In the 108th Congress, the House and Senate passed competing versions of the Patient Safety and Quality Improvement Act ( H.R. 663 , S. 720 ), but the differences between the two measures were never resolved. On March 9, 2005, the Senate Committee on Health, Education, Labor, and Pensions unanimously approved S. 544 , which is identical to S. 720 . The legislation would establish legal protections for data and reports on medical errors in an effort to encourage voluntary reporting of such information. The patient safety bills are in response to the 1999 Institute of Medicine (IOM) report To Err Is Human , which concluded that preventable medical errors cause as many as 98,000 deaths a year. The IOM found that medical errors are primarily the result of faulty systems, processes, and conditions that lead people to make mistakes. It recommended establishing a national mandatory reporting system to hold hospitals accountable for serious medical errors, as well as developing voluntary, confidential systems for reporting errors that result in little or no harm. Analysis of such voluntarily reported data could be used to identify vulnerabilities in health care systems.
Twenty-two states mandate medical error reporting by hospitals. However, providers are reluctant to report adverse events in part because they fear that the information will be used in malpractice litigation. States have sought to allay those concerns by passing laws to protect reported data from legal discovery and by de-identifying data and receiving reports anonymously. Such measures risk limiting the usefulness of the data for research and quality management.
There are several national voluntary reporting systems for medical errors, including the Patient Safety Information System within the Department of Veterans Affairs. Analysis of these and other voluntary reporting systems -- notably the Aviation Safety Reporting System -- has identified several design features associated with effective programs. For example, the reporting process should be user-friendly and the information kept confidential and protected from legal discovery. Also, reports should be promptly evaluated by experts who are trained to recognize underlying systems causes, and reporters should receive timely feedback with recommendations for systems-based improvements.
To encourage voluntary reporting, H.R. 663 would have protected reported information from legal discovery in civil and administrative proceeding, and from a Freedom of Information Act request. The bill required the Agency for Healthcare Research and Quality (AHRQ) to certify patient safety organizations to collect and analyze the information reported by providers. Such organizations would develop and disseminate recommendations for systems-based solutions to improve patient safety and health care quality. H.R. 663 also would have required AHRQ to establish a national database to receive and analyze de-identified information submitted by patient safety organizations. S. 544 would protect information from use in criminal as well as civil and administrative proceedings, unless a judge determined that it contained evidence of an intentional act to directly harm the patient. This report will be updated as legislative events in the 109th Congress warrant.
<font size="+1">List of Tables</font>
In the 108th Congress, the House and Senate passed competing versions of the Patient Safety and Quality Improvement Act (H.R. 663, S. 720), but the differences between the two measures were never resolved. On March 9, 2005, the Senate Committee on Health, Education, Labor, and Pensions unanimously approved S. 544, which is identical to S. 720. The legislation would establish legal protections for data and reports on medical errors in an effort to encourage voluntary reporting of such information. The patient safety bills are in response to the 1999 Institute of Medicine (IOM) report To Err Is Human, which concluded that preventable medical errors cause as many as 98,000 deaths a year. The IOM found that medical errors are primarily the result of faulty systems, processes, and conditions that lead people to make mistakes. It recommended establishing a national mandatory reporting system to hold hospitals accountable for serious medical errors, as well as developing voluntary, confidential systems for reporting errors that result in little or no harm. Analysis of such voluntarily reported data could be used to identify vulnerabilities in health care systems.
Twenty-two states mandate medical error reporting by hospitals. However, providers are reluctant to report adverse events in part because they fear that the information will be used in malpractice litigation. States have sought to allay those concerns by passing laws to protect reported data from legal discovery and by de-identifying data and receiving reports anonymously. Such measures risk limiting the usefulness of the data for research and quality management.
There are several national voluntary reporting systems for medical errors, including the Patient Safety Information System within the Department of Veterans Affairs. Analysis of these and other voluntary reporting systems -- notably the Aviation Safety Reporting System -- has identified several design features associated with effective programs. For example, the reporting process should be user-friendly and the information kept confidential and protected from legal discovery. Also, reports should be promptly evaluated by experts who are trained to recognize underlying systems causes, and reporters should receive timely feedback with recommendations for systems-based improvements.
To encourage voluntary reporting, H.R. 663 would have protected reported information from legal discovery in civil and administrative proceeding, and from a Freedom of Information Act request. The bill required the Agency for Healthcare Research and Quality (AHRQ) to certify patient safety organizations to collect and analyze the information reported by providers. Such organizations would develop and disseminate recommendations for systems-based solutions to improve patient safety and health care quality. H.R. 663 also would have required AHRQ to establish a national database to receive and analyze de-identified information submitted by patient safety organizations. S. 544 would protect information from use in criminal as well as civil and administrative proceedings, unless a judge determined that it contained evidence of an intentional act to directly harm the patient. This report will be updated as legislative events in the 109th Congress warrant.
In the 108th Congress, the House and Senate passed competing versions of the Patient Safety and Quality Improvement Act (H.R. 663, S. 720). Despite broad bipartisan support for the legislation, no further action took place before adjournment in December 2004. On March 9, 2005, the Senate Committee on Health, Education, Labor, and Pensions (HELP) unanimously approved a new patient safety bill (S. 544), which is identical to last year's Senate-passed measure. The patient safety legislation is intended to encourage the voluntary reporting of information on medical errors by establishing federal evidentiary privilege and confidentiality protections for such information. Health care providers are reluctant to report medical errors because they fear that the information will damage their reputations and be used in medical malpractice lawsuits.
Patient safety emerged as a major health policy issue in late 1999 with the release of the Institute of Medicine's (IOM) report To Err Is Human.(1) The IOM report concluded that preventable medical errors cause as many as 98,000 deaths each year and called on all parties to make improving patient safety a national health policy priority. It recommended establishing a national mandatory reporting system to hold hospitals and other health care facilities accountable for errors that lead to serious injury or death. Emphasizing that medical errors are primarily the result of faulty systems, process, and conditions that lead people to make mistakes, the IOM also recommended the development of voluntary, confidential systems for reporting medical errors that result in no harm (i.e., close calls) or minimal harm. Analysis of such voluntarily reported information could then be used to identify system vulnerabilities and develop preventive strategies. The Patient Safety and Quality Improvement Act attempted to implement that recommendation.
The IOM based its conclusions on epidemiologic studies published in the 1980s and early 1990s. While medical researchers were familiar with the published estimates of the prevalence of medical errors in hospitals and other inpatient settings, the information was new to the public and it caught the attention of federal and state legislators and health care policymakers. Indeed, a 1999 survey showed that patient safety was the most closely followed health policy story of the year.(2) As a result of the IOM report, numerous patient safety initiatives were initiated within the federal government and throughout the private sector, in health plans and health care trade organizations and accrediting and standard-setting bodies.
States responded to the IOM report by considering legislation to expand existing mandatory reporting systems and, in some cases, enact new systems. Currently, 22 states have mandatory reporting systems. The goal is to hold hospitals and health care providers accountable to the public for the most serious mistakes in the delivery of health care. In an effort to encourage providers to report errors, most states have adopted measures to protect reporting system data from use by malpractice attorneys. Policymakers have had to balance provider concerns about the legal consequences of making information available to attorneys and patients with the desire for public accountability.
Legislation to encourage medical errors reporting was first introduced in the 106th Congress, following the release of the IOM report.(3) Much of it was reintroduced in the 107th Congress and again in the 108th. Patient safety lies at the heart of the current debate on medical malpractice reform. Many trial attorneys defend the current tort system, claiming that the threat of litigation makes providers practice safer medicine. They view tort law as an important driver of health care quality. But experts on health care quality reject this argument. Echoing the IOM's recommendations, they contend that the only way to realize significant improvements in patient safety is by improving health care systems. And that, in turn, requires the analysis of medical errors report. By discouraging physicians from reporting such information, the tort system is in conflict with this approach to safety improvement.
This report provides an overview and some analysis of medical errors reporting and the House and Senate patient safety bills. It begins with background information on the nature and causes of medical errors, followed by a brief comparison of the differences between mandatory and voluntary reporting systems. The report then discusses some of the legal and policy issues facing state mandatory reporting systems and major national voluntary reporting systems, and identifies design features of effective reporting programs. It concludes with a discussion and side-by-side comparison of H.R. 663 and S. 544.
The IOM report defined error as the failure of a planned action to be completed as intended (an error of execution) or the use of a wrong plan to achieve an aim (an error of planning). Medical errors can happen at all stages of the process of care, from diagnosis, to treatment, to preventive care. Not all errors result in harm. Those that do are referred to as preventable adverse events. An adverse event is an injury related to a medical intervention and not due to the underlying medical condition of the patient. While adverse events are often attributable to error and, therefore, preventable, they need not always be the result of medical mismanagement (see discussion of adverse drug reactions below).
A limited number of published studies have examined adverse events among hospitalized patients. Extrapolating from the results of two large, retrospective reviews of hospital records, the IOM estimated that more than 1 million medical errors occur each year in the United States, of which between 44,000 and 98,000 are fatal.(4) It also concluded that errors may cost the nation as much as $29 billion annually in direct medical costs and lost income and productivity. Some researchers have challenged the accuracy of the IOM's numbers, but there is general agreement that the problem is serious.(5) Still others say the IOM may have underestimated the true incidence of medical errors because it only considered errors that occur among hospital patients, which represent a small proportion of the total population at risk. Many patients receive increasingly complex care in ambulatory settings such as outpatient surgical centers, physicians' offices, and clinics.
Echoing the views of most health care analysts, the IOM emphasized that medical errors are primarily a systemic problem and generally not attributable to individual negligence or misconduct. Errors are the result of faulty systems, processes, and conditions that lead people to make mistakes. According to the IOM, health care lags behind other industries (e.g., aviation, nuclear power) that pay attention to factors that affect performance, such as work hours, work conditions, information technology, team relationships, and the design of tasks to make errors more difficult to commit.
While there have been few studies that examined all types of adverse events occurring in hospitals and other provider settings, there is an abundant literature that focuses on adverse drug events (i.e., adverse events specifically associated with ordering and administering medication to patients). Adverse drug events are often found to be the most common type of adverse event documented in hospital settings. In its report, the IOM estimated that drug-related adverse events kill up to 7,000 Americans annually.
Although the distinction is not always clear, researchers divide adverse drug events into two types: adverse drug reactions resulting from previously known or newly detected side effects of drugs that are correctly prescribed and administered; and injuries that are caused by errors in prescribing, dispensing, and administering medication. Examples of medication errors include physicians who prescribe antibiotics to patients with documented allergies to those medications, nurses who do not properly dilute intravenous solutions, and patients who fail to take medications as directed.
Studies reveal that adverse drug events occur in 6.5% to more than 20% of hospitalized patients, and that between one-quarter and one-half of these are due to medication errors and are, therefore, avoidable.(6) Newly published research on medication safety among Medicare patients in outpatient settings suggests that the Medicare population as a whole may experience as many as 180,000 life-threatening or fatal adverse drug events annually.(7) It is important to recognize that the majority of medication errors do not lead to an adverse drug event, either because they are caught before the drugs are administered, or because they result in no ill effects. In the IOM's analysis, medication errors typically result from one or more failures in the increasingly complex systems of medication management, rather than from negligence on the part of individual health care practitioners.
The IOM recommended establishing a nationwide mandatory reporting system for states to collect standardized information (initially from hospitals, but eventually from other institutional and ambulatory health care settings) on adverse events that result in death or serious harm. The primary purpose of mandatory reporting systems is to hold providers accountable by ensuring that serious mistakes are reported and investigated and that appropriate follow-up action is taken. Organizations that continue unsafe practices risk citations, penalties, sanctions, suspension or revocation of licenses, and possible public exposure and loss of business. The IOM proposed that mandatory reporting system data be made available to the public once they have been validated.
To complement the mandatory reporting of serious and fatal errors, the IOM also recommended the development of voluntary reporting systems for collecting information on errors that result in little or no harm. The focus of voluntary reporting is the analysis and identification of systemic problems that could lead to more serious types of errors, and the development of prevention strategies. To encourage reporting, the IOM further recommended that information collected under a voluntary reporting system be strictly confidential and protected from legal discovery. Table 1 summarizes the differences between mandatory and voluntary reporting systems.
State adverse event reporting systems date back to the 1970s. The IOM reviewed reporting systems in 13 states to learn more about their scope and operations during the preparation of its 1999 report. Since the report's release, more than half of the states have introduced legislation to address the problem of medical errors, and several have enacted laws to create new mandatory reporting systems or modify existing ones. Twenty-two states now have laws or regulations that require general and acute care hospitals to report medical errors.(8)
Table 1. Characteristics of Mandatory and Voluntary Medical Errors Reporting Systems as Proposed by the IOM
| Mandatory reporting systems | Voluntary reporting systems | |
| Purpose | Accountability | Safety improvements; detection and analysis of systemic problems before serious injury or death occurs |
| System administration | State government | Private organization |
| Obligation to report errors | Establishes legal obligation to report; relies on penalties and sanctions to encourage compliance | Relies on trust in the reporting system and a commitment to its purpose |
| Type of data reported | Medical errors that result in serious injury or death | Medical errors that result in no harm (close calls) or minimal harm |
| Public disclosure of data | Validated information available to the public | Strictly confidential; only de-identified data publicly available |
| Use of reported data | Verification of data to ensure consistency with reporting definitions and attribution to error; analysis of data and identification of ways to avoid a reoccurrence of the error; oversight and evaluation of corrective actions taken | Analysis and interpretation of errors; identification of system vulnerabilities; development of preventive strategies |
Sources: Institute of Medicine; National Academy for State Health Policy.
The reporting requirements vary widely from state to state, though all require disclosure of events that result in unanticipated death. For example, Washington requires the reporting of medication-related errors, whereas Tennessee requires health care facilities to report any "unusual events." In Florida, hospitals are required to report errors that result in certain specified injuries (e.g., brain or spinal damage), whereas in Pennsylvania they must report "any situation or occurrence that could seriously compromise quality assurance or patient safety." Arizona requires health care facilities to review reports made by medical practitioners regarding violations of professional standards or the law. In contrast, New Jersey requires hospitals and other institutions to report "serious medical errors" to regulators and patients. Some states also include in their reporting mandates provisions to prevent the discovery of error information in civil or administrative proceedings. Few states have the experts to analyze more than a fraction of the reports they receive. Most reports are not investigated and few hospitals receive any feedback.(9)
States face a difficult challenge in designing their reporting systems as they attempt to reconcile two competing objectives. They must motivate health care providers and facilities to report errors promptly and accurately, while at the same time holding them accountable through a system of public disclosure of information about errors. The IOM concluded that the public has a right to information concerning the safety of the health care system. Providers, however, are reluctant to report adverse events. They fear that publicly released data will lead to an increase in malpractice lawsuits. The more comprehensive and organized the reporting system database, the greater the legal threat it may pose to providers.
In a 2003 report on state error reporting systems, the National Academy for State Health Policy (NASHP) concluded that the balance between protecting data from legal discovery and disclosing information to the public appears to be tipped in favor of data protection.(10)
Attorneys may compel disclosure of information considered confidential by the state through a variety of legal processes including: (1) Freedom of Information or Open Records requests; (2) subpoenas; (3) legal discovery; and (4) admission into evidence in a civil or administrative proceeding. To allay providers' concerns about litigation, states have pursued a variety of legal options to protect mandatory reporting system data.(11) Some states have exempted reporting system data from their public disclosure (i.e., Freedom of Information) laws, while others have relied on their existing peer review statutes.(12) Peer review laws can provide strong protections for reporting system data if they cover (or are interpreted to cover) all activities related to the administration of the reporting system. However, courts have occasionally found that the rights of an individual to information relating to a personal lawsuit trumps peer review protection.
For these reasons, most of the mandatory reporting systems established since the IOM report have comprehensive, system-specific protections of data and reporters built into the authorizing statute. For example, information may be protected from discovery, subpoena, search warrant, and evidence in civil or administrative proceedings. Protections for reporters may include exclusion from civil and criminal lawsuits, monetary liability, state antitrust lawsuits, compelled testimony, and employer retaliation (i.e., "whistleblower" protection).
System design features, such as de-identifying data and receiving reports anonymously, may reduce the need for strong legal protections by making it more difficult to link specific incidents to individuals or institutions. Of course, such measures also limit the utility of the information to analysts.
Despite their efforts to shield error information from legal discovery and public disclosure, states have had limited success in encouraging providers to report adverse events. Underreporting is a serious issue for state reporting systems and it can have important consequences for health care quality.(13) Failure to inform a patient of a medical error may delay or deprive prompt treatment, which in turn may expose the physician to greater liability. Underreporting also hinders research on the prevalence and root causes of errors, hampering quality improvement initiatives.
While providers' fears of legal exposure are real and must be addressed, it remains unclear whether they have merit. There are no studies on whether reported error information is being used in malpractice litigation. Moreover, there is little research on the influence of specific laws on reporting behavior. Further complicating the issue is the fact that fear of liability is just one of several factors that lead to the underreporting of medical errors. Other factors include facilities' lack of internal systems to identify events, the culture of medical practice that discourages drawing attention to errors, fear of institutional sanctions, anxiety about maintaining good relationships with peers, loss of business, damage to reputation, and whether the amount of feedback and the potential benefits from reporting justify the time and effort it takes to report. There is not enough evidence to predict the impact that eliminating one or more of these disincentives would have on reporting behavior.(14) Some degree of legal protection may be necessary to encourage reporting, but it may not be sufficient to create an environmental conducive to reporting.(15)
The IOM recommended that mandatory reporting systems publicly disclose all information uncovered during investigations. Polls indicate broad public support for such disclosure, and some analysts argue that disclosure is necessary to drive improvements in health care. However, according to NASHP, public disclosure of adverse event information is "sporadic and inconsistent." While some states are prohibited from releasing certain data by statute, others that are permitted to disclosure certain information refrain from doing so because of concerns that the data are incomplete and unreliable and may be misinterpreted by the public. In some cases, states are also reluctant to disclose information in order to alleviate the concerns of hospitals and practitioners.(16)
NASHP found that seven states with mandatory reporting systems release incident-specific data. The remaining states issue or plan to issue aggregate reports. Incident-specific data are most commonly provided on a request only basis. Where information is available to the public, it is often difficult to access or requires specific information on how and where to request the information in order to access it. The data may be provided in raw form without accompanying analysis to assist with interpretation.(17)
Overall, it appears that state reporting systems have had at best a modest impact on improving patient safety. Evidence from hospitals that the reporting and investigation of serious events has led to improvement in patient safety is largely anecdotal. As noted above, most state programs are plagued by underreporting, especially in their early years of operation. The IOM report observed that few states aggregate the data or analyze them to identify general trends. Analysis and follow-up tend to occur on a case-by-case basis. The report cited limited resources and the absence of standard reporting requirements as major impediments to making greater use of the reported data. It concluded that "state programs appear to provide a public response for investigation of specific events, but are less successful in synthesizing information to analyze where broad system improvements might take place or in communicating alerts and concerns to other institutions." In some states, reporting systems established by law are not operating due to a lack of funds.
The IOM recommended that state regulatory programs continue to operate mandatory reporting systems as they have the authority to investigate specific cases and issue penalties or fines. However, in order to establish a nationwide mandatory reporting system, the IOM recommended that Congress (1) designate the National Quality Forum as the entity responsible for issuing and maintaining reporting standards to be used by states, (2) require health care institutions to report standardized information on a defined list of adverse events, and (3) provide funds and technical expertise to state governments to establish or improve their error reporting systems.
The National Quality Forum (NQF), established in May 1999 following the recommendation of the President's Advisory Commission on Consumer Protection and Quality in the Health Care Industry, is a private, nonprofit voluntary consensus standards setting organization created to develop and implement a national strategy for the measurement and reporting of health care quality. Acting on the IOM's recommendation, the NQF in 2002 released a list of 27 serious, preventable adverse events that should be reported by all licensed health care facilities. The list includes standardized definitions of key terms to encourage consistent use and implementation across the country.(18)
The IOM further proposed that the Department of Health and Human Services (HHS) collect error reports should a state choose not to implement a mandatory reporting system. Currently, HHS does not require health care institutions or providers to report information on medical errors.(19) The IOM also recommended the establishment of a Center for Patient Safety within AHRQ for states to share information and expertise, and to receive and analyze aggregate reports from states to identify persistent safety issues.
As a complement to the mandatory reporting of serious errors, the IOM recommended establishing voluntary reporting systems to collect information on less serious mistakes that result in little or no harm. Information gathered by voluntary reporting systems may be used to identify vulnerabilities and weaknesses in health care systems and to make improvements to prevent serious errors from occurring.
The IOM report and several more recent analyses have all highlighted the Aviation Safety Reporting System (ASRS) as a potential model for establishing national voluntary systems for reporting medical errors. ASRS was created in 1975 to encourage pilots, controllers, flight attendants, maintenance personnel, and others in the civilian airline industry to report incidents or situations in which aviation safety was compromised. The program has become well-established and trusted within the airline industry and is credited with contributing to improvements in aviation safety over the past 28 years. ASRS analyzes the voluntarily submitted aviation safety incident reports to identify deficiencies and discrepancies in the national aviation system so that corrective action can be taken. ASRS data are also used to support policies and planning for improving the national aviation system, and to strengthen the foundation of aviation human factors safety research. This is especially important given estimates that as much as two-thirds of all aviation accidents and incidents are rooted in human performance error. ASRS provides feedback to the aviation community in the form of alert messages identifying problems that may require immediate action, analytical reports, an online database, a monthly safety newsletter, and a quarterly safety bulletin.
ASRS is administered by the National Aeronautics and Space Administration (NASA) under an agreement with the Federal Aviation Administration (FAA), which provides most of the program's funding. ASRS receives more than 3,200 reports each month. The program's annual operating budget of approximately $2.5 million (or about $70 per report received) covers report processing, alert messages, data dissemination functions, special studies, and publication activities.
Persons who submit reports are given two types of protection: confidentiality, and limited immunity from disciplinary action in the case of a potential violation of federal air regulations. The FAA will not impose penalties upon individuals who complete and submit written incident reports to ASRS within 10 days after the violation provided that:
ASRS administrators attribute the program's success to various factors.(21) First, the reports are held in strict confidence and reporters are immune from disciplinary action if they report promptly. Second, reporting is simple and involves a one-page form. Third, the program is responsive -- reporters receive timely feedback -- and viewed as worthwhile by those that use it. And finally, the program is administered by an agency (i.e., NASA) that is independent of the FAA, which regulates the aviation industry. ASRS is seen as complementing the work of the National Transportation Safety Board (NTSB), which investigates aviation accidents that result in death or serious injury or in which the aircraft sustains significant damage.
There are several national voluntary reporting systems for medical errors. They include the Patient Safety Information System within the Department of Veterans Affairs (VA) and the Joint Commission on Accreditation of Healthcare Organizations (JCAHO) Sentinel Events Reporting System. Two national programs focus on medication errors: the Medication Error Reporting program and the MedMARx program. In addition to its mandatory reporting requirements for drug and medical device manufacturers, the Food and Drug Administration also encourages health care providers and the public voluntarily to report suspected adverse events involving prescription and over-the-counter drugs.
VA Patient Safety Information System. The Department of Veterans Affairs (VA), which manages one of the largest health care networks in the United States, is generally recognized as a leader in the growing patient safety movement.(22) In 1999, the VA established a National Center for Patient Safety (NCPS) to lead the agency's patient safety efforts and develop a culture of safety throughout the VA health care system. The NCPS developed an internal, confidential, non-punitive reporting and analysis system, the Patient Safety Information System (PSIS), which permits VA employees to report both adverse events and close calls without fear of punishment. The PSIS is not a blame-free system. Events that are judged to be an intentionally unsafe act (i.e., any events that result from a criminal act, a purposefully unsafe act, or an act related to alcohol or substance abuse or patient abuse) can result in the assignment of blame and punitive action.
Drawing on the experience of aviation and other "high-reliability" industries, NCPS officials argue that confidential, non-punitive reporting systems are key to identifying vulnerabilities and analyzing underlying systemic problems in health care. They contend that an over-reliance on punitive accountability systems has been a major impediment to improving patient safety. Accountability systems do not encourage identification of potential problems, nor do they provide any incentive for reporting.
The PSIS is intended to supplement the VA's existing accountability systems. It takes a systems approach to improving patient safety based on prevention, not punishment. Using tools developed by NCPS, multidisciplinary teams conduct a root cause analysis of reported adverse events. Root cause analysis is a process for identifying the causal factors that underlie an event. It focuses primarily on systems and processes, not individual performance. The end product of a root cause analysis is an action plan outlining strategies that the organization intends to implement to reduce the risk of a similar event occurring in the future.
Following PSIS implementation, NCPS saw a 900-fold increase in reporting of close calls, and a 30-fold increase in reporting of adverse events. For its efforts in improving patient safety in the VA health care system, NCPS was awarded the prestigious Innovations in American Government Award in 2001. The PSIS now serves as a benchmark and is being used and emulated by other health care programs, nationally and internationally.(23)
In May 2000, the VA signed an agreement with NASA to develop the Patient Safety Reporting System (PSRS), an independent, external reporting system. The PSRS, which was inaugurated in 2002 at VA hospitals nationwide, is operated by NASA and modeled after the ASRS. It is intended to provide VA employees with a "safety valve" that allows them confidentially to report close calls or adverse events that, for whatever reason, would otherwise go unreported. All personnel and facility names, facility locations, and other potentially identifying information are removed before reports are entered into the PSRS database. Only NASA personnel assigned to the reporting system can review data until the de-identification process is complete.(24)
JCAHO Sentinel Events Reporting System. JCAHO is an independent, nonprofit organization that evaluates and accredits nearly 18,000 health care organizations and programs in the United States, including hospitals, health care networks, managed care organizations, and health care organizations that provide home care, long term care, behavioral health care, laboratory, and ambulatory care services. JCAHO initiated a sentinel event reporting system for hospitals in 1996. A sentinel event is defined as one that results in an unanticipated death or major permanent loss of function not related to the natural course of the patient's illness or underlying condition. Sentinel events also include: patient suicide in a setting that provides round-the-clock care; rape; infant abduction or discharge to the wrong facility; major incompatibility reactions in blood transfusion recipients; and surgery on the wrong patient or body part.(25)
Accredited hospitals are expected to identify and respond to all sentinel events by conducting a root cause analysis, implementing improvements to reduce risk, and monitoring the effectiveness of those improvements. To encourage sentinel event reporting, JCAHO has established a policy of not penalizing the accreditation status of an organization that reports such events and performs a root cause analysis. Reporting sentinel events to JCAHO is not entirely voluntary. If a hospital fails to report an event and JCAHO learns of it from a third party, it requires the hospital to conduct a root cause analysis or risk loss of accreditation. JCAHO analyzes the error-related information it receives and publishes recommendations in the Sentinel Event Alert. Despite these efforts, few hospitals report sentinel events because they view the program as cumbersome, time-consuming, unresponsive, and potentially risky. They are concerned about the confidentiality of the information and fear that public disclosure of reports may damage their reputation and lead to a decline in business, a loss of license or accreditation, and litigation.(26)
Medication Errors Reporting Program. The Medication Errors Reporting (MER) program was started in 1975 by the Institute for Safe Medication Practices (ISMP), a nonprofit organization that works with healthcare practitioners, regulatory agencies, professional organizations, and the pharmaceutical industry to provide education about adverse drug events and their prevention. Since 1991, the MER program has been owned and administered by the U.S. Pharmacopeia (USP). USP is a nonprofit, private organization that establishes legally recognized standards for the quality, strength, purity, packaging, and labeling of medicines for human and veterinary use.
The MER program receives voluntary and confidential reports from practitioners -- primarily pharmacists -- via mail, telephone, and the Internet. Reporters are informed that a de-identified copy of the report is routinely sent to ISMP, the Food and Drug Administration (FDA), and the pharmaceutical company whose product is mentioned in the report. With permission, the reporter's name is disclosed to ISMP, which provides an independent review of the report. Errors or near-errors reported through the MER program include administering the wrong drug, strength, or dose, confusion over look-alike and sound-alike drugs, incorrect route of administration, and errors in prescribing and transcribing. ISMP publishes biweekly reports with recommendations and periodic special alerts.(27)
MedMARx Program. USP's MedMARx program, begun in 1998, is an Internet-based, voluntary system for hospitals to report medication errors. Hospitals must subscribe to MedMARx in order to use the program. Employees of hospitals that subscribe may report a medication error anonymously to MedMARx by completing a standardized form. Hospital management is then able to retrieve compiled data on its own facility and also obtain nonidentifiable comparative information on other participating hospitals. Information is not shared with FDA. The JCAHO framework for conducting a root cause analysis is on the MedMARx system for the convenience of reporters to download the forms, but the programs are not integrated.
In December 2004, USP released its fifth annual national report, which summarizes the medication error data collected by MedMARx during 2003.(28) The analysis was based on 235,159 medication errors voluntarily reported by 570 hospitals and health care facilities nationwide. The report also includes a five-year trend analysis of data submitted to MedMARx between 1999 and 2003, with a focus on technology related errors.
MedMARx has received generally favorable reviews from analysts. The program incorporates some of the same design features that are found in ASRS. Hospital employees view MedMARx reporting as relatively safe and straightforward. Unlike JCAHO's system for hospitals to report events with serious outcomes, MedMARx relies on individual employees submitting anonymous reports of all types of medication errors, whether or not they result in harm. MedMARx is also very responsive. The data are analyzed by experts, and reporters receive timely feedback of useful information.(29)
Food and Drug Administration. The FDA regulates the manufacturers of prescription and over-the-counter drugs, medical and radiation-emitting devices, and biological products (e.g., antitoxins, vaccines, blood), among other things. After FDA approves a new drug or device, the agency continues to monitor its safety through postmarketing surveillance. Adverse event reporting is a major component of postmarketing surveillance. For medical devices, manufacturers are required to report deaths, serious injuries, and malfunctions to FDA. Hospitals, nursing homes, and other user facilities are also required to report deaths to both the manufacturer and FDA, and to report serious injuries to the manufacturer. For suspected adverse events associated with drugs, reporting is mandatory for manufacturers. Health care professionals and consumers may voluntarily report suspected adverse drug events and device problems through FDA's Medical Products Reporting Program, MedWatch, which allows reporting by phone (toll-free), fax, direct mail (using a postage-paid form), and Internet. All MedWatch reports are evaluated and entered into one of the agency's databases for analysis.(30)
FDA receives approximately 235,000 reports annually for adverse drug events and more than 80,000 reports on device problems. The agency decides whether any corrective action is necessary on a case-by-case basis, by considering the unexpectedness and seriousness of the event, the vulnerability of the population affected, and the available options for prevention. If corrective action is warranted, FDA generally pursues one of three strategies. The first and most common strategy is to negotiate with the manufacturer to make the desired changes. Second, FDA may take regulatory action to compel a manufacturer to act. Finally, the agency may attempt to inform health care professionals and the public about the risks associated with a particular drug through published articles, direct mailings, and the Internet.
On February 26, 2004, FDA published a final rule requiring bar codes on the labels of most prescription drugs and all over-the-counter drugs used in hospitals and dispensed pursuant to a physician's order.(31) The agency estimates that the use of bar-coded medications, which nurses scan to match the correct drug and dose with the intended patient, could prevent more than 500,000 adverse events and save $93 billion over the next 20 years. In addition, the rule requires bar codes on the labels of blood and blood components used for transfusion.
On March 14, 2003, FDA proposed revising manufacturer's reporting requirements to improve the agency's ability to monitor and improve the safe use of medications.(32) The proposal requires manufacturers to submit to FDA, within 15 days, all reports they receive of actual and potential (i.e., near-miss) medication errors. An example of a potential medication error would be a pharmacist who selects the wrong drug because of a similar sounding name but catches the mistake before dispensing the medication. If the pharmacist elects to report the incident to the manufacturer, then under the proposed rule the manufacturer must report it to FDA. The proposal also requires the use of internationally agreed definitions and reporting formats, which will allow companies to prepare a single report for submission to major regulatory agencies worldwide.
Table 2 summarizes the design features that analysts have identified as essential for an effective reporting program. An effective program is one that encourages reporting, analyzes the data to identify vulnerabilities in the health care system, and promotes the development of preventive strategies to improve patient safety.(33) The IOM report recommended against establishing a comprehensive national voluntary reporting system modeled after ASRS. For one thing, several national reporting systems already exist, particularly for medication errors. Moreover, a comprehensive national reporting system would require an enormous investment in funding and personnel, in view of the potential volume of reports. With an estimated 1 million errors each year in hospital settings alone, plus an even greater number of close calls, the analysis of even a fraction of these events would require many expert analysts, all of whom would have to be recruited and trained.
Table 2. Design Characteristics of Voluntary Medical Errors Reporting Systems
| Characteristic | Explanation |
| User-friendly | The reporting process is broadly understood and report forms are readily available and user-friendly. |
| Nonpunitive | Reporters are not subject to retaliation or punishment from others as a result of reporting errors. |
| Confidential | The identities of the patient, reporter, and health care institution are not revealed to a third party. |
| Privileged | Reports are protected from legal discovery and inadmissible in court or other proceedings prior to de-identification. |
| Independent | The system is independent of any authority with power to punish the reporter or health care institution. |
| Expert analysis | Reports are evaluated by experts who understand the clinical circumstances and are trained to recognize underlying systems causes. |
| Systems-oriented | Analysis and recommendations focus on systems, processes, and products, rather than on individual performance. |
| Responsive | Reports are analyzed promptly, recommendations are rapidly disseminated, and reporters receive timely feedback. |
| De-identification | Aggregated, de-identified data are publicly available. |
Source: Based on Leape, "Reporting of Adverse Events"; Raymond and Crane, "Design Considerations."
The IOM said that the existing reporting systems should be encouraged and promoted within health care organizations and that better use should be made of the reported information. New systems should be focused on specific areas of medical care (e.g., surgery, pediatrics) and even particular care settings. That approach would help manage the potential volume of reports and match the expertise to the problems. There also needs to be a mechanism for sharing information across different reporting systems. A report in one system may have relevance for another system (e.g., errors in surgery that also involve medications). Along with its recommendation on reporting systems, the IOM also recommended the establishment of a federal Center for Patient Safety to set national goals, fund research, evaluate methods for identifying and preventing medical errors, and disseminate information on best practices.
To encourage providers to report errors without fear of the data being used in a medical malpractice lawsuit, the IOM recommended that information collected under a voluntary reporting system be protected from legal discovery and admission as evidence in civil cases. The Patient Safety and Quality Improvement Act seeks to implement that recommendation by providing legal protection for information about medical errors that is voluntarily submitted to patient safety organizations (PSOs). PSOs would collect and analyze the information submitted by providers and develop and disseminate recommendations for systems-based solutions to improve patient safety and health care quality.
This section of the report provides an overview of H.R. 663, as passed by the House during the 108th Congress. That is followed by some analysis of key differences between H.R. 663 and the version that passed the Senate during the 108th and that was recently reintroduced and approved by the HELP Committee.
The House passed the Patient Safety and Quality Improvement Act (H.R. 663, H.Rept. 108-28) on March 12, 2004, by a vote of 418-6. H.R. 663 would have provided legal protection to certain categories of documents and communications termed "patient safety work product," which are developed by health care providers for reporting to PSOs. Patient safety work product would be privileged and not subject to: a civil or administrative subpoena; discovery in connection with a civil or administrative proceeding; or disclosure under the Freedom of Information Act. Moreover, it could not be used in any adverse employment action against an employee who in good faith reports the information to a provider (with the intention of having it reported to a patient safety organization) or reports the data directly to a patient safety organization. Patient safety work product would not encompass documents or communications that are part of traditional medical record keeping. Such information includes patients' medical records, billing records, hospital policies, and records of drug deliveries, that is, information that has been developed, maintained, or which exists separately from patient safety work product. Only information specifically created for PSOs would be protected.
Under the House-passed bill, PSOs would be certified by AHRQ to collect and analyze patient safety work product submitted by providers, and to develop and disseminate recommendations for systems-based solutions to improve patient safety and health care quality. Any public or private organization seeking PSO certification would have to meet certain criteria. For example, they would have to contain appropriately qualified staff, including licensed or certified medical professionals, and not be part of a health insurance company. A PSO would also have to be managed and operated independently from any provider that reported to it. The House bill did not include any language to encourage the establishment of PSOs in every state or region of the country.
H.R. 663 would have required AHRQ to establish a national database to receive and analyze de-identified information submitted by PSOs. Information in the national database would be available to the public. The bill also would have required AHRQ to develop voluntary national standards to promote the interoperability of health information technology systems.(34)
In addition to the provisions aimed at supporting voluntary reporting of medical errors, H.R. 663 instructed the FDA to issue standards for unique product identifiers (e.g., bar codes) on the packaging of drugs and biological products. It also would have authorized grant programs for electronic prescribing and other information technology to prevent errors. Finally, H.R. 663 would have created a Medical Information Technology Advisory Board to make recommendations to HHS and Congress on fostering the development and use of information technologies to reduce medical errors.
The Senate took up H.R. 663 on July 22, 2004, substituted alternative language (S. 720, as amended), and passed the measure by voice vote. While S. 720 had the same basic structure as the House-passed legislation, there were several key differences. Lawmakers were unable to reconcile those differences before the 108th Congress adjourned. On March 8, 2005, Senator Jeffords reintroduced the Patient Safety and Quality Improvement Act (S. 544). S. 544, which is identical to last year's Senate-passed measure (S. 720), was unanimously approved by the Senate HELP Committee on March 9, 2005. Table 3 on page 22 compares the patient safety legislation with the IOM report's recommendations. Table 4, which begins on page 23, provides a side-by-side comparison of H.R. 663 and S. 544.
Definition of Protected Information. As passed by the House, H.R. 663 would have provided legal protection to "patient safety work product," which it defined as any document or communication that is: developed by a provider for the purpose of reporting to a PSO, and reported to a PSO; created by a PSO; or that would reveal the workings of a "patient safety evaluation system." The bill defined a patient safety evaluation system as a process for collecting, managing, or analyzing information submitted to or by a PSO. Patient safety work product would not include a document or communication that is developed, maintained, or exists separately from any patient safety evaluation system (e.g., a patient's medical record or any other patient or hospital record).
The legal protections in S. 544 apply to all "patient safety data." When the Senate bill was first approved by the HELP Committee during the 108th Congress, some analysts raised concerns that the definition of patient safety data was too broad. It included, for example, "any data ... that could result in improved patient safety or health care quality or health care outcomes, that are ... collected from a provider ...." Critics of this language argued that it would extend the bill's evidentiary privilege and confidentiality protections to a wide range of quality- and outcomes-related information. As a result, the bill would have the unintended effect of preempting state laws that require hospitals to report infection rates, medical outcomes, and serious adverse events.
To address those concerns, the definition of patient safety data was modified to more closely resemble the language in H.R. 663, which was tied to the activities of PSOs. S. 544 defines patient safety data as any data, reports, records, memoranda, analyses, or written or oral statements that are: collected or developed by a provider for reporting (within 60 days) to a PSO; requested by a PSO and reported within 60 days; reported to a provider by a PSO; or collected by a PSO from another PSO, or developed by a PSO. The definition also states that "patient safety data shall not include information (including a patient's medical record, billing and discharge information or any other patient or provider record) that is collected or developed separately from and that exists separately from patient safety data." This separate data provision has been criticized as circular, because it says in effect that information that is not patient safety data is not patient safety data.
S. 544 also includes a provision that is intended to protect mandatory state reporting laws. The provision states that nothing in the bill limits the reporting of information that is not patient safety data to a "federal, state, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes. H.R. 663 included comparable language. It said that nothing in the bill preempts or otherwise affects "state law requiring a provider to report information ... that is not patient safety work product."
Privilege. H.R. 663 would have protected patient safety work product from discovery in connection with a civil and administrative proceeding, and from admission as evidence or disclosure in any such proceeding. Patient safety work product would not be protected from use in criminal proceedings. By comparison, S. 544 would prohibit lawyers from obtaining or using patient safety data in civil, administrative, and criminal proceedings, unless a judge determined that the information contained evidence of "a wanton and criminal act to directly harm the patient." That language was included is an effort to ensure that the legislation does not unduly compromise the rights of injured patients to obtain compensation.
In its 1999 report, the IOM focused on protecting voluntarily reported patient safety information from discovery and admission as evidence in civil and administrative proceeding, noting that "instances of criminal prosecution for medical errors are exceptionally rare." The intent was to encourage the voluntary reporting of information about near misses and other problems that would otherwise go unreported were it not for legal protection. Analysis of such information would then be used to identify vulnerabilities in health care systems. Voluntary reporting systems, as envisioned by the IOM, would not interfere with the mandatory reporting of more serious errors, as required under state law and other accountability systems.
Confidentiality. S. 544 designates patient safety data as confidential and not subject to disclosure, except in certain specified circumstances (e.g., disclosure by a provider to a PSO). Negligent or intentional disclosure of patient safety data in violation of the bill's confidentiality provisions is subject to civil fines of up to $10,000 per violation.
H.R. 663 also specified the circumstances under which disclosure of patient safety work product (identifiable and nonidentifiable) was permitted and provided for penalties of up to $10,000 per violation for disclosures other than those permitted. Unlike S. 544, the House bill did not expressly state that work product is confidential, though this was implied in the bill's language. H.R. 663 said that disclosures in violation of the bill's provisions are unlawful and subject to fines, provided such disclosures constitute "a negligent or knowing breach of confidentiality."
Both H.R. 663 and S. 554 state that if the disclosure is in violation of the HIPAA privacy rule, then the HIPAA penalties apply instead. For details of the civil and criminal penalties under HIPAA, see CRS Report RS20500, Medical Records Privacy: Questions and Answers on the HIPAA Rule.
PSO Certification and Listing. Under the patient safety legislation, providers would voluntarily submit information on medical errors to public or private entities designated as PSOs. The PSOs would analyze the data and develop and disseminate evidence-based information to providers to help them implement changes that would improve patient safety. H.R. 663 would have required AHRQ to establish a process for certifying PSOs. The bill listed several criteria for certification. For example, a PSO must not be "a component of a health insurer or other entity that offers a group health plan or health insurance coverage," and must be "managed, controlled, and operated independently from any provider" that reports patient safety work product to the PSO. That would appear to exclude the Department of Veterans Affairs (VA), among others, from PSO certification. As previously discussed, the VA has developed an internal, confidential, non-punitive reporting and analysis system and is widely recognized as a leader in patient safety. H.R. 663 also would have required PSOs that are components of other organizations to protect the confidentiality of patient safety work product and ensure that their mission did not create a conflict of interest with the rest of the organization.
By comparison, S. 544 relies on a process of PSO self-certification. Organizations would be required to submit a certification to AHRQ that they intend to perform the various PSO activities specified in the legislation. The agency would review the submission and, if acceptable, place the name of the organization on a list of certified PSOs. S. 544 does not include any criteria that place limits on the types of public or private entities that seek PSO certification and listing, nor does it address the issue of conflict of interest.
Civil Penalties. As noted above, both bills provide for civil monetary penalties of up to $10,000 for each negligent or intentional disclosure of patient safety information in violation of the provisions in the legislation. The bills also prohibit a health care provider from taking any adverse employment action against an employee who in good faith reports information to the provider with the intention of having it reported to a PSO, or who reports the information directly to a PSO. But whereas H.R. 663 included civil fines of up to $20,000 per violation for providers who took such action, S. 544 permits an employee to sue their employer to enjoin a wrongful adverse employment action and to obtain equitable relief, including reinstatement, back pay, and restoration of benefits.
Unlike the House bill, S. 544 specifies that providers include state-run facilities. Because the federal government cannot give state employees a right to sue the state, S. 544 includes a provision requiring state hospitals to agree to be subject to such civil action in order to assert the privileges established by the legislation.
Drug and Biological Product Identification. H.R. 663 instructed FDA to require unique product identifiers on the packaging of drugs and biological products. That provision would appear to have been met by the agency's February 26, 2004 bar code rule. There is no comparable provision in S. 544.
Health Information Technology (IT) Standards, Grants and Advisory Board. Both bills would require the Secretary of Health and Human Services to adopt voluntary, national interoperability standards for the electronic exchange of health care information. H.R. 663 contained three additional health IT provisions, none of which are included in the Senate version. The House measure authorized grants to physicians for electronic prescription programs, and to hospitals for purchasing health IT systems. It also would have created a Medical Information Technology Advisory Board (MITAB) to make recommendations to the Secretary and Congress on promoting electronic information exchange to improve patient safety and the quality of health care.
Congress and the Administration have taken a number of important steps in the past two years to promote the adoption of IT systems for the electronic collection and exchange of patient information in order to reduce medical errors, lower health care costs, and improve the quality of care. The health IT provisions in the patient safety legislation duplicate some of those actions. For example, the Medicare Prescription Drug, Improvement, and Modernization Act (P.L. 108-173) required the Secretary to adopt electronic prescribing standards and establish a Commission on Systemic Interoperability to develop a comprehensive strategy for the adoption and implementation of health IT data standards. P.L. 108-173 also authorized IT grants for physicians and established demonstration projects to determine how to improve the quality of care through the adoption of IT systems.
On July 21, 2004, National Coordinator for Health Information Technology David Brailer released a 10-year Framework for Strategic Action outlining steps to transform the delivery of health care by adopting electronic health records and developing a national health information infrastructure (NHII) to link such records nationwide.(35) The framework sets out a bottom-up approach in which the role of HHS is to promote and encourage the private sector to build community-level electronic health information networks. Adopting interoperability standards will over time permit these local networks to connect with one another to form a NHII.
Table 3. Comparison of Patient Safety Legislation with the IOM
Recommendations
| Recommendations of 1999 IOM report: To Err is Human | Patient Safety and Quality Improvement Act (H.R. 663 and/or S. 544) |
| Establish a Center for Patient Safety within the Agency for Healthcare Research and Quality (AHRQ) to set national goals, fund research, evaluate methods for identifying and preventing medical errors, and disseminate information on best practices. Annual funding for the Center should begin at $30-35 million, increasing over time to at least $100 million. | Directs AHRQ to establish a National Patient Safety Database [House bill] or a network of databases [Senate bill] to receive and analyze nonidentifiable medical errors information voluntarily reported by patient safety organizations (PSOs, see below). Authorizes AHRQ to provide technical assistance to PSOs and to establish common standards for reporting such information. Authorizes such sums as may be necessary for those activities. |
| Establish a nationwide mandatory reporting system for states to collect standardized information (initially from hospitals, but eventually from other institutional and ambulatory care settings) on adverse events that result in death or serious harm. Designate the Center to receive and analyze aggregate reports from states to identify persistent safety issues. | No provisions. |
| Encourage the development of voluntary, confidential reporting systems for collecting information on errors that result in little or no harm. Require the Center to disseminate information on existing voluntary reporting systems, convene workshops, encourage participation in voluntary reporting programs, and fund pilot projects for reporting systems. | Provides for public and private organizations that meet certain criteria to be designated as PSOs to collect confidential information on medical errors that is voluntarily submitted by providers. PSOs would analyze errors and recommend systems-based solutions. Requires: (1) AHRQ to establish a process for certifying PSOs [House bill]; or (2) PSOs to submit information to AHRQ for certification and listing [Senate bill]. |
| Protect patient safety information collected under a voluntary reporting system from legal discovery, in order to encourage health care professionals and organizations to identify, analyze, and report errors without fear of litigation and without compromising patients' legal rights. | Protects information reported to PSOs from discovery in any civil or administrative action, and from a Freedom of Information Act request. [The Senate bill also protects information from discovery in a criminal proceeding unless it is determined that the data contain evidence of a wanton and criminal act to directly harm the patient.] |
| Make patient safety the focus of performance standards for health care organizations and professionals. | No provisions. |
| Require FDA to: develop and enforce standards for safe packaging and labeling of drugs; test drug names to prevent sound-alike and look-alike errors; and work with doctors, pharmacists, and patients to respond to problems identified in post-marketing surveillance. | Instructs the FDA to issue regulations requiring unique identifiers on drug and biological product packaging, including bar codes and other identifiers that can be read by scanners. [House bill only] Note: On Feb. 25, 2004, FDA issued a final rule requiring bar codes on the labels of most prescription drugs, and on certain over-the-counter drugs and biological products. |
| Encourage health care organizations to make a commitment to improving patient safety and to implement safe medication practices. | Authorizes: (1) grants for physicians to establish electronic prescribing programs within their practices; and (2) grants for hospitals to buy computers and software to reduce medical errors. [House bill only] |
Table 4. Side-by-Side Comparison of Patient Safety and Quality Improvement Act
| H.R. 663 (Approved by the House, March 12, 2003) | S. 544 (Approved by the Senate HELP Committee, March 9, 2005) | |
| Patient safety improvement (Amendments to Title IX of the Public Health Service Act) | ||
| Definitions | Defines identifiable information as information that allows the identification of any provider, patient, or reporter of patient safety work product (including health information protected under the HIPAA privacy rule). Defines nonidentifiable information as information that prevents the identification of any provider, patient, or reporter of patient safety work product (including de-identified information under the HIPAA privacy rule). Defines patient safety organization (PSO) as a private or public organization, as certified by the Secretary, that: (1) as its primary activity, conducts activities to improve patient safety and health care quality; (2) collects and analyzes patient safety work product submitted by providers; (3) develops and disseminates to providers information such as recommendations, protocols, and best practice data; (4) uses patient safety work product to encourage a culture of safety and to assist providers in minimizing patient risk; (5) maintains the confidentiality of identifiable information; (6) provides for the security of patient safety work product; and (7) submits nonidentifiable information to AHRQ for inclusion in any National Patient Safety Database (see below). Defines patient safety evaluation system as a process for collecting, managing, or analyzing information submitted to or by a PSO. Defines patient safety work product as any document or communication (including any information, report, record, memorandum, analysis, deliberative work, statement, or root cause analysis) that is: developed by a provider for reporting to a PSO and so reported; created by a PSO; or would reveal a patient safety evaluation system. Patient safety work product does not include a document orcommunication that is developed, maintained, or existsseparately from any patient safety evaluation system (e.g., patients' medical records, billingrecords, hospital policies). Information that is available from sources otherthan a patient safety work product may be discovered or admitted in a civilor administrative proceeding, if discoverable or admissible under applicablelaw. Defines provider as any individual or entity that is licensed orotherwise authorized by state law to provide health care services, or any otherperson or entity specified in regulation. [New PHS Act Section 921] | Defines nonidentifiable information as information that prevents the identification of a provider, a patient, or a reporter of patient safety data (including de-identified information under the HIPAA privacy rule). Defines patient safety organization (PSO) as a private or public entity that is currently listed by AHRQ (see below). Defines PSO activities as: (1) improving patient safety and the quality of health care delivery; (2) collecting and analyzing patient safety data submitted by more than one provider; (3) developing and disseminating to providers information on improving patient safety, including recommendations, protocols, and best practices data; (4) using patient safety data to encourage a culture of safety and to assist providers in minimizing patient risk; (5) maintaining the confidentiality and providing for the security of patient safety data; and (6) utilizing qualified staff. Defines patient safety data as any data, reports, records, memoranda, analyses, or written or oral statements that could result in improved patient safety, health care quality, or health care outcomes, that are: (1) collected or developed by a provider for reporting to a PSO, provided they are reported within 60 days; (2) requested by a PSO, provided they are reported to the PSO within 60 days; (3) reported to a provider by a PSO; or (4) collected by a PSO from another PSO, or developed by a PSO. Patient safety data also means any deliberative work or process with respect to any patient safety data. The collection of patient safety data from other material does not make the original material patient safety data. Patient safety data does not include information (e.g., patients' medical records, billing information) that is collected or developed separately from and that exists separately from patientsafety data. Nothing in the Act shall be construed to limit: (1) thelegal discovery or admissibility of such separate information in acriminal, civil, or administrative proceeding; (2) the reporting of suchinformation to a government agency for public health or health oversightpurposes; or (3) any legal requirement that providers keep records of suchinformation. Defines provider as any person who is licensed or otherwiseauthorized by state law to provide health care services, or any other personspecified in regulation. [New PHS Act Section 921] |
| Privilege and confidentiality | Patient safety work product is not subject to: (1) a civil or administrative subpoena or order; (2) discovery in connection with a civil or administrative proceeding; (3) disclosure pursuant to a Freedom of Information Act request; or (4) admission as evidence or disclosure in any federal or state civil or administrative proceeding. | Designates patient safety data as privileged and not subject to: (1) a federal, state, or local civil, criminal, or administrative subpoena; (2) discovery in connection with a federal, state, or local civil, criminal, or administrative proceeding; (3) disclosure pursuant to a Freedom of Information Act request; (4) admission as evidence or disclosure in any federal, state, or local civil, criminal, or administrative proceeding; or (5) use in a disciplinary proceeding against a provider. |
| Nothing in the Act prohibits the following: (1) voluntary disclosure of nonidentifiable information; (2) voluntary disclosure of identifiable information by a provider or PSO, if such disclosure is authorized by the provider and meets the requirements of the HIPAA privacy rule; (3) legally required disclosures to FDA, or voluntary disclosures about FDA-regulated products and services to a federal patient safety program; and (4) disclosure of patient safety work product by a provider to a PSO. None of these disclosures, nor the transfer of any patient safety work product between a provider and a PSO, or the unauthorized disclosure of patient safety work product, waives any privilege or protection established by this Act. | Designates patient safety data as confidential and not subject to disclosure, with the following exceptions: (1) disclosure of patient safety data in a criminal proceeding if a court makes an in camera determination that such data contains evidence of a wanton and criminal act to directly harm the patient; (2) voluntary disclosure of nonidentifiable patient safety data by a provider or PSO; (3) disclosure of patient safety data by a provider or PSO (or their contractor) to carry out PSO activities; (4) disclosure of patient safety data by a provider or PSO to grantees or contractors conducting AHRQ-authorized research and projects; (5) disclosure of patient safety data by a provider to an accrediting body that accredits that provider; and (6) voluntary disclosure of patient safety data by a PSO to the Secretary or to state or local government agencies for public health surveillance, if the prior consent of each provider identified in, or providing, such data is obtained. Patient safety data that is used or disclosed shall continue to be privileged and confidential, except for patient safety data that is used or disclosed in open court pursuant to an in camera determination, and for nonidentifiable patient safety data that is voluntarily disclosed by a provider or PSO. | |
| Patient safety work product that is identifiable information received by a national accreditation organization in its capacity as a PSO may not be used in an accreditation action against the provider that reported the information. Such information may not be required by a national accreditation organization as a condition of accreditation. | Except to enforce disclosures pursuant to an in camera determination by a court, prohibits any action against a PSO to compel disclosure of information, unless such information is specifically identified, is not patient safety data, and cannot otherwise be obtained. Prohibits an accrediting body from: (1) taking action against a provider based on the good faith participation of the provider in collecting and reporting patient safety data; and (2) requiring a provider to reveal communications with a PSO. | |
| Privilege and confidentiality (cont.) | Disclosure of patient safety work product in violation of the above provisions is unlawful and subject to fines of not more than $10,000 per violation, if such disclosure constitutes a negligent or knowing breach of confidentiality. If the disclosure is in violation of HIPAA's privacy rule, then the HIPAA penalties apply instead. Designates PSOs as business associates and PSO activities as health care operations under the HIPAA privacy rule. The Act does not otherwise affect the privacy rule. | Negligent or intentional disclosure of patient safety data in violation of the above confidentiality provisions is unlawful and subject to fines of not more than $10,000 per violation. If the disclosure is in violation of HIPAA's privacy rule, then the HIPAA penalties apply instead. |
| The Act does not: (1) affect other peer review and confidentiality protections available under federal and state laws; (2) prevent providers and PSOs from developing contracts requiring greater confidentiality, consistent with this Act and other applicable laws; or (3) preempt or otherwise affect state laws that require providers to report information, including information that is not patient safety work product. Patient safety work product held by PSOs that lose their certification remains privileged and confidential. | The Act does not: (1) preempt federal, state, or local laws that provide greater confidentiality protections or privileges; (2) limit, alter, or effect other federal, state, or local laws pertaining to information that is not privileged or confidential under this Act; (3) alter or affect implementation of the HIPAA privacy rule; (4) prevent any provider, PSO, or other person from entering into a contract requiring greater confidentiality or delegating authority to use or disclose patient safety data in accordance with this Act; or (5) prohibit a provider from reporting a crime to law enforcement authorities, regardless of whether knowledge about the crime is based on patient safety data, so long as the provider does not disclose patient safety data in making the report. | |
| Prohibits a health care provider from taking any adverse employment action against an employee who in good faith reports information to the provider (with the intention of having it reported to a PSO) or reports the data directly to a PSO. Providers taking such action would be subject to civil monetary penalties of not more than $20,000 per violation. [New PHS Act Section 922] | Prohibits a health care provider from taking any adverse employment action against an employee who in good faith reports information to the provider (with the intention of having it reported to a PSO) or reports the data directly to a PSO. Permits an aggrieved individual to bring a civil action to enjoin a wrongful adverse employment action and to obtain equitable relief (including reinstatement, back pay, and restoration of benefits) to redress such action. State employers must consent, in advance, to be subject to such civil action by an employee in order to invoke the privileges provided under this Act. [New PHS Act Section 922] | |
| HHS Secretary's Report | Requires the Secretary, within 18 months of any National Patient Safety Database becoming operational (see below), to prepare a draft report on strategies for reducing medical errors, seek public comment on the draft, and submit it to the IOM for review. Requires a final report to be submitted to Congress within one year of completing the draft. [New PHS Act Section 922] | No provisions. |
| National Patient Safety Database | Authorizes AHRQ to provide for the establishment and maintenance of a National Patient Safety Database to receive and analyze nonidentifiable patient safety work product voluntarily reported by PSOs upon the request of the Secretary. Directs AHRQ to provide scientific support to PSOs. Requires AHRQ, in consultation with representatives of PSOs, providers, and the health information technology industry, to develop standards for reporting nonidentifiable patient safety work product, consistent with HIPAA's Administrative Simplification standards. Permits AHRQ, to the extent practicable, to facilitate information exchange between providers and PSOs and between PSOs and the database. Only nonidentifiable information may be reported to the database. [New PHS Act Section 923] | Instructs AHRQ to maintain a network of databases to receive and analyze nonidentifiable patient safety data voluntarily reported by PSOs, providers, and others. The purpose of the databases is to provide an interactive, evidence-based management resource for providers, PSOs, and others. Authorizes AHRQ to determine standards for the reporting of such information to the database, consistent with HIPAA's Administrative Simplification standards. [New PHS Act Section 923] |
| PSO certification and listing | Requires AHRQ, within six months, to establish a process for certifying PSOs. Certifications must be performed by the Secretary or by an approved national or state entity and reviewed every three years. Certifications may be revoked upon a showing of cause. Establishes staffing and other criteria for certification, including requirements for PSOs that are components of other organizations. For example, a PSO cannot be a component of a health insurer or other entity that offers a group health plan or health insurance coverage, and must be managed, controlled and operated independently from any provider that reports patient safety work product to the PSO. [New PHS Act Section 925] | Requires an organization seeking to be a PSO to submit an initial certification to AHRQ that it intends to perform PSO activities (see definitions above). An organization that at first collects patient safety data from only one provider must within two years of its initial certification submit a supplemental certification that it is collecting from multiple providers. Requires PSOs to renew their certification every three years. All certification submissions are subject to AHRQ review and acceptance. Requires AHRQ to compile and maintain a current listing of certified PSOs. Requires AHRQ to remove from the listing entities whose certification expires or is revoked. |
| Authorizes AHRQ to revoke a PSO's certification, after notice and an opportunity for a hearing, if it determines that the organization does not perform one of the PSO activities. Requires a PSO, within 15 days of a revocation, to inform AHRQ that it has taken all reasonable steps to notify each provider whose patient safety data it collects or analyzes of such revocation. Provides for the Act's privilege and confidentiality protections to continue to apply to data held by a PSO that is removed from the list of certified PSOs, including data submitted to such a PSO within 30 days of its removal from the certification list. Requires PSOs whose certification is revoked to transfer patient safety data to another PSO with the approval of the provider, return such data to the provider, or destroy the data. [New PHS Act Section 924] | ||
| Technical assistance | Authorizes AHRQ to provide technical assistance to PSOs and to states with medical errors reporting systems, and to provide guidance on the type of data to be voluntarily submitted to the National Patient Safety Database. [New PHS Act Section 924] | Authorizes AHRQ to provide technical assistance to PSOs, including convening annual meetings to discuss methodology, communication, data collection, and privacy. [New PHS Act Section 925] |
| Authorization of appropriations | Authorizes such sums as may be necessary for FY2004 -- FY2008 for carrying out the provisions above. | Authorizes such sums as may be necessary for carrying out the provisions above and for developing interoperability standards (see below). [New PHS Act Section 927] |
| GAO report | No provisions. | No provisions. |
| Interoperability of health care information technology systems | ||
| Voluntary standards | Requires the Secretary, within 18 months, to develop (and periodically review and update) voluntary national standards that promote the interoperability of health care information technology systems. Requires the Secretary to take into account: (1) the ability of the standards to promote the aggregation of clinical data, electronic exchange of medical records, and evidence-based medicine; and (2) the costs of meeting such standards and the health care efficiencies achieved. Requires the Secretary, to the extent practicable, to test the efficiency, usability, and scalability of proposed standards within a variety of clinical settings, and to submit to Congress recommendations on such standards. Instructs the Secretary, in developing such standards, to consider the recommendations of the National Committee for Vital and Health Statistics and consult with representatives of the health information technology industry and the provider community. Directs the Secretary to submit a report to Congress containing recommendations on such standards. | Directs the Secretary, within three years, to develop or adopt voluntary national standards (subject to ongoing review and periodic updating) that promote the electronic exchange of health care information. [New PHS Act Section 926] |
| Impact of medical technologies and therapies on patient safety and health care costs | ||
| Report to Congress | No provisions. | Directs the Secretary to contract with a research organization to study the impact of medical technologies and therapies on patient safety, patient benefit, health care quality, health care costs, and productivity growth. Requires the study to examine: the extent to which labor and technological advances have contributed to the increase in national spending on health care; the extent to which the early introduction and integration of innovative medical technologies and therapies may affect the overall productivity and quality of health care; and the relationship of such technologies and therapies to patient safety and benefit, health care quality, and health care costs. Requires the Secretary, within 18 months, to report the results of the study to Congress. |
| Drug and biological product identification (Amendments to Title V of the Federal Food, Drug, and Cosmetic Act) | ||
| Unique product identifiers | Instructs the FDA to issue regulations to require unique product identifiers on the packaging of drugs and biological products, including bar codes and other identifiers that can be read by scanners and other technologies. Identifiers must be based on the National Drug Code or other acceptable technologies. Drug and biological products without a unique product identifier are considered misbranded. Note: On Feb. 25, 2004, FDA issued a final rule requiring bar codes on the labels of most prescription drugs, and on certain over-the-counter drugs and biological products http://www.fda.gov/oc/initiatives/barcode-sadr. | No provisions. |
| Grants for electronic prescription programs | ||
| Grants to physicians | Authorizes grants to physicians and other health care professionals to establish electronic prescription programs. Grantees would have to fund 50% of the cost of the program. Directs AHRQ, within 18 months, to conduct a study and report to Congress on the cost-effectiveness of electronic prescription programs. Permits AHRQ to develop an Internet-based decision analytic model to allow clinicians to simulate the health and economic impact of electronic prescribing on their individual practices. | No provisions. |
| Grants for Health Care Information Technology Systems | ||
| Grants to hospitals | Authorizes (through FY2011) grants for hospitals and other providers to pay for computers and software to reduce medical errors and improve patient safety and health care quality. Directs the Secretary to give special consideration to grant applicants who seek to promote: (1) interoperability across hospital services and departments; (2) electronic communication of patient data; and (3) computerized physician order entry or bar coding applications. Specifies conditions for receipt of a grant. For example, the grantee agrees to: (1) carry out a program to measure, analyze, and report medical errors, and to submit to the Secretary a description of the methodology that will be used; (2) evaluate the cost-effectiveness of the information technologies for which the grant is provided and submit the evaluation plan to the Secretary for approval; and (3) develop a patient safety evaluation system (as defined above) for reporting errors to a PSO. Instructs AHRQ to provide technical assistance to applicants and grantees. Grantees would have to cover 50% of the costs and would only be eligible for one grant. Requires grantees to submit an interim and a final report at one and three years, respectively. The final one-third of a grant would not be disbursed until the grantee submitted the interim report. Beginning in FY2004, requires the Secretary to submit to Congress annual interim reports on the grant program, followed (within 180 days of the last interim report) by a final report with recommendations for legislation and administrative action. | No provisions. |
| Authorizes $25 million for each of FY2004 and FY2005 for carrying out the two grant programs above. | ||
| Medical Information Technology Advisory Board (Amendments to Title XI of the Social Security Act) | ||
| Advisory board | Requires the Secretary, within three months, to appoint the Medical Information Technology Advisory Board (MITAB) and designate a chairman. Requires the MITAB chairman to be a member of the National Committee for Vital and Health Statistics and be affiliated with an organization having expertise in creating American National Standards Institute (ANSI) standards governing health care information technology. The MITAB would consist of no more than 17 members that include: (1) experts from the fields of medical information, information technology, medical continuous quality improvement, medical records security and privacy, individual and institutional clinical providers, health researchers, and health care purchasers; (2) one or more staff experts from the Centers for Medicare and Medicaid Services, AHRQ, and the IOM; (3) representatives of private organizations with expertise in medical infomatics; (4) a representative of a teaching hospital; and (5) one or more representatives of the health care information technology industry. | No provisions. |
| Directs the MITAB to advise and make recommendations to the Secretary regarding medical information technology, including: (1) best practices in medical information technology; (2) methods for adoption within two years of a uniform health care information system interface between old and new computer systems; (3) recommendations for health care vocabulary, messaging, and a common lexicon for computer technology to achieve interoperability of health information systems; and (4) methods of implementing health care information technology interoperability standardization, and records security. Also, requires the MITAB to make recommendations on methods to promote information exchange to enhance compatibility among information systems in order to: (1) maximize positive outcomes in clinical care by providing decision support for diagnosis and care, and assisting in the emergency treatment of a patient at a facility with no medical record of the patient; (2) contribute to the development of a patient assessment instrument that minimizes the need for different records when patients move from provider to provider; (3) reduce redundant paperwork; (4) minimize medical errors; and (5) contribute to compatible information technology architecture. | ||
| Advisory board (cont.) | Requires the MITAB, within 18 months, to submit to Congress and the Secretary an initial report of its deliberations and recommendations. The report would include the status of health care information technology standards, recommendations for accelerating the development of health care terminology standards and completing development of health care information system messaging standards, and progress towards meeting the two-year deadline for adoption of a uniform health care information system interface. Annual reports would be due in each of the following two years after the initial report is submitted. MITAB would terminate 30 days after the date of submission of its final report. Authorizes such sums as may be necessary for each fiscal year to carry out these provisions. | No provisions. |
1. (back) Institute of Medicine, To Err Is Human: Building a Safer Health System (Washington, D.C.: National Academy Press, 1999). The report is available online at http://www.nap.edu.
2. (back) Robert J. Blendon et al., "Views of Practicing Physicians and the Public on Medical Errors," New England Journal of Medicine, vol. 347, no. 24 (2002), pp. 1933-1939.
3. (back) Medical errors legislation included: the Medical Error Prevention Act of 2000 (H.R. 3672); the Medicare Comprehensive Quality of Care and Safety Act of 2000 (H.R. 5404); the Medical Error Reduction Act of 2000 (S. 2038); the Stop All Frequent Errors in Medicare and Medicaid Act of 2000 (S. 2378); the Patient Safety and Errors Reduction Act (S. 2738); and the Error Reduction and Improvement in Patient Safety Act (S. 2743).
4. (back) Lucian L. Leape et al., "The Nature of Adverse Events in Hospitalized Patients: Results of the Harvard Medical Practice Study II," New England Journal of Medicine, vol. 324, (1991), pp. 377-384; Eric J. Thomas et al., "Incidence and Types of Adverse Events and Negligent Care in Utah and Colorado," Medical Care, vol. 38 (2000), pp. 261-271.
5. (back) Rodney A. Hayward and Timothy P. Hofer, "Estimating Hospital Deaths Due to Medical Errors: Preventability Is in the Eye of the Beholder," Journal of the American Medical Association, vol. 286 (2001), pp. 415-420.
6. (back) David Classen, "Medication Safety: Moving from Illusion to Reality," Journal of the American Medical Association, vol. 289 (2003), pp. 1154-1156.
7. (back) Jerry H. Gurwitz et al., "Incidence and Preventability of Adverse Drug Events Among Older Persons in the Ambulatory Setting," Journal of the American Medical Association, vol. 289 (2003), pp. 1107-1116.
8. (back) According to the Health Policy Tracking Service, the states are: CA; CO; CT; FL; KS; MA; ME; MN; MO; NV; NJ; NY; NV; OH; PA; RI; SC; SD; TN; TX; VA; and WA.
9. (back) Lucian L. Leape, "Reporting of Adverse Events," New England Journal of Medicine, vol. 347 (2002), pp. 1633-1638. (Hereafter cited as Leape, "Reporting of Adverse Events.")
10. (back) National Academy for State Health Policy, How States Report Medical Errors to the Public: Issues and Barriers (Portland, ME: NASHP, Oct. 2003). This report, hereafter cited as NASHP, Oct. 2003, is one of several NASHP publications on patient safety and medical errors. For more information, go to http://www.nashp.org.
12. (back) Peer review refers to a process by which physicians review and analyze the performance of their colleagues to evaluate and improve the quality of health care. To encourage participation and candor in the process, all states except New Jersey have enacted laws that protect peer review information and participants from the legal process.
14. (back) Wendy K. Miller and Frances H. Miller, Medical Error Reporting: Professional Tensions Between Confidentiality and Liability, Massachusetts Health Policy Forum Issue Brief no. 13 (2001).
18. (back) For more information on the NQF list, go to http://www.qualityforum.org. In March 2003, NASHP released a report, Defining Reportable Adverse Events: A Guide for States Tracking Medical Errors, which compares the NQF list with the requirements of existing state reporting systems. The report is available online at http://www.nashp.org.
19. (back) The Centers for Medicare and Medicaid Services has launched several initiatives requiring hospitals and Medicare-certified nursing homes and home health agencies to report publicly various measures of health care quality. For more information, go to http://www.cms.gov/quality.
20. (back) Information on the ASRS is available online at http://asrs.arc.nasa.gov.
21. (back) Testimony of Linda J. Connell, Director, NASA Aviation Safety Reporting System, before the U.S. Congress, House Committee on Veterans' Affairs, Subcommittee on Oversight and Investigations, Feb. 10, 2000.
22. (back) The VA health care system operates 163 hospitals, 137 nursing homes, 73 comprehensive home-care programs, and more than 850 ambulatory care and community-based outpatient clinics. In 2002, more than 4.5 million people received health care in a VA facility, and the outpatient clinics registered approximately 46.5 million visits. For more information, go to http://www.va.gov.
23. (back) Testimony of Dr. James P. Bagian, Director, National Center for Patient Safety, before the U.S. Congress, Senate Committee on Governmental Affairs, Permanent Subcommittee on Investigations, June 11, 2003. Additional information about the NCPS is available online at http://www.patientsafety.gov.
24. (back) Information on the PSRS is available online at http://www.psrs.arc.nasa.gov.
25. (back) More information is available on JCAHO's website at http://www.jcaho.org.
26. (back) Testimony of Dr. Dennis S. O'Leary, President, Joint Commission on Accreditation of Healthcare Organizations, before the U.S. Congress, House Committee on Ways and Means, Subcommittee on Health, Feb. 10, 2000.
27. (back) More information on the MER program is available online at http://www.usp.org.
28. (back) U.S. Pharmacopeia, MedMARx 5th Anniversary Data Report: A Chartbook of 2003 Findings and Trends 1999-2003 (Rockville, MD.: 2004).
29. (back) Leape, "Reporting of Adverse Events."
30. (back) Institute of Medicine, 1999. More detailed information on FDA's reporting requirements may be found online at http://www.fda.gov.
31. (back) 69 Federal Register 9119, Feb. 26, 2004. Information on the bar codes rule is available at http://www.fda.gov/oc/initiatives/barcode-sadr.
32. (back) 68 Federal Register 12465, Mar. 14, 2003.
33. (back) Brian Raymond and Robert M. Crane, "Design Considerations for a Patient Safety Improvement Reporting System," Kaiser Permanente, Institute for Health Policy, Apr. 2001. (Hereafter cited as Raymond and Crane, "Design Considerations.")
34. (back) Interoperability refers to the ability of two or more systems (e.g., computers, communications devices, networks, software, and other information technology components) to interact with one another and exchange data.
35. (back) More information is available at http://www.hhs.gov/onchit/framework.
Return to CONTENTS section of this Long Report.