US Pharm. 2008;33(7):46-49.

Get ready for some new legal duties regarding patient safety and error reporting. The Agency for Healthcare Research and Quality (AHRQ), a division of the Department of Health and Human Services (HHS), recently released proposed rules that will implement provisions of the Patient Safety and Quality Improvement Act of 2005 (PSQI).1,2 The public commentary period ended April 14, 2008, so expect the final rules soon.

The Patient Safety and Quality Improvement Act
The goal of the PSQI is to encourage voluntary, provider-driven initiatives to improve the safety and quality of patient care.3 The mechanism chosen for achieving this goal is establishment of Patient Safety Organizations (PSOs), newly created structures that can work with clinicians and health care organizations to identify, analyze, and reduce the risks and hazards associated with patient care. The regulations establish uniform federal privileges and confidentiality protections for patient safety work product, which includes patient-, provider-, and reporter-identifying information that is collected, created, or used for patient safety activities.

AHRQ will be responsible for monitoring the work of PSOs for compliance with the regulations once they are finalized. The Office for Civil Rights (OCR) in HHS will enforce the confidentiality provisions in the PSQI, which provides for civil monetary penalties against those who violate patient safety work product confidentiality. The OCR is experienced in this role because it also enforces the patent privacy protections contained in the Health Insurance Portability and Accountability Act (HIPAA).4

PSOs are intended to replace existing Peer Review Organizations (PROs) that addressed often inconsistent state laws on patient safety concerns. PROs have traditionally been aimed at overseeing institutional medical care and generally excluded review of community-based patient safety data. In the most common PRO models, physicians and other practitioners review the standards of care applicable to a given situation and determine whether or not the care rendered was necessary and appropriate. Some PROs are operated internally by the institution where a patient is being treated. Others are established as independent organizations that provide the review service to the organization on a contractual basis.

Peer review tries to maintain consistent, high-quality treatment by having practitioners not involved with the patient objectively review the medical records when something goes wrong.5 Peer review is often done in secret, with only a limited number of individuals in the institution knowing the outcomes or recommendations of the PRO. Most states immunize peer review proceedings from legal scrutiny to only a minimal degree, and the courts have reached far differing holdings on the admissibility of peer review proceedings in malpractice actions. This hampers voluntary reporting of medical errors. Furthermore, the data gathered from PROs are often incompatible and not very useful for making wide-ranging recommendations to improve patient safety. These limitations, among others, underlie the need to find improvements.

The PSQI was enacted, in part, in response to findings of the Institute of Medicine (IOM) that were published in To Err is Human: Building a Safer Health System.6 The IOM estimated that between 44,000 and 98,000 Americans die each year as a result of preventable medical errors. They also estimated that the total national cost of preventable adverse events, including lost income, lost household productivity, permanent and temporary disability, and health care costs, is between $17 and $29 billion. The IOM concluded that the majority of medical errors do not result from individual recklessness or the actions of a particular group; rather, most errors are caused by faulty systems, processes, and conditions that lead people to make mistakes or fail to prevent adverse events. They called for the establishment of PSO networks that would share data designed to improve patient safety.

The Health Resources and Services Administration (HRSA), another division of HHS, sponsored a meeting on February 15, 2008, of the Patient Safety and Clinical Pharmacy Services Collaborative. Twenty-six pharmacy and related organizations committed to support the patient safety initiatives contained in the PSQI.7 Both the American Pharmacists Association and the American Society of Health-System Pharmacies pledged to increase patient safety concerns among their memberships. The American Medical Association has also given its blessing to the PSQI and pushed AHRQ to draft the proposed regulations.8

Finding suitable solutions to patient safety problems is made more difficult because clinicians are reluctant to participate in quality review activities for fear of legal liability, professional sanctions by licensing or other disciplinary agencies, or injury to their reputations.9 Because peer review is limited in scope, finding ways to share patient safety data outside of a health care system is nearly impossible. Hence, there is an inadequate ability to aggregate sufficient numbers of patient safety events to identify and mitigate underlying patterns of causal factors, such as risks and hazards that can reduce patient safety.

By way of illustration, assume that all of the hospitals in a metropolitan area have been plagued with the same dispensing error. Wanting to address the problem at all of the institutions involved, the head pharmacists hold a meeting. They determine that the error is caused by look-alike names and recommend steps to avoid the error in the future. They may even publish their results or share their findings with pharmacists in other areas of the state, across state lines, or nationally. The hospitals can meet, discuss the problems, and suggest remedies. However, in the current legal climate, the fact that the meeting took place, the names of the people present, the documents or other materials used during the discussion, and the recommendations for preventing the error are all discoverable in various legal settings and could be used against the institutions and individuals involved in malpractice claims. Thus, not meeting and not sharing data are ways of cutting potential liability risks. While some states do provide limited review of peer review deliberations in court, the variations make national progress in addressing patient safety improvements difficult.

Potential Impact of the PSQI
The PSQI seeks to remedy these shortcomings by addressing the causes that prevent clinicians from voluntarily participating in patient care initiatives. The PSQI also seeks to promote more rapid learning about the underlying causes of risks and harms in the delivery of health care, to share those findings widely, and thus to speed the pace of improvement.10 The PSQI establishes strong federal confidentiality and privilege protections for information that clinicians and provider organizations assemble and develop for deliberations and analyses regarding quality and safety. This means that there will be one national standard of privacy and confidentiality applicable to all clinicians and institutional health care providers. The fact that these protections are applicable throughout the entire country will be especially important to multifacility health care systems that will now be able to share data within a protected legal environment, both within and across state lines.

Protected patient safety activities include:

• Efforts to improve patient safety and the quality of health care delivery.
• The collection and analysis of patient safety work product.
• The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices.
• The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk.
• The maintenance of procedures to preserve confidentiality and the provision of appropriate security measures with respect to patient safety work product.
• The utilization of qualified staff.
• Activities related to the operation of a patient safety evaluation system and provision of feedback to participants in a patient safety evaluation system.

Accrediting agencies cannot take an adverse accreditation action against a health care provider that participates in a patient safety activity in good faith, and they are prohibited from requiring the provider to disclose its communications with a PSO. A PSO cannot be compelled to disclose information collected or developed in accordance with the regulations, whether or not such information constitutes patient safety work product, unless such information is identified or is not reasonably available from another source. State laws that govern disclosure of information to patient safety entities are preempted by the PSQI. However, state laws that require reporting of adverse events to governmental entities are still enforceable.

To illustrate the boundaries of what is required and what is prohibited, imagine you work in a state that requires you to report to the board of pharmacy every time a dispensing error occurs that results in a palpable patient injury. Also assume that your employer voluntarily gives dispensing error data to a PSO on a regular basis. Finally, assume you are sued in a civil court as the pharmacist who committed the malpractice that resulted in the patient being damaged. You still have to report the error to the board of pharmacy, and facts surrounding the error can be introduced in the court case. But the fact of the communications with the PSO, the contents of the communications, and what the PSO did with the information are all protected activities that cannot be disclosed or compelled in a court.

The underlying causes of risks and hazards in patient care are thought to be best recognized through the aggregation of significant numbers of individual patient safety events.11 To foster this activity, HHS will list certified PSOs with expertise in the analysis of risks and hazards in patient care. The PSOs are expected to collect safety data voluntarily submitted by health care providers for inclusion in a patient safety network of databases.12 The law also encourages PSOs to aggregate information from multiple clients.

Establishing a PSO
With the exception of insurance companies or organizations that have insurance components, any public, private, for-profit, or nonprofit entity can become a PSO. Public or private entities that have regulatory authority over providers are also prohibited from establishing PSOs. Thus, a board of pharmacy that licenses pharmacists and accreditation bodies would be barred from doing so.

It is relatively easy to establish a PSO. A qualified entity wishing to become a PSO files an application with AHRQ certifying that it is in compliance with the requirements for operating a PSO. Once the certification papers are accepted by AHRQ, the PSO will be certified for a three-year period, with renewal required every three years. A PSO can be decertified by AHRQ if it fails to correct any noncompliance issues or deficiencies, if AHRQ requires the PSO to give up that status, or a PSO fails to timely file recertification documents.

Another aspect of the PSQI is establishment of health care databases accessible by all. The PSQI authorizes the secretary of HHS to facilitate the development of a network of patient safety databases, to which PSOs, providers, or others can voluntarily contribute nonidentifiable patient safety work product. This network will be maintained as an interactive, evidence-based management resource for providers, PSOs, and other entities. The statute directs AHRQ to use data from the network to analyze national and regional statistics, including trends and patterns, regarding patient safety events. Findings are to be made public and included in AHRQ's annual National Healthcare Quality Report.13 AHRQ has already begun development of the database network and is posting periodic updates on its Web site (

Before rushing out to form a PSO, understand that there is not going to be any federal funding of this program. Nor is it likely that a state will provide operating money. Instead, the PSO has to raise its operating funds through contractual arrangements with the providers who will be required to participate in PSO activities. At a patient safety conference held in in 2006, Carolyn Clancy, MD, director of the AHRQ, described the economic status of the PSO laws: "There is no money in this bill. It remains to be seen whether there will be a business case where people were to participate with patient safety organizations."14

Note that a PSO can still engage in peer review activities, including having clinicians review the conduct of other clinicians and report back with any findings or recommendations. Under the PSO model, however, all of that information is confidential and can be aggregated with other data to make concrete global changes with the goal of improving the health and safety of all patients.

1. Patient Safety Organizations notice of proposed rule making. Fed Regist. 2008;73:8111-8183. Accessed June 14, 2008.

2. PL 109-41; 119 STAT 424. Signed July 29, 2005.

3. Patient Safety Organizations. Agency for Healthcare Research and Quality. Accessed June 14, 2008.

4. Office for Civil Rights--HIPAA. U.S. Department of Health & Human Services. Accessed June 14, 2008.

5. Freedman S. Independent review organizations for peer review. Physician's News Digest. September 2006. Accessed June 14, 2008.

6. Corrigan JM, Kohn LT, Donaldson MS, eds. To Err is Human: Building a Safer Health System. Washington, DC: National Academies Press; 2000. Accessed June 14, 2008.

7. Leading organizations pledge action to support HRSA's patient safety and pharmacy collaborative. Health Resources and Services Administration. HRSA Inside. March 2008. Accessed June 15, 2008.

8. Hansen D. Rules aim for better patient safety through confidential error reports. AMNews. March 10, 2008. Accessed June 15, 2008.

9. Patient Safety Organizaions. PSO overview. Agency for Healthcare Research and Quality. Accessed June 14, 2008.

10. Id.

11. Patient Safety Improvement Corps 2003-2004 State Projects. Accessed June 14, 2008.

12. HIMSS Fact Sheet. PL 109-41. September 2005. Accessed June 14, 2008.

13. See note 9, supra.

14. Spotswood S. Law aims to protect patient safety data sharing through PSOs. U.S. Medicine. May 2006. Accessed June 14, 2007.


To comment on this article, contact