The PSQIA and the regulations implementing the Act1 created new terms to identify the type of information covered by the privilege, and to describe the elements of the voluntary reporting program and the organizations and individuals involved and impacted.
What Entities are Involved with the Collection and Reporting of PSWP?
The entities impacted by the PSQIA include patient safety organizations and providers.2 A provider is an individual or entity authorized under state law to provide health care services.3 This definition includes affiliated providers, which are legally separate providers that fall into one of three categories:4
- The parent organization of the provider;
- Entities under common ownership, management, or control with the provider; or
- Entities owned, managed, or controlled by the provider.
A patient safety organization, or PSO, is a public or private entity (or component thereof) listed by the Secretary of HHS (“the Secretary”) as a PSO.5 In order to be listed as a PSO, an entity must initially certify to the Secretary that it has policies and procedures in place necessary for performance of each of eight patient safety activities,6 and that it will comply with all other relevant criteria once listed as a PSO.7 The eight patient safety activities a PSO must be able to perform include:
- Efforts to improve patient safety and the quality of health care delivery;8
- The collection and analysis of patient safety work product;9
- The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices;10
- The utilization of PSWP for the purposes of encouraging a culture of safety and providing feedback and assistance to effectively minimize patient risk;11
- The maintenance of procedures to preserve confidentiality with respect to PSWP;12
- The provision of appropriate security measures with respect to PSWP;13
- The utilization of qualified staff;14 and
- Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.15
The additional criteria with which a PSO must comply include:
- Its mission and primary activity are to improve patient safety and the quality of health care delivery;16
- Has appropriately qualified staff, including licensed or certified medical professionals;17
- Has with more than one provider for the purpose of reviewing and receiving PSWP;18
- Fully disclose any financial, reporting, or contractual relationship between it and any provider with which it contracts;19
- Fully disclose, if applicable, the fact that it is not managed, controlled, and operated independently from any provider with which it contracts;20
- To the extent practicable, it collects PSWP from providers in a standardized manner that permits valid comparisons of similar cases among similar providers;21 and
- It utilizes PSWP for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.22
Certain entities cannot be PSOs, including health insurance issuers and any affiliated divisions or entities.23 Components of certain non-qualifying organizations may be certified as a PSO if the component is part of any of the following organizations:24
· Provider licensing or accrediting organizations;25
· An entity or agent of an entity providing oversight/enforcement of statutory or regulatory requirements governing the delivery of health care services;26 and
· An entity operating a Federal, state, local or Tribal patient safety reporting system to which health care providers are required to report information by law or regulation.27
In order to operate as a PSO, components of such organizations must meet all the certification requirements applicable to PSOs as well as satisfy the following requirements:28
- Certify that it maintains PSWP separately from the rest of its parent organization, and has established appropriate security measures to maintain the confidentiality of the work product;29
- Certify that members of its workforce and any other contractor staff will not make an unauthorized disclosure to the rest of its parent organization in breach of confidentiality;30
- Certify that its mission does not create a conflict of interest with the rest of its parent organization;31 and
- Comply with additional required attestations, information and operational limitations,32 including not sharing staff with its parent organization,33 and submitting a statement describing the parent organization’s role and the scope of the parent organization’s authority with respect to a number of operational activities.34
How will PSWP be used?
Providers and PSOs participating in the program will operate patient safety evaluation systems, which collect, manage and/or analyze information for reporting to or by a PSO.35 The Secretary will maintain a network of patient safety databases that provides an interactive evidence-based management resource for providers, PSOs and other entities; the network will have the capacity to accept, aggregate across the network, and analyze non-identifiable PSWP voluntarily reported by PSOs, providers or other entities.36 Information reported to and among the network of patient safety databases will be used to analyze national and regional statistics, including trends and patterns of health care errors; the information resulting from such analyses will be made available to the public and included in annual quality reports.37
PSQIA, 42 U.S.C. § 299b-21(6).
PSQIA, 42 U.S.C. § 299b-23(a).
PSQIA, 42 U.S.C. § 299b-23(c). Note: these annual quality reports will be submitted to Congress on national trends in the quality of health care provided to the American people (PSHA, 42 U.S.C. § 299b-2(b)(2)).