The regulation implementing the Patient Safety and Quality Improvement Act of 2005 (PSQIA) was published on November 21, 2008, and became effective on January 19, 2009. View the Patient Safety Rule (42 C.F.R. Part 3).
PSQIA establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information called patient safety work product. Patient safety work product includes information collected and created during the reporting and analysis of patient safety events.
The confidentiality provisions will improve patient safety outcomes by creating an environment where providers may report and examine patient safety events without fear of increased liability risk. Greater reporting and analysis of patient safety events will yield increased data and better understanding of patient safety events.
OCR works in close collaboration with the Agency for Healthcare Research and Quality (AHRQ) which has responsibility for listing patient safety organizations (PSOs), the external experts established by the Patient Safety Act to collect and analyze patient safety information.
Source: http://www.hhs.gov/ocr/privacy/psa/understanding/index.html
Statute
The Patient Safety and Quality Improvement Act of 2005 (PSQIA) establishes a voluntary reporting system designed to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information, called patient safety work product. PSQIA authorizes HHS to impose civil money penalties for violations of patient safety confidentiality. PSQIA also authorizes the Agency for Healthcare Research and Quality (AHRQ) to list patient safety organizations (PSOs). PSOs are the external experts that collect and review patient safety information.
Implementing Regulations
The Patient Safety Rule implements select provisions of PSQIA.
Subpart C of the Patient Safety Rule establishes the confidentiality provisions and disclosure permissions for patient safety work product and the enforcement procedures for violations of confidentiality pursuant to section 922 of the statute. OCR enforces these confidentiality protections.
AHRQ lists patient safety organizations pursuant to section 924 of PSQIA and has responsibility for common formats and network of patient safety databases pursuant to section 923.
Source: http://www.hhs.gov/ocr/privacy/psa/regulation/index.html
The Patient Safety and Quality Improvement Act of 2005 (PSQIA) amends the Public Health Service Act (42 U.S.C. 299 et. seq.; P.L. 109-41) by inserting sections 921 through 926, 42 U.S.C. 299b-21 through 299b-26. View PSQIA.
OCR has responsibility for interpretation and implementation of the confidentiality protections and enforcement provisions in section 922. Learn more about the delegation of authority to OCR.
AHRQ has responsibility for listing of and outreach to patient safety organizations (PSOs) and the creation of a network of patient safety databases in sections 923, 924, and 925.
Section 921 defines key terms, including how information becomes patient safety work product.
Section 922 sets out the confidentiality and privilege protections for patient safety work product, how patient safety work product may be disclosed and the penalties for disclosures in violation of the protections.
Section 923 describes the network of patient safety databases.
Section 924 outlines the requirements and processes for listing and delisting of patient safety organizations.
Source: http://www.hhs.gov/ocr/privacy/psa/regulation/statute/index.html
The Patient Safety Rule, published in the Federal Register on November 21, 2008, effective on January 19, 2009, is codified at 42 C.F.R. Part 3 (73 FR 70732). The Patient Safety Rule implements select provisions of PSQIA.
OCR has responsibility for interpreting and implementing the confidentiality protections described in Subpart C and the enforcement provisions described in Subpart D.
AHRQ has responsibility for listing and delisting of patient safety organizations (PSOs) described in Subpart B. Subpart A defines essential terms, such as patient safety work product, patient safety evaluation system, and PSO.
Subpart B provides the requirements for listing PSOs. These entities offer their expert advice in analyzing the patient safety events and other information they collect or develop to provide feedback and recommendations to providers.
Subpart C describes the privilege and confidentiality protections that attach to patient safety work product and the exceptions to the protections.
Subpart D establishes a framework to enable HHS to monitor and ensure compliance with the confidentiality provisions, a process for imposing a civil money penalty for breach of the confidentiality provisions, and hearing procedures.
Source: http://www.hhs.gov/ocr/privacy/psa/regulation/rule/index.html
Enforcement of the confidentiality of
patient safety work product is crucial to maintaining an environment
for providers to discuss and analyze patient safety events, identify
causes and improve future outcomes. The enforcement provisions
are found at Subpart D of the Patient Safety Rule.
OCR seeks
voluntary compliance with the confidentiality provisions by
providers, patient safety organizations (PSOs) and responsible
persons that hold patient safety work product. OCR may conduct
compliance reviews and investigate complaints alleging that patient
safety work product has been disclosed in violation of the
confidentiality provisions. If OCR determines that a violation
has occurred, OCR may impose a civil money penalty of up to $11,000
per violation.
OCR provides technical assistance to persons
seeking to comply with the confidentiality provisions and public
information regarding the administration of the enforcement program.
Source: http://www.hhs.gov/ocr/privacy/psa/enforcement/index.html
The maximum civil money penalty that may be imposed for violation of the confidentiality provisions of the Patient Safety and Quality Improvement Rule increases to $11,000 on November 23, 2009.
On August 25, 2009, OCR issued a direct final rule adjusting for inflation the maximum civil money penalty amount for violations of the confidentiality provisions of the Patient Safety and Quality Improvement Act as required by the Federal Civil Penalties Inflation Adjustment Act of 1990. OCR received no adverse comments and, pursuant to the direct final rule, the increased maximum penalty is effective 90 days after publication of the direct final rule.
View the Patient Safety Rule Penalty Inflation Adjustment Direct Final Rule - 8/25/09.
Source: http://www.hhs.gov/ocr/privacy/psa/regulation/effectiveinflationadj.html