U.S. Department of Health and Human Services www.hhs.gov
Agency for Healthcare Research Quality www.ahrq.gov
AHRQ Home | Questions? | Contact Us | Site Map | What's New | Browse | InformaciĆ³n en espaƱol | E-mail UpdatesE-mail Updates
www.ahrq.gov
PSO Home Patient Safety Organizations Stethoscope

PSO FAQs

The Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act) authorized the creation of PSOs to improve quality and safety by reducing the incidence of events that adversely affect patients. To implement the Patient Safety Act, the Department of Health and Human Services' (HHS) Agency for Healthcare Research and Quality (AHRQ) published the Patient Safety and Quality Improvement Final Rule (Patient Safety Rule).

AHRQ has received many questions regarding the implementation of the Patient Safety Rule and about PSOs. In response to these questions, and in anticipation of additional inquiries, below is a list of frequently asked questions and corresponding answers:

PSO General Information

HHS Agency Roles

Listing Process and Requirements

Privacy and Confidentiality Protections

Common Formats and the Network of Patient Safety Databases (NPSD)

Return to top

PSO General Information

What is a PSO?

A PSO is an entity or a component of another organization (component organization) that is listed by AHRQ based upon a self-attestation by the entity or component organization that it meets certain criteria established in the Patient Safety Rule.

The primary activity of an entity or component organization seeking to be listed as a PSO must be to conduct activities to improve patient safety and health care quality. A PSO's workforce must have expertise in analyzing patient safety events, such as the identification, analysis, prevention, and reduction or elimination of the risks and hazards associated with the delivery of patient care. See 42 CFR 3.102 for the complete list of requirements.

Return to top

What are "patient safety activities"?

There are eight patient safety activities that are carried out by, or on behalf of a PSO, or a health care provider:

Return to top

Why are the terms "safety" and "quality" used in conjunction when describing the role of PSOs?

The term "safety" refers to reducing risk from harm and injury, while the term "quality" suggests striving for excellence and value. By addressing common, preventable adverse events, a health care setting can become safer, thereby enhancing the quality of care delivered. PSOs create a secure environment where clinicians and health care organizations can collect, aggregate, and analyze data, thus identifying and reducing the risks and hazards associated with patient care and improving quality.

Return to top

What is the purpose of a PSO?

The Patient Safety Rule establishes a framework by which hospitals, doctors, and other health care providers may voluntarily report information to PSOs, on a privileged and confidential basis, for the aggregation and analysis of patient safety events.

The Patient Safety Rule outlines how PSOs can be a source of confidential and privileged external advice for health care providers seeking to understand and minimize the risks and hazards in delivering patient care.

Return to top

What is Patient Safety Work Product?

PSWP is the information protected by the privilege and confidentiality protections of the Patient Safety Act and Patient Safety Rule. PSWP may identify the providers involved in a patient safety event and/or a provider employee that reported the information about the patient safety event. PSWP may also include patient information that is protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (see 45 CFR 160.103).

Return to top

Do PSOs receive Federal funding?

PSOs do not receive Federal funding.

Return to top

What are the benefits to health care providers who work with a PSO?

PSOs serve as independent, external experts who can collect, analyze, and aggregate PSWP locally, regionally, and nationally to develop insights into the underlying causes of patient safety events. Communications with PSOs are protected to allay fears of increased risk of liability because of collection and analysis of patient safety events.

The protections of the Patient Safety Rule enable PSOs that work with multiple providers to routinely aggregate the large number of patient safety events that are needed to understand the underlying causes of patient harm from adverse events and to develop more reliable information on how best to improve patient safety.

AHRQ has published a short brochure, Choosing a Patient Safety Organization (PDF file, 1.1 MB; PDF Help), to help providers select a PSO appropriate to their needs.

The uniform Federal protections that apply to a provider's relationship with a PSO are expected to remove significant barriers that can deter the participation of health care providers in patient safety and quality improvement initiatives, such as fear of legal liability or professional sanctions.

Return to top

What is the difference between the "Listed PSO" logo and the "AHRQ Common Formats" logo?

PSOs that are currently listed by the HHS Secretary are entitled to display the "Listed PSO" logo. This logo is intended to identify entities whose PSO certifications have been accepted in accordance with Section 3.104(a) of the Patient Safety Rule. Before working with a PSO, however, health care providers are encouraged to review AHRQ's geographic or alphabetical directories to confirm that the entity being considered is still a listed PSO.
Listed PSOs logo

The "AHRQ Common Formats" logo may be displayed by any organization that is using the Common Formats developed by AHRQ. Such entities do not need to be listed as a PSO by the HHS Secretary to employ the Common Formats and thus display the logo. The Common Formats are available in the public domain to facilitate their widespread adoption and implementation. Entities that display the logo should use the Common Formats as a whole; however, entities that have a limited focus may use the Common Formats that pertain only to that area.
PSO Common Formats logo

How can a hospital utilize the services of a PSO to help reduce readmission rates for various conditions?

For hospitals with high risk-adjusted readmission rates for certain conditions, the Affordable Care Act contains provisions that are aimed at decreasing those rates. The law states that these hospitals may enlist PSOs to help reduce their rates. The PSO readmissions Web page contains helpful information and tools that can be used by such hospitals, and PSOs that work with those hospitals, to address the causes of unnecessary readmissions. In fact, any hospital can work with a PSO on any patient safety issue of the hospital's choice. Because services offered by PSOs to help reduce readmissions will vary, AHRQ recommends consulting a PSO's Web site to determine if that PSO is offering such assistance.

Hospitals that wish to identify factors associated with unnecessary readmissions are encouraged to consider using Common Format–Readmissions Version 0.1 Beta. This standardized Common Format allows hospitals to aggregate data on readmissions. In addition, hospitals can compare their data to others and analyze trends on a community, regional, and national level. To access Common Formats–Readmissions Version 0.1 Beta, go to the Patient Safety Organization (PSO) Privacy Protection Center (PPC) Web site. Exit Disclaimer To learn more about the Common Formats, go to http://www.pso.ahrq.gov/formats/commonfmt.htm.

Return to top

HHS Agency Roles

Which agencies within the Department of Health and Human Services (HHS) implement the Patient Safety Act?

AHRQ is responsible for the provisions dealing with the listing of PSOs such as administering the certification processes for listing; verifying that PSOs meet their obligations under the Patient Safety Rule; working with PSOs to correct any deficiencies in their operations; and, if necessary, revoking the listing of a PSO that remains out of compliance with the requirements. The Office for Civil Rights (OCR) administers and enforces the confidentiality protections provided to PSWP.

Return to top

Why is AHRQ responsible for the regulation of PSOs?

Congress vested the authority for implementing the Patient Safety Act with AHRQ by incorporating its provisions into AHRQ's authorizing statute. As the lead Federal agency for patient safety research, AHRQ is an appropriate partner for PSOs and health care providers.

Return to top

How does AHRQ ensure that a listed PSO is in compliance with the statutory requirements as outlined in the Patient Safety Rule?

The Patient Safety Rule establishes in Subpart B the requirements that an entity must meet to seek listing, and remain listed, as a PSO. The Patient Safety Rule relies primarily upon a system of attestations, which places a significant burden for understanding and complying with these requirements on the PSO. However, the Patient Safety Rule also authorizes AHRQ to conduct reviews (including announced or unannounced site visits) to assess PSO compliance. To assist PSOs in making the required attestations and preparing for a compliance review, AHRQ developed a Patient Safety Organizations: A Compliance Self-Assessment Guide to suggest approaches for thinking systematically about the scope of these requirements and what compliance may mean for an individual PSO.

Return to top

What role will OCR have regarding the Patient Safety Rule?

OCR is responsible for the investigation and enforcement of the confidentiality provisions of the Patient Safety Rule. OCR will investigate allegations of violations of confidentiality through a complaint-driven system. To the extent practicable, OCR will seek cooperation in obtaining compliance with the confidentiality provisions, including providing technical assistance. When OCR is unable to achieve an informal resolution of an indicated violation through voluntary compliance, the HHS Secretary has the discretion to impose a civil money penalty (CMP) of up to $10,000 against any PSO, provider, or responsible person for each knowing and reckless disclosure that is in violation of the confidentiality provisions.

Return to top

What is AHRQ's role in providing technical assistance?

AHRQ provides additional information and clarification on the PSO listing process, listed PSOs, the Patient Safety Rule, and other PSO activities, such as the Common Formats. PSOs, health care providers, and other interested parties should contact AHRQ at pso@ahrq.hhs.gov or (301) 427-1111 with requests for technical assistance.

Return to top

Listing Process and Requirements

Who can seek listing as a PSO?

The Patient Safety Rule permits many types of entities—either an entire organization or a component of an organization, a public or private entity, a for-profit or not-for-profit entity—to seek listing as a PSO. Both the mission and the primary activity of the entity (or component) must be to conduct activities to improve patient safety and the quality of health care delivery (42 CFR 3.102(b)(2)(i)(A) and 42 CFR 3.102(b)(2)(ii)).

The Patient Safety Rule requires an entity to certify that it meets 15 distinct statutory requirements; a component of another organization must attest that it meets another three statutory requirements; and each entity or component organization must comply with several additional regulatory requirements.

Return to top

What are the requirements to be a PSO?

Every entity seeking to be a PSO must certify to AHRQ that it has policies and procedures in place to perform the eight patient safety activities specified in the Patient Safety Rule.

In addition, an entity must also, upon listing, certify that it will comply with the following seven additional criteria specified in the Patient Safety Rule:

The Patient Safety Rule also establishes several additional requirements (see 42 CFR 3.102(a)).

Return to top

Are there additional requirements for a component organization?

If the entity seeking listing is a component of another organization, the entity must also certify that it is, and will be in compliance with, three additional requirements specified in the Patient Safety Rule:

Return to top

Are any entities excluded from being listed as a PSO?

The Patient Safety Act excludes a health insurance issuer or a component of a health insurance issuer from becoming a PSO. The Patient Safety Rule also excludes the following entities: regulatory agencies; organizations that serve as agents of regulatory agencies (e.g., entities that carry out inspections or audits for a regulatory agency); accreditation and licensure entities; and entities that administer a Federal, State, local, or tribal patient safety reporting system to which health care providers are required to report by law or regulation (see 42 CFR 3.102(a)(2)(ii)).

Return to top

What is the primary activity requirement for initial listing as a PSO?

Entities submitting certifications for initial listing need to attest that they meet the requirement that both their mission and their primary activity are to conduct activities to improve patient safety and the quality of health care delivery (42 CFR 3.102(b)(2)(i)(A) and 42 CFR 3.102(b)(2)(ii)).

Return to top

What can an entity do if it does not meet this primary activity requirement?

A multi-purpose entity with a broader scope can create or designate a component that more clearly meets the mission and primary activity criterion. The component of that entity can then seek listing.

Return to top

What requirements does a PSO need to meet regarding their staff?

There are two requirements relating to PSO staff in the Patient Safety Rule. PSOs must have policies and procedures in place to conduct each patient safety activity, for which PSOs are required to use qualified staff (42 CFR 3.102(b)(1)(i)). Second, PSOs must have an appropriately qualified workforce, including licensed or certified medical professionals (42 CFR 3.102(b)(2)(i)(B)). AHRQ has interpreted this language to mean that each PSO has a qualified staff with relevant medical experience available. The language does not require every member of a PSO's workforce to have this expertise, but at least one individual must have medical credentials and experience. Such a workforce can include individuals who serve on a volunteer basis, as well as those who are paid as employees or serve under contract.

It is desirable that the medical experience reflects the type of patient safety events reported to and analyzed by the PSO. For example, a PSO that receives patient safety event information related to the delivery of hospital care would want to have a physician as part of their workforce; a PSO that primarily deals in adverse drug events would likely benefit from having a pharmacist as a member of their workforce. The over-arching requirement is that the qualified staff works under the direct supervision of the PSO.

Return to top

How does an entity apply to become a PSO?

AHRQ has prepared a PSO Certification for Initial Listing form that an entity must use to certify that it meets the requirements to become listed as a PSO. To access this form go to: http://www.pso.ahrq.gov/forms/certfm.htm (PDF File, 55 KB; PDF Help).

Return to top

What is the deadline for submitting the forms to become a PSO?

There is no deadline for applying to be listed as a PSO. Applications for PSO status will be accepted at any time and will be reviewed as expeditiously as possible.

Return to top

Does a PSO listing expire?

A PSO is listed for a period of 3 years. To renew its listing for an additional 3 years, the PSO will be required to complete and submit a PSO Certification for Continued Listing (PDF File, 53 KB; PDF Help) form before the expiration of its period of listing. The PSO must certify that it is performing, and will continue to perform, each of the patient safety activities and that it is complying with, and will continue to comply with, the other requirements of the Patient Safety Rule. The PSO's 3-year period of listing will automatically expire at midnight of the last day of the PSO's listing period if AHRQ has not received and approved the PSO's continued listing form.

Return to top

Privacy and Confidentiality Protections

What are the privacy and confidentiality protections for PSWP?

The Patient Safety Act and Rule make PSWP privileged and confidential. Subject to certain specific exceptions, PSWP may not be used in criminal, civil, administrative, or disciplinary proceedings. PSWP may only be disclosed pursuant to an applicable disclosure exception (see 42 CFR 3.206).

Return to top

Can original provider records be protected as PSWP?

A patient's original medical record, billing and discharge information, and any other original patient or provider records cannot become PSWP. Copies of selected parts of original provider records may become PSWP.

Return to top

Can a health care provider work with more than one PSO? If so, is the PSWP protected?

The Patient Safety Rule permits a health care provider, such as a hospital, to work with more than one PSO. Any information that is eligible to become PSWP reported to a PSO by a health care provider is protected. The definition of PSWP (42 CFR 3.20) provides important detail on what information is eligible for protection and when those protections apply.

Return to top

Is information submitted to the NPSD safe?

Yes. PSWP must be nonidentified before it is submitted to the NPSD. Nonidentification requires that the information identifying individual and institutional providers, patients, and provider employees reporting patient safety events be removed from the PSWP.

Return to top

What is the importance of the privacy and confidentiality protections for PSWP?

The Patient Safety Act makes PSWP privileged and confidential. The Patient Safety Act and the Patient Safety Rule generally bar the use of PSWP in criminal, civil, administrative, or disciplinary proceedings except where specifically permitted. Strong privacy and confidentiality protections are intended to encourage greater participation by providers in the examination of patient safety events. By establishing strong protections, providers may engage in more detailed discussions about the causes of adverse events without the fear of liability from information and analyses generated from those discussions. Greater participation by health care providers will ultimately result in more opportunities to identify and address the causes of adverse events, thereby improving patient safety overall.

Return to top

What is the relationship between the Patient Safety Rule and the HIPAA Privacy Rule?

PSWP may contain individually identifiable health information as defined in the HIPAA Privacy Rule. Health care providers that are HIPAA-covered entities must comply with the use disclosure exceptions for PSWP as well as the permissions and disclosure requirements concerning protected health information (PHI) set forth by the HIPAA Privacy Rule, as well as the limitations on the disclosure of information found in the Patient Safety Rule when disclosing PSWP. PSOs that are business associates of HIPAA-covered entities are subject to the limitations on the use and disclosure of PHI. Also, a PSO is a business associate of a HIPAA-covered provider subject to the business associate requirements of the HIPAA Privacy Rule.

Return to top

If a PSO is revoked for cause (i.e., noncompliance with the requirements that each PSO must meet) and a health care provider inadvertently submits data to that entity, is the data protected?

If a PSO's listing is revoked for cause, health care providers may continue to submit data to the delisted PSO for 30 calendar days, beginning on the date and time that the PSO is delisted and ending 30 days thereafter. Data submitted during this 30 day period are treated as PSWP and are subject to the confidentiality and privilege protections of the Patient Safety Act.

For example, if a PSO is delisted for cause at midnight on March 1, a health care provider can continue to submit data to the delisted PSO until midnight on March 31 and the data will be protected. Data submitted to the former PSO after midnight on March 31 would not be protected. All PSWP submitted to a former PSO in accordance with provisions of the Patient Safety Act and Patient Safety Rule remains protected after the PSO ceases operations.

Return to top

Common Formats and the Network of Patient Safety Databases (NPSD)

What are the Common Formats?

Common Formats are common definitions and reporting formats used to facilitate the collection and reporting of patient safety events. AHRQ developed Common Formats for use by health care providers, PSOs, and other organizations dedicated to improving care quality.

Currently, the Common Formats are limited to patient safety reporting in two settings of care—acute care hospitals and skilled nursing facilities. Future versions of the Common Formats are being developed for ambulatory settings, such as ambulatory surgery centers and physician and practitioner offices.

AHRQ most recently released Common Format–Readmissions Version 0.1 Beta, to allow hospitals to aggregate data that describes the patients involved in and circumstances of readmissions. Using this standardized method of review, hospitals can identify factors associated with unnecessary readmissions. This version, dated July 2012, is currently available for public review.

To learn more about the Common Formats, please go to http://www.pso.ahrq.gov/formats/commonfmt.htm. To access the most current versions of the Common Formats, please go to www.psoppc.org. Exit Disclaimer

Return to top

What is the development and version history of the Common Formats?

In collaboration with the Federal Patient Safety Workgroup (PSWG), the National Quality Forum (NQF), and the public, AHRQ has developed Common Formats for two settings of care – acute care hospitals and skilled nursing facilities.

To develop the Common Formats, AHRQ first reviewed existing patient safety event reporting systems from a variety of health care organizations (select for list). Working with the PSWG and Federal subject matter experts, AHRQ and the PSWG developed, piloted, drafted, and released Version 0.1 Beta of the Common Formats (for acute care hospitals) in August 2008.

Through a contract with AHRQ, NQF solicited feedback on Version 0.1 Beta from private sector organizations and individuals. The NQF, a nonprofit organization that focuses on health care quality, then convened an expert panel to review the comments received and provide feedback. Based on the NQF's feedback, AHRQ, in conjunction with the PSWG, further revised the Common Formats and released Version 1.0 in September 2009.

The review process above was repeated to further refine the Common Formats and to incorporate any public comments on Version 1.0 prior to finalization of the technical specifications for electronic implementation. These modified formats for acute care hospitals were made available as Version 1.1 in March 2010.

In conjunction with the Food and Drug Administration (FDA), the Office of the National Coordinator for Health Information Technology (ONC), and the full PSWG, AHRQ revised the device event-specific Common Format (available in Version 1.1) to include patient safety events related to Health Information Technology (HIT). This Common Format, Device or Medical/Surgical Supply including HIT Device (Version 1.1a), was released in October 2010.

AHRQ and the PSWG released Common Formats for skilled nursing facilities in March 2011, and in November 2011, an additional module (Beta Version) for venous thromboembolism (VTE) was incorporated that includes both deep vein thrombosis (DVT) and pulmonary embolism (PE). In April 2012, AHRQ and the PSWG developed Common Formats—Hospital Version 1.2, which featured new content to incorporate the event-specific formats VTE and Device/HIT.

Most recently, AHRQ and the PSWG developed Common Format–Readmissions Version 0.1 Beta, to allow hospitals to aggregate data and analyze readmission attributes. This format, released July 2012, is currently available for public review.

Return to top

Will the general public ever have access to the trending data collected or aggregated from PSOs?

The Patient Safety Act authorizes AHRQ to facilitate the development of a network of patient safety databases (NPSD), to which PSOs, health care providers, or others can voluntarily contribute nonidentifiable PSWP. The Patient Safety Act directs AHRQ to incorporate the nonidentifiable trend data from NPSD in its annual National Health Care Quality Report (NHQR). The NHQR is available in hard copy and electronically on the AHRQ Web site at http://www.ahrq.gov/qual/qrdr10.htm.

Return to top

Why should PSOs contribute PSWP to the NPSD?

By enabling PSOs to aggregate PSWP on their own and to contribute nonidentifiable PSWP to the NPSD, the stage has been set for breakthroughs in our understanding of how best to improve patient safety. The NPSD will facilitate the aggregation of sufficient volumes of patient safety event data to identify more rapidly the underlying patterns and causes of risks and hazards associated with the delivery of health care services. By contributing nonidentifiable PSWP to the NPSD, PSOs can accelerate the pace at which the NPSD can advance our knowledge and provide an important adjunct to a PSO's own analyses.

Return to top

What information are PSOs required to submit to the NPSD?

PSOs are not required to submit any information to the NPSD.

Return to top

PSO Home
Listed PSOs
Administrative Information/Forms
Common Formats
Hospital Readmissions
Resources
Network of Patient Safety Databases
Legislation, Regulations, and Guidance
PSO FAQs
PSO Contacts
AHRQAdvancing Excellence in Health Care
AHRQ footer - print version only