Frequently Asked Questions

Your Title Goes Here

Your content goes here. Edit or remove this text inline or in the module Content settings. You can also style every aspect of this content in the module Design settings and even apply custom CSS to this text in the module Advanced settings.

1. What is Patient Safety Work Product?

PSWP is the information protected by the privilege and confidentiality protections of the Patient Safety Act and Patient Safety Rule. PSWP may identify the providers involved in a patient safety event and/or a provider employee that reported the information about the patient safety event. PSWP may also include patient information that is protected health information as defined by the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule (see 45 CFR 160.103).

PSWP does not include a patient’s medical record, billing and discharge information, or any other original patient or provider information.

2. If data are collected for multiple purposes, such as legal defense and patient safety, can they be reported to the PSO as PSWP?
Information that is collected for multiple purposes can be shared with a PSO as a “copy,” but it cannot become PSWP. However, only documents that are actually submitted to an entity outside of the PSO lose their status as PSWP and become discoverable. Documents that are created within the PSES that are submitted to the PSO, even though they may relate to an incident that is also the subject of a report to an entity outside of the PSO, remain confidential as PSWP.

This question raises the issue of using information as part of a legal defense. The Patient Safety Act specifically excludes the admission of PSWP as evidence in any criminal, civil, administrative, and disciplinary proceedings.  Therefore, attempts to introduce PSWP as part of legal defense may be subject to challenge.  However, in most cases information that is needed in a legal defense is likely to be drawn from records that cannot become PSWP (information from the patient’s medical record, billing, and discharge information, or any other original patient or provider record).

3. When is the data considered PSWP – when I collect it through my Patient Safety Evaluation System (PSES) or when it is officially reported to the PSO?
The Patient Safety Rule, which became effective January 19, 2009, clarifies the issue of when PSWP protections apply to information assembled or developed by a provider for reporting to a PSO.  Information documented as collected within a patient safety evaluation system by a provider becomes PSWP upon collection.  Prior to reporting the information to a PSO, a provider may document that it is voluntarily removing information (assembled or developed for reporting to a PSO) from its PSES because it no longer intends to report the documented information to a PSO, in which case there are no protections.

Note that this “drop-out” provision does not apply to analyses or deliberations within the provider’s PSES; the protections apply to PSES deliberations and analyses when they take place.  Thus, a provider cannot turn its PSES

4. What is a PSES?

A PSES is defined by the Patient Safety Rule as the collection, management or analysis of information for reporting to or by a PSO.

Patient Safety:

  • Pertains to patient safety ad quality improvement work to reduce/eliminate preventable errors to improve patient outcomes

Evaluation is:

  • Review and analysis of multiple kinds of information generated by patient safety activities to determine:
  1. What, when, how PSWP will be shared with the PSO
  2. What to maintain for continued internal analysis and deliberation
  3. What may be needed for other purposes outside of patient safety activities as defined in the Act

System

  • A managed program, or series of work procedures and activities, governed by a policy, that contains data and information such as documentation, committee and work team functions, incident reporting, investigations and corrective action planning, confidential virtual and physical space, to implement safety and harm reduction activities throughout the organization
5. Should both a hospital and PSO document their PSES?
The Patient Safety Rule notes that, while documentation of a PSES is not required, it is recommended as a best practice.
6. An event is reviewed through the PSES and it is deemed that it needs to be reported to an external body. Can I abstract information from the form on which the event was submitted or must I go to the medical record and abstract the data?

The Patient Safety Rule provides an easy solution. Information regarding an event that is
documented as assembled or developed for reporting to a PSO is considered PSWP at the point of assembly or development. As long as the provider has not yet reported this information to a PSO, the provider can document that it is removing the information from its PSES because it no longer intends to report the information to the PSO. In this case there are no protections for the information; it can then be used in its entirety as the provider chooses, since it is no longer PSWP.

7. Can a provider share PSWP data reported to a PSO with a government agency during an on-site visit?
PSWP can only be disclosed to external organizations, including government agencies conducting site visits, if there is an applicable disclosure permission in the Patient Safety Rule.   An example is the permission related to enforcement and compliance with the Patient Safety Act and Rule. Sections 204(c) and 206(d) of the Patient Safety Rule describe the right of the HHS Secretary to relevant PSWP to determine compliance with its confidentiality protections and the HIPAA Privacy Rule and decisions related to the listing and delisting of PSOs and PSO compliance with the rule.

It is important to recognize that the Patient Safety Act does not relieve a provider of its need to meet its reporting requirements or accountability obligations to external authorities.  These obligations can only be met with non-PSWP.  Therefore, information needed for external reporting or sharing with a governmental agency should be assembled or developed outside the provider’s PSES so that the information is not PSWP.

8. What is the difference between disclosure of PSWP and use of PSWP in my organization?
The Patient Safety Rule addresses the distinction in the definition of the terms “disclosure” and “workforce” in Subpart A.  Use of PSWP within an organization means sharing or exchange of PSWP among the workforce members of a legal entity (or a component PSO).

In general, disclosure means the release of, transfer of, provision of access to, or divulging in any other manner of, patient safety work product to another legally separate entity or person, other than a workforce member of, or a physician holding privileges with, the entity holding the patient safety work product.

In the case of a component PSO that is not a legal entity, disclosure is the release of, transfer of, provision of access to, or divulging in any other manner of, patient safety work product by a component PSO to another entity or natural person outside the component PSO.

9. How does de-identified data differ under the PSA vs. HIPAA? When will the de-identification process be specified by AHRQ?
The Patient Safety Rule addresses the distinction in the definition of the terms “disclosure” and “workforce” in Subpart A.  Use of PSWP within an organization means sharing or exchange of PSWP among the workforce members of a legal entity (or a component PSO).

In general, disclosure means the release of, transfer of, provision of access to, or divulging in any other manner of, patient safety work product to another legally separate entity or person, other than a workforce member of, or a physician holding privileges with, the entity holding the patient safety work product.

In the case of a component PSO that is not a legal entity, disclosure is the release of, transfer of, provision of access to, or divulging in any other manner of, patient safety work product by a component PSO to another entity or natural person outside the component PSO.

10. Can data used for re-appointment decisions be submitted to a PSO as PSWP?
A copy of information assembled or developed for any other purpose – such as reappointment and credentialing – can be shared with a PSO but the information cannot become PSWP.
11. Is reporting to a PSO limited only to what is in the Common Formats or can I include other areas, e.g., employee health, etc.?
A healthcare provider may report any information to a PSO that meets the statutory definition of Patient Safety Work Product (PSWP). PSWP consists of any information which is generated to improve patient safety, health care quality, or health care outcomes and is assembled or developed for reporting to a PSO and is reported to the PSO.

Information that is submitted to the Network of Patient Safety Databases (NPSD) must be made non-identifiable (contextually de-identified) and must conform to the Common Formats in order to be included in aggregate analysis.

In cases where a provider enters a contract with a PSO, the contracting parties may limit the scope of the information that may be reported.  However, a contract is not required to report information to a PSO.