U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | Información en español | E-mail UpdatesE-mail Updates
www.ahrq.gov
PSO Home Patient Safety Organizations Stethoscope

Patient Safety and Quality Improvement. Final Rule (Continued)

There was significant concern with the proposal to limit the sharing of employees between the parent organization(s) and the component PSO if the employee's work could be informed by knowledge of a provider's identifiable patient safety work product. Some commenters argued that the prohibition was too broad, that it should be narrowed, or that the standard was too vague and had the potential for creating confusion. A number of commenters recognized the merits of the intended prohibition but thought that the proposed rule's formulation was so vague that it might limit the ability of any physician in an academic health center to assist the component PSO if the physician supervised and evaluated interns and residents during their training, presuming this to be an unintended result.

Several alternative approaches were suggested, including: (1) limit the prohibition to staff in the parent organization who would use patient safety work product for non-patient safety activities; (2) obtain pledges by staff not to use patient safety work product for "facility administrative functions;" (3) limit the prohibition to persons with disciplinary/credentialing functions; (4) require management staff to sign agreements not to use patient safety work product in hiring/firing, credential/privilege decisions; and (5) permit shared staff for specific types of entities, such as state hospital associations, but not others.

Our proposal to provide a limited option for a component PSO to draw upon the expertise of its parent organization(s) to assist the PSO in carrying out patient safety activities was well received. Most commenters were supportive of the flexibility provided by this provision although one commenter suggested deleting it. Several commenters stressed that a "substantial firewall" should be maintained and that such contracting should only be allowed "for clearly defined and limited staff services." One commenter urged that such contracts or agreements should be submitted to the Secretary in advance so that they "can be scrutinized by HHS to assess whether confidentiality or privilege protections can practically remain intact."

In our discussion regarding entities excluded from listing in § 3.102(a)(2)(ii), we noted that a number of commenters that supported permitting components of such entities to seek listing, suggested, nevertheless, that we establish additional limitations and requirements. Their suggestions included requiring that such a component organization seeking listing must: specifically identify its parent organization as a regulator and specify the scope of the parent organization's regulatory authority; submit to the Secretary attestations from providers choosing to report to the PSO that they have been informed of the scope of regulatory authority of the parent organization; and provide assurances to the Secretary that the parent organization has no policies that compel providers to report patient safety work product to its component PSO. They also suggested such a PSO not be permitted to share staff with the parent organization and not be able to take advantage of the proposed limited provision that would permit a component PSO to contract with its parent organization for assistance in the review of patient safety work product.

The proposed rule did not propose an interpretation but sought comment on the circumstances under which the mission of a component PSO could create a conflict of interest for the rest of the parent organization(s) of which it is a part. The recommendations of commenters reflected a variety of perspectives: one view was that the rule should not adopt a general standard; a component organization should disclose what it believes may be its conflicts and that this disclosure should be deemed sufficient to have cured the conflict; another said the Department should undertake case-by-case analysis; and a third suggested the Department should adopt guidance, not regulatory language.

Another commenter wrote that there could be no conflict of interest if the parent organization is a provider; others suggested that certain types of parent organizations posed conflicts of interest, such as when the parent organization is an investor-owned hospital or if there are certain legal relationships which providers have with a parent organization or its subsidiaries. Similarly, one commenter suggested that not-for-profit status of a PSO should be an indicator that there is no conflict of interest. In a parallel vein, another commenter argued that if the PSO could use or sell its information for commercial gain, this was a conflict. This commenter also argued that if a PSO could be used to create an oasis solely for protection of information reported by the system that created it, this represented a conflict; the information held by a PSO must be made available at minimal or no cost for further aggregation. Another commenter suggested that a component PSO should never evaluate patient safety work product of an affiliated organization; if it does so, this creates a conflict-of-interest.

Finally, several commenters also suggested that there must be no conflict between patient safety work product and non-patient safety work product functions. A similar comment from another entity argued that a PSO must certify that members of the component PSO workforce are not engaged in work for the parent organization that conflicts with the mission of the PSO.

Final Rule: After careful consideration of the extensive number of comments received regarding component organizations, the Department has modified and restructured the text for § 3.102(c) in the following ways.

We have restructured § 3.102(c) into four separate paragraphs. New § 3.102(c)(1)(i) lists the provisions with which different component organizations must comply. This subparagraph sets forth the requirements that all component organizations must meet. The language of this subparagraph is retained from the proposed rule but includes a requirement that all component organizations must submit with their certifications contact information for their parent organization(s) and provide an update to the Secretary in a timely manner if the information changes. This requirement was proposed in the preamble but was not incorporated in the text of the proposed rule. Many of the commenters noted the importance to providers of having information regarding the parent organization of a component PSO and, therefore, we have incorporated the provision.

New § 3.102(c)(1)(ii) outlines the requirements for components of entities excluded from listing under § 3.102(a)(2)(ii) of this section. These components must meet the requirements for all component PSOs in § 3.102(c)(1)(i) as well as submit the additional certifications and information and adhere to the further limitations set forth in § 3.102(c)(4) that are discussed below.

New § 3.102(c)(2) restates the three additional statutory certifications that must be made by all component organizations seeking listing. We have deleted two requirements for component entities from the text of the proposed rule that were intended to interpret these statutory requirements: the requirement for separate information systems and the restriction on the use of shared staff. The final rule does not impose these proposed requirements on most component organizations. However, as discussed below regarding § 3.102(c)(4), we have retained the prohibition on shared staff only with respect to components of entities that are excluded from listing and, for such component PSOs, narrowed the circumstances when contracting with a parent organization is permissible only with respect to components of entities that are excluded from listing.

With respect to separate information systems, the Department has concluded, based upon the information that was included by commenters, that there are a number of cost-effective alternatives for achieving the statutory goal of separate maintenance of patient safety work product. Accordingly, we have included new language that requires a component PSO to ensure that the information system in which patient safety work product is maintained must not permit unauthorized access by any individuals in, or units of, the rest of the parent organization(s) of which it is a part.

Similarly, after careful consideration of the comments, we have eliminated the proposed restriction on the use of shared staff for most component PSOs. The Department has concluded that there are significant incentives for component PSOs and parent organizations to be very cautious in their use of shared personnel, protecting against inappropriate disclosures, and the disclosure of patient safety work product. A number of commenters appeared to appreciate the importance of maintaining separation between their patient safety activities and internal disciplinary, privileges, and credentialing decisions, which were the focus of our concern.

Our review has led us to conclude that the potential negative consequences for providers, independent of any fear of Department action, lessens the need for the rule to address this issue. For example, institutional providers are likely to find it difficult to develop robust reporting systems if the clinicians on their staff learn or even suspect that the same individuals involved in analysis of patient safety work product play key roles in administrative decisions that can lead to adverse personnel decisions. This may lead to decreased reporting of patient safety events. The suspicion of contamination between the processes could also provide a new basis for challenging adverse employment actions, which could require providers to prove that their actions were not influenced by inappropriate use of patient safety work product. Finally, there is the right of action that the statute grants to individual providers who believe and allege that their employer took an adverse employment action against them based upon their providing information to the employer's patient safety evaluation system for reporting to the PSO or based upon their providing information directly to the PSO. Given the importance to providers of maintaining protections for their work product, we conclude that it is unlikely that a parent organization will intentionally jeopardize those protections. Therefore, we have eliminated the proposed restriction on the use of shared staff, except for components of entities excluded from listing as discussed below regarding § 3.102(c)(4). In its place, we have restated the statutory requirement that the component organization (and its workforce and contractors) may not make unauthorized disclosures to the rest of the organization(s) of which the PSO is a part.

We have retained without change in § 3.102(c)(2)(iii) the proposed rule text prohibiting the pursuit of the mission of the PSO from creating a conflict of interest with the rest of the organization(s) of which it is a part. To the extent that individuals or units of the rest of the parent organization(s) have obligations and responsibilities that are inconsistent with the "culture of safety" that the statute seeks to foster, a component PSO could create a conflict of interest by sharing identifiable patient safety work product with them as shared staff or under a written agreement pursuant to § 3.102(c)(3), discussed below. On the other hand, the component PSO could draw upon the expertise of these same individuals in other capacities in which identifiable work product is not shared and, thereby, avoid creating conflicts of interest. Thus, we would interpret permitting the creation of conflicting situations for staff or units of the parent organization(s) as inconsistent with a component PSO's attestation.

Section 3.102(c)(3) retains without substantive change the provision in the proposed rule to enable a component PSO, within limits, to take advantage of the expertise of the rest of the organization of which it is part. In response to concerns expressed by some commenters, we stress the statutory requirement for the PSO to maintain patient safety work product separately from the rest of the organization. In such circumstances, it cannot be transferred to individuals or units of the rest of the organization except as permitted by the rule. As a practical matter, if the parent organization is a provider organization and the component PSO is evaluating the parent organization's data, the parent-provider is likely to have a copy of all of the data transmitted to the component PSO.

We do not dismiss the concerns of commenters that this contracting authority could be used inappropriately. We remind each component PSO that the statute requires it to maintain patient safety work product separately from the rest of the organization(s) of which the component PSO is a part and prohibits unauthorized disclosures to the rest of the organization(s) of which they are a part. Therefore, it may not be appropriate for its parent organization to serve as its main provider of analytic or data services if such arrangements would effectively confound statutory intent for a firewall between a component PSO and the rest of the organization(s) of which it is a part. The flexibility provided by the rule to use in-house expertise is intended to supplement, not replace, the PSO's authority to contract with external expert individuals and organizations.

Section 3.102(c)(4) incorporates new requirements, drawn from our review of public comments, that only apply to organizations that are components of entities excluded from listing under § 3.102(a)(2)(ii). Thus, these component organizations have three sets of requirements to meet: the 15 general certification requirements in §§ 3.102(b)(1) and 3.102(b)(2); the requirements that all component PSOs must meet in §§ 3.102(c)(1)(i) and 3.102(c)(2); and the requirements that are established by § 3.102(c)(4).

Section 3.102(c)(4) establishes a requirement for additional information and certifications that must be submitted with the component organization's certifications for listing and it establishes two additional restrictions with which a component organization must comply during its period of listing. The additional information and certifications require a component PSO of an entity described in § 3.102(a)(2)(ii) to:

1. Describe the parent organization's role, and the scope of the parent organization's authority, with respect to the activities which are the basis of the parent organization's exclusion from being listed under § 3.102(a)(2)(ii).

2. Certify that the parent organization has no policies or procedures that would require or induce providers to report patient safety work product to the component organization once it is listed as a PSO, and affirm that the component PSO will notify the Secretary if the parent organization takes any such actions during its period of listing. An example of an inducement would be if a parent organization that accredited or licensed providers awarded special scoring consideration to providers reporting to the parent organization's component PSO; additional scoring consideration for reporting to any PSO, by contrast, would not violate this restriction.

3. Certify that the component PSO will include information on its Web site and in any promotional materials for providers describing the activities which were the basis of the parent organization's exclusion under § 3.102(a)(2)(ii).

We have incorporated these additional requirements for information and attestations to address widespread concerns among commenters that an excluded parent organization might attempt to compel providers to report data to its component PSO and circumvent the firewalls for access to that data. These extra requirements for such component PSOs will strengthen transparency and the additional statements submitted with the component organization's certifications will be posted on the AHRQ PSO Web site along with all its other certifications. Our intent is to ensure that such a component organization's Web site and its promotional materials for providers will inform providers regarding the nature and role of its parent organization. The rule is emphatically clear that the Department will take prompt action to revoke and delist a component organization whose excluded parent organization attempts to compel providers to report data to its component PSO. New § 3.108(e)(1) lists specific circumstances, including this situation, in which revocation and delisting will take place on an expedited basis.

During its period of listing, the final rule also prohibits a PSO that is a component organization of an entity excluded from listing to share staff with the rest of the organization(s) of which it is a part. Such a component PSO may enter into contracts or written agreements with the rest of the organization(s) under the authority provided to all component PSOs by § 3.102(c)(3) but with one additional limitation. Such contracts or written agreements are limited to units or individuals of the parent organization(s) whose responsibilities do not involve the activities that are the basis of the parent organization's exclusion under § 3.102(a)(2)(ii). If the parent organization's sole activity is the reason for its exclusion, the component organization could never enter a contract or written agreement to have staff from the rest of the organization assist the PSO in carrying out patient safety activities. If the parent organization engages in a mix of activities, some of which are not a basis for exclusion from listing, the component organization will be able to take advantage of this contracting option, subject to our caveat above.

Response to Other Public Comments

Comment: One commenter asked us to confirm that component PSOs can maintain patient safety work product behind secure firewalls using existing information systems.

Response: The modifications we have adopted and discussed above means that the final rule permits this approach.

Comment: Several commenters suggested that it was unrealistic for the component PSO to maintain patient safety work product separately from its parent organization if the parent organization is a provider reporting data to the component PSO.

Response: The Patient Safety Act requires a component PSO maintain patient safety work product separately from the rest of the organization(s) of which it is a part; therefore, we cannot remove the restriction. While contracts between a PSO and a provider are likely to address the extent to which a provider has access to information held by a PSO, we caution contracting parties to be mindful of this statutory restriction in crafting their contracts. The requirement for separation does not mean that the component organization cannot share information with a parent organization but any sharing must be consistent with the permissible disclosures of this rule.

(D) Section 3.102(d) Required Notifications

(1) Section 3.102(d)(1)—Notification Regarding PSO Compliance With Minimum Contract Requirement

Proposed Rule: Section 3.102(d)(1) of the proposed rule would require PSOs to attest within every 24-month period, beginning with its initial date of listing, that the PSO has met the two-contract requirement. We proposed to require notification of the Secretary 45 days before the end of the applicable 24-month period. Early notification would enable the Department to meet another statutory requirement to provide PSOs with an opportunity to correct a deficiency. If the requirement is not yet met, this would enable the Secretary to establish an opportunity for correction that ends at midnight on the last day of the 24-month period.

Overview of Public Comments: The comments we received endorsed our proposed approach. One commenter suggested we should consider requiring notification 60 days in advance.

Final Rule: We expect that, in most circumstances, contracts will be the primary source of revenue for PSOs. In light of the fact that only two contracts are required, we do not anticipate that many PSOs will reach this point in their period of listing without meeting the requirement. We have not accepted the recommendation to require notification sooner. The Department adopts the provision as recommended in the proposed rule without modification.

(2) Section 3.102(d)(2)—Notification Regarding a PSO's Relationships With Its Contracting Providers

Proposed Rule: The proposed rule incorporated in § 3.102(d)(2) the statutory requirement that a PSO would make disclosures to the Secretary regarding its relationship(s) with any provider(s) with whom the PSO enters a contract pursuant to the Patient Safety Act (Patient Safety Act contract). The statute requires PSOs to disclose whether a PSO has any financial, contractual, or reporting relationships with this contracting provider and, if applicable, whether the PSO is not managed, controlled, or operated independently of this contracting provider.

The proposed rule noted that a PSO would need to make this assessment when it enters a contract with a provider and, if disclosures are required, submit a disclosure statement within 45 days of the effective date of the contract. If relationships arise during the contract period, submission would be required within 45 days of the date the relationships are established.

The proposed rule would have provided guidance on our interpretation of financial, contractual, and reporting relationships and emphasized that the statute required a PSO to "fully disclose" the relationships. We noted that disclosure would be required only when the PSO entered a Patient Safety Act contract with a provider and there were relationships that required disclosure. We also encouraged, but did not require, PSOs to list any agreements, stipulations, or procedural safeguards that might offset the influence of the provider and that might protect the ability of the PSO to operate independently.

Overview of Public Comments: Commenters expressed concern that the proposed rule was not sufficiently specific with respect to the required disclosure statements. They suggested that the emphasis in the proposed rule on the statutory requirement for full disclosure, without a corresponding discussion of the parameters for the contents and level of detail of the statements, raised the prospect that PSOs would feel compelled to develop disproportionately detailed information that might not be germane. One commenter suggested what was most important is awareness of the fundamental relationship(s) that exist, not the specific details, suggesting that if the provider in question is the parent entity of the PSO, it should be sufficient to know that the parent-provider is the source of financial support to the PSO, employs its workforce, and provides management to its activities.

In addition, there was concern that since the disclosure statements are going to be made public, detailed submissions regarding the financial and contractual obligations would make it difficult to maintain the confidentiality of potentially sensitive business information. Several commenters noted that it is not unusual for certain types of contractual work with commercially sensitive implications to include confidentiality agreements and one commenter suggested that the process permit a PSO to request that the Secretary not disclose specific information under certain circumstances.

A number of commenters expressed concern about the potential unintended consequences of disclosure, especially with respect to the identity of providers. One commenter raised concern that the requirement would lead to "differential" disclosure, by which the commenter meant that, of the total number of providers with which a PSO enters contracts, only those with other relationships would have their names disclosed and the other providers would not have their names made known through the proposed public release of disclosure statements by the Secretary.

Final Rule: After careful review of the comments, the Department has reconsidered its approach to this disclosure requirement and has made modifications to the text that are incorporated in the final rule. Based upon this review, we have shifted the emphasis of the term "fully disclose" from stressing the level of detail that a PSO must provide in describing each of the other types of relationships (listed below) that the PSO has with a contracting provider to an emphasis on requiring that the PSO disclose clearly and concisely every relationship that requires disclosure. This shift in emphasis remains consistent with our overall emphasis on transparency; without being burdensome, it enables both the Secretary and providers considering contracts with a PSO to request additional information regarding any relationships of concern. We have adopted a clearer and narrower interpretation of the disclosures of relationships that must be made in view of concerns expressed by commenters about the scope of the required reports. In response to requests for more guidance on the required submissions, this final rule calls for a two-part disclosure statement and describes what must be included in each part.

These modifications to the final rule reflect several considerations. The Department has concluded that the Patient Safety Act does not provide incentives for a provider to control or manipulate the findings of a PSO with respect to its own patient safety information. A PSO's conclusions and recommendations are patient safety work product and, whether the PSO is critical or complimentary of the provider or the provider agrees or disagrees with the PSO, the PSO analysis and guidance remains confidential and privileged under the Act, which means that there are constraints on the ability of a provider to disclose the PSO's conclusions and recommendations. Even when they can be disclosed, calling the public's attention to positive findings is likely to engender scrutiny of the extent to which the provider's relationship with its PSO is truly an arms-length relationship. In sum, providers have little to gain under the statute's framework from attempting to control or manipulate the analyses and findings of a PSO.

At the same time, the Department expects the statutory disclosure requirements, coupled with public release of disclosure statements and the Secretary's findings as provided by § 3.104(b), will provide important and useful information to providers seeking to contract with a PSO. As we pointed out in the proposed rule, a provider seeking to contract with a PSO will have its own standards for what other PSO relationships it considers to be acceptable. Therefore, the submission and public release of this information should improve the efficiency of the search process by providers.

In light of these considerations, the Department has determined that the most appropriate interpretation of the statutory requirement to "fully disclose" other relationships is to emphasize the need to require the disclosure of every pertinent relationship specified by the statute. Providers that are considering entering a contract with a PSO can determine for themselves if any disclosed relationships pose concerns. If so, they can then request further detailed information as they see fit. This approach has the further benefit of limiting the potential for inappropriate release of proprietary or commercial information, another matter of concern to commenters. The Department will protect confidential commercial information as permitted by the Freedom of Information Act and in accordance with 18 U.S.C. 1905.

Thus, in making his required determination, the Secretary will both give great weight to, and hold a PSO accountable for, its attestation that it will fully disclose all relationships required to be reported and whether the PSO's operations, management, and control are not independent of any provider with whom it has entered a Patient Safety Act contract. The Secretary retains the authority to require an entity to provide more detailed information if necessary to make his required determination under 42 U.S.C. 299b-24(c)(3) regarding the ability of the PSO to fairly and accurately perform its patient safety activities in light of any reported relationships.

The final rule retains the general framework of the proposed rule for a PSO to use in determining when a disclosure statement must be submitted. The two thresholds remain unchanged. The disclosure requirement only applies when a PSO has entered a contract that provides the protections of the Patient Safety Act, i.e., a Patient Safety Act contract, and the PSO has other relationships with that contracting provider of the types specified below. A disclosure statement is not required if the PSO has a Patient Safety contract with a provider and the relationships described below are not present, nor is a disclosure statement required if the relationships are present but there is no Patient Safety Act contract.

We have restructured the text in the final rule. There are now three paragraphs: a restatement of the requirement in paragraph (i), a description of the required content of a disclosure statement in paragraph (ii), and the deadlines for submission of disclosure statements set forth in paragraph (iii).

Section 3.102(d)(2)(i) contains the following substantive changes. Compared with the requirements of the proposed rule, this paragraph eliminates the need to submit a disclosure statement if the PSO's only other relationships with this contracting provider are limited to Patient Safety Act contracts.

In response to commenters' questions and concerns, we have modified the text describing the statutory list of disclosures: contractual, financial, and reporting relationships are incorporated in subparagraphs (A)—(C) and control, management, and operation of the PSO, independent from the provider, is incorporated in subparagraph (D). We have narrowed the language in paragraphs (A)—(C) by limiting the required disclosures to current contractual, financial, and reporting relationships and restating the requirements to emphasize that disclosure is only required for relationships other than those in Patient Safety Act contract(s). We have restated and streamlined the language of subparagraph (A) to emphasize contracts and arrangements that impose obligations on the PSO.

We have retained the substantive requirements for financial relationships. Based upon comments received, we have determined that if the PSO is a membership organization, the Department does not consider dues or other assessments applied to all members to constitute a financial relationship for this purpose. The rule narrows the scope of subparagraph (C), where the text narrows the definition of reporting relationships to those in which this contracting provider has access to information about the work and internal operation of the PSO that is not available to other contracting providers. By focusing on this particular aspect of reporting relationships, we have tried to make plain that it is not our intent to collect information regarding the multiple ordinary types of reporting relationships that exist routinely between contracting parties. We have made the requirement narrower both for clarity and simplicity. The deleted reference to control is addressed by subparagraph (D), which we have narrowed to simply restate the statutory language on what must be disclosed or reported regarding management, control, and operation independent of the contracting provider. We deleted the language requiring a PSO to assess whether any of the relationships in what is now subparagraph (D) might impair its ability to perform patient safety activities fairly and accurately because PSOs will now address these issues in the required narrative that comprises the second part of the disclosure statement, described below.

Return to Table of Contents
Return to Previous Section
Continue to Next Section

 

AHRQAdvancing Excellence in Health Care
AHRQ footer - print version only