Your browser doesn't support JavaScript. Please upgrade to a modern browser or enable JavaScript in your existing browser.
U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | Información en español | E-mail UpdatesE-mail Updates
www.ahrq.gov

 Back to Patient Safety Organizations Home

Proposed Regulations for Patient Safety Organizations (PSOs) Audio Call Transcript

February 29, 2008

Operator:

Good day, ladies and gentlemen and thank you for standing by. Welcome to the audio conference on "Proposed Regulations for Patient Safety Organization (PSOs)". At this time, all participates are in a listen-only mode. Later, we will conduct a question-and-answer session and instructions will be given at that time. If anyone should require assistance during today's conference, please press "*" then "0" on your touch-tone telephone for operator assistance. As a reminder, today's presentation is being recorded.

I would now like to turn the conference over to your host, Mr. Howard Holland with AHRQ. Mr. Holland, please begin.

Howard Holland:

Thank you very much, Christopher. As he mentioned, I'm Howard Holland with the Agency, and it's my pleasure to serve as the moderator of today's call. In a few moments, I'll be introducing Dr. Carolyn Clancy who is the Director of the Agency for Health Care Research and Quality (AHRQ), and Ms. Susan McAndrew who's with the Office for Civil Rights (OCR), and is their Deputy Director of Health Information Privacy. They will make opening remarks, after which we will have the question and answer period.

Before that, however, I wanted to make a few administrative comments and to let you know a little bit about the call itself. We're proud to be able to join with OCR in conducting this call today, and are doing so to reflect our joint participation with them in key activities related to this regulation. The agency, AHRQ, has responsibility for developing the regulations regarding patient safety organizations. Our colleagues at OCR are responsible for the establishment and the enforcement of the confidentiality protections in the regulation; hence, we are joining together for this call today.

A few comments regarding resources that are available. As you may know, we have a Web site that has been set up specifically for information on patient safety organizations and the regulation, and that Web site address is http://pso.ahrq.gov. Among the things that you can find on the Web site, you will be able to download the entire Patient Safety Act and the Notice of Proposed Rulemaking (NPRM). We have on the Web site instructions that you can review on how to file comments. We also have a link on the site to the electronic portal so that you can file your comments electronically. In addition, you can also download a summary of the specific questions that are raised in the NPRM itself.

As we get into the call, I do want to mention a few things by way of caveats if you will. I want to alert you to remember that the entire NPRM is open to comment, not just those specific questions that are included in the preamble. Second, it's important for you to know that if you want your views to be considered, it's critical that you submit them in written form. To be fair, we can't consider verbal comments from this call, or other conversations that may go on about the regulation. If you want your comments to be considered, they must be sent in writing or sent via the electronic process that you can access on the PSO Web site.

Let me just say, too, that if there appears to be a discrepancy between what is said today on the call here, and what you see written in the NPRM, always rely on the NPRM. Any discrepancy in the way that we may use individual words is entirely unintentional, and you should refer, again, always to the NPRM.

With those administrative comments and caveats covered, I'd like to now introduce Dr. Carolyn Clancy who is the director here of the Agency for Health Care Research and Quality who will make some opening remarks. Carolyn?

Return to Top

Carolyn Clancy:

Thank you Howard. The Patient Safety and Quality Improvement Act has the potential to reduce a major barrier to the participation of clinicians in health care facilities with patient safety and quality improvement activities; that is, the risk of additional liability.

Rather than a patchwork of State-by-State protections, there will now be national uniform protections; that is, confidentiality and privilege for clinicians and entities performing patient safety activities. The Patient Safety and Quality Improvement Act also directs the Secretary of Health and Human Services to list or designate new entities known as Patient Safety Organizations or PSOs.

PSOs are expected to be organizations that have expertise in identifying risks and hazards in the delivery of patient care, determining the underlying causes, and implementing corrective and preventive strategies. At its very simplest level, there are two basic elements of this proposed rule: the establishment of and requirements for PSOs and the establishment and enforcement of the protections for the information. AHRQ has responsibility for establishing the criteria for the operation of PSOs, and the Office for Civil Rights, which is also part of the Department of Health and Human Services (HHS), actually will enforce any protections.

While my colleague, Sue McAndrew, can and will address the specifics of how health care providers obtain these protections, the big point I want to make, right at this moment, is that these two elements are linked.

So, I'm going to turn now to our next role with PSOs. First, PSOs can take a variety of forms. They can be established as components of health care systems or medical specialty societies, for example, and could be funded internally or by dues. Other PSOs may operate like consulting firms from whom health care providers will purchase their services. But, PSOs will not be federally funded or directed.

The Secretary is required to list PSOs that certify that they meet the statutory and regulatory criteria identified in the statute. We propose a streamlined process—a simple attestation. AHRQ will do spot checks to ensure compliance with the requirements and entities are subject to penalties for false statements. But, we will rely on the marketplace to assess each PSO's worth. We expect clinicians and other providers will carefully assess the capabilities of a PSO as they would with any consultant organization with whom they choose to work. Therefore, the NPRM, or proposed rule, emphasizes transparency and full disclosure of information so that health care providers will be able to know more about any individual PSO.

Because PSOs are a novel, new mechanism, we expect that we will all learn as we go. Therefore, AHRQ will emphasize technical assistance with a non-adversarial approach whenever possible to promote compliance by PSOs with the criteria they must meet. But, if a PSO does act in bad faith, the proposed rule gives us the authority to take action. AHRQ's part of this proposed rule imposes requirements only on PSOs. AHRQ does not, and will not, exercise regulatory authority over providers.

Turning, then, to health care providers reviewing this proposed rule. The NPRM, or proposed rule does not impose specific requirements on how providers must work with PSOs, but we do suggest best practices in some cases. And health care providers need to consider the implications of some of the restrictions or requirements of the statute. For example, the law requires that clinicians and other providers continue to meet their external reporting and accountability obligations under other laws or regulations. So, for those states that already have some sort of mandatory reporting requirements, they are not preempted by this law. This means the facilities cannot simply sweep all of their quality or patient safety activities into the processes by which that facility works with the PSO. Statutory requirements or restrictions of this proposed rule will necessitate complete independence and separation of certain activities and this may lead to some level of duplication at the facility level.

So, by way of being extremely concrete, a patient's medical record cannot by swept into a patient safety organization, because the only part of that record that could be swept in would be a copy of portions of that record. Patients retain all the rights to liability protections under malpractice laws that they have right now.

So, I encourage everyone to look not only at the specific provisions of the proposed rule, but also to assess the impact of the overarching framework of this proposed rule on your overall quality and patient safety activities.

Having wrestled with these questions for many months, I know this may not be easy to do, but I cannot emphasize how critical your input is.

So, with that very broad overview and introduction, I want to turn now to my good friend and colleague, Sue McAndrew, to address how these important protections will work and how her office will investigate and resolve allegations of inappropriate disclosures.

Thank you, Carolyn, and welcome everyone. I'm very happy to see such a turnout for this call and I know it reflects a strong interest in improving patient safety. I look forward to your questions today on the call, and certainly look forward to your comments on the rule making itself.

My office, the Health Information Privacy Division, and the Office for Civil Rights, as Howard and Carolyn mentioned, will have the lead role in defining the standards for all parties with regard to the confidentiality of the patient safety information, as well as for enforcing any violation of those confidentiality standards. We have the authority to investigate those violations and to impose civil monetary penalties where we find that the information has been misused.

Based on our years of experience with the HIPAA privacy rule, my office is well positioned both to address confidentiality of the information as well as to carry out the investigation and compliance activities that we have under this law.

Our goal in establishing the confidentiality standards was two-pronged. One was to ensure providers would have trust in the system, that the information would remain confidential and by keeping it confidential, as well as privileged, that they could share information and have robust participation in these patient safety exchanges without fear of additional liability. At the same time, we wanted to make sure that the information could flow as needed to address these patient safety events so that the solutions to these patient safety problems could be addressed promptly and more globally than they are today. And so, hopefully, in your comments, you will give us feedback on how well we have actually achieved this balance between accessibility of the data while ensuring strong confidentiality protection.

I know you are all probably anxious to get onto the questions. I just want to point out a couple of things with regards to the confidentiality standards, which may be somewhat new with respect to this statutory scheme. One is that the work product, the information that is protected under this law, remains protected even after it's been disclosed and so the recipient—in cases where the statute permits a disclosure, the recipient of that information takes the information, but is still subject to the same confidentiality protection that information had when it was held by the provider itself or the PSO. As Carolyn mentioned, the protections do not attach to the medical record or other normal business records. Those are not going to be classified—they cannot be classified as patient safety work product and they will remain subject to the protections of law as they exist now, but they can't be shielded under this law.

We are using the same enforcement scheme, basically, that my office uses in investigating potential violations of the HIPAA privacy rule. Again, there are a few differences. One is the civil monetary penalty (CMP), which is authorized under this act, and can be up to $10,000 per violation. There cannot be a duplicate violation, so that if an event, or a disclosure, violates both the HIPAA privacy rule and the Patient Safety Act, there will be one CMP under one or the other, but not both.

And I think with that, I will turn it back to Howard and get the Q&A rolling.

Return to Top

Howard Holland:

Thank you Sue and thank you Carolyn. We appreciate those introductory comments. And, yes, we do now want to move on to the questions and answers. And Christopher, our operator, is going to come back on the line and provide instructions on doing that.

Before he does so, we want to just, again, remind you about the Web site, which we'll do periodically throughout the call, and that's www.pso.ahrq.gov. And we do just want to say once again, as we will again later, that as important as the questions and answers are, and the conversation that we'll have here together, for your comments to be considered for the record, they must be submitted electronically or in writing. And instructions, again, on how to do that are available on the Web site.

Christopher, would you please take us through the instructions for how to pose questions?

Operator:

Thank you very much. Ladies and gentlemen, if you do have a question or comment at this time, please press the "1" key on your touch-tone telephone. If your question has been answered or you wish to remove yourself from the queue, please press the "#" key. If you are using a speakerphone, please lift your handset before asking your question.

Again, if you do have a question or comment, please press the "1" key on your touch-tone telephone at this time. We'll pause as we wait for participants to queue.

Our first question or comment is from Robert. Robert, your line is open.

Robert:

Yes, thank you. Will a transcript or audio recording of this conference and all the Q&As be available on the Web site?

Howard Holland:

Yes, Robert. This is Howard. That record will be made available and can be found on, again, the PSO Web site at the URL that we've been giving, and that record should be up on the Web site in approximately 2 weeks.

Robert:

Thank you.

Operator:

Thank you, sir. Once again, if you do have a question or comment at this time, please press the "1" key on your touch-tone telephone.

Our next question or comment is from the line of Mark. Mark, your line is open.

Mark:

Thank you. What do you see as the most important areas that you would like to receive comments or further questions about?

Carolyn Clancy:

I don't think that we have a particular preference. I certainly don't have any sense of priority areas. Because of the intersection that I described at a very high level, the fact that this provides a national set of protections, but it does not preempt existing State and other laws; I think this may be the most intricate for people to think through. But you will see, reading through the proposed rule, that we have articulated 47 questions, and I don't think that we have any favorites.

Susan McAndrew:

Yes, and those questions are separately summarized and are available in list form on the Web site, so we encourage anyone interested in submitting a formal comment to review those questions first, and that may provide you with a roadmap to areas where we are really looking for input. But, as was said originally, the whole rule is subject for comment, so we encourage comment on everything.

Howard Holland:

Does that address your question, Mark?

Mark:

Well, I was hoping for some relief on the 47, but it does answer the question.

Howard Holland:

Sorry we couldn't provide that. Thank you very much. Many of you were kind enough to send questions in advance that you submitted. And let me, as other questions may come in, pose one of those.

The question is as follows, and goes to the mission of patient safety organizations, would such organizations, that are PSOs, be required to create legally discrete, safety-only subsidiaries or is it acceptable to simply discuss how the furtherment of patient safety fits under the larger mission?

Carolyn Clancy:

Thank you for that question, because I think that this may be on many people's minds. The question raises an issue that many organizations may face: should an entity seek listing as a PSO in its entirety, that's all that the entity does, or should you create a component organization that focuses on patient safety to seek listing? And there are two aspects of the proposed rule you might want to consider in thinking about this decision. First, as the question points out, the statute requires that the mission and primary activity of the entity are to conduct activities that are to improve patient safety and the quality of health care delivery. The proposed rule requires a simple attestation that the organization meets the requirements. You are not required to justify your answer, but the proposed rule does state that AHRQ will conduct spot checks to ensure compliance at the statutory and regulatory requirements. A component organization may have less difficulty demonstrating that it meets the requirement, but depending on the nature of the overall organization, you may be confident that you can demonstrate that your organization can meet the mission and primary activity requirement. That's a very broad statement about the mission to improve quality and patient safety.

But there is also another aspect of the proposed rule that you might want to consider: whether the providers you hope to work with will be comfortable working with such a PSO. Providers may be likely to want their identifiable protected information closely held by the PSO with which they work. But the proposed rule proposes that HHS will not regulate. Repeat, will not regulate use of this protected information within an entity. Our intent here is to provide greater operational flexibility to PSOs. But entities that conduct an array of activities might raise concerns among providers regarding who has access to their information.

While you can obviously establish internal policies for which a provider's identifiable information will not be shared with staff without related job responsibilities, HHS will not enforce those policies.

In contrast, if the organization creates a component organization, providers will have the assurance that the component organization will maintain a firewall between itself and the parent organization so that sharing and use of their information will be limited. They will also know that they can file a complaint with HHS if they believe that there have been inappropriate disclosures of protected information.

Return to Top

Howard Holland:

Thank you, Carolyn. Christopher, I believe we have questions from callers on the line. Would you like to queue one up for us, please?

Operator:

Yes, sir. Our next question or comment is from the line of Donald. Your line is open.

Donald:

I have two comments. Number one, I'm on your Web site and I do not find a listing of the 47 questions. Number two, I'm almost blind from having read most of the 73 pages in the Federal Register, but I want to make a comment that I think that the approach to considering confidentiality and privilege for the investigation period before an incident is reported to the PSO is extremely important, because this is a never-never land right now, and it is unclear when and how we can protect the information that we gather in that investigation, especially during the investigation.

Carolyn Clancy:

Thank you for that comment. I would urge that you submit in writing—

Donald:

Yeah, we will.

Carolyn Clancy:

—so that we can take that into full consideration. We will double check the Web site. We would not have said it was up there if we weren't deeply believing that it was, but we'll double check and they will be up there.

Howard Holland:

This is Howard. As a quick interim step, see if you might be able to get to it by going to the left bar that's there on the Web site, and then click on the NPRM brick that you see there on the left hand as part of the navigation bar that's on the side.

Donald:

Right, I'm there. Ah, that does have the questions. That wasn't clear.

Howard Holland:

Okay.

Carolyn Clancy:

Thank you.

Donald:

Okay. Thank you.

Howard Holland:

We'll make an enhancement to the site, so that's a little bit more transparent.

Donald:

Thank you.

Howard Holland:

Will Christopher go to the next caller in the queue please.

Operator:

Yes, sir. Our next question or comment is from the line of Barbara. Your line is open. Barbara, your line is open. Barbara, please check your mute button. Okay, we can come back to Barbara.

Howard Holland:

Alrighty, we'll do that. As we do that, let me go to—

Operator:

I'm sorry. Barbara, your line is open.

Barbara:

Yes. Can you hear me?

Operator:

Yes, we can hear you now. Thank you.

Barbara:

Okay. My question—I'm with the College of Emergency Physicians, and my question was since you have thrown the field open to a fairly heterogeneous type of organization to be certified as a PSO, will there be any kind of uniform education provided so that all of these organizations are able to be somewhat standardized in the advice, guidance, and technical assistance they give?

Carolyn Clancy:

Barbara, this is Dr. Carolyn Clancy. Thank you for that question. Our intent is not to standardize, but to actually promote as much flexibility as possible. For example, emergency providers may have different needs than those, say, for example working in a nursing home. At the same time, though, because these are new entities, we're acutely aware of the need for technical assistance. The law authorizes AHRQ to provide such technical assistance and we very much look forward to doing so. That will include, but not necessarily be limited to, an annual meeting of PSOs.

Barbara:

Okay, thank you.

Howard Holland:

Christopher, the next caller in the queue, please?

Operator:

Yes, sir. Our next question or comment is from Ann. Ann, your line is open.

Ann:

Okay. Thank you very much. I need to preface my questions with the fact that I'm still kind of in the early stages of deciphering the Patient Safety and Quality Improvement Act in the proposed language. It's quite difficult reading I'm finding, but one of my questions is pretty simple and one I feel like I should already have figured out the answer to, but that is: Do PSOs already exist or are those something that this proposed rule is geared toward establishing?

Carolyn Clancy:

They are new, and it's actually, I don't think, an absurd question on the face of it at all. The specific legal definition of this entity of patient safety organization will not be in existence until this rule is finalized. Hence, the proposed rule for public comments that's open until April 14th. That said, there are organizations that will say that they are "patient safety organizations." I would think of them as lower case patient safety organizations, if that makes sense. There are lots of organizations now working on various aspects of patient safety, but they are not the equivalent of what is specified and clearly defined in this law.

Ann:

So, if we actually report data to them, we are not granted the legal protections talked about in this document?

Carolyn Clancy:

That is correct, unless they are listed by the secretary. Let me also say that one other area of confusion here relates to some State entities, but that would be governed by State law and not Federal law in this case. So, for example, I believe Pennsylvania has an entity where people can report near misses and potential errors anonymously. And I do believe that they call that a "patient safety organization", but that's not the equivalent of what's defined in, and provides access to all the legal protections as defined in this law.

Ann:

Okay. All right. The other thing I was wondering is in trying to wade through what is actually legally protected, it talks about "not requiring the transmission of every piece of paper." So I guess my question kind of dovetails with an earlier caller's question where he mentioned that it would be important for there to be legal protection for the background investigations that go on before something is reported to a PSO. So, I guess my question is if there's a background investigation, if we take reports from various different employees involved in an incident, I mean does every little word of every little report have to be transmitted to the PSO or is that what's actually being debated?

Susan McAndrew:

This is Sue McAndrew and I'll take that question. I think that is—I think you're right on both counts, and that is this is going to be a very important area for people to comment on formally in the NPRM, but it is one part of the statutory definition of what is protected information, and does cover the deliberations within a provider about a patient safety event usually in preparation for the reporting of that event to a PSO.

Ann:

Okay.

Susan McAndrew:

So, there is room within the statutory definition of these protections for information to be worked on and evaluated and collected and assembled within an entity prior to reporting it to a PSO. And what portion of that information eventually gets reported to a PSO is also going to be governed by what happens at the end of the evaluation, what your understanding and relationship is with the PSO in terms of how granular the information is that they're going to be getting, and certainly will also be driven to some extent, I would expect, by the development of the common formats in which these patient safety events will be funneled through these systems.

Ann:

Okay. Thank you.

Howard Holland:

Christopher, if you would please, at this point, begin just queueing up those questions that you have there, and bring in those callers online for us.

Operator:

Yes, sir. Our next question or comment is from the line of John. John, your line is open.

Jack:

Hi. This is Jack Kelly from Abington Memorial Hospital in Pennsylvania. And we're just wondering what the purpose of a PSO would be for a hospital that has a robust safety program internally, in a State that has a mandatory reporting through, what we call, the patient safety authority, and why would we want to have many PSOs as opposed to something more akin to the NASA/FAA national reporting safety organization?

Carolyn Clancy:

Well, one advantage of the current Federal law—but again, this is an area we would invite your comments on—is that a PSO with multiple clients has the ability to aggregate deidentified data and to report that to AHRQ so that the efforts learned by what happens or through collaboration or business arrangement between a PSO and one group of providers could actually by shared more broadly with others. The law specifically states that working with a PSO at all is voluntary, and that the data aggregation, if it is reported to AHRQ, we will be reporting the high level insights and lessons learned through our annual report to the congress on health care quality. So, that would be one advantage I think that the current State law—I mean the current Federal proposed "reg" offers, but I don't think I can necessarily answer that question for you, because I'm not an expert on State law in every State.

Jack:

Why did we choose this route rather than, again, the NASA/FAA model?

Carolyn Clancy:

Well, I would have to say that—I just want to clarify that this proposed "reg" is intended to implement the statute as passed by the congress. So, our job, per se, here is not to question the law passed by the Congress but to implement it to the very best of our ability.

Jack:

Thank you.

Operator:

Thank you. Our next question or comment is from the line of Richard. Richard, your line is open.

Richard:

Thank you. My question goes to the issue of certification of PSOs and your description of self-certification and the simple attestation form. Does the agency view the statute as requiring such an approach or is it possible to have an external independent organization certify these organizations based on the criteria in the statute?

Carolyn Clancy:

Because PSOs don't exist, and we are implementing the statute for the purposes of the proposed "reg"—and again, you are free and welcome and encouraged to submit these comments or questions in writing—we wanted to create or promote an environment in which these organizations would emerge and wanted to keep the entry bar pretty low, believing that the marketplace would work in this case. So, that was the reason for the approach that we took. We didn't want it to be incredibly difficult for PSOs to become established, because, as I said in my opening comments, there is no Federal funding for these activities. This is all going to be based on the value proposition that these PSOs can present to providers, so there's no funding or financing for doing this work. In essence, the bill removes an important barrier, but does not promote a business case or any specific financing for their work. Does that help?

Richard:

Yeah. Just to be clear—well, I should have said up front, I'm with NCQA, I want to be transparent.

Carolyn Clancy:

Thank you.

Richard:

But, the statute doesn't prohibit another approach, it's just the approach that you chose?

Carolyn Clancy:

Well, what we're putting out in the proposed rule is what we believed was the most effective way to implement the statute. Again, you are free to make any proposals, raise any concerns, and we will be reviewing it all in exhaustive detail.

Richard:

Thank you.

Howard Holland:

Christopher, we'll take the next caller in the queue.

Operator:

Yes, sir. Our next question or comment is from the line of Robert. Robert, your line is open.

Robert:

This is Robert Berney. I hope I'm the Robert you're talking about. A question; and I may not have thought deeply enough about this yet, how will the data get reported up to AHRQ? Are you going to have a prescribed format? Will you prescribe the analysis that should take place before it's reported; in other words, how these events will be analyzed in the field? And then the next step is how will this get then disseminated to health care organizations throughout the country?

Carolyn Clancy:

Thank you for that question, Robert. This is Dr. Carolyn Clancy again. It's nice to hear your voice.

Robert:

Thank you.

Carolyn Clancy:

It is, again, voluntary and up to a PSO or provider whether they're actually going to share the deidentified data for the purposes of aggregation. That said, I think anyone could imagine after about 10 seconds' reflection that if there weren't common definitions for some of the leading patient safety events, sharing these data would not be incredibly meaningful if everyone were using different definitions. The law provides the Secretary of Health and Human Services the authority to develop and disseminate common formats for these decisions. Dr. Bill Munier and his team have been hard at work on that for about 2-1/2 years, guided by a report from the Institute of Medicine that came out in late 2004. Dr. Munier, do you want to add anything to that definition?

William Munier:

No. I think that pretty much covers it. We will be coming out in the July/August timeframe with a first beta version of those common formats that will be guidance to PSOs that wish to use them.

Robert:

Thank you.

Howard Holland:

Christopher, we'll just continue to take the callers in the queue. Thank you.

Return to Top
Proceed to Next Section
Return to PSO Home Page

 

AHRQAdvancing Excellence in Health Care
AHRQ footer - print version only