42 U.S. Code § 299b–22 - Privilege and confidentiality protections
Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c) of this section, patient safety work product shall be privileged and shall not be—
(1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(3) subject to disclosure pursuant to section 552 of title 5 (commonly known as the Freedom of Information Act) or any other similar Federal, State, or local law;
(4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or
(b) Confidentiality of patient safety work product
Notwithstanding any other provision of Federal, State, or local law, and subject to subsection (c) of this section, patient safety work product shall be confidential and shall not be disclosed.
Except as provided in subsection (g)(3) of this section—
(1) Exceptions from privilege and confidentiality
Subsections (a) and (b) of this section shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(A) Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source.
(B) Disclosure of patient safety work product to the extent required to carry out subsection (f)(4)(A) of this section.
(2) Exceptions from confidentiality
Subsection (b) of this section shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(C) Disclosure of patient safety work product to grantees, contractors, or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed for such purpose under the HIPAA confidentiality regulations.
(D) Disclosure by a provider to the Food and Drug Administration with respect to a product or activity regulated by the Food and Drug Administration.
(E) Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider.
(F) Disclosures that the Secretary may determine, by rule or other means, are necessary for business operations and are consistent with the goals of this part.
(G) Disclosure of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes.
(H) With respect to a person other than a patient safety organization, the disclosure of patient safety work product that does not include materials that—
(d) Continued protection of information after disclosure
(1) In general
Patient safety work product that is disclosed under subsection (c) of this section shall continue to be privileged and confidential as provided for in subsections (a) and (b) of this section, and such disclosure shall not be treated as a waiver of privilege or confidentiality, and the privileged and confidential nature of such work product shall also apply to such work product in the possession or control of a person to whom such work product was disclosed.
Notwithstanding paragraph (1), and subject to paragraph (3)—
(A) if patient safety work product is disclosed in a criminal proceeding, the confidentiality protections provided for in subsection (b) of this section shall no longer apply to the work product so disclosed; and
(B) if patient safety work product is disclosed as provided for in subsection (c)(2)(B) of this section (relating to disclosure of nonidentifiable patient safety work product), the privilege and confidentiality protections provided for in subsections (a) and (b) of this section shall no longer apply to such work product.
Paragraph (2) shall not be construed as terminating or limiting the privilege or confidentiality protections provided for in subsection (a) or (b) of this section with respect to patient safety work product other than the specific patient safety work product disclosed as provided for in subsection (c) of this section.
(4) Limitations on actions
(A) Patient safety organizations
(i) In general A patient safety organization shall not be compelled to disclose information collected or developed under this part whether or not such information is patient safety work product unless such information is identified, is not patient safety work product, and is not reasonably available from another source.
An accrediting body shall not take an accrediting action against a provider based on the good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety work product in accordance with this part. An accrediting body may not require a provider to reveal its communications with any patient safety organization established in accordance with this part.
(e) Reporter protection
(1) In general
A provider may not take an adverse employment action, as described in paragraph (2), against an individual based upon the fact that the individual in good faith reported information—
(A) to the provider with the intention of having the information reported to a patient safety organization; or
(2) Adverse employment action
For purposes of this subsection, an “adverse employment action” includes—
(A) loss of employment, the failure to promote an individual, or the failure to provide any other employment-related benefit for which the individual would otherwise be eligible; or
(1) Civil monetary penalty
Subject to paragraphs (2) and (3), a person who discloses identifiable patient safety work product in knowing or reckless violation of subsection (b) of this section shall be subject to a civil monetary penalty of not more than $10,000 for each act constituting such violation.
(3) Relation to HIPAA
(4) Equitable relief
(A) In general
Without limiting remedies available to other parties, a civil action may be brought by any aggrieved individual to enjoin any act or practice that violates subsection (e) of this section and to obtain other appropriate equitable relief (including reinstatement, back pay, and restoration of benefits) to redress such violation.
(B) Against State employees
An entity that is a State or an agency of a State government may not assert the privilege described in subsection (a) of this section unless before the time of the assertion, the entity or, in the case of and with respect to an agency, the State has consented to be subject to an action described in subparagraph (A), and that consent has remained in effect.
(g) Rule of construction
Nothing in this section shall be construed—
(1) to limit the application of other Federal, State, or local laws that provide greater privilege or confidentiality protections than the privilege and confidentiality protections provided for in this section;
(2) to limit, alter, or affect the requirements of Federal, State, or local law pertaining to information that is not privileged or confidential under this section;
(3) except as provided in subsection (i) of this section, to alter or affect the implementation of any provision of the HIPAA confidentiality regulations or section 1320d–5 of this title (or regulations promulgated under such section);
(4) to limit the authority of any provider, patient safety organization, or other entity to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this section;
(5) as preempting or otherwise affecting any State law requiring a provider to report information that is not patient safety work product; or
Nothing in this part prohibits any person from conducting additional analysis for any purpose regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by a patient safety organization or a patient safety evaluation system.
(i) Clarification of application of HIPAA confidentiality regulations to patient safety organizations
For purposes of applying the HIPAA confidentiality regulations—
(j) Reports on strategies to improve patient safety
(1) Draft report
Not later than the date that is 18 months after any network of patient safety databases is operational, the Secretary, in consultation with the Director, shall prepare a draft report on effective strategies for reducing medical errors and increasing patient safety. The draft report shall include any measure determined appropriate by the Secretary to encourage the appropriate use of such strategies, including use in any federally funded programs. The Secretary shall make the draft report available for public comment and submit the draft report to the Institute of Medicine for review.
Source(July 1, 1944, ch. 373, title IX, § 922, as added Pub. L. 109–41, § 2(a)(5),July 29, 2005, 119 Stat. 427.)
References in Text
Section 264(c)(1) of the Health Insurance Portability and Accountability Act of 1996, referred to in subsec. (f)(3), is section 264(c)(1) ofPub. L. 104–191, which is set out as a note under section 1320d–2 of this title.
A prior section 922 of act July 1, 1944, was renumbered section 942 and is classified to section 299c–1 of this title.