AHRQ: New Patient Safety Organizations Can Help Health Providers Learn From, Reduce Medical Errors


September / October 2008


New Patient Safety Organizations Can Help Health Providers Learn From, Reduce Medical Errors

Following the passage of the Patient Safety and Quality Improvement Act of 2005, the federal government is readying a final rule that aims to encourage health providers to report, learn from, and ultimately reduce the incidence of medical errors.

The final rule is broad in scope: It will describe the roles and activities of new patient safety organizations; establish a data infrastructure to report, protect, and disseminate safety information; and outline how these new activities will interact with ongoing local and state data-reporting activities.

To help inform the final rule, comments from many groups and individuals on the proposed rule published on February 12, 2008, are currently being reviewed by the Department of Health and Human Services’ Agency for Healthcare Research and Quality (AHRQ) and Office of Civil Rights (OCR).

At the heart of the soon-to-be-published final rule is a new type of entity called a patient safety organization, or PSO. Private, voluntary entities, PSOs were called for by the Institute of Medicine and established by Congress in the 2005 law. They are intended to address a major stumbling block to sustained quality improvement: a lack of uniform, federal standards for confidentiality of information about patient safety events.

Existing state-based legal protections for quality improvement activities, known as peer review protections, do not exist in all states and cover only review of hospital-based care, not services provided in other healthcare settings. The result has been a pervasive fear of legal liability and sanctions among physicians and healthcare organizations.

A second, related barrier to quality improvement that the final rule seeks to address is the inability of healthcare providers to collect and share data about patient safety events with other facilities locally, within, and across states. This makes it harder for providers and organizations to identify and adopt patterns of practice that reduce the risk of medical errors.

Different Organizations, Same Function
While PSOs are likely to look different from each other, they will perform the same activities. Under the proposed rule, PSOs can be organized as either public or private entities and for-profit or non-profit in governance structure. For example, they could be established as components of healthcare systems or as medical specialty societies and funded by internal dues. PSOs will not, however, receive federal funding.

Some types of organizations will not qualify. The statute prohibits health insurance companies and their affiliates from becoming PSOs. In addition, the proposed rule disqualifies public or private entities with regulatory authority over health providers, such as accreditation and licensure bodies. HHS has sought and has received comments on the appropriateness of this exclusion and whether the final rule should allow components of such regulatory organizations to become PSOs.

AHRQ will review the certifications submitted by organizations seeking listing as a PSO. A broad range of organizations is expected to seek listing. The proposed rule assumes that, because healthcare providers are the customers for PSO services, they will be the ultimate arbiters of the quality and additional value that each PSO may offer.

A Unique Educational Role
PSOs will occupy a unique niche in our nation’s ongoing patient safety improvement efforts.

Healthcare providers will make the key decisions about how this system will work in practice. They will also determine whether to work with PSOs and, if they decide to do so, choose which PSO can best meet their needs. Providers will also determine the types of patient safety events about which they will submit data to the PSO of their choice and can negotiate with that PSO for the most helpful analytic and implementation assistance.

The statute and the proposed rule provide for the first time a national, uniform set of privilege and confidentiality protections for the data that a healthcare provider chooses to report to a PSO. Similarly, the analyses undertaken by a PSO and the feedback and recommendations that a PSO provides to clinicians and provider organizations are covered by these protections.

This continuous, confidential flow of information will serve a key educational role both for individual providers and multiple organizations. As an example, at the individual level, healthcare providers may receive advice on how to analyze and address a patient safety event or pattern of events, whether it occurred in the outpatient or inpatient setting, or during a transition from one care setting to another.

The statute requires PSOs to enter contracts with more than one healthcare provider. This should ensure that these new entities are poised to develop rich sources of data about risks and hazards based on data from hundreds or even thousands of confidential reports. This information can provide the critical mass that is needed to help healthcare providers more effectively target and prioritize their patient safety and error-prevention strategies.

Protecting Data Confidentiality
A uniform set of federal protections will apply to patient safety information developed and reported to the PSO; information that is known as the “patient safety work product.” The protections also apply to data developed by the PSO when conducting patient safety activities and to the internal deliberations between a provider and a PSO in the context of a “patient safety evaluation.”

The significance of the new federal protections of patient safety reporting is hard to overstate. For the first time, clinicians and healthcare organizations throughout the United States will be able to share information about medical errors and near misses within a protected legal environment, without the threat of the information being used against them. OCR will enforce the provisions to protect the confidentiality of the patient safety work product. Breaches of the confidentiality protection are punishable by civil money penalties of up to $10,000 per violation.

As many patient safety experts are aware, protection of confidential information has paved the way for major improvements in the Veterans Administration (VA) healthcare system.

In 2000, the VA began working with the National Aeronautics and Space Administration (NASA) to create an external Patient Safety Reporting System (PSRS) in addition to its internal reporting system. The VA modeled its external system on NASA’s Aviation Safety Reporting System, an independent third party to which aviation personnel can voluntarily submit reports of safety incidents they have seen or experienced.

Launched in 2002, the new system was designed to serve as a “safety valve” for capturing information on adverse events and close calls that is not likely to be received by the VA’s internal system. For example, this may include events that could have, but did not, result in an accident or injury due to intervention or chance. VA personnel can also report unexpected serious injury occurrences, safety ideas, and lessons learned.

More than 400 reports had been received by the PSRS by 2005, and 10 safety bulletins were issued to all VA hospitals. Beyond the number of reports, however, the information they contained helped VA personnel verify and better understand the issues reported to the system and offer guidance on how to improve practice.

The Value of Data Aggregation
Similar to the VA’s external reporting system, the PSO statute recognizes the value of large-scale data aggregation to identify the underlying causes of the risks and hazards of patient care and to share lessons learned. HHS is authorized to create and maintain a network of patient safety databases to encourage rapid learning and to prompt dissemination of effective improvement strategies.

To ensure that this database does not undermine the privilege and confidentiality protections that apply to this information, the statute provides that only non-identifiable data can be submitted to the network. Even then, submission of non-identifiable data to the network is voluntary. If they choose to do so, PSOs working with multiple healthcare providers can aggregate non-identifiable patient safety data and submit it to the network, which AHRQ will maintain. In turn, AHRQ will make available an interactive, evidence-based management resource for health providers, PSOs, and other entities to facilitate access to this non-identifiable information and lessons learned.

Over time, AHRQ will use high-level data to analyze national and regional statistics, including patient safety trends and patterns. The findings will be incorporated into the Agency’s annual National Healthcare Quality Report to Congress.

The proposed rule does not relieve healthcare providers from their current reporting obligations to legal, accreditation, regulatory, and other organizations. The statute specifically requires healthcare providers to meet their obligations to report information externally — existing requirements and those that may be established in the future — using information that is not protected by this law.

We have learned much in the nearly 10 years since the Institute of Medicine’s landmark report on patient safety about the magnitude of medical errors, their cause, and their effect. But real-time information, guidance, and tools are needed to translate patient safety events or near misses into new ways of clinical practice.

Creating PSOs and establishing a new national set of uniform protections for patient safety reporting can help fill that crucial void. These new entities and the assurance of privilege and confidentiality protections they bring will not, by themselves, make our healthcare system safer.

Doctors, nurses, patient safety experts, and healthcare organizations must be willing to participate in this new process and be willing to learn from the data that PSOs collect, analyze, and report. Working together, we have a new opportunity to translate our aspiration for a safer medical system into reality.

Carolyn Clancy is director of the Agency for Healthcare Research and Quality, Rockville, Maryland. She is a general internist and holds an academic appointment at George Washington University School of Medicine in Washington, DC. She may be contacted at carolyn.clancy@ahrq.hhs.gov.


NASA/VA Patient Safety Reporting System, case study. Commonwealth Fund, January 20, 2005. Available at: http://www.commonwealthfund.org/innovations/

Patient Safety and Quality Improvement Act of 2005, Public Law 109-41, signed July 29, 2005.

U.S. Agency for Healthcare Research and Quality. 2007 national healthcare quality report. Rockville, MD. February 2008. AHRQ Pub. No. 08-0040. Available at: http://www.ahrq.gov/qual/qrdr07.htm

U.S. Department of Health and Human Services, Office for Civil Rights. Patient Safety and Quality Improvement Act of 2005. Enforcement of the confidentiality of patient safety work product. Available at: http://www.hhs.gov/ocr/psqia/

U.S. Department of Veterans Affairs, National Aeronautics and Space Administration. Patient Safety Reporting System. Available at: http://psrs.arc.nasa.gov/flashsite/programoverview/index.html