In an effort to respond to increasingly vocal patient safety concerns, the Department of Health and Human Services ("HHS"), pursuant to the Patient Safety and Quality Improvement Act of 2005, recently proposed to recognize a new type of organization called a "Patient Safety Organization" ("PSO") to collect and analyze patient safety events.
Healthcare providers permitted to report and who are afforded liability protections under the proposed rule include any individual or entity licensed or otherwise authorized by law to provide healthcare services, including hospitals, nursing homes, home health agencies, hospices, renal dialysis facilities, ambulatory surgical centers, pharmacies, physicians or healthcare practitioner's offices, laboratories, physician assistants, nurses, registered dietitians, therapists, and pharmacists. In addition, a healthcare provider's parent organization is also covered. A parent organization is broadly defined as an entity that owns a healthcare provider or a component thereof, or has the authority to control or manage agenda setting, project management, or day-to-day operations, or the authority to review and override decisions of a component organization. Presumably, this will include management companies within the definition of a healthcare provider.
PSOs will enter into agreements with providers to collect patient safety-related data in a standardized format to permit valid comparisons of similar providers and events. The patient safety related information to be collected is defined in the proposed rule as patient safety work product ("PSWP") and includes all data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements which (1) were assembled or developed by a provider for reporting to a PSO and are reported to a PSO; (2) were developed by a PSO for the conduct of patient safety activities, and which could improve patient safety, healthcare quality, or healthcare outcomes; or (3) identify or constitute the deliberations or analysis of, or identify that the data was reported to a PSO pursuant to a patient safety evaluation system. PSWP, however, does not include a patient's medical record, billing and discharge information, or any other original patient or provider information; nor does it include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system, even if the data is provided to the PSO. Under the proposed rule, disclosures of PSWP to accrediting bodies will not destroy the confidentiality protections afforded. However, accrediting bodies are prohibited from requiring disclosure of a provider's communications with a PSO and may not take an accrediting action against a provider based upon its participation in the collection, development, reporting or maintenance of PSWP.
PSWP is treated as privileged and generally may not be (1) disclosed or subject to a civil, criminal, or administrative subpoena or order, including in connection with an administrative disciplinary proceeding against a provider or the subject of discovery in connection with a civil, criminal, or administrative proceeding; (2) disclosed under the Freedom of Information Act or other similar federal, state, local, or tribal law; (3) admitted as evidence in any governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including a proceeding against a provider; or (4) admitted in a professional disciplinary proceeding. The PSWP, however, can be released for use in certain criminal proceedings if the PSWP contains evidence of a criminal act. Consequently, PSWP data and analysis can be shielded from third-party discovery. This protection will encourage reporting because only data actually reported is protected, and it will permit healthcare providers to engage in more rigorous analysis of patient safety-related events without fear that the PSWP will be subject to discovery in a subsequent tort claim or disciplinary proceeding. However, it must be remembered that underlying event information, such as a patient's medical record, is not generally protected as PSWP.
After collecting and analyzing the data, the Agency for Healthcare Research and Quality ("AHRQ") will publish information on national and regional statistics, including trends and patterns of patient safety events. It is hoped that the "lessons learned" from the events reported will be shared and utilized to establish best practices to help ensure patients receive safer healthcare.
The AHRQ will administer the rules for listing qualified PSOs. The HHS Office for Civil Rights, the agency responsible for enforcing the confidentiality provisions of HIPAA, will also enforce the PSO confidentiality provisions. Violations of the confidentiality provisions of the proposed rule will result in civil monetary penalties.
With the federal initiatives on transparency and reimbursement based upon quality, providers should follow these proposed regulations closely. A copy of the proposed rule is available online