Public Meetings and Teleconferences on Patient Safety Organizations (PSOs)

March 16, 2006, Issues:  Security and Confidentiality

Issues for Discussion:

1. The Patient Safety and Quality Improvement Act of 2005 provides for privilege and confidentiality of patient safety work product subject to certain exceptions. (For more information on the issues raised, select relevant excerpts from the Act).
   • We are interested in understanding how the disclosures permitted under the Act might require change or adjustments compared to the operations of providers and other patient safety entities today. Using today’s operations as a starting point, we welcome comments on the extent to which the permissible disclosures under the Act are ample to allow operations to continue, or the extent to which the confidentiality provision may limit disclosure activity for participants.
   • The Department has discretion to designate business operations for which the confidentiality protections do not apply. We would be interested in comments regarding any business operations that might require the disclosure of identifiable patient safety work product that would otherwise be restricted. Such disclosures would need to be consistent with the goals of the Act.
2. It is possible that a PSO could receive reports of patient safety events outside the context of its contractual relationship with a health care provider. We are interested in comments regarding the appropriate handling of such information by the PSO. Of particular interest would be views about the utility of such extra-contractual information to achieving the PSO's mission, as well as its cost and potential impact on PSO operations. See section 922 (e)(1)(B) of the Act.
3. The Act differentiates between identifiable and nonidentifiable patient safety work product. We would be interested in views regarding standards for de-identification to produce nonidentifiable patient safety work product. See sections 921(2) and (3) of the Act.
4. The Act requires PSOs to apply appropriate security measures with respect to patient safety work product. The Centers for Medicare and Medicaid Services (CMS) has developed policies and procedures for its business partners to follow to secure personal health information. We would welcome comments on the utility, feasibility, and suitability of applying CMS security standards, and/or any alternative information security standards that would apply to both electronic and paper-based records, to satisfy PSOs' information security obligations. See section 921(5)(F) of the Act.

Relevant Excerpts from the Patient Safety and Quality Improvement Act of 2005

Section 922 of the Public Health Service Act as added by the Patient Safety and Quality Improvement Act of 2005 (the Act) provides protections pertaining to privilege and confidentiality of the patient safety work product, subject to certain exceptions listed in Section 922 (c).

(1) EXCEPTIONS FROM PRIVLEGE AND CONFIDENTIALITY. – Subsections (a) and (b) [respectively establishing privilege and confidentiality requirements] shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
 
   (A)	Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in camera determination that such patient safety work product contains evidence of a criminal act and that such patient safety work product is material to the proceeding and not reasonably available from any other source.

   (B)	Disclosure of patient safety work product to the extent required to carry out [a legal action under] subsection (f)(4)(A) [for equitable relief challenging an adverse employment action in violation of subsection (e )].  

   (C)	Disclosure of the identifiable patient safety work product if authorized by each provider identified in such work product.

(2) EXCEPTIONS FROM CONFIDENTIALITY. - Subsection (b) shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:
 
   (A)	Disclosure of patient safety work product to carry out patient safety activities.

   (B)	Disclosure of nonidentifiable patient safety work product.

   (C)	Disclosure of the patient safety work product to grantees, contractors or other entities carrying out research, evaluation, or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research to the extent that disclosure of protected health information would be allowed under such purpose under the HIPAA confidentiality regulations.

   (D)	Disclosure by a provider to the FDA with respect to a product or activity regulated by the FDA.

   (E)	Voluntary disclosure of patient safety work product by a provider to an accrediting body that accredits that provider.

   (F)	Disclosures that the Secretary may determine, by rule of other means, are necessary for business operations and are consistent with the goals of this part.

   (G)	Disclosures of patient safety work product to law enforcement authorities relating to the commission of a crime (or to an event reasonably believed to be a crime) if the person making the disclosure believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes.

   (H)	With respect to a person other than a PSO, the disclosure of patient safety work product that does not include materials that (i) assess the quality of care of an identifiable provider; or (ii) describe or pertain to one or more actions or failures to act by an identifiable provider.

(3) EXCEPTION FROM PRIVILEGE. - Subsection (a) shall not apply to (and shall not be construed to prohibit) voluntary disclosure of nonidentifiable patient safety work product.

Return to Public Meetings and Teleconferences on PSOs

Current as of March 2006

Return to Events & Announcements
About AHRQ
AHRQ Home Page
Department of Health and Human Services