[DOCID: f:publ041.109]
[[Page 423]]
PATIENT SAFETY AND QUALITY IMPROVEMENT ACT OF 2005
[[Page 119 STAT. 424]]
Public Law 109-41
109th Congress
An Act
To amend title IX of the Public Health Service Act to provide for the
improvement of patient safety and to reduce the incidence of events that
adversely effect patient safety. <<NOTE: July 29, 2005 - [S. 544]>>
Be it enacted by the Senate and House of Representatives of the
United States of America in Congress <<NOTE: Patient Safety and Quality
Improvement Act of 2005.>> assembled,
SECTION 1. SHORT TITLE; TABLE OF CONTENTS.
(a) Short Title.--This Act may be cited as the ``Patient Safety and
Quality Improvement Act of 2005''.
(b) Table of Contents.--The table of contents for this Act is as
follows:
Sec. 1. Short title; table of contents.
Sec. 2. Amendments to Public Health Service Act.
``Part C--Patient Safety Improvement
``Sec. 921. Definitions.
``Sec. 922. Privilege and confidentiality protections.
``Sec. 923. Network of patient safety databases.
``Sec. 924. Patient safety organization certification and
listing.
``Sec. 925. Technical assistance.
``Sec. 926. Severability.
SEC. 2. AMENDMENTS TO PUBLIC HEALTH SERVICE ACT.
(a) In General.--Title IX of the Public Health Service Act (42
U.S.C. 299 et seq.) is amended--
(1) <<NOTE: 42 USC 299b-1.>> in section 912(c), by inserting
``, in accordance with part C,'' after ``The Director shall'';
(2) by redesignating part C as part D;
(3) <<NOTE: 42 USC 299c--299c-7.>> by redesignating sections
921 through 928, as sections 931 through 938, respectively;
(4) <<NOTE: 42 USC 299c-7.>> in section 938(1) (as so
redesignated), by striking ``921'' and inserting ``931''; and
(5) by inserting after part B the following:
``PART C--PATIENT SAFETY IMPROVEMENT
``SEC. 921. <<NOTE: 42 USC 299b-21.>> DEFINITIONS.
``In this part:
``(1) HIPAA confidentiality regulations.--The term `HIPAA
confidentiality regulations' means regulations promulgated under
section 264(c) of the Health Insurance Portability and
Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033).
[[Page 119 STAT. 425]]
``(2) Identifiable patient safety work product.--The term
`identifiable patient safety work product' means patient safety
work product that--
``(A) is presented in a form and manner that allows
the identification of any provider that is a subject of
the work product, or any providers that participate in
activities that are a subject of the work product;
``(B) constitutes individually identifiable health
information as that term is defined in the HIPAA
confidentiality regulations; or
``(C) is presented in a form and manner that allows
the identification of an individual who reported
information in the manner specified in section 922(e).
``(3) Nonidentifiable patient safety work product.--The term
`nonidentifiable patient safety work product' means patient
safety work product that is not identifiable patient safety work
product (as defined in paragraph (2)).
``(4) Patient safety organization.--The term `patient safety
organization' means a private or public entity or component
thereof that is listed by the Secretary pursuant to section
924(d).
``(5) Patient safety activities.--The term `patient safety
activities' means the following activities:
``(A) Efforts to improve patient safety and the
quality of health care delivery.
``(B) The collection and analysis of patient safety
work product.
``(C) The development and dissemination of
information with respect to improving patient safety,
such as recommendations, protocols, or information
regarding best practices.
``(D) The utilization of patient safety work product
for the purposes of encouraging a culture of safety and
of providing feedback and assistance to effectively
minimize patient risk.
``(E) The maintenance of procedures to preserve
confidentiality with respect to patient safety work
product.
``(F) The provision of appropriate security measures
with respect to patient safety work product.
``(G) The utilization of qualified staff.
``(H) Activities related to the operation of a
patient safety evaluation system and to the provision of
feedback to participants in a patient safety evaluation
system.
``(6) Patient safety evaluation system.--The term `patient
safety evaluation system' means the collection, management, or
analysis of information for reporting to or by a patient safety
organization.
``(7) Patient safety work product.--
``(A) In general.--Except as provided in
subparagraph (B), the term `patient safety work product'
means any data, reports, records, memoranda, analyses
(such as root cause analyses), or written or oral
statements--
``(i) which--
``(I) are assembled or developed by
a provider for reporting to a patient
safety organization and are reported to
a patient safety organization; or
[[Page 119 STAT. 426]]
``(II) are developed by a patient
safety organization for the conduct of
patient safety activities;
and which could result in improved patient safety,
health care quality, or health care outcomes; or
``(ii) which identify or constitute the
deliberations or analysis of, or identify the fact
of reporting pursuant to, a patient safety
evaluation system.
``(B) Clarification.--
``(i) Information described in subparagraph
(A) does not include a patient's medical record,
billing and discharge information, or any other
original patient or provider record.
``(ii) Information described in subparagraph
(A) does not include information that is
collected, maintained, or developed separately, or
exists separately, from a patient safety
evaluation system. Such separate information or a
copy thereof reported to a patient safety
organization shall not by reason of its reporting
be considered patient safety work product.
``(iii) Nothing in this part shall be
construed to limit--
``(I) the discovery of or
admissibility of information described
in this subparagraph in a criminal,
civil, or administrative proceeding;
``(II) the reporting of information
described in this subparagraph to a
Federal, State, or local governmental
agency for public health surveillance,
investigation, or other public health
purposes or health oversight purposes;
or
``(III) a provider's recordkeeping
obligation with respect to information
described in this subparagraph under
Federal, State, or local law.
``(8) Provider.--The term `provider' means--
``(A) an individual or entity licensed or otherwise
authorized under State law to provide health care
services, including--
``(i) a hospital, nursing facility,
comprehensive outpatient rehabilitation facility,
home health agency, hospice program, renal
dialysis facility, ambulatory surgical center,
pharmacy, physician or health care practitioner's
office, long term care facility, behavior health
residential treatment facility, clinical
laboratory, or health center; or
``(ii) a physician, physician assistant, nurse
practitioner, clinical nurse specialist, certified
registered nurse anesthetist, certified nurse
midwife, psychologist, certified social worker,
registered dietitian or nutrition professional,
physical or occupational therapist, pharmacist, or
other individual health care practitioner; or
``(B) any other individual or entity specified in
regulations promulgated by the Secretary.
[[Page 119 STAT. 427]]
``SEC. 922. <<NOTE: 42 USC 299b-22.>> PRIVILEGE AND CONFIDENTIALITY
PROTECTIONS.
``(a) Privilege.--Notwithstanding any other provision of Federal,
State, or local law, and subject to subsection (c), patient safety work
product shall be privileged and shall not be--
``(1) subject to a Federal, State, or local civil, criminal,
or administrative subpoena or order, including in a Federal,
State, or local civil or administrative disciplinary proceeding
against a provider;
``(2) subject to discovery in connection with a Federal,
State, or local civil, criminal, or administrative proceeding,
including in a Federal, State, or local civil or administrative
disciplinary proceeding against a provider;
``(3) subject to disclosure pursuant to section 552 of title
5, United States Code (commonly known as the Freedom of
Information Act) or any other similar Federal, State, or local
law;
``(4) admitted as evidence in any Federal, State, or local
governmental civil proceeding, criminal proceeding,
administrative rulemaking proceeding, or administrative
adjudicatory proceeding, including any such proceeding against a
provider; or
``(5) admitted in a professional disciplinary proceeding of
a professional disciplinary body established or specifically
authorized under State law.
``(b) Confidentiality of Patient Safety Work Product.--
Notwithstanding any other provision of Federal, State, or local law, and
subject to subsection (c), patient safety work product shall be
confidential and shall not be disclosed.
``(c) Exceptions.--Except as provided in subsection (g)(3)--
``(1) Exceptions from privilege and confidentiality.--
Subsections (a) and (b) shall not apply to (and shall not be
construed to prohibit) one or more of the following disclosures:
``(A) Disclosure of relevant patient safety work
product for use in a criminal proceeding, but only after
a court makes an in camera determination that such
patient safety work product contains evidence of a
criminal act and that such patient safety work product
is material to the proceeding and not reasonably
available from any other source.
``(B) Disclosure of patient safety work product to
the extent required to carry out subsection (f)(4)(A).
``(C) Disclosure of identifiable patient safety work
product if authorized by each provider identified in
such work product.
``(2) Exceptions from confidentiality.--Subsection (b) shall
not apply to (and shall not be construed to prohibit) one or
more of the following disclosures:
``(A) Disclosure of patient safety work product to
carry out patient safety activities.
``(B) Disclosure of nonidentifiable patient safety
work product.
``(C) Disclosure of patient safety work product to
grantees, contractors, or other entities carrying out
research, evaluation, or demonstration projects
authorized, funded, certified, or otherwise sanctioned
by rule or other means by the Secretary, for the purpose
of conducting research to the extent that disclosure of
protected health information would be allowed for such
purpose under the HIPAA confidentiality regulations.
[[Page 119 STAT. 428]]
``(D) Disclosure by a provider to the Food and Drug
Administration with respect to a product or activity
regulated by the Food and Drug Administration.
``(E) Voluntary disclosure of patient safety work
product by a provider to an accrediting body that
accredits that provider.
``(F) Disclosures that the Secretary may determine,
by rule or other means, are necessary for business
operations and are consistent with the goals of this
part.
``(G) Disclosure of patient safety work product to
law enforcement authorities relating to the commission
of a crime (or to an event reasonably believed to be a
crime) if the person making the disclosure believes,
reasonably under the circumstances, that the patient
safety work product that is disclosed is necessary for
criminal law enforcement purposes.
``(H) With respect to a person other than a patient
safety organization, the disclosure of patient safety
work product that does not include materials that--
``(i) assess the quality of care of an
identifiable provider; or
``(ii) describe or pertain to one or more
actions or failures to act by an identifiable
provider.
``(3) Exception from privilege.--Subsection (a) shall not
apply to (and shall not be construed to prohibit) voluntary
disclosure of nonidentifiable patient safety work product.
``(d) Continued Protection of Information After Disclosure.--
``(1) In general.--Patient safety work product that is
disclosed under subsection (c) shall continue to be privileged
and confidential as provided for in subsections (a) and (b), and
such disclosure shall not be treated as a waiver of privilege or
confidentiality, and the privileged and confidential nature of
such work product shall also apply to such work product in the
possession or control of a person to whom such work product was
disclosed.
``(2) Exception.--Notwithstanding paragraph (1), and subject
to paragraph (3)--
``(A) if patient safety work product is disclosed in
a criminal proceeding, the confidentiality protections
provided for in subsection (b) shall no longer apply to
the work product so disclosed; and
``(B) if patient safety work product is disclosed as
provided for in subsection (c)(2)(B) (relating to
disclosure of nonidentifiable patient safety work
product), the privilege and confidentiality protections
provided for in subsections (a) and (b) shall no longer
apply to such work product.
``(3) Construction.--Paragraph (2) shall not be construed as
terminating or limiting the privilege or confidentiality
protections provided for in subsection (a) or (b) with respect
to patient safety work product other than the specific patient
safety work product disclosed as provided for in subsection (c).
``(4) Limitations on actions.--
``(A) Patient safety organizations.--
``(i) In general.--A patient safety
organization shall not be compelled to disclose
information collected or developed under this part
whether or not such
[[Page 119 STAT. 429]]
information is patient safety work product unless
such information is identified, is not patient
safety work product, and is not reasonably
available from another source.
``(ii) Nonapplication.--The limitation
contained in clause (i) shall not apply in an
action against a patient safety organization or
with respect to disclosures pursuant to subsection
(c)(1).
``(B) Providers.--An accrediting body shall not take an
accrediting action against a provider based on the good faith
participation of the provider in the collection, development,
reporting, or maintenance of patient safety work product in
accordance with this part. An accrediting body may not require a
provider to reveal its communications with any patient safety
organization established in accordance with this part.
``(e) Reporter Protection.--
``(1) In general.--A provider may not take an adverse
employment action, as described in paragraph (2), against an
individual based upon the fact that the individual in good faith
reported information--
``(A) to the provider with the intention of having
the information reported to a patient safety
organization; or
``(B) directly to a patient safety organization.
``(2) Adverse employment action.--For purposes of this
subsection, an `adverse employment action' includes--
``(A) loss of employment, the failure to promote an
individual, or the failure to provide any other
employment-related benefit for which the individual
would otherwise be eligible; or
``(B) an adverse evaluation or decision made in
relation to accreditation, certification, credentialing,
or licensing of the individual.
``(f) Enforcement.--
``(1) Civil monetary penalty.--Subject to paragraphs (2) and
(3), a person who discloses identifiable patient safety work
product in knowing or reckless violation of subsection (b) shall
be subject to a civil monetary penalty of not more than $10,000
for each act constituting such violation.
``(2) Procedure.--The provisions of section 1128A of the
Social Security Act, other than subsections (a) and (b) and the
first sentence of subsection (c)(1), shall apply to civil money
penalties under this subsection in the same manner as such
provisions apply to a penalty or proceeding under section 1128A
of the Social Security Act.
``(3) Relation to hipaa.--Penalties shall not be imposed
both under this subsection and under the regulations issued
pursuant to section 264(c)(1) of the Health Insurance
Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2
note) for a single act or omission.
``(4) Equitable relief.--
``(A) In general.--Without limiting remedies
available to other parties, a civil action may be
brought by any aggrieved individual to enjoin any act or
practice that violates subsection (e) and to obtain
other appropriate equitable relief (including
reinstatement, back pay, and restoration of benefits) to
redress such violation.
[[Page 119 STAT. 430]]
``(B) Against state employees.--An entity that is a
State or an agency of a State government may not assert
the privilege described in subsection (a) unless before
the time of the assertion, the entity or, in the case of
and with respect to an agency, the State has consented
to be subject to an action described in subparagraph
(A), and that consent has remained in effect.
``(g) Rule of Construction.--Nothing in this section shall be
construed--
``(1) to limit the application of other Federal, State, or
local laws that provide greater privilege or confidentiality
protections than the privilege and confidentiality protections
provided for in this section;
``(2) to limit, alter, or affect the requirements of
Federal, State, or local law pertaining to information that is
not privileged or confidential under this section;
``(3) except as provided in subsection (i), to alter or
affect the implementation of any provision of the HIPAA
confidentiality regulations or section 1176 of the Social
Security Act (or regulations promulgated under such section);
``(4) to limit the authority of any provider, patient safety
organization, or other entity to enter into a contract requiring
greater confidentiality or delegating authority to make a
disclosure or use in accordance with this section;
``(5) as preempting or otherwise affecting any State law
requiring a provider to report information that is not patient
safety work product; or
``(6) to limit, alter, or affect any requirement for
reporting to the Food and Drug Administration information
regarding the safety of a product or activity regulated by the
Food and Drug Administration.
``(h) Clarification.--Nothing in this part prohibits any person from
conducting additional analysis for any purpose regardless of whether
such additional analysis involves issues identical to or similar to
those for which information was reported to or assessed by a patient
safety organization or a patient safety evaluation system.
``(i) Clarification of application of hipaa confidentiality
regulations to patient safety organizations.--For purposes of applying
the HIPAA confidentiality regulations--
``(1) patient safety organizations shall be treated as
business associates; and
``(2) patient safety activities of such organizations in
relation to a provider are deemed to be health care operations
(as defined in such regulations) of the provider.
``(j) Reports on Strategies to Improve Patient Safety.--
``(1) Draft report.--Not later than the date that is 18
months after any network of patient safety databases is
operational, the Secretary, in consultation with the Director,
shall prepare a draft report on effective strategies for
reducing medical errors and increasing patient safety. The draft
report shall include any measure determined appropriate by the
Secretary to encourage the appropriate use of such strategies,
including use in any federally funded programs. <<NOTE: Public
information.>> The Secretary shall make the draft report
available for public comment and submit the draft report to the
Institute of Medicine for review.
[[Page 119 STAT. 431]]
``(2) Final report.--Not later than 1 year after the date
described in paragraph (1), the Secretary shall submit a final
report to the Congress.
``SEC. 923. <<NOTE: 42 USC 299b-23.>> NETWORK OF PATIENT SAFETY
DATABASES.
``(a) In General.--The Secretary shall facilitate the creation of,
and maintain, a network of patient safety databases that provides an
interactive evidence-based management resource for providers, patient
safety organizations, and other entities. The network of databases shall
have the capacity to accept, aggregate across the network, and analyze
nonidentifiable patient safety work product voluntarily reported by
patient safety organizations, providers, or other entities. The
Secretary shall assess the feasibility of providing for a single point
of access to the network for qualified researchers for information
aggregated across the network and, if feasible, provide for
implementation.
``(b) Data Standards.--The Secretary may determine common formats
for the reporting to and among the network of patient safety databases
maintained under subsection (a) of nonidentifiable patient safety work
product, including necessary work product elements, common and
consistent definitions, and a standardized computer interface for the
processing of such work product. To the extent practicable, such
standards shall be consistent with the administrative simplification
provisions of part C of title XI of the Social Security Act.
``(c) Use of Information.--Information reported to and among the
network of patient safety databases under subsection (a) shall be used
to analyze national and regional statistics, including trends and
patterns of health care errors. <<NOTE: Public information.>> The
information resulting from such analyses shall be made available to the
public and included in the annual quality reports prepared under section
913(b)(2).
``SEC. 924. <<NOTE: 42 USC 299b-24.>> PATIENT SAFETY ORGANIZATION
CERTIFICATION AND LISTING.
``(a) Certification.--
``(1) Initial certification.--An entity that seeks to be a
patient safety organization shall submit an initial
certification to the Secretary that the entity--
``(A) has policies and procedures in place to
perform each of the patient safety activities described
in section 921(5); and
``(B) upon being listed under subsection (d), will
comply with the criteria described in subsection (b).
``(2) Subsequent certifications.--
An <<NOTE: Deadlines.>> entity that is a patient safety
organization shall submit every 3 years after the date of its
initial listing under subsection (d) a subsequent certification
to the Secretary that the entity--
``(A) is performing each of the patient safety
activities described in section 921(5); and
``(B) is complying with the criteria described in
subsection (b).
``(b) Criteria.--
``(1) In general.--The following are criteria for the
initial and subsequent certification of an entity as a patient
safety organization:
``(A) The mission and primary activity of the entity
are to conduct activities that are to improve patient
safety and the quality of hea