Order Code RL31983
CRS Report for Congress
Received through the CRS Web
Patient Safety: Legislation to Promote
Voluntary Reporting of Medical Errors
Updated November 26, 2003
C. Stephen Redhead
Specialist in Life Sciences
Domestic Social Policy Division
Congressional Research Service ˜ The Library of Congress

---

Patient Safety: Legislation to Promote
Voluntary Reporting of Medical Errors
Summary
On July 23, 2003, the Senate Committee on Health, Education, Labor, and
Pensions (HELP) approved the Patient Safety and Quality Improvement Act (S. 720).
The legislation would establish federal evidentiary privilege and confidentiality
protections for data and reports on medical errors in an effort to encourage voluntary
reporting of such information. The House passed comparable legislation (H.R. 663)
on March 12, 2003. Congressional interest in patient safety grew out of the 1999
Institute of Medicine (IOM) report To Err Is Human, which concluded that
preventable medical errors cause as many as 98,000 deaths a year. The IOM
emphasized that medical errors are primarily the result of faulty systems, processes,
and conditions that lead people to make mistakes. It recommended establishing a
national mandatory reporting system to hold hospitals accountable for serious
medical errors, as well as developing voluntary, confidential systems for reporting
errors that result in little or no harm. Analysis of such voluntarily reported data could
be used to identify vulnerabilities in health care systems.
Twenty-one states mandate medical error reporting by general and acute care
hospitals. However, providers are reluctant to report adverse events because they
fear that the information will be used in malpractice litigation. States have sought
to allay those concerns by passing laws to protect reported data from legal discovery
and by de-identifying data and receiving reports anonymously. Such measures risk
limiting the usefulness of the data for research and quality management.
There are several national voluntary reporting systems for medical errors,
including the Patient Safety Information System within the Department of Veterans
Affairs. Analysis of these and other voluntary reporting systems — notably the
Aviation Safety Reporting System — has identified several design features associated
with effective programs. For example, the reporting process should be user-friendly
and the information kept confidential and protected from legal discovery. Also,
reports should be promptly evaluated by experts who are trained to recognize
underlying systems causes, and reporters should receive timely feedback with
recommendations for systems-based improvements.
To encourage voluntary reporting, H.R. 663 would protect reported information
from legal discovery in civil and administrative proceeding, and from a Freedom of
Information Act request. The bill would require the Agency for Healthcare Research
and Quality (AHRQ) to certify patient safety organizations to collect and analyze the
information reported by providers.
Such organizations would develop and
disseminate recommendations for systems-based solutions to improve patient safety
and health care quality. H.R. 663 would also require AHRQ to establish a national
database to receive and analyze de-identified information submitted by patient safety
organizations. The Senate bill (S. 720) would protect information from use in
criminal as well as civil and administrative proceedings, unless a judge determined
that it contained evidence of an intentional act to directly harm the patient. This
report will be updated as legislative events warrant.

---

Contents
Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
Medical Errors: A Systems Problem . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 2
Medication Errors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
Medical Errors Reporting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
State Mandatory Reporting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 4
Data Protection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Data Disclosure . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
Voluntary Reporting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
Aviation Safety Reporting System . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
National Medical Error Reporting Systems . . . . . . . . . . . . . . . . . . . . . . . . . 10
VA Patient Safety Information System . . . . . . . . . . . . . . . . . . . . . . . . 10
JCAHO Sentinel Events Reporting System . . . . . . . . . . . . . . . . . . . . . 11
Medication Errors Reporting Program . . . . . . . . . . . . . . . . . . . . . . . . . 12
MedMARx Program . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Food and Drug Administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
Designing Effective Reporting Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Patient Safety and Quality Improvement Act of 2003 . . . . . . . . . . . . . . . . . . . . . 16
H.R. 663 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Legislative History . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
S. 720 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Legislative history . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
Overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 17
List of Tables
Table 1. Characteristics of Mandatory and Voluntary Medical Errors
Reporting Systems as Proposed by the IOM . . . . . . . . . . . . . . . . . . . . . . . . . 5
Table 2. Design Characteristics of Voluntary Medical Errors Reporting
Systems . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
Table 3. Comparison of Key Provisions in H.R. 663/S. 720 with the
IOM Recommendations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
Table 4. Side-by-Side Comparison of H.R. 663 and S. 720 . . . . . . . . . . . . . . . . 20

---

Patient Safety: Legislation to Promote
Voluntary Reporting of Medical Errors
Introduction
On July 23, 2003, in a unanimous vote, the Senate Committee on Health,
Education, Labor, and Pensions (HELP) approved the Patient Safety and Quality
Improvement Act (S. 720). The measure now awaits consideration by the full Senate.
S. 720 is intended to encourage the voluntary reporting and analysis of information
on medical errors in order to improve health care systems and prevent errors from
being repeated. The House passed comparable legislation (H.R. 663) on March 12,
2003. This year’s legislative action on patient safety was spurred by the national
media attention surrounding the death of 17-year-old Jesica Santillan at Duke
University Medical Center. Santillan received a heart-lung transplant from an
incompatible donor, and the mismatch was not recognized until after the operation
was completed. She suffered a severe rejection reaction and multiple complications
and died on February 22, 2003.
Patient safety emerged as a major health policy issue in late 1999 with the
release of the Institute of Medicine’s (IOM) report To Err Is Human.1 The IOM
report concluded that preventable medical errors cause as many as 98,000 deaths
each year. It called on all parties to make improving patient safety a national health
policy priority. The IOM recommended establishing a national mandatory reporting
system to hold hospitals and other health care facilities accountable for errors that
lead to serious injury or death. It also encouraged the development of voluntary,
confidential systems for reporting medical errors that result in no harm (i.e., close
calls) or minimal harm. Analysis of such voluntarily reported information could then
be used to identify system vulnerabilities and develop preventive strategies.
The IOM based its conclusions on epidemiologic studies published in the 1980s
and early 1990s. While medical researchers were familiar with the published
estimates of the prevalence of medical errors in hospitals and other inpatient settings,
the information was new to the public and it caught the attention of federal and state
legislators and health care policymakers.
States responded to the IOM report by considering legislation to expand existing
mandatory reporting systems and, in some cases, enact new systems. Currently, 21
states have mandatory reporting systems. The goal is to hold hospitals and health
care providers accountable to the public for the most serious mistakes in the delivery
1 Institute of Medicine, To Err Is Human: Building a Safer Health System (Washington,
D.C.
National
Academy
Press,
1999).
The
report
is
available
online
at
[http://www.nap.edu].

---

CRS-2
of health care. However, providers are reluctant to provide information about errors
for fear of damage to their reputations and of malpractice liability. In an effort to
encourage providers to report errors, most states have adopted measures to protect
reporting system data from use by malpractice attorneys. Policymakers have had to
balance provider concerns about the legal consequences of making information
available to attorneys and patients with the desire for public accountability.
Following the release of the IOM report, several patient safety bills were
introduced in the 106th Congress to establish federal evidentiary privilege and
confidentiality protections for data and reports on medical errors in an effort to
encourage voluntary reporting.2 Most of the legislation was reintroduced in the 107th
Congress.
This report provides an overview and some analysis of the patient safety
legislation that is being considered by the 108th Congress. It begins with background
information on the nature and causes of medical errors, followed by a brief
comparison of the differences between mandatory and voluntary reporting systems.
The report then discusses some of the legal and policy issues facing state mandatory
reporting systems and major national voluntary reporting systems, and identifies
design features of effective reporting programs. It concludes with a discussion and
side-by-side comparison of H.R. 663 and S. 720.
Medical Errors: A Systems Problem
The IOM report defined error as the failure of a planned action to be completed
as intended (an error of execution) or the use of a wrong plan to achieve an aim (an
error of planning). Medical errors can happen at all stages of the process of care,
from diagnosis, to treatment, to preventive care. Not all errors result in harm. Those
that do are referred to as preventable adverse events. An adverse event is an injury
related to a medical intervention and not due to the underlying medical condition of
the patient. While adverse events are often attributable to error and, therefore,
preventable, they need not always be the result of medical mismanagement (see
discussion of adverse drug reactions below).
A limited number of published studies have examined adverse events among
hospitalized patients. Extrapolating from the results of two large, retrospective
reviews of hospital records, the IOM estimated that more than 1 million medical
errors occur each year in the United States, of which between 44,000 and 98,000 are
fatal.3 It also concluded that errors may cost the nation as much as $29 billion
2 Medical errors legislation included: the Medical Error Prevention Act of 2000 (H.R. 3672);
the Medicare Comprehensive Quality of Care and Safety Act of 2000 (H.R. 5404); the
Medical Error Reduction Act of 2000 (S. 2038); the Stop All Frequent Errors in Medicare
and Medicaid Act of 2000 (S. 2378); the Patient Safety and Errors Reduction Act (S. 2738);
and the Error Reduction and Improvement in Patient Safety Act (S. 2743).
3 Lucian L. Leape et al., “The Nature of Adverse Events in Hospitalized Patients: Results
of the Harvard Medical Practice Study II,” New England Journal of Medicine, vol. 324,
(continued...)

---

CRS-3
annually in direct medical costs and lost income and productivity. Some researchers
have challenged the accuracy of the IOM’s numbers, but there is general agreement
that the problem is serious.4 Still others say the IOM may have underestimated the
true incidence of medical errors because it only considered errors that occur among
hospital patients, which represent a small proportion of the total population at risk.
Many patients receive increasingly complex care in ambulatory settings such as
outpatient surgical centers, physicians’ offices, and clinics.
Echoing the views of most health care analysts, the IOM emphasized that
medical errors are primarily a systemic problem and generally not attributable to
individual negligence or misconduct.
Errors are the result of faulty systems,
processes, and conditions that lead people to make mistakes. According to the IOM,
health care lags behind other industries (e.g., aviation, nuclear power) that pay
attention to factors that affect performance, such as work hours, work conditions,
information technology, team relationships, and the design of tasks to make errors
more difficult to commit.
Medication Errors
While there have been few studies that examined all types of adverse events
occurring in hospitals and other provider settings, there is an abundant literature that
focuses on adverse drug events (i.e., adverse events specifically associated with
ordering and administering medication to patients). Adverse drug events are often
found to be the most common type of adverse event documented in hospital settings.
In its report, the IOM estimated that drug-related adverse events kill up to 7,000
Americans annually.
Although the distinction is not always clear, researchers divide adverse drug
events into two types: adverse drug reactions resulting from previously known or
newly detected side effects of drugs that are correctly prescribed and administered;
and injuries that are caused by errors in prescribing, dispensing, and administering
medication.
Examples of medication errors include physicians who prescribe
antibiotics to patients with documented allergies to those medications, nurses who
do not properly dilute intravenous solutions, and patients who fail to take
medications as directed.
Studies reveal that adverse drug events occur in 6.5% to more than 20% of
hospitalized patients, and that between one-quarter and one-half of these are due to
medication errors and are, therefore, avoidable.5 Newly published research on
3 (...continued)
1991, pp. 377-384. Eric J. Thomas et al., “Incidence and Types of Adverse Events and
Negligent Care in Utah and Colorado,” Medical Care, vol. 38, 2000, pp. 261-271.
4 Rodney A. Hayward and Timothy P. Hofer, “Estimating Hospital Deaths Due to Medical
Errors: Preventability Is in the Eye of the Beholder,” Journal of the American Medical
Association, vol. 286, 2001, pp. 415-420.
5 David Classen, “Medication Safety: Moving from Illusion to Reality,” Journal of the
American Medical Association, vol. 289, 2003, pp 1154-1156.

---

CRS-4
medication safety among Medicare patients in outpatient settings suggests that the
Medicare population as a whole may experience as many as 180,000 life-threatening
or fatal adverse drug events annually.6 It is important to recognize that the majority
of medication errors do not lead to an adverse drug event, either because they are
caught before the drugs are administered, or because they result in no ill effects. In
the IOM’s analysis, medication errors typically result from one or more failures in the
increasingly complex systems of medication management, rather than from
negligence on the part of individual health care practitioners.
Medical Errors Reporting Systems
The IOM recommended establishing a nationwide mandatory reporting
system for states to collect standardized information (initially from hospitals, but
eventually from other institutional and ambulatory health care settings) on adverse
events that result in death or serious harm. The primary purpose of mandatory
reporting systems is to hold providers accountable by ensuring that serious mistakes
are reported and investigated and that appropriate follow-up action is taken.
Organizations that continue unsafe practices risk citations, penalties, sanctions,
suspension or revocation of licenses, and possible public exposure and loss of
business. The IOM proposed that mandatory reporting system data be made available
to the public once they have been validated.
To complement the mandatory reporting of serious and fatal errors, the IOM
also recommended the development of voluntary reporting systems for collecting
information on errors that result in little or no harm. The focus of voluntary reporting
is the analysis and identification of systemic problems that could lead to more serious
types of errors, and the development of prevention strategies.
To encourage
reporting, the IOM further recommended that information collected under a voluntary
reporting system be strictly confidential and protected from legal discovery. Table
1 summarizes the differences between mandatory and voluntary reporting systems.
State Mandatory Reporting Systems
State adverse event reporting systems date back to the 1970s. The IOM
reviewed reporting systems in 13 states to learn more about their scope and
operations during the preparation of its 1999 report. Since the report’s release, more
than half of the states have introduced legislation to address the problem of medical
errors, and several have enacted laws to create new mandatory reporting systems or
modify existing ones. Twenty-one states now mandate reporting to state agencies of
adverse events by general and acute care hospitals.7
6 Jerry H. Gurwitz et al., “Incidence and Preventability of Adverse Drug Events Among
Older Persons in the Ambulatory Setting,” Journal of the American Medical Association,
vol. 289, 2003, pp. 1107-1116.
7 According to the National Academy for State Health Policy (NASHP), the states are: CA;
(continued...)

---

CRS-5
Table 1. Characteristics of Mandatory and Voluntary Medical
Errors Reporting Systems as Proposed by the IOM
Mandatory reporting systems
Voluntary reporting systems
Purpose
Accountability
Safety improvements; detection and
analysis of systemic problems before
serious injury or death occurs
System
State government
Private organization
administration
Obligation to
Establishes
legal
obligation
to
Relies on trust in the reporting
report errors
report; relies on penalties and
system and a commitment to its
sanctions to encourage compliance
purpose
Type of data
Medical errors that result in serious
Medical errors that result in no harm
reported
injury or death
(close calls) or minimal harm
Public disclosure
Validated information available to
Strictly
confidential;
only
de-
of data
the public
identified data publicly available
Use of reported
Verification of data to ensure
Analysis and interpretation of errors;
data
co nsistency
with
rep o rting
i d e n t i f i c a t i o n
o f
s y s t e m
definitions and attribution to error;
vulnerabilities;
development
of
analysis of data and identification of
preventive strategies
ways to avoid a reoccurrence of the
error; oversight and evaluation of
corrective actions taken
Sources: Institute of Medicine; National Academy for State Health Policy.
The reporting requirements vary widely from state to state, though all require
the disclosure of events that result in unanticipated death. In Florida, for example,
hospitals are required to report errors that result in certain specified injuries (e.g.,
brain or spinal damage), whereas health care facilities in Pennsylvania must report
“any situation or occurrence that could seriously compromise quality assurance or
patient safety.” According to a recent report, few states have the experts to analyze
more than a fraction of the reports they receive. Most reports are not investigated and
few hospitals receive any feedback.8
States face a difficult challenge in designing their reporting systems as they
attempt to reconcile two competing objectives. They must motivate health care
providers and facilities to report errors promptly and accurately, while at the same
7 (...continued)
CO; CT; FL; GA; KS; MA; ME; MN; NJ; NY; NV; OH; PA; RI; SC; SD; TN; TX; UT; and
WA. In Feb. 2003, Dr. Michelle Mello, Harvard School of Public Health, reviewed state
laws and determined that the reporting systems in four of the states (CA, MN, OH, TX) did
not meet all the requirements set out in the IOM report. For example, a state may require
hospitals to report certain incidents that do not meet the IOM’s definition of adverse events,
or mandate that hospitals collect and record data on adverse events, but not report them.
8 Lucian L. Leape, “Reporting of Adverse Events,” New England Journal of Medicine, vol.
347, 2002, pp. 1633-1638. (Hereafter cited as Leape, “Reporting of Adverse Events.”)

---

CRS-6
time holding them accountable through a system of public disclosure of information
about errors.
The IOM concluded that the public has a right to information
concerning the safety of the health care system. Providers, however, are reluctant to
report adverse events. They fear that publicly released data will lead to an increase
in malpractice lawsuits. The more comprehensive and organized the reporting
system database, the greater the legal threat it may pose to providers.
In its most recent report on state error reporting systems, the National Academy
for State Health Policy (NASHP) concluded that the balance between protecting data
from legal discovery and disclosing information to the public appears to be tipped in
favor of data protection.9
Data Protection
Attorneys may compel disclosure of information considered confidential by the
state through a variety of legal processes including: (1) Freedom of Information or
Open Records requests; (2) subpoenas; (3) legal discovery; and (4) admission into
evidence in a civil or administrative proceeding. To allay providers’ concerns about
litigation, states have pursued a variety of legal options to protect mandatory
reporting system data.10 Some states have exempted reporting system data from their
public disclosure (i.e., Freedom of Information) laws, while others have relied on
their existing peer review statutes.11 Peer review laws can provide strong protections
for reporting system data if they cover (or are interpreted to cover) all activities
related to the administration of the reporting system.
However, courts have
occasionally found that the rights of an individual to information relating to a
personal lawsuit trumps peer review protection.
For these reasons, most of the mandatory reporting systems established since the
IOM report have comprehensive, system-specific protections of data and reporters
built into the authorizing statute. For example, information may be protected from
discovery, subpoena, search warrant, and evidence in civil or administrative
proceedings. Protections for reporters may include exclusion from civil and criminal
lawsuits, monetary liability, state antitrust lawsuits, compelled testimony, and
employer retaliation (i.e., “whistleblower” protection).
System design features, such as de-identifying data and receiving reports
anonymously, may reduce the need for strong legal protections by making it more
difficult to link specific incidents to individuals or institutions. Of course, such
measures also limit the utility of the information to analysts.
9 National Academy for State Health Policy, How States Report Medical Errors to the
Public: Issues and Barriers (Portland, ME: NASHP, Oct. 2003). This report, hereafter cited
as NASHP, Oct. 2003, is one of several NASHP publications on patient safety and medical
errors. For more information, go to [www.nashp.org].
10 NASHP, Oct. 2003.
11 Peer review refers to a process by which physicians review and analyze the performance
of their colleagues to evaluate and improve the quality of health care. To encourage
participation and candor in the process, all states except New Jersey have enacted laws that
protect peer review information and participants from the legal process.

---

CRS-7
Despite their efforts to shield error information from legal discovery and public
disclosure, states have had limited success in encouraging providers to report adverse
events. Underreporting is a serious issue for state reporting systems and it can have
important consequences for health care quality.12 Failure to inform a patient of a
medical error may delay or deprive prompt treatment, which in turn may expose the
physician to greater liability. Underreporting also hinders research on the prevalence
and root causes of errors, hampering quality improvement initiatives.
While providers’ fears of legal exposure are real and must be addressed, it
remains unclear whether they have merit. There are no studies on whether reported
error information is being used in malpractice litigation. Moreover, there is little
research on the influence of specific laws on reporting behavior.
Further
complicating the issue is the fact that fear of liability is just one of several factors that
lead to the underreporting of medical errors. Other factors include facilities’ lack of
internal systems to identify events, the culture of medical practice that discourages
drawing attention to errors, fear of institutional sanctions, anxiety about maintaining
good relationships with peers, loss of business, damage to reputation, and whether
the amount of feedback and the potential benefits from reporting justify the time and
effort it takes to report. There is not enough evidence to predict the impact that
eliminating one or more of these disincentives would have on reporting behavior.13
Some degree of legal protection may be necessary to encourage reporting, but it may
not be sufficient to create an environmental conducive to reporting.14
Data Disclosure
The IOM recommended that mandatory reporting systems publicly disclose all
information uncovered during investigations. Polls indicate broad public support for
such disclosure, and some analysts argue that disclosure is necessary to drive
improvements in health care. However, according to NASHP, public disclosure of
adverse event information is “sporadic and inconsistent.” While some states are
prohibited from releasing certain data by statute, others that are permitted to
disclosure certain information refrain from doing so because of concerns that the data
are incomplete and unreliable and may be misinterpreted by the public. In some
cases, states are also reluctant to disclose information in order to alleviate the
concerns of hospitals and practitioners.15
NASHP found that seven states with mandatory reporting systems release
incident-specific data. The remaining 14 states issue or plan to issue aggregate
reports. Incident-specific data are most commonly provided on a request only basis.
Where information is available to the public, it is often difficult to access or requires
specific information on how and where to request the information in order to access
12 NASHP, Oct. 2003.
13 Wendy K. Miller and Frances H. Miller, “Medical Error Reporting: Professional Tensions
Between Confidentiality and Liability,” Massachusetts Health Policy Forum Issue Brief No.
13, 2001.
14 NASHP, Oct. 2003.
15 NASHP, Oct. 2003.

---

CRS-8
it. The data may be provided in raw form without accompanying analysis to assist
with interpretation.16
Overall, it appears that state reporting systems have had at best a modest impact
on improving patient safety.
Evidence from hospitals that the reporting and
investigation of serious events has led to improvement in patient safety is largely
anecdotal. As noted above, most state programs are plagued by underreporting,
especially in their early years of operation. The IOM report observed that few states
aggregate the data or analyze them to identify general trends. Analysis and follow-up
tend to occur on a case-by-case basis. The report cited limited resources and the
absence of standard reporting requirements as major impediments to making greater
use of the reported data. It concluded that “state programs appear to provide a public
response for investigation of specific events, but are less successful in synthesizing
information to analyze where broad system improvements might take place or in
communicating alerts and concerns to other institutions.” In some states, reporting
systems established by law are not operating due to a lack of funds.
The IOM recommended that state regulatory programs continue to operate
mandatory reporting systems as they have the authority to investigate specific cases
and issue penalties or fines. However, in order to establish a nationwide mandatory
reporting system, the IOM recommended that Congress (1) designate the National
Quality Forum as the entity responsible for issuing and maintaining reporting
standards to be used by states, (2) require health care institutions to report
standardized information on a defined list of adverse events, and (3) provide funds
and technical expertise to state governments to establish or improve their error
reporting systems.
The National Quality Forum (NQF), established in May 1999 following the
recommendation of the President’s Advisory Commission on Consumer Protection
and Quality in the Health Care Industry, is a private, nonprofit voluntary consensus
standards setting organization created to develop and implement a national strategy
for the measurement and reporting of health care quality. Acting on the IOM’s
recommendation, the NQF last year released a list of 27 serious, preventable adverse
events that should be reported by all licensed health care facilities. The list includes
standardized definitions of key terms to encourage consistent use and implementation
across the country.17
The IOM further proposed that the Department of Health and Human Services
(HHS) collect error reports should a state choose not to implement a mandatory
reporting system.
Currently, HHS does not require health care institutions or
providers to report information on medical errors.18 The IOM also recommended the
16 NASHP, Oct. 2003.
17 For more information on the NQF list, go to [http://www.qualityforum.org]. NASHP
recently released a report, Defining Reportable Adverse Events: A Guide for States Tracking
Medical Errors, which compares the NQF list with the requirements of existing state
reporting systems. The report is available online at [http://www.nashp.org].
18 The Centers for Medicare and Medicaid Services has launched several initiatives to
(continued...)

---

CRS-9
establishment of a Center for Patient Safety within AHRQ for states to share
information and expertise, and to receive and analyze aggregate reports from states
to identify persistent safety issues.
Voluntary Reporting Systems
As a complement to the mandatory reporting of serious errors, the IOM
recommended establishing voluntary reporting systems to collect information on less
serious mistakes that result in little or no harm. Information gathered by voluntary
reporting systems may be used to identify vulnerabilities and weaknesses in health
care systems and to make improvements to prevent serious errors from occurring.
Aviation Safety Reporting System
The IOM report and several more recent analyses have all highlighted the
Aviation Safety Reporting System (ASRS) as a potential model for establishing
national voluntary systems for reporting medical errors. ASRS was created in 1975
to encourage pilots, controllers, flight attendants, maintenance personnel, and others
in the civilian airline industry to report incidents or situations in which aviation safety
was compromised. The program has become well-established and trusted within the
airline industry and is credited with contributing to improvements in aviation safety
over the past 28 years. ASRS analyzes the voluntarily submitted aviation safety
incident reports to identify deficiencies and discrepancies in the national aviation
system so that corrective action can be taken. ASRS data are also used to support
policies and planning for improving the national aviation system, and to strengthen
the foundation of aviation human factors safety research. This is especially important
given estimates that as much as two-thirds of all aviation accidents and incidents are
rooted in human performance error. ASRS provides feedback to the aviation
community in the form of alert messages identifying problems that may require
immediate action, analytical reports, an online database, a monthly safety newsletter,
and a quarterly safety bulletin.
ASRS is administered by the National Aeronautics and Space Administration
(NASA) under an agreement with the Federal Aviation Administration (FAA), which
provides most of the program’s funding. ASRS receives more than 3,200 reports
each month. The program’s annual operating budget of approximately $2.5 million
(or about $70 per report received) covers report processing, alert messages, data
dissemination functions, special studies, and publication activities.
Persons who submit reports are given two types of protection: confidentiality,
and limited immunity from disciplinary action in the case of a potential violation of
federal air regulations. The FAA will not impose penalties upon individuals who
18 (...continued)
encourage hospitals and require Medicare certified nursing homes and home health agencies
to report publicly various measures of health care quality. For more information, go to
[http://www.cms.gov/quality].

---

CRS-10
complete and submit written incident reports to ASRS within 10 days after the
violation provided that:
! the violation was inadvertent and not deliberate;
! the violation did not involve a criminal offense or action which
discloses a lack of qualification or competency; and
! the person has not been found in any prior FAA enforcement action
to have committed a violation for a 5-year period prior to the date of
the incident.19
ASRS administrators attribute the program’s success to various factors.20 First,
the reports are held in strict confidence and reporters are immune from disciplinary
action if they report promptly. Second, reporting is simple and involves a one-page
form. Third, the program is responsive — reporters receive timely feedback — and
viewed as worthwhile by those that use it. And finally, the program is administered
by an agency (i.e., NASA) that is independent of the FAA, which regulates the
aviation industry.
ASRS is seen as complementing the work of the National
Transportation Safety Board (NTSB), which investigates aviation accidents that
result in death or serious injury or in which the aircraft sustains significant damage.
National Medical Error Reporting Systems
There are several national voluntary reporting systems for medical errors. They
include the Patient Safety Information System within the Department of Veterans
Affairs (VA) and the Joint Commission on Accreditation of Healthcare Organizations
(JCAHO) Sentinel Events Reporting System. Two national programs focus on
medication errors: the Medication Error Reporting program and the MedMARx
program. In addition to its mandatory reporting requirements for drug and medical
device manufacturers, the Food and Drug Administration also encourages health care
providers and the public voluntarily to report suspected adverse events involving
prescription and over-the-counter drugs.
VA Patient Safety Information System. The Department of Veterans
Affairs (VA), which manages one of the largest health care networks in the United
States, is generally recognized as a leader in the growing patient safety movement.21
In 1999, the VA established a National Center for Patient Safety (NCPS) to lead the
agency’s patient safety efforts and develop a culture of safety throughout the VA
health care system. The NCPS developed an internal, confidential, non-punitive
reporting and analysis system, the Patient Safety Information System (PSIS), which
19 Information on the ASRS is available online at [http://asrs.arc.nasa.gov].
20 Testimony of Linda J. Connell, Director, NASA Aviation Safety Reporting System, before
the U.S. Congress, House Committee on Veterans’ Affairs, Subcommittee on Oversight and
Investigations, Feb. 10, 2000.
21 The VA health care system operates 163 hospitals, 137 nursing homes, 73 comprehensive
home-care programs, and more than 850 ambulatory care and community-based outpatient
clinics. In 2002, more than 4.5 million people received health care in a VA facility, and the
outpatient clinics registered approximately 46.5 million visits. For more information, go to
[http://www.va.gov].

---

CRS-11
permits VA employees to report both adverse events and close calls without fear of
punishment. The PSIS is not a blame-free system. Events that are judged to be an
intentionally unsafe act (i.e., any events that result from a criminal act, a purposefully
unsafe act, or an act related to alcohol or substance abuse or patient abuse) can result
in the assignment of blame and punitive action.
Drawing on the experience of aviation and other “high-reliability” industries,
NCPS officials argue that confidential, non-punitive reporting systems are key to
identifying vulnerabilities and analyzing underlying systemic problems in health care.
They contend that an over-reliance on punitive accountability systems has been a
major impediment to improving patient safety. Accountability systems do not
encourage identification of potential problems, nor do they provide any incentive for
reporting.
The PSIS is intended to supplement the VA’s existing accountability systems.
It takes a systems approach to improving patient safety based on prevention, not
punishment. Using tools developed by NCPS, multidisciplinary teams conduct a root
cause analysis of reported adverse events. Root cause analysis is a process for
identifying the causal factors that underlie an event. It focuses primarily on systems
and processes, not individual performance. The end product of a root cause analysis
is an action plan outlining strategies that the organization intends to implement to
reduce the risk of a similar event occurring in the future.
Following PSIS implementation, NCPS saw a 900-fold increase in reporting of
close calls, and a 30-fold increase in reporting of adverse events. For its efforts in
improving patient safety in the VA health care system, NCPS was awarded the
prestigious Innovations in American Government Award in 2001. The PSIS now
serves as a benchmark and is being used and emulated by other health care programs,
nationally and internationally.22
In May 2000, the VA signed an agreement with NASA to develop the Patient
Safety Reporting System (PSRS), an independent, external reporting system. The
PSRS, which was inaugurated last year at VA hospitals nationwide, is operated by
NASA and modeled after the ASRS. It is intended to provide VA employees with
a “safety valve” that allows them confidentially to report close calls or adverse events
that, for whatever reason, would otherwise go unreported. All personnel and facility
names, facility locations, and other potentially identifying information are removed
before reports are entered into the PSRS database. Only NASA personnel assigned
to the reporting system can review data until the de-identification process is
complete.23
JCAHO Sentinel Events Reporting System. JCAHO is an independent,
nonprofit organization that evaluates and accredits nearly 18,000 health care
22 Testimony of Dr. James P. Bagian, Director, National Center for Patient Safety, before
the U.S. Congress, Senate Committee on Governmental Affairs, Permanent Subcommittee
on Investigations, June 11, 2003. Additional information about the NCPS is available online
at [http://www.patientsafety.gov].
23 Information on the PSRS is available online at [http://www.psrs.arc.nasa.gov].

---

CRS-12
organizations and programs in the United States, including hospitals, health care
networks, managed care organizations, and health care organizations that provide
home care, long term care, behavioral health care, laboratory, and ambulatory care
services. JCAHO initiated a sentinel event reporting system for hospitals in 1996.
A sentinel event is defined as one that results in an unanticipated death or major
permanent loss of function not related to the natural course of the patient’s illness or
underlying condition. Sentinel events also include: patient suicide in a setting that
provides round-the-clock care; rape; infant abduction or discharge to the wrong
facility; major incompatibility reactions in blood transfusion recipients; and surgery
on the wrong patient or body part.24
Accredited hospitals are expected to identify and respond to all sentinel events
by conducting a root cause analysis, implementing improvements to reduce risk, and
monitoring the effectiveness of those improvements. To encourage sentinel event
reporting, JCAHO has established a policy of not penalizing the accreditation status
of an organization that reports such events and performs a root cause analysis.
Reporting sentinel events to JCAHO is not entirely voluntary. If a hospital fails to
report an event and JCAHO learns of it from a third party, it requires the hospital to
conduct a root cause analysis or risk loss of accreditation. JCAHO analyzes the
error-related information it receives and publishes recommendations in the Sentinel
Event Alert. Despite these efforts, few hospitals report sentinel events because they
view the program as cumbersome, time-consuming, unresponsive, and potentially
risky. They are concerned about the confidentiality of the information and fear that
public disclosure of reports may damage their reputation and lead to a decline in
business, a loss of license or accreditation, and litigation.25
Medication Errors Reporting Program. The Medication Errors Reporting
(MER) program was started in 1975 by the Institute for Safe Medication Practices
(ISMP), a nonprofit organization that works with healthcare practitioners, regulatory
agencies, professional organizations, and the pharmaceutical industry to provide
education about adverse drug events and their prevention. Since 1991, the MER
program has been owned and administered by the U.S. Pharmacopeia (USP). USP
is a nonprofit, private organization that establishes legally recognized standards for
the quality, strength, purity, packaging, and labeling of medicines for human and
veterinary use.
The MER program receives voluntary and confidential reports from
practitioners — primarily pharmacists — via mail, telephone, and the Internet.
Reporters are informed that a de-identified copy of the report is routinely sent to
ISMP, the Food and Drug Administration (FDA), and the pharmaceutical company
whose product is mentioned in the report. With permission, the reporter’s name is
disclosed to ISMP, which provides an independent review of the report. Errors or
near-errors reported through the MER program include administering the wrong
drug, strength, or dose, confusion over look-alike and sound-alike drugs, incorrect
24 More information is available on JCAHO’s Web site at [http://www.jcaho.org].
25 Testimony of Dr. Dennis S. O’Leary, President, Joint Commission on Accreditation of
Healthcare Organizations, before the U.S. Congress, House Committee on Ways and Means,
Subcommittee on Health, Feb. 10, 2000.

---

CRS-13
route of administration, and errors in prescribing and transcribing. ISMP publishes
biweekly reports with recommendations and periodic special alerts.26
MedMARx Program. USP’s MedMARx program, begun in 1998, is an
Internet-based, voluntary system for hospitals to report medication errors. Hospitals
must subscribe to MedMARx in order to use the program. Employees of hospitals
that subscribe may report a medication error anonymously to MedMARx by
completing a standardized form. Hospital management is then able to retrieve
compiled data on its own facility and also obtain nonidentifiable comparative
information on other participating hospitals. Information is not shared with FDA.
The JCAHO framework for conducting a root cause analysis is on the MedMARx
system for the convenience of reporters to download the forms, but the programs are
not integrated.
USP recently released its fourth annual national report, which summarizes the
medication error data collected by MedMARx during 2002.27 The analysis was based
on 192,477 medication errors voluntarily reported by 482 hospitals and health care
facilities nationwide. Most of the errors were corrected before causing harm to
patient. However, 3, 213 errors (1.7%) resulted in patient injury. Of that total, 514
required initial or prolonged hospitalization, 47 required intervention to sustain life,
and 20 resulted in a patient’s death. The report noted that seniors are especially
vulnerable to hospital medication errors. A majority (55%) of the fatal errors
reported involved seniors.
The 2002 MedMARx report also found that the incorrect preparation and
administration of medications is responsible for the largest number of harmful errors.
Health care facilities reported that workplace distraction was the leading factor
contributing to medication errors. It was cited in 43% of the error reports. A limited
number of high-alert medications (e.g., insulin, heparin, and morphine) caused the
most severe injuries.
MedMARx has received generally favorable reviews from analysts.
The
program incorporates some of the same design features that are found in ASRS.
Hospital employees view MedMARx reporting as relatively safe and straightforward.
Unlike JCAHO’s system for hospitals to report events with serious outcomes,
MedMARx relies on individual employees submitting anonymous reports of all types
of medication errors, whether or not they result in harm. MedMARx is also very
responsive. The data are analyzed by experts, and reporters receive timely feedback
of useful information.28
Food and Drug Administration. The FDA regulates the manufacturers of
prescription and over-the-counter drugs, medical and radiation-emitting devices, and
biological products (e.g., antitoxins, vaccines, blood), among other things. After
26 More information on the MER program is available online at [http://www.usp.org].
27 U.S. Pharmacopeia, Summary of Information Submitted to MedMARx in 2002: The Quest
for Quality (Rockville, MD.: 2003).
28 Leape, “Reporting of Adverse Events.”

---

CRS-14
FDA approves a new drug or device, the agency continues to monitor its safety
through postmarketing surveillance. Adverse event reporting is a major component
of postmarketing surveillance. For medical devices, manufacturers are required to
report deaths, serious injuries, and malfunctions to FDA. Hospitals, nursing homes,
and other user facilities are also required to report deaths to both the manufacturer
and FDA, and to report serious injuries to the manufacturer. For suspected adverse
events associated with drugs, reporting is mandatory for manufacturers. Health care
professionals and consumers may voluntarily report suspected adverse drug events
and device problems through FDA’s Medical Products Reporting Program,
MedWatch, which allows reporting by phone (toll-free), fax, direct mail (using a
postage-paid form), and Internet. All MedWatch reports are evaluated and entered
into one of the agency’s databases for analysis.29
FDA receives approximately 235,000 reports annually for adverse drug events
and more than 80,000 reports on device problems. The agency decides whether any
corrective action is necessary on a case-by-case basis, by considering the
unexpectedness and seriousness of the event, the vulnerability of the population
affected, and the available options for prevention. If corrective action is warranted,
FDA generally pursues one of three strategies. The first and most common strategy
is to negotiate with the manufacturer to make the desired changes. Second, FDA may
take regulatory action to compel a manufacturer to act. Finally, the agency may
attempt to inform health care professionals and the public about the risks associated
with a particular drug through published articles, direct mailings, and Internet
postings.
FDA recently proposed two new regulations to reduce medication errors.30 The
first requires bar coding on medications.
The second revises manufacturer’s
reporting requirements and is intended to improve FDA’s ability to monitor and
improve the safe use of medications. The proposal requires manufacturers to submit
to FDA, within 15 days, all reports they receive of actual and potential (i.e., near-
miss) medication errors. An example of a potential medication error would be a
pharmacist who selects the wrong drug because of a similar sounding name but
catches the mistake before dispensing the medication. If the pharmacist elects to
report the incident to the manufacturer, then under the proposed rule the
manufacturer must report it to FDA.
The proposal also requires the use of
internationally agreed definitions and reporting formats, which will allow companies
to prepare a single report for submission to major regulatory agencies worldwide.
Designing Effective Reporting Systems
Table 2 summarizes the design features that analysts have identified as essential
for an effective reporting program. An effective program is one that encourages
reporting, analyzes the data to identify vulnerabilities in the health care system, and
29 Institute of Medicine, 1999. More detailed information on FDA’s reporting requirements
may be found online at [http://www.fda.gov].
30 68 Federal Register 12465, Mar. 14, 2003.

---

CRS-15
promotes the development of preventive strategies to improve patient safety.31 The
IOM report recommended against establishing a comprehensive national voluntary
reporting system modeled after ASRS. For one thing, several national reporting
systems already exist, particularly for medication errors. Moreover, a comprehensive
national reporting system would require an enormous investment in funding and
personnel, in view of the potential volume of reports. With an estimated 1 million
errors each year in hospital settings alone, plus an even greater number of close calls,
the analysis of even a fraction of these events would require many expert analysts,
all of whom would have to be recruited and trained.
Table 2. Design Characteristics of
Voluntary Medical Errors Reporting Systems
Characteristic
Explanation
User-friendly
The reporting process is broadly understood and report forms are readily
available and user-friendly.
Nonpunitive
Reporters are not subject to retaliation or punishment from others as a result
of reporting errors.
Confidential
The identities of the patient, reporter, and health care institution are not
revealed to a third party.
Privileged
Reports are protected from legal discovery and inadmissible in court or other
proceedings prior to de-identification.
Independent
The system is independent of any authority with power to punish the reporter
or health care institution.
Expert analysis
Reports are evaluated by experts who understand the clinical circumstances
and are trained to recognize underlying systems causes.
Systems-oriented
Analysis and recommendations focus on systems, processes, and products,
rather than on individual performance.
Responsive
Reports are analyzed promptly, recommendations are rapidly disseminated,
and reporters receive timely feedback.
De-identification
Aggregated, de-identified data are publicly available.
Source:
Based on Leape, “Reporting of Adverse Events”; Raymond and Crane, “Design
Considerations.”
The IOM said that the existing reporting systems should be encouraged and
promoted within health care organizations and that better use should be made of the
reported information. New systems should be focused on specific areas of medical
care (e.g., surgery, pediatrics) and even particular care settings. That approach would
help manage the potential volume of reports and match the expertise to the problems.
There also needs to be a mechanism for sharing information across different
reporting systems. A report in one system may have relevance for another system
31 Brian Raymond and Robert M. Crane, “Design Considerations for a Patient Safety
Improvement Reporting System,” Kaiser Permanente, Institute for Health Policy, Apr. 2001.
(Hereafter cited as Raymond and Crane, “Design Considerations.”)

---

CRS-16
(e.g., errors in surgery that also involve medications).
Along with its
recommendation on reporting systems, the IOM also recommended the establishment
of a federal Center for Patient Safety to set national goals, fund research, evaluate
methods for identifying and preventing medical errors, and disseminate information
on best practices.
Patient Safety and Quality Improvement Act of 2003
H.R. 663
Legislative History. The House passed the Patient Safety and Quality
Improvement Act (H.R. 663, H.Rept. 108-28) on March 12 by a vote of 418 — 6.
H.R. 663 was approved by the Energy and Commerce Committee on February 12.
On February 27, the Ways and Means Committee approved parallel legislation (H.R.
877, H.Rept. 108-31). While the two measures contain broadly similar provisions,
they would amend different statutes, reflecting the differences in committee
jurisdiction. The Ways and Means bill would amend the Medicare statute (i.e.,
Social Security Act Title XVIII) and apply only to hospitals and other health care
facilities and their employees that provide health care services under Medicare Part
A. In contrast, the legislation approved by Energy and Commerce would amend the
Public Health Service (PHS) Act and have broader coverage. H.R. 663 would apply
to any individual or entity licensed to provide health care services. Following
negotiations between members of both panels, lawmakers agreed that the new law
should be written into the PHS Act and that the Energy and Commerce bill should
be brought to the floor for consideration by the full House.32
Overview. H.R. 663 is intended to encourage the reporting and analysis of
medical errors by providing legal protection for information that is voluntarily
submitted to patient safety organizations. The protections would apply to certain
categories of documents and communications termed “patient safety work product,”
which are developed by health care providers for reporting to such organizations.
Patient safety work product would be privileged and not subject to: a civil or
administrative subpoena; discovery in connection with a civil or administrative
proceeding; or disclosure under the Freedom of Information Act. Moreover, it could
not be used in any adverse employment action against an employee who in good faith
reports the information to a provider (with the intention of having it reported to a
patient safety organization) or reports the data directly to a patient safety
organization. Patient safety work product would not encompass documents or
communications that are part of traditional medical record keeping.
(Such
information includes patients’ medical records, billing records, hospital policies, and
records of drug deliveries, that is, information that has been developed, maintained,
or which exists separately from patient safety work product.) Only information
specifically created for patient safety organizations would be protected.
32 The House Energy and Commerce, and Ways and Means Committees first approved
medical errors legislation in September 2002. At that time, lawmakers were unable to agree
on which bill to bring to the House floor.

---

CRS-17
Under the House legislation, patient safety organizations would be certified by
AHRQ to collect and analyze patient safety work product submitted by providers, and
to develop and disseminate recommendations for systems-based solutions to improve
patient safety and health care quality. Any public or private organization seeking
certification as a patient safety organization would have to meet certain criteria. For
example, they would have to contain appropriately qualified staff, including licensed
or certified medical professionals, and not be part of a health insurance company. A
patient safety organization would also have to be managed and operated
independently from any provider that reported to it. The House bill does not include
any language that would encourage the establishment of patient safety organizations
in every state or region of the country.
H.R. 663 would require AHRQ to establish a national database to receive and
analyze de-identified information submitted by patient safety organizations.
Information in the national database would be available to the public. The bill would
also require AHRQ to develop voluntary national standards to promote the
interoperability of health information technology systems.33
In addition to the provisions aimed at supporting voluntary reporting of medical
errors, H.R. 663 would instruct the FDA to issue standards for unique product
identifiers (e.g., bar codes) on the packaging of drugs and biological products. It also
would authorize grant programs for electronic prescribing and other information
technology to prevent errors. Finally, H.R. 663 would create a Medical Information
Technology Advisory Board to make recommendations to HHS and Congress on
fostering the development and use of information technologies to reduce medical
errors.
S. 720
Legislative history.
On March 26, 2003, Senator Gregg introduced
bipartisan medical errors legislation (S. 720), cosponsored by Senators Frist, Jeffords,
and Breaux. Following negotiations between Senator Gregg, who chairs the HELP
Committee, and Senator Kennedy, the panel’s ranking member, the committee
unanimously approved an amended version of the bill on July 23, 2003.
Overview. S. 720, as reported, has the same basic structure as the House-
passed legislation, but there are several key differences. First, the legal protections
in S. 720 would apply to all “patient safety data.” That term appears to be more
broadly defined than the corresponding term (i.e., patient safety work product) in the
House bill.
It includes, for example, “any data, reports, records, memoranda,
analyses, or statements that could result in improved patient safety or health care
quality or health care outcomes, that are ... collected from a provider....” S. 720
further states that the term patient safety data “shall not include information
(including a patient’s medical record) that is collected or developed separately from
and that exists separately from [such] data.”
33
Interoperability refers to the ability of two or more systems (e.g., computers,
communications devices, networks, software, and other information technology
components) to interact with one another and exchange data .

---

CRS-18
Some analysts have noted that other kinds of data used for patient safety
reasons, such as medical outcomes or infection rate data, may fall under the Senate
bill’s broad definition of patient safety data, in which case the information would be
confidential and not subject to public disclosure. That raises some concern that S.
720, as currently drafted, might have the unintended effect of preempting various
state reporting laws (e.g., hospital-acquired infection reporting laws, medical
outcomes reporting laws). State mandatory error reporting laws that provide less
confidentiality protection might also be preempted.
Second, the Senate legislation would provide greater legal protections for patient
safety information by shielding the information from use in criminal as well as civil
and administrative proceedings. S. 720 would protect patient safety data from use
in a criminal action unless a judge determines that it contains evidence of an
intentional act to harm the patient directly. Senate HELP Committee Democrats fear
that the legislation would protect too much information, thus compromising the
rights of insured patients to sue providers for compensation. They want to include
language that would make error reports available for all prosecutions of criminal acts
of negligence or reckless endangerment of patients.
Some patient safety experts believe that those concerns are unfounded and that
the bill’s legal privileges should not be weakened otherwise providers will be less
inclined to report information on a voluntary basis. They stress that making patient
safety information confidential and privileged does not deprive any of the existing
internal and external accountability systems of the information that they require.
Voluntary reports on close calls and other problems would not otherwise exist were
it not for a confidential system.34
Third, S. 720 does not give AHRQ such a direct role in establishing certification
criteria for patient safety organizations, as does the House measure. The Senate bill
would require an organization seeking to become a patient safety organization to
provide documentation to AHRQ that it intends to perform the activities outlined in
the legislation.
Finally, S. 720 does not include any provisions on unique product identifiers,
health information technology grants, or the establishment of a Medical Information
Technology Advisory Board. Senate Democrats favor inclusion of the House-passed
provisions authorizing grants to providers for electronic prescribing and other error-
reducing information technologies.
Table 3 compares the key provisions of H.R. 663 and S. 720 with the IOM
report’s recommendations. While the legislation seeks to implement the IOM’s
recommendations for voluntary reporting of medical errors, it does not address
mandatory reporting to states. Table 4 provides a detailed side-by-side comparison
of the provisions in the House-passed legislation with those in the Senate bill, as
reported.
34 Testimony of Dr. James P. Bagian, Director, National Center for Patient Safety, before
the U.S. Congress, Senate Committee on Health, Education, Labor, and Pensions, May 24,
2003.

---

CRS-19
Table 3. Comparison of Key Provisions in H.R. 663/S. 720 with the IOM Recommendations
IOM report To Err is Human: Recommendations
Patient Safety and Quality Improvement Act (H.R. 663, S. 720)
Establish a Center for Patient Safety within AHRQ to set national goals, fund research,
Directs AHRQ to establish a National Patient Safety Database [H.R. 663] or a network
evaluate methods for identifying and preventing medical errors, and disseminate
of databases [S. 720] to receive and analyze nonidentifiable medical errors information
information on best practices. Annual funding for the Center should begin at $30-35
voluntarily reported by patient safety organizations (PSOs, see below). Allows AHRQ
million, increasing over time to at least $100 million.
to provide technical assistance to PSOs and to establish common standards for
reporting such information. Authorizes such sums as may be necessary for these
activities.
Establish a nationwide mandatory reporting system for states to collect standardized
No provisions.
information (initially from hospitals, but eventually from other institutional and ambulatory
care settings) on adverse events that result in death or serious harm. Designate the Center
to receive and analyze aggregate reports from states to identify persistent safety issues.
Encourage the development of voluntary, confidential reporting systems for collecting
Provides for public and private organizations that meet certain criteria to be designated
information on errors that result in little or no harm. Require the Center to disseminate
as PSOs to collect confidential information on medical errors that is voluntarily
information on existing voluntary reporting systems, convene workshops, encourage
submitted by providers. PSOs would analyze errors and recommend systems-based
participation in voluntary reporting programs, and fund pilot projects for reporting systems.
solutions. Requires: (1) AHRQ to establish a process for certifying PSOs [H.R. 663];
or (2) PSOs to submit information to AHRQ for certification and listing [S. 720].
Protect patient safety information collected under a voluntary reporting system from legal
Protects information reported to PSOs from discovery in any civil or administrative
discovery, in order to encourage health care professionals and organizations to identify,
action, and from a Freedom of Information Act request. Note: S. 720 also protects
analyze, and report errors without fear of litigation.
information from discovery in a criminal proceeding.
Make patient safety the focus of performance standards for health care organizations and
No provisions.
professionals.
Require FDA to: develop and enforce standards for safe packaging and labeling of drugs;
Instructs the FDA to issue regulations requiring unique identifiers on drug and
test drug names to prevent sound-alike and look-alike errors; and work with doctors,
biological product packaging, including bar codes and other identifiers that can be read
pharmacists, and patients to respond to problems identified in post-marketing surveillance.
by scanners [H.R. 663 only]. Note: On Mar. 14, 2003, FDA proposed a new rule
requiring bar codes on packaging for prescription and over-the-counter drugs.
Encourage health care organizations to make a commitment to improving patient safety
Authorizes: (1) grants for physicians to establish electronic prescribing programs
and to implement safe medication practices.
within their practices; and (2) grants for hospitals to buy computers and software to
reduce medical errors [H.R. 663 only].

---

CRS-20
Table 4. Side-by-Side Comparison of H.R. 663 and S. 720
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Patient safety improvement (Amendments to Title IX of the Public Health Service Act)
Definitions
Defines identifiable information as information that reveals the identity of
Defines nonidentifiable information as information that does not reveal the
any provider, patient, or reporter of patient safety work product (includes
identity of a provider, a patient, or a reporter of patient safety data (includes
health information protected under the HIPAA privacy rule).
Defines
health information that meets the HIPAA privacy rule’s definition of de-
nonidentifiable information as information that does not reveal the identity
identified information). Defines patient safety organization (PSO) as a
of any provider, patient, or reporter of patient safety work product (includes
private or public organization, currently listed by AHRQ as a certified PSO
health information that meets the HIPAA privacy rule’s definition of de-
(see below), whose primary activity is to improve patient safety and the
identified information). Defines patient safety organization (PSO) as a
quality of health care delivery, that: (1) collects and analyzes patient safety
private or public organization, as certified by the Secretary, that: (1) as its
data submitted by more than one provider; (2) develops and disseminates to
primary activity, conducts activities to improve patient safety and health care
providers
information
on
improving
patient
safety,
including
quality; (2) collects and analyzes patient safety work product submitted by
recommendations, protocols, and best practices data; (3) uses patient safety
providers; (3) develops and disseminates to providers information such as
data to encourage a culture of safety and to assist providers in minimizing
recommendations, protocols, and best practice data; (4) uses patient safety
patient risk; (4) maintains the confidentiality and provides for the security of
data to encourage a culture of safety and to assist providers in minimizing
individually identifiable patient safety data; and (5) certifies to AHRQ that
patient risk; (5) maintains the confidentiality of identifiable information; (6)
it intends to perform these activities. Defines patient safety data as any
provides for the security of patient safety work product; and (7) submits
data, reports, records, memoranda, analyses, or statements that could result
nonidentifiable information to AHRQ for inclusion in any National Patient
in improved patient safety, health care quality, or health care outcomes, that
Safety Database. Defines patient safety evaluation system as a process for
are: collected or developed by a provider for reporting to a PSO, provided
collecting, managing, or analyzing information submitted to or by a PSO.
they are reported within a reasonable period of time; requested by a PSO;
Defines patient safety work product as any document or communication
reported to a provider by a PSO; or collected from a provider or PSO, or
(including any information,
report,
record,
memorandum,
analysis,
developed by a PSO. Patient safety data also means any deliberative work
deliberative work, statement, or root cause analysis) that is developed by a
or process or oral communications with respect to any patient safety data.
provider for reporting to a PSO, created by a PSO, or would reveal a patient
Patient safety data does not include information that is collected or developed
safety evaluation system. Patient safety work product does not include a
separately from and that exists separately from patient safety data. Defines
document or communication that is developed, maintained, or exists
provider as any person who is licensed or otherwise authorized by state law
separately from any patient safety evaluation system (e.g., patients’ medical
to provide health care services, or any other person specified in regulation.
records, billing records, hospital policies, records of drug deliveries). Defines
[New PHS Act Section 921]
provider as any individual or entity that is licensed or otherwise authorized
by state law to provide health care services, or any other person or entity
specified in regulation. [New PHS Act Section 921]

---

CRS-21
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Privilege and
Health information that is available from sources other than a patient safety
Designates patient safety data as privileged and not subject to: (1) a federal,
confidentiality
work product may be discovered or admitted in a civil or administrative
state, or local civil, criminal, or administrative subpoena; (2) discovery in
proceeding, if discoverable or admissible under applicable law. Designates
connection with a federal, state, or local civil, criminal, or administrative
patient safety work product as privileged and not subject to: (1) a civil or
proceeding; (3) disclosure pursuant to a Freedom of Information Act request;
administrative subpoena or order; (2) discovery in connection with a civil or
(4) admission as evidence or disclosure in any federal, state, or local civil,
administrative proceeding; (3) disclosure pursuant to a Freedom of
criminal, or administrative proceeding; or (5) use in a disciplinary proceeding
Information Act request; or (4) admission as evidence or disclosure in any
against a provider. With certain exceptions (see below), designates patient
federal or state civil or administrative proceeding.
safety data as confidential and not subject to disclosure.
Permits: (1) voluntary disclosure of nonidentifiable information; (2) voluntary
Permits: (1) disclosure of patient safety data in a criminal proceeding if a
disclosure of identifiable information by a provider or PSO, if such disclosure
court makes an in camera determination that such data contains evidence of
is authorized by the provider and meets the requirements of the HIPAA
an intentional act to directly harm the patient; (2) voluntary disclosure by a
privacy rule; (3) legally required disclosures to FDA, or voluntary disclosures
provider or PSO to the FDA with respect to an FDA-regulated product or
about FDA-regulated products and services to a federal patient safety
activity; (3) voluntary disclosure of nonidentifiable patient safety data by a
program; and (4) disclosure of patient safety work product by a provider to a
provider or PSO; (4) voluntary disclosure by a provider or PSO to the
PSO. None of these disclosures, nor the transfer of any patient safety work
Centers for Disease Control and Prevention (CDC); (5) disclosure of patient
product between a provider and a PSO, waives any privilege or protection
safety data by a provider or PSO to carry out activities described above (see
established by this Act.
definitions of patient safety data and PSO); (6) use or disclosure of patient
safety data by a provider or PSO for providing treatment, improving patient
safety, health care quality, or administrative efficiency, or any other
customary activity of the provider; (7) disclosure of patient safety data
among PSOs; (8) disclosure of patient safety data by a provider or PSO to
grantees or contractors conducting AHRQ-authorized research and
evaluations; and (9) disclosure of patient safety data by a provider to an
accrediting body that accredits that provider. Patient safety data that are used
or disclosed as per (5) — (9) above shall continue to be privileged and
confidential. Further, none of the above uses and disclosures of patient safety
data, as well as the inadvertent disclosure or use of patient safety data,
constitutes a waiver of any privilege or protection established under this Act.
Patient safety work product that is identifiable information received by a
Prohibits any action against a PSO to compel disclosure of information.
national accreditation organization in its capacity as a PSO may not be used
Prohibits an accrediting body from: (1) taking action against a provider based
in an accreditation action against the provider that reported the information.
on the good faith participation of the provider in collecting and reporting
[New PHS Act Section 922]
patient safety data; and (2) requiring a provider to reveal communications
with a PSO. [New PHS Act Section 922]

---

CRS-22
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Privilege and
Prohibits a health care provider from taking any adverse employment action
Prohibits a health care provider from taking any adverse employment action
confidentiality
against an employee who in good faith reports information to the provider
against an employee who in good faith reports information to the provider
(cont.)
(with the intention of having it reported to a PSO) or reports the data directly
(with the intention of having it reported to a PSO) or reports the data directly
to a PSO. Providers taking such action would be subject to civil monetary
to a PSO. Provides equitable relief (including reinstatement, back pay, and
penalties of up to $20,000 per violation.
restoration of benefits) to address a wrongful adverse employment action.
State providers must consent, in advance, to be subject to such civil action by
an employee, otherwise the Act’s patient safety data privileges do not apply.
Disclosure of patient safety work product in violation of these provisions is
Negligent or intentional disclosure of patient safety data in violation of the
unlawful and subject to fines of $10,000 per violation, if such disclosure
above confidentiality provisions is unlawful and subject to fines of not more
constitutes a negligent or knowing breach of confidentiality. If the disclosure
than $10,000 per violation. If the disclosure was in violation of HIPAA’s
was in violation of HIPAA’s privacy rule, then the HIPAA penalties apply
privacy rule, then the HIPAA penalties apply instead. The Act does not: (1)
instead. PSOs are treated as business associates under the HIPAA privacy
preempt federal, state, or local laws that provide greater confidentiality
rule. The Act does not otherwise affect the privacy rule. In addition, the Act:
protections or privileges; (2) limit, alter, or effect other federal, state, or local
(1) does not affect other peer review and confidentiality protections available
laws pertaining to patient-related data that are not privileged or confidential
under federal and state laws; (2) does not prevent providers and PSOs from
under this Act; (3) alter or affect implementation of the HIPAA privacy rule;
developing contracts requiring greater confidentiality, consistent with this Act
(4) prevent any provider, PSO, or other person from entering into a contract
and other applicable laws; and (3) does not preempt or otherwise affect state
requiring greater confidentiality or delegating authority to use or disclose
laws that require providers to report information that is not patient safety work
patient safety data in accordance with this Act; or (5) prohibit a provider
product. Patient safety work product held by PSOs that lose their certification
from reporting a crime to law enforcement authorities. [New PHS Act
remains privileged and confidential.
Section 922]
Requires the Secretary, within 18 months of any national database becoming
No provisions.
operational (see below), to prepare a draft report on strategies for reducing
medical errors, seek public comment on the draft, and submit it to the IOM for
review. Requires a final report to be submitted to Congress within 1 year of
completing the draft. [New PHS Act Section 922]

---

CRS-23
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
National Patient
Authorizes AHRQ to provide for the establishment and maintenance of a
Instructs AHRQ to maintain a network of databases to receive and analyze
Safety Database
National Patient Safety Database to receive and analyze nonidentifiable patient
nonidentifiable patient safety data voluntarily reported by PSOs, providers,
safety work product voluntarily reported by PSOs upon the request of the
and others. Permits AHRQ to establish common standards for reporting such
Secretary. Directs AHRQ to provide scientific support to PSOs. Requires
data. The purpose of the databases is to provide an interactive, evidence-
AHRQ, in consultation with representatives of PSOs, providers, and the health
based management resource for providers, PSOs, and others. [New PHS Act
information technology industry, to develop standards for reporting
Section 923]
nonidentifiable patient safety work product, consistent with HIPAA’s
Administrative Simplification standards.
Permits AHRQ, to the extent
practicable, to facilitate information exchange between providers and PSOs
and between such organizations and the database.
Only nonidentifiable
information may be reported to the database. [New PHS Act Section 923]
Technical
Allows AHRQ to provide technical assistance to PSOs and to states with
Allows AHRQ to provide technical assistance to PSOs, including annual
assistance
medical errors reporting systems, and to provide guidance on the type of data
meetings to discuss methodology, communication, data collection, and
to be voluntarily submitted to the National Patient Safety Database. [New PHS
privacy. [New PHS Act Section 925]
Act Section 924]
PSO certification
Requires AHRQ, within 6 months, to establish a process for certifying PSOs.
Requires an organization seeking to be a PSO to submit an initial certification
Certifications must be performed by the Secretary or by an approved federal
to AHRQ that it intends to perform the activities outlined under the definition
or state entity and reviewed every 3 years. Certifications may be revoked
of a PSO. An organization that at first collects patient safety data from only
upon a showing of cause.
Establishes staffing and other criteria for
one provider must within 2 years of its initial certification submit a
certification, including requirements for PSOs that are components of other
supplemental certification that it is collecting from multiple providers.
organizations. [New PHS Act Section 925]
Requires PSOs to renew their certification every 3 years. All certification
submissions are subject to AHRQ review and acceptance. Requires AHRQ
to compile and maintain a current list of certified PSOs. Requires AHRQ to
remove from the listing entities whose certification expires or is revoked.
[New PHS Act Section 924]

---

CRS-24
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
PSO certification
Authorizes AHRQ to revoke a PSO’s certification, after notice and an
(cont.)
opportunity for a hearing, if it determines that the organization does not
perform any of the activities required for certification. Requires a PSO,
within 15 days of a revocation, to inform AHRQ that it has taken all
reasonable steps to notify each provider whose patient safety data it collects
or analyzes of such revocation.
Provides for the Act’s privilege and
confidentiality protections to continue to apply to data held by a PSO that is
removed from the list of certified PSOs, including data submitted to such a
PSO within 30 days of its removal from the certification list. Requires PSOs
whose certification is revoked to transfer patient safety data to another PSO
with the approval of the provider, return such data to the provider, or destroy
the data. [New PHS Act Section 924]
Authorization of
Authorizes such sums as may be necessary for FY2004 — FY2008 for
Authorizes such sums as may be necessary for carrying out the provisions
appropriations
carrying out the provisions above.
above and for developing interoperability standards (see below). [New PHS
Act Section 927]
Interoperability of health care information technology systems
Voluntary
Requires the Secretary, within 18 months, to develop (and periodically review
Directs the Secretary, within 3 years, to develop or adopt voluntary national
standards
and update) voluntary national standards that promote the interoperability of
standards (subject to ongoing review and periodic updating) that promote the
health care information technology systems. Requires the Secretary to take
electronic exchange of health care information. [New PHS Act Section 926]
into account: (1) the ability of the standards to promote the aggregation of
clinical data, electronic exchange of medical records, and evidence-based
medicine; and (2) the costs of meeting such standards and the health care
efficiencies achieved. Requires the Secretary, to the extent practicable, to test
the efficiency, usability, and scalability of proposed standards within a variety
of clinical settings, and to submit to Congress recommendations on such
standards. Instructs the Secretary, in developing such standards, to consider
the recommendations of the National Committee for Vital and Health Statistics
and consult with representatives of the health information technology industry
and the provider community. Directs the Secretary to submit a report to
Congress containing recommendations on such standards.

---

CRS-25
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Impact of medical technologies and therapies on patient safety and health care costs
Report to Congress
No provisions.
Directs the Secretary to contract with a research organization to study the
impact of medical technologies and therapies on patient safety, patient
benefit, health care quality, health care costs, and productivity growth.
Requires the study to examine: the extent to which labor and technological
advances have contributed to the increase in national spending on health care;
the extent to which the early introduction and integration of innovative
medical technologies and therapies may affect the overall productivity and
quality of health care; and the relationship of such technologies and therapies
to patient safety and benefit, health care quality, and health care costs.
Requires the Secretary, within 18 months, to report the results of the study
to Congress.
Drug and Biological Product Identification (Amendments to Title V of the Federal Food, Drug, and Cosmetic Act)
Unique product
Instructs the FDA to issue regulations to require unique product identifiers on
No provisions.
identifiers
the packaging of drug and biological products, including bar codes and other
identifiers that can be read by scanners and other technologies. Identifiers
must be based on the National Drug Code or other acceptable technologies.
Drug and biological products without a unique product identifier are
considered misbranded. [Note: On Mar. 14, 2003, FDA proposed a new rule
requiring bar codes on packaging for prescription and over-the-counter drugs.]
Grants for Electronic Prescription Programs
Grants to
Authorizes grants to physicians and other health care professionals to establish
No provisions.
physicians
electronic prescription programs. Grantees would have to fund 50% of the cost
of the program. Directs AHRQ, within 18 months, to conduct a study and
report to Congress on the cost-effectiveness of electronic prescription
programs. Permits AHRQ to develop an Internet-based decision analytic
model to allow clinicians to simulate the health and economic impact of
electronic prescribing on their individual practices.

---

CRS-26
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Grants for Health Care Information Technology Systems
Grants to hospitals
Authorizes (through FY2011) grants for hospitals and other providers to pay
No provisions.
for computers and software to reduce medical errors and improve patient
safety and health care quality.
Directs the Secretary to give special
consideration to grant applicants who seek to promote: (1) interoperability
across hospital services and departments; (2) electronic communication of
patient data; and (3) computerized physician order entry or bar coding
applications. Specifies conditions for receipt of a grant. For example, the
grantee agrees to: (1) carry out a program to measure, analyze, and report
medical errors, and to submit to the Secretary a description of the
methodology that will be used; (2) evaluate the cost-effectiveness of the
information technologies for which the grant is provided and submit the
evaluation plan to the Secretary for approval; and (3) develop a patient safety
evaluation system (as defined above) for reporting errors to a PSO. Instructs
AHRQ to provide technical assistance to applicants and grantees. Grantees
would have to cover 50% of the costs and would only be eligible for one
grant. Requires grantees to submit an interim and a final report at 1 and 3
years, respectively. The final one-third of a grant would not be disbursed until
the grantee submitted the interim report. Beginning in FY2004, requires the
Secretary to submit to Congress annual interim reports on the grant program,
followed (within 180 days of the last interim report) by a final report with
recommendations for legislation and administrative action.
Authorizes $25 million for each of FY2004 and FY2005 for carrying out the
two grant programs above.

---

CRS-27
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Medical Information Technology Advisory Board (Amendments to Title XI of the Social Security Act)
Advisory board
Requires the Secretary, within 3 months, to appoint the Medical Information
No provisions.
Technology Advisory Board (MITAB) and designate a chairman. Requires
the MITAB chairman to be a member of the National Committee for Vital and
Health Statistics and be affiliated with an organization having expertise in
creating American National Standards Institute (ANSI) standards governing
health care information technology. The MITAB would consist of no more
than 17 members that include: (1) experts from the fields of medical
information,
information
technology,
medical
continuous
quality
improvement, medical records security and privacy, individual and
institutional clinical providers, health researchers, and health care purchasers;
(2) one or more staff experts from the Centers for Medicare and Medicaid
Services, AHRQ, and the IOM; (3) representatives of private organizations
with expertise in medical infomatics; (4) a representative of a teaching
hospital; and (5) one or more representatives of the health care information
technology industry.

---

CRS-28
H.R. 663 (Approved by the House, March 12, 2003)
S. 720 (Reported by Committee, July 23, 2003)
Advisory board
Directs the MITAB to advise and make recommendations to the Secretary
No provisions.
(cont.)
regarding medical information technology, including: (1) best practices in
medical information technology; (2) methods for adoption within 2 years of
a uniform health care information system interface between old and new
computer systems; (3) recommendations for health care vocabulary,
messaging, and a common lexicon for computer technology to achieve
interoperability of health information systems; and (4) methods of
implementing
health
care
information
technology
interoperability
standardization, and records security. Also, requires the MITAB to make
recommendations on methods to promote information exchange to enhance
compatibility among information systems in order to: (1) maximize positive
outcomes in clinical care by providing decision support for diagnosis and care,
and assisting in the emergency treatment of a patient at a facility with no
medical record of the patient; (2) contribute to the development of a patient
assessment instrument that minimizes the need for different records when
patients move from provider to provider; (3) reduce redundant paperwork; (4)
minimize medical errors; and (5) contribute to compatible information
technology architecture.
Requires the MITAB, within 18 months, to submit to Congress and the
Secretary an initial report of its deliberations and recommendations. The
report would include the status of health care information technology
standards, recommendations for accelerating the development of health care
terminology standards and completing development of health care information
system messaging standards, and progress towards meeting the 2-year
deadline for adoption of a uniform health care information system interface.
Annual reports would be due in each of the following 2 years after the initial
report is submitted.
MITAB would terminate 30 days after the date of
submission of its final report. Authorizes such sums as may be necessary for
each fiscal year to carry out these provisions.

---