Section 1. Amend Title 16 of the Delaware Code by adding thereto a new chapter to read:

"CHAPTER 12B. PATIENT SAFETY AND HEALTH CARE QUALITY IMPROVEMENT ACT OF 2005

§1201B. Short title.

This chapter may be cited as the 'Patient Safety and Health Care Quality Improvement Act of 2005'.

§1202B. Purposes of chapter.

The health care system must identify and learn from errors that occur so that systems of care can be improved. The voluntary reporting system established under this chapter supports a learning environment focused on improving patient safety.

Many organizations currently collecting patient safety data have expressed a need for legal protections that will allow them to review protected information and collaborate in the development and implementation of patient safety improvement strategies. Delaware's current peer review protections are inadequate to allow the sharing of information to promote patient safety. This chapter establishes a patient safety organization for the State, which will encourage a culture of safety and quality within Delaware's health care system by providing for legal protection of information reported voluntarily for the purposes of health care quality improvement and patient safety. This chapter also ensures accountability by raising standards and expectations for continuous quality improvements in patient safety and health care.

§1203B. Definitions.

(1) The term 'non-identifiable information' means, with respect to information, that the information is presented in a form and manner that prevents the identification of a patient, a reporter of patient safety data, or a provider. For purposes of this definition, the term 'presented in a form and manner that prevents the identification of a patient' means, with respect to information that has been subject to rules promulgated pursuant to Sec. 264(c) of the Health Insurance Portability and Accountability Act of 1996 (HIPAA) (42 U.S.C. 1320d-2), that the information has been de-identified so that it is no longer individually identifiable health information as defined in those rules.

(2) The term 'patient safety organization' (PSO) means the private or public entity that contracts with the Centers for Medicare and Medicaid services (CMS) to be the Medicare Quality Improvement Organization (QIO), or any similarly titled organization, for the State of Delaware.

(3) The term 'patient safety data' means:

(A) data, reports, records, memoranda, or analyses (such as root cause analyses) collected, transmitted, or stored either electronically or on paper by the PSO or provider, that could result in improved patient safety, health care quality, or health care outcomes and are (i) collected or developed by a provider, upon becoming aware of a patient safety incident; (ii) requested by the PSO (including the contents of such request), if reported to the PSO within 60 days of the provider becoming aware of a patient safety incident; (iii) reported to a provider by the PSO (including confirmation of receipt of patient safety data from the provider by the PSO); or (iv) collected or developed by the PSO, whether identifiable or not; or

(B) the work product or process related to any patient safety data described in definition subsection (3)(A) of this section, that is generated by the PSO or provider.

(C) If the original material from which data, reports, records, memoranda or analyses (such as root cause analyses) are collected is not patient safety data, the act of such collection does not make the original material patient safety data for purposes of this chapter.

(D) The term 'patient safety data' does not include information (including a patient's medical record, billing and discharge information, or any other patient or provider record) that is collected or developed separately from and that exists separately from patient safety data. Such separate information or a copy thereof submitted to a patient safety organization is not considered as patient safety data. Nothing in this chapter, except for §1204B(e)(1), may be construed to limit (i) the discovery of or admissibility of information described in this paragraph in a criminal, civil, or administrative proceeding; (ii) the reporting of information described in this paragraph to a federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes; or (iii) a provider's recordkeeping obligation with respect to information described in this paragraph under federal, State, or local law.

(4) The term 'patient safety organization (PSO) activities' means the following activities which are considered to be necessary for the proper management and administration of a patient safety organization:

(A) The conduct, as its primary activity, of efforts to improve patient safety and the quality of health care delivery;

(B) The collection and analysis of patient safety data that are submitted by more than one provider;

(C) The development and dissemination of information to providers with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices;

(D) The utilization of patient safety data for the purposes of encouraging a culture of safety and of providing direct feedback and assistance to providers to effectively minimize patient risk;

(E) The maintenance of procedures to preserve confidentiality with respect to patient safety data;

(F) The provision of appropriate security measures with respect to patient safety data; and

(G) The utilization of qualified staff.

(5) The term 'person' means an individual, or a trust, an estate, a partnership, a corporation (including associations, joint stock companies, and insurance companies), a state or political subdivision or instrumentality (including a municipal corporation) of a state, or any other legal or commercial entity.

(6) The term 'provider' means an individual or entity licensed or otherwise authorized under State law to provide health care services, including (i) a hospital, ambulatory surgical center, and physician or health care practitioner's office, licensed by the state, or (ii) a physician, physician assistant, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist, or certified nurse midwife, licensed by the state.

§1204B. Privilege and confidentiality protections.

(a) Notwithstanding any other provision of federal, State, or local law, patient safety data is privileged and, with the exception of the provisions of subsection (c)(1) of this section, such data is not:

(1) subject to a federal, State, or local civil, criminal, or administrative subpoena;

(2) subject to discovery in connection with a federal, State, or local civil, criminal, or administrative proceeding;

(3) subject to disclosure pursuant to the Delaware or United States Freedom of Information Acts or any other similar federal, State, or local law;

(4) subject to admission as evidence or other disclosure in any federal, State, or local civil, criminal, or administrative proceeding; or

(5) subject to use in a disciplinary proceeding against a provider.

(b) Notwithstanding any other provision of federal, State, or local law, with the exception of the provisions of subsections (c) and (d) of this section, patient safety data is confidential and may not be disclosed.

(1) Disclosure by a provider or a PSO of relevant patient safety data for use in a criminal proceeding, including but not limited to use through subpoena and discovery and use as evidence, after a court makes an in camera determination that the patient safety data contains evidence of a wanton and criminal act to directly harm the patient; or

(2) Voluntary disclosure of non-identifiable, aggregate patient safety data by a provider or a PSO.

(3) Disclosure of non-identifiable, aggregate patient safety data by a person that is a provider, a PSO, or a contractor of a provider or a PSO to another person for the purpose of carrying out PSO activities;

(4) Disclosure of non-identifiable, aggregate patient safety data by a provider or a PSO to grantees or contractors carrying out patient safety research, evaluation, or demonstration projects initiated and authorized by the PSO;

(5) Disclosure of non-identifiable, aggregate patient safety data by a provider to an accrediting body that accredits that provider;

(6) Voluntary disclosure of patient safety data by the PSO to the Secretary of Health and Social Services for public health surveillance if the consent of each provider identified in, or providing, the data is obtained prior to disclosure. Nothing in the preceding sentence may be construed to prevent the release of patient safety data that is provided by, or that relates solely to, a provider from whom consent is obtained because one or more other providers do not provide consent with respect to the disclosure of patient safety data that relates to nonconsenting providers. Consent for the future release of patient safety data for such purposes may be requested by the PSO at the time the data is submitted; or

(7) Voluntary disclosure of patient safety data by a PSO to state or local government agencies for public health surveillance if the consent of each provider identified in, or providing, the data is obtained prior to disclosure. Nothing in the preceding sentence may be construed to prevent the release of patient safety data that is provided by, or that relates solely to, a provider from whom consent is obtained because one or more other providers do not provide consent with respect to the disclosure of patient safety data that relates to nonconsenting providers. Consent for the future release of patient safety data for such purposes may be requested by the PSO at the time the data is submitted.

(d) (1) Except as provided in paragraph (2) of this subsection, patient safety data that is used or disclosed continues to be privileged and confidential as provided for in subsections (a) and (b) of this section, and the provisions of those subsections apply to such data in the possession or control of a provider or PSO that possessed the data before the use or disclosure, or of a person to whom the data was disclosed.

(2) Notwithstanding paragraph (1) and subject to paragraph (3) of this section,

(A) if patient safety data is used or disclosed as provided for in subsection (c)(1) of this section, and such use or disclosure is in open court, the confidentiality protections provided for in subsection (b) of this section do not apply to the data; and

(B) if patient safety data is used or disclosed as provided for in subsection (c)(2) of this section, the privilege and confidentiality protections provided for in subsections (a) and (b) of this section do not apply to the data.

(3) Paragraph (2) of this subsection may not be construed as terminating or limiting the privilege or confidentiality protections provided for in subsection (a) or (b) of this section with respect to data other than the specific data used or disclosed as provided for in subsection (c) of this section.

(e) (1) Except to enforce disclosures pursuant to subsection (c)(1) of this section, no action may be brought or process served against a patient safety organization to compel disclosure of information collected or developed under this chapter, whether or not the information is patient safety data, unless the information is specifically identified, is not patient safety data, and cannot otherwise be obtained.

(2) An accrediting body may not take an accrediting action against a provider based on the good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety data in accordance with this chapter. An accrediting body may not require a provider to reveal its communications with any patient safety organization established in accordance with this chapter.

(f) (1) A provider may not take an adverse employment action, as described in paragraph (2) of this subsection, against an individual based upon the fact that the individual in good faith reported information to the provider with the intention of having the information reported to the PSO or reported information directly to the PSO.

(2) For purposes of this subsection, an 'adverse employment action' includes loss of the individual's employment, failure to promote the individual, failure to provide any other employment-related benefit for which the individual would otherwise be eligible, or an adverse evaluation or decision made in relation to accreditation, certification, credentialing, or licensing of the individual.

(g) (1) Except as provided in subsections (c) and (d) of this section and as otherwise provided for in this section, it is unlawful for a person to disclose patient safety data in violation of this chapter. A person who discloses patient safety data in violation of this chapter is subject to a civil monetary penalty of not more than $10,000 for each violation.

(2) The penalty provided for under paragraph (1) of this subsection does not apply if the defendant is sentenced under the regulations promulgated under Sec. 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2) or under Sec. 1176 of the Social Security Act (42 U.S.C. 1320d-5) for the same disclosure.

(3) Without limiting remedies available to other parties, a civil action may be brought by any aggrieved individual to enjoin any act or practice that violates subsection (f) of this section and to obtain other appropriate equitable relief, including reinstatement, back pay, and restoration of benefits, to redress the violation.

(4) An entity that is the State or an agency of the State government may not assert the privilege described in subsection (a) of this section unless before the time of the assertion, the entity or, in the case of and with respect to an agency, the State has consented to be subject to an action as described in this subsection, and that consent has remained in effect.

(h) Nothing in this section may be construed to:

(1) limit, alter, or effect other confidentiality protections and privileges that are available under federal, State, or local laws that provide greater confidentiality protections and privileges than the confidentiality protections and privileges provided for in this section;

(2) limit, alter, or affect the requirements of federal, State, or local law pertaining to information that is not privileged or confidential under this section;

(3) limit, alter, or affect the implementation of any provision of Sec. 264(c) of the Health Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2), Sec. 1176 of the Social Security Act (42 U.S.C. 1320d-5), or any regulation promulgated under these sections;

(4) limit, alter, or affect the authority of any provider, PSO, or other person to enter into a contract requiring greater confidentiality or a contract delegating authority to disclose or use patient safety data in accordance with subsection (c) of this section; or

(5) prohibit a provider from reporting a crime to law enforcement authorities, regardless of whether knowledge of the existence of, or the description of, the crime is based on patient safety data, so long as the provider does not disclose or use patient safety data in making the report.

(i) In addition to the protections and limitations prescribed in subsections (a)-(h) of this section, all parties and patient safety data subject to this chapter have the immunities and protections granted in 24 Del. C. §1768.

§1205B. Interoperability of health care information technology systems.

The technology standards used by the PSO in the administration of patient safety data must be consistent with the standards used by the Delaware Health Information Network if the Network is implemented in Delaware.".

Section 2. Studies and reports.

(a) On an annual basis the Patient Safety Organization (PSO) shall issue a report to the legislature summarizing the data that it collected and analyzed within the State. The report may include only non-identifiable, aggregate patient safety data.

(b) The PSO may issue at its discretion other reports that relate to patient safety and that highlight either the issues which must be addressed to increase patient safety or potential remedies to patient safety issues, or both. The reports may include only non-identifiable, aggregate patient safety data.

Section 3. Effective date.

This Act takes effect on January 1 of the year immediately following the date on which the Act is enacted into law.