Skip to Content

Patient Safety and Quality Improvement Act (PSQIA)

Topics: 
Health Information Technology
Medical Peer Review
Patient Safety
Privacy and Confidentiality
Public Health Data Collection and Reporting
Quality Measurement and Reporting
Research
Resource Use (Cost/Utilization) Measurement and Reporting
Security of Health Information

Defining New Terms

The PSQIA and the regulations implementing the Act1 created new terms to identify the type of information covered by the privilege, and to describe the elements of the voluntary reporting program and the organizations and individuals involved and impacted. 

What Entities are Involved with the Collection and Reporting of PSWP?

The entities impacted by the PSQIA include patient safety organizations and providers.2  A provider is an individual or entity authorized under state law to provide health care services.3 This definition includes affiliated providers, which are legally separate providers that fall into one of three categories:4

  • The parent organization of the provider;
  • Entities under common ownership, management, or control with the provider; or
  • Entities owned, managed, or controlled by the provider.

 

A patient safety organization, or PSO, is a public or private entity (or component thereof) listed by the Secretary of HHS (“the Secretary”) as a PSO.5  In order to be listed as a PSO, an entity must initially certify to the Secretary that it has policies and procedures in place necessary for performance of each of eight patient safety activities,6 and that it will comply with all other relevant criteria once listed as a PSO.7 The eight patient safety activities a PSO must be able to perform include:

  • Efforts to improve patient safety and the quality of health care delivery;8
  • The collection and analysis of patient safety work product;9
  • The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices;10
  • The utilization of PSWP for the purposes of encouraging a culture of safety and providing feedback and assistance to effectively minimize patient risk;11
  • The maintenance of procedures to preserve confidentiality with respect to PSWP;12
  • The provision of appropriate security measures with respect to PSWP;13
  • The utilization of qualified staff;14 and
  • Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.15

 

The additional criteria with which a PSO must comply include:

  • Its mission and primary activity are to improve patient safety and the quality of health care delivery;16
  • Has appropriately qualified staff, including licensed or certified medical professionals;17
  • Has with more than one provider for the purpose of reviewing and receiving PSWP;18
  • Fully disclose any financial, reporting, or contractual relationship between it and any provider with which it contracts;19
  • Fully disclose, if applicable, the fact that it is not managed, controlled, and operated independently from any provider with which it contracts;20
  • To the extent practicable, it collects PSWP from providers in a standardized manner that permits valid comparisons of similar cases among similar providers;21 and
  • It utilizes PSWP for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.22

 

Certain entities cannot be PSOs, including health insurance issuers and any affiliated divisions or entities.23  Components of certain non-qualifying organizations may be certified as a PSO if the component is part of any of the following organizations:24

·      Provider licensing or accrediting organizations;25

·      An entity or agent of an entity providing oversight/enforcement of statutory or regulatory requirements governing the delivery of health care services;26 and

·      An entity operating a Federal, state, local or Tribal patient safety reporting system to which health care providers are required to report information by law or regulation.27

In order to operate as a PSO, components of such organizations must meet all the certification requirements applicable to PSOs as well as satisfy the following requirements:28

  • Certify that it maintains PSWP separately from the rest of its parent organization, and has established appropriate security measures to maintain the confidentiality of the work product;29
  • Certify that members of its workforce and any other contractor staff will not  make an unauthorized disclosure to the rest of its parent organization in breach of confidentiality;30
  • Certify that its mission does not create a conflict of interest with the rest of its parent organization;31 and
  • Comply with additional required attestations, information and operational limitations,32 including not sharing staff with its parent organization,33 and submitting a statement describing the parent organization’s role and the scope of the parent organization’s authority with respect to a number of operational activities.34

How will PSWP be used?

Providers and PSOs participating in the program will operate patient safety evaluation systems, which collect, manage and/or analyze information for reporting to or by a PSO.35  The Secretary will maintain a network of patient safety databases that provides an interactive evidence-based management resource for providers, PSOs and other entities; the network will have the capacity to accept, aggregate across the network, and analyze non-identifiable PSWP voluntarily reported by PSOs, providers or other entities.36  Information reported to and among the network of patient safety databases will be used to analyze national and regional statistics, including trends and patterns of health care errors; the information resulting from such analyses will be made available to the public and included in annual quality reports.37

 


PSQIA, 42 U.S.C. § 299b-21(6).

PSQIA, 42 U.S.C. § 299b-23(a).

PSQIA, 42 U.S.C. § 299b-23(c).  Note: these annual quality reports will be submitted to Congress on national trends in the quality of health care provided to the American people (PSHA, 42 U.S.C. § 299b-2(b)(2)).

How is PSWP protected?

Identifiable PSWP is subject to privilege and confidentiality requirements, each of which have specific exceptions that permit disclosure under certain circumstances.  In order to ensure that disclosure of identifiable PSWP is limited to those circumstances in which it is authorized, a number of enforcement mechanisms are available, including an avenue for individuals to report suspected violations, Secretarial authority to conduct comprehensive compliance reviews, and civil monetary penalties.

Protections Surrounding PSWP

PSWP is privileged information, which means it is unavailable for disclosure in the following circumstances, subject to limited exceptions:

·      A judicial or administrative court subpoena or order;38

·      Discovery in connection with a judicial or administrative proceeding against a provider,39

·      Disclosure under the Freedom of Information Act40 or any similar Federal, State or local law;41 and/or

·      Admission as evidence in any civil, criminal or administrative proceeding,42 including a professional disciplinary.43

PSWP is also considered confidential and may not be disclosed, subject to limited exceptions.

 

In addition to the privilege and confidentiality requirements surrounding PSWP, a PSO cannot be compelled to disclose information it collects or develops, even if the information is not PSWP, unless such information is identified, is not PSWP, and is not reasonably available from another source.44  PSOs may, of course, be subject to any of the disclosure exceptions applicable to PSWP.45 Accrediting bodies may not take accrediting actions against providers who participate in the good faith collection, development, reporting, or maintenance of patient safety work product, and may not require providers to reveal their communications with any PSO.46  Employers may not take an adverse employment action47 against an individual based on the following:

  • The individual in good faith reported information to the provider with the intent of having the information reported to a PSO;48 or
  • The individual in good faith reported information directly to a PSO.49

 

Every PSO must comply with standard security requirements at all times and in any location in which the PSO, its workforce members, or its contractors receive, access, or handle PSWP.50  This requires maintaining policies and procedures that address a number of considerations, including all of the following:

·      Properly training workforce and contractors on security protocols and confidentiality measures;51

·      Distinguishing PSWP from non-PSWP;52

·      Protecting the media that contains PSWP;53

·      Employment of physical and environmental protections to control and limit physical and virtual access to places and equipment where PSWP is received, access, or handled;54

·      Proper identification of those authorized to receive, access or handle PSWP;55

·      Utilization of an audit to detect inappropriate receipt, access, or handling of PSWP;56

·      Implementation of methods to prevent unauthorized receipt, access or handling of PSWP;57 and

·      Conducting periodic security assessments to ensure that its security protocols are effective, to correct any identified deficiencies, and to reduce or eliminate any vulnerability.58

 

If an entity’s certification as a PSO is revoked, it must notify each provider whose PSWP was collected or analyzed of such revocation within fifteen days.59  For the first thirty days after removal from the accredited PSO list, any data submitted to the entity will remain protected under the relevant privilege and confidentiality requirements.60  If the privilege and confidentiality requirements applied to data while the entity was listed (or to data received within thirty days after its removal), those protections continue to apply after the entity is removed from the listing.61 A de-accredited entity must comply with the following requirements with respect to any data it receives within thirty days of its removal from the listing:

  • The former PSO will transfer such work product or data to another PSO;62
  • The former PSO will return such work product or data to whatever entity originally submitted it;63 or
  • If returning the product or data to the original submitting entity is not practicable, the former PSO will destroy such work product or data.64

 


PSQIA, 42 U.S.C. § 299b-22(a)(1).

PSQIA, 42 U.S.C. § 299b-22(a)(2).

Please see FOIA section, or go to 5 U.S.C. 552 to access the Act.

PSQIA, 42 U.S.C. § 299b-22(a)(3).

PSQIA, 42 U.S.C. § 299b-22(a)(4).

PSQIA, 42 U.S.C. § 299b-22(a)(5).

PSQIA, 42 U.S.C. § 299b-22(d)(4)(A)(i).

PSQIA, 42 U.S.C. § 299b-22(d)(4)(A)(ii).

PSQIA, 42 U.S.C. § 299b-22(d)(4)(B).

Includes the loss of employment, failure to promote, failure to provide any other employment-related benefit for which the individual would have been eligible (PSQIA, 42 U.S.C. § 299b-22(e)(2)(A)) or an adverse evaluation or decision made in relation to the accreditation, certification, credentialing, or licensing of the individual (PSQIA, 42 U.S.C. § 299b-22(e)(2)(B)).

PSQIA, 42 U.S.C. § 299b-22(e)(1)(A).

PSQIA, 42 U.S.C. § 299b-22(e)(1)(B).

42 CFR § 3.106(a).

42 CFR § 3.106(b)(1)(ii).

42 CFR § 3.106(b)(2)(i).

42 CFR § 3.106(b)(2)(ii).

42 CFR § 3.106(b)(2)(iii).

42 CFR § 3.106(b)(3)(i).

42 CFR § 3.106(b)(3)(i).

42 CFR § 3.106(b)(3)(ii).

42 CFR § 3.106(b)(4)(i).

PSQIA, 42 U.S.C. § 299b-24(e)(2).

PSQIA, 42 U.S.C. § 299b-24(f)(1).

PSQIA, 42 U.S.C. § 299b-24(f)(2).

PSQIA, 42 U.S.C. § 299b-24(g)(1) Note: both the transferring entity and the new PSO must approve the transfer.

PSQIA, 42 U.S.C. § 299b-24(g)(2).

PSQIA, 42 U.S.C. § 299b-24(g)(3).

Exceptions to Privilege and Confidentiality Requirements

The privilege and confidentiality requirements surrounding PSWP are not applicable in certain situations; all PSWP may be disclosed when use of the PWSP falls into any of the following categories:

·      For use in a criminal proceeding if a court makes a determination in camera65 that the PSWP contains evidence of a criminal act, is material to the proceeding and is not reasonably available from any other source;66

·      To the extent necessary to carry out67 equitable relief in a civil action brought by any aggrieved individual to redress or enjoin an adverse employment action,68 if the court or administrative tribunal has issued a protective order to protect the confidentiality of PSWP in the course of the proceeding;69

·      When authorized by each identified provider70 via a signed writing that contains enough detail to fairly inform the provider(s) of the nature and scope of the disclosure being authorized;71

·      Voluntary disclosure of non-identifiable patient safety work product;72 and/or

·      To or by the Secretary in investigating or determining compliance, imposition of civil money penalties, or making or supporting decisions with respect to listing of a PSO,73 which may be subsequently disclosed by the Secretary for use by HHS in any of its activities and for use as evidence in any administrative or judicial proceeding.74

 

The following disclosures are exceptions only to the confidentiality requirements applicable to PSWP.  They are not available to circumvent the privilege requirements.  Disclosure of PSWP may occur in the following circumstances:

  • To carry out patient safety activities75 when such disclosure is between a provider and a PSO,76 to a contractor of a provider or a PSO,77 or among affiliated providers;78
  • To carry out patient safety activities when such disclosure is to another PSO or provider, if thirteen specific identifiers79 of any providers or affiliated organizations, corporate parents, subsidiaries, practice partners, employers, members of the workforce or household members of such providers are removed,80 and direct identifiers81 in any individually identifiable health information are removed;82
  • If the PSWP is non-identifiable, whether voluntarily disclosed or not;83
  • To entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research;84
  • By a provider to the FDA with respect to a product or activity regulated by the FDA;85
  • Voluntary disclosure by a provider to an accrediting body that accredits that provider;86
  • For business operations to attorneys, accounts and other professionals,87 or other business operations prescribed by the Secretary, if disclosure is consistent with the goals of patient safety improvement;88
  • To law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime), if the person making the disclosure reasonably believes, under the circumstances, that the disclosure is necessary for criminal law enforcement purposes;89
  • The disclosure does not include materials that assess the quality of care of an identifiable provider,90 or do not include materials that describe or pertain to one or more actions or failures to act by an identifiable provider,91 if the entity or individual making the disclosure is not a PSO.92

 

In addition to these disclosure exceptions, a component PSO may provide individuals in or units of its parent organization with access to identifiable PSWP in the following situation:

·      There is an agreement that access to such work product will be limited to what is necessary to assist the component in the conduct of patient safety activities;93 and

·      Those given access will not use or disclose such information beyond what is required to assist the component PSO, will take appropriate security measures to prevent unauthorized disclosures, and will comply with the general certifications the component PSO made regarding unauthorized disclosures.94

 

If any PSWP is disclosed via an authorized exception, the PSWP will continue to be confidential and privileged after such disclosure, and the confidentiality and privilege requirements will apply in equal measure to the person to whom the information was disclosed.95  However, if the PSWP is disclosed in accordance with the exception provided for criminal proceedings, the confidentiality protection will no longer apply to the PSWP.96  Additionally, if the PSWP disclosed is non-identifiable, neither the privilege nor the confidentiality protections will continue to apply to the non-identifiable PSWP.97

 


In camera means privately in front of a judge; not in open court.

PSQIA, 42 U.S.C. § 299b-22(c)(1)(A).

PSQIA, 42 U.S.C. § 299b-22(c)(1)(B).

PSQIA, 42 U.S.C. § 299b-22(e). Note: States or agencies of state governments may not assert any of the privilege protections described unless before such assertion, the state has consented to be subject to the equitable relief remedies for employers, and such consent has remained in effect.[4]

42 CFR § 3.206(b)(2).

PSQIA, 42 U.S.C. § 299b-22(c)(1)(C).

42 CFR § 3.206(b)(3)(i).

PSQIA, 42 U.S.C. § 299b-22(c)(3); PSQIA, 42 U.S.C. § 299b-22(c)(2)(A).

42 CFR § 3.204(c); 42 CFR § 3.206(d).

42 CFR § 3.312(c)(2).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(A).

42 CFR § 3.206(b)(4)(i).

42 CFR § 3.206(b)(4)(ii).

42 CFR § 3.206(b)(4)(iii).

Direct identifiers are listed in 42 CFR § 3.206(b)(4)(iv)(A)

42 CFR § 3.206(b)(4)(iv)(A).

Listed at 45 CFR 164.514(e)(2).

42 CFR § 3.206(b)(4)(iv)(B).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(B).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(C).  Note: if work product disclosed for research is by a HIPAA-covered entity (defined at 45 CFR 160.103) and contains HIPAA-defined protected health information (defined at 45 CFR 160.103), disclosure is only permissible to the same extent as it would be permissible under HIPAA (42 CFR § 3.206(b)(6)(ii)).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(D). Note: any person permitted to receive patient safety work product pursuant to this exception may only further disclose such work product for the purpose of evaluating the quality, safety, or effectiveness of that product or activity to another such person or the disclosing provider (42 CFR § 3.206(b)(7)(ii)).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(E). Note: an accrediting body may not further disclose patient safety work product it receives pursuant to this exception (42 CFR § 3.206(b)(8)(ii), and may not take an accrediting action against a provider based on good faith participation of the provider in the collection, development, reporting or maintenance of patient safety work product in accordance with these rules nor require a provider to reveal its communications with any PSO (42 CFR § 3.206(b)(8)(iii)).

42 CFR § 3.206(b)(9)(i).  Note: such contractors may not further disclose patient safety work product except to the entity from which they received the information.

PSQIA, 42 U.S.C. § 299b-22(c)(2)(F).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(G). Note: law enforcement personnel receiving work product pursuant to this exception may only disclose such work product to other law enforcement authorities as needed for law enforcement activities related to the event that gave rise to the initial disclosure (42 CFR § 3.206(b)(10)(ii).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(i).

PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(ii).

Note: this is referred to the “safe harbor” provision in the implementing regulations (42 CFR § 3.206(c)).

42 CFR § 3.102(c)(3)(i).

42 CFR § 3.102(c)(3)(ii).

PSQIA, 42 U.S.C. § 299b-22(d)(1).

PSQIA, 42 U.S.C. § 299b-22(d)(2)(A).

PSQIA, 42 U.S.C. § 299b-22(d)(2)(B).

Enforcement Provisions

Reporting Confidentiality Violations

Any person who believes that patient safety work product has been disclosed in violation of the confidentiality provisions may file a complaint with the Secretary.98  Such complaint must be in writing,99 name the subject of the complaint and describe the acts believed to be in violation of the confidentiality provisions.100

 


42 CFR § 3.306(a).

42 CFR § 3.306(b)(1).

42 CFR § 3.306(b)(2). 

Compliance Reviews

The Secretary may assess or verify any PSO’s compliance with requirements by requesting information or conducting reviews of, or site visits to, PSOs.101  The Secretary may inspect the physical or virtual sites maintained or controlled by the PSO, and may inspect or obtain copies of any necessary PSO records, including PSWP.102 Respondents must keep records and submit compliance reports as required by the Secretary,103 must cooperate with complaint investigations and compliance reviews,104 and must permit the Secretary access to any sources of information that are pertinent to ascertaining compliance with the confidentiality provisions.105

 


42 CFR § 3.308.

42 CFR § 3.110.

42 CFR § 3.310(a).

42 CFR § 3.310(b).

42 CFR § 3.310(c)(1).  Note: the Secretary must be granted such access during normal business hours; if the Secretary determines that exigent circumstances exist, access must be granted at any time and without notice.  If the information required is exclusively in the possession of another entity, and the other entity fails or refuses to furnish the information, the respondent must so certify and set forth what efforts it has made to obtain the information (42 CFR § 3.310(c)(2)).

Confidentiality Violations

The Office for Civil Rights will investigate and enforce compliance with the confidentiality provisions.106  A person who knowingly or recklessly discloses identifiable PSWP in violation of the confidentiality requirements107 will be subject to a civil monetary penalty108 of up to $10,000 for each violation,109 as will any principal based on the act of his agent, in accordance with the federal common law of agency.110 In determining the amount of the penalty,111 the Secretary may consider aggravating or mitigating factors as appropriate.112 When a penalty is final, the Secretary will notify the following of the penalty and the reason it was imposed:113

·      The public;

·      The appropriate state or local medical or professional organization;

·      State agenc(ies) administering or supervising the administration of state health care programs;

·      The appropriate utilization and quality control peer review organization; and

·      The appropriate state or local licensing agency or organization of the penalty. 

 


42 CFR Part 3 (page 70732)

Note: Penalties may not be imposed under both the PSQIA and HIPAA for a single act or omission (42 U.S.C. § 299b-22(f)(3)).

Civil monetary penalties under the PSQIA will be applied in accordance with the provisions of Title 11 of the Social Security Act, § 1128A (Available at 42 U.S.C. § 1320a-7a), starting from the second sentence of § 1128A(c)(1).

PSQIA, 42 U.S.C. § 299b-22(f)(1).

42 CFR § 3.402(b).

42 CFR § 3.408.

42 CFR § 3.408.

42 CFR § 3.426.

ALJ Hearings

A respondent is permitted to request a hearing before an ALJ;114 if such request is granted, the hearing must conform to a number of adjudicatory requirements.115  The record of such hearing must be recorded and transcribed, and may be obtained following the hearing;116 the record of the decision, including the transcript of the testimony, exhibits and other evidence admitted at the hearing, and all papers and requests filed in the proceeding,117 may be inspected and copied by any person, unless otherwise ordered by the ALJ for good cause shown.118

 


42 CFR § 3.504(a).

42 CFR § 3.504, et. seq.

42 CFR § 3.542(a).

42 CFR § 3.542(b).

42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.

 


Current View

Footnotes

  • 1. 42 CFR § 3.504(a).
  • 2. 42 CFR § 3.504(a).
  • 3. 42 CFR § 3.504, et. seq.
  • 4. 42 CFR § 3.542(a).
  • 5. 42 CFR § 3.542(b).
  • 6. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.
  • 7. 42 CFR § 3.408.
  • 8. 42 CFR § 3.408.
  • 9. 42 CFR § 3.426.
  • 10. 42 CFR § 3.204(c); 42 CFR § 3.206(d).
  • 11. 42 CFR § 3.312(c)(2).
  • 12. PSQIA, 42 U.S.C. § 299b-22(c)(2)(A).
  • 13. 42 CFR § 3.206(b)(4)(i).
  • 14. 42 CFR § 3.206(b)(4)(ii).
  • 15. 42 CFR § 3.206(b)(4)(iii).
  • 16. Direct identifiers are listed in 42 CFR § 3.206(b)(4)(iv)(A)
  • 17. 42 CFR § 3.206(b)(4)(iv)(A).
  • 18. Listed at 45 CFR 164.514(e)(2).
  • 19. 42 CFR § 3.206(b)(4)(iv)(B).
  • 20. PSQIA, 42 U.S.C. § 299b-22(c)(2)(B).
  • 21. PSQIA, 42 U.S.C. § 299b-22(c)(2)(C).  Note: if work product disclosed for research is by a HIPAA-covered entity (defined at 45 CFR 160.103) and contains HIPAA-defined protected health information (defined at 45 CFR 160.103), disclosure is only permissible to the same extent as it would be permissible under HIPAA (42 CFR § 3.206(b)(6)(ii)).
  • 22. PSQIA, 42 U.S.C. § 299b-22(c)(2)(D). Note: any person permitted to receive patient safety work product pursuant to this exception may only further disclose such work product for the purpose of evaluating the quality, safety, or effectiveness of that product or activity to another such person or the disclosing provider (42 CFR § 3.206(b)(7)(ii)).
  • 23. PSQIA, 42 U.S.C. § 299b-22(c)(2)(E). Note: an accrediting body may not further disclose patient safety work product it receives pursuant to this exception (42 CFR § 3.206(b)(8)(ii), and may not take an accrediting action against a provider based on good faith participation of the provider in the collection, development, reporting or maintenance of patient safety work product in accordance with these rules nor require a provider to reveal its communications with any PSO (42 CFR § 3.206(b)(8)(iii)).
  • 24. 42 CFR § 3.206(b)(9)(i).  Note: such contractors may not further disclose patient safety work product except to the entity from which they received the information.
  • 25. PSQIA, 42 U.S.C. § 299b-22(c)(2)(F).
  • 26. PSQIA, 42 U.S.C. § 299b-22(c)(2)(G). Note: law enforcement personnel receiving work product pursuant to this exception may only disclose such work product to other law enforcement authorities as needed for law enforcement activities related to the event that gave rise to the initial disclosure (42 CFR § 3.206(b)(10)(ii).
  • 27. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(i).
  • 28. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(ii).
  • 29. Note: this is referred to the “safe harbor” provision in the implementing regulations (42 CFR § 3.206(c)).
  • 30. 42 CFR § 3.102(c)(3)(i).
  • 31. 42 CFR § 3.102(c)(3)(ii).
  • 32. PSQIA, 42 U.S.C. § 299b-22(d)(1).
  • 33. PSQIA, 42 U.S.C. § 299b-22(d)(2)(A).
  • 34. PSQIA, 42 U.S.C. § 299b-22(d)(2)(B).
  • 35. 42 CFR § 3.504(a).
  • 36. 42 CFR § 3.504, et. seq.
  • 37. 42 CFR § 3.542(a).
  • 38. 42 CFR § 3.504(a).
  • 39. 42 CFR § 3.504, et. seq.
  • 40. 42 CFR § 3.542(a).
  • 41. 42 CFR § 3.542(b).
  • 42. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.
  • 43. 42 CFR § 3.408.
  • 44. 42 CFR § 3.408.
  • 45. 42 CFR § 3.426.
  • 46. 42 CFR § 3.204(c); 42 CFR § 3.206(d).
  • 47. 42 CFR § 3.312(c)(2).
  • 48. PSQIA, 42 U.S.C. § 299b-22(c)(2)(A).
  • 49. 42 CFR § 3.206(b)(4)(i).
  • 50. 42 CFR § 3.206(b)(4)(ii).
  • 51. 42 CFR § 3.206(b)(4)(iii).
  • 52. Direct identifiers are listed in 42 CFR § 3.206(b)(4)(iv)(A)
  • 53. 42 CFR § 3.206(b)(4)(iv)(A).
  • 54. Listed at 45 CFR 164.514(e)(2).
  • 55. 42 CFR § 3.206(b)(4)(iv)(B).
  • 56. PSQIA, 42 U.S.C. § 299b-22(c)(2)(B).
  • 57. PSQIA, 42 U.S.C. § 299b-22(c)(2)(C).  Note: if work product disclosed for research is by a HIPAA-covered entity (defined at 45 CFR 160.103) and contains HIPAA-defined protected health information (defined at 45 CFR 160.103), disclosure is only permissible to the same extent as it would be permissible under HIPAA (42 CFR § 3.206(b)(6)(ii)).
  • 58. PSQIA, 42 U.S.C. § 299b-22(c)(2)(D). Note: any person permitted to receive patient safety work product pursuant to this exception may only further disclose such work product for the purpose of evaluating the quality, safety, or effectiveness of that product or activity to another such person or the disclosing provider (42 CFR § 3.206(b)(7)(ii)).
  • 59. PSQIA, 42 U.S.C. § 299b-22(c)(2)(E). Note: an accrediting body may not further disclose patient safety work product it receives pursuant to this exception (42 CFR § 3.206(b)(8)(ii), and may not take an accrediting action against a provider based on good faith participation of the provider in the collection, development, reporting or maintenance of patient safety work product in accordance with these rules nor require a provider to reveal its communications with any PSO (42 CFR § 3.206(b)(8)(iii)).
  • 60. 42 CFR § 3.206(b)(9)(i).  Note: such contractors may not further disclose patient safety work product except to the entity from which they received the information.
  • 61. PSQIA, 42 U.S.C. § 299b-22(c)(2)(F).
  • 62. PSQIA, 42 U.S.C. § 299b-22(c)(2)(G). Note: law enforcement personnel receiving work product pursuant to this exception may only disclose such work product to other law enforcement authorities as needed for law enforcement activities related to the event that gave rise to the initial disclosure (42 CFR § 3.206(b)(10)(ii).
  • 63. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(i).
  • 64. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(ii).
  • 65. 42 CFR § 3.504(a).
  • 66. 42 CFR § 3.504, et. seq.
  • 67. 42 CFR § 3.542(a).
  • 68. 42 CFR § 3.542(b).
  • 69. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.
  • 70. 42 CFR § 3.408.
  • 71. 42 CFR § 3.408.
  • 72. 42 CFR § 3.426.
  • 73. 42 CFR § 3.204(c); 42 CFR § 3.206(d).
  • 74. 42 CFR § 3.312(c)(2).
  • 75. PSQIA, 42 U.S.C. § 299b-22(c)(2)(A).
  • 76. 42 CFR § 3.206(b)(4)(i).
  • 77. 42 CFR § 3.206(b)(4)(ii).
  • 78. 42 CFR § 3.206(b)(4)(iii).
  • 79. Direct identifiers are listed in 42 CFR § 3.206(b)(4)(iv)(A)
  • 80. 42 CFR § 3.206(b)(4)(iv)(A).
  • 81. Listed at 45 CFR 164.514(e)(2).
  • 82. 42 CFR § 3.206(b)(4)(iv)(B).
  • 83. PSQIA, 42 U.S.C. § 299b-22(c)(2)(B).
  • 84. PSQIA, 42 U.S.C. § 299b-22(c)(2)(C).  Note: if work product disclosed for research is by a HIPAA-covered entity (defined at 45 CFR 160.103) and contains HIPAA-defined protected health information (defined at 45 CFR 160.103), disclosure is only permissible to the same extent as it would be permissible under HIPAA (42 CFR § 3.206(b)(6)(ii)).
  • 85. PSQIA, 42 U.S.C. § 299b-22(c)(2)(D). Note: any person permitted to receive patient safety work product pursuant to this exception may only further disclose such work product for the purpose of evaluating the quality, safety, or effectiveness of that product or activity to another such person or the disclosing provider (42 CFR § 3.206(b)(7)(ii)).
  • 86. PSQIA, 42 U.S.C. § 299b-22(c)(2)(E). Note: an accrediting body may not further disclose patient safety work product it receives pursuant to this exception (42 CFR § 3.206(b)(8)(ii), and may not take an accrediting action against a provider based on good faith participation of the provider in the collection, development, reporting or maintenance of patient safety work product in accordance with these rules nor require a provider to reveal its communications with any PSO (42 CFR § 3.206(b)(8)(iii)).
  • 87. 42 CFR § 3.206(b)(9)(i).  Note: such contractors may not further disclose patient safety work product except to the entity from which they received the information.
  • 88. PSQIA, 42 U.S.C. § 299b-22(c)(2)(F).
  • 89. PSQIA, 42 U.S.C. § 299b-22(c)(2)(G). Note: law enforcement personnel receiving work product pursuant to this exception may only disclose such work product to other law enforcement authorities as needed for law enforcement activities related to the event that gave rise to the initial disclosure (42 CFR § 3.206(b)(10)(ii).
  • 90. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(i).
  • 91. PSQIA, 42 U.S.C. § 299b-22(c)(2)(H)(ii).
  • 92. Note: this is referred to the “safe harbor” provision in the implementing regulations (42 CFR § 3.206(c)).
  • 93. 42 CFR § 3.102(c)(3)(i).
  • 94. 42 CFR § 3.102(c)(3)(ii).
  • 95. PSQIA, 42 U.S.C. § 299b-22(d)(1).
  • 96. PSQIA, 42 U.S.C. § 299b-22(d)(2)(A).
  • 97. PSQIA, 42 U.S.C. § 299b-22(d)(2)(B).
  • 98. 42 CFR § 3.504(a).
  • 99. 42 CFR § 3.504, et. seq.
  • 100. 42 CFR § 3.542(a).
  • 101. 42 CFR § 3.504(a).
  • 102. 42 CFR § 3.504, et. seq.
  • 103. 42 CFR § 3.542(a).
  • 104. 42 CFR § 3.542(b).
  • 105. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.
  • 106. 42 CFR § 3.504(a).
  • 107. 42 CFR § 3.504, et. seq.
  • 108. 42 CFR § 3.542(a).
  • 109. 42 CFR § 3.542(b).
  • 110. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.
  • 111. 42 CFR § 3.408.
  • 112. 42 CFR § 3.408.
  • 113. 42 CFR § 3.426.
  • 114. 42 CFR § 3.504(a).
  • 115. 42 CFR § 3.504, et. seq.
  • 116. 42 CFR § 3.542(a).
  • 117. 42 CFR § 3.542(b).
  • 118. 42 CFR § 3.542(c).  Note: good cause may include the presence in the record of identifiable patient safety work product.