Section
1. Amend Title 16 of the Delaware Code
by adding a new Chapter to read as follows:
“Chapter
10A
§
1001A. Short Title.
This Act may be
cited as the ‘Patient Safety and Quality Improvement Act’.
§
1002A. Purposes.
(1)
The health care system must identify and learn from
errors that occur so that systems of care can be improved.
(2)
This Act will provide legal protections with respect to
information reported for the purposes of quality improvement and patient
safety.
(3)
The voluntary reporting system established under this
Act supports a learning environment focused on improving patient safety.
(4)
Many organizations currently collecting patient safety data
have expressed a need for legal protections that will allow them to review
protected information and collaborate in the development and implementation of
patient safety improvement strategies. Delaware’s
current peer review protections are inadequate to allow the sharing of
information to promote patient safety.
(5)
This Act will encourage a culture of safety and quality
within Delaware’s health care
system by providing for legal protection of information reported voluntarily
for the purposes of quality improvement and patient safety.
(6)
This Act will ensure accountability by raising
standards and expectations for continuous quality improvements in patient
safety.
§ 1003A. Definitions.
As
used in this Chapter:
(1)
‘Non-Identifiable Information’:
(A)
In General – The term ‘non-identifiable information’
means, with respect to information, that the information is presented in a form
and manner that prevents the identification of a patient, a report of patient
safety data, or a provider.
(B)
Identifiability of Patient – For purposes of
subparagraph (A), the term ‘presented in a form and manner that prevents the
identification of a patient’ means, with respect to information that has been
subject to rules promulgated pursuant to Section 264(c) of the Health Insurance
Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note), that the
information has been de-identified so that it is no longer individually
identifiable health information as defined in such rules.
(2)
‘Patient Safety Organization’ (PSO) – The term ‘patient
safety organization’ means the private or public entity that contracts with the
Centers for Medicare and Medicaid Services (CMS) to be the Medicare Quality
Improvement Organization (QIO) or any similarly titled organization for the
State of Delaware.
(3)
‘Patient Safety Data’:
(A)
In General – The
term ‘patient safety data’ means:
(i)
data, reports, records, memoranda or analyses (such as
root cause analyses), collected, transmitted, or stored either electronically
or on paper by the PSO or provider, that could result in improved patient
safety, health care quality, or health care outcomes, and are:
(I)
collected or developed by a provider, upon becoming
aware of the incident;
(II)
requested by the PSO (including the contents of such
request), if they are reported to the PSO within 60 days of the provider
becoming aware of the incident;
(III) reported
to a provider by the PSO (including confirmation of receipt of patient safety
data from the provider by the PSO; or
(IV) collected
or developed by the PSO, whether identifiable or not.
(ii)
the work product or process related to any patient
safety data described in clause (i) generated by PSO or provider.
(B)
Limitation:
(i)
Collection – If the original material from which data,
reports, records, memoranda or analyses (such as root case analyses) referred
to in subclause (I) or (IV) of subparagraph (A)(i) are collected and is not
patient safety data, the act of such collection shall not make such original
material patient safety data for purposes of this part.
(ii)
Separate Data – The term ‘patient safety data’ shall
not include information (including a patient’s medical record, billing and
discharge information or any other patient or provider record) that is
collected or developed separately from and that exists separately from patient
safety data. Such separate information
or a copy thereof submitted to a patient safety organization shall not itself
be considered as patient safety data. Nothing
in this part, except for Section 4(f)(1), shall be construed to limit:
(I)
the discovery of or admissibility of information
described in this subparagraph in a criminal, civil, or administrative
proceeding;
(II)
the reporting of information described in this
subparagraph to a Federal, State, or local governmental agency for public
health surveillance, investigation, or other public health purposes or health
oversight purposes; or
(III) a
provider’s recordkeeping obligation with respect to information described in
this subparagraph under Federal, State, or local law.
(4)
‘Patient Safety Organization Activities’ – The term
‘patient safety organization activities’ means the following activities, which
are deemed to be necessary for the proper management and administration of a
patient safety organization:
(A)
The conduct, as its primary activity, of efforts to
improve patient safety and the quality of health care delivery.
(B)
The collection and analysis of patient safety data that
are submitted by more than one provider.
(C)
The development and dissemination of information to providers
with respect to improving patient safety, such as recommendations, protocols,
or information regarding best practices.
(D)
The utilization of patient safety data for the purposes
of encouraging a culture of safety and of providing direct feedback and
assistance to providers to effectively minimize patient risk.
(E)
The maintenance of procedures to preserve
confidentiality with respect to patient safety data.
(F)
The provision of appropriate security measures with
respect to patient safety data.
(G)
The utilization of qualified staff.
(5)
‘Person’ – The term ‘person’ shall mean an individual,
trust or estate, a partnership, a corporation (including associations, joint
stock companies and insurance companies), or a state or political subdivision
or instrumentality (including a municipal corporation) of a state.
(6)
‘Provider’ – The term ‘provider’ means:
(A)
an individual or entity licensed or otherwise
authorized under State law to provide health care services, including:
(i)
a hospital, ambulatory surgical center, and physician
or health care practitioner’s office, licensed by the State, and/or
(ii)
a physician, physician assistant, nurse practitioner,
clinical nurse specialist, certified registered nurse anesthetist, and
certified nurse midwife, licensed by the State.
§ 1004A. Privilege and Confidentiality Protections.
(a)
Privilege – Notwithstanding any other provision of
Federal, State, or local law, patient safety data shall be privileged and,
subject to the provisions of subsection (c)(1), shall not be:
(1)
Subject to a Federal, State, or local civil, criminal,
or administrative subpoena;
(2)
Subject to discovery in connection with a Federal,
State, or local civil, criminal or administrative proceeding;
(3)
Disclosed pursuant to the Delaware
or U.S. Freedom of Information Acts or any other similar Federal, State, or
local law;
(4)
Admitted as evidence or otherwise disclosed in any
Federal, State, or local civil, criminal, or administrative proceeding; or
(5)
Utilized in a disciplinary proceeding against a
provider.
(b)
Confidentiality – Notwithstanding any other provision
of Federal, State, or local law, and subject to the provisions of subsections
(c) and (d), patient safety data shall be confidential and shall not be
disclosed.
(c)
Exceptions to Privilege and Confidentiality – Nothing
in this Section shall be construed to prohibit one or more of the following
uses or disclosures:
(1)
Disclosure by a provider or patient safety organization
of relevant patient safety data for use in a criminal proceeding only after a
court makes an in camera determination that such patient safety data contains
evidence of a wanton and criminal act to directly harm the patient.
(2)
Voluntary disclosure of non-identifiable, aggregate
patient safety data by a provider or a patient safety organization.
(d)
Protected Disclosure and Use of Information – Nothing
in this Section shall be construed to prohibit one or more of the following
uses or disclosures:
(1)
Disclosure of non-identifiable, aggregate patient
safety data by a person that is a provider, a patient safety organization, or a
contractor of a provider or patient safety organization, to another such
person, to carry out patient safety organization activities.
(2)
Disclosure of non-identifiable, aggregate patient
safety data by a provider or patient safety organization to grantees or
contractors carrying out patient safety research, evaluation, or demonstration
projects initiated and authorized by the PSO.
(3)
Disclosure of non-identifiable, aggregate patient
safety data by a provider to an accrediting body that accredits that provider.
(4)
Voluntary disclosure of patient safety data by the
patient safety organization to the Secretary of Health and Social Services
(SHSS) for public health surveillance if the consent of each provider
identified in, or providing, such data is obtained prior to such
disclosure. Nothing in the preceding
sentence shall be construed to prevent the release of patient safety data that
is provided by, or that relates solely to, a provider from which the consent
described in such sentence is obtained because one or more other providers do
not provide such consent with respect to the disclosure of patient safety data
that relates to such nonconsenting providers. Consent for the future release of patient
safety data for such purposes may be requested by the patient safety
organization at the time the data is submitted.
(5)
Voluntary disclosure of patient safety data by a
patient safety organization to State or local government agencies for public
health surveillance if the consent of each provider identified in, or
providing, such data is obtained prior to such disclosure. Nothing in the preceding sentence shall be
construed to prevent the release of patient safety data that is provided by, or
that relates solely to, a provider from which the consent described in such
sentence is obtained because one or more other providers do not provide such
consent with respect to the disclosure of patient safety data that relates to
such nonconsenting providers. Consent
for the future release of patient safety data for such purposes may be
requested by the patient safety organization at the time the data is submitted.
(e)
Continued Protection of Information after Disclosure:
(1)
In General- Except as provided in paragraph (2),
patient safety data that is used or disclosed shall continue to be privileged
and confidential as provided for in subsections (a) and (b), and the provisions
of such subsections shall apply to such data in the possession or control of:
(A)
A provider or patient safety organization that
possessed such data before the use or disclosure; or
(B)
A person to whom such data was disclosed.
(2)
Exception – Notwithstanding paragraph (1), and subject
to paragraph (3):
(A)
If patient safety data is used or disclosed as provided
for in subsection (c)(1), and such use or disclosure is in open court, the
confidentiality protections provided for in subsection (b) shall no longer
apply to such data; and
(B)
If patient safety data is used or disclosed as provided
for in subsection (c)(2), the privilege and confidentiality protections
provided for in subsections (a) and (b) shall no longer apply to such data.
(3)
Construction – Paragraph (2) shall not be construed as
terminating or limiting the privilege or confidentiality protections provided
for in subsection (a) or (b) with respect to data other than the specific data
used or disclosed as provided for in subsection (c).
(f)
Limitation on Actions:
(1)
Patient Safety Organizations – Except to enforce
disclosures pursuant to subsection (c)(1), no action may be brought or process
served against a patient safety organization to compel disclosure of
information collected or developed under this part whether or not such
information is patient safety data unless such information is specifically
identified, is not patient safety data, and cannot otherwise be obtained.
(2)
Providers – An accrediting body shall not take an
accrediting action against a provider based on the good faith participation of
the provider in the collection, development, reporting, or maintenance of
patient safety data in accordance with this part. An accrediting body may not require a
provider to reveal its communications with any patient safety organization
established in accordance with this part.
(g)
Reporter Protection:
(1)
In General – A provider may not take an adverse
employment action, as described in paragraph (2), against an individual based
upon the fact that the individual in good faith reported information:
(A)
To the provider with the intention of having the
information reported to a patient safety organization or
(B)
Directly to a patient safety organization.
(2)
Adverse Employment Action – For purposes of this
subsection, an ‘adverse employment action’ includes:
(A)
Loss of employment, the failure to promote an individual,
or the failure to provide any other employment-related benefit for which the
individual would otherwise be eligible; or
(B)
An adverse evaluation or decision made in relation to
accreditation, certification, credentialing, or licensing of the individual.
(h)
Enforcement:
(1)
Prohibition – Except as provided in subsections (c) and
(d) and as otherwise provided for in this Section, it shall be unlawful for any
person to negligently or intentionally disclose any patient safety data, and
any such person shall, upon adjudication, be assessed in accordance with
subsection (h)(2).
(2)
Penalty – Any person who violates this Act shall be
subject to a civil monetary penalty of not more than $10,000 for each such
violation involved.
(3)
Relation to HIPAA – The penalty provided for under
paragraph (1) shall not apply if the defendant would otherwise be subject to a
penalty under the regulations promulgated under Section 264(c) of the Health
Insurance Portability and Accountability Act of 1996 (42 U.S.C. 1320d-2 note)
or under Section 1176 of the Social Security Act (42 U.S.C. 1320d-5) for the
same disclosure.
(4)
Equitable Relief –
(A)
In General – Without limiting remedies available to
other parties, a civil action may be brought by any aggrieved individual to
enjoin any act or practice that violates subsection (g) and to obtain other
appropriate equitable relief (including reinstatement, back pay, and
restoration of benefits) to redress such violation.
(B)
Against State Employees – An entity that is a State or
an agency of a State government may not assert the privilege described in
subsection (a) unless before the time of the assertion, the entity or, in the
case of and with respect to an agency, the State has consented to be subject to
an action as described by this paragraph, and that consent has remained in
effect.
(i)
Rule of Construction – Nothing in the Section shall be
constructed to:
(1)
Limit other privileges that are available under
Federal, State, or local laws that provide greater confidentiality protections
or privileges than the privilege and confidentiality protections provided for
in this Section;
(2)
Limit, alter, or affect the requirements of Federal,
State, or local law pertaining to information that is not privileged or confidential
under this Section;
(3)
Alter or affect the implementation of any provision of
§ 264(c) of the Health Insurance Portability and Accountability Act of 1996
(Public Law 104-191; 110 Stat. 2033), Section 1176 of the Social Security Act
(42 U.S.C. 1320d-5), or any regulation promulgated under such Sections;
(4)
Limit the authority of any provider, patient safety
organization, or other person to enter into a contract requiring greater
confidentiality or delegating authority to make a disclosure or use in
accordance with subsection (c) or (d); and
(5)
Prohibit a provider from reporting a crime to law
enforcement authorities, regardless of whether knowledge of the existence of,
or the description of, the crime is based on patient safety data, so long as
the provider does not disclose patient safety data in making such report.
(j)
Immunity – In addition to the protections and
limitations prescribed in subsections (a)-(i), all parties and patient safety
data subject to this Chapter shall have the immunities and protections granted
in § 1768 of Title 24.
§ 1005A.
Interoperability of Health Care Information Technology Systems.
The technology standards
utilized by the PSO in the administration of health care safety information
shall be consistent with the standards utilized by the Delaware Health
Information Network if implemented in Delaware.
§ 1006A. Studies and Reports.
(a)
On an annual basis the PSO shall issue a report to the
legislature summarizing the archives and data that it has carried out and
collected within the State. All such
reports shall include only aggregate data.
(b)
The PSO may issue at its discretion other reports that
relate to patient safety and that highlight either the issues which must be
addressed to increase patient safety or potential remedies to patient safety
issues, or both. All such reports shall
include only aggregate data.”.
Section 2. Severability.
If any provision of this Act or
the application thereof to any person or circumstance is held invalid, such
invalidity shall not affect other provisions or applications of the Act which
can be given effect without the invalid provision or application, and to that
end, the provisions of this Act are declared to be serverable.
Section 3. Effective Date.
This Act shall be effective on
January 1 of the year following the date of appropriation of funding therefor
in the Annual Appropriations Act.
