NPRM February 12, 2008 (Volume 73, Number 29) [Page 8111-8183]

Back to Patient Safety Organizations Home

Summary
Dates
Addresses
Further Information
Supplementary Information

Authority: 42 U.S.C. 216, 299b-21 through 299b-26; 42 U.S.C. 299c-6

Federal Register / Vol. 73, No. 77 / Tuesday, February 12, 2008 / Proposed Rules / 8111-8183

From the Federal Register Online via GPO Access [wais.access.gpo.gov]
[DOCID:fr12fe08-8]

DEPARTMENT OF HEALTH AND HUMAN SERVICES

42 CFR Part 3

Patient Safety and Quality Improvement; Proposed Rule

DEPARTMENT OF HEALTH AND HUMAN SERVICES

42 CFR Part 3

RIN 0919-AA01

Patient Safety and Quality Improvement

AGENCY: Agency for Healthcare Research and Quality, Office for Civil Rights, HHS.

ACTION: Notice of proposed rulemaking.

Return to top

SUMMARY: This document proposes regulations to implement certain aspects of the Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act). The proposed regulations establish a framework by which hospitals, doctors, and other health care providers may voluntarily report information to Patient Safety Organizations (PSOs), on a privileged and confidential basis, for analysis of patient safety events. The proposed regulations also outline the requirements that entities must meet to become PSOs and the processes for the Secretary to review and accept certifications and to list PSOs.

In addition, the proposed regulation establishes the confidentiality protections for the information that is assembled and developed by providers and PSOs, termed "patient safety work product" by the Patient Safety Act, and the procedures for the imposition of civil money penalties for the knowing or reckless impermissible disclosure of patient safety work product.

DATES: Comments on the proposed rule will be considered if we receive them at the appropriate address, as provided below, no later than April 14, 2008.

ADDRESSES: Interested persons are invited to submit written comments by any of the following methods:
Federal eRulemaking Portal: http://www.regulations.gov. Comments should include agency name and "RIN 0919-AA01".

Mail: Center for Quality Improvement and Patient Safety, Attention: Patient Safety Act NPRM Comments, AHRQ, 540 Gaither Road, Rockville, MD 20850.

Hand Delivery/Courier: Center for Quality Improvement and Patient Safety, Attention: Patient Safety Act NPRM Comments, Agency for Healthcare Research and Quality, 540 Gaither Road, Rockville, MD 20850.

Instructions: Because of staff and resource limitations, we cannot accept comments by facsimile (FAX) transmission or electronic mail. For detailed instructions on submitting comments and additional information on the rulemaking process, see the "Public Participation" heading of the SUPPLEMENTARY INFORMATION section of this document. Comments will be available for public inspection at the AHRQ Information Resources Center at the above-cited address between 8:30 a.m. and 5 p.m. Eastern Time on federal business days (Monday through Friday).

FOR FURTHER INFORMATION CONTACT: Susan Grinder, Agency for Healthcare Research and Quality, 540 Gaither Road, Rockville, MD 20850, (301) 427-1111 or (866) 403-3697.

SUPPLEMENTARY INFORMATION:

Public Participation

We welcome comments from the public on all issues set forth in this proposed rule to assist us in fully considering issues and developing policies. You can assist us by referencing the RIN number (RIN: 0919-0AA01) and by preceding your discussion of any particular provision with a citation to the section of the proposed rule being discussed.

A. Inspection of Public Comments

All comments (electronic, mail, and hand delivery/courier) received in a timely manner will be available for public inspection as they are received, generally beginning approximately 6 weeks after publication of this document, at the mail address provided above, Monday through Friday of each week from 8:30 a.m. to 5 p.m. To schedule an appointment to view public comments, call Susan Grinder, (301) 427-1111 or (866) 403-3697.

Comments submitted electronically will be available for viewing at the Federal eRulemaking Portal.

B. Electronic Comments

We will consider all electronic comments that include the full name, postal address, and affiliation (if applicable) of the sender and are submitted through the Federal eRulemaking Portal identified in the ADDRESSES section of this preamble. Copies of electronically submitted comments will be available for public inspection as soon as practicable at the address provided, and subject to the process described, in the preceding paragraph.

C. Mailed Comments and Hand Delivered/Couriered Comments

Mailed comments may be subject to delivery delays due to security procedures. Please allow sufficient time for mailed comments to be timely received in the event of delivery delays. Comments mailed to the address indicated for hand or courier delivery may be delayed and could be considered late.

D. Copies

To order copies of the Federal Register containing this document, send your request to: New Orders, Superintendent of Documents, P.O. Box 371954, Pittsburgh, PA 15250-7954. Specify the date of the issue requested and enclose a check or money order payable to the Superintendent of Documents, or enclose your Visa or Master Card number and expiration date. Credit card orders can also be placed by calling the order desk at (202) 512-1800 (or toll-free at 1-866-512-1800) or by faxing to (202) 512-2250. The cost for each copy is $10. As an alternative, you may view and photocopy the Federal Register document at most libraries designated as Federal Depository Libraries and at many other public and academic libraries throughout the country that receive the Federal Register.

E. Electronic Access

This Federal Register document is available from the Federal Register online database through GPO Access, a service of the U.S. Government Printing Office. The Web site address is:
http://www.gpoaccess.gov/nara/index.html.

This document is available electronically at the following Web site of the Department of Health and Human Services (HHS): http://www.ahrq.gov/.

F. Response to Comments

Because of the large number of public comments we normally receive on Federal Register documents, we are not able to acknowledge or respond to them individually. We will consider all comments we receive in accordance with the methods described above and by the date specified in the DATES section of this preamble. When we proceed with a final rule, we will respond to comments in the preamble to that rule.

I. Background

A. Purpose and Basis

This proposed rule establishes the authorities, processes, and rules necessary to implement the Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act), (Pub. L. 109-41), that amended the Public Health Service Act (42 U.S.C. 299 et seq.) by inserting new sections 921 through 926, 42 U.S.C. 299b-21 through 299b-26.
Much of the impetus for this legislation can be traced to the publication of the landmark report, "To Err Is Human" \1\, by the Institute of Medicine in 1999 (Report). The Report cited studies that found that at least 44,000 people and potentially as many as 98,000 people die in U.S. hospitals each year as a result of preventable medical errors.\2\ Based on these studies and others, the Report estimated that the total national costs of preventable adverse events, including lost income, lost household productivity, permanent and temporary disability, and health care costs to be between $17 billion and $29 billion, of which health care costs represent one-half.\3\ One of the main conclusions was that the majority of medical errors do not result from individual recklessness or the actions of a particular group; rather, most errors are caused by faulty systems, processes, and conditions that lead people to make mistakes or fail to prevent adverse events.\4\ Thus, the Report recommended mistakes can best be prevented by designing the health care system at all levels to improve safety--making it harder to do something wrong and easier to do something right.\5\

\1\ Institute of Medicine, "To Err is Human: Building a Safer Health System", 1999.
\2\ Id. at 31.
\3\ Id. at 42.
\4\ Id. at 49-66.
\5\ Id.

As compared to other high-risk industries, the health care system is behind in its attention to ensuring basic safety.\6\ The reasons for this lag are complex and varied. Providers are often reluctant to participate in quality review activities for fear of liability, professional sanctions, or injury to their reputations. Traditional state-based legal protections for such health care quality improvement activities, collectively known as peer review protections, are limited in scope: They do not exist in all States; typically they only apply to peer review in hospitals and do not cover other health care settings, and seldom enable health care systems to pool data or share experience between facilities. If peer review protected information is transmitted outside an individual hospital, the peer review privilege for that information is generally considered to be waived. This limits the potential for aggregation of a sufficient number of patient safety events to permit the identification of patterns that could suggest the underlying causes of risks and hazards that then can be used to improve patient safety.

\6\ Id. at 75.

The Report outlined a comprehensive strategy to improve patient safety by which public officials, health care providers, industry, and consumers could reduce preventable medical errors. The Report recommended that, in order to reduce medical errors appreciably in the U.S., a balance be struck between regulatory and market-based initiatives and between the roles of professionals and organizations. It recognized a need to enhance knowledge and tools to improve patient safety and break down legal and cultural barriers that impede such improvement.

Drawing upon the broad framework advanced by the Institute of Medicine, the Patient Safety Act specifically addresses a number of these long-recognized impediments to improving the quality, safety, and outcomes of health care services. For that reason, implementation of this proposed rule can be expected to accelerate the development of new, voluntary, provider-driven opportunities for improvement, increase the willingness of health care providers to participate in such efforts, and, most notably, set the stage for breakthroughs in our understanding of how best to improve patient safety.

These outcomes will be advanced, in large measure, through implementation of this proposed rule of strong Federal confidentiality and privilege protections for information that is patient safety work product under the Patient Safety Act. For the first time, there will now be a uniform set of Federal protections that will be available in all states and U.S. territories and that extend to all health care practitioners and institutional providers. These protections will enable all health care providers, including multi-facility health care systems, to share data within a protected legal environment, both within and across states, without the threat of information being used against the subject providers.

Pursuant to the Patient Safety Act, this proposed rule will also encourage the formation of new organizations with expertise in patient safety, known as patient safety organizations (PSOs), which can provide confidential, expert advice to health care providers in the analysis of patient safety events./7/ The confidentiality and privilege protections of this statute attach to "patient safety work product." This term as defined in the Patient Safety Act and this proposed rule means that patient safety information that is collected or developed by a provider and reported to a PSO, or that is developed by a PSO when conducting defined "patient safety activities," or that reveals the deliberations of a provider or PSO within a patient safety evaluation system is protected. Thus, the proposed rule will enable health care providers to protect their internal deliberations and analysis of patient safety information because this type of information is patient safety work product.

/7/ As we use the term, patient safety event means an incident that occurred during the delivery of a health care service and that harmed, or could have resulted in harm to, a patient. A patient safety event may include an error of omission or commission, mistake, or malfunction in a patient care process; it may also involve an input to such process (such as a drug or device) or the environment in which such process occurs. Our use of the term patient safety event in place of the more limited concept of medical error to describe the work that providers and PSOs may undertake reflects the evolution in the field of patient safety. It is increasingly recognized that important insights can be derived from the study of patient care processes and their organizational context and environment in order to prevent harm to patients. We note that patient safety in the context of this term also encompasses the safety of a person who is a subject in a research study conducted by a health care provider. In addition, the flexible concept of a patient safety event is applicable in any setting in which health care is delivered: A health care facility that is mobile (e.g., ambulance), fixed and free-standing (e.g., hospital), attached to another entity (e.g., school clinic), as well as the patient's home or workplace, whether or not a health care provider is physically present.

The statute and the proposed rule seek to ensure that the confidentiality provisions (as defined in these proposed regulations) will be taken seriously by making breaches of the protections potentially subject to a civil money penalty of up to $10,000. The combination of strong Federal protections for patient safety work product and the potential penalties for violation of these protections should give providers the assurances they need to participate in patient safety improvement initiatives and should spur the growth of such initiatives.

Patient safety experts have long recognized that the underlying causes of risks and hazards in patient care can best be recognized through the aggregation of significant numbers of individual events; in some cases, it may require the aggregation of thousands of individual patient safety events before underlying patterns are apparent. It is hoped that this proposed rule will foster routine reporting to PSOs of data on patient safety events in sufficient numbers for valid and reliable analyses. Analysis of such large volumes of patient safety events is expected to significantly advance our understanding of the patterns and commonalities in the underlying causes of risks and hazards in the delivery of patient care. These insights should enable providers to more effectively and efficiently target their efforts to improve patient safety.

We recognize that risks and hazards can occur in a variety of environments, such as inpatient, outpatient, long-term care, rehabilitation, research, or other health care settings. In many of these settings, patient safety analysis is a nascent enterprise that will benefit significantly from the routine, voluntary reporting and analysis of patient safety events. Accordingly, we strive in the proposed rule to avoid imposing limitations that might preclude innovative approaches to the identification of, and elimination of, risks and hazards in specific settings for the delivery of care, specific health care specialties, or in research settings. We defer to those creating PSOs and the health care providers that enter ongoing relationships with them to determine the scope of patient safety events that will be addressed.

Finally, we note that the statute is quite specific that these protections do not relieve a provider from its obligation to comply with other legal, regulatory, accreditation, licensure, or other accountability requirements that it would otherwise need to meet. The fact that information is collected, developed, or analyzed under the protections of the Patient Safety Act does not shield a provider from needing to undertake similar activities, if applicable, outside the ambit of the statute, so that the provider can meet its obligations with non-patient safety work product. The Patient Safety Act, while precluding other organizations and entities from requiring providers to provide them with patient safety work product, recognizes that the data underlying patient safety work product remains available in most instances for the providers to meet these other information requirements.

In summary, this proposed rule implements the Patient Safety Act and facilitates its goals by allowing the health care industry voluntarily to avail itself of this framework in the best manner it determines feasible. At the same time, it seeks to ensure that those who do avail themselves of this framework will be afforded the legal protections that Congress intended and that anyone who breaches those protections will be penalized commensurately with the violation.

B. Listening Sessions

We held three listening sessions for the general public (March 8, 13, and 16, 2006) which helped us better understand the thinking and plans of interested parties, including providers considering the use of PSO services and entities that anticipate establishing PSOs. As stated in the Federal Register notice 71 FR 37 (February 24, 2006) that announced the listening sessions, we do not regard the presentations or comments made at these sessions as formal comments and, therefore, they are not discussed in this document.

C. Comment Period

The comment period is sixty (60) days following the publication of the proposed rule.

Return to top

II. Overview of Proposed Rule

We are proposing a new Part 3 to Title 42 of the Code of Federal Regulations to implement the Patient Safety Act. As described above, the Patient Safety Act is an attempt to address the barriers to patient safety and health care quality improvement activities in the U.S. In implementing the Patient Safety Act, this proposed rule encourages the development of provider-driven, voluntary opportunities for improving patient safety; this initiative is neither funded, nor controlled by the Federal Government.

Under the proposal, a variety of types of organizations--public, private, for-profit, and not-for-profit--can become PSOs, and offer their consultative expertise to providers regarding patient safety events and quality improvement initiatives. There will be a process for certification and listing of PSOs, which will be implemented by the Agency for Healthcare Research and Quality (AHRQ), and providers can work voluntarily with PSOs to obtain confidential, expert advice in analyzing the patient safety event and other information they collect or develop at their offices, facilities, or institutions. PSOs may also provide feedback and recommendations regarding effective strategies to improve patient safety as well as proven approaches for implementation of such strategies. In addition, to encourage providers to undertake patient safety activities, the regulation is very specific that patient safety work product is subject to confidentiality and privilege protections, and persons that breach the confidentiality provisions may be subject to a $10,000 civil money penalty, to be enforced by the Office for Civil Rights (OCR).

The provisions of this proposed rule greatly expand the potential for participation in patient safety activities. The proposal, among other things, enables providers across the health care industry to report information to a PSO and obtain the benefit of these new confidentiality and privilege protections. This proposal minimizes the barriers to entry for listing as a PSO by creating a review process that is both simple and efficient. As a result, we expect a broad range of organizations to seek listing by the Secretary as PSOs. Listing will not entitle these entities to Federal funding or subsidies, but it will enable these PSOs to offer individual and institutional providers the benefits of review and analysis of patient safety work product that is protected by strong Federal confidentiality and privilege protections.

Our proposed regulation will enable and assist data aggregation by PSOs to leverage the possibility of learning from numerous patient safety events across the health care system and to facilitate the identification and correction of systemic and other errors. For example, PSOs are required to seek contracts with multiple providers, and proposed Subpart C permits them, with certain limitations, to aggregate patient safety work product from their multiple clients and with other PSOs. In addition, the Secretary will implement other provisions of the Patient Safety Act that, independent of this proposed rule, require the Secretary to facilitate the development of a network of patient safety databases for the aggregation of nonidentifiable patient safety work product and the development of consistent definitions and common formats for collecting and reporting patient safety work product. These measures will facilitate a new level of data aggregation that patient safety experts deem essential to maximize the benefits of the Patient Safety Act.

The Patient Safety Act gives considerable attention to the relationship between it and the Standards for the Privacy of Individually Identifiable Health Information under the Health Insurance Portability and Accountability Act of 1996 (HIPAA Privacy Rule). We caution that the opportunity for a provider to report identifiable patient safety work product to a PSO does not relieve a provider that is a HIPAA covered entity of its obligations under the HIPAA Privacy Rule. In fact, the Patient Safety Act indicates that PSOs are deemed to be business associates of providers that are HIPAA covered entities. Thus, providers who are HIPAA covered entities will need to enter into business associate agreements with PSOs in accordance with their HIPAA Privacy Rule obligations. If such a provider also chooses to enter a PSO contract, we believe that such contracts could be entered into simultaneously as an agreement for the conduct of patient safety activities. However, the Patient Safety Act does not require a provider to enter a contract with a PSO to receive the protections of the Patient Safety Act.

Proposed Subpart A, General Provisions, sets forth the purpose of the provisions and the definitions applicable to the subparts that follow. Proposed Subpart B, PSO Requirements and Agency Procedures, sets forth the requirements for PSOs and describes how the Secretary will review, accept, revoke, and deny certifications for listing and continued listing of entities as PSOs and other required submissions. Proposed Subpart C, Confidentiality and Privilege Protections of Patient Safety Work Product, describes the provisions that relate to the confidentiality protections and permissible disclosure exceptions for patient safety work product. Proposed Subpart D, Enforcement Program, includes provisions that relate to activities for determining compliance, such as investigations of and cooperation by providers, PSOs, and others; the imposition of civil money penalties; and hearing procedures.

Return to top
Proceed to next section

Table of Contents

DEPARTMENT OF HEALTH AND HUMAN SERVICES

A. Inspection of Public Comments

B. Electronic Comments

C. Mailed Comments and Hand Delivered/Couriered Comments

D. Copies

E. Electronic Access

F. Response to Comments

I. Background

A. Purpose and Basis

B. Listening Sessions

C. Comment Period

II. Overview of Proposed Rule