee on Health held a 
legislative hearing on the draft substitute amendment to H.R. 
4889. At the hearing Health and Human Services Secretary Tommy 
Thompson expressed the Administration's strong support for H.R. 
4889. Testifying with Secretary Thompson was Carolyn Clancy, 
Acting Director of the Agency for Healthcare Research and 
Quality, which is the primary federal agency responsible for 
quality improvement and patient safety. In addition, letters of 
support from Secretary Thompson, Treasury Secretary Paul 
O'Neil, Centers for Medicare and Medicaid Services 
Administrator Tom Scully and Director Clancy for H.R. 4889 were 
presented at the hearing.
    Dr. Lucian Leape of Harvard University testified that error 
reporting for all but the most serious events should be 
voluntary and confidential and that certain changes needed to 
be made in the underlying bill prior to his support. Those 
changes were made. It is important to note that Dr. Leape was 
one of the authors of the 1999 Institute of Medicine report.
    Michael B. Wood, President and Chief Executive Officer of 
the Mayo Foundation, testified on behalf of the Healthcare 
Leadership Council. He stated that reporting systems should be 
voluntary and confidential, and that the Secretary should 
develop standards for the interoperability of health 
information technology in order to reduce medical mistakes and 
improve health outcomes.
    Ken Segel, Director of the Pittsburgh Regional Healthcare 
Initiative, testified that mandatory reporting should not be 
pursued prior to a voluntary, confidential and cooperative 
approach had been tested. In addition, Herbert Pardes, 
President of New York-Presbyterian, and Chief Executive Officer 
of the New York-Presbyterian Healthcare System testified that 
the interoperability and Advisory Board provisions of H.R. 4889 
are critical to promoting the adoption of information 
technology to reduce medical errors. Lastly, the Committee 
heard from Jill Rosenthal who is a Project Manager at the 
National Academy for State Health Policy and who encouraged the 
Committee to protect state laws in this area and provide 
support for current and future efforts.
    On September 12, 2002, the Subcommittee on Health ordered 
favorably reported to the full Committee H.R. 4889, the 
``Patient Safety Improvement Act of 2002,'' on a voice vote 
with a quorum present.
    On September 18, 2002, the Full Committee on Ways and Means 
ordered favorably reported H.R. 4889, the ``Patient Safety 
Improvement Act,'' as amended, by a recorded vote of 33 to 4.

                     II. EXPLANATION OF PROVISIONS


       A. Analysis of Legislation and Comparison With Present Law


Section 1. Short title; table of contents

    Current Law. No provision.
    Explanation of Provision. The legislation would be cited as 
the Patient Safety Improvement Act of 2002 and would amend 
Title XI of the Social Security Act by adding Part D--Patient 
Safety Improvements--with six new sections (Sections 1181-
1186). A Medical Information Technology Advisory Board would 
also be established.
    Reason for Change. Not applicable.
    Effective Date. Upon enactment.

Section 2. Patient safety improvements

    Current Law. No statutory provisions. The Institute of 
Medicine's (IOM) 1999 report, To Err is Human, focused 
attention on the problem of preventable medical errors and the 
need for systematic steps to reduce their incidence to enhance 
patient safety. Among other proposals, IOM recommended that 
Congress create a Center for Patient Safety within the Agency 
for Healthcare Research and Quality (then called the Agency for 
Health Care Policy and Research) to promote knowledge and 
prevention of medical errors, set national goals for patient 
safety, fund patient safety research, evaluate methods for 
identifying and preventing medical errors, disseminate 
information on effective safety practices, and issue an annual 
report to the President and Congress on patient safety. The IOM 
recommended two systems for identifying and learning from 
medical errors. First, they recommended a nationwide, mandatory 
reporting system for serious adverse events such as death. The 
IOM also recommended a voluntary reporting system for less 
serious errors, or for situations that could be prevented. The 
Committee has addressed the later recommendation, based on the 
advice of numerous experts, academicians and providers. In 
addition, the IOM recommended that the Center for Patient 
Safety encourage the development of voluntary reporting systems 
and outlined various actions that could be undertaken. 
Furthermore, IOM recommended that Congress pass legislation to 
extend peer review protections to information collected under 
such voluntary systems. While existing law often shields data 
about errors within a given institution, the IOM report noted 
that this protection may be lost if the information is 
transmitted elsewhere, even to a voluntary reporting system 
serving as the backbone of a collaborative effort to reduce 
medical errors.
    Explanation of Provision. The provision would establish a 
new Part D in Title XI of the Social Security Act to encourage 
a voluntary reporting system for patient safety data.
    A new Section 1181 would be added that would permit a 
health care provider to voluntarily collect, develop and report 
patient safety data to a patient safety organization in a 
manner that is confidential and privileged. Patient safety 
organizations would analyze the reported data, report back to 
providers information to improve patient safety, and submit 
non-identifiable information to the Center for Quality 
Improvement and Patient Safety for inclusion in the Patient 
Safety Database. Patient safety organizations would be 
permitted to share non-identifiable information, but the 
disclosure of identifiable information from one such 
organization to another would require for each disclosure the 
explicit authorization of the provider who initially reported 
the information, and the information could only be shared for 
purposes consistent with the Act.
    In this legislation, a health care provider would mean: (1) 
facilities and their employees that provide services under 
Medicare Part A; (2) a health care entity or individual 
(including a physician) who furnishes Medicare Part B services; 
and (3) an organization offering a Medicare+Choice plan.
    Patient safety data would mean any data, reports, records, 
memoranda, analyses, deliberative work, statements, or root 
cause analyses that are collected or developed to improve 
patient safety or health care quality. That would include 
patient safety data collected or developed by a provider to 
report to a patient safety organization on a timely basis, as 
well as data collected or developed by a patient safety 
organization or by or on behalf of the Center for Quality 
Improvement and Patient Safety, regardless of whether the data 
are transmitted back to the health care provider that supplied 
the information originally. Patient safety data would also 
encompass descriptions of corrective actions taken by providers 
in response to the provider's reporting of data to a patient 
safety organization (on a timely basis to such an 
organization), regardless of whether the organization has 
provided feedback to the provider. To further knowledge, 
providers would have to report the corrective actions to the 
patient safety organization. Nothing in the bill should be 
construed as limiting a provider's ability to waive the 
privilege or confidentiality protections established by the 
legislation.
    A patient safety organization (PSO) would mean a private or 
public organization that conducts activities to improve patient 
safety and health care quality by assisting health care 
entities that report to them. Such entities must meet certain 
requirements and be certified by the Secretary. Activities 
performed by the PSO would include: (1) the collection and 
analysis of patient safety data that are voluntarily reported 
by more than one provider on a local, state, regional, or 
national basis; (2) the development of and dissemination to 
providers and other patient safety organizations information 
such as recommendations, protocols, and best practice data; and 
(3) the utilization of patient safety data to help providers 
minimize patient risk. Patient safety organizations would be 
required to ensure the confidentiality of individually 
identifiable health information, submit non-identifiable 
information to the Center for Quality Improvement and Patient 
Safety, if applicable, in a format established by the 
Secretary, and maintain appropriate data security measures.
    Such organizations would also be required: (1) to be 
managed, controlled (i.e. the provider is able to significantly 
influence or direct its actions or policies), and operated 
independently from providers that report data to it; (2) to 
collect data from providers in a standardized manner to 
facilitate comparisons of similar cases across similar 
providers; and (3) to meet other requirements specified by the 
Secretary. An entity that no longer qualified as a patient 
safety organization would be required to destroy its patient 
safety data, return (if practicable) the data to the reporting 
providers, or transfer data to another patient safety 
organization with the approval of the provider and that 
organization. Patient safety organizations that charge fees for 
their activities would be required to impose a uniform fee 
across all types and classes of providers, taking into account 
the size of the health care provider. A patient safety 
organization could not use data reported by a provider to take 
regulatory or enforcement actions it otherwise performs in 
relation to the provider, though the Committee does not intend 
for this to interfere with established oversight and regulatory 
activities. The Secretary would be able to give technical 
assistance to patient safety organizations in providing 
recommendations and advice to providers on methodology, 
communication, data collection, dissemination of information, 
security and confidentiality concerns. Nothing in this part 
would be construed to limit or discourage reporting patient 
safety data within a health care provider.
    A new Section 1182 would designate patient safety data as 
privileged and confidential. That designation would apply to 
information, such as medical records and other primary health 
care information, to the extent it was collected and developed 
for the purpose of improving patient safety and health care 
quality, and reported to a patient safety organization on a 
timely basis. Such privilege would not apply to information 
merely by reason of its inclusion in reported patient safety 
data. Information available from sources other than a report 
made under such section may be discovered or admitted in a 
civil or administrative proceeding, if discoverable or 
admissible under applicable state law. With some limitations 
under this new privilege, patient safety data would not be 
subject to: (1) a civil or administrative subpoena; (2) 
discovery in connection with a civil or administrative 
proceeding; (3) disclosure pursuant to a Freedom of Information 
Act request; or (4) admission as evidence or disclosure in any 
civil or administrative proceeding.
    The privilege established by this section would not apply 
to: (1) Records of a patient's medical diagnosis and treatment 
and other primary health records of a health care provider; (2) 
information disclosed by a provider or patient safety 
organization of data to the Food and Drug Administration (FDA), 
or to a person subject to FDA jurisdiction, regarding an FDA-
regulated product or activity; and (3) disclosures of non-
identifiable information from a patient safety organization to 
the Patient Safety Database and the further disclosure of such 
information by the Center for Quality Improvement and Patient 
Safety. Disclosures in violation of the provisions of this 
section would be unlawful. Persons found in violation would be 
subject to the same penalties as those relating to 
inappropriate disclosures made by peer review organizations 
under the Medicare program, which provide for fines of up to 
$1,000 per disclosure, up to six months in prison, or both, and 
payment of the costs of prosecution. A health care provider 
would not be permitted to take an adverse employment action, 
including actions related to licensing or credentialing, 
against an individual who reported patient safety data to a 
patient safety organization. A health care provider who does 
undertake such retaliation may be subject to civil monetary 
penalties up to $50,000 in the same manner they are applied in 
the Social Security Act relating to illegal kickbacks.
    Nothing in this part would be construed as preempting or 
otherwise affecting any state mandatory reporting requirements 
for health care providers. Consistent with protecting state 
mandatory reporting requirements, nothing shall be construed as 
affecting other privileges that are available under Federal or 
State laws that provide greater peer review protection than the 
peer review and confidentiality protections provided under this 
bill.
    The health information privacy provisions in the Health 
Insurance Portability and Accountability Act (HIPAA) of 1996 
and related implementing regulations would not be affected by 
this legislation. Disclosure of individually identifiable 
health information under this bill would fall under the same 
confidentiality protections required by the HIPAA 
confidentiality rule as any other disclosure of individually 
identifiable health information (e.g. providers would be 
subject to the Rule's minimum necessary requirements). The 
Committee believes it is unnecessary for providers to report, 
and PSOs to collect, patient safety data that includes a 
patient's name or Social Security number. Patient safety 
organizations would be treated as business associates under 
HIPAA's privacy rule.
    Permissible disclosures to FDA under these provisions would 
not waive any privilege established by this legislation or 
under State law. Patient safety data of an organization that 
loses its certification as a patient safety organization would 
continue to be privileged and confidential until returned to 
the providers that supplied the data, transferred to another 
patient safety organization, or otherwise destroyed.
    The GAO would be required to conduct a survey of State laws 
regarding patient safety peer review systems, evidentiary 
privilege applicable to data developed in such systems, court 
interpretations of such laws, and the effectiveness of such 
laws in promoting patient safety. The GAO would be required to 
submit a report on this subject to Congress within nine months 
of enactment.
    Under Section 1183, the Secretary, through the existing 
Center for Quality Improvement and Patient Safety in the Agency 
for Healthcare Research and Quality, would be required to: (1) 
provide for the certification and recertification of patient 
safety organizations; (2) collect and disseminate information 
related to patient safety; (3) establish a Patient Safety 
Database to collect, support and coordinate the analysis of 
non-identifiable information submitted to the database; and (4) 
facilitate the development of consensus among providers and 
interested parties concerning patient safety and related 
recommendations. The Secretary, acting through the director of 
the Agency for Healthcare Research and Quality would be 
required to consult with and develop appropriate partnerships 
with health care organizations, providers, public and private 
sector entities, patient safety organizations, health care 
consumers and other relevant experts.
    The Secretary would certify patient safety organizations 
under a process consistent with published criteria. The 
Secretary would be able to revoke such certification upon a 
showing of cause, including the inappropriate disclosure of 
patient safety data. Certification would terminate, subject to 
recertification, upon three years from the date of 
certification or upon revocation. In carrying out these 
responsibilities, the Secretary would be required to facilitate 
the development of patient safety goals, track progress in 
meeting these goals, ensure that data submitted by a patient 
safety organization to the Patient Safety Database are 
comparable and useful for research and analysis, and ensure 
that research findings and patient safety alerts are presented 
in clear and consistent formats.
    The Secretary, acting through the Center, would: (1) 
establish a Patient Safety Database to collect voluntarily 
reported, non-identifiable information concerning patient 
safety; and (2) establish common formats for PSOs reporting 
data to the Patient Safety Database. The Secretary would also 
be required to establish criteria to determine the 
organizations and individuals that may voluntarily contribute 
to, and the data that comprises, the Patient Safety Database, 
and to ensure that the database is only used by qualified 
entities and individuals. The Secretary would also be permitted 
to enter into contracts with private and public entities to 
administer the database. Non-identifiable information would 
mean information that is presented in a form that precludes the 
identification of any provider, patient, or reporter of the 
information. There would be authorized to be appropriated such 
sums as may be necessary for each fiscal year to carry out this 
section.
    A new Section 1184 would require the Secretary within two 
years of enactment to develop or adopt (and periodically review 
and update) voluntary, national standards that promote the 
interoperability of health care information technology systems 
across all health care settings. The Secretary must take into 
account the costs to the health care system and any 
efficiencies that accrue as a result of the adoption of these 
standards. These standards would be developed in consultation 
with the National Committee for Vital and Health Statistics, 
and the Medical Information Technology Advisory Board 
(established under Section 3). The Secretary would be required 
to disseminate these standards. The Secretary is encouraged to 
use existing demonstration authority to test standards across 
health settings. In doing so, the Secretary should consult with 
the Medical Information Technology Advisory Board established 
under Section 3. There would be authorized to be appropriated 
such sums as may be necessary for each fiscal year to carry out 
this section.
    A new Section 1185 would require the Secretary to encourage 
providers to adopt appropriate evidence-based methods to 
improve patient safety. These methods would not constitute 
national practice guidelines.
    A new Section 1186 would require GAO to conduct a 
comprehensive evaluation of the implementation of Sections 
1181-1185 and report to Congress within five years of 
enactment. Such an evaluation would include: (1) an examination 
of the health care providers who reported patient safety data 
and the patient safety organizations to which they reported the 
information; (2) what types of events were reported; (3) the 
usefulness of the analyses, information, and recommendations 
provided by the patient safety organizations in response to 
such reported data; (4) the response of providers to such 
analysis, information, and recommendations, including a survey 
of providers to determine the percentage of providers by 
category that have adopted specific error reduction methods and 
the reasons, if applicable, for not adopting such methods; and 
(5) the effectiveness of these efforts in reducing medical 
errors. The Committee intends for this report to be a thorough 
and vigorous review of the new system including its utility and 
effectiveness.
    Reason for Change. According to the IOM, nearly 100,000 
patients die in hospitals each year as a result of preventable 
mistakes. The number of injured is far greater. The Committee 
believes these provisions, taken together, will reduce 
preventable medical errors and improve quality. In addition, 
the Committee believes the development and promulgation of 
voluntary interoperability standards by HHS will promote 
efficiency and quality of health care delivery, while helping 
to reduce costs, to the extent such standards are adopted by 
health care systems.
    Effective Date. Upon enactment.

Section 3. Medical Information Technology Advisory Board

    Current Law. No provision.
    Explanation of Provision. Within three months of enactment, 
the Secretary would be required to appoint the Medical 
Information Technology Advisory Board (MITAB) and designate a 
chairman. The chairman would be required to be affiliated with 
an organization having expertise in creating American National 
Standards Institute (ANSI) standards governing health care 
information technology and to be a member of the National 
Committee for Vital and Health Statistics. The MITAB would 
consist of no more than 17 members that include: (1) experts 
from the fields of medical information, information technology, 
medical continuous quality improvement, medical records 
security and privacy, individual and institutional clinical 
providers, health researchers, and health care purchasers; (2) 
one or more staff experts from the Centers for Medicare and 
Medicaid Services, the Agency for Healthcare Research and 
Quality, and the Institute of Medicine of the National Academy 
of Sciences; (3) representatives of private organizations with 
expertise in medical infomatics; (4) a representative of a 
teaching hospital; and (5) one or more representatives of the 
health care information technology industry. Individuals would 
be appointed for the life of the MITAB, with any vacancy filled 
in the same manner in which the original appointment was made. 
The new appointment would be made no later than 30 days after 
the MITAB is given notice of the vacancy. Such a vacancy would 
not affect the ability of the remaining members to perform the 
duties of the MITAB.
    The MITAB would meet at the call of its Chairman or a 
majority of its members. MITAB members would receive no 
additional pay, allowances, or benefits stemming from their 
service on the board, but would receive travel expenses and per 
diem in lieu of subsistence as directed by Sections 5702 and 
5703 of Title 5 of the United States Code (USC). The Chairman 
would appoint an executive director of the MITAB who would be 
paid at level V of the Executive Schedule. With the approval of 
the MITAB, the director would be able to appoint appropriate 
personnel without regard to the provisions of Title 5 USC 
governing appointments in the competitive services or those 
relating to job classification and pay rates. The MITAB 
director would also be able to procure temporary and 
intermittent services under Section 3109(b) of Title 5 USC. 
Upon the request of MITAB, the head of any Federal agency would 
be able to detail, without reimbursement, any personnel of that 
agency to MITAB. The detail would not interrupt or affect the 
civil service status of the Federal employee.
    MITAB would be able to hold hearings and undertake other 
activities as necessary to carry out its duties. If requested 
by MITAB, a Federal agency would be required to provide 
technical assistance to the MITAB as deemed necessary. At the 
request of the MITAB chairman, the MITAB would be able to 
secure directly from any Federal agency information necessary 
to carry out its duties, if the information may be disclosed 
under the Freedom of Information Act (Section 552 of Title 5 
USC). The Federal Advisory Committee Act (FACA) applies to the 
MITAB.
    MITAB would advise, and make recommendations to, the 
Secretary regarding medical information technology, including: 
(1) best practices in medical information technology; (2) 
methods of implementing health care information technology 
interoperability standards, and records security; (3) a 
recommendation for a common lexicon for computer technology; 
and (4) and adoption within two years of a uniform health 
information system interface between old and new systems. MITAB 
would also be required to make recommendations on methods to 
promote information exchange to enhance compatibility among 
information systems in order to: (1) maximize positive outcomes 
in clinical care by providing decision support for diagnosis 
and care, and assisting in the emergency treatment of a patient 
at a facility where there is no medical record of the patient; 
(2) contribute to the development of a patient assessment 
instrument that minimizes the need for different records when 
patients move from provider to provider; (3) reduce redundant 
paperwork; (4) minimize medical errors; and (5) contribute to 
compatible information technology architecture.
    MITAB would be required within 18 months of enactment to 
submit to Congress and the Secretary an initial report of its 
deliberations and recommendations. Subsequent annual reports 
would be due in each of the following two years after the 
initial report is submitted.
    MITAB would terminate 30 days after the date of submission 
of its final report. The provision provides such sums as 
necessary for the operations of MITAB.
    Reason for Change. The Committee believes an advisory board 
on medical technology will promote the adoption of better, more 
efficient and effective health information technology systems. 
These systems will help health care providers reduce errors by 
making patient information more readily available, and 
promoting quality by providing expert advice to HHS on the 
adoption of interoperability standards and through promotion of 
information technology.
    Effective Date. Upon enactment.

                      III. VOTES OF THE COMMITTEE

    In compliance with clause 3(b) of rule XIII of the Rules of 
the House of Representatives, the following statements are made 
concerning the votes of the Committee on Ways and Means in its 
consideration of the bill, H.R. 4889.

                       MOTION TO REPORT THE BILL

    The bill, H.R. 4889, as amended, was ordered favorably 
reported by a roll call vote of 33 yeas to 4 nays (with a 
quorum being present). The vote was as follows:

----------------------------------------------------------------------------------------------------------------
        Representatives             Yea       Nay     Present     Representative      Yea       Nay     Present
----------------------------------------------------------------------------------------------------------------
Mr. Thomas.....................        X   ........  .........  Mr. Rangel.......  ........  ........  .........
Mr. Crane......................        X   ........  .........  Mr. Stark........        X   ........  .........
Mr. Shaw.......................        X   ........  .........  Mr. Matsui.......        X   ........  .........
Mrs. Johnson...................        X   ........  .........  Mr. Coyne........        X   ........  .........
Mr. Houghton...................  ........  ........  .........  Mr. Levin........        X   ........  .........
Mr. Herger.....................  ........  ........  .........  Mr. Cardin.......  ........  ........  .........
Mr. McCrery....................        X   ........  .........  Mr. McDermott....  ........        X   .........
Mr. Camp.......................        X   ........  .........  Mr. Kleczka......  ........        X   .........
Mr. Ramstad....................        X   ........  .........  Mr. Lewis (GA....  ........        X   .........
Mr. Nussle.....................        X   ........  .........  Mr. Neal.........        X   ........  .........
Mr. Johnson....................        X   ........  .........  Mr. McNulty......        X   ........  .........
Ms. Dunn.......................        X   ........  .........  Mr. Jefferson....        X   ........  .........
Mr. Collins....................        X   ........  .........  Mr. Tanner.......        X   ........  .........
Mr. Portman....................        X   ........  .........  Mr. Becerra......        X   ........  .........
Mr. English....................        X   ........  .........  Mrs. Thurman.....        X   ........  .........
Mr. Watkins....................        X   ........  .........  Mr. Doggett......  ........        X   .........
Mr. Hayworth...................        X   ........  .........  Mr. Pomeroy......        X   ........  .........
Mr. Weller.....................        X   ........  .........
Mr. Hulshof....................        X   ........  .........
Mr. McInnis....................        X   ........  .........
Mr. Lewis (KY).................        X   ........  .........
Mr. Foley......................        X   ........  .........
Mr. Brady......................        X   ........  .........
Mr. Ryan.......................        X   ........  .........
----------------------------------------------------------------------------------------------------------------

                     IV. BUDGET EFFECTS OF THE BILL


               A. Committee Estimate of Budgetary Effects

    In compliance with clause 3(c)(3) of rule XIII of the Rules 
of the House of Representatives, the following statement is 
made:
    The Committee agrees with the estimate prepared by the 
Congressional Budget Office (CBO), which is included below.

    B. Statement Regarding New Budget Authority and Tax Expenditures

    In compliance with clause 3(c)(2) of rule XIII of the Rules 
of the House of Representatives, the Committee states the bill 
will increase direct spending and government receipts by less 
than $500,000 annually.

      C. Cost Estimate Prepared by the Congressional Budget Office

    In compliance with clause 3(c)(3) of rule XIII of the Rules 
of the House of Representatives requiring a cost estimate 
prepared by the Congressional Budget Office, the following 
report prepared by CBO is provided.

                                     U.S. Congress,
                               Congressional Budget Office,
                                Washington, DC, September 26, 2002.
Hon. William ``Bill'' M. Thomas,
Chairman, Committee on Ways and Means,
House of Representatives, Washington, DC.
    Dear Mr. Chairman: The Congressional Budget Office has 
prepared the enclosed cost estimate for H.R. 4889, the Patient 
Safety Improvement Act of 2002.
    If you wish further details on this estimate, we will be 
pleased to provide them. The CBO staff contacts are Chris 
Topoleski and Margaret Nowak.
            Sincerely,
                                           Steven Lieberman
                                    (For Dan L. Crippen, Director).
    Enclosure.

H.R. 4889--Patient Safety Improvement Act 2002

    Summary: H.R. 4889 would expand the duties of the Center 
for Quality Improvement and Patient Safety (CQuIPS) within the 
Agency for Healthcare Research and Quality (AHRQ). CQuIPS would 
establish credentialing procedures for patient safety 
organizations (PSOs), which collect patient safety data 
voluntarily submitted by health care providers for including in 
a patient safety database. The bill also would establish 
privacy protections and impose fines and civil monetary 
penalties for violations of those protections.
    In addition H.R. 4889 would establish the Medical 
Information Technology Advisory Board (MITAB, which would 
provide advice and recommendations on the compatibility of 
medical information technologies. The bill would require the 
Secretary of Health and Human Services, with the National 
Committee for Vital and Health Statistics and the MITAB, to 
develop voluntary national standards for uniform reporting of 
health care information.
    CBO estimates that implementing H.R. 4889 would cost $6 
million in 2003 and $58 million over the 2003-2007 period, 
assuming the appropriation of the necessary amounts. CBO 
estimates that receipts from fines for violation of the privacy 
protections would amount to less than $500,000 a year. Because 
the legislation would affect receipts and direct spending, pay-
as-you-go procedures would apply.
    H.R. 4889 would preempt any state freedom-of-information 
law that would require the disclosure of information provided 
by a health care provider to a certified patient safety 
organization. This preemption would be an intergovernmental 
mandate as defined in the Unfunded Mandates Reform Act (UMRA) 
because it would limit the application of such state laws. CBO 
estimates that this mandate would impose no requirement on 
states that would result in additional spending; thus, the 
threshold established by UMRA ($58 million in 2002, adjusted 
annually for inflation) would not be exceeded.
    H.R. 4889 contains no private-sector mandates as defined in 
UMRA.
    Estimated cost to the Federal Government: The estimated 
budgetary impact of H.R. 4889 is shown in the following table. 
The costs of this legislation fall within budget function 550 
(health).

----------------------------------------------------------------------------------------------------------------
                                                                  By fiscal year, in millions of dollars--
                                                           -----------------------------------------------------
                                                              2002     2003     2004     2005     2006     2007
----------------------------------------------------------------------------------------------------------------
                                  CHANGES IN SPENDING SUBJECT TO APPROPRIATION

Estimated Authorization Level.............................        0       12       14       15       13       13
Estimated Outlays.........................................        0        6       11       14       14       13

                                               CHANGES IN REVENUES

Estimated Revenues........................................        0        *        *        *        *        *

                                           CHANGES IN DIRECT SPENDING

Estimated Budget Authority................................        0        *        *        *        *        *
Estimated Outlays.........................................        0        *        *        *        *        *
----------------------------------------------------------------------------------------------------------------
Note.--* = Less than $500,000.

Basis of estimate

            Spending subject to appropriation
    H.R. 4889 would expand the current duties of CQuIPS. The 
new duties would include the provision of technical assistance 
to states that have (or are developing) systems for reporting 
medical errors. CQuIPS also would provide for the certification 
and recertification of PSOs, which collect patient safety data 
from health care providers. (PSOs are private or public 
organizations that conduct activities to improve patient safety 
and the quality of health care delivery). PSOs would not 
receive funding under this bill. In addition, CQuIPS would 
establish a patient safety database to collect, support, and 
coordinate the analysis of patient safety data that is reported 
on a voluntary basis. Based on information from AHRQ, CBO 
expects that these tasks would require increased staff for 
providing assistance to states, oversight of PSOs, and 
collection and maintenance of the patient safety database. They 
would also require additional computer resources for the 
database. Based on information from AHRQ, CBO estimates that 
the agency would need additional appropriations of $10 million 
in 2003 and $61 million over the 2003-2007 period to carry out 
these responsibilities. CBO estimates that outlays would total 
$4 million in fiscal year 2003 and $51 million over the 2003-
2007 period, assuming the necessary amounts are appropriated.
    The bill would require the Secretary to develop voluntary, 
national standards that promote the compatibility of health 
care information technology systems across all health care 
settings. CBO estimates that this effort would not involve 
significant additional costs.
    In addition, H.R. 4889 would require the Comptroller 
General of the United States to report to the Congress the 
findings of comprehensive evaluation of PSOs, the usefulness of 
the reported information and the overall effectiveness of the 
program in reducing medical errors. CBO estimates that these 
tasks would cost the General Accounting Office $1 million in 
2003 and $2 million over the 2003-2007 period.
    Finally, the bill would establish the MITAB to provide 
recommendations regarding medical information technology. The 
MITAB would terminate 30 days after the submisswion of its 
final report. For purposes of this estimate, CBO assumed that 
the MITAB would be created in January 2003, and therefore would 
terminate in July 2006. As stated in the bill, the MITAB would 
require one Executive Level V employee and support staff. In 
addition, while board members would not be compensated for 
their time serving on the MITAB, reimbursement for travel and 
per-diem expenses would be allowed. CBO estimates that the 
MITAB would require appropriations of about $1 million a year 
over the 2003-2007 period. We estimate that outlays would total 
$0.6 million in fiscal year 2003 and $5 million over the 2003-
2007 period, assuming the necessary amounts are appropriated.
            Direct spending and revenues
    Because those prosecuted and convicted for violation of the 
bill's privacy provisions could be subject to criminal fines 
and civil monetary penalties, the federal government might 
collect additional fines if the bill is enacted. Collections of 
civil fines are recorded in the budget as governmental receipts 
(revenues). Criminal fines are deposited as receipts in the 
Crime Victims Fund and later spent. CBO estimates that any 
additional receipts and direct spending would be less than 
$500,000.
    Pay-as-you-go considerations: The Balanced Budget and 
Emergency Deficit Control Act sets up pay-as-you-go procedures 
for legislation affecting direct spending or receipts. Enacting 
H.R. 4889 could affect receipts and direct spending through the 
collection of fines for noncompliance with the privacy 
standards, but CBO estimates that any such effects would be 
less than $500,000 a year.
    Estimated impact on state, local, and tribal governments: 
H.R. 4889 would preempt any state freedom-of-information law 
that would require the disclosure of information provided by a 
health care provider to a certified patient safey organization. 
This preemption would be an intergovernmental mandate as 
defined in UMRA because it would limit the application of such 
state laws. CBO estimates that this mandate would impose no 
requirement on states that would result in additional spending; 
thus, the threshold established by UMRA ($58 million in 2002, 
adjusted annually for inflation) would not be exceeded.
    Estimated impact on the private sector: H.R. 4889 contains 
no private-sector mandates as defined in UMRA.
    Estimate prepared by: Federal Revenues and Outlays: Chris 
Topoleski and Margaret Nowak; Impact on State, Local, and 
Tribal Governments: Leo Lex; and Impact on the Private Sector: 
Daniel Wilmoth.
    Estimate approved by: Robert A. Sunshine, Assistant 
Director for Budget Analysis.

 V. OTHER MATTERS REQUIRED TO BE DISCUSSED UNDER THE RULES OF THE HOUSE


          A. Committee Oversight Findings and Recommendations

    In compliance with clause 3(c)(1) of rule XIII of the Rules 
of the House of Representatives, the Committee reports that the 
need for this legislation was verified by the two hearings 
conducted by the Committee. Details of these hearings are 
included in Section I. Introduction, Part B. Legislative 
History.

                  B Constitutional Authority Statement

    In compliance with clause 3(d)(1) of rule XIII of the Rules 
of the House of Representatives, the Committee states that the 
Committee's action in reporting this bill is derived from 
Article I of the Constitution, Section 8 (``The Congress shall 
have Power to lay and collect taxes, duties, imposts and 
excises, to pay the debts and to provide for *  *  * the 
General Welfare.'')

              C. Information Relating to Unfunded Mandates

    This information is provided in accordance with section 423 
of the Unfunded Mandates Act of 1995 (P.O. 104-4).
    The Committee has determined that the bill does not contain 
Federal mandates on the private sector. The Committee has 
determined that the bill does not impose a Federal 
intergovernmental mandate on State, local, or tribal 
governments, but that such mandate will have no budgetary 
impact on those entities. The bill, however, also provides 
assistance to State governments. It requires the Secretary of 
Health and Human Services to provide technical assistance to 
State governments in developing or maintaining State reporting 
systems, developing standardized methods of data collection, 
and in collecting data from State governments for inclusion in 
the Patient Safety Database. In addition, the legislation 
allows the Secretary to provide technical assistance to the 
patient safety organizations established under the bill.

         D. Summary of General Performance Goals and Objectives

    In compliance with clause 3(c)(4) of rule XIII of the Rules 
of the House of Representatives, the Committee states that the 
primary purpose of H.R. 4889 is to reduce medical errors, 
thereby improving patient safety.

       VI. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED

  In compliance with clause 3(e) of rule XIII of the Rules of 
the House of Representatives, changes in existing law made by 
the bill, as reported, are shown as follows (new matter is 
printed in italic and existing law in which no change is 
proposed is shown in roman):

SOCIAL SECURITY ACT

           *       *       *       *       *       *       *



     TITLE XI--GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE 
SIMPLIFICATION

           *       *       *       *       *       *       *



                  Part D--Patient Safety Improvements

        VOLUNTARY REPORTING OF PATIENT SAFETY DATA; DEFINITIONS

  Sec. 1181. (a) Collection and Voluntary Reporting of Patient 
Safety Data.--In order to improve patient safety and the 
quality of health care delivery, a health care provider (as 
defined in subsection (d)) may voluntarily collect and develop 
patient safety data (as defined in subsection (e)) and report 
such data to one or more patient safety organizations (as 
defined in subsection (f)) in a manner that is confidential and 
privileged (as described in section 1182).
  (b) Use of Patient Safety Data by Patient Safety 
Organizations.--Patient safety organizations shall analyze the 
patient safety data reported and develop (and report back to 
health care providers) information to improve patient safety 
and the quality of health care delivery and shall submit non-
identifiable information derived from such data in a uniform 
manner to the Center for Quality Improvement and Patient Safety 
(for inclusion in the Patient Safety Database, if applicable). 
Such non-identifiable information may be disclosed and shared 
with other patient safety organizations. Identifiable patient 
safety data may be disclosed to other patient safety 
organizations with the explicit authorization for each such 
disclosure by the reporting provider involved.
  (c) Functions of Center.--The Center for Quality Improvement 
and Patient Safety conducts patient safety activities 
consistent with section 1183.
  (d) Health Care Providers Covered.--For purposes of this 
part, the term ``health care provider'' means--
          (1) a provider of services (as defined in section 
        1861(u) and including a hospital, skilled nursing 
        facility, home health agency, and hospice program) that 
        provides services for which payment may be made under 
        part A of title XVIII and the provider's employees;
          (2) a health care entity or individual that furnishes 
        medical or other health services (as defined in section 
        1861(s)), other services described in section 
        1832(a)(2), or other items and services for which 
        payment may be made under such title, including a 
        physician (as defined in section 1861(r)); and
          (3) an organization offering a plan under part C of 
        title XVIII.
  (e) Patient Safety Data Covered.--
          (1) In general.--For purposes of this part, the term 
        ``patient safety data'' means any data, reports, 
        records, memoranda, analyses, deliberative work, 
        statements, or root cause analyses that are collected 
        or developed to improve patient safety or health care 
        quality and that--
                  (A) are collected or developed by a health 
                care provider for the purpose of reporting to a 
                patient safety organization and that are 
                reported on a timely basis to such an 
                organization;
                  (B) are collected or developed by a patient 
                safety organization or by (or on behalf of) the 
                Center for Quality Improvement and Patient 
                Safety, regardless of whether the data are 
                transmitted to the health care provider that 
                reported the original data; or
                  (C) describes corrective actions taken by a 
                health care provider in response to the 
                provider's reporting of data to that 
                organization, regardless of whether the 
                organization has transmitted under subsection 
                (f)(2) information to the health care provider 
                that reported the original data, and that are 
                reported on a timely basis to such an 
                organization.
          (2) Construction regarding use of data.--
                  (A) Internal use permitted to improve patient 
                safety, quality, and efficiency.--Nothing in 
                this part shall be construed to limit or 
                discourage a health care provider from 
                developing and using patient safety data within 
                the provider to improve patient safety, health 
                care quality, or administrative efficiency of 
                the provider.
                  (B) Treatment.--Information that is collected 
                or developed as patient safety data is not 
                disqualified from being treated as patient 
                safety data because of its development or use 
                for the purposes described in subparagraph (A) 
                and such development or use shall not 
                constitute a waiver of any privilege or 
                protection established under section 1182 or 
                under State law.
  (f) Qualifications of Patient Safety Organizations.--
          (1) In general.--For purposes of this part, the term 
        ``patient safety organization'' means a private or 
        public organization that conducts activities to improve 
        patient safety and the quality of health care delivery 
        by assisting health care providers that report to such 
        organizations and that has been certified by the 
        Secretary as--
                  (A) performing each of the activities 
                described in paragraph (2); and
                  (B) meets the other requirements of 
                paragraphs (3) through (5).
          (2) Activities described.--The activities referred to 
        in paragraph (1)(A) are the following:
                  (A) The collection and analysis of patient 
                safety data that are voluntarily reported by 
                more than one health care provider on a local, 
                regional, State, or national basis.
                  (B) The development and dissemination of 
                information to health care providers and other 
                patient safety organizations with respect to 
                improving patient safety, such as 
                recommendations, protocols, or information 
                regarding best practices.
                  (C) The utilization of patient safety data to 
                carry out activities under this paragraph to 
                improve patient safety and to provide 
                assistance to health care providers to minimize 
                patient risk.
          (3) Conduct of activities.--In conducting activities 
        under paragraph (2), a patient safety organization 
        shall--
                  (A) maintain confidentiality with respect to 
                individually identifiable health information;
                  (B) submit non-identifiable information to 
                the Center for Quality Improvement and Patient 
                Safety in a format established by the 
                Secretary; and
                  (C) maintain appropriate security measures 
                with respect to patient safety data.
          (4) Organization requirements.--The requirements of 
        this paragraph for an organization are that--
                  (A) the organization is managed, controlled, 
                and operated independently from health care 
                providers which report patient safety data to 
                it under this part;
                  (B) if the organization no longer qualifies 
                as a patient safety organization, with respect 
                to any patient safety data that it received 
                from a health care provider, the organization 
                shall do one of the following:
                          (i) with the approval of the provider 
                        and another patient safety 
                        organization, transfer such data to 
                        such other organization;
                          (ii) if practicable, return the data 
                        to the provider; or
                          (iii) destroy the patient safety 
                        data;
                  (C) if the organization charges a fee for the 
                activities it performs with respect to health 
                care providers, the fee shall be uniform among 
                all classes or types of health care providers 
                (taking into account the size of the health 
                care provider);
                  (D) the organization seeks to collect data 
                from health care providers in a standardized 
                manner that permits valid comparisons of 
                similar cases among similar health care 
                providers; and
                  (E) the organization meets such other 
                requirements as the Secretary may by regulation 
                require.
        For purposes of subparagraph (A), an organization is 
        controlled by a health care provider if the provider is 
        able to significantly influence or direct the actions 
        or policies of the organization.
          (5) Limitation on use of patient safety data by 
        patient safety organizations.--A patient safety 
        organization may not use patient safety data reported 
        by a health care provider in accordance with this part 
        to take regulatory or enforcement actions it otherwise 
        performs (or is responsible for performing) in relation 
        to such provider.
          (6) Technical assistance.--The Secretary may provide 
        technical assistance to patient safety organizations in 
        providing recommendations and advice to health care 
        providers reporting patient safety data under this 
        part. Such assistance shall include advice with respect 
        to methodology, communication, dissemination of 
        information, data collection, security, and 
        confidentiality concerns.
  (g) Construction.--Nothing in this part shall be construed to 
limit or discourage the reporting of information relating to 
patient safety within a health care provider.

              CONFIDENTIALITY AND PEER REVIEW PROTECTIONS

  Sec. 1182. (a) In General.--Notwithstanding any other 
provision of law, patient safety data shall be privileged and 
confidential in accordance with this section.
  (b) Scope of Privilege.--Subject to the succeeding provisions 
of this section, such data shall not be--
          (1) subject to a civil or administrative subpoena;
          (2) subject to discovery in connection with a civil 
        or administrative proceeding;
          (3) disclosed pursuant to section 552 of title 5, 
        United States Code (commonly known as the Freedom of 
        Information Act) or any other similar Federal or State 
        law; or
          (4) admitted as evidence or otherwise disclosed in 
        any civil or administrative proceeding.
  (c) Clarification of Scope.--The privilege established by 
this section with respect to patient safety data described in 
section 1181(e)(1)(A) shall apply to information, such as 
records of a patient's medical diagnosis and treatment, other 
primary health care information, and other information, to the 
extent that such information was collected or developed for the 
purpose specified in such section and is reported in accordance 
with such section. Such privilege shall not apply to 
information merely by reason of its inclusion, or the fact of 
its submission, in a report under such section. Information 
available from sources other than a report made under such 
section may be discovered or admitted in a civil or 
administrative proceeding, if discoverable or admissible under 
applicable state law.
  (d) Information Not Subject to Privilege.--The privilege 
established by this section shall not apply to one or more of 
the following:
          (1) Medical records and other primary health 
        records.--Records of a patient's medical diagnosis and 
        treatment and other primary health records of a health 
        care provider. Such privilege shall not apply to such 
        information by reason of its inclusion within patient 
        safety data.
          (2) FDA.--Relevant information disclosed by a health 
        care provider or patient safety organization to the 
        Food and Drug Administration, or to a person that is 
        subject to the jurisdiction of such Administration, 
        with respect to an Administration-regulated product or 
        activity for which that entity has responsibility, for 
        the purposes of activities related to quality, safety, 
        or effectiveness of such Administration-regulated 
        product or activity, subject to section 520(c) of the 
        Federal Food, Drug, and Cosmetic Act.
          (3) Non-identifiable information used by database.--
        Non-identifiable information from a patient safety 
        organization to the Patient Safety Database and the 
        further disclosure of such data by the Center for 
        Quality Improvement and Patient Safety.
  (e) Reporter Protection.--
          (1) In general.--A health care provider may not use 
        against an individual in an adverse employment action 
        described in paragraph (2) the fact that the individual 
        in good faith reported--
                  (A) to the provider with the intention of 
                having it reported to a patient safety 
                organization, or
                  (B) directly to a patient safety 
                organization,
        information that would constitute patient safety data 
        under section 1181(e)(1)(A) if the provider were to 
        have submitted it on a timely basis to a patient safety 
        organization in accordance with such section.
          (2) Adverse employment action.--For purposes of this 
        subsection, an ``adverse employment action'' includes--
                  (A) the failure to promote an individual or 
                provide any other employment-related benefit 
                for which the individual would otherwise be 
                eligible;
                  (B) an evaluation or decision made in 
                relation to accreditation, certification, 
                credentialing or licensing of the individual; 
                and
                  (C) a personnel action that is adverse to the 
                individual concerned.
          (3) Remedies.--The provisions of the first sentence 
        of section 1128A(a) shall apply with respect to a 
        health care provider's violation of paragraph (1) in 
        the same manner as they apply to an act referred to in 
        section 1128A(a)(7).
  (f) Penalty.--It is unlawful for any person to disclose any 
patient safety data in violation of the provisions of this 
section. Any person violating such provisions shall subject to 
the same sanctions under section 1160(c) (relating to, upon 
conviction, a fine of not more than $1,000, imprisonment for 
not more than 6 months, or both, per disclosure and payment of 
the costs of prosecution) as a person who discloses any 
information described in section 1160(a).
  (g) Rules of Construction.--
          (1) No limitation of other privileges.--Subject to 
        paragraph (2), nothing in this section shall be 
        construed as affecting other privileges that are 
        available under Federal or State laws that provide 
        greater peer review or confidentiality protections than 
        the peer review and confidentiality protections 
        provided for in this section.
          (2) No effect on state mandatory reporting 
        requirements.--Nothing in this part shall be construed 
        as preempting or otherwise affecting any State law 
        mandatory reporting requirement for health care 
        providers.
  (h) Application of Privacy Regulations.--For purposes of 
applying the regulations promulgated pursuant to section 264(c) 
of the Health Insurance Portability and Accountability Act of 
1996 (Public Law 104-191; 110 Stat. 2033)--
          (1) patient safety organizations shall be treated as 
        business associates;
          (2) activities of such organizations described in 
        section 1181(f)(2)(A) in relation to a health care 
        provider are deemed to be health care operations of the 
        provider; and
          (3) the disclosure of identifiable information under 
        the voluntary program under this part by such an 
        organization shall be treated as necessary for the 
        proper management and administration of the 
        organization.
Nothing in this section shall be construed to alter or affect 
the implementation of such regulation or such section 264(c).
  (i) Waivers.--Nothing in this part shall be construed as 
precluding a health care provider from waiving the privilege or 
confidentiality protections under this section. Disclosure of 
patient safety data under subsection (d)(2) shall not 
constitute a waiver of any privilege or protection established 
under this section or under State law.
  (j) Continuation of Privilege.--Patient safety data of an 
organization that is certified as a patient safety organization 
shall continue to be privileged and confidential, in accordance 
with this section, if the organization's certification is 
terminated or revoked or if the organization otherwise ceases 
to qualify as a patient safety organization until the data are 
otherwise disposed of in accordance with section 1181(f)(4).
  (k) Survey and Report.-- --
          (1) Survey.--The Comptroller General of the United 
        States shall conduct a survey of State laws that relate 
        to patient safety data peer review systems, including 
        laws that establish an evidentiary privilege applicable 
        to data developed in such systems, and shall review the 
        manner in which such laws have been interpreted by the 
        courts and the effectiveness of such laws in promoting 
        patient safety.
          (2) Report.--Not later than 9 months after the date 
        of enactment of this section, the Comptroller General 
        shall prepare and submit to Congress a report 
        concerning the results of the survey conducted under 
        paragraph (1).

           CENTER FOR QUALITY IMPROVEMENT AND PATIENT SAFETY

  Sec. 1183. (a) In General.--The Secretary, acting through the 
Director of the Agency for Healthcare Research and Quality, 
shall ensure that the Center for Quality Improvement and 
Patient Safety (in this section referred to as the ``Center'') 
supports public and private sector initiatives to improve 
patient safety for items and services furnished through health 
care providers.
  (b) Duties.--
          (1) In general.--The Secretary, acting through the 
        Director, shall ensure that the Center carries out the 
        following duties:
                  (A) Provide for the certification and 
                recertification of patient safety organizations 
                in accordance subsection (d).
                  (B) Collect and disseminate information 
                related to patient safety.
                  (C) Establish a Patient Safety Database to 
                collect, support, and coordinate the analysis 
                of non-identifiable information submitted to 
                the Database in accordance with subsection (e).
                  (D) Facilitate the development of consensus 
                among health care providers, patients, and 
                other interested parties concerning patient 
                safety and recommendations to improve patient 
                safety.
                  (E) Provide technical assistance to States 
                that have (or are developing) medical errors 
                reporting systems, assist States in developing 
                standardized methods for data collection, and 
                collect data from State reporting systems for 
                inclusion in the Patient Safety Database.
          (2) Consultation.--In carrying out the duties under 
        paragraph (1) (including the establishment of the 
        Database), the Secretary shall consult with and develop 
        partnerships, as appropriate, with health care 
        organizations, health care providers, public and 
        private sector entities, patient safety organizations, 
        health care consumers, and other relevant experts to 
        improve patient safety.
  (c) Certification and Recertification Process.--
          (1) In general.--The initial certification and 
        recertification of a patient safety organization under 
        subsection (b)(1)(A) shall be made under a process that 
        is approved by the Secretary and is consistent with 
        criteria published by the Secretary.
          (2) Revocation.--Such a certification or 
        recertification may be revoked by the Secretary upon a 
        showing of cause (including the disclosure of data in 
        violation of section 1182).
          (3) Termination.--Such a certification provided for a 
        patient safety organization shall terminate (subject to 
        recertification) on the earlier of--
                  (A) the date that is 3 years after the date 
                on which such certification was provided; or
                  (B) the date on which the Secretary revokes 
                the certification.
  (d) Implementation and Consultation.--In carrying out 
subsection (c)(1), the Secretary shall--
          (1) facilitate the development of patient safety 
        goals and track the progress made in meeting those 
        goals; and
          (2) ensure that data submitted by a patient safety 
        organization to the Patient Safety Database, as 
        provided for under subsection (e), are comparable and 
        useful for research and analysis and that the research 
        findings and patient safety alerts that result from 
        such analyses are presented in clear and consistent 
        formats that enhance the usefulness of such alerts.
  (e) Patient Safety Database.--
          (1) In general.--The Secretary, acting through the 
        Director, shall--
                  (A) establish a Patient Safety Database to 
                collect non-identifiable information concerning 
                patient safety that is reported on a voluntary 
                basis; and
                  (B) establish common formats for the 
                voluntary reporting of data under subparagraph 
                (A), including the establishment of necessary 
                data elements, common and consistent 
                definitions, and a standardized computer 
                interface for the processing of such data.
          (2) Database.--In carrying out this subsection, the 
        Secretary--
                  (A) shall establish and modify as necessary 
                criteria to determine the organizations that 
                may voluntarily contribute to, and the data 
                that comprises, the Patient Safety Database;
                  (B) shall ensure that the Patient Safety 
                Database is only used by qualified entities or 
                individuals as determined appropriate by the 
                Secretary in accordance with criteria applied 
                by the Secretary; and
                  (C) may enter into contracts for the 
                administration of the Database with private and 
                public entities with experience in the 
                administration of similar databases.
          (3) Non-identifiable information.--For purposes of 
        this part, the term ``non-identifiable information'' 
        means information that is presented in a form and 
        manner that prevents the identification of any health 
        care provider, patient, and the reporter of the 
        information.
  (f) Authorization of Appropriations.--There are authorized to 
be appropriated such sums as may be necessary for each fiscal 
year to carry out this section.

   INTEROPERABILITY STANDARDS FOR HEALTH CARE INFORMATION TECHNOLOGY 
                                SYSTEMS

  Sec. 1184. (a) In General.--By not later than 2 years after 
the date of the enactment of this part, the Secretary shall 
develop or adopt (and shall periodically review and update) 
voluntary, national standards that promote the interoperability 
of health care information technology systems across all health 
care settings. In promulgating regulations to carry out this 
section, the Secretary shall take into account the cost that 
meeting such standards would have on providing health care in 
the United States and the increased efficiencies in providing 
such care achieved under the standards.
  (b) Consultation and Coordination.--The Secretary shall 
develop and update such standards in consultation with (and 
with coordination between)--
          (1) the National Committee for Vital and Health 
        Statistics, and
          (2) the Medical Information Technology Advisory Board 
        (established under section 3 of the Patient Safety 
        Improvement Act of 2002).
  (c) Dissemination.--The Secretary shall provide for the 
dissemination of the standards developed and updated under this 
section.
  (d) Authorization of Appropriations.--There are authorized to 
be appropriated such sums as may be necessary for each fiscal 
year to carry out this section.

        VOLUNTARY ADOPTION OF METHODS TO IMPROVE PATIENT SAFETY

  Sec. 1185. The Secretary shall encourage health care 
providers to adopt appropriate evidence-based methods to 
improve patient safety. Such methods shall not constitute 
national practice guidelines.

                         EVALUATION AND REPORT

  Sec. 1186. (a) Evaluation.--The Comptroller General of the 
United States shall conduct a comprehensive evaluation of the 
implementation of this part. Such evaluation shall include an 
examination of the following:
          (1) The health care providers that reported patient 
        safety data under this part and the patient safety 
        organizations to which they reported the information.
          (2) What types of events were so reported on.
          (3) The usefulness of the analyses, information, and 
        recommendations provided by patient safety 
        organizations in response to such reported information.
          (4) The response of health care providers to such 
        analyses, information, and recommendations, including a 
        survey of providers to obtain estimates of the 
        percentage of providers by category who have adopted 
        specific error-reduction methods and, if applicable, 
        reasons for not adopting specific practices.
          (5) The effectiveness of the program under this part 
        in reducing medical errors.
  (b) Report.--Not later than 5 years after the date the 
provisions of this part are first implemented, the Comptroller 
General shall submit to Congress a report on the evaluation 
conducted under subsection (a).

           *       *       *       *       *       *       *