View all text of Part C [§ 299b-21 - § 299b-26]
§ 299b–22. Privilege and confidentiality protections
(a) PrivilegeNotwithstanding any other provision of Federal, State, or local law, and subject to subsection (c), patient safety work product shall be privileged and shall not be—
(1) subject to a Federal, State, or local civil, criminal, or administrative subpoena or order, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(2) subject to discovery in connection with a Federal, State, or local civil, criminal, or administrative proceeding, including in a Federal, State, or local civil or administrative disciplinary proceeding against a provider;
(3) subject to disclosure pursuant to section 552 of title 5 (commonly known as the Freedom of Information Act) or any other similar Federal, State, or local law;
(4) admitted as evidence in any Federal, State, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or
(5) admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law.
(b) Confidentiality of patient safety work product
(c) ExceptionsExcept as provided in subsection (g)(3)—
(1) Exceptions from privilege and confidentialitySubsections (a) and (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(A) Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source.
(B) Disclosure of patient safety work product to the extent required to carry out subsection (f)(4)(A).
(C) Disclosure of identifiable patient safety work product if authorized by each provider identified in such work product.
(2) Exceptions from confidentialitySubsection (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
(A) Disclosure of patient safety work product to carry out patient safety activities.
(B) Disclosure of nonidentifiable patient safety work product.
(C) Disclosure of patient safety work product to grantees, contractors, or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed for such purpose under the HIPAA confidentiality regulations.
(D) Disclosure by a provider to the Food and Drug Administration with respect to a product or activity regulated by the Food and Drug Administration.
(E) Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider.
(F) Disclosures that the Secretary may determine, by rule or other means, are necessary for business operations and are consistent with the goals of this part.
(G) Disclosure of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes.
(H) With respect to a person other than a patient safety organization, the disclosure of patient safety work product that does not include materials that—
(i) assess the quality of care of an identifiable provider; or
(ii) describe or pertain to one or more actions or failures to act by an identifiable provider.
(3) Exception from privilege
(d) Continued protection of information after disclosure
(1) In general
(2) ExceptionNotwithstanding paragraph (1), and subject to paragraph (3)—
(A) if patient safety work product is disclosed in a criminal proceeding, the confidentiality protections provided for in subsection (b) shall no longer apply to the work product so disclosed; and
(B) if patient safety work product is disclosed as provided for in subsection (c)(2)(B) (relating to disclosure of nonidentifiable patient safety work product), the privilege and confidentiality protections provided for in subsections (a) and (b) shall no longer apply to such work product.
(3) Construction
(4) Limitations on actions
(A) Patient safety organizations
(i) In general
(ii) Nonapplication
(B) Providers
(e) Reporter protection
(1) In generalA provider may not take an adverse employment action, as described in paragraph (2), against an individual based upon the fact that the individual in good faith reported information—
(A) to the provider with the intention of having the information reported to a patient safety organization; or
(B) directly to a patient safety organization.
(2) Adverse employment actionFor purposes of this subsection, an “adverse employment action” includes—
(A) loss of employment, the failure to promote an individual, or the failure to provide any other employment-related benefit for which the individual would otherwise be eligible; or
(B) an adverse evaluation or decision made in relation to accreditation, certification, credentialing, or licensing of the individual.
(f) Enforcement
(1) Civil monetary penalty
(2) Procedure
(3) Relation to HIPAA
(4) Equitable relief
(A) In general
(B) Against State employees
(g) Rule of constructionNothing in this section shall be construed—
(1) to limit the application of other Federal, State, or local laws that provide greater privilege or confidentiality protections than the privilege and confidentiality protections provided for in this section;
(2) to limit, alter, or affect the requirements of Federal, State, or local law pertaining to information that is not privileged or confidential under this section;
(3) except as provided in subsection (i), to alter or affect the implementation of any provision of the HIPAA confidentiality regulations or section 1320d–5 of this title (or regulations promulgated under such section);
(4) to limit the authority of any provider, patient safety organization, or other entity to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this section;
(5) as preempting or otherwise affecting any State law requiring a provider to report information that is not patient safety work product; or
(6) to limit, alter, or affect any requirement for reporting to the Food and Drug Administration information regarding the safety of a product or activity regulated by the Food and Drug Administration.
(h) Clarification
(i) Clarification of application of HIPAA confidentiality regulations to patient safety organizationsFor purposes of applying the HIPAA confidentiality regulations—
(1) patient safety organizations shall be treated as business associates; and
(2) patient safety activities of such organizations in relation to a provider are deemed to be health care operations (as defined in such regulations) of the provider.
(j) Reports on strategies to improve patient safety
(1) Draft report
(2) Final report
(July 1, 1944, ch. 373, title IX, § 922, as added Pub. L. 109–41, § 2(a)(5), July 29, 2005, 119 Stat. 427.)