Patient Safety Organizations (PSOs) allow providers to report safety and quality data that is protected from legal discovery and publication. In return, PSOs can be a source of confidential advice and data analysis for physicians seeking to understand and improve their healthcare delivery.
All physicians will have to change some aspects of their clinical processes within their practices to demonstrate improved value. The first step toward change is to generate internal performance data. This data is essential to improving clinical processes to deliver safer, better, and more valuable medical care. But providers who engage in this self-scrutiny will have to generate highly sensitive data about their own performance, data that may reveal instances of sub-optimal care.
That’s where Patient Safety Organizations (PSOs) can benefit your practice. Providers can report safety and quality data to PSOs that is protected from legal discovery and publication. In return, PSOs can be a source of confidential advice and data analysis for physicians seeking to understand and improve their healthcare delivery.
Congress passed the Patient Safety and Quality Improvement Act (PSQIA) in 2005 in response to the Institute of Medicine study, “To Err Is Human,” which provided a comprehensive look at ways the healthcare system can reduce preventable medical errors. The law provides two sweeping protections to “patient safety work product” reported to and analyzed by PSOs.
Legal protections for patient safety data
The law creates a privilege to protect information created during the reporting and analysis of patient safety events, which is produced within a provider’s patient safety evaluation system and reported to a PSO.
The definition of a provider covered by the PSQIA is broad, including virtually all clinicians licensed under state law to deliver healthcare services. Although the law imposes no obligation on the PSO to analyze the data reported to it, a purpose of the law was for PSOs to analyze and report back to providers on what could be learned from the submitted data. The two protections apply even if no analysis is reported to the submitters.
Under the privilege, protected information cannot be introduced in any federal, state, local, or tribal civil, criminal, or administrative proceeding, and cannot be subject to disclosure under the Freedom of Information Act or similar laws or admitted as evidence in any proceeding. There are very limited exceptions.
Data developed within a patient safety evaluation system and reported to a PSO must be kept confidential. It may not be disclosed except within the PSO system in accordance with specified conditions and subject to some extremely limited exceptions. The privilege is enforced by tribunals engaged in proceedings where a provider asserts the protection. The confidentiality provisions are enforced by the Office of Civil Rights of the Department of Health and Human Services, which also enforces Health Insurance Portability and Accountability Act violations. Compliance with the PSO rules is enforced by the Agency for Health Care Research and Quality (AHRQ).
Almost all of the literature to date about PSOs and their implementation has been focused on hospitals. The value of this law to physician practices has been underappreciated.
Here are five steps physicians should take to protect themselves while also working to improve the quality of care they provide.
1. Develop a patient safety evaluation system
A Patient Safety Evaluation System (PSES)is defined as the collection, management or analysis of information for reporting to or by a PSO. It is a provider-specific creation. There is no required format.
To claim the protections of the law, data must be developed specifically within the identified system and must be reported to a PSO. Although the protections apply whenever data is managed within the evaluation system, it would be hard to have a system without a policy that identifies the processes, activities, physical space, and equipment (e.g., storage, electronic directories) which comprise the system.
The policy should identify which categories of personnel need access to Patient Safety Work Product (PSWP), these include:
The definitions of patient safety work product and patient safety activities are broad. They include almost everything a physician practice would undertake to improve its performance.
The policy should identify how reports will be made to a PSO and how PSWP will be managed, marked and isolated from other business records. This is similar to how hospitals identify and manage peer review data, but the protections in this system are far broader and easier to assert, and they trump state laws.
2. Identify and contract with a PSO
There are 77 ‘listed’ PSOs on the AHRQ website. Some are components of providers. Others have a specific focus, such as on medication practices, emergency medicine, anesthesia, breast cancer, or behavioral health. Some are offshoots of state hospital associations. Others have a broader focus. The American College of Physicians has a listed PSO.
PSOs are private organizations. Typically, they charge providers for their services. Because most of their interactions have been with hospitals, their fees to physicians will likely be negotiable. They become business associates to the providers who report to them. AHRQ is supposed to develop common formats for reporting to facilitate further reporting by PSOs to a national clearinghouse of data, but so far they have common formats only for hospitals and skilled nursing facilities.
This should not deter physicians from pushing for protection of their information by reporting to a PSO. The contracts can be relatively simple, customized yet straightforward.
3. Learn about physician activities that generate patient safety problems
While more is known about hospital patient safety issues, there is increasing data that demonstrates that physician practices are a source of patient safety concerns as well. Missed diagnoses, unreported abnormal laboratory studies, medication management-particularly for patients taking more than five drugs-and patient misunderstanding of instructions have all been cited.
The Medical Group Management Association, with the Institute for Safe Medication Practices and the Health Research and Education Trust, developed a “Physician Practice Patient Safety Self Assessment Tool” that focuses on some of these issues (www.mgma.com/pppsa/).
AHRQ has also published a Toolkit for Improving Office Testing Processes (www.ahrq.gov/professionals/quality-patient-safety/quality-resources/tools/ambulatory-care/office-testing-toolkit/) because 40% of physician/patient encounters entail diagnostic testing.
Many of these problem areas are part of the value proposition as well, since failures of patient safety inevitably lead to increased costs as well as diminished quality.
4. Think about information that can support clinical integration within your practice
For many physician groups, the work of clinical integration has been difficult because of an inability to envision what their end result might be. In a “Clinical Integration Self Assessment Tool v 2.0” (www.uft-a.com/CISAT.pdf) 17 attributes of a clinically integrated practice context have been identified and three scenarios for each-along a continuum of evolution to fully committed and capable of producing measured value with improved quality-are described. That tool can be a starting point for thinking about what to change to demonstrate more value.
Standardization is a strong theme among the attributes, including standardizing clinical processes in accordance with guidelines and measuring conformity with those guidelines. The selection and adoption of the guidelines, and the results of measurement and actions taken in response, all qualify as patient safety activities, and the data the activities produce are PSWP.
Adopting compensation models in the group to support and motivate improved quality and efficient use of resources, then measuring performance to determine if incentive payments will be awarded, also meet the standards to qualify as patient safety activities.
The point is that while patient safety challenges in the form of avoiding mishaps ought to be addressed by physician groups, far broader initiatives will also merit the protections that the PSQIA has made available.
5. Encourage peers to report to the same PSO on the same issues
For small physician groups, the work of clinical integration is daunting and the ability to analyze and make changes is difficult because of the lack of resources.
If more physicians engaged in reporting to a PSO on similar topics, the PSO would be in a position to receive more meaningful data and produce more significant analysis. In essence, the PSO can become the vehicle for an informal network for sharing important patient safety information that will remain protected even as it is made available within the network.
There is no protection for any of the data that will be generated to do the hard work of clinical integration and improvement under any other laws. Almost no state peer review protection act protects data within a physician practice, and there is no other federal confidentiality law or pre-emptive privilege as exists in the PSQIA.
The PSQIA was enacted to bolster efforts to improve the quality and safety of health care. The passage of the Affordable Care Act and other reform efforts has only bolstered the mandate to do so, while saving money in the process.
Physicians are principal actors in deciding whether healthcare is good, safe, and efficient, but the work of improving performance is difficult and demanding. By developing and using their own patient safety evaluation systems to report to PSOs, physicians can enhance their position by feeling comfortable in developing robust, actionable information on they can use to improve their performance.