[House Report 108-31] [From the U.S. Government Publishing Office] 108th Congress Rept. 108-31 HOUSE OF REPRESENTATIVES 1st Session Part 1 ====================================================================== PATIENT SAFETY IMPROVEMENT ACT OF 2003 _______ March 11, 2003.--Ordered to be printed _______ Mr. Thomas, from the Committee on Ways and Means, submitted the following R E P O R T [To accompany H.R. 877] [Including cost estimate of the Congressional Budget Office] The Committee on Ways and Means, to whom was referred the bill (H.R. 877) to amend title XI of the Social Security Act to improve patient safety, having considered the same, report favorably thereon with an amendment and recommend that the bill as amended do pass. CONTENTS Page I. Introduction......................................................9 A. Purpose and Summary................................... 9 B. Legislative History................................... 10 II. Explanation of Provisions........................................11 A. Analysis of Provisions................................ 11 a. Section 1. Short Title, Table of Contents......... 11 b. Section 2. Patient Safety Improvements............ 11 c. Section 3. Medical Information Technology Advisory Board............................................ 16 III.Vote of the Committee............................................18 IV. Budget Effects of the Bill.......................................18 A. Committee Estimate of Budgetary Effects............... 18 B. Statement Regarding New Budget Authority and Tax Expenditures......................................... 18 C. Cost Estimate Prepared by the Congressional Budget Office............................................... 18 V. Other Matters To Be Discussed Under the Rules of the House.......22 A. Committee Oversight Findings and Recommendations...... 22 B. Constitutional Authority Statement.................... 23 C. Information Relating to Unfunded Mandates............. 23 D. Summary of General Performance Goals and Objectives... 23 VI. Changes in Existing Law Made by the Bill as Reported.............23 The amendment is as follows: Strike all after the enacting clause and insert the following: SECTION 1. SHORT TITLE; TABLE OF CONTENTS. (a) Short Title.--This Act may be cited as the ``Patient Safety Improvement Act of 2003''. (b) Table of Contents.--The table of contents of this Act is as follows: Sec. 1. Short title; table of contents. Sec. 2. Patient safety improvements. ``Part D--Patient Safety Improvements ``Sec. 1181. Voluntary reporting of patient safety data; definitions. ``Sec. 1182. Confidentiality and peer review protections. ``Sec. 1183. Center for Quality Improvement and Patient Safety. ``Sec. 1184. Interoperability standards for health care information technology systems. ``Sec. 1185. Voluntary adoption of methods to improve patient safety. ``Sec. 1186. Evaluation and report. Sec. 3. Medical Information Technology Advisory Board. SEC. 2. PATIENT SAFETY IMPROVEMENTS. Title XI of the Social Security Act is amended by adding at the end the following new part: ``Part D--Patient Safety Improvements ``voluntary reporting of patient safety data; definitions ``Sec. 1181. (a) Collection and Voluntary Reporting of Patient Safety Data.--In order to improve patient safety and the quality of health care delivery, a health care provider (as defined in subsection (d)) may voluntarily collect and develop patient safety data (as defined in subsection (e)) and report such data to one or more patient safety organizations (as defined in subsection (f)) in a manner that is confidential and privileged (as described in section 1182). ``(b) Use of Patient Safety Data by Patient Safety Organizations.-- Patient safety organizations shall analyze the patient safety data reported and develop (and report back to health care providers) information to improve patient safety and the quality of health care delivery and shall submit non-identifiable information derived from such data in a uniform manner to the Center for Quality Improvement and Patient Safety (for inclusion in the Patient Safety Database, if applicable). Such non-identifiable information may be disclosed and shared with other patient safety organizations. Identifiable patient safety data may be disclosed to other patient safety organizations with the explicit authorization for each such disclosure by the reporting provider involved. ``(c) Functions of Center.--The Center for Quality Improvement and Patient Safety conducts patient safety activities consistent with section 1183. ``(d) Health Care Providers Covered.--For purposes of this part, the term `health care provider' means a provider of services (as defined in section 1861(u) and including a hospital, skilled nursing facility, home health agency, and hospice program) that provides services for which payment may be made under part A of title XVIII and the provider's employees, and includes physicians insofar as they furnish health care services in the health care provider. ``(e) Patient Safety Data Covered.-- ``(1) In general.--For purposes of this part, the term `patient safety data' means any data, reports, records, memoranda, analyses, deliberative work, statements, or root cause analyses that are collected or developed to improve patient safety or health care quality and that-- ``(A) are collected or developed by a health care provider for the purpose of reporting to a patient safety organization and that are reported on a timely basis to such an organization; ``(B) are collected or developed by a patient safety organization or by (or on behalf of) the Center for Quality Improvement and Patient Safety, regardless of whether the data are transmitted to the health care provider that reported the original data; or ``(C) describes corrective actions taken by a health care provider in response to the provider's reporting of data to that organization, regardless of whether the organization has transmitted under subsection (f)(2) information to the health care provider that reported the original data, and that are reported on a timely basis to such an organization. ``(2) Construction regarding use of data.-- ``(A) Internal use permitted to improve patient safety, quality, and efficiency.--Nothing in this part shall be construed to limit or discourage a health care provider from developing and using patient safety data within the provider to improve patient safety, health care quality, or administrative efficiency of the provider. ``(B) Treatment.--Information that is collected or developed as patient safety data is not disqualified from being treated as patient safety data because of its development or use for the purposes described in subparagraph (A) and such development or use shall not constitute a waiver of any privilege or protection established under section 1182 or under State law. ``(f) Qualifications of Patient Safety Organizations.-- ``(1) In general.--For purposes of this part, the term `patient safety organization' means a private or public organization that conducts activities to improve patient safety and the quality of health care delivery by assisting health care providers that report to such organizations and that has been certified by the Secretary as-- ``(A) performing each of the activities described in paragraph (2); and ``(B) meets the other requirements of paragraphs (3) through (5). ``(2) Activities described.--The activities referred to in paragraph (1)(A) are the following: ``(A) The collection and analysis of patient safety data that are voluntarily reported by more than one health care provider on a local, regional, State, or national basis. ``(B) The development and dissemination of information to health care providers and other patient safety organizations with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices. ``(C) The utilization of patient safety data to carry out activities under this paragraph to improve patient safety and to provide assistance to health care providers to minimize patient risk. ``(3) Conduct of activities.--In conducting activities under paragraph (2), a patient safety organization shall-- ``(A) maintain confidentiality with respect to individually identifiable health information; ``(B) submit non-identifiable information to the Center for Quality Improvement and Patient Safety in a format established by the Secretary; and ``(C) maintain appropriate security measures with respect to patient safety data. ``(4) Organization requirements.--The requirements of this paragraph for an organization are that-- ``(A) the organization is managed, controlled, and operated independently from health care providers which report patient safety data to it under this part; ``(B) if the organization no longer qualifies as a patient safety organization, with respect to any patient safety data that it received from a health care provider, the organization shall do one of the following: ``(i) with the approval of the provider and another patient safety organization, transfer such data to such other organization; ``(ii) if practicable, return the data to the provider; or ``(iii) destroy the patient safety data; ``(C) if the organization charges a fee for the activities it performs with respect to health care providers, the fee shall be uniform among all classes or types of health care providers (taking into account the size of the health care provider); ``(D) the organization seeks to collect data from health care providers in a standardized manner that permits valid comparisons of similar cases among similar health care providers; and ``(E) the organization meets such other requirements as the Secretary may by regulation require. For purposes of subparagraph (A), an organization is controlled by a health care provider if the provider is able to significantly influence or direct the actions or policies of the organization. ``(5) Limitation on use of patient safety data by patient safety organizations.--A patient safety organization may not use patient safety data reported by a health care provider in accordance with this part to take regulatory or enforcement actions it otherwise performs (or is responsible for performing) in relation to such provider. ``(6) Technical assistance.--The Secretary may provide technical assistance to patient safety organizations in providing recommendations and advice to health care providers reporting patient safety data under this part. Such assistance shall include advice with respect to methodology, communication, dissemination of information, data collection, security, and confidentiality concerns. ``(g) Construction.--Nothing in this part shall be construed to limit or discourage the reporting of information relating to patient safety within a health care provider. ``confidentiality and peer review protections ``Sec. 1182. (a) In General.--Notwithstanding any other provision of law, patient safety data shall be privileged and confidential in accordance with this section. ``(b) Scope of Privilege.--Subject to the succeeding provisions of this section, such data shall not be-- ``(1) subject to a civil or administrative subpoena; ``(2) subject to discovery in connection with a civil or administrative proceeding; ``(3) disclosed pursuant to section 552 of title 5, United States Code (commonly known as the Freedom of Information Act) or any other similar Federal or State law; or ``(4) admitted as evidence or otherwise disclosed in any civil or administrative proceeding. ``(c) Clarification of Scope.--The privilege established by this section with respect to patient safety data described in section 1181(e)(1)(A) shall apply to information, such as records of a patient's medical diagnosis and treatment, other primary health care information, and other information, to the extent that such information was collected or developed for the purpose specified in such section and is reported in accordance with such section. Such privilege shall not apply to information merely by reason of its inclusion, or the fact of its submission, in a report under such section. Information available from sources other than a report made under such section may be discovered or admitted in a civil or administrative proceeding, if discoverable or admissible under applicable state law. ``(d) Information Not Subject to Privilege.--The privilege established by this section shall not apply to one or more of the following: ``(1) Medical records and other primary health records.-- Records of a patient's medical diagnosis and treatment and other primary health records of a health care provider. Such privilege shall not apply to such information by reason of its inclusion within patient safety data. ``(2) Non-identifiable information used by database.--Non- identifiable information from a patient safety organization to the Patient Safety Database and the further disclosure of such data by the Center for Quality Improvement and Patient Safety. ``(e) Reporter Protection.-- ``(1) In general.--A health care provider may not use against an individual in an adverse employment action described in paragraph (2) the fact that the individual in good faith reported-- ``(A) to the provider with the intention of having it reported to a patient safety organization, or ``(B) directly to a patient safety organization, information that would constitute patient safety data under section 1181(e)(1)(A) if the provider were to have submitted it on a timely basis to a patient safety organization in accordance with such section. ``(2) Adverse employment action.--For purposes of this subsection, an `adverse employment action' includes-- ``(A) the failure to promote an individual or provide any other employment-related benefit for which the individual would otherwise be eligible; ``(B) an evaluation or decision made in relation to accreditation, certification, credentialing or licensing of the individual; and ``(C) a personnel action that is adverse to the individual concerned. ``(3) Remedies.--The provisions of the first sentence of section 1128A(a) shall apply with respect to a health care provider's violation of paragraph (1) in the same manner as they apply to an act referred to in section 1128A(a)(7). ``(f) Penalty.-- ``(1) Prohibition.--It is unlawful for any person to disclose any patient safety data in violation of the provisions of this section. ``(2) Amount.--Any person who violates paragraph (1) shall be subject to a civil monetary penalty of not more than $10,000 for each such violation involved. The provisions of section 1128A (other than subsections (a) and (b)) shall apply to a civil money penalty under this paragraph in the same manner as they apply to a penalty or proceeding under section 1128A(a). ``(3) Relation to hipaa.--The penalty under paragraph (2) for a disclosure in violation of paragraph (1) does not apply if the person would be subject to a penalty under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033), or any regulation promulgated under such section, for the same disclosure. ``(g) Rules of Construction.-- ``(1) No limitation of other privileges.--Subject to paragraph (2), nothing in this section shall be construed as affecting other privileges that are available under Federal or State laws that provide greater peer review or confidentiality protections than the peer review and confidentiality protections provided for in this section. ``(2) No effect on state mandatory reporting requirements.-- Nothing in this part shall be construed as preempting or otherwise affecting any State law mandatory reporting requirement for health care providers. ``(h) Application of Privacy Regulations.--For purposes of applying the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104- 191; 110 Stat. 2033)-- ``(1) patient safety organizations shall be treated as business associates; ``(2) activities of such organizations described in section 1181(f)(2)(A) in relation to a health care provider are deemed to be health care operations of the provider; and ``(3) the disclosure of identifiable information under the voluntary program under this part by such an organization shall be treated as necessary for the proper management and administration of the organization. Nothing in this section shall be construed to alter or affect the implementation of such regulation or such section 264(c). ``(i) Waivers.--Nothing in this part shall be construed as precluding a health care provider from waiving the privilege or confidentiality protections under this section. ``(j) Continuation of Privilege.--Patient safety data of an organization that is certified as a patient safety organization shall continue to be privileged and confidential, in accordance with this section, if the organization's certification is terminated or revoked or if the organization otherwise ceases to qualify as a patient safety organization until the data are otherwise disposed of in accordance with section 1181(f)(4). ``(k) Survey and Report.-- ``(1) Survey.--The Comptroller General of the United States shall conduct a survey of State laws that relate to patient safety data peer review systems, including laws that establish an evidentiary privilege applicable to data developed in such systems, and shall review the manner in which such laws have been interpreted by the courts and the effectiveness of such laws in promoting patient safety. ``(2) Report.--Not later than 9 months after the date of enactment of this section, the Comptroller General shall prepare and submit to Congress a report concerning the results of the survey conducted under paragraph (1). ``center for quality improvement and patient safety ``Sec. 1183. (a) In General.--The Secretary shall ensure that the Center for Quality Improvement and Patient Safety (in this section referred to as the `Center') supports public and private sector initiatives to improve patient safety for items and services furnished through health care providers. ``(b) Duties.-- ``(1) In general.--The Secretary shall ensure that the Center carries out the following duties: ``(A) Provide for the certification and recertification of patient safety organizations in accordance with subsection (d). ``(B) Collect and disseminate information related to patient safety. ``(C) Establish a Patient Safety Database to collect, support, and coordinate the analysis of non- identifiable information submitted to the Database in accordance with subsection (e). ``(D) Facilitate the development of consensus among health care providers, patients, and other interested parties concerning patient safety and recommendations to improve patient safety. ``(E) Provide technical assistance to States that have (or are developing) medical errors reporting systems, assist States in developing standardized methods for data collection, and collect data from State reporting systems for inclusion in the Patient Safety Database. ``(2) Consultation.--In carrying out the duties under paragraph (1) (including the establishment of the Database), the Secretary shall consult with and develop partnerships, as appropriate, with health care organizations, health care providers, public and private sector entities, patient safety organizations, health care consumers, and other relevant experts to improve patient safety. ``(c) Certification and Recertification Process.-- ``(1) In general.--The initial certification and recertification of a patient safety organization under subsection (b)(1)(A) shall be made under a process that is approved by the Secretary and is consistent with criteria published by the Secretary. ``(2) Revocation.--Such a certification or recertification may be revoked by the Secretary upon a showing of cause (including the disclosure of data in violation of section 1182). ``(3) Termination.--Such a certification provided for a patient safety organization shall terminate (subject to recertification) on the earlier of-- ``(A) the date that is 3 years after the date on which such certification was provided; or ``(B) the date on which the Secretary revokes the certification. ``(d) Implementation and Consultation.--In carrying out subsection (c)(1), the Secretary shall-- ``(1) facilitate the development of patient safety goals and track the progress made in meeting those goals; and ``(2) ensure that data submitted by a patient safety organization to the Patient Safety Database, as provided for under subsection (e), are comparable and useful for research and analysis and that the research findings and patient safety alerts that result from such analyses are presented in clear and consistent formats that enhance the usefulness of such alerts. ``(e) Patient Safety Database.-- ``(1) In general.--The Secretary shall-- ``(A) establish a Patient Safety Database to collect non-identifiable information concerning patient safety that is reported on a voluntary basis; and ``(B) establish common formats for the voluntary reporting of data under subparagraph (A), including the establishment of necessary data elements, common and consistent definitions, and a standardized computer interface for the processing of such data. ``(2) Database.--In carrying out this subsection, the Secretary-- ``(A) shall establish and modify as necessary criteria to determine the organizations that may voluntarily contribute to, and the data that comprises, the Patient Safety Database; ``(B) shall ensure that the Patient Safety Database is only used by qualified entities or individuals as determined appropriate by the Secretary in accordance with criteria applied by the Secretary; and ``(C) may enter into contracts for the administration of the Database with private and public entities with experience in the administration of similar databases. ``(3) Non-identifiable information.--For purposes of this part, the term `non-identifiable information' means information that is presented in a form and manner that prevents the identification of any health care provider, patient, and the reporter of the information. ``(f) Funding.--The Secretary shall transfer from the Federal Hospital Insurance Trust Fund established under section 1817 such sums as are necessary for each fiscal year to carry out this section. ``interoperability standards for health care information technology systems ``Sec. 1184. (a) In General.--By not later than 2 years after the date of the enactment of this part, the Secretary shall develop or adopt (and shall periodically review and update) voluntary, national standards that promote the interoperability of health care information technology systems across all health care settings. In promulgating regulations to carry out this section, the Secretary shall take into account the cost that meeting such standards would have on providing health care in the United States and the increased efficiencies in providing such care achieved under the standards. ``(b) Consultation and Coordination.--The Secretary shall develop and update such standards in consultation with (and with coordination between)-- ``(1) the National Committee for Vital and Health Statistics, and ``(2) the Medical Information Technology Advisory Board (established under section 3 of the Patient Safety Improvement Act of 2003). ``(c) Dissemination.--The Secretary shall provide for the dissemination of the standards developed and updated under this section. ``(d) Funding.--The Secretary shall transfer from the Federal Hospital Insurance Trust Fund established under section 1817 such sums as are necessary for each fiscal year to carry out this section. ``voluntary adoption of methods to improve patient safety ``Sec. 1185. The Secretary shall encourage health care providers to adopt appropriate evidence-based methods to improve patient safety. Such methods shall not constitute national practice guidelines. ``evaluation and report ``Sec. 1186. (a) Evaluation.--The Comptroller General of the United States shall conduct a comprehensive evaluation of the implementation of this part. Such evaluation shall include an examination of the following: ``(1) The health care providers that reported patient safety data under this part and the patient safety organizations to which they reported the information. ``(2) What types of events were so reported on. ``(3) The usefulness of the analyses, information, and recommendations provided by patient safety organizations in response to such reported information. ``(4) The response of health care providers to such analyses, information, and recommendations, including a survey of providers to obtain estimates of the percentage of providers by category who have adopted specific error-reduction methods and, if applicable, reasons for not adopting specific practices. ``(5) The effectiveness of the program under this part in reducing medical errors. ``(b) Report.--Not later than 5 years after the date the provisions of this part are first implemented, the Comptroller General shall submit to Congress a report on the evaluation conducted under subsection (a).''. SEC. 3. MEDICAL INFORMATION TECHNOLOGY ADVISORY BOARD. (a) Establishment.-- (1) In general.--Not later than 3 months after the date of the enactment of this Act, the Secretary of Health and Human Services (in this section referred to as the ``Secretary'') shall appoint an advisory board to be known as the ``Medical Information Technology Advisory Board'' (in this section referred to as the ``MITAB''). (2) Chairman.--The Secretary shall designate one member as chairman. The chairman shall be an individual affiliated with an organization having expertise creating American National Standards Institute (ANSI) accepted standards in health care information technology and a member of the National Committee for Vital and Health Statistics. (b) Composition.-- (1) In general.--The MITAB shall consist of not more than 17 members that include-- (A) experts from the fields of medical information, information technology, medical continuous quality improvement, medical records security and privacy, individual and institutional health care clinical providers, health researchers, and health care purchasers; (B) one or more staff experts from each of the following: the Centers for Medicare & Medicaid Services, the Agency for Healthcare Research and Quality, and the Institute of Medicine of the National Academy of Sciences; (C) representatives of private organizations with expertise in medical infomatics; (D) a representative of a teaching hospital; and (E) one or more representatives of the health care information technology industry. (2) Terms of appointment.--The term of any appointment under paragraph (1) to the MITAB shall be for the life of the MITAB. (3) Meetings.--The MITAB shall meet at the call of its chairman or a majority of its members. (4) Vacancies.--A vacancy on the MITAB shall be filled in the same manner in which the original appointment was made not later than 30 days after the MITAB is given notice of the vacancy and shall not affect the power of the remaining members to execute the duties of the MITAB. (5) Compensation.--Members of the MITAB shall receive no additional pay, allowances, or benefits by reason of their service on the MITAB. (6) Expenses.--Each member of the MITAB shall receive travel expenses and per diem in lieu of subsistence in accordance with sections 5702 and 5703 of title 5, United States Code. (c) Duties.-- (1) In general.--The MITAB shall on an ongoing basis advise, and make recommendations to, the Secretary regarding medical information technology, including the following: (A) The best current practices in medical information technology. (B) Methods for the adoption (not later than 2 years after the date of the enactment of this section) of a uniform health care information system interface between and among old and new computer systems. (C) Recommendations for health care vocabulary, messaging, and other technology standards (including a common lexicon for computer technology) necessary to achieve the interoperability of health care information systems for the purposes described in subparagraph (E). (D) Methods of implementing-- (i) health care information technology interoperability standardization; and (ii) records security. (E) Methods to promote information exchange among health care providers so that long-term compatibility among information systems is maximized, in order to do one or more of the following: (i) To maximize positive outcomes in clinical care-- (I) by providing decision support for diagnosis and care; and (II) by assisting in the emergency treatment of a patient presenting at a facility where there is no medical record for the patient. (ii) To contribute to (and be consistent with) the development of the patient assessment instrument provided for under section 545 of the Medicare, Medicaid, and SCHIP Benefits Improvement and Protection Act of 2000, and to assist in minimizing the need for new and different records as patients move from provider to provider. (iii) To reduce or eliminate the need for redundant records, paperwork, and the repetitive taking of patient histories and administering of tests. (iv) To minimize medical errors, such as administration of contraindicated drugs. (v) To provide a compatible information technology architecture that facilitates future quality and cost-saving needs and that avoids the financing and development of information technology systems that are not readily compatible. (2) Reports.-- (A) Initial report.--No later than 18 months after the date of the enactment of this Act, the MITAB shall submit to Congress and the Secretary an initial report concerning the matters described in paragraph (1). The report shall include-- (i) the practices described in paragraph (1)(A), including the status of health care information technology standards being developed by private sector and public-private groups; (ii) recommendations for accelerating the development of common health care terminology standards; (iii) recommendations for completing development of health care information system messaging standards; and (iv) progress toward meeting the deadline described in paragraph (1)(B) for adoption of methods described in such paragraph. (B) Subsequent reports.--During each of the 2 years after the year in which the report is submitted under subparagraph (A), the MITAB shall submit to Congress and the Secretary an annual report relating to additional recommendations, best practices, results of information technology improvements, analyses of private sector efforts to implement the interoperability standards established in section 1184 of the Social Security Act, and such other matters as may help ensure the most rapid dissemination of best practices in health care information technology. (d) Staff and Support Services.-- (1) Executive director.-- (A) Appointment.--The Chairman shall appoint an executive director of the MITAB. (B) Compensation.--The executive director shall be paid the rate of basic pay for level V of the Executive Schedule. (2) Staff.--With the approval of the MITAB, the executive director may appoint such personnel as the executive director considers appropriate. (3) Applicability of civil service laws.--The staff of the MITAB shall be appointed without regard to the provisions of title 5, United States Code, governing appointments in the competitive service, and shall be paid without regard to the provisions of chapter 51 and subchapter III of chapter 53 of such title (relating to classification and General Schedule pay rates). (4) Experts and consultants.--With the approval of the MITAB, the executive director may procure temporary and intermittent services under section 3109(b) of title 5, United States Code. (e) Powers.-- (1) Hearings and other activities.--For the purpose of carrying out its duties, the MITAB may hold such hearings and undertake such other activities as the MITAB determines to be necessary to carry out its duties. (2) Detail of federal employees.--Upon the request of the MITAB, the head of any Federal agency is authorized to detail, without reimbursement, any of the personnel of such agency to the MITAB to assist the MITAB in carrying out its duties. Any such detail shall not interrupt or otherwise affect the civil service status or privileges of the Federal employee. (3) Technical assistance.--Upon the request of the MITAB, the head of a Federal agency shall provide such technical assistance to the MITAB as the MITAB determines to be necessary to carry out its duties. (4) Obtaining information.--The MITAB may secure directly from any Federal agency information necessary to enable it to carry out its duties, if the information may be disclosed under section 552 of title 5, United States Code. Upon request of the Chairman of the MITAB, the head of such agency shall furnish such information to the MITAB. (f) Termination.--The MITAB shall terminate 30 days after the date of submission of its final report under subsection (c)(2)(B). (g) Applicability of FACA.--The provisions of the Federal Advisory Committee Act (5 U.S.C. App.) shall apply to the MITAB. (h) Funding.--The Secretary shall transfer from the Federal Hospital Insurance Trust Fund established under section 1817 of the Social Security Act (42 U.S.C. 1395i) such sums as are necessary for each fiscal year to carry out this section. I. INTRODUCTION A. Purpose and Summary More than three years ago, the Institute of Medicine (IOM) reported that preventable medical errors are the eighth leading cause of death in America--ahead of breast cancer, AIDS, and traffic deaths. Up to 100,000 patients die in hospitals each year as a result of preventable mistakes. The number of injured is far greater. A recent report by Auburn University analyzed data from 36 hospitals and nursing homes in Colorado and Georgia over an 81- day period and found medication errors in about 20 percent of the doses administered in a ``typical'' 300-bed facility; researchers considered seven percent of the errors ``potentially harmful.'' Not only can avoidable patient errors result in poorer health outcomes--the most dramatic being death--they often drive up health costs by requiring expensive medical interventions to correct the subsequent medical problems. For example, adverse drug events (ADEs) and interactions in hospitals are prevalent and costly, yet could be dramatically reduced by adopting technology to reduce prescribing errors. According to the Pittsburgh Regional Healthcare Initiative, medication errors result in $3,500 to $4,000 in additional costs per incident. According to estimates from Cardinal Health, Inc., there were more than 625,000 preventable ADEs in hospitals in 2000 at a cost of $2.9 billion. The IOM also estimates that medical errors cost the economy about $38 billion each year, of which $17 billion is the result of preventable errors. These unacceptable financial costs are borne by providers, individuals, insurers and employers and public programs such as Medicare. The purpose of the bill is to provide for the improvement of patient safety and to reduce the incidence of events that adversely affect health outcomes. Specifically, this act will encourage a culture of safety by providing for the legal protection of information reported voluntarily for the purposes of quality improvement and the reduction of medical errors. B. Legislative History In the 106th Congress, the Subcommittee on Health held a hearing on the prevalence and nature of medical errors on February 10, 2002. During the 107th Congress, the Subcommittee on Health held a hearing on March 7, 2002 (107-76), on improving health quality by reducing the incidence and prevalence of medical errors. At that hearing, a number of experts testified to the Committee. Specifically, Dr. James Bagian, Director, National Center for Patient Safety, Department of Veterans Affairs, testified the VA has adopted a successful reporting system that has improved patient safety. Also, Dr. Karen Wolk Feinstein, Chair of the Pittsburgh Regional Healthcare Initiative, testified as to the Initiative's success in implementing an ambitious zero tolerance policy for medical errors and how a voluntary, confidential reporting system will help reduce medical errors by promoting a culture of safety. Academic expert Donald M. Berwick, the President and CEO of the Institute for Healthcare Improvement testified limited reporter protections and new information technology standards will promote better clinical outcomes, and the adoption of computerized physician order entry technology for electronic prescribing is critical to reduce avoidable medication errors. Dr. Matthew Alan Miller from Danbury Hospital (Connecticut), testified on behalf of the American Hospital Association on their perspectives to improve health outcomes and patient safety. Dr. Miller testified additional resources should be added to Medicare to encourage the purchase of information technology. Lastly, Mary Foley, President of the American Nurses Association, focused her testimony on mandatory overtime and dangerous working conditions in health facilities that lead to medical errors. The information gained from that hearing lead to the introduction of H.R. 4889, the ``Patient Safety Improvement Act of 2002,'' that would provide incentives to report error information and glean knowledge about medical mistakes and system failures in order to reduce medical errors. On September 10, 2002, the Subcommittee on Health held a legislative hearing on the draft substitute amendment to H.R. 4889. At the hearing Health and Human Services Secretary Tommy Thompson expressed the Administration's strong support for H.R. 4889. Testifying with Secretary Thompson was Carolyn Clancy, Acting Director of the Agency for Healthcare Research and Quality, which is the primary federal agency responsible for quality improvement and patient safety. In addition, letters of support from Secretary Thompson, Treasury Secretary Paul O'Neil, Centers for Medicare and Medicaid Services Administrator Tom Scully and Director Clancy for H.R. 4889 were presented at the hearing. Dr. Lucian Leape of Harvard University testified that error reporting for all but the most serious events should be voluntary and confidential and that certain changes needed to be made in the underlying bill prior to his support. Those changes were made. It is important to note that Dr. Leape was one of the authors of the 1999 Institute of Medicine report. Michael B. Wood, President and Chief Executive Officer of the Mayo Foundation, testified on behalf of the Healthcare Leadership Council. He stated that reporting systems should be voluntary and confidential, and that the Secretary should develop standards for the interoperability of health information technology in order to reduce medical mistakes and improve health outcomes. Ken Segel, Director of the Pittsburgh Regional Healthcare Initiative, testified that mandatory reporting should not be pursued prior to a voluntary, confidential and cooperative approach had been tested. In addition, Herbert Pardes, President of New York-Presbyterian, and Chief Executive Officer of the New York-Presbyterian Healthcare System testified that the interoperability and Advisory Board provisions of H.R. 4889 are critical to promoting the adoption of information technology to reduce medical errors. Lastly, the Committee heard from Jill Rosenthal who is a Project Manager at the National Academy for State Health Policy and who encouraged the Committee to protect state laws in this area and provide support for current and future efforts. On September 12, 2002, the Subcommittee on Health ordered favorably reported to the full Committee H.R. 4889, the ``Patient Safety Improvement Act of 2002,'' on a voice vote with a quorum present. On September 18, 2002, the Full Committee on Ways and Means ordered favorably reported H.R. 4889, the ``Patient Safety Improvement Act,'' as amended, by a recorded vote of 33 to 4. The bill was not considered by the House of Representatives prior to the adjournment of the 107th Congress. In the 108th Congress, Subcommittee on Health Chairman Nancy Johnson and Ranking Member Pete Stark introduced H.R. 877, the ``Patient Safety and Improvement Act of 2003'' on February 25, 2003. On February 27, 2003, the Full Committee ordered favorably reported H.R. 877, the ``Patient Safety Improvement Act of 2003,'' as amended, by voice vote. II. EXPLANATION OF PROVISIONS A. Analysis of Legislation and Comparison With Present Law Section 1. Short title; Table of contents Current Law. No provision. Explanation of Provision. The legislation would be cited as the Patient Safety Improvement Act of 2002 and would amend Title XI of the Social Security Act by adding Part D--Patient Safety Improvements--with six new sections (Sections 1181- 1186). A Medical Information Technology Advisory Board would also be established. Reason for Change. Not applicable. Effective Date. Upon enactment. Section 2. Patient safety improvements Current Law. No statutory provisions. The Institute of Medicine's (IOM) 1999 report, To Err Is Human, focused attention on the problem of preventable medical errors and the need for systematic steps to reduce their incidence to enhance patient safety. Among other proposals, IOM recommended that Congress create a Center for Patient Safety within the Agency for Healthcare Research and Quality (then called the Agency for Health Care Policy and Research) to promote knowledge and prevention of medical errors, set national goals for patient safety, fund patient safety research, evaluate methods for identifying and preventing medical errors, disseminate information on effective safety practices, and issue an annual report to the President and Congress on patient safety. The IOM recommended two systems for identifying and learning from medical errors. First, they recommended a nationwide, mandatory reporting system for serious adverse events such as death. The IOM also recommended a voluntary reporting system for less serious errors, or for situations that could be prevented. The Committee has addressed the later recommendation, based on the advice of numerous experts, academicians and providers. In addition, the IOM recommended that the Center for Patient Safety encourage the development of voluntary reporting systems and outlined various actions that could be undertaken. Furthermore, IOM recommended that Congress pass legislation to extend peer review protections to information collected under such voluntary systems. While existing law often shields data about errors within a given institution, the IOM report noted that this protection may be lost if the information is transmitted elsewhere, even to a voluntary reporting system serving as the backbone of a collaborative effort to reduce medical errors. Explanation of Provision. The provision would establish a new Part D in Title XI of the Social Security Act to encourage a voluntary reporting system for patient safety data. A new Section 1181 would be added that would permit a health care provider to voluntarily collect, develop and report patient safety data to a patient safety organization in a manner that is confidential and privileged. Patient safety organizations would analyze the reported data, report back to providers information to improve patient safety, and submit non-identifiable information to the Center for Quality Improvement and Patient Safety for inclusion in the Patient Safety Database. Patient safety organizations would be permitted to share non-identifiable information, but the disclosure of identifiable information from one such organization to another would require for each disclosure the explicit authorization of the provider who initially reported the information, and the information could only be shared for purposes consistent with the Act. In this legislation, a health care provider would mean: Medicare Part A providers--hospitals, skilled nursing facilities, home health agencies and hospice programs--and the physicians that operate in those facilities. Patient safety data would mean any data, reports, records, memoranda, analyses, deliberative work, statements, or root cause analyses that are collected or developed to improve patient safety or health care quality. That would include patient safety data collected or developed by a provider to report to a patient safety organization on a timely basis, as well as data collected or developed by a patient safety organization or by or on behalf of the Center for Quality Improvement and Patient Safety, regardless of whether the data are transmitted back to the health care provider that supplied the information originally. Patient safety data would also encompass descriptions of corrective actions taken by providers in response to the provider's reporting of data to a patient safety organization (on a timely basis to such an organization), regardless of whether the organization has provided feedback to the provider. To further knowledge, providers would have to report the corrective actions to the patient safety organization. Nothing in the bill should be construed as limiting a provider's ability to waive the privilege or confidentiality protections established by the legislation. A patient safety organization (PSO) would mean a private or public organization that conducts activities to improve patient safety and health care quality by assisting health care entities that report to them. Such entities must meet certain requirements and be certified by the Secretary. Activities performed by the PSO would include: (1) the collection and analysis of patient safety data that are voluntarily reported by more than one provider on a local, state, regional, or national basis; (2) the development of and dissemination to providers and other patient safety organizations information such as recommendations, protocols, and best practice data; and (3) the utilization of patient safety data to help providers minimize patient risk. Patient safety organizations would be required to ensure the confidentiality of individually identifiable health information, submit non-identifiable information to the Center for Quality Improvement and Patient Safety, if applicable, in a format established by the Secretary, and maintain appropriate data security measures. Such organizations would also be required: (1) to be managed, controlled (i.e., the provider is able to significantly influence or direct its actions or policies), and operated independently from providers that report data to it; (2) to collect data from providers in a standardized manner to facilitate comparisons of similar cases across similar providers; and (3) to meet other requirements specified by the Secretary. An entity that no longer qualified as a patient safety organization would be required to destroy its patient safety data, return (if practicable) the data to the reporting providers, or transfer data to another patient safety organization with the approval of the provider and that organization. Patient safety organizations that charge fees for their activities would be required to impose a uniform fee across all types and classes of providers, taking into account the size of the health care provider. A patient safety organization could not use data reported by a provider to take regulatory or enforcement actions it otherwise performs in relation to the provider, though the Committee does not intend for this to interfere with established oversight and regulatory activities. The Secretary would be able to give technical assistance to patient safety organizations in providing recommendations and advice to providers on methodology, communication, data collection, dissemination of information, security and confidentiality concerns. Nothing in this part would be construed to limit or discourage reporting patient safety data within a health care provider. A new Section 1182 would designate patient safety data as privileged and confidential. That designation would apply to information, such as medical records and other primary health care information, to the extent it was collected and developed for the purpose of improving patient safety and health care quality, and reported to a patient safety organization on a timely basis. Such privilege would not apply to information merely by reason of its inclusion in reported patient safety data. Information available from sources other than a report made under such section may be discovered or admitted in a civil or administrative proceeding, if discoverable or admissible under applicable state law. With some limitations under this new privilege, patient safety data would not be subject to: (1) a civil or administrative subpoena; (2) discovery in connection with a civil or administrative proceeding; (3) disclosure pursuant to a Freedom of Information Act request; or (4) admission as evidence or disclosure in any civil or administrative proceeding. The privilege established by this section would not apply to: (1) Records of a patient's medical diagnosis and treatment and other primary health records of a health care provider and (2) disclosures of non-identifiable information from a patient safety organization to the Patient Safety Database and the further disclosure of such information by the Center for Quality Improvement and Patient Safety. Disclosures in violation of the provisions of this section would be unlawful. Persons found in violation would be subject to a civil monetary penalty of not more than $10,000 for each violation. The civil monetary penalty would not apply if the violation was in violation of the Health Insurance Portability and Accountability Act (HIPAA), in which case the HIPAA penalty would apply. A health care provider would not be permitted to take an adverse employment action, including actions related to licensing or credentialing, against an individual who reported patient safety data to a patient safety organization. A health care provider who does undertake such retaliation may be subject to civil monetary penalties up to $50,000 in the same manner they are applied in the Social Security Act relating to illegal kickbacks. Nothing in this part would be construed as preempting or otherwise affecting any state mandatory reporting requirements for health care providers. Consistent with protecting state mandatory reporting requirements, nothing shall be construed as affecting other privileges that are available under Federal or State laws that provide greater peer review protection than the peer review and confidentiality protections provided under this bill. The health information privacy provisions in the Health Insurance Portability and Accountability Act (HIPAA) of 1996 and related implementing regulations would not be affected by this legislation. Disclosure of individually identifiable health information under this bill would fall under the same confidentiality protections required by the HIPAA confidentiality rule as any other disclosure of individually identifiable health information (e.g. providers would be subject to the Rule's minimum necessary requirements. The minimum necessary requirement of the HIPAA confidentiality rule related to disclosure of individually identifiable health information would apply. The Committee believes it is unnecessary for providers to report, and PSOs to collect, patient safety data that includes a patient's name or Social Security number. Patient safety organizations would be treated as business associates under HIPAA's privacy rule. Permissible disclosures to FDA under these provisions would not waive any privilege established by this legislation or under State law. Patient safety data of an organization that loses its certification as a patient safety organization would continue to be privileged and confidential until returned to the providers that supplied the data, transferred to another patient safety organization, or otherwise destroyed. The GAO would be required to conduct a survey of State laws regarding patient safety peer review systems, evidentiary privilege applicable to data developed in such systems, court interpretations of such laws, and the effectiveness of such laws in promoting patient safety. The GAO would be required to submit a report on this subject to Congress within nine months of enactment. Under Section 1183, the Secretary would be required to: (1) provide for the certification and recertification of patient safety organizations; (2) collect and disseminate information related to patient safety; (3) establish a Patient Safety Database to collect, support and coordinate the analysis of non-identifiable information submitted to the database; (4) facilitate the development of consensus among providers and interested parties concerning patient safety and related recommendations; and (5) provide technical assistance to the states in developing standardized methods for data collection. The Secretary would be required to consult with and develop appropriate partnerships with health care organizations, providers, public and private sector entities, patient safety organizations, health care consumers and other relevant experts. The Secretary would certify patient safety organizations under a process consistent with published criteria. The Secretary would be able to revoke such certification upon a showing of cause, including the inappropriate disclosure of patient safety data. Certification would terminate, subject to recertification, upon three years from the date of certification or upon revocation. In carrying out these responsibilities, the Secretary would be required to facilitate the development of patient safety goals, track progress in meeting these goals, ensure that data submitted by a patient safety organization to the Patient Safety Database are comparable and useful for research and analysis, and ensure that research findings and patient safety alerts are presented in clear and consistent formats. The Secretary would: (1) establish a Patient Safety Database to collect voluntarily reported, non-identifiable information concerning patient safety; and (2) establish common formats for PSOs reporting data to the Patient Safety Database. The Secretary would also be required to establish criteria to determine the organizations and individuals that may voluntarily contribute to, and the data that comprises, the Patient Safety Database, and to ensure that the database is only used by qualified entities and individuals. The Secretary would also be permitted to enter into contracts with private and public entities to administer the database. Non- identifiable information would mean information that is presented in a form that precludes the identification of any provider, patient, or reporter of the information. The Secretary shall transfer such sums as necessary from the Hospital Insurance Trust Fund to carry out this section. A new Section 1184 would require the Secretary within two years of enactment to develop or adopt (and periodically review and update) voluntary, national standards that promote the interoperability of health care information technology systems across all health care settings. The Secretary must take into account the costs to the health care system and any efficiencies that accrue as a result of the adoption of these standards. These standards would be developed in consultation with the National Committee for Vital and Health Statistics, and the Medical Information Technology Advisory Board (established under Section 3). The Secretary would be required to disseminate these standards. The Secretary is encouraged to use existing demonstration authority to test standards across health settings. In doing so, the Secretary should consult with the Medical Information Technology Advisory Board established under Section 3. The Secretary shall transfer such sums as necessary from the Hospital Insurance Trust Fund to carry out this section. A new Section 1185 would require the Secretary to encourage providers to adopt appropriate evidence-based methods to improve patient safety. These methods would not constitute national practice guidelines. A new Section 1186 would require GAO to conduct a comprehensive evaluation of the implementation of Sections 1181-1185 and report to Congress within five years of enactment. Such an evaluation would include: (1) the health care providers that reported under this part and the patient safety organizations to which they reported information; (2) what types of events were reported on; (3) the usefulness of the analyses, information, and recommendations provided by the patient safety organizations in response to such reported data; (4) the response of health care providers to such information; and (5) the effectiveness of these efforts in reducing medical errors. Reason for Change: According to the IOM, nearly 100,000 patients die in hospitals each year as a result of preventable mistakes. The number of injured is far greater. The Committee believes these provisions, taken together, will reduce preventable medical errors and improve quality. In addition, the Committee believes the development and promulgation of voluntary interoperability standards by HHS will promote efficiency and quality of health care delivery, while helping to reduce costs, to the extent such standards are adopted by health care systems. Effective Date: Upon enactment. Section 3. Medical Information Technology Advisory Board Current Law. No provision. Explanation of Provision. Within three months of enactment, the Secretary would be required to appoint the Medical Information Technology Advisory Board (MITAB) and designate a chairman. The chairman would be required to be affiliated with an organization having expertise in creating American National Standards Institute (ANSI) standards governing health care information technology and to be a member of the National Committee for Vital and Health Statistics. The MITAB would consist of no more than 17 members that include: (1) experts from the fields of medical information, information technology, medical continuous quality improvement, medical records security and privacy, individual and institutional clinical providers, health researchers, and health care purchasers; (2) one or more staff experts from the Centers for Medicare and Medicaid Services, the Agency for Healthcare Research and Quality, and the Institute of Medicine of the National Academy of Sciences; (3) representatives of private organizations with expertise in medical infomatics; (4) a representative of a teaching hospital; and (5) one or more representatives of the health care information technology industry. Individuals would be appointed for the life of the MITAB, with any vacancy filled in the same manner in which the original appointment was made. The new appointment would be made no later than 30 days after the MITAB is given notice of the vacancy. Such a vacancy would not affect the ability of the remaining members to perform the duties of the MITAB. The MITAB would meet at the call of its Chairman or a majority of its members. MITAB members would receive no additional pay, allowances, or benefits stemming from their service on the board, but would receive travel expenses and per diem in lieu of subsistence as directed by Sections 5702 and 5703 of Title 5 of the United States Code (USC). The Chairman would appoint an executive director of the MITAB who would be paid at level V of the Executive Schedule. With the approval of the MITAB, the director would be able to appoint appropriate personnel without regard to the provisions of Title 5 USC governing appointments in the competitive services or those relating to job classification and pay rates. The MITAB director would also be able to procure temporary and intermittent services under Section 3109(b) of Title 5 USC. Upon the request of MITAB, the head of any Federal agency would be able to detail, without reimbursement, any personnel of that agency to MITAB. The detail would not interrupt or affect the civil service status of the Federal employee. MITAB would be able to hold hearings and undertake other activities as necessary to carry out its duties. If requested by MITAB, a Federal agency would be required to provide technical assistance to the MITAB as deemed necessary. At the request of the MITAB chairman, the MITAB would be able to secure directly from any Federal agency information necessary to carry out its duties, if the information may be disclosed under the Freedom of Information Act (Section 552 of Title 5 USC). The Federal Advisory Committee Act (FACA) applies to the MITAB. MITAB would advise, and make recommendations to, the Secretary regarding medical information technology, including: (1) best practices in medical information technology; (2) methods of implementing health care information technology interoperability standards, and records security; (3) a recommendation for a common lexicon for computer technology; and (4) and adoption within two years of a uniform health information system interface between old and new systems. MITAB would also be required to make recommendations on methods to promote information exchange to enhance compatibility among information systems in order to: (1) maximize positive outcomes in clinical care by providing decision support for diagnosis and care, and assisting in the emergency treatment of a patient at a facility where there is no medical record of the patient; (2) contribute to the development of a patient assessment instrument that minimizes the need for different records when patients move from provider to provider; (3) reduce redundant paperwork; (4) minimize medical errors; and (5) contribute to compatible information technology architecture. MITAB would be required within 18 months of enactment to submit to Congress and the Secretary an initial report of its deliberations and recommendations. Subsequent annual reports would be due in each of the following two years after the initial report is submitted. MITAB would terminate 30 days after the date of submission of its final report. The Secretary shall transfer such sums as necessary from the Hospital Insurance Trust Fund to carry out this section. Reason for Change: The Committee believes an advisory board on medical technology will promote the adoption of better, more efficient and effective health information technology systems. These systems will help health care providers reduce errors by making patient information more readily available, and promoting quality by providing expert advice to HHS on the adoption of interoperability standards and through promotion of information technology. Effective Date. Upon enactment. III. VOTES In compliance with clause 3(b) of rule XIII of the Rules of the House of Representatives, the following statements are made concerning the votes of the Committee on Ways and Means in its consideration of H.R. 877. Motion to Report the Bill H.R. 877 was approved by voice vote with a quorum present. Votes on Amendments Chairman Thomas' amendment in the nature of a substitute was approved by voice vote with a quorum present. IV. BUDGET EFFECTS OF THE BILL A. Committee Estimate of Budgetary Effects In compliance with clause 3(c)(3) of rule XIII of the Rules of the House of Representatives, the following statement is made: The Committee agrees with the estimate prepared by the Congressional Budget Office (CBO), which is included below. B. Statement Regarding New Budget Authority and Tax Expenditures In compliance with clause 3(c)(2) of rule XIII of the Rules of the House of Representatives, the Committee states the bill will increase direct spending and government receipts by more than $500,000 annually. C. Cost Estimate Prepared by the Congressional Budget Office In compliance with clause 3(c)(3) of rule XIII of the Rules of the House of Representatives requiring a cost estimate prepared by the Congressional Budget Office, the following report prepared by CBO is provided. U.S. Congress, Congressional Budget Office, Washington, DC, March 5, 2003. Hon. William ``Bill'' M. Thomas, Chairman, Committee on Ways and Means, House of Representatives, Washington, DC. Dear Mr. Chairman: The Congressional Budget Office has prepared the enclosed cost estimate for H.R. 877, the Patient Safety Improvement Act of 2003. If you wish further details on this estimate, we will be pleased to provide them. The CBO staff contacts are Chris Topoleski and Margaret Nowak. Sincerely, Douglas Holtz-Eakin, Director. Enclosure. H.R. 877--Patient Safety Improvement Act of 2003 Summary: H.R. 877 would expand the duties of the Center for Quality Improvement and Patient Safety (CQuIPS) within the Agency for Healthcare Research and Quality (AHRQ). CQuIPS would establish credentialing procedures for patient safety organizations (PSOs), which collect patient safety data voluntarily submitted by health care providers for inclusion in a patient safety database. The bill also would establish privacy protections and impose civil monetary penalties for violations of those protections. In addition, H.R. 877 would establish the Medical Information Technology Advisory Board (MITAB), which would provide advice and recommendations on the compatibility of medical information technologies. The bill would require the Secretary of Health and Human Services, in consultation with the National Committee for Vital and Health Statistics and the MITAB, to develop voluntary national standards for uniform reporting of health care information. CBO estimates that implementing H.R. 877 would cost $7 million in 2004 and $63 million over the 2004-2008 period. Nearly all of the costs of implementing H.R. 877 would be paid for by funds the Secretary of Health and Human Services would be required to transfer from the Federal Hospital Insurance (Medicare Part A) Trust Fund. Those costs, which CBO estimates would total $6 million in 2004 and $59 million over the 2004- 2008 period, would be direct spending, because they would not be subject to the availability of appropriated funds. The bill would continue to affect direct spending after 2008; outlays during the following five years would total an estimated $71 million. CBO estimates that discretionary spending for studies conducted by the General Accounting Office (GAO) would total $1 million in 2004 and $4 million over the 2004-2008 period, assuming appropriation of the necessary amounts. In addition, the bill could affect receipts, as the federal government could collect fines from those found to be in violation of the privacy protections that would be established under the bill; CBO estimates that such effects would not be significant. H.R. 877 would preempt any state freedom of information law that would require the disclosure of information provided by a health care provider to a certified patient safety organization. This preemption would be an intergovernmental mandate as defined in the Unfunded Mandates Reform Act (UMRA) because it would limit the application of those state laws. CBO estimates that this mandate would impose no requirement on states that would result in additional spending; thus, the threshold established by UMRA would not be exceeded ($59 million in 2003, adjusted annually for inflation). H.R. 877 contains no private-sector mandates as defined in UMRA. The bill defines health care providers for purposes of the legislation as providers of services within the Medicare program. Consequently, requirements that the bill would impose on health care providers would be conditions of participating in a voluntary federal program, and thus would not be mandates as defined in UMRA. Estimate cost to the Federal Government: The estimated budgetary impact of H.R. 877 is shown in the following table. The costs of this legislation fall within budget functions 570 (Medicare) and 800 (general government). ---------------------------------------------------------------------------------------------------------------- By fiscal year, in millions of dollars-- ----------------------------------------------------- 2003 2004 2005 2006 2007 2008 ---------------------------------------------------------------------------------------------------------------- CHANGES IN DIRECT SPENDING Estimated Budget Authority................................ 0 14 14 14 14 14 Estimated Outlays......................................... 0 6 12 14 14 13 CHANGES IN SPENDING SUBJECT TO APPROPRIATION Estiamted Authorization Level............................. 0 1 0 1 1 1 Estimated Outlays......................................... 0 1 0 1 1 1 ---------------------------------------------------------------------------------------------------------------- NoteLess than $500,000. Basis of estimate Direct spending With the exception of the activities carried out by the GAO, funds for H.R. 877 would be transferred from the Federal Hospital Insurance Trust Fund and would not be subject to annual appropriation action. CBO estimates the bill would increase direct spending by $6 million in 2004 and $59 million over the 2004-2008 period. H.R. 877 would expand the current duties of CQuIPS. The new duties would include the provision of technical assistance to states that have (or are developing) systems for reporting medical errors. CQuIPS also would provide for the certification and recertification of PSOs, which collect patient safety data from health care providers. (PSOs are private or public organizations that conduct activities to improve patient safety and the quality of health care delivery.) PSOs would not receive funding under this bill. In addition, CQuIPS would establish a patient safety database to collect, support, and coordinate the analysis of patient safety data that is reported on a voluntary basis. Based on information from AHRQ, CBO expects that these tasks would require increased staff for providing assistance to states, oversight of PSOs, and developing and maintaining the patient safety database. They would also require additional computer resources for the database. In 2004, we estimate that the direct spending would increase by $5 million, primarily for developing and maintaining the patient safety database. Outlays would rise to about $12 million a year after that, as AHRQ fully implements the certificate of PSOs, begins to recertify PSOs, and has a fully operational database on line. CBO estimates that direct spending would increase by $52 million over the 2004-2008 period, and by $121 million over the 2004-2013 period. The bill would require the Secretary to develop and periodically update voluntary, national standards that promote the compatibility of health care information technology systems across all health care settings. CBO estimaters that this effort would increase direct spending $2 million over the 2004- 2008 period and by $4 million over the 2004-2013 period. Finally, the bill would establish the Medical Information Technology Board (MITAB) to provide recommendations regarding medical information technology. The MITAB would terminate 30 days after the submission of its final report. For purposes of this estimate, CBO assumed that the MITAB would be created in October 2003, and therefore would terminate in April 2007. As stated in the bill, the MITAB would require one Executive Level V employee and support staff. In addition, while board members would not be compensated for their time serving on the MITAB, reimbursement for travel and per-diem expenses would be allowed. CBO estimates that the MITAB would cost $1 million in 2004 and $5 million over the 2004-2008 period. Spending subject to appropriation H.R. 877 would require the Comptroller General of the United States to provide to the Congress, within nine months of enactment, a survey of state laws that relate to peer review of patient safety data. Within five years after the date of enactment, the General Accounting Office would be required to submit the findings of a comprehensive evaluation of PSOs to assess the usefulness of the reported information, the level of adoption of error-reduction practices, and the overall effectiveness of the provisions of the bill in reducing medical errors. Assuming appropriation of the necessary amounts, CBO estimates that these tasks would cost the General Accounting Office $1 million in 2004 and $4 million over the 2004-2008 period. Revenues Because those convicted for violating the bill's privacy provisions could be subject to civil monetary penalties, the federal government might collect additional fines if the bill is enacted. Collections of civil fines are recorded in the budget as governmental receipts (revenues). CBO estimates that any additional receipts from such fines would be less than $500,000 a year. Estimated Impact on State, Local, and Tribal Governments and the Private Sector: H.R. 877 would preempt any state freedom of information law that would require the disclosure of information provided by a health care provider to a certified patient safety organization. This preemption would be an intergovernmental mandate as defined in UMRA because it would limit the application of state laws. CBO estimates that this mandate would impose no requirement on states that would result in additional spending; thus, the threshold as established by UMRA would not be exceeded ($59 million in 2003, adjusted annually for inflation). H.R. 877 contains no private-sector mandates as defined in UMRA. The bill defines health care providers for purposes of the legislation as providers of services within the Medicare program. Consequently, requirements that the bill would impose on health care providers would be conditions of participating in a voluntary federal program, and thus would not be mandates as defined in UMRA. Previous CBO Estimate: On March 3, 2003, CBO transmitted a cost estimate for H.R. 663, the Patient Safety Quality Improvement Act, as ordered reported by the House Committee on Energy and Commerce on February 12, 2003. CBO estimated that implementing the provisions of that bill would increase discretionary spending by $104 million over five years. The difference in the estimate of outlays between H.R. 877 and H.R. 663 is largely due to the grant program for establishing an electronic prescription program authorized by H.R. 663. In addition, H.R. 877 would establish the MITAB and would require the GAO to conduct surveys and submit reports on patient safety activities. Two bills also differ in how they are funded. H.R. 663 would amend the Public Health Service Act and authorize appropriations of discretionary spending. H.R. 877 would require the Secretary of Health and Human Services to transfer the necessary amounts to carry out all but the GAO activities in the bill from the Federal Hospital Insurance Trust Fund. Thus, $59 million of the $63 million cost of H.R. 877 would be direct spending. H.R. 663 would require the inclusion of a unique product identifier on packaging of a drug or biological product that is subject to regulation by the FDA. This provision, which would be a private-sector mandate, is not included in H.R. 877. Unlike H.R. 877, the requirements of H.R. 663 would apply to all health care providers, not just those participating in Medicare. Consequently, the requirements of H.R. 663 would be mandates as defined in UMRA, rather than conditions of participation in a voluntary federal program. Estimate Prepared By: Federal Revenues and Outlays: Chris Topoleski and Margaret Nowak; Impact on State, Local, and Tribal Governments: Leo Lex; and Impact on the Private Sector: Daniel Wilmoth. Estimated Approved By: Robert A. Sunshine, Assistant Director for Budget Analysis. V. OTHER MATTERS REQUIRED TO BE DISCUSSED UNDER THE RULES OF THE HOUSE A. Committee Oversight Findings and Recommendations In compliance with clause 3(c)(1) of rule XIII of the Rules of the House of Representatives, the Committee reports that the need for this legislation was verified by the two hearings conducted by the Committee in the 107th Congress. Details of these hearings are included in Section I. Introduction, Part B. Legislative History. B. Constitutional Authority Statement In compliance with clause 3(d)(1) of rule XIII of the Rules of the House of Representatives, the Committee states that the Committee's action in reporting this bill is derived from Article I of the Constitution, Section 8 (``The Congress shall have Power to lay and collect taxes, duties, imposts and excises, to pay the debts and to provide for ***the General Welfare.'') C. Information Relating to Unfunded Mandates This information is provided in accordance with section 423 of the Unfunded Mandates Act of 1995 (P.O. 104-4). The Committee has determined that the bill does not contain Federal mandates on the private sector. The Committee has determined that the bill may impose a Federal intergovernmental mandate on State, local, or tribal governments, but that such mandate will have no budgetary impact on those entities. The bill, however, also provides assistance to State governments. It requires the Secretary of Health and Human Services to provide technical assistance to State governments in developing or maintaining State reporting systems, developing standardized methods of data collection, and in collecting data from State governments for inclusion in the Patient Safety Database. In addition, the legislation allows the Secretary to provide technical assistance to the patient safety organizations established under the bill. D. Summary of General Performance Goals and Objectives In compliance with clause 3(c)(4) of rule XIII of the Rules of the House of Representatives, the Committee states that the primary purpose of H.R. 877 is to reduce medical errors, thereby improving patient safety. VI. CHANGES IN EXISTING LAW MADE BY THE BILL, AS REPORTED In compliance with clause 3(e) of rule XIII of the Rules of the House of Representatives, changes in existing law made by the bill, as reported, are shown as follows (new matter is printed in italics and existing law in which no change is proposed is shown in roman): SOCIAL SECURITY ACT * * * * * * * TITLE XI--GENERAL PROVISIONS, PEER REVIEW, AND ADMINISTRATIVE SIMPLIFICATION * * * * * * * Part D--Patient Safety Improvements VOLUNTARY REPORTING OF PATIENT SAFETY DATA; DEFINITIONS Sec. 1181. (a) Collection and Voluntary Reporting of Patient Safety Data.--In order to improve patient safety and the quality of health care delivery, a health care provider (as defined in subsection (d)) may voluntarily collect and develop patient safety data (as defined in subsection (e)) and report such data to one or more patient safety organizations (as defined in subsection (f)) in a manner that is confidential and privileged (as described in section 1182). (b) Use of Patient Safety Data by Patient Safety Organizations.--Patient safety organizations shall analyze the patient safety data reported and develop (and report back to health care providers) information to improve patient safety and the quality of health care delivery and shall submit non- identifiable information derived from such data in a uniform manner to the Center for Quality Improvement and Patient Safety (for inclusion in the Patient Safety Database, if applicable). Such non-identifiable information may be disclosed and shared with other patient safety organizations. Identifiable patient safety data may be disclosed to other patient safety organizations with the explicit authorization for each such disclosure by the reporting provider involved. (c) Functions of Center.--The Center for Quality Improvement and Patient Safety conducts patient safety activities consistent with section 1183. (d) Health Care Providers Covered.--For purposes of this part, the term ``health care provider'' means a provider of services (as defined in section 1861(u) and including a hospital, skilled nursing facility, home health agency, and hospice program) that provides services for which payment may be made under part A of title XVIII and the provider''s employees, and includes physicians insofar as they furnish health care services in the health care provider. (e) Patient Safety Data Covered.-- (1) In general.--For purposes of this part, the term ``patient safety data'' means any data, reports, records, memoranda, analyses, deliberative work, statements, or root cause analyses that are collected or developed to improve patient safety or health care quality and that-- (A) are collected or developed by a health care provider for the purpose of reporting to a patient safety organization and that are reported on a timely basis to such an organization; (B) are collected or developed by a patient safety organization or by (or on behalf of) the Center for Quality Improvement and Patient Safety, regardless of whether the data are transmitted to the health care provider that reported the original data; or (C) describes corrective actions taken by a health care provider in response to the provider''s reporting of data to that organization, regardless of whether the organization has transmitted under subsection (f)(2) information to the health care provider that reported the original data, and that are reported on a timely basis to such an organization. (2) Construction regarding use of data.-- (A) Internal use permitted to improve patient safety, quality, and efficiency.--Nothing in this part shall be construed to limit or discourage a health care provider from developing and using patient safety data within the provider to improve patient safety, health care quality, or administrative efficiency of the provider. (B) Treatment.--Information that is collected or developed as patient safety data is not disqualified from being treated as patient safety data because of its development or use for the purposes described in subparagraph (A) and such development or use shall not constitute a waiver of any privilege or protection established under section 1182 or under State law. (f) Qualifications of Patient Safety Organizations.-- (1) In general.--For purposes of this part, the term ``patient safety organization'' means a private or public organization that conducts activities to improve patient safety and the quality of health care delivery by assisting health care providers that report to such organizations and that has been certified by the Secretary as-- (A) performing each of the activities described in paragraph (2); and (B) meets the other requirements of paragraphs (3) through (5). (2) Activities described.--The activities referred to in paragraph (1)(A) are the following: (A) The collection and analysis of patient safety data that are voluntarily reported by more than one health care provider on a local, regional, State, or national basis. (B) The development and dissemination of information to health care providers and other patient safety organizations with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices. (C) The utilization of patient safety data to carry out activities under this paragraph to improve patient safety and to provide assistance to health care providers to minimize patient risk. (3) Conduct of activities.--In conducting activities under paragraph (2), a patient safety organization shall-- (A) maintain confidentiality with respect to individually identifiable health information; (B) submit non-identifiable information to the Center for Quality Improvement and Patient Safety in a format established by the Secretary; and (C) maintain appropriate security measures with respect to patient safety data. (4) Organization requirements.--The requirements of this paragraph for an organization are that-- (A) the organization is managed, controlled, and operated independently from health care providers which report patient safety data to it under this part; (B) if the organization no longer qualifies as a patient safety organization, with respect to any patient safety data that it received from a health care provider, the organization shall do one of the following: (i) with the approval of the provider and another patient safety organization, transfer such data to such other organization; (ii) if practicable, return the data to the provider; or (iii) destroy the patient safety data; (C) if the organization charges a fee for the activities it performs with respect to health care providers, the fee shall be uniform among all classes or types of health care providers (taking into account the size of the health care provider); (D) the organization seeks to collect data from health care providers in a standardized manner that permits valid comparisons of similar cases among similar health care providers; and (E) the organization meets such other requirements as the Secretary may by regulation require. For purposes of subparagraph (A), an organization is controlled by a health care provider if the provider is able to significantly influence or direct the actions or policies of the organization. (5) Limitation on use of patient safety data by patient safety organizations.--A patient safety organization may not use patient safety data reported by a health care provider in accordance with this part to take regulatory or enforcement actions it otherwise performs (or is responsible for performing) in relation to such provider. (6) Technical assistance.--The Secretary may provide technical assistance to patient safety organizations in providing recommendations and advice to health care providers reporting patient safety data under this part. Such assistance shall include advice with respect to methodology, communication, dissemination of information, data collection, security, and confidentiality concerns. (g) Construction.--Nothing in this part shall be construed to limit or discourage the reporting of information relating to patient safety within a health care provider. CONFIDENTIALITY AND PEER REVIEW PROTECTIONS Sec. 1182. (a) In General.--Notwithstanding any other provision of law, patient safety data shall be privileged and confidential in accordance with this section. (b) Scope of Privilege.--Subject to the succeeding provisions of this section, such data shall not be-- (1) subject to a civil or administrative subpoena; (2) subject to discovery in connection with a civil or administrative proceeding; (3) disclosed pursuant to section 552 of title 5, United States Code (commonly known as the Freedom of Information Act) or any other similar Federal or State law; or (4) admitted as evidence or otherwise disclosed in any civil or administrative proceeding. (c) Clarification of Scope.--The privilege established by this section with respect to patient safety data described in section 1181(e)(1)(A) shall apply to information, such as records of a patient''s medical diagnosis and treatment, other primary health care information, and other information, to the extent that such information was collected or developed for the purpose specified in such section and is reported in accordance with such section. Such privilege shall not apply to information merely by reason of its inclusion, or the fact of its submission, in a report under such section. Information available from sources other than a report made under such section may be discovered or admitted in a civil or administrative proceeding, if discoverable or admissible under applicable state law. (d) Information Not Subject to Privilege.--The privilege established by this section shall not apply to one or more of the following: (1) Medical records and other primary health records.--Records of a patient''s medical diagnosis and treatment and other primary health records of a health care provider. Such privilege shall not apply to such information by reason of its inclusion within patient safety data. (2) Non-identifiable information used by database.-- Non-identifiable information from a patient safety organization to the Patient Safety Database and the further disclosure of such data by the Center for Quality Improvement and Patient Safety. (e) Reporter Protection.-- (1) In general.--A health care provider may not use against an individual in an adverse employment action described in paragraph (2) the fact that the individual in good faith reported-- (A) to the provider with the intention of having it reported to a patient safety organization, or (B) directly to a patient safety organization, information that would constitute patient safety data under section 1181(e)(1)(A) if the provider were to have submitted it on a timely basis to a patient safety organization in accordance with such section. (2) Adverse employment action.--For purposes of this subsection, an ``adverse employment action'' includes-- (A) the failure to promote an individual or provide any other employment-related benefit for which the individual would otherwise be eligible; (B) an evaluation or decision made in relation to accreditation, certification, credentialing or licensing of the individual; and (C) a personnel action that is adverse to the individual concerned. (3) Remedies.--The provisions of the first sentence of section 1128A(a) shall apply with respect to a health care provider''s violation of paragraph (1) in the same manner as they apply to an act referred to in section 1128A(a)(7). (f) Penalty.-- (1) Prohibition.--It is unlawful for any person to disclose any patient safety data in violation of the provisions of this section. (2) Amount.--Any person who violates paragraph (1) shall be subject to a civil monetary penalty of not more than $10,000 for each such violation involved. The provisions of section 1128A (other than subsections (a) and (b)) shall apply to a civil money penalty under this paragraph in the same manner as they apply to a penalty or proceeding under section 1128A(a). (3) Relation to hipaa.--The penalty under paragraph (2) for a disclosure in violation of paragraph (1) does not apply if the person would be subject to a penalty under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033), or any regulation promulgated under such section, for the same disclosure. (g) Rules of Construction.-- (1) No limitation of other privileges.--Subject to paragraph (2), nothing in this section shall be construed as affecting other privileges that are available under Federal or State laws that provide greater peer review or confidentiality protections than the peer review and confidentiality protections provided for in this section. (2) No effect on state mandatory reporting requirements.--Nothing in this part shall be construed as preempting or otherwise affecting any State law mandatory reporting requirement for health care providers. (h) Application of Privacy Regulations.--For purposes of applying the regulations promulgated pursuant to section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (Public Law 104-191; 110 Stat. 2033)-- (1) patient safety organizations shall be treated as business associates; (2) activities of such organizations described in section 1181(f)(2)(A) in relation to a health care provider are deemed to be health care operations of the provider; and (3) the disclosure of identifiable information under the voluntary program under this part by such an organization shall be treated as necessary for the proper management and administration of the organization. Nothing in this section shall be construed to alter or affect the implementation of such regulation or such section 264(c). (i) Waivers.--Nothing in this part shall be construed as precluding a health care provider from waiving the privilege or confidentiality protections under this section. (j) Continuation of Privilege.--Patient safety data of an organization that is certified as a patient safety organization shall continue to be privileged and confidential, in accordance with this section, if the organization''s certification is terminated or revoked or if the organization otherwise ceases to qualify as a patient safety organization until the data are otherwise disposed of in accordance with section 1181(f)(4). (k) Survey and Report.-- (1) Survey.--The Comptroller General of the United States shall conduct a survey of State laws that relate to patient safety data peer review systems, including laws that establish an evidentiary privilege applicable to data developed in such systems, and shall review the manner in which such laws have been interpreted by the courts and the effectiveness of such laws in promoting patient safety. (2) Report.--Not later than 9 months after the date of enactment of this section, the Comptroller General shall prepare and submit to Congress a report concerning the results of the survey conducted under paragraph (1). CENTER FOR QUALITY IMPROVEMENT AND PATIENT SAFETY Sec. 1183. (a) In General.--The Secretary shall ensure that the Center for Quality Improvement and Patient Safety (in this section referred to as the ``Center'') supports public and private sector initiatives to improve patient safety for items and services furnished through health care providers. (b) Duties.-- (1) In general.--The Secretary shall ensure that the Center carries out the following duties: (A) Provide for the certification and recertification of patient safety organizations in accordance with subsection (d). (B) Collect and disseminate information related to patient safety. (C) Establish a Patient Safety Database to collect, support, and coordinate the analysis of non-identifiable information submitted to the Database in accordance with subsection (e). (D) Facilitate the development of consensus among health care providers, patients, and other interested parties concerning patient safety and recommendations to improve patient safety. (E) Provide technical assistance to States that have (or are developing) medical errors reporting systems, assist States in developing standardized methods for data collection, and collect data from State reporting systems for inclusion in the Patient Safety Database. (2) Consultation.--In carrying out the duties under paragraph (1) (including the establishment of the Database), the Secretary shall consult with and develop partnerships, as appropriate, with health care organizations, health care providers, public and private sector entities, patient safety organizations, health care consumers, and other relevant experts to improve patient safety. (c) Certification and Recertification Process.-- (1) In general.--The initial certification and recertification of a patient safety organization under subsection (b)(1)(A) shall be made under a process that is approved by the Secretary and is consistent with criteria published by the Secretary. (2) Revocation.--Such a certification or recertification may be revoked by the Secretary upon a showing of cause (including the disclosure of data in violation of section 1182). (3) Termination.--Such a certification provided for a patient safety organization shall terminate (subject to recertification) on the earlier of-- (A) the date that is 3 years after the date on which such certification was provided; or (B) the date on which the Secretary revokes the certification. (d) Implementation and Consultation.--In carrying out subsection (c)(1), the Secretary shall-- (1) facilitate the development of patient safety goals and track the progress made in meeting those goals; and (2) ensure that data submitted by a patient safety organization to the Patient Safety Database, as provided for under subsection (e), are comparable and useful for research and analysis and that the research findings and patient safety alerts that result from such analyses are presented in clear and consistent formats that enhance the usefulness of such alerts. (e) Patient Safety Database.-- (1) In general.--The Secretary shall-- (A) establish a Patient Safety Database to collect non-identifiable information concerning patient safety that is reported on a voluntary basis; and (B) establish common formats for the voluntary reporting of data under subparagraph (A), including the establishment of necessary data elements, common and consistent definitions, and a standardized computer interface for the processing of such data. (2) Database.--In carrying out this subsection, the Secretary-- (A) shall establish and modify as necessary criteria to determine the organizations that may voluntarily contribute to, and the data that comprises, the Patient Safety Database; (B) shall ensure that the Patient Safety Database is only used by qualified entities or individuals as determined appropriate by the Secretary in accordance with criteria applied by the Secretary; and (C) may enter into contracts for the administration of the Database with private and public entities with experience in the administration of similar databases. (3) Non-identifiable information.--For purposes of this part, the term ``non-identifiable information'' means information that is presented in a form and manner that prevents the identification of any health care provider, patient, and the reporter of the information. (f) Funding.--The Secretary shall transfer from the Federal Hospital Insurance Trust Fund established under section 1817 such sums as are necessary for each fiscal year to carry out this section. INTEROPERABILITY STANDARDS FOR HEALTH CARE INFORMATION TECHNOLOGY SYSTEMS Sec. 1184. (a) In General.--By not later than 2 years after the date of the enactment of this part, the Secretary shall develop or adopt (and shall periodically review and update) voluntary, national standards that promote the interoperability of health care information technology systems across all health care settings. In promulgating regulations to carry out this section, the Secretary shall take into account the cost that meeting such standards would have on providing health care in the United States and the increased efficiencies in providing such care achieved under the standards. (b) Consultation and Coordination.--The Secretary shall develop and update such standards in consultation with (and with coordination between)-- (1) the National Committee for Vital and Health Statistics, and (2) the Medical Information Technology Advisory Board (established under section 3 of the Patient Safety Improvement Act of 2003). (c) Dissemination.--The Secretary shall provide for the dissemination of the standards developed and updated under this section. (d) Funding.--The Secretary shall transfer from the Federal Hospital Insurance Trust Fund established under section 1817 such sums as are necessary for each fiscal year to carry out this section. VOLUNTARY ADOPTION OF METHODS TO IMPROVE PATIENT SAFETY Sec. 1185. The Secretary shall encourage health care providers to adopt appropriate evidence-based methods to improve patient safety. Such methods shall not constitute national practice guidelines. EVALUATION AND REPORT Sec. 1186. (a) Evaluation.--The Comptroller General of the United States shall conduct a comprehensive evaluation of the implementation of this part. Such evaluation shall include an examination of the following: (1) The health care providers that reported patient safety data under this part and the patient safety organizations to which they reported the information. (2) What types of events were so reported on. (3) The usefulness of the analyses, information, and recommendations provided by patient safety organizations in response to such reported information. (4) The response of health care providers to such analyses, information, and recommendations, including a survey of providers to obtain estimates of the percentage of providers by category who have adopted specific error-reduction methods and, if applicable, reasons for not adopting specific practices. (5) The effectiveness of the program under this part in reducing medical errors. (b) Report.--Not later than 5 years after the date the provisions of this part are first implemented, the Comptroller General shall submit to Congress a report on the evaluation conducted under subsection (a). * * * * * * *