AHRQ: New Patient Safety Organizations Gear Up for Action in 2009


January / February 2009

New Patient Safety Organizations Gear Up
for Action in 2009

New entities created to help health providers reduce the incidence of patient safety events and maintain confidentiality about those events will gear up for action in 2009.

On January 19, 2009, the final rule that establishes the roles and activities of these new entities, known as patient safety organizations (PSOs), will take effect. Published by the U.S. Department of Health and Human Services (HHS, 2008), the rule describes how PSOs can work with health providers and organizations to collect, analyze, and reduce the incidence of patient care risks and hazards.

The creation of PSOs was called for by Congress as part of the Patient Safety and Quality Improvement Act of 2005 (Public Law 109‚41, signed July 29, 2008). My agency, the Agency for Healthcare Research and Quality (AHRQ) has responsibility for PSO operations; HHS’ Office for Civil Rights enforces confidentiality provisions.

The final rule that took effect in January is consistent with many aspects of the proposed rule that was published on February 12, 2008. However, provisions were added to the final rule that require PSOs to notify health providers if the patient safety information it submits is inappropriately disclosed or if its security is breached. The final rule also relaxes the requirement for some types of PSOs to maintain separate reporting systems from their parent organizations.

In addition, interim guidelines issued shortly before the final rule was published gave AHRQ the authority to receive applications from qualified entities seeking to be designated as PSOs (HHS, n.d.). Twenty organizations were officially listed as PSOs as of December 3, 2008.

PSOs’ Role and Rationale
Private, voluntary entities, PSOs were called for by the Institute of Medicine and established by Congress in the 2005 law. They are intended to address a major stumbling block to sustained quality and safety improvement: a lack of uniform, federal standards for confidentiality of information about patient safety events.

Existing state-based legal protections for quality improvement activities, known as peer review protections, do not exist in all states and where they do exist, cover only review of hospital-based care, not services provided in other healthcare settings. Moreover, peer review protections do not extend beyond the hospital walls. The result has been a pervasive fear of legal liability and sanctions among physicians and healthcare organizations.

A second, related barrier to quality improvement that the rule sought to address is the inability of healthcare providers to collect and share data about patient safety events with other facilities locally, within, and across states. This makes it harder for providers and organizations to identify and adopt patterns of practice that reduce the risk of medical errors. The law removes that important barrier. Additional information generated to assess patient safety events or the impact of interventions to improve quality and safety will no longer be discoverable in a court of law.

Different Organizations, Same Function
While PSOs are likely to look different from each other, they will perform the same activities.

Under the final rule, PSOs can be organized as either public or private entities and for-profit or non-profit in governance structure. For example, they could be established as components of healthcare systems or medical specialty societies and funded by internal dues. PSOs will not, however, receive Federal funding.

Some types of organizations will not qualify to become PSOs. The statute excludes these entities from becoming PSOs: health insurance companies, a unit or division of a health insurer, or an entity that is managed or controlled by a health insurer. In addition, the final rule disqualifies public or private entities with statutory or regulatory authority over health providers, such as accreditation and licensure bodies.

Furthermore, the final rule excludes entities that carry out inspections or audits for regulatory agencies, as well as entities that operate a federal, state, local, or tribal patient safety reporting system to which healthcare providers are required to report by law or regulation.

A wide, broad range of organizations have already sought, and will continue to seek, listing as PSOs. (For the most current listing, see the PSO section of AHRQ’s Web Site, which can be found at: www.pso.ahrq.gov).

The final rule assumes that because healthcare providers are the customers for PSO services they will be the ultimate arbiters of the quality and additional value that each PSO may offer.

Unique Educational Role
PSOs will occupy a unique niche in our nation’s ongoing patient safety improvement efforts.

Healthcare providers will make the key decisions about how this system will work in practice. They will also determine whether to work with PSOs and, if they decide to do so, choose which PSO can best meet their needs. Providers will also determine the types of patient safety events about which they will submit data to the PSO of their choice and can negotiate with that PSO for the most useful analytic and implementation assistance.

The statute and the final rule provide for the first time a national, uniform set of privilege and confidentiality protections for the data that a healthcare provider chooses to report to a PSO. Similarly, the analyses undertaken by a PSO and the feedback and recommendations that a PSO provides to clinicians and provider organizations are covered by these protections.

This continuous, confidential flow of information will serve a key educational role both for individual providers and multiple organizations. As an example, at the individual level, healthcare providers may receive advice on how to analyze and address a patient safety event or pattern of events, whether it occurred in the outpatient or inpatient setting or during a transition from one care setting to another.

To encourage the collection and reporting of patient safety information, AHRQ released Common Formats on August 29, 2008. Available for download through AHRQ’s PSO web site (www.pso.ahrq.gov/formats/commonfmt.htm), the Common Formats provide standard definitions and reporting formats that healthcare professionals can use to collect and track patient safety information. These formats may be used by providers and PSOs to report a range of patient safety concerns, capturing both structured and narrative information.

Protecting Data Confidentiality
A uniform set of federal protections will apply to patient safety information developed and reported to the PSO; information that is known as the “patient safety work product.” The protections also apply to data developed by the PSO when conducting patient safety activities and to the internal deliberations between a provider and a PSO in the context of a “patient safety evaluation.”

The significance of the new federal protections of patient safety reporting is hard to overstate.

For the first time, clinicians and healthcare organizations throughout the United States will be able to share information about medical errors and near misses within a protected legal environment, without the threat of the information being used against them. HHS’s Office for Civil Rights will enforce the provisions to protect the confidentiality of the patient safety work product. Breaches of the confidentiality protection are punishable by civil penalties of up to $10,000 per violation.

The PSO statute recognizes the value of large-scale data aggregation to identify the underlying causes of the risks and hazards of patient care and to share lessons learned. HHS is authorized to create and maintain a network of patient safety databases to encourage rapid learning and to prompt dissemination of effective improvement strategies. The final rule also expands the flexibility in how PSOs can store patient safety work products.

The final rule does not relieve healthcare providers from their current reporting obligations to legal, accreditation, regulatory, and other organizations. The statute specifically requires health care providers to meet their obligations to report information externally — existing requirements and those that may be established in the future — using information that is not protected by this law.

Translating Near Misses to New Practice
We have learned much in the nearly 10 years since the Institute of Medicine’s landmark report on patient safety about the magnitude of medical errors, their causes, and their effects. But real-time information, guidance, and tools are needed to translate patient safety events or near misses into new ways of clinical practice.

Creating PSOs and establishing a new national set of uniform protections for patient safety reporting can help fill that crucial void. These new entities and the assurance of privilege and confidentiality protections they bring will not, by themselves, make our healthcare system safer.

Clinicians, patient safety experts, and healthcare organizations must be willing to participate in this new process and be willing to learn from the data that PSOs collect, analyze, and report. Working together, we can move closer to translating our hopes for a safer medical system into reality.

Carolyn Clancy is director of the Agency for Healthcare Research and Quality, Rockville, Maryland. She is a general internist and holds an academic appointment at George Washington University School of Medicine in Washington, DC. She may be contacted at carolyn.clancy@ahrq.hhs.gov.


Department of Health and Human Services. (2008, November 21). Patient Safety and Quality Improvement, Final Rule. Federal Register, 73(226), 70731-814. Available at: http://edocket.access.gpo.gov/2008/E8-27475.htm. Accessed December 8, 2008.

Department of Health and Human Services. (n.d.). Implementing the Patient Safety and Quality Improvement Act of 2005 Including How to Become a Patient Safety Organization: Interim Guidance. Available at: http://www.pso.ahrq.gov/regulations/intguid.htm#Contents. Accessed December 8, 2008.