Part C—Patient Safety Improvement
§299b–21. Definitions
In this part:
(1) HIPAA confidentiality regulations
The term "HIPAA confidentiality regulations" means regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (
(2) Identifiable patient safety work product
The term "identifiable patient safety work product" means patient safety work product that—
(A) is presented in a form and manner that allows the identification of any provider that is a subject of the work product, or any providers that participate in activities that are a subject of the work product;
(B) constitutes individually identifiable health information as that term is defined in the HIPAA confidentiality regulations; or
(C) is presented in a form and manner that allows the identification of an individual who reported information in the manner specified in
(3) Nonidentifiable patient safety work product
The term "nonidentifiable patient safety work product" means patient safety work product that is not identifiable patient safety work product (as defined in paragraph (2)).
(4) Patient safety organization
The term "patient safety organization" means a private or public entity or component thereof that is listed by the Secretary pursuant to
(5) Patient safety activities
The term "patient safety activities" means the following activities:
(A) Efforts to improve patient safety and the quality of health care delivery.
(B) The collection and analysis of patient safety work product.
(C) The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices.
(D) The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk.
(E) The maintenance of procedures to preserve confidentiality with respect to patient safety work product.
(F) The provision of appropriate security measures with respect to patient safety work product.
(G) The utilization of qualified staff.
(H) Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.
(6) Patient safety evaluation system
The term "patient safety evaluation system" means the collection, management, or analysis of information for reporting to or by a patient safety organization.
(7) Patient safety work product
(A) In general
Except as provided in subparagraph (B), the term "patient safety work product" means any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements—
(i) which—
(I) are assembled or developed by a provider for reporting to a patient safety organization and are reported to a patient safety organization; or
(II) are developed by a patient safety organization for the conduct of patient safety activities;
and which could result in improved patient safety, health care quality, or health care outcomes; or
(ii) which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system.
(B) Clarification
(i) Information described in subparagraph (A) does not include a patient's medical record, billing and discharge information, or any other original patient or provider record.
(ii) Information described in subparagraph (A) does not include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a patient safety organization shall not by reason of its reporting be considered patient safety work product.
(iii) Nothing in this part shall be construed to limit—
(I) the discovery of or admissibility of information described in this subparagraph in a criminal, civil, or administrative proceeding;
(II) the reporting of information described in this subparagraph to a Federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes; or
(III) a provider's recordkeeping obligation with respect to information described in this subparagraph under Federal, State, or local law.
(8) Provider
The term "provider" means—
(A) an individual or entity licensed or otherwise authorized under State law to provide health care services, including—
(i) a hospital, nursing facility, comprehensive outpatient rehabilitation facility, home health agency, hospice program, renal dialysis facility, ambulatory surgical center, pharmacy, physician or health care practitioner's office, long term care facility, behavior health residential treatment facility, clinical laboratory, or health center; or
(ii) a physician, physician assistant, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist, certified nurse midwife, psychologist, certified social worker, registered dietitian or nutrition professional, physical or occupational therapist, pharmacist, or other individual health care practitioner; or
(B) any other individual or entity specified in regulations promulgated by the Secretary.
(July 1, 1944, ch. 373, title IX, §921, as added
Editorial Notes
References in Text
Section 264(c) of the Health Insurance Portability and Accountability Act of 1996, referred to in par. (1), is section 264(c) of
Prior Provisions
A prior section 921 of act July 1, 1944, was renumbered section 941 and is classified to
Another prior section 921 of act July 1, 1944, was classified to
§299b–22. Privilege and confidentiality protections
(a) Privilege
Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be privileged and shall not be—
(1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(3) subject to disclosure pursuant to
(4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or
(5) admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law.
(b) Confidentiality of patient safety work product
Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be confidential and shall not be disclosed.
(c) Exceptions
Except as provided in subsection (g)(3)—
(1) Exceptions from privilege and confidentiality
Subsections (a) and (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(A) Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source.
(B) Disclosure of patient safety work product to the extent required to carry out subsection (f)(4)(A).
(C) Disclosure of identifiable patient safety work product if authorized by each provider identified in such work product.
(2) Exceptions from confidentiality
Subsection (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(A) Disclosure of patient safety work product to carry out patient safety activities.
(B) Disclosure of nonidentifiable patient safety work product.
(C) Disclosure of patient safety work product to grantees, contractors, or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed for such purpose under the HIPAA confidentiality regulations.
(D) Disclosure by a provider to the Food and Drug Administration with respect to a product or activity regulated by the Food and Drug Administration.
(E) Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider.
(F) Disclosures that the Secretary may determine, by rule or other means, are necessary for business operations and are consistent with the goals of this part.
(G) Disclosure of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes.
(H) With respect to a person other than a patient safety organization, the disclosure of patient safety work product that does not include materials that—
(i) assess the quality of care of an identifiable provider; or
(ii) describe or pertain to one or more actions or failures to act by an identifiable provider.
(3) Exception from privilege
Subsection (a) shall not apply to (and shall not be construed to prohibit) voluntary disclosure of nonidentifiable patient safety work product.
(d) Continued protection of information after disclosure
(1) In general
Patient safety work product that is disclosed under subsection (c) shall continue to be privileged and confidential as provided for in subsections (a) and (b), and such disclosure shall not be treated as a waiver of privilege or confidentiality, and the privileged and confidential nature of such work product shall also apply to such work product in the possession or control of a person to whom such work product was disclosed.
(2) Exception
Notwithstanding paragraph (1), and subject to paragraph (3)—
(A) if patient safety work product is disclosed in a criminal proceeding, the confidentiality protections provided for in subsection (b) shall no longer apply to the work product so disclosed; and
(B) if patient safety work product is disclosed as provided for in subsection (c)(2)(B) (relating to disclosure of nonidentifiable patient safety work product), the privilege and confidentiality protections provided for in subsections (a) and (b) shall no longer apply to such work product.
(3) Construction
Paragraph (2) shall not be construed as terminating or limiting the privilege or confidentiality protections provided for in subsection (a) or (b) with respect to patient safety work product other than the specific patient safety work product disclosed as provided for in subsection (c).
(4) Limitations on actions
(A) Patient safety organizations
(i) In general
A patient safety organization shall not be compelled to disclose information collected or developed under this part whether or not such information is patient safety work product unless such information is identified, is not patient safety work product, and is not reasonably available from another source.
(ii) Nonapplication
The limitation contained in clause (i) shall not apply in an action against a patient safety organization or with respect to disclosures pursuant to subsection (c)(1).
(B) Providers
An accrediting body shall not take an accrediting action against a provider based on the good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety work product in accordance with this part. An accrediting body may not require a provider to reveal its communications with any patient safety organization established in accordance with this part.
(e) Reporter protection
(1) In general
A provider may not take an adverse employment action, as described in paragraph (2), against an individual based upon the fact that the individual in good faith reported information—
(A) to the provider with the intention of having the information reported to a patient safety organization; or
(B) directly to a patient safety organization.
(2) Adverse employment action
For purposes of this subsection, an "adverse employment action" includes—
(A) loss of employment, the failure to promote an individual, or the failure to provide any other employment-related benefit for which the individual would otherwise be eligible; or
(B) an adverse evaluation or decision made in relation to accreditation, certification, credentialing, or licensing of the individual.
(f) Enforcement
(1) Civil monetary penalty
Subject to paragraphs (2) and (3), a person who discloses identifiable patient safety work product in knowing or reckless violation of subsection (b) shall be subject to a civil monetary penalty of not more than $10,000 for each act constituting such violation.
(2) Procedure
The provisions of
(3) Relation to HIPAA
Penalties shall not be imposed both under this subsection and under the regulations issued pursuant to section 264(c)(1) of the Health Insurance Portability and Accountability Act of 1996 (
(4) Equitable relief
(A) In general
Without limiting remedies available to other parties, a civil action may be brought by any aggrieved individual to enjoin any act or practice that violates subsection (e) and to obtain other appropriate equitable relief (including reinstatement, back pay, and restoration of benefits) to redress such violation.
(B) Against State employees
An entity that is a State or an agency of a State government may not assert the privilege described in subsection (a) unless before the time of the assertion, the entity or, in the case of and with respect to an agency, the State has consented to be subject to an action described in subparagraph (A), and that consent has remained in effect.
(g) Rule of construction
Nothing in this section shall be construed—
(1) to limit the application of other Federal, State, or local laws that provide greater privilege or confidentiality protections than the privilege and confidentiality protections provided for in this section;
(2) to limit, alter, or affect the requirements of Federal, State, or local law pertaining to information that is not privileged or confidential under this section;
(3) except as provided in subsection (i), to alter or affect the implementation of any provision of the HIPAA confidentiality regulations or
(4) to limit the authority of any provider, patient safety organization, or other entity to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this section;
(5) as preempting or otherwise affecting any State law requiring a provider to report information that is not patient safety work product; or
(6) to limit, alter, or affect any requirement for reporting to the Food and Drug Administration information regarding the safety of a product or activity regulated by the Food and Drug Administration.
(h) Clarification
Nothing in this part prohibits any person from conducting additional analysis for any purpose regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a patient safety organization or a patient safety evaluation system.
(i) Clarification of application of HIPAA confidentiality regulations to patient safety organizations
For purposes of applying the HIPAA confidentiality regulations—
(1) patient safety organizations shall be treated as business associates; and
(2) patient safety activities of such organizations in relation to a provider are deemed to be health care operations (as defined in such regulations) of the provider.
(j) Reports on strategies to improve patient safety
(1) Draft report
Not later than the date that is 18 months after any network of patient safety databases is operational, the Secretary, in consultation with the Director, shall prepare a draft report on effective strategies for reducing medical errors and increasing patient safety. The draft report shall include any measure determined appropriate by the Secretary to encourage the appropriate use of such strategies, including use in any federally funded programs. The Secretary shall make the draft report available for public comment and submit the draft report to the Institute of Medicine for review.
(2) Final report
Not later than 1 year after the date described in paragraph (1), the Secretary shall submit a final report to the Congress.
(July 1, 1944, ch. 373, title IX, §922, as added
Editorial Notes
References in Text
Section 264(c)(1) of the Health Insurance Portability and Accountability Act of 1996, referred to in subsec. (f)(3), is section 264(c)(1) of
Prior Provisions
A prior section 922 of act July 1, 1944, was renumbered section 942 and is classified to
Another prior section 922 of act July 1, 1944, was classified to
§299b–23. Network of patient safety databases
(a) In general
The Secretary shall facilitate the creation of, and maintain, a network of patient safety databases that provides an interactive evidence-based management resource for providers, patient safety organizations, and other entities. The network of databases shall have the capacity to accept, aggregate across the network, and analyze nonidentifiable patient safety work product voluntarily reported by patient safety organizations, providers, or other entities. The Secretary shall assess the feasibility of providing for a single point of access to the network for qualified researchers for information aggregated across the network and, if feasible, provide for implementation.
(b) Data standards
The Secretary may determine common formats for the reporting to and among the network of patient safety databases maintained under subsection (a) of nonidentifiable patient safety work product, including necessary work product elements, common and consistent definitions, and a standardized computer interface for the processing of such work product. To the extent practicable, such standards shall be consistent with the administrative simplification provisions of part C of title XI of the Social Security Act [
(c) Use of information
Information reported to and among the network of patient safety databases under subsection (a) shall be used to analyze national and regional statistics, including trends and patterns of health care errors. The information resulting from such analyses shall be made available to the public and included in the annual quality reports prepared under
(July 1, 1944, ch. 373, title IX, §923, as added
Editorial Notes
References in Text
The Social Security Act, referred to in subsec. (b), is act Aug. 14, 1935, ch. 531,
Prior Provisions
A prior section 923 of act July 1, 1944, was renumbered section 943 and is classified to
Another prior section 923 of act July 1, 1944, was classified to
§299b–24. Patient safety organization certification and listing
(a) Certification
(1) Initial certification
An entity that seeks to be a patient safety organization shall submit an initial certification to the Secretary that the entity—
(A) has policies and procedures in place to perform each of the patient safety activities described in
(B) upon being listed under subsection (d), will comply with the criteria described in subsection (b).
(2) Subsequent certifications
An entity that is a patient safety organization shall submit every 3 years after the date of its initial listing under subsection (d) a subsequent certification to the Secretary that the entity—
(A) is performing each of the patient safety activities described in
(B) is complying with the criteria described in subsection (b).
(b) Criteria
(1) In general
The following are criteria for the initial and subsequent certification of an entity as a patient safety organization:
(A) The mission and primary activity of the entity are to conduct activities that are to improve patient safety and the quality of health care delivery.
(B) The entity has appropriately qualified staff (whether directly or through contract), including licensed or certified medical professionals.
(C) The entity, within each 24-month period that begins after the date of the initial listing under subsection (d), has bona fide contracts, each of a reasonable period of time, with more than 1 provider for the purpose of receiving and reviewing patient safety work product.
(D) The entity is not, and is not a component of, a health insurance issuer (as defined in
(E) The entity shall fully disclose—
(i) any financial, reporting, or contractual relationship between the entity and any provider that contracts with the entity; and
(ii) if applicable, the fact that the entity is not managed, controlled, and operated independently from any provider that contracts with the entity.
(F) To the extent practical and appropriate, the entity collects patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers.
(G) The utilization of patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.
(2) Additional criteria for component organizations
If an entity that seeks to be a patient safety organization is a component of another organization, the following are additional criteria for the initial and subsequent certification of the entity as a patient safety organization:
(A) The entity maintains patient safety work product separately from the rest of the organization, and establishes appropriate security measures to maintain the confidentiality of the patient safety work product.
(B) The entity does not make an unauthorized disclosure under this part of patient safety work product to the rest of the organization in breach of confidentiality.
(C) The mission of the entity does not create a conflict of interest with the rest of the organization.
(c) Review of certification
(1) In general
(A) Initial certification
Upon the submission by an entity of an initial certification under subsection (a)(1), the Secretary shall determine if the certification meets the requirements of subparagraphs (A) and (B) of such subsection.
(B) Subsequent certification
Upon the submission by an entity of a subsequent certification under subsection (a)(2), the Secretary shall review the certification with respect to requirements of subparagraphs (A) and (B) of such subsection.
(2) Notice of acceptance or non-acceptance
If the Secretary determines that—
(A) an entity's initial certification meets requirements referred to in paragraph (1)(A), the Secretary shall notify the entity of the acceptance of such certification; or
(B) an entity's initial certification does not meet such requirements, the Secretary shall notify the entity that such certification is not accepted and the reasons therefor.
(3) Disclosures regarding relationship to providers
The Secretary shall consider any disclosures under subsection (b)(1)(E) by an entity and shall make public findings on whether the entity can fairly and accurately perform the patient safety activities of a patient safety organization. The Secretary shall take those findings into consideration in determining whether to accept the entity's initial certification and any subsequent certification submitted under subsection (a) and, based on those findings, may deny, condition, or revoke acceptance of the entity's certification.
(d) Listing
The Secretary shall compile and maintain a listing of entities with respect to which there is an acceptance of a certification pursuant to subsection (c)(2)(A) that has not been revoked under subsection (e) or voluntarily relinquished.
(e) Revocation of acceptance of certification
(1) In general
If, after notice of deficiency, an opportunity for a hearing, and a reasonable opportunity for correction, the Secretary determines that a patient safety organization does not meet the certification requirements under subsection (a)(2), including subparagraphs (A) and (B) of such subsection, the Secretary shall revoke the Secretary's acceptance of the certification of such organization.
(2) Supplying confirmation of notification to providers
Within 15 days of a revocation under paragraph (1), a patient safety organization shall submit to the Secretary a confirmation that the organization has taken all reasonable actions to notify each provider whose patient safety work product is collected or analyzed by the organization of such revocation.
(3) Publication of decision
If the Secretary revokes the certification of an organization under paragraph (1), the Secretary shall—
(A) remove the organization from the listing maintained under subsection (d); and
(B) publish notice of the revocation in the Federal Register.
(f) Status of data after removal from listing
(1) New data
With respect to the privilege and confidentiality protections described in
(2) Protection to continue to apply
If the privilege and confidentiality protections described in
(g) Disposition of work product and data
If the Secretary removes a patient safety organization from the listing as provided for in subsection (e)(3)(A), with respect to the patient safety work product or data described in subsection (f)(1) that the patient safety organization received from another entity, such former patient safety organization shall—
(1) with the approval of the other entity and a patient safety organization, transfer such work product or data to such patient safety organization;
(2) return such work product or data to the entity that submitted the work product or data; or
(3) if returning such work product or data to such entity is not practicable, destroy such work product or data.
(July 1, 1944, ch. 373, title IX, §924, as added
Editorial Notes
Prior Provisions
A prior section 924 of act July 1, 1944, was renumbered section 944 and is classified to
Another prior section 924 of act July 1, 1944, was classified to
§299b–24a. Activities regarding women's health
(a) Establishment
There is established within the Office of the Director, an Office of Women's Health and Gender-Based Research (referred to in this section as the "Office"). The Office shall be headed by a director who shall be appointed by the Director of Healthcare and Research Quality.
(b) Purpose
The official designated under subsection (a) shall—
(1) report to the Director on the current Agency level of activity regarding women's health, across, where appropriate, age, biological, and sociocultural contexts, in all aspects of Agency work, including the development of evidence reports and clinical practice protocols and the conduct of research into patient outcomes, delivery of health care services, quality of care, and access to health care;
(2) establish short-range and long-range goals and objectives within the Agency for research important to women's health and, as relevant and appropriate, coordinate with other appropriate offices on activities within the Agency that relate to health services and medical effectiveness research, for issues of particular concern to women;
(3) identify projects in women's health that should be conducted or supported by the Agency;
(4) consult with health professionals, nongovernmental organizations, consumer organizations, women's health professionals, and other individuals and groups, as appropriate, on Agency policy with regard to women; and
(5) serve as a member of the Department of Health and Human Services Coordinating Committee on Women's Health (established under
(c) Authorization of appropriations
For the purpose of carrying out this section, there are authorized to be appropriated such sums as may be necessary for each of the fiscal years 2010 through 2014.
(July 1, 1944, ch. 373, title IX, §925, as added
Editorial Notes
Prior Provisions
A prior section 925 of act July 1, 1944, was renumbered section 926 and is classified to
Another prior section 925 of act July 1, 1944, was renumbered section 945 and is classified to
Another prior section 925 of act July 1, 1944, was classified to
§299b–25. Technical assistance
The Secretary, acting through the Director, may provide technical assistance to patient safety organizations, including convening annual meetings for patient safety organizations to discuss methodology, communication, data collection, or privacy concerns.
(July 1, 1944, ch. 373, title IX, §926, formerly §925, as added
Editorial Notes
Prior Provisions
A prior section 926 of act July 1, 1944, was renumbered section 927 and is classified to
Another prior section 926 of act July 1, 1944, was renumbered section 946 and is classified to
Another prior section 926 of act July 1, 1944, was classified to
§299b–26. Severability
If any provision of this part is held to be unconstitutional, the remainder of this part shall not be affected.
(July 1, 1944, ch. 373, title IX, §927, formerly §926, as added
Editorial Notes
Prior Provisions
A prior section 927 of act July 1, 1944, was renumbered section 947, and is classified to
Another prior section 927 of act July 1, 1944, was classified to