You Are Here > OCR > PSQIA > HIPAA Intersection Office for Civil Rights - PSQIAIntersection between the Patient Safety and Quality Improvement Act of 2005 and the Health Insurance Portability and Accountability Act of 1996PSQIA recognizes that many of the entities that will take advantage of the protections for patient safety work product will also have obligations under the Privacy Rule and Security Rule promulgated under the Health Insurance Portability and Accountability Act of 1996 (HIPAA). Specifically, PSQIA recognizes that identifiable patient safety work product may contain protected health information as defined in the HIPAA Privacy Rule [see 42 USC 299b-21(2)(B)]. PSQIA establishes that Patient Safety Organizations (PSOs) will be business associates of a HIPAA covered entity [see 42 USC 299b-22(i)(1)] and that patient safety activities performed by a PSO for a HIPAA covered entity are deemed to be health care operations [see 42 USC 299b-22(i)(2)]. Because patient safety work product may contain protected health information, a violation of the PSQIA confidentiality protection may also be a violation of the HIPAA disclosure permission. However, PSQIA prohibits the imposition of CMPs for the same act that is a violation of both PSQIA and HIPAA. For more information about the HIPAA Privacy Rule, see OCR's Health Information Privacy website. Last revised: January 4, 2008 |
![]() |