a.) WHAT INFORMATION IS PROTECTED?
The PSQIA defines patient safety work product (“PSWP”) as data, reports, records, memoranda, analyses, or statements2 that satisfy any of the following criteria:
- Could result in improved patient safety, health care quality, or health care outcomes, are assembled or developed by a provider for reporting to a patient safety organization and, are reported to a patient safety organization;3
- Could result in improved patient safety, health care quality, or health care outcomes, and are developed by a patient safety organization for the conduct of patient safety activities;4 or
- Identify or constitute deliberations or analysis of, or identify the fact of reporting to, a patient safety evaluation system.5
PSWP does not include a patient’s medical record, billing and discharge information, or any other original patient or provider record,6 nor does it include information that is collected, maintained, developed or existing separately from a patient safety evaluation system.7 Identifiable PSWP is limited8 to PSWP that contains HIPAA-type individually identifiable information,9 or that could identify any of the following entities:
- The provider that is the subject of the work product;10
- Any providers that participated in activities that are the subject of the work product;11
- An individual12 who reported information to a provider with the intent of having such information reported to a patient safety organization;13 or
- An individual who reported information directly to a patient safety organization.14
PSWP will be considered non-identifiable with respect to an identified provider or reporter under the following circumstances:
- An appropriate person, applying applicable principles and methods, documents a determination that the risk of the information being used by a recipient to identify a provider or reporter is very small;15 or
- Direct identifiers are removed;16 and the entity making the disclosure does not have actual knowledge that the information could be used in any way to identify the particular provider or reporter.17
A provider, PSO, or responsible person may assign a means of record identification to allow information made non-identifiable to be re-identified by such party, if the means of record identification is not capable of being translated to identify the provider or reporter,18 and the party does not otherwise use or disclose the means of record identification.19 PSWP is non-identifiable with respect to a particular patient only if the individually identifiable health information regarding the patient is de-identified in accordance with HIPAA.20
Footnotes
- 2. PSQIA, 42 U.S.C. § 299b-21(7)(A).
- 3. PSQIA, 42 U.S.C. § 299b-21(7)(A)(i)(I). Note: information that is not yet reported to a PSO, but is documented within the provider’s patient safety evaluation system and that will be reported to a PSO in the future is considered PSWP; providers may voluntarily remove information from such system prior to its reporting, at which point, the information would no longer be considered PSWP (42 CFR Part 3, p. 70733).
- 4. PSQIA, 42 U.S.C. § 299b-21(7)(A)(i)(II).
- 5. PSQIA, 42 U.S.C. § 299b-21(7)(A)(ii).
- 6. PSQIA, 42 U.S.C. § 299b-21(7)(B)(i).
- 7. PSQIA, 42 U.S.C. § 299b-21(7)(B)(ii). Note: just because such separate information is reported to a patient safety organization does not make the information PSWP by virtue of its reporting alone.
- 8. PSQIA, 42 U.S.C. § 299b-21(3).
- 9. PSQIA, 42 U.S.C. § 299b-21(2)(B).
- 10. PSQIA, 42 U.S.C. § 299b-21(2)(A).
- 11. PSQIA, 42 U.S.C. § 299b-21(2)(A).
- 12. PSQIA, 42 U.S.C. § 299b-21(2).
- 13. PSQIA, 42 U.S.C. § 299b-22(e)(1)(A).
- 14. PSQIA, 42 U.S.C. § 299b-22(e)(1)(B).
- 15. 42 CFR § 3.212(a)(1).
- 16. 42 CFR § 3.212(a)(2)(i).
- 17. 42 CFR § 3.212(a)(2)(ii).
- 18. 42 CFR § 3.212(a)(3)(i).
- 19. 42 CFR § 3.212(a)(3)(ii).
- 20. 42 CFR § 3.212(b). Note: The HIPAA standard and implementation specifications for de-identification are found at 45 CFR 164.514(a) through (c).
.png)