Back to Patient Safety Organizations Home
[Continued from previous section]
18. Proposed Sec. 3.504(a)--Hearings Before an ALJ
Proposed Sec. 3.504(a) provides the time and manner in which a hearing must be requested, or dismissed when not timely requested. This proposed section applies the same regulations as the HIPAA Enforcement Rule cited at 45 CFR 160.504(a)-(d), except that the language in paragraph (c) of 45 CFR 160.504 following and including "except that" does not apply. The excluded provision refers to the ability of respondents to raise an affirmative defense under 45 CFR 160.410(b)(1) for which we have not adopted a comparable provision because the provision implements a statutory defense unique to HIPAA.
19. Proposed Sec. 3.504(b)--Rights of the Parties
Proposed Sec. 3.504(b) provides that the rights of the parties not specifically provided elsewhere in this Part shall be the same as those provided in 45 CFR 160.506 of the HIPAA Enforcement Rule.
20. Proposed Sec. 3.504(c)--Authority of the ALJ
Proposed Sec. 3.504(c) provides that the general guidelines and authority of the ALJ shall be the same as provided in the HIPAA Enforcement Rule at 45 CFR 160.508(a)-(c)(4). We exclude the provision at 45 CFR 160.508(c)(5) because there is no requirement under the Patient Safety Act for remedied violations based on reasonable cause to be insulated from liability for a civil money penalty.
21. Proposed Sec. 3.504(d)--Ex parte Contacts
Proposed Sec. 3.504(d) is designed to ensure the fairness of the hearing by prohibiting ex-parte contacts with the ALJ on matters at issue. We propose to incorporate the same restrictions as provided for in the HIPAA Enforcement Rule at 45 CFR 160.510.
22. Proposed Sec. 3.504(e)--Prehearing Conferences
Proposed Sec. 3.504(e) adopts the same provisions as govern prehearing conferences in the HIPAA Enforcement Rule at 45 CFR 160.512, except that the term "identifiable patient safety work product" is substituted for "individually identifiable health information." Under this proposed provision, the ALJ is required to schedule at least one prehearing conference, in order to narrow the issues to be addressed at the hearing and, thus, expedite the formal hearing process, and to prescribe a timeframe for prehearings.
23. Proposed Sec. 3.504(f)--Authority To Settle
Proposed Sec. 3.504(f) adopts 45 CFR 160.514 of the HIPAA Enforcement Rule. This proposal provides that the Secretary has exclusive authority to settle any issue or case at any time and need not obtain the consent of the ALJ.
24. Proposed Sec. 3.504(g)--Discovery
We propose in Sec. 3.504(g) to adopt the discovery procedures as provided for in the HIPAA Enforcement Rule at 45 CFR 160.516. These provisions allow limited discovery in the form of the production for inspection and copying of documents that are relevant and material to the issues before the ALJ. These provisions do not authorize other forms of discovery, such as depositions and interrogatories.
Although the adoption of 45 CFR 160.516 would permit parties to raise claims of privilege and permit an ALJ to deny a motion to compel privileged information, a respondent could not claim privilege, and an ALJ could not deny a motion to compel, if the Secretary seeks patient safety work product relevant to the alleged confidentiality violation because the patient safety work product would not be privileged under proposed Sec. 3.204(c).
Under this proposal, a respondent concerned with potential public access to patient safety work product may raise the issue before the ALJ and seek a protective order. The ALJ may, for good cause shown, order appropriate redactions made to the record after hearing. See proposed Sec. 3.504(s).
25. Proposed Sec. 3.504(h)--Exchange of Witness Lists, Witness Statements, and Exhibits
Proposed Sec. 3.504(h) provides for the prehearing exchange of certain documents, including witness lists, copies of prior statements of witnesses, and copies of hearing exhibits. We propose that the requirements set forth in 45 CFR 160.518 of the HIPAA Enforcement Rule shall apply, except that the language in paragraph (a) of 45 CFR 160.518 following and including "except that" shall not apply. We exclude the provisions relating to the provision of a statistical expert's report not less than 30 days before a scheduled hearing because we do not propose language permitting the use of statistical sampling to estimate the number of violations.
26. Proposed Sec. 3.504(i)--Subpoenas for Attendance at Hearing
Proposed Sec. 3.504(i) provides procedures for the ALJ to issue subpoenas for witnesses to appear at a hearing and for parties and prospective witnesses to contest such subpoenas. We propose to adopt the same regulations as provided at 45 CFR 160.520 of the HIPAA Enforcement Rule.
27. Proposed Sec. 3.504(j)--Fees
Proposed Sec. 3.504(j) provides for the payment of witness fees by the party requesting a subpoena. We propose that the fees requirements be the same as those provided in 45 CFR 160.522 of the HIPAA Enforcement Rule.
28. Proposed Sec. 3.504(k)--Form, Filing and Service of Papers
Proposed Sec. 3.504(k) provides requirements for documents filed with the ALJ. We propose to adopt the requirements of 45 CFR 160.524 of the HIPAA Enforcement Rule.
29. Proposed Sec. 3.504(l)--Computation of Time
Proposed Sec. 3.504(l) provides the method for computing time periods under this Part. We propose to adopt the requirements of 45 CFR 160.526 of the HIPAA Enforcement Rule, except the term "this subpart" shall refer to 42 CFR Part 3, Subpart D and the citation "Sec. 3.504(a) of 42 CFR Part 3" shall be substituted for the citation "Sec. 160.504."
30. Proposed Sec. 3.504(m)--Motions
Proposed Sec. 3.504(m) provides requirements for the content of motions and the time allowed for responses. We propose to adopt the requirements of 45 CFR 160.528 of the HIPAA Enforcement Rule.
31. Proposed Sec. 3.504(n)--Sanctions
Proposed Sec. 3.504(n) provides the sanctions an ALJ may impose on parties and their representatives for failing to comply with an order or procedure, failing to defend an action, or other misconduct. We propose to adopt the provisions of 45 CFR 160.530 of the HIPAA Enforcement Rule.
32. Proposed Sec. 3.504(o)--Collateral Estoppel
Proposed Sec. 3.504(o) would adopt the doctrine of collateral estoppel with respect to a final decision of an administrative agency. Collateral estoppel means that determinations made with respect to issues litigated and determined in a proceeding between two parties will bind the respective parties in later disputes concerning the same issues and parties. We propose to adopt the provisions of 45 CFR 160.532 of the HIPAA Enforcement Rule, except that the term "a confidentiality provision" shall be substituted for the term "an administrative simplification provision".
33. Proposed Sec. 3.504(p)--The Hearing
Proposed Sec. 3.504(p) provides for a public hearing on the record, the burden of proof at the hearing and the admission of rebuttal evidence. We propose to adopt the provisions of 45 CFR 160.534 of the HIPAA Enforcement Rule, except the following text shall be substituted for Sec. 160.534(b)(1): "The respondent has the burden of going forward and the burden of persuasion with respect to any challenge to the amount of a proposed penalty pursuant to Sec. Sec. 3.404-3.408 of 42 CFR Part 3, including any factors raised as mitigating factors." We propose to adopt this new language for Sec. 160.534(b)(1) because references to affirmative defenses in the excluded text are not applicable in the context of the Patient Safety Act as such defenses are under the HIPAA Enforcement Rule; nor does the Patient Safety Act include provisions for the waiver or reduction of a civil money penalty in accordance with 45 CFR 160.412.
45 CFR 160.534(c) states that the hearing must be open to the public unless otherwise ordered by the ALJ for good cause shown. In proposed Sec. 3.504(p) of this Subpart, we propose that good cause shown under 45 CFR 160.534(c) may be that identifiable patient safety work product has been introduced into evidence or is expected to be introduced into evidence. Protecting patient safety work product is important and is an issue about which all parties and the ALJ should be concerned.
34. Proposed Sec. 3.504(q)--Witnesses
Under proposed Sec. 3.504(q), the ALJ may allow oral testimony to be admitted or provided in the form of a written statement or deposition so long as the opposing party has a sufficient opportunity to subpoena the person whose statement is being offered. We propose to adopt the provisions of 45 CFR 160.538 of the HIPAA Enforcement Rule, except that the citation "Sec. 3.504(h) of 42 CFR Part 3" shall be substituted for the citation "Sec. 160.518."
35. Proposed Sec. 3.504(r)--Evidence
Proposed Sec. 3.504(r) would provide guidelines for the acceptance of evidence in hearings. We propose to adopt the provisions of 45 CFR 160.540 of the HIPAA Enforcement Rule, except that the citation "Sec. 3.420 of 42 CFR Part 3" shall be substituted for the citation "Sec. 160.420 of this part".
In the same manner as the exception to privilege for enforcement activities under Sec. 3.204(c) applies to proposed Sec. 3.504(g), the exception to privilege applies under proposed Sec. 3.504(r) as well. Although the adoption of 45 CFR 160.540(e) would permit parties to raise claims of privilege and permit an ALJ to exclude from evidence privileged information, a respondent could not claim privilege and an ALJ could not exclude identifiable patient safety work product if the Secretary seeks to introduce that patient safety work product because disclosure of the patient safety work product would not be a violation of the privilege and confidentiality provisions under proposed Sec. 3.204(c).
36. Proposed Sec. 3.504(s)--The Record
Proposed Sec. 3.504(s) provides for recording and transcription of the hearing, and for the record to be available for inspection and copying by any person. We propose to adopt the provisions at 45 CFR 160.542 of the HIPAA Enforcement Rule. We also propose to provide that good cause for making appropriate redactions includes the presence of identifiable patient safety work product in the record.
37. Proposed Sec. 3.504(t)--Post-Hearing Briefs
Proposed Sec. 3.504(t) provides that the ALJ has the discretion to order post-hearing briefs, although the parties may file post-hearing briefs in any event if they desire. We propose to adopt the provisions of 45 CFR 160.544 of the HIPAA Enforcement Rule.
38. Proposed Sec. 3.504(u)--ALJ's Decision
Proposed Sec. 3.504(u) provides that not later than 60 days after the filing of post-hearing briefs, the ALJ shall serve on the parties a decision making specific findings of fact and conclusions of law. The ALJ's decision is the final decision of the Secretary, and will be final and binding on the parties 60 days from the date of service of the ALJ decision, unless it is timely appealed by either party. We propose to adopt the provisions of 45 CFR 160.546 of the HIPAA Enforcement Rule, except the citation "Sec. 3.504(v) of 42 CFR Part 3" shall be substituted for "Sec. 160.548."
39. Proposed Sec. 3.504(v)--Appeal of the ALJ's Decision
Proposed Sec. 3.504(v) provides for manner and time for review of an ALJ's decision regarding penalties imposed under this Part and subsequent judicial review. We propose to adopt the same provisions as 45 CFR 160.548 of the HIPAA Enforcement Rule, except the following language in paragraph (e) of 45 CFR 160.548 shall not apply: "Except for an affirmative defense under Sec. 160.410(b)(1) of this part." We exclude this language because the Patient Safety Act does not provide for affirmative defenses in the same manner as HIPAA.
40. Proposed Sec. 3.504(w)--Stay of the Secretary's Decision
Proposed Sec. 3.504(w) provides that a respondent may request a stay of the effective date of a penalty pending judicial review. We propose to adopt the provisions of 45 CFR 160.550 of the HIPAA Enforcement Rule to govern this process.
41. Proposed Sec. 3.504(x)--Harmless Error
Proposed Sec. 3.504(x) adopts the "harmless error" standard as expressed in the HIPAA Enforcement Rule at 45 CFR 160.522. This proposed rule provides that the ALJ and the Board at every stage of the proceeding will disregard any error or defect in the proceeding that does not affect the substantial rights of the parties.
IV. Impact Statement and Other Required Analyses
Unfunded Mandates Reform Act
Section 202 of the Unfunded Mandates Reform Act requires that a covered agency prepare a budgetary impact statement before promulgating a rule that includes any Federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector, of $100 million or more in any one year. The Department has determined that this proposed rule would not impose a mandate that will result in the expenditure by State, Local, and Tribal governments, in the aggregate, or by the private sector, of more than $100 million in any one year.
Paperwork Reduction Act
This notice of proposed rulemaking adding a new Part 3 to volume 42 of the Code of Federal Regulations contains information collection requirements. This summary includes the estimated costs and assumptions for the paperwork requirements related to this proposed rule. A copy of the information collection request will be available on the PSO Web site (www.pso.ahrq.gov) and can be obtained in hardcopy by contacting Susan Grinder at the Center for Quality Improvement and Patient Safety, AHRQ, (301) 427-1111 (o); (301) 427-1341 (fax). These paperwork requirements have been submitted to the Office of Management and Budget for review under number xxxx-xxxx as required by 44 U.S.C. 3507(a)(1)(c) of the Paperwork Reduction Act of 1995, as amended (PRA). Respondents are not required to respond to any collection of information unless it displays a current valid OMB control number.
With respect to proposed Sec. 3.102 concerning the submission of certifications for initial and continued listing as a PSO, and of updated information, all such information would be submitted on Form SF-XXXX. To maintain its listing, a PSO must also submit a brief attestation, once every 24-month period after its initial date of listing, submitted on Form SF-XXXX, stating that it has entered contracts with two providers. We estimate that the proposed rule would create an average burden of 30 minutes annually for each entity that seeks to become a PSO to complete the necessary certification forms. Table 1 summarizes burden hours.
Table 1.--Total Burden Hours Related to Certification Forms
[Summary of all burden hours, by Provision, for PSOs]
| Provision | Annualized burden hours |
|---|---|
| 3.112 | 30 minutes. |
HHS is working with OMB to obtain approval of the associated burden in accordance with the Paperwork Reduction Act of 1995 (44 U.S.C. 3507(d)) before the effective date of the final rule. Comments on this proposed information collection should be directed to Susan Grinder, by sending an e-mail to Psosupport@ahrq.hhs.gov or sending a fax to (301) 427-1341.
Under 5 CFR 1320.3(c), a covered collection of information includes the requirement by an agency of a disclosure of information to third parties by means of identical reporting, recordkeeping, or disclosure requirements, imposed on ten or more persons. The proposed rule reflects the previously established reporting requirements for breach of confidentiality applicable to business associates under HIPAA regulations requiring contracts top contain a provision requiring the business associate (in this case, the PSO) to notify providers of breaches of their identifiable patient data's confidentiality or security. Accordingly, this reporting requirement referenced in the regulation previously met Paperwork Reduction Act review requirements.
The proposed rule requires in proposed Sec. 3.108(c) that a PSO notify the Secretary if it intends to relinquish voluntarily its status as a PSO. The entity would be required to notify the Secretary that it has, or will soon, alert providers and other organizations from which it has received patient safety work product or data of its intention and provide for the appropriate disposition of the data in consultation with each source of patient safety work product or data held by the entity. In addition, the entity is asked to provide the Secretary with current contact information for further communication from the Secretary as the entity ceases operations. The reporting aspect of this requirement is essentially an attestation that is equivalent to the requirements for listing, continued listing, and meeting the minimum contracts requirement. This minimal data requirement would come within 5 CFR 1320.3(h)(1) which provides an exception from PRA requirements for affirmations, certifications, or acknowledgments as long as they entail no burden other than that necessary to identify the respondent, the date, the respondent's address, and the nature of the instrument. In this case, the nature of the instrument would be an attestation that the PSO is working with its providers for the orderly cessation of activities. The following other collections of information that would be required by the proposed regulation under proposed Sec. 3.108 are also exempt from PRA requirements pursuant to an exception in 5 CFR 1320.4 for information gathered as part of administrative investigations and actions regarding specific parties: information supplied in response to preliminary agency determinations of PSO deficiencies or in response to proposed revocation and delisting (e.g., information providing the agency with correct facts, reporting corrective actions taken, or appealing proposed agency revocation decisions).
Federalism
Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a proposed rule (and subsequent final rule) that imposes substantial direct requirement costs on state and local governments, preempts State law, or otherwise has Federalism implications. The Patient Safety Act upon which the proposed regulation is based makes patient safety work product confidential and privileged. To the extent this would not be consistent with any state law, including court decisions, the Federal statute would preempt such state law or court order. The proposed rule (and subsequent final rule) will not have any greater preemptive effect on state or local governments than that imposed by the statute. While the Patient Safety Act does establish new Federal confidentiality and privilege protections for certain information, these protections only apply when health care providers work with PSOs and new processes, such as patient safety evaluation systems, that do not currently exist. These Federal data protections provide a mechanism for protection of sensitive information that could improve the quality, safety, and outcomes of health care by fostering a non-threatening environment in which information about adverse medical events and near misses can be discussed. It is hoped that confidential analysis of patient safety events will reduce the occurrence of adverse medical events and, thereby, reduce the costs arising from such events, including costs incurred by state and local governments attributable to such events.
AHRQ, in conjunction with OCR, held three public listening sessions prior to drafting the proposed rule. Representatives of several states participated in these sessions. In particular, states that had begun to collect and analyze patient safety event information spoke about their related experiences and plans. Following publication of the NPRM, AHRQ will consult with appropriate state officials and organizations to review the scope of the proposed rule and to specifically seek input on federalism issues and a proposal in the rule at proposed Sec. 3.102(a)(2) that would limit the ability of public or private sector regulatory entities to seek listing as a PSO.
Regulatory Impact Analysis
Under Executive Order 12866 (58 FR 51735, October 4, 1993), Federal Agencies must determine whether a regulatory action is "significant" and, therefore, subject to OMB review and the requirements of the Executive Order. Executive Order 12866 defines "significant regulatory action" as one that is likely to result in a rule that may:
- Have an annual effect on the economy of $100 million or more or adversely affect in a material way the economy, a sector of the economy, productivity, competition, jobs, the environment, public health or safety, or state, local, or tribal government or communities.
- Create a serious inconsistency or otherwise interfere with an action taken or planned by another agency.
- Materially alter the budgetary impact of entitlements, grants, user fees, or loan programs or the rights and obligations of recipients thereof.
- Raise novel legal or policy issues arising out of legal mandates, the President's priorities, or the principles set forth in the Executive Order.
AHRQ has accordingly examined the impact of the proposed rule under Executive Order 12866, the Regulatory Flexibility Act (5 U.S.C. 601- 612), and the Unfunded Mandates Reform Act of 1995 (Pub. L. 104-4). Executive Order 12866 directs agencies to assess all costs and benefits of available regulatory alternatives and, when regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic, environmental, public health and safety, and other advantages; distributive impacts; and equity). A regulatory impact analysis must be prepared for major rules with economically significant effects ($100 million or more in any one year). In the course of developing the proposed rule, AHRQ has considered the rule's costs and benefits, as mandated by Executive Order 12866. Although we cannot determine with precision the aggregate economic impact of the proposed rule, we believe that the impact may approach $100 million or more annually. HHS has determined that the proposed rule is "significant" also because it raises novel legal and policy issues with the establishment of a new regulatory framework, authorized by the Patient Safety Act, and imposes requirements, albeit voluntary, on entities that had not previously been subject to regulation in this area. Consequently, as required under Executive Order 12866, AHRQ conducted an analysis of the economic impact of the proposed rule.
Background
The Patient Safety Act establishes a framework for health care providers voluntarily to report information on the safety, quality, and outcomes of patient care that to PSOs listed by HHS. The main objectives of the Patient Safety Act are to: (1) Encourage health care providers to collect and examine patient safety events more freely and consistently than they do now, (2) encourage many provider arrangements or contracts with expert PSOs to receive, aggregate, and analyze data on patient safety events so that PSOs may provide feedback and assistance to the provider to improve patient safety and (3) allow the providers to improve the quality of care delivered and reduce patient risk. The Patient Safety Act provides privilege from legal discovery for patient safety work product, as well as confidentiality protections in order to foster a culture of patient safety. The Patient Safety Act does not contain mandatory reporting requirements. It does, however, require information submissions by entities that voluntarily seek to be recognized, (i.e., listed) as PSOs by the Secretary.
The cost of an adverse patient safety event can be very high in terms of human life, and it also often carries a significant financial cost. The Institute of Medicine report, To Err is Human: Building a Safer Health Care System, estimates that adverse events cost the United States approximately $37.6 billion to $50 billion each year. "Total national costs (lost income, lost household production, disability, and health care costs) of preventable adverse events (medical errors resulting in injury) are estimated to be between $17 billion and $29 billion, of which health care costs represent over one-half." \18\
\18\ Corrigan, J. M., Donaldson, M. S., Kohn, L. T., McKay, T., Pike, K. C., for the Committee on Quality of Health Care in America. To Err is Human: Building a Safer Health System. Washington, DC.: National Academy Press; 2000.
The proposed rule was written to minimize the regulatory and economic burden on an entity that seeks certification as a PSO in order to collect, aggregate, and analyze confidential information reported by health care providers. Collecting, aggregating, and analyzing information on adverse events will allow problems to be identified, addressed, and eventually prevented. This, in turn, will help improve patient safety and the quality of care, while also reducing medical costs. The following analysis of costs and benefits--both quantitative and qualitative--includes estimates based on the best available health care data and demonstrates that the benefits of the proposed regulation justify the costs involved in its implementation.
The economic impact of an alternative to the proposed rule is not discussed in the following analysis because an alternative to the statutorily authorized voluntary framework is the existence of no new program, which would produce no economic change or have no economic impact, or--alternatively--a mandatory regulatory program for all health care providers, which is not authorized by the Patient Safety Act and which is necessarily not a realistic alternative and would likely be much more expensive. (A guiding principle of those drafting the regulation was to minimize the economic and regulatory burden on those entities seeking to be PSOs and providers choosing to work with PSOs, within the limits of the Patient Safety Act. Hence this proposed rule represents the Department's best effort at minimal impact while still meeting statutory provisions.)
AHRQ has relied on key findings from the literature to provide baseline measures for estimating the likely costs and benefits of the proposed rule. We believe that the costs of becoming a PSO (i.e., the costs of applying to be listed by the Secretary) will be relatively small, and the costs of operating a PSO will be small, in relation to the possible cost savings that will be derived from reducing the number of preventable adverse medical events each year.
The direct costs to individual providers of working with PSOs will vary considerably. For an institutional or individual provider that chooses to report readily accessible information to a PSO occasionally, costs may be negligible. The proposed rule does not require a provider to enter into a contract with a PSO, establish internal reporting or analytic systems, or meet specific security requirements for patient safety work product. A provider's costs will derive from its own choice whether to undertake and, if so, whether to conduct or contract for data collection, information development, or analytic functions. Such decisions will be based on the provider's assessment of the cost and benefits it expects to incur and achieve. As we discuss below, hospitals in particular have developed, and can be expected to take advantage of the protections afforded by the Patient Safety Act by expanding data collection, information development, and analytic functions at their institutions. We anticipate that many providers will choose to enter into contracts with PSOs voluntarily. If providers choose to report data routinely to a PSO, a contract will be a good business practice. It provides greater assurance that a provider can demonstrate, if its claims of protections are challenged, that it is operating in full compliance with the statute. It enables the provider to exert greater control over the use and sharing of its data and, in the case of a provider that is a covered entity under the HIPAA Privacy Rule, the provider will need to enter a business associate agreement with a PSO for compliance with that regulation if the reported data includes protected health information.
The following cost estimates represent an effort to develop an "upper bound" on the cost impact of the proposed rule by assuming that providers choosing to work with PSOs will follow best business practices, take full advantage of the Patient Safety Act's protections, and develop robust internal reporting and analytic systems, rather than meeting the minimal requirements of the proposed rule. The cost estimates below are based on existing hospital-based activities for reporting patient safety events, which are likely to be similar to most events that a PSO will analyze (namely quality and safety activities within hospitals). While the Patient Safety Act is not limited to hospitals, AHRQ has received indications from various stakeholder groups that hospital providers will be the predominant provider type initially interested in working with PSOs.
Return to top
Return to Table of Contents
Return to previous section
Proceed to next section
540 Gaither Road Rockville, MD 20850