Committee on Ways and Means,
Section-by-Section Summary of H.R. 4889
Analysis of Legislation and Comparison with Present Law
Section 1. Short Title; Table of Contents
Current Law. No provision.
Explanation of Provision. The legislation would be cited as the Patient Safety Improvement Act of 2002 and would amend Title XI of the Social Security Act by adding Part D — Patient Safety Improvements — with six new sections (Sections 1181–1186). A Medical Information Technology Advisory Board would also be established.
Effective Date. Upon enactment.
Section 2. Patient Safety Improvements
Current Law. No statutory provisions. The Institute of Medicine’s (IOM) 1999 report, To Err is Human, focused attention on the problem of preventable medical errors and the need for systematic steps to reduce their incidence to enhance patient safety. Among other proposals, IOM recommended that Congress create a Center for Patient Safety within the Agency for Healthcare Research and Quality (then called the Agency for Health Care Policy and Research) to promote knowledge and prevention of medical errors, set national goals for patient safety, fund patient safety research, evaluate methods for identifying and preventing medical errors, disseminate information on effective safety practices, and issue an annual report to the President and Congress on patient safety. The IOM recommended that the Center for Patient Safety encourage the development of voluntary reporting systems and outlined various actions that could be undertaken. Furthermore, IOM recommended that Congress pass legislation to extend peer review protections to data related to patient safety and quality improvement. While existing law often shields data about errors within a given institution, the IOM report noted that this protection may be lost if the information is transmitted elsewhere, even to a voluntary reporting system serving as the backbone of a collaborative effort to reduce medical errors.
Explanation of Provision. The provision would establish a new Part D in Title XI of the Social Security Act to encourage a voluntary reporting system for patient safety data.
A new Section 1181 would be added which would permit a health care provider to voluntarily collect and report patient safety data to a patient safety organization in a way that maintains the information as confidential and privileged. Patient safety organizations would analyze the reported data, develop and report back to providers information to improve patient safety, and submit non-identifiable information to the Center for Quality Improvement and Patient Safety for inclusion in the Patient Safety Database. Patient safety organizations would be permitted to share non-identifiable information, but the disclosure of identifiable information from one such organization to another would require the explicit authorization of the provider who initially reported the information.
In this legislation, a health care provider would mean: (1) facilities and their employees that provide services under Medicare Part A; (2) a health care entity or individual (including a physician) who furnishes Medicare Part B services; and (3) an organization offering a Medicare+Choice plan.
Patient safety data would mean any data, reports, records, memoranda, analyses, deliberative work, statements, or root cause analyses that are collected or developed to improve patient safety or health care quality. That would include patient safety data collected or developed by a provider to report to a patient safety organization on a timely basis, as well as data collected or developed by a patient safety organization or by or on behalf of the Center for Quality Improvement and Patient Safety, regardless of whether the data are transmitted back to the health care provider that supplied the information originally. Patient safety data would also encompass descriptions of corrective actions taken by providers in response to the provider’s reporting of data to a patient safety organization (on a timely basis to such an organization), regardless of whether the organization has provided feedback to the provider. Providers would have to report the corrective actions to the patient safety organization.
A patient safety organization would mean a private or public organization that conducts activities to improve patient safety and health care quality as certified by the Secretary. Such activities would include: (1) the collection and analysis of patient safety data that are voluntarily reported by more than one provider on a local, state, regional, or national basis; (2) the development and dissemination to providers and other patient safety organizations of information such as recommendations, protocols, and best practice data; and (3) the utilization of patient safety data to assist providers to minimize patient risk. Patient safety organizations would be required to ensure the confidentiality of individually identifiable data, submit information to the Center for Quality Improvement and Patient Safety, if applicable, in an established format, and maintain appropriate data security measures.
Other requirements would be imposed on patient safety organizations. Such organizations would be required: (1) to be managed, controlled (i.e the provider is able to significantly influence or control the actions), and operated independently from providers that report data to it; (2) to collect data from providers in a standardized manner to permit comparisons of similar cases across similar providers; and (3) to meet other requirements specified by the Secretary. An entity that no longer qualified as a patient safety organization would be required to destroy its patient safety data, return (if practicable) the data to the reporting providers, or transfer data to another patient safety organization with the approval of the provider and that organization. Patient safety organizations that charge fees for their activities would be required to impose a uniform fee across all types and classes of providers, taking into account the size of the health care provider. A patient safety organization could not use data reported by a provider to take regulatory or enforcement actions it otherwise performs against the provider. The Secretary would be able to give technical assistance to patient safety organizations in providing recommendations and advice to providers on methodology, communication, data collection, security and confidentiality concerns. Nothing in this part would be construed to limit or discourage reporting patient safety data within a health care provider.
A new Section 1182 would designate patient safety data as privileged and confidential. That designation would apply to information, such as medical records and other primary health care information, that was collected and developed for the purpose of improving patient safety and health care quality, and reported to a patient safety organization. Such privilege would not apply to information merely by reason of its inclusion in reported patient safety data. Information available from other sources other than a report made under such section may be discovered or admitted in a civil or administrative proceeding, if discoverable or admissible under applicable state law. With some limitations, patient safety data would not be subject to: (1) a civil or administrative subpoena; (2) discovery in connection with a civil or administrative proceeding; (3) disclosure pursuant to a Freedom of Information Act request; or (4) admission as evidence or disclosure in any civil or administrative proceeding.
The privilege established by this section would not apply to: (1) Records of a patient’s medical diagnosis and treatment and other primary health records of a health care provider; (2) information disclosed by a provider or patient safety organization of data to the Food and Drug Administration (FDA), or to a person subject to FDA jurisdiction, regarding an FDA-regulated product or activity; and (3) disclosures of non-identifiable patient safety data from an patient safety organization to the Patient Safety Database and the further disclosure of such data by the Center for Quality Improvement and Patient Safety. A health care provider would not be permitted to take any adverse employment action against an employee who reported patient safety data to a patient safety organization. A health care provider who does undertake such retaliation may be subject to civil monetary penalties up to $50,000 in the same manner they are applied in the Social Security Act relating to illegal kickbacks. Disclosures in violation of the provisions of this section would be unlawful. Persons found in violation would be subject to the same penalties as those relating to inappropriate disclosures made by peer review organizations under the Medicare program, which provide for fines of up to $1,000 per disclosure, up to 6 months in prison, or both, and payment of the costs of prosecution.
Nothing in this part would be construed as preempting or otherwise affecting any state mandatory reporting requirements for health care providers. Consistent with protecting state mandatory reporting requirements, nothing shall be construed as affecting other privileges that are available under Federal or State laws that provide greater peer review protection than the peer review and confidentiality protections provided under this bill.
The health information privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and related implementing regulations would not be affected by this legislation. Patient safety organizations would be treated as business associates under HIPAA’s privacy rule. Permissible disclosures to FDA under these provisions would not waive any privilege established by this legislation or under State law. Patient safety data of an organization that loses its certification as a patient safety organization would continue to be privileged and confidential until returned to the providers that supplied the data, transferred to another patient safety organization, or otherwise destroyed.
The GAO would be required to conduct a survey of State laws regarding patient safety peer review systems, evidentiary privilege applicable to data developed in such systems, and court interpretations of such laws. The GAO would be required to submit a report on this subject to Congress within 9 months of enactment.
Under Section 1183, the Secretary, through the Center, would be required to: (1) provide for the certification and recertification of patient safety organizations; (2) collect and disseminate information related to patient safety; (3) establish a Patient Safety Database to collect, support and coordinate the analysis of non-identifiable information submitted to the database; and (4) facilitate the development of consensus among providers and interested parties concerning patient safety and related recommendations. The Secretary, acting through the director of the Agency for Healthcare Research and Quality would be required to consult with and develop appropriate partnerships with health care organizations, providers, public and private sector entities, patient safety organizations, health care consumers and other relevant experts.
The Secretary would certify patient safety organizations under a process consistent with published criteria. The Secretary would be able to revoke such certification upon a showing of cause, including the inappropriate disclosure of patient safety data. Certification would terminate, subject to recertification, upon 3 years from the date of certification or upon revocation. In carrying out these responsibilities, the Secretary would be required to facilitate the development of patient safety goals, track progress in meeting these goals, ensure that data submitted by a patient safety organization to the Patient Safety Database are comparable and useful for research and analysis, and ensure that research findings and patient safety alerts are presented in clear and consistent formats.
The Secretary, acting through the Center, would: (1) establish a Patient Safety Database to collect voluntarily reported, non-identifiable information concerning patient safety; and (2) establish common formats for reporting data to the Patient Safety Database. The Secretary would also be required to establish criteria to determine the organizations that may voluntarily contribute to, and that data that comprises, the Patient Safety Database, and ensure that the Database is only used by qualified entities. The Secretary would also be permitted to enter into contracts with private and public entities to administer the Database. Non-identifiable information would mean information that is presented in a form that precludes the identification of any provider, patient, or reporter of the information. There would be authorized to be appropriated such sums as may be necessary for each fiscal year to carry out this section.
A new Section 1184 would require the Secretary within 2 years of enactment to develop (and periodically review and update) voluntary, national standards that promote the interoperability of health care information technology systems across all health care settings. The Secretary must take into account the costs to the health care system and any efficiencies that accrue as a result of the adoption of these standards. These standards would be developed in consultation with the National Committee for Vital and Health Statistics, and the Medical Information Technology Advisory Board (established under Section 3). The Secretary would be required to disseminate these standards. There would be authorized to be appropriated such sums as may be necessary for each fiscal year to carry out this section.
A new Section 1185 would require the Secretary to encourage providers to adopt appropriate evidence-based methods to improve patient safety. These methods would not constitute national practice guidelines.
A new Section 1186 would require GAO to conduct a comprehensive evaluation of the implementation of Sections 1181–1185 and report to Congress within 5 years of enactment. Such an evaluation would include: (1) an examination of the patient safety data that were reported by health care providers; (2) the usefulness of the analyses, information, and recommendations provided by the patient safety organizations in response to such reported data; (3) the response of providers to such analysis, information, and recommendations; and (4) the effectiveness of these efforts in reducing medical errors.
Section 3. Medical Information Technology Advisory Board
Current Law. No provision.
Explanation of Provision. Within 3 months of enactment, the Secretary would be required to appoint the Medical Information Technology Advisory Board (MITAB) and designate a chairman. The chairman would be required to be affiliated with an organization having expertise in creating American National Standards Institute (ANSI) standards governing health care information technology and to be a member of the National Committee for Vital and Health Statistics. The MITAB would consist of no more than 17 members that include: (1) experts from the fields of medical information, information technology, medical continuous quality improvement, medical records security and privacy, individual and institutional clinical providers, health researchers, and health care purchasers; (2) one or more staff experts from the Centers for Medicare and Medicaid Services, the Agency for Healthcare Research and Quality, and the Institute of Medicine of the National Academy of Sciences; (3) representatives of private organizations with expertise in medical infomatics; (4) a representative of a teaching hospital; and (5) one or more representatives of the health care information technology industry. Individuals would be appointed for the life of the MITAB, with any vacancy filled in the same manner in which the original appointment was made. The new appointment would be made no later than 30 days after the MITAB is given notice of the vacancy. Such a vacancy would not affect the ability of the remaining members to perform the duties of the MITAB.
The MITAB would meet at the call of its Chairman or a majority of its members. MITAB members would receive no additional pay, allowances, or benefits stemming from their service on the board, but would receive travel expenses and per diem in lieu of subsistence as directed by Sections 5702 and 5703 of Title 5 of the United States Code (USC). The Chairman would appoint an executive director of the MITAB who would be paid at level V of the Executive Schedule. With the approval of the MITAB, the director would be able to appoint appropriate personnel without regard to the provisions of Title 5 USC governing appointments in the competitive services or those relating to job classification and pay rates. The MITAB director would also be able to procure temporary and intermittent services under Section 3109(b) of Title 5 USC. Upon the request of MITAB, the head of any Federal agency would be able to detail, without reimbursement, any personnel of that agency to MITAB. The detail would not interrupt or affect the civil service status of the Federal employee.
MITAB would be able to hold hearings and undertake other activities as necessary to carry out its duties. If requested by MITAB, a Federal agency would be required to provide technical assistance to the MITAB as deemed necessary. At the request of the MITAB chairman, the MITAB would be able to secure directly from any Federal agency information necessary to carry out its duties, if the information may be disclosed under the Freedom of Information Act (Section 552 of Title 5 USC).
MITAB would advise, and make recommendations to, the Secretary regarding medical information technology, including: (1) best practices in medical information technology; (2) methods of implementing health care information technology interoperability standardization, and records security; and (3) a recommendation for a common lexicon for computer technology; (4) and adoption within 2 years of a uniform health information system interface between old and new systems. MITAB would also be required to make recommendations on methods to promote information exchange to enhance compatibility among information systems in order to: (1) maximize positive outcomes in clinical care by providing decision support for diagnosis and care, and assisting in the emergency treatment of a patient at a facility with no medical record of the patient; (2) contribute to the development of a patient assessment instrument that minimizes the need for different records when patients move from provider to provider; (3) reduce redundant paperwork; (4) minimize medical errors; and (5) contribute to compatible information technology architecture.
MITAB would be required within 18 months of enactment to submit to Congress and the Secretary an initial report of its deliberations and recommendations. Subsequent annual reports would be due in each of the following 2 years after the initial report is submitted.
MITAB would terminate 30 days after the date of submission of its final report. The provision provides such sums as necessary for the operations of MITAB.
Effective Date. Upon enactment.