Your browser doesn't support JavaScript. Please upgrade to a modern browser or enable JavaScript in your existing browser.
U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | Información en español | E-mail UpdatesE-mail Updates
www.ahrq.gov

Back to Patient Safety Organizations Home

[Continued from previous section]

1. Proposed Sec. 3.102--Process and Requirements for Initial and Continued Listing of PSOs

Proposed Sec. 3.102 sets out: The submissions that the Department, in carrying out its responsibilities, proposes to require, consistent with the Patient Safety Act, for initial and continued listing as a PSO; the certifications that all entities must make as part of the listing process; the additional certifications that component organizations must make as part of the listing process; the requirement for biennial submission of a certification that the PSO has entered into the required number of contracts; and the circumstances under which a PSO must submit a disclosure statement regarding the relationships it has with its contracting providers.

(A) Proposed Sec. 3.102(a)--Eligibility and Process for Initial and Continued Listing

In this section, we propose to establish a streamlined certification process that minimizes barriers to entry for a broad variety of entities seeking to be listed as a PSO. With several exceptions, any entity--public or private, for-profit or not-for profit--may seek initial or continued listing by the Secretary as a PSO. The statute precludes a health insurance issuer and a component of a health insurance issuer from becoming a PSO (section 924(b)(1)(D) of the Public Health Service Act, 42 U.S.C. 299b-24(b)(1)(D)). In addition, we propose to preclude any other entity, public or private, from seeking listing as a PSO if the entity conducts regulatory oversight of health care providers, including accreditation or licensure. We propose this restriction for consistency with the statute, which seeks to foster a "culture of safety" in which health care providers are confident that the patient safety events that they report will be used for learning and improvement, not oversight, penalties, or punishment. Listing organizations with regulatory authority as PSOs would be likely to undermine provider confidence that adequate separation of PSO and regulatory activities would be maintained.

We note that the Patient Safety Act permits a component organization of an entity to seek listing as a PSO if the component organization establishes a strong firewall between its activities as a PSO and the rest of the organization(s) of which it is a part. As drafted, this proposed regulation permits a component organization of an entity with any degree of regulatory authority to seek listing as a component PSO. We have not proposed any restrictions on such component organizations for several reasons. First, we expect that the statutory requirement for a strong firewall between a component PSO and its parent organization(s) with respect to its activities as a PSO and the protected information it holds will provide adequate safeguards. Second, providers will have access to the names of parent organizations of component PSOs. We propose in Sec. 3.102(c) that any component organization must disclose the name of its parent organization(s) (see the proposed definitions of component and parent organizations in Sec. 3.20). We intend to make this information publicly available and expect to post it on the PSO Web site we plan to establish (see the preamble discussion regarding proposed Sec. 3.104(d)). This will provide transparency and enable providers to determine whether the organizational affiliation(s) of a component PSO are of concern. Finally, we believe that allowing the marketplace to determine whether a component PSO has acceptable or unacceptable ties to an entity with regulatory authority is consistent with our overall approach to regulation of PSOs.

At the same time, we recognize that some organizations exercise a considerable level of regulatory oversight over providers and there may be concerns that such organizations could circumvent the firewalls proposed below in Sec. 3.102(c) or might attempt to require providers to work with a component PSO that the regulatory entity creates. Accordingly, we specifically seek comment on the approach we have proposed and whether we should consider a broader restriction on component organizations of entities that are regulatory. For example, should components of state health departments be precluded from seeking listing because of the broad authority of such departments to regulate provider behavior? If a broader restriction is proposed, we would especially welcome suggestions on clear, unambiguous criteria for its implementation.

We will develop certification forms for entities seeking initial and continued listing that contain or restate the respective certifications described in proposed Sec. 3.102(b) and Sec. 3.102(c). An individual with authority to make commitments on behalf of the entity seeking listing would be required to acknowledge each of the certification requirements, attest that the entity meets each of the certification requirements on the form, and provide contact information for the entity. The certification form would also require an attestation that the entity is not subject to the limitation on listing proposed in this subsection and an attestation that, once listed as a PSO, it will notify the Secretary if it is no longer able to meet the requirements of proposed Sec. 3.102(b) and Sec. 3.102(c).

To facilitate the development of a marketplace for the services of PSOs, entities are encouraged, but not required, to develop and post on their own Web sites narratives that specify how the entity will approach its mission, how it will comply with the certification requirements, and describe the qualifications of the entity's personnel. With appropriate disclaimers of any implied endorsement, we expect to post citations or links to the Web sites of all listed entities on the PSO Web site that we plan to establish pursuant to proposed Sec. 3.104(d). We believe that clear narratives of how PSOs will meet their statutory and regulatory responsibilities will help providers, who are seeking the services of a PSO, to assess their options. The Department's PSO Web site address will be identified in the final rule and will be available from AHRQ upon request.

(B) Proposed Sec. 3.102(b)--Fifteen General Certification Requirements

In accordance with section 924(a) of the Public Health Service Act, 42 U.S.C. 299b-24(a), the proposed rule would require all entities seeking initial or continued listing as a PSO to meet 15 general certification requirements: eight requirements related to patient safety activities and seven criteria governing their operation. At initial listing, the entity would be required to certify that it has policies and procedures in place to carry out the eight patient safety activities defined in the Patient Safety Act and incorporated in proposed Sec. 3.20, and upon listing, would meet the seven criteria specified in proposed Sec. 3.102 (b)(2). Submissions for continued listing would require certifications that the PSO is performing, and will continue to perform, the eight patient safety activities and is complying with, and would continue to comply with, the seven criteria.

(1) Proposed Sec. 3.102(b)(1)--Required Certification Regarding Eight Patient Safety Activities

Proposed Sec. 3.102(b)(1) addresses the eight required patient safety activities that are listed in the definition of patient safety activities at proposed Sec. 3.20 (section 921(5) of the Public Health Service Act, 42 U.S.C. 299b-21(5)). Because certification relies primarily upon attestations by entities seeking listing, rather than submission and review of documentation, it is critical that entities seeking listing have a common and shared understanding of what each certification requirement entails. We conclude that five of the eight required patient safety activities need no elaboration. These five patient safety activities include: Efforts to improve patient safety and quality; the collection and analysis of patient safety work product; the development and dissemination of information with respect to improving patient safety; the utilization of patient safety work product for the purposes of encouraging a culture of safety and providing feedback and assistance; and the utilization of qualified staff.

We address a sixth patient safety activity, related to the operation of a patient safety evaluation system, in the discussion of the definition of that term in proposed Sec. 3.20. We provide greater clarity here regarding the actions that an entity must take to comply with the remaining two patient safety activities, which involve the preservation of confidentiality of patient safety work product and the provision of appropriate security measures for patient safety work product.

We interpret the certification to preserve confidentiality of patient safety work product to require conformance with the confidentiality provisions of proposed Subpart C as well as the requirements of the Patient Safety Act. Certification to provide appropriate security measures require PSOs, their workforce members, and their contractors when they hold patient safety work product to conform to the requirements of proposed Sec. 3.106, as well as the provisions of the Patient Safety Act.

Return to top

(2) Proposed Sec. 3.102(b)(2)--Required Certification Regarding Seven PSO Criteria

Proposed Sec. 3.102(b)(2) lists seven criteria that are drawn from the Patient Safety Act (section 924(b) of the Public Health Service Act, 42 U.S.C. 299b-24(b)), which an entity must meet during its period of listing. We conclude that the statutory language for three of the seven required criteria is clear and further elaboration is not required. These three criteria include: The mission and primary activity of the entity is patient safety, the entity has appropriately qualified staff, and the entity utilizes patient safety work product for provision of direct feedback and assistance to providers to effectively minimize patient risk.

Two of the criteria are addressed elsewhere in the proposed rule: the exclusion of health insurance issuer or components of health insurance issuers from being PSOs is discussed above in the context of the definition of that term in proposed Sec. 3.20 and the requirements for submitting disclosure statements are addressed in the preamble discussion below regarding proposed Sec. 3.102(d)(2) (the proposed criteria against which the Secretary will review the disclosure statements are set forth in Sec. 3.104(c)). The remaining two PSO criteria--the minimum contract requirement and the collection of data in a standardized manner--are discussed here.

The Minimum Contracts Requirement. First, we propose to clarify the requirement in section 924(b)(1)(C) of the Public Health Service Act, 42 U.S.C. 299b-24(b)(1)(C) that a PSO must enter into bona fide contracts with more than one provider for the receipt and review of patient safety work product within every 24-month period after the PSO's initial date of listing.

We note that the statutory language establishes four conditions that must be met for a PSO to be in compliance with this requirement. We propose to interpret two of them for purposes of clarity in the final rule: (1) The PSO must have contracts with more than one provider, and (2) the contract period must be for "a reasonable period of time." Most contracts will easily meet the third requirement: that contracts must be "bona fide" (our definition is in proposed Sec. 3.20). Finally, the fourth requirement, that contracts must involve the receipt and review of patient safety work product, does not require elaboration.

We propose that a PSO would meet the requirement for "contracts with more than one provider" if it enters a minimum of two contracts within each 24-month period that begins with its initial date of listing. We note that the statutory requirement in section 924(b)(1)(C) of the Public Health Service Act, 42 U.S.C. 299b-24(b)(1)(C), unambiguously requires multiple contracts (i.e., more than one). One contract with two or more providers would not fully meet the statute's requirement. To illustrate, one contract with a 50-hospital system would not meet the requirement; two 25-hospital contracts with that same hospital system would meet the requirement. We believe that the statutory requirement was intended to encourage PSOs to aggregate data from multiple providers, in order to expand the volume of their data, thereby improving the basis on which patterns of errors and the causes for those errors can be identified. This statutory objective is worth noting as a goal for PSOs. A PSO can achieve this goal by aggregating data from multiple providers or by pooling or comparing data with other PSOs, subject to statutory, regulatory, and contractual limitations.

The statute requires that these contracts must be "for a reasonable period of time." We propose to clarify in the final rule when a PSO would be in compliance with this statutory requirement. The approach could be time-based (e.g., a specific number of months), task- based (e.g., the contract duration is linked to completion of specific tasks but, under this option, the final rule would not set a specific time period), or provide both options. We seek comments on the operational implications of these alternative approaches and the specific standard(s) for each option that we should consider. By establishing standard(s) in the final rule, we intend to create certainty for contracting providers and PSOs as to whether the duration requirement has been met. We note that whatever requirement is incorporated in the final rule will apply only to the two required contracts. A PSO can enter other contracts, whether time-based or task- based, without regard to the standard(s) for the two required contracts.

Apart from the requirements outlined above, there are no limits on the types of contracts that a PSO can enter; its contracts can address all or just one of the required patient safety activities, assist providers in addressing all, or just a specialized range, of patient safety topics, or the PSO can specialize in assisting specific types of providers, specialty societies, or provider membership organizations. Because of the limits on the extraterritorial application of U.S. law and the fact that privilege protections are limited to courts in the United States (Federal, State, etc.), the protections in the proposed rule apply only to protected data shared between PSOs and providers within the United States and its territories; there is only this one geographical limitation on a PSO's operations.

If they choose to do so, providers and PSOs may enter into contracts that specify stronger confidentiality protections than those specified in this proposed rule and the Patient Safety Act (section 922(g)(4) of the Public Health Service Act, 42 U.S.C. 299b-22 (g)(3)). For example, a provider could choose to de-identify or anonymize information it reports to a PSO.

We note that the Secretary proposes to exercise his authority to extend the definition of "provider" for the purposes of this statute to include a provider's "parent organization" (both terms are defined in proposed Sec. 3.20). This proposed addition is intended to provide an option for health systems (e.g., holding companies or a state system) to enter system-wide contracts with PSOs if they choose to do so. This option would not be available in the absence of this provision because the parent organizations of many health care systems are often corporate management entities or governmental entities that are not considered licensed or authorized health care providers under state law.

Collecting data in a standardized manner. Section 924(b)(1)(F) of the Public Health Service Act, 42 U.S.C. 299b-24(b)(1)(F), requires PSOs, to the extent practical and appropriate, to collect patient safety work product from providers in a standardized manner, to permit valid comparisons of similar cases among similar providers. One of the goals of the legislation is to facilitate a PSO aggregating sufficient data to identify and to address underlying causal factors of patient safety problems. A PSO is more valuable if it is able to aggregate patient safety work product it receives directly from multiple providers, and if it chooses to do so, aggregate its data with patient safety work product received from other PSOs and/or share nonidentifiable patient safety work product with a network of patient safety databases described in section 923 of the Public Health Service Act, 42 U.S.C. 299b-23. We recognize that if patient safety work product is not collected initially using common data elements and consistent definitions, it may be difficult to aggregate such data subsequently in order to develop valid comparisons across providers and potentially, PSOs. We also recognize, however, that the providers who work with PSOs may have varying levels of sophistication with respect to patient safety issues and that reporting patient safety work product to a PSO in a standardized manner or using standardized reporting formats may not be initially practicable for certain providers or in certain circumstances. The discussion which follows outlines the timetable and the process to which we are committed.

The Secretary intends to provide ongoing guidance to PSOs on formats and definitions that would facilitate the ability of PSOs to aggregate patient safety work product. We expect to provide initial guidance beginning with the most common types of patient safety events, before the final rule is issued, to facilitate the ability of PSOs to develop valid comparisons among providers. The Department will make such formats and definitions available for public comment in a non- regulatory format via publication in the Federal Register. We are considering, and we seek comment on, including a clarification in the final rule, that compliance with this certification requirement would mean that a PSO, to the extent practical and appropriate, will aggregate patient safety work product consistent with the Secretary's guidance regarding reporting formats and definitions when such guidance becomes available.

The process for developing and maintaining common formats. AHRQ has established a process to develop common formats that: (1) Is evidence- based; (2) harmonizes across governmental health agencies; (3) incorporates feedback from the public, professional associations/ organizations, and users; and (4) permits timely updating of these clinically-sensitive formats.

In anticipation of the need for common formats, AHRQ began the process of developing them in 2005. That process consists of the following steps: (1) Develop an inventory of functioning patient safety reporting systems to inform the construction of the common formats (an evidence base). Included in this inventory, now numbering 64 systems, are the major Centers for Disease Control and Prevention (CDC) and Food and Drug Administration (FDA) reporting systems as well as many from the private sector. (2) Convene an interagency Patient Safety Work Group (PSWG) to develop draft formats. Included are major health agencies within the Department--CDC, Centers for Medicare and Medicaid Services, FDA, Health Resources and Services Administration, the Indian Health Service (IHS), the National Institutes of Health--as well as the Department of Defense (DoD) and the Veterans Administration (VA). (3) Pilot test draft formats--to be conducted in February-March of 2008 in DoD, IHS, and VA facilities. (4) Publish version 0.1 (beta) of the formats in the Federal Register, along with explanatory material, and solicit public comment--planned for July/August 2008. (5) Let a task order contract (completed) with the National Quality Forum (NQF) to solicit input from the private sector regarding the formats. NQF's role will be periodically to solicit input from the private sector to assist the Department in updating its versions of the formats. NQF will begin with version 0.1 (beta) of the common formats and solicit public comments (including from providers, professional organizations, the general public, and PSOs), triage them in terms of immediacy of importance, set priorities, and convene expert panel(s) to offer advice on updates to the formats. This process will be a continuing one, guiding periodic updates of the common formats. (6) Accept input from the NQF, revise the formats in consultation with the PSWG, and publish subsequent versions in the Federal Register. Comments will be accepted at all times from public and governmental sources, as well as the NQF, and used in updating of the formats.

This process ensures intergovernmental consistency as well as input from the private sector, including, most importantly, those who may use the common formats. This latter group, the users, will be the most sensitive to and aware of needed updates/improvements to the formats. The PSWG, acting as the fulcrum for original development and continuing upgrading/maintenance, assures consistency of definitions/formats among government agencies. For instance, the current draft formats follow CDC definitions of healthcare associated infections and FDA definitions of adverse drug events. AHRQ has been careful to promote consensus among Departmental agencies on all draft common formats developed to date. The NQF is a respected private sector organization that is suited to solicit and analyze input from the private sector.

We welcome comments on our proposed approach to meeting statutory objectives.

(C) Proposed Sec. 3.102(c)--Additional Certifications Required of Component Organizations

Section 924(b)(2) of the Public Health Service Act, 42 U.S.C. 299b- 24(b)(2) and the proposed definition of component organization in proposed Sec. 3.20 requires an entity that is a component of another organization or multi-organizational enterprise that seeks initial or continued listing to certify that it will meet three requirements in addition to certifying that it will meet the 15 general requirements specified in proposed Sec. 3.102(b). We have indicated the types of entities that would be required to seek listing as a component organization in our discussion of the proposed definitions in proposed Sec. 3.20 of the terms "component organization" and "parent organization." To be listed as a component PSO, an entity would also be required to make three additional certifications regarding the entity's independent operation and separateness from the larger organization or enterprise of which it is a part: the entity would certify to (1) the secure maintenance of documents and information separate from the rest of the organization(s) or enterprise of which it is a part; (2) the avoidance of unauthorized disclosures to the organization(s) or enterprise of which it is a part; and (3) the absence of a conflict between its mission and the rest of the organization(s) or enterprise of which it is a part. We propose in Sec. 3.102(c) specific requirements that will ensure that such component PSOs implement the type of safeguards for patient safety work product that the three additional statutory certification requirements for component organizations are intended to provide.

First, the statute requires a component PSO to maintain patient safety work product separate from the rest of the organization(s) or enterprise of which it is a part (section 924(b)(2)(A) of the Public Health Service Act, 42 U.S.C. 299b-24(b)(2)(A)). To ensure compliance with this statutory requirement, we considered, but did not include here, a proposal to prohibit a component PSO from contracting, subcontracting, or entering any agreement with any part of the organization(s) or enterprise of which it is a part for the performance of any work involving the use of patient safety work product. We seek comment on the limited exception proposed in Sec. 3.102(c) here that would permit such contracts or subcontracts only if they can be carried out in a manner that is consistent with the statutory requirements of this section. This means that, while a component PSO could enter such arrangements involving the use of patient safety work product with a unit of the organization(s) or enterprise of which it is a part, the component PSO would maintain the patient safety work product and be responsible for its security (i.e., control the access and use of it by the contracting unit). In addition, under our proposal, while allowing access to the contracting unit of the identifiable patient safety work product necessary to carry out the contractual assignment would be a permissible disclosure, the component PSO would remain responsible for ensuring that the contracting unit does not violate the prohibitions related to unauthorized disclosures required under 924(b)(2)(B) of the PHS Act, 42 U.S.C. 299b-24(b)(2)(B), (i.e., disclosures to other units of the organization or enterprise) and that there is no conflict between the mission of the component PSO and the contracting unit, as required under 924(b)(2)(C) of the PHS Act, 42 U.S.C. 299b-24(b)(2)(C). We invite comment on whether such a limited exception is necessary or appropriate and, if so, the appropriateness of the restrictions we have proposed.

Second, a component PSO would not be permitted to have a shared information system with the rest of the organization(s) since this might provide unauthorized access to patient safety work product. For example, we intend to prohibit a component PSO from storing any patient safety work product in information systems or databases to which the rest of the organization(s) or enterprise of which it is a part would have access or the ability to remove or transmit a copy. We preliminarily conclude that most security measures, such as password protection of the component PSO's information, are too easily circumvented.

Third, the proposed rule provides that the workforce of the component PSO must not engage in work for the rest of the organization(s) if such work could be informed or influenced by the individual's knowledge of identifiable patient safety work product. For example, a component PSO could share accounting or administrative support staff under our proposal because the work of these individuals for the rest of the organization(s) would not be informed or influenced by their knowledge of patient safety work product. By contrast, if the rest of the organization provides health care services, a physician who served on a parent organization's credentialing, hiring, or disciplinary committee(s) could not also work for the PSO. Knowledge of confidential patient safety work product could influence his or her decisions regarding credentialing, hiring, or disciplining of providers who are identifiable in the patient safety work product.

We provide one exception to the last prohibition. It is not our intent to prohibit a clinician, whose work for the rest of the organization is solely the provision of patient care, from undertaking work for the component PSO. We see no conflict if the patient care provided by the clinician is informed by the clinical insights that result from his or her work for the component PSO. If a clinician has duties beyond patient care, this exception only applies if the other duties do not violate the general prohibition (i.e., that the other duties for the rest of the organization(s) cannot be informed by knowledge of patient safety work product).

As part of the requirement that the PSO must certify that there is no conflict between its mission and the rest of the organization(s), we propose that the certification form will require the PSO to provide the name(s) of the organization(s) or enterprise of which it is a part (see the discussions of our definitions of parent and component organizations in proposed Sec. 3.20).

We have not proposed specific standards to determine whether conflicts exist between a PSO and other components of the organization or enterprise of which it is a part. We recognize that some industries and particular professions, such as the legal profession through state- based codes of professional responsibility, have specific standards or tests for determining whether a conflict exists. We request comments on whether the final rule should include any specific standards, and, if so, what criteria should be put in place to determine whether a conflict exists.

Return to top
Return to Table of Contents
Return to previous section
Proceed to next section

 

AHRQAdvancing Excellence in Health Care
AHRQ footer - print version only