U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | Información en español | E-mail UpdatesE-mail Updates
www.ahrq.gov
PSO Home Patient Safety Organizations Stethoscope

Patient Safety and Quality Improvement. Final Rule (Continued)

State health departments and state-created entities expressed concern about an outright prohibition on their being listed as PSOs, noting that the prohibition could disrupt effective patient safety initiatives now underway. A number of specific state-sanctioned patient safety initiatives were described in their submissions. Commenters pointed to the fact that state health departments have both regulatory and non-regulatory elements to their authority, have routinely demonstrated that they can effectively keep these elements separate, and thus, they saw no reason for the Department to doubt that state agencies could continue to do so effectively if they were permitted to operate PSOs.

Other commenters suggested extending the prohibition to other types of entities (such as purchasers of health care or agents of regulatory entities) and raised questions regarding the scope of the exclusion.

We received a significant number of comments in response to a specific question raised in the proposed rule whether the exclusion of regulatory entities should be extended to components of such organizations. Commenters that supported extension of the prohibition generally argued that the firewalls that the statute requires a component PSO to maintain between itself and its parent organization(s) could be circumvented, that the flexibility in the proposed rule to enable a component PSO to draw upon the expertise of its parent organization(s) would be inappropriate in this situation, and there was a significant possibility that such a parent organization could use its position of authority to attempt to coerce providers into reporting patient safety work product to its component PSO.

A majority of commenters, however, opposed expanding the exclusion to components of such regulatory organizations. They contend that the statutorily required separations between a component PSO and its parent organization(s) would provide adequate protection against improper access and adverse use of confidential patient safety work product by the excluded entities with which such a component PSO is affiliated. A number of commenters noted that an expansion of the exclusion to components of such entities would have unintended consequences. For example, an increasing number of medical specialty societies operate, or are in the process of developing, accreditation programs for their members in response to growing public and private sector pressure for quality improvement. These organizations see the creation of specialty-specific component PSOs as an important complement to their other quality improvement activities. Similarly, some commenters contend that widespread patient safety improvements require coordination and communication across the public and private sectors. These commenters argued that a broader exclusion could both disrupt existing, effective public sector patient safety initiatives and preclude opportunities for the public sector to play a meaningful role.

Many commenters that opposed extending the exclusion to component organizations nevertheless suggested additional restrictions to strengthen the separation of activities between component PSOs and these types of parent organizations. Their suggestions are discussed below with respect to § 3.102(c).

Final Rule: The Department considered whether to modify the attestation process either for initial or continued listing of PSOs or both but ultimately concluded that streamlined attestations should be retained for both. Given the voluntary, unfunded nature of this initiative and the centrality of the client-consultant paradigm of provider-PSO relationships, an approach that requires documentation and routine audits is likely to be costly and burdensome, both to entities seeking listing and the Department. More importantly, such an approach is unlikely to achieve its intended objective, for the reasons discussed below.

There are limitations of a documentation approach to ensuring the capabilities and compliance of PSOs with the requirements for listing, and such an approach is unlikely to yield the types of information that providers will need in selecting a PSO. Consider, for example, two of these requirements: the criterion that requires that a PSO have qualified staff, including licensed or certified medical professionals, and the patient safety activity that requires the provision of feedback to participants in a (provider's) patient safety evaluation system. Documentation, through submission of resumes or summaries of the credentials of professional staff, can demonstrate that the PSO meets the statutory requirement. What each provider really needs to assess, however, is whether the skill sets of the professional staff employed by or under contract to the PSO are an appropriate match for the specific tasks that led the provider to seek a PSO's assistance. Depending upon the analytic tasks, a provider may need expertise that is setting-specific, e.g., nursing homes versus acute care settings, technology-specific, specialty-specific, or, may require expertise outside the traditional scope of health care. Thus, there is not a single template against which the expertise of a PSO's professional staff can be judged. In addition, we anticipate that PSOs seeking additional clients (providers) will post on their Web sites, or otherwise advertise, the names and qualifications of their top staff experts and consultants. Their Web site locations will be on the AHRQ PSO Web site.

Similarly, documentation can demonstrate that a PSO has provided feedback to participants in a provider's patient safety evaluation system and thereby met the statutory requirement. But the most relevant questions are whether the feedback reflected a valid analysis of the provider's patient safety work product and existing scientific knowledge, and whether the feedback was framed in ways that made it understandable, "actionable," and appropriate to the nature of the provider's operation. The answers to these questions cannot be assessed by the Department readily through the listing process.

As a result, in many cases, the provider-client, rather than the Department, will be better able to determine whether the outcomes of a PSO's conduct of patient safety activities meet its needs in a meaningful way. The Department believes that providers, especially institutional providers, will have access to the expertise to make them especially sophisticated customers for PSO services. Providers are likely to assess very carefully the capabilities of a PSO and will be in a position to request appropriate documentation, if necessary, to assess a PSO's ability to meet their specific requirements. Therefore, the Department does not see a compelling public policy rationale for substituting its judgment for that of a provider. Providers can demand references and evidence of relevant accomplishments, and effectively evaluate the adequacy and suitability of a PSO's expertise and experience. In summary, a listing process that imposes documentation and audit requirements on each PSO will impose a significant burden on all parties, but yield only marginally useful information to prospective clients.

Accordingly, we believe the approach outlined in the proposed rule offers a more efficient and effective approach. The approach does include authority for spot-checking compliance outlined in § 3.110, responding to complaints or concerns, and enabling the Secretary, in making listing decisions (see § 3.104(b)), to take into consideration the history of an entity and its key officials and senior managers. This approach will be buttressed with a program of technical assistance for PSOs administered by AHRQ. In addition, the final rule incorporates a new expedited revocation process that can be used when the Secretary determines that there would be serious adverse consequences if a PSO were to remain listed. False statements contained in a PSO's submitted certifications can result in a loss of listing or other possible penalties under other laws.

For convenience and clarity, we have restructured § 3.102(a)(1) to provide a unified list of the certifications and information that an entity must submit for listing as a PSO. Sections 3.102(a)(1)(i) through 3.102(a)(1)(vii) set forth and cross-reference the requirements of the final rule. Two of these requirements are new. Section 3.102(a)(1)(iv) cross-references the additional requirements in § 3.102(c)(1)(ii) that components of entities that are excluded from listing must meet in order for such components to be listed. Section 3.102(a)(1)(v) incorporates our proposal, for which comments were supportive, to require disclosure to the Secretary if the entity seeking listing (under its current name or another) has ever been denied listing or delisted or if the officials or senior managers of the entity now seeking listing have held comparable positions in a PSO that the Secretary delisted or refused to list.

We have not adopted recommendations that we require explanations for the historical situations encompassed by § 3.102(a)(1)(v). Instead, we require that the name(s) of any delisted PSO or of any entity that was denied listing be included with the certifications. The Department can then search its records for background information. In response to concerns regarding public disclosure of the names of the officials or senior managers that would trigger the notification requirement, we do not require submission of the names of the individuals with the certifications. With respect to the workforce of the entity, we note that we have narrowed the requirement in two ways. First, we have narrowed the focus from "any" employee to officials and senior managers. Second, the requirement to disclose only applies when officials or senior managers of the entity seeking listing also held comparable positions of responsibility in the entity that was delisted or refused listing.

Restructured § 3.102(a)(2) retains the statutory exclusion from listing of health insurance issuers and components of health insurance issuers in subparagraph (i). For greater clarity, we have restated the exclusion to reflect the rule's definition of component so it now references: a health insurance issuer; a unit or division of a health insurance issuer; or an entity that is owned, managed, or controlled by a health insurance issuer. New subparagraph (ii) modifies and restates the exclusion from listing of any entity that: (1) accredits or licenses health care providers; (2) oversees or enforces statutory or regulatory requirements governing the delivery of health care services; (3) acts as an agent of a regulatory entity by assisting in the conduct of that entity's oversight or enforcement responsibilities vis-a-vis the delivery of health care services; or (4) operates a Federal, State, local or Tribal patient safety reporting system to which health care providers (other than members of the entity's workforce or health care providers holding privileges with the entity) are required to report information by law or regulation.

In reviewing the comments on the proposed regulatory exclusion, we did not find the arguments for narrowing the prohibition compelling. Almost every provider group expressed concern regarding the possible operation of PSOs by entities that accredit or license providers as well as possible operation of PSOs by regulatory entities. We share their concerns that entities with the potential to compel or penalize provider behavior cannot create the "culture of safety" (which emphasizes communication and cooperation rather than a culture of blame and punishment) that is envisioned by the statute.

We also concluded that it is difficult to draw a "bright-line" distinction between voluntary and mandatory accreditation as several of the commenters from accreditation organizations proposed. While most accreditation is technically voluntary from the standpoint of many accreditation entities, its mandatory aspect generally derives from requirements established by, or its use by, other entities such as payers. Thus, if we were to incorporate such a distinction that permitted the listing of organizations that provide voluntary accreditation today, its voluntary nature could disappear over time if other organizations mandated use of its accreditation services. Thus, a listed PSO might need to be delisted at some point in the future solely because of the actions of a third party mandating that organization's accreditation as a requirement. Therefore, we have retained the prohibition on accreditation and licensure entities and have not incorporated any distinctions regarding voluntary versus mandatory accreditation in the final rule. We have reformulated the exclusion and no longer include accreditation or licensure activities as examples of regulatory activities.

Similarly, we have retained the broad exclusion from listing of regulatory entities, by which we mean public or private entities that oversee or enforce statutory or regulatory requirements governing the delivery of health care services. Their defining characteristic is that these entities have the authority to discipline institutional or individual providers for the failure to comply with statutory or regulatory requirements, by withholding, limiting, or revoking authority to deliver health care services, by denying payment for such services, or through fines or other sanctions.

We consider entities with a mix of regulatory and non-regulatory authority and activities also to be appropriately excluded from being listed. We acknowledge that health departments and other entities with regulatory authority may undertake a mix of regulatory and non-regulatory functions. It may also be true, as several comments reflected, that state health departments have experience, and a track record, for maintaining information separately and securely from the regulatory portions of their operations when necessary. However, we note that the final rule retains the proposed approach not to regulate uses of patient safety work product within a PSO. However, the final rule retains the ability of a state health department to establish a component organization that could seek listing as a PSO, subject to the additional restrictions discussed in § 3.102(c) below. The benefit of this approach is that providers will have the reassurance that the penalties under the Patient Safety Act and the final rule will apply to any impermissible disclosures of patient safety work product from such a PSO to the rest of the state health department.

We have not included the proposal of several commenters to exclude purchasers of health care from becoming PSOs. Commenters did not suggest a compelling public policy case for the exclusion of any particular type of purchasers. Given the vagueness and potential scope of such a prohibition, the potential for unintended consequences is simply too great to warrant its inclusion. For example, health care institutions in their role as employers can also be considered purchasers of health care.

We have incorporated two additional exclusions. First, based upon recommendation from commenters, we exclude from listing entities that serve as the agents of a regulatory entity, e.g. by conducting site visits or investigations for the regulatory entity. While we understand that such agents generally do not take action directly against providers, their findings or recommendations serve as the basis for potential punitive actions against providers. As a result, we believe that the rationale we outlined in the proposed rule regarding the exclusion of regulatory bodies is also applicable to agents of regulatory entities helping to carry out these regulatory functions.

Second, as we considered comments seeking clarification on the eligibility of entities that operate certain mandatory or voluntary patient safety reporting systems to seek listing as PSOs, we concluded that mandatory systems, to which some or all health care providers are required by law or regulation to report patient safety information to a designated entity, were inconsistent with the voluntary nature of the activities which the Patient Safety Act sought to foster. However, this exclusion does not apply to mandatory reporting systems operated by Federal, State, local or Tribal entities if the reporting requirements only affect their own workforce as defined in § 3.20 and health care providers holding privileges with the entity. The exception is intended to apply to Federal, State, local or Tribal health care facilities in which the reporting requirement applies only to its workforce and health care providers holding privileges with the facility or health care system. This exception ensures that, with respect to eligibility for listing as a PSO, entities that administer an internal patient safety reporting system within a public or private section health care facility or health care system are treated comparably under the rule and would be eligible to seek listing as a PSO.

The final rule retains the ability of components of the four categories of excluded entities in § 3.102(a)(2)(ii) to seek listing as a component PSO. After careful review, the Department concluded that there was a significant degree of congruence in the concerns expressed by both proponents and opponents of extending the exclusion to such components. The opponents of extending the exclusion routinely suggested that the Department address their core concerns by adopting additional protections, rather than the blunt tool of a broader exclusion. We have adopted this approach, and we have incorporated in § 3.102(c) additional requirements and limitations for components of excluded entities.

In addition, we have incorporated a new requirement in § 3.102 (a)(3) that submissions for continued listing must be received by the Secretary no later than 75 days before the expiration of a PSO's three-year period of listing. This requirement derives from our concern for protecting providers if a PSO decides not to seek continued listing and simply lets its certifications expire at the end of a three-year period of listing. To preclude an inadvertent lapse, the proposed rule included a provision to send PSOs a notice of imminent expiration shortly before the end of its period of listing and sought comment on posting that notice publicly so that providers reporting patient safety work product could take appropriate action. Section 3.104(e)(2) states that the Secretary will send a notice of imminent expiration to a PSO at least 60 days before its last day of listing if certifications for continued listing have not been received. However, the failure of the Secretary to send this notice does not relieve the PSO of its responsibilities regarding continued listing. The requirement to submit certifications 75 days in advance is intended to ensure that such a notice is not sent or publicly posted until after the submissions are expected by the Department.

Response to Other Public Comments

Comment: One commenter urged the Secretary not to require organizations to have specific infrastructure and technology in place before they could be listed.

Response: The Department has not proposed any specific infrastructure or technology requirements. However, the statute and the final rule require a PSO at initial listing to certify that it has policies and procedures in place to ensure the security of patient safety work product. The final rule requires that those policies and procedures be consistent with the framework established by § 3.106. The Department interprets the statute to require a listed PSO to be able to provide security for patient safety work product during its entire period of listing, which includes its first day of listing.

Comment: Two commenters agreed that PSOs should be encouraged, but not required, to post on their Web sites narrative statements regarding their capabilities.

Response: The Department continues to encourage PSOs to develop and post such narrative statements.

Comment: One commenter suggested that the listing process should include an opportunity for the Secretary to receive public comment before making a listing decision, especially in the case of continued listing, when providers may want to share their experiences with the Secretary regarding a specific PSO.

Response: While we expect customer satisfaction evaluations of PSOs will develop naturally in the private sector, the Department has not incorporated this recommendation in the listing process. If a provider or any individual believes that a PSO's performance is not in compliance with the requirements of the rule, this concern can be communicated to AHRQ at any time. Improper disclosures may also be reported to the Office for Civil Rights in accordance with Subpart D. Incorporation of a public consultation process poses a number of implementation issues. For example, it could potentially delay a time sensitive Secretarial determination regarding continued listing (which must be made before expiration of a PSO's current period of listing) and could require the Department to assess the validity of each specific complaint, e.g., the extent to which dissatisfaction with an analysis reflects the competence with which it was performed or a lack of precision in the assignment to the PSO.

Comment: One commenter suggested that state-sanctioned patient safety organizations should be deemed to meet the requirements for listing.

Response: The Department does not believe that the Patient Safety Act gives the Secretary authority to delegate listing decisions to states. Moreover, the statute establishes the requirements that an entity must meet for listing as a PSO; automatically deeming state-sanctioned organizations to be PSOs would inappropriately override federal statutory requirements and mandate the Secretary to list PSOs that may not be in compliance with all the statutory requirements. Accordingly, the final rule does not include such a provision.

Comment: Several commenters asked if the exclusion on health insurance issuers precludes a self-insured entity from seeking listing.

Response: The Department has examined this issue and concluded that the exclusion of health insurance issuers does not apply to self-insured organizations that provide health benefit plans to their employees. The statutory exclusion contained in section 924(b)(1)(D) of the Public Health Service Act incorporates by reference the definition of health insurance issuer in section 2971 of the Public Health Service Act and that definition explicitly excludes health benefit plans that a health care provider organization offers to its employees.

Comment: Several commenters inquired whether organizations that provide professional liability insurance coverage (also referred to as medical liability insurance or malpractice liability insurance) for health care providers are covered by the health insurance issuer exclusion. The commenters uniformly argued that the exclusion should not apply. Several commenters noted their intent to have their "captive" liability insurer seek listing as a PSO. Another commenter sought assurances that if a captive liability insurer sought listing as a PSO, the PSO would not be considered a component of the provider organizations that owned the liability insurer.

Response: The Department notes that there is some ambiguity in the statutory language but concludes that the health insurance issuer exclusion does not apply to such organizations.

While the health insurance issuer exclusion does not apply, the Department notes that the statute and the final rule require that an entity seeking listing must attest that its mission and primary activity is the improvement of patient safety. That test is readily met when an organization, such as a captive liability insurer, creates a component organization since the creation of a distinct new entity can be established in a manner that clearly addresses and meets the "primary activity" criterion. The Department has the authority to review all applications, including those from organizations with multiple activities, and to look behind the attestations to determine whether the applicant meets the "primary activity" criterion.

We note that a captive entity meets the definition of a component organization in this rule. Therefore, if the captive organization is eligible for listing because it meets the "primary activity" criterion, it must seek listing as a component organization and clearly would be subject to the requirements on component PSOs. If the captive organization does not meet the primary activity criterion for listing, it is free to create a component organization to seek listing. Once again, however, the additional requirements for a component PSO apply.

Comment: Several commenters asked whether the health insurance issuer exclusion prevents a health system that has subsidiaries that include providers and a health insurance issuer, from establishing a component organization to seek listing as a PSO.

Response: As described by several commenters, the PSO and the health insurance issuer would be affiliates in a "brother-sister" relationship within the parent organization. As long as the health insurance issuer does not have the authority to control or manage the PSO, the health system is not precluded from having both a health insurance issuer subsidiary and a component PSO.

Comment: Several commenters raised questions from different perspectives regarding situations in which providers might be required to report data to a PSO. Some commenters suggested that the final rule should prohibit a facility or health care delivery system from requiring individual clinicians (who are employed, under contract, or have privileges at the facility or within the system) to report data to a specific PSO. Others raised questions regarding the eligibility for listing of existing Federal, state, local or Tribal patient safety reporting systems that are administered by an entity without regulatory authority.

Response: While the Patient Safety Act does not require any provider to report data to a PSO, the statute is silent on whether others (such as institutional providers or other public entities) can impose such requirements on providers. The Department makes a distinction based upon the source of reporting requirements and the extent to which the requirement can be viewed as consistent with the statutory goal of fostering a "culture of safety." Thus, the Department has declined to include in the final rule any restriction on the ability of a multi-facility health care system to require its facilities to report to a designated PSO or of a provider practice, facility, or health care system to require reporting data to a designated PSO by those providing health care services under its aegis, whether as employees, contractors, or providers who have been granted privileges to practice. A patient safety event reporting requirement as a condition of employment or practice can be consistent with the statutory goal of encouraging institutional or organizational providers to develop a protected confidential sphere for examination of patient safety issues. While an employer may require its providers to make reports through its patient safety evaluation system, section 922(e)(1)(B) prohibits an employer from taking an adverse employment action against an individual based upon the individual's reporting information in good faith directly to a PSO.

By contrast, the Department views mandatory reporting requirements that are applicable to providers that are not workforce members and that are based in law or regulation, regardless of whether the specific data collected by these systems is anonymous or identifiable, as incompatible with the intent of the Patient Safety Act to foster voluntary patient safety reporting activities. In these situations, provider failure to make legally required reports can potentially result in a loss of individual or institutional licensure and the ability to practice or deliver health care services. Accordingly, we have added to the list of entities excluded from listing in § 3.102(b)(2)(ii) entities that administer such mandatory patient safety reporting systems.

A voluntary Federal, state, local, or Tribal patient safety reporting system can seek listing as a PSO. This means that the entity administering the reporting system does not have statutory or regulatory authority to require providers to submit data to the administering organization, and that organization is not required by statute or regulation to make the collected identifiable data available in ways that would be incompatible with the limitations on disclosure discussed in Subpart C.

Comment: Two commenters addressed the issue of whether Quality Improvement Organizations (QIOs), which are organizations that have contracts with Medicare and often with other payers or purchasers to review compliance with regulatory or contractual requirements and make reports that may adversely impact providers financially, can seek listing as PSOs.

Response: QIOs are precluded from seeking listing as PSOs. The final rule precludes agents of a regulatory entity from seeking listing and QIOs serve as agents of Medicare. Some QIOs also serve in similar capacities as agents of state regulatory bodies. As noted above, an agent of a regulator may create a component organization that would be eligible to seek listing as a PSO, provided such a component organization meets the additional requirements of § 3.102(c)(1)(ii).

Comment: Several commenters asked if the proposed exclusions of entities applied to State Boards of Health, programs offering providers certifications, and physician specialty boards.

Response: With respect to State Boards of Health, there are two issues regarding their potential ineligibility for becoming PSOs. The first, raised by the commenter, is whether these boards can be considered regulatory entities and in most cases they would be. While State Boards of Health provide leadership and policy coordination for state health policies, they generally have the power to oversee, enforce or administer regulations governing the delivery of health care services and would, therefore, be ineligible to be listed as a PSO. The second issue is whether such a board with its multiple responsibilities could attest that the conduct of activities to improve patient safety and health care quality is its primary activity.

With respect to entities that offer certifications, physician specialty boards, or similar activities, we would use a fact-based approach that assesses the activities in light of the exclusions in the rule at § 3.102(a)(2)(ii).

Comment: One commenter questioned whether the proposed requirement that a PSO notify the Secretary if it can no longer meet the requirements for listing essentially meant that the PSO was admitting a deficiency.

Response: We expect this requirement to operate prospectively so that the Secretary can evaluate whether the changed circumstances may still be cured. While it is possible that this requirement in some situations would be the equivalent of a PSO admitting a current, rather than prospective deficiency, we note two aspects of the process outlined here. First, the correction of deficiencies is not a punitive process. Second, the obligation to inform the Secretary of changes is a companion element to the Department's approach in listing entities based upon attestations.

Return to Table of Contents
Return to Previous Section
Continue to Next Section

 

AHRQAdvancing Excellence in Health Care
AHRQ footer - print version only