Confidentiality, Patient Safety Work Product, and PSOs - PowerPoint PPT Presentation

About This Presentation

Confidentiality, Patient Safety Work Product, and PSOs


Confidentiality, Patient Safety Work Product, and PSOs AHRQ Annual Conference September 8, 2008 * Presentation Organization Patient Safety Act: A Brief Overview ... – PowerPoint PPT presentation

Number of Views:216
Avg rating:3.0/5.0
Slides: 23
Provided by: LouisAl7
Learn more at:


Transcript and Presenter's Notes

Title: Confidentiality, Patient Safety Work Product, and PSOs

Confidentiality, Patient Safety Work Product,
and PSOs
  • The Proposed Rule Implementing the Patient Safety
    and Quality Improvement Act of 2005

AHRQ Annual Conference September 8, 2008
Presentation Organization
  • Patient Safety Act A Brief Overview
    Larry Patton
  • Confidentiality Protections and their Enforcement
    Verne Rinker
  • Confidentiality Protections Provider
    Considerations Larry Patton

What is the Problem?
  • Providers fear that patient safety analyses
    could be used against them in court (malpractice)
    or in disciplinary proceedings
  • State peer review laws seldom permit large
    providers to undertake system-wide analyses
  • Inability to aggregate data undercuts efforts to
    improve patient safety only by looking at large
    numbers of events can patterns of system
    failures be identified

The Solution in the Act
  • Authorizes creation of Patient Safety
    Organizations (PSOs) -- entities with expertise
    in identifying, analyzing, correcting and
    preventing risks/harms to patient safety
  • Provides Federal confidentiality protections for
    these analyses and significantly limits their use
    in criminal, civil, and/or administrative
  • Requires PSOs to work with more than 1 provider
    to encourage PSOs to aggregate data across
    multiple providers

Patient Safety Act HHS Division of Authority
  • AHRQ Patient Safety Organizations
  • Subpart B Authority to implement PSO
    certification, listing, and revocation procedures
  • OCR Confidentiality Protections
  • Subparts C and D Establishment of
    confidentiality protections and process for
    enforcement authority extends to all holders of
    patient safety work product
  • Subpart A definitions are critical for
    understanding Subparts B, C, and D

Patient Safety ActKey Concepts
  • Patient Safety Work Product -- Term used by the
    statute to describe the class of information that
    is privileged and confidential.
  • Patient Safety Evaluation System means the
    collection, management, or analysis of
    information for reporting to or by a PSO.

Presentation Organization
  • Patient Safety Act A Brief Overview
    Larry Patton
  • Confidentiality Protections and their Enforcement
    Verne Rinker
  • Confidentiality Protections Provider
    Considerations Larry Patton

Confidentiality OCR Approach
  • Ensure strong protection of PSWP to encourage
    robust provider participation in reporting of
    medical errors, while not impeding needed
    communication and sharing of information/PSWP to
    achieve patient safety goals
  • Maximize provider discretion to disclose or not,
    allowing providers to establish stricter
  • Minimize complexity or disparity with HIPAA
    Privacy Rule

Patient Safety Work Product
  • PSWP is any data
  • Developed by a provider and reported to a PSO
  • Developed by a PSO for the conduct of patient
    safety activities, or
  • That identifies or constitutes deliberations of
    or the fact of reporting pursuant to a patient
    safety evaluation system
  • Original provider records (e.g., medical,
    billing) are not PSWP
  • Nonidentifiable PSWP is not confidential or

  • The statute provides federal confidentiality and
    privilege protections to patient safety work
    product (PSWP) and specifies when disclosures are
  • Confidentiality and privilege protections
    continue after disclosure, with limited
  • PSWP may contain protected health information
    (PHI) requiring covered providers to also comply
    with the HIPAA Privacy Rule requirements

Confidentiality Disclosure Permissions
  • Privilege and Confidentiality Exceptions
  • For use in a criminal proceeding
  • To obtain equitable relief for reporters
  • If authorized by identified providers
  • Nonidentifiable PSWP

Confidentiality Disclosure Permissions (contd)
  • Confidentiality Only Exceptions
  • For Patient Safety Activities (PSAs)
  • For research
  • To the FDA (regarding regulated products)
  • Voluntary disclosure to an accrediting body
  • For business operations as determined by the
  • For criminal law enforcement purposes (voluntary)
  • PSWP that does not include the assessment of
    quality of care or describe or pertain to actions
    / failures to act by an identifiable provider

Patient Safety Activities Disclosure
  • Core disclosure permission facilitates open,
    unfettered communication about patient safety
    events between providers and PSOs
  • Allows for aggregation of PSWP to identify
    patterns and trends and to facilitate creation of
    meaningful nonidentifiable PSWP for a national
    network of databases
  • Providers control the extent of disclosures they
    make to PSOs (and may be able, by contract, to
    limit redisclosures), which should ameliorate
    concerns by providers of wide-spread and
    uncontrolled dissemination of PSWP

  • Strong event-driven (complaints and compliance
    reviews) enforcement program coupled with
    voluntary compliance
  • Providers and PSOs have own incentives to not
    disclose impermissibly which align with
    enforcement goals and may keep the potential
    enforcement workload low
  • Enforcement discretion to make appropriate
    response to situations presented by these new
    program requirements
  • Reduce complexity of enforcement program by
    basing enforcement regulations on standards
    familiar to the provider community the HIPAA
    Enforcement Rule

Enforcement (contd)
  • Penalty for Violation A person who discloses
    identifiable PSWP in knowing or reckless
    violation of the confidentiality protections is
    subject to a civil money penalty (CMP) of up to
    10,000 per act
  • Disclosures by Agents Principals are liable for
    an agents violation acting within the scope of
    the agency
  • Prohibition on Dual Penalties CMPs may not be
    imposed under both the Patient Safety Act and
    HIPAA for a single act
  • OCR Access to PSWP for Enforcement PSWP must be
    disclosed to HHS for compliance and enforcement

Presentation Organization
  • Patient Safety Act A Brief Overview
    Larry Patton
  • Confidentiality Protections and their Enforcement
    Verne Rinker
  • Confidentiality Protections Provider
    Considerations Larry Patton

Confidentiality Protections Provider
  • The Patient Safety Acts confidentiality
    protections have the potential to significantly
    expand provider-based patient safety initiatives
  • Proposed rule would give a provider great
    flexibility on how to operate and develop a
    patient safety evaluation system to meet its
  • But providers need to take into account other
    elements of the statute

Confidentiality Protections Provider
  • Statute requires providers to continue to meet
    external reporting requirements with
    information that is not PSWP
  • Privilege protections not only limit access of
    others to your PSWP but limit your ability to use
    PSWP in civil, criminal, administrative, or
    disciplinary proceedings
  • Statute prohibits a provider from taking an
    adverse action against an individual based on the
    fact that the individual reported information in
    good faith
  • Statute seeks to foster a culture of safety

Confidentiality Protections Provider
  • A provider needs to carefully consider what
    information is appropriate to protect and what
    information should not be protected
  • For example
  • Is this information needed to meet external
    reporting, accountability requirements?
  • Will this information be needed to justify a
    disciplinary decision if challenged?

Confidentiality Protections Provider
  • When PSWP is held by an entity, the proposed rule
    would not hold entities liable for uses of PSWP
    within the legal entity (note component PSOs
    cannot share PSWP with rest of its parent
    organization except under certain circumstances)
  • This permits free flow of PSWP to those who need
    access within the provider
  • But any holder of PSWP including a providers
    employees can make disclosures of PSWP in
    conformity with the rule, without incurring a
    penalty under the rule

Confidentiality Protections Provider
  • Will your workforce be confident that PSWP will
    not influence privilege, disciplinary or similar
  • Issues to consider
  • - Separateness of PSWP from these other
    administrative processes
  • - Extent to which personnel participate in both
    review of PSWP and these other administrative

Confidentiality Protections A Final Reminder
  • If a provider is a covered entity as well as a
    holder of PSWP, it is NEVER sufficient to
    disclose information by simply looking at either
    HIPAA or the Patient Safety Act statute and rule.
  • A disclosure can only be made if it complies with
  • This has implications for informal case
    discussions that take place outside the legal
    entity of the provider

Write a Comment
User Comments (0)