81 FR 32655 - Patient Safety and Quality Improvement Act of 2005-HHS Guidance Regarding Patient Safety Work Product and Providers' External Obligations
DEPARTMENT OF HEALTH AND HUMAN SERVICES
Agency for Healthcare Research and Quality Federal Register Volume 81, Issue 100 (May 24, 2016)
Agency for Healthcare Research and Quality
Federal Register Volume 81, Issue 100 (May 24, 2016)
| Page Range | 32655-32660 | |
| FR Document | 2016-12312 |
[Federal Register Volume 81, Number 100 (Tuesday, May 24, 2016)] [Rules and Regulations] [Pages 32655-32660] From the Federal Register Online [www.thefederalregister.org] [FR Doc No: 2016-12312] [[Page 32655]] ======================================================================= ----------------------------------------------------------------------- DEPARTMENT OF HEALTH AND HUMAN SERVICES Agency for Healthcare Research and Quality Office for Civil Rights 42 CFR Part 3 Patient Safety and Quality Improvement Act of 2005--HHS Guidance Regarding Patient Safety Work Product and Providers' External Obligations AGENCY: Agency for Healthcare Research and Quality (AHRQ), Office for Civil Rights (OCR), Department of Health and Human Services (HHS). ACTION: Guidance on Patient Safety and Quality Improvement Act of 2005. ----------------------------------------------------------------------- SUMMARY: This guidance sets forth guidance for patient safety organizations (PSOs) and providers regarding questions that have arisen about the Patient Safety and Quality Improvement Act of 2005, 42 U.S.C. 299b-21--b-26 (Patient Safety Act), and its implementing regulation, the Patient Safety and Quality Improvement Final Rule, 42 CFR part 3 (Patient Safety Rule). In particular, this Patient Safety and Quality Improvement Act of 2005--Guidance Regarding Patient Safety Work Product and Providers' External Obligations (Guidance) is intended to clarify what information that a provider creates or assembles can become patient safety work product (PSWP) in response to recurring questions. This Guidance also clarifies how providers can satisfy external obligations related to information collection activities consistent with the Patient Safety Act and Patient Safety Rule. DATES: The Guidance is effective on May 24, 2016. ADDRESSES: The Guidance can be accessed electronically at the following HHS Web site: http://www.pso.ahrq.gov. FOR FURTHER INFORMATION CONTACT: Susan Grinder, Center for Quality Improvement and Patient Safety, AHRQ, 5600 Fishers Lane, Mail Stop 06N100B, Rockville, MD 20857; Telephone (301) 427-1327; Email: [email protected]. SUPPLEMENTARY INFORMATION: Background HHS issued the Patient Safety Rule to implement the Patient Safety Act. AHRQ administers the provisions of the Act and Rule relating to the listing and operation of PSOs. OCR, within HHS, is responsible for interpretation, administration and enforcement of the confidentiality protections and disclosure permissions of the Patient Safety Act and Patient Safety Rule. HHS Approach to Patient Safety Act Interpretation The Patient Safety Act is part of a larger framework envisioned by the Institute of Medicine and designed to balance two goals: 1) To improve patient safety and reduce medical errors by creating a ``culture of safety'' to share and learn from information related to patient safety events, and 2) to promote health care providers' accountability and transparency through mechanisms such as oversight by regulatory agencies and adjudication in the legal system. As discussed in ``To Err Is Human,'' in respect to reporting systems, ``they can hold providers accountable for performance or, alternatively, they can provide information that leads to improved safety. Conceptually, these purposes are not incompatible, but in reality, they can prove difficult to satisfy simultaneously.'' \1\ --------------------------------------------------------------------------- \1\ Institute of Medicine, ``To Err Is Human: Building a Safer Health System'', 1999, page 86. --------------------------------------------------------------------------- The Patient Safety Act promotes the goal of improving patient safety and reducing medical errors by establishing a system in which health care providers can voluntarily collect and report information related to patient safety, health care quality, and health care outcomes to PSOs. The PSOs aggregate and analyze this information and give feedback to the providers to encourage learning and prevent future errors. The providers are motivated to report such information to PSOs because the Patient Safety Act provides broad privilege and confidentiality protections for information meeting the definition of PSWP, which alleviates concerns about such information being used against a provider, such as in litigation. At the same time, providers are subject to legitimate external obligations regarding certain records about patient safety to ensure their accountability and transparency. For example, the Centers for Medicare & Medicaid Services (CMS) Hospital Condition of Participation (CoP) for Quality Assessment and Performance Improvement require hospitals to track adverse patient events.\2\ State health care regulatory agencies typically have their own separate requirements for different types of providers, with more than half of the states operating adverse event reporting systems.\3\ The legal system provides another course to pursue accountability for medical errors. If a patient is injured while under a provider's care, the tort system offers an avenue to compensate the patient for his injury. However, while a successful medical malpractice claim may help compensate one patient for his specific injury, the general threat of litigation provides a disincentive to providers from voluntarily sharing information about their mistakes. --------------------------------------------------------------------------- \2\ 42 CFR 482.21(a)(2). \3\ As of November 2014, 26 states and the District of Columbia had adverse event reporting systems, and Texas began implementing a system in January 2015. National Academy for State Health Policy, ``2014 Guide to State Adverse Event Reporting Systems'', 2015, page 4. For example, Pennsylvania hospitals, ambulatory surgical facilities, birthing centers, nursing homes, and other facilities are required by various state laws to submit reports on ``serious events'' and ``incidents'' to the Pennsylvania Patient Safety Reporting System (``PA-PSRS''). Information submitted to PA-PSRS is confidential under state law. Patient Safety Authority, Pennsylvania Patient Safety Reporting System: PA-PSRS (Pennsylvania Patient Safety Reporting System), http://patientsafetyauthority.org/PA-PSRS/Pages/PAPSRS.aspx (last accessed Mar. 4, 2016). In Maine, ``healthcare facilities,'' which includes hospitals, ambulatory surgical facilities, end-stage renal disease facilities, and intermediate care facilities for individuals who are intellectually disabled, are required to report ``sentinel events'' and root cause analyses of sentinel events to the Maine Department of Health and Human Services. The healthcare facilities may also voluntarily self- report ``near miss events.'' Under state law, the reported information is confidential and privileged. See 10-144 C.M.R. Ch 114, Rules Governing the Reporting of Sentinel Events. In addition or alternative to reporting requirements, some states require providers to maintain certain information. For example, Delaware requires certain facilities that perform invasive medical procedures to report adverse events to the Department of Health and Social Services within 48 business hours of the occurrence and also keep the adverse event reports ``on file at the facility for a minimum of five years.'' CDR 16-4000-4408 Sections 4.3, 4.4. In Kentucky, hospitals are required to ``establish[], maintain[], and utilize[]'' administrative reports, including incident investigation reports, ``to guide the operation, measure productivity, and reflect the programs of the facility.'' 902 KAR 20:016 Section 3(3)(a). --------------------------------------------------------------------------- The intent of the system established by the Patient Safety Act is to protect the additional information created through voluntary patient safety activities, not to protect records created through providers' mandatory information collection activities.\4\ For example, a provider may have an external obligation to maintain certain records about serious adverse events that result in patient harm. The document the provider prepares to meet its requirement about such adverse events is not PSWP. As such, the Patient Safety Act recognizes the goal of accountability and transparency, and it attempts to balance this goal with that of improving patient safety and reducing medical errors. While Congress was aware of the chilling effect the fear [[Page 32656]] of being sued had on providers, the Patient Safety Act was not designed to prevent patients who believed they were harmed from obtaining the records about their care that they were able to obtain prior to the enactment of the Patient Safety Act.\5\ Nor was the Patient Safety Act intended to insulate providers from demonstrating accountability through fulfilling their external obligations.\6\ Therefore, when interpreting the Patient Safety Act and Patient Safety Rule, HHS does so with the objective of maintaining balance between these two policy goals, consistent with the intent of the Patient Safety Act. --------------------------------------------------------------------------- \4\ See e.g., 42 U.S.C. 299b-21(7)(B)(iii)(II), (III); 42 U.S.C. 299b-22(g)(2), (5) (generally providing that the Patient Safety Act does not affect or limit providers' obligations to record or report information that is not PSWP to Federal, state, or local governmental agencies). \5\ ``It is not the intent of this legislation to establish a legal shield for information that is already currently collected or maintained separate from the new patient safety process, such as a patient's medical record. That is, information which is currently available to plaintiffs' attorneys or others will remain available just as it is today.'' 151 Cong. Rec. S8741 (daily ed. Jul. 22, 2005) (statement of Mr. Enzi, then chairman of the Senate Health, Education, Labor, and Pensions Committee). ``Nor does this bill alter any existing rights or remedies available to injured patients. The bottom line is that this legislation neither strengthens nor weakens the existing system of tort and liability law.'' Id. (statement of Mr. Jeffords, who reintroduced S. 544, the bill that became the Patient Safety Act). \6\ ``This legislation does nothing to reduce or affect other Federal, State or local legal requirements pertaining to health related information.'' Id. (statement of Mr. Jeffords). --------------------------------------------------------------------------- How Information Becomes PSWP Both the Notice of Proposed Rulemaking (NPRM) and the Preamble to the Patient Safety Rule (Preamble) discuss the definition of PSWP and provide examples of what information would and would not meet the definition.\7\ Because there continues to be confusion about this definition, the prior discussion will be reiterated and further clarified here. The definition of PSWP sets forth three basic ways that certain information can become PSWP: (1) The information is prepared by a provider for reporting to a PSO and it is reported to the PSO, (2) the information is developed by a PSO for the conduct of patient safety activities,\8\ or, (3) the information identifies or constitutes the deliberations or analysis of, or identifies the fact of reporting pursuant to, a patient safety evaluation system (PSES).\9\ The first way--sometimes referred to as the ``reporting pathway''--is how providers generally create most of their PSWP. According to the Patient Safety Act, in order for information to become PSWP through the reporting pathway, it must be information that could improve patient safety, health care quality, or health care outcomes and be assembled or developed by a provider for reporting to a PSO and be reported to a PSO. Another way of saying that the information is assembled or developed for reporting to a PSO is that the information is prepared for the purpose of reporting it to the PSO.\10\ Under the Patient Safety Rule, the reporting pathway allows for information that is documented as collected within the provider's PSES to be PSWP and thus privileged and confidential before it is reported to a PSO. As explained in the Preamble, this interpretation addresses the concerns of significant administrative burden and an indiscriminate race to report information to the PSO if information only became protected after it was reported to a PSO.\11\ Nevertheless, a provider should only place information in its PSES if it intends to report that information to the PSO.\12\ --------------------------------------------------------------------------- \7\ 73 FR 8120-24, Oct. 5, 2007; 73 FR 70739-44, Nov. 21, 2008. \8\ This guidance does not otherwise address the creation of PSWP through development by a PSO. Because external regulatory and oversight reporting obligations are requirements of providers, this guidance does not apply to information developed by a PSO for the conduct of patient safety activities. \9\ 42 U.S.C. 299b-21(7)(A); 42 CFR 3.20 (paragraph (1) of the definition of PSWP). Patient safety evaluation system ``means the collection, management, or analysis of information for reporting to or by a PSO.'' 42 U.S.C. 299b-21(6); 42 CFR 3.20. \10\ See 73 FR 70739, Nov. 21, 2008 (``information may become patient safety work product if it is assembled or developed by a provider for the purpose of reporting to a PSO and is reported to a PSO''). \11\ See 73 FR 70741-42, Nov. 21, 2008. \12\ Id. (``We note, however, that a provider should not place information into its patient safety evaluation system unless it intends for that information to be reported to the PSO.''). --------------------------------------------------------------------------- Information That Is Not PSWP The definition of PSWP also describes information that is not PSWP. Specifically excluded from the definition of PSWP is, ``a patient's medical record, billing and discharge information, or any other original patient or provider information.'' \13\ The Patient Safety Act and Rule also exclude from the PSWP definition ``information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system.'' \14\ Put another way, information prepared for purposes other than reporting to a PSO is not PSWP under the reporting pathway.\15\ --------------------------------------------------------------------------- \13\ 42 CFR 3.20 (paragraph (2)(i) of the PSWP definition). The Patient Safety Act, at U.S.C. 299b-21(7)(B)(i), refers to ``original patient or provider record[s],'' but the use of ``original patient or provider information'' in the regulation is intended to be synonymous with the use of ``original patient or provider record'' in the statute. \14\ 42 U.S.C. 299b-21(7)(B)(ii); 42 CFR 3.20 (paragraph (2)(i) of the PSWP definition). \15\ See 73 FR 70740, Nov. 21, 2008 (``Patient safety work product does not include information that is collected, maintained, or developed separately or exists separately from, a patient safety evaluation system. This distinction is made because these and similar records must be maintained by providers for other purposes.''). --------------------------------------------------------------------------- Within the category of information prepared for a purpose other than reporting to a PSO, information that is prepared for external obligations has generated many questions. External obligations include, but are not limited to, mandatory requirements placed upon providers by Federal and state health regulatory agencies.\16\ Both the NPRM and Preamble clearly state that PSWP cannot be used to satisfy such external obligations. ``As the Patient Safety Act states more than once, these external obligations must be met with information that is not patient safety work product, and, in accordance with the confidentiality provisions, patient safety work product cannot be disclosed for these purposes.'' \17\ In the Preamble, HHS repeatedly stated that PSWP cannot be used to fulfill external obligations.\18\ --------------------------------------------------------------------------- \16\ Some examples of external obligations include: state incident reporting, adverse drug event reporting to the Food and Drug Administration (FDA), certification or licensing recordkeeping, reporting to the National Practitioner Data Bank, and disclosing information to comply with CMS' CoPs or conditions for coverage. 73 FR 8123, Oct. 5, 2007. \17\ 73 FR 8123, Oct. 5, 2007. \18\ See e.g., 73 FR 70740, Nov. 21, 2008 (``. . . external reporting obligations as well as voluntary reporting activities that occur for the purpose of maintaining accountability in the health care system cannot be satisfied with patient safety work product.''), 70742 (``These external obligations must be met with information that is not patient safety work product and oversight entities continue to have access to this original information in the same manner as such entities have had access prior to the passage of the Patient Safety Act.''), 70743 (``The final rule is clear that providers must comply with applicable regulatory requirements and that the protection of information as patient safety work product does not relieve a provider of any obligation to maintain information separately.''). --------------------------------------------------------------------------- Purpose for Which the Information Was Assembled or Developed As such, uncovering the purpose for which information is prepared can be a critical factor in determining whether the information is PSWP. Since some types of information can be PSWP or not depending upon why the information was assembled or developed, it is important for providers to be aware of whether information is prepared for reporting to a PSO. The chart below includes some examples. --------------------------------------------------------------------------- \19\ See CMS Pub. 100-07, State Operations Manual, Appendix A, Transmittal 37, page 275 (Oct. 17, 2008) (in providing interpretative guidance on compliance with 42 CFR 482.41(c)(2), stating that survey procedures include reviewing maintenance logs for significant medical equipment). \20\ As an example, 42 U.S.C. 1395cc(a)(1)(I)(iii) requires hospitals to maintain an on-call list of physicians available to provide treatment related to individuals with emergency medical conditions. \21\ Of note, while a written report of the patient safety incident prepared for reporting to a PSO may be PSWP, individuals who witnessed the event could still potentially disclose or testify about what they observed. \22\ There are various requirements regarding what information is required to be in the medical record. For example, CMS' Hospital CoP for medical record services includes that a hospital's medical record, ``must contain information to justify admission and continued hospitalization, support the diagnosis, and describe the patient's progress and response to medication and services.'' 42 CFR 482.24(c). [[Page 32657]] ------------------------------------------------------------------------ Could be PSWP if information is not required for another Type of information Not PSWP if purpose and is prepared . . . prepared solely for reporting to a PSO, for example . . . ------------------------------------------------------------------------ Information related to the For upkeep of Following a patient functioning of medical equipment (e.g., incident, a provider equipment. original develops information equipment about possible maintenance equipment logs), to malfunctions for maintain a reporting to a PSO. warranty, or for The PSO can an external aggregate it with obligation other rare events (e.g., CMS from other reporting requires some providers to equipment logs identify risks and \19\). hazards. A list of provider staff who To ensure Following the were present at the time a appropriate incident, a provider patient incident occurred. levels of originally assembles clinician the list for availability reporting to a PSO (e.g., routine so the PSO can personnel analyze the levels schedules), or and types of staff for compliance involved in purposes \20\. medication errors. Written reports \21\ of For internal risk The provider witness accounts of what they management originally prepares observed at the time of a (claims and the written reports patient incident. liability for reporting to the purposes). PSO so that the richness of the narrative can be mined for contributing factors. Information related to care or As part of the The provider treatment provided to the patient's documents all patient. original medical patient allergic record \22\. reactions in the medical record then prepares a list of patients that have exhibited the reaction to determine if newly- instituted procedures for reducing risk were followed specifically for the PSO. The list of patients exhibiting the reaction prepared for reporting to the PSO could be PSWP, but the original patient medical records would not. ------------------------------------------------------------------------ Meeting External Obligations The Patient Safety Act Does Not Relieve a Provider From Its External Obligations As discussed above, the Patient Safety Act does not permit providers to use the privilege and confidentiality protections for PSWP to shield records required by external recordkeeping or reporting requirements. To this end, the Patient Safety Act specifically states that it shall not limit the reporting of non-PSWP ``to a Federal, State, or local governmental agency for public health surveillance, investigation, or other public health purposes or health oversight purposes'' or a provider's recordkeeping obligations under Federal, State, or local law.\23\ It further reinforces that the statute shall not be construed ``to limit, alter or affect the requirements of Federal, State, or local law pertaining to information that is not'' PSWP or ``as preempting or otherwise affecting any State law requiring a provider to report information that is not'' PSWP.\24\ The NPRM explains that ``the statute is quite specific that these protections do not relieve a provider from its obligation to comply with other legal, regulatory, accreditation, licensure, or other accountability requirements that it would otherwise need to meet.'' \25\ It adds that the protected system established by the Patient Safety Act, ``resides alongside but does not replace other information collection activities mandated by laws, regulations, and accrediting and licensing requirements as well as voluntary reporting activities that occur for the purpose of maintaining accountability in the health care system.'' \26\ As further stated in the Preamble, ``nothing in the final rule or the statute relieves a provider from his or her obligation to disclose information from such original records or other information that is not patient safety work product to comply with state reporting or other laws.'' \27\ --------------------------------------------------------------------------- \23\ 42 U.S.C. 299b-21(7)(B)(iii). \24\ 42 U.S.C. 299b-22(g). \25\ 73 FR 8124, Oct. 5, 2007. \26\ Id. \27\ 73 FR 70786, Nov. 21, 2008. --------------------------------------------------------------------------- HHS reiterates that any external reporting or recordkeeping obligations--whether they require a provider to report certain information, maintain specific records, or operate a separate system-- cannot be met with PSWP. We also clarify that any information that is prepared to meet any Federal, state, or local health oversight agency requirements is not PSWP. As discussed above, the Patient Safety Act was intended to spur the development of additional information created through voluntary patient safety activities and to provide privilege and confidentiality protections for such new information. It was not intended to protect records generated or maintained as part of providers' existing mandatory information collection activities.\28\ As stated in the Preamble, ``The Department does not believe that the patient safety evaluation system enables providers to avoid transparency. . . . [T]he Patient Safety Act and the final rule have carefully assured that information generally available today remains available, such as medical records, original provider documents, and business records.'' \29\ --------------------------------------------------------------------------- \28\ See 73 FR 70742, Nov. 21, 2008 (``Even when laws or regulations require the reporting of information regarding the type of events also reported to PSOs, the Patient Safety Act does not shield providers from their obligation to comply with such requirements.''). \29\ 73 FR 70739, Nov. 21, 2008. --------------------------------------------------------------------------- HHS believes that most providers that engage with a PSO are doing so to further learning about patient safety and health care quality, consistent with the intent of the Patient Safety Act. Nevertheless, we are concerned about two ways that some providers may be attempting to misuse the Patient Safety Act protections to avoid their external obligations--in particular, to circumvent Federal or state regulatory obligations. First, some providers with recordkeeping or record maintenance requirements appear to be maintaining the required records only in their PSES and then refusing to disclose the records, asserting that the records in their PSES fulfill the applicable regulatory requirements while at the same time maintaining that the records are privileged and confidential PSWP. Second, some providers appear to develop records to meet external obligations outside of the PSES, place a duplicate copy of the required record into the PSES, then destroy the original [[Page 32658]] outside of the PSES and refuse to disclose the remaining copy of the information, asserting that the copy is confidential and privileged PSWP. The Patient Safety Act was not intended to give providers such methods to evade their regulatory obligations. Here, we clarify HHS' interpretation of how the Patient Safety Act prohibits providers from using the PSES to protect from disclosure records subject to such external obligations. Original Patient and Provider Records As stated in the Patient Safety Act and Patient Safety Rule, original patient and provider records, such as a patient's medical record, billing information, and discharge information, are not PSWP.\30\ We now provide further clarification regarding what constitutes other types of original provider records. HHS interprets ``original provider records'' to include: (1) Original records (e.g., reports or documents) that are required of a provider to meet any Federal, state, or local public health or health oversight requirement regardless of whether such records are maintained inside or outside of the provider's PSES; and (2) copies of records residing within the provider's PSES that were prepared to satisfy a Federal, state, or local public health or health oversight record maintenance requirement, if while the provider is obligated to maintain such information, the information is only maintained by the provider within the PSES (e.g., if the records or documents that were being maintained outside the PSES to fulfill the external obligation were lost or destroyed).\31\ This interpretation is consistent with Congressional intent in enacting the Patient Safety Act, the text of the statute and the regulation, and HHS' prior interpretation found in the NPRM and Preamble, all discussed above, supporting that the Patient Safety Act does not allow providers to be shielded from their external obligations.\32\ --------------------------------------------------------------------------- \30\ 42 U.S.C. 299b-21(7)(B)(i). \31\ If an original provider record is destroyed and the same information is maintained within the PSES, a provider may remove the original record from the PSES for the purpose of maintaining the information outside of the PSES. \32\ This interpretation of ``original provider records'' has developed, in part, due to new information about some providers' apparent attempts to avoid compliance with their external obligations, as discussed above, which has come to the attention of HHS since we initially developed the Patient Safety Act's implementing regulation. While broadly consistent with prior HHS interpretation that the Patient Safety Act does not provide a way for providers to evade their external obligations, HHS acknowledges that one aspect of this interpretation is different from that previously expressed, with respect to whether copies of non-PSWP in the PSES remain privileged and confidential PSWP if the original provider record outside of the PSES is unavailable. See e.g., 73 FR 8124, Oct. 5, 2007 (indicating a copy in the PSES is protected and may not be disclosed when the original record outside of the PSES is unavailable). --------------------------------------------------------------------------- To further illustrate what information HHS would consider to be original provider records versus information that could be eligible to be PSWP, consider the following hypothetical examples in scenarios where a provider maintains specific forms regarding adverse events in order to satisfy a federal or state law obligation. 1. The provider only maintains the forms outside of the PSES: The forms are not PSWP. They are not PSWP both because they are an original provider record and because they are maintained separately from the PSES. 2. The provider maintains the original forms outside of the PSES and places duplicate copies in the PSES for reporting to the PSO, so that further analysis using information in the forms can be conducted: The forms outside of the PSES are not PSWP, for the reasons indicated above. The copies in the PSES would be PSWP, provided that: (1) The information otherwise meets the definition of PSWP and (2) the original forms continue to be maintained by the provider outside of the PSES.\33\ If, while the provider is required to maintain the forms, the forms outside of the PSES become unavailable (e.g., they are lost or destroyed), the duplicate copies of the forms in the provider's PSES will be ``original provider records'' that are no longer privileged and confidential PSWP so long as no duplicate copies of the forms are maintained outside of the PSES by the provider.\34\ --------------------------------------------------------------------------- \33\ See 73 FR 70743, Nov. 21, 2008 (``Because information contained in these original records may be valuable to the analysis of a patient safety event, the important information must be allowed to be incorporated into the patient safety work product. However, the original information must be kept and maintained separately to preserve the original records for their intended purposes.''). \34\ The circumstances in which information from a provider's PSES would not be protected as PSWP in this example are consistent with the statute's text that states a PSO shall not be compelled to disclose information--unless such information is: Identified, not PSWP, and not reasonably available from another source. See 42 U.S.C. 299b-22(d)(4)(A)(i). --------------------------------------------------------------------------- 3. The provider only maintains the original forms in the PSES: The forms are original provider records and not privileged and confidential PSWP. We note that it would be improper to maintain records collected for external reporting purposes solely within a PSES because this scenario would be a misuse of a PSES. 4. The provider maintains the forms outside of the PSES and within the PSES extracts information from the forms to conduct further analysis: The forms outside of the PSES are not PSWP, for the reasons indicated above. The analysis conducted inside the PSES, including the information extracted from the forms, is PSWP. This clarification should not create problems for providers who have appropriately created and retained the original records required to satisfy their external obligations outside of a PSES. Those original records would be available to meet any external reporting requirements or needs.\35\ In an effort to ensure that there is no need to obtain the copies that exist in the PSES for other purposes, providers should establish a mechanism to indicate where the original records can be located. Additionally, providers should exercise extreme caution before destroying any original records maintained outside of the PSES. A provider that destroys the original source documents upon which PSWP is based is not relieved of its obligations or any applicable consequences that may be imposed by other regulators if they fail to maintain the original records. --------------------------------------------------------------------------- \35\ We note that this section focuses on requirements to maintain forms in an available fashion. To the extent an obligation only requires reporting and is fully satisfied after that reporting, a provider has fulfilled the reporting requirement, and the provider has no ongoing requirement to maintain the reported information, the subsequent collection of a form in the PSES and reporting to a PSO would protect the later form as PSWP because the external obligation has been fully satisfied. --------------------------------------------------------------------------- Copies of PSWP To be clear, the above discussion of copies relates to information that begins as non-PSWP (i.e., original patient or provider records and/or information that was collected, maintained, developed, or exists separately from the PSES). Consistent with the Patient Safety Rule's definition of PSWP, copies of information initially prepared as PSWP within the PSES are PSWP.\36\ For example, if a provider originally develops information to improve patient safety in its PSES solely for reporting to the PSO, that information is PSWP. If the provider then makes a copy of this information for the PSO and retains another copy of it in its PSES, both the copy of the information disclosed to the PSO and the copy maintained in the provider's PSES are PSWP, and thus privileged and confidential under the Patient Safety Rule. --------------------------------------------------------------------------- \36\ 42 CFR 3.20 (paragraph (1) of the PSWP definition) (``Except as provided in paragraph (2) of this definition, patient safety work product means any . . . [information] . . . (or copies of any of this material) . . . .''). --------------------------------------------------------------------------- [[Page 32659]] Separate Systems It has come to HHS' attention that the discussion in the Preamble regarding whether providers need to maintain multiple systems may have caused some confusion. Some commenters on the NPRM expressed concern that providers would need to maintain two duplicate systems: One PSES for information that the provider assembles or develops for reporting to a PSO and a second system containing the same information if the provider is unsure at the time the information is prepared for reporting to the PSO whether that information may be required in the future to fulfill a state law obligation. In response to this concern, the Preamble discusses a way that the Patient Safety Rule allows for information that was PSWP to no longer be PSWP.\37\ This process, sometimes referred to as the ``drop out'' provision, provides that PSWP ``assembled or developed by a provider for reporting to a PSO may be removed from'' a PSES and no longer be considered PSWP if: ``[t]he information has not yet been reported to a PSO'' and ``[t]he provider documents the act and date of removal of such information from the'' PSES.\38\ Once removed from the PSES following this procedure, the information could be used for other purposes, such as to meet state law obligations. --------------------------------------------------------------------------- \37\ See e.g., 73 FR 70742, Nov. 21, 2008. \38\ 42 CFR 3.20(2)(ii). --------------------------------------------------------------------------- As indicated above, the drop out provision is intended as a safety valve for providers who are unsure at the time that information is being prepared for reporting to the PSO whether similar information would, at a later time, be needed for an external obligation. It provides some flexibility for providers as they work through their various external obligations, as information assembled or developed for reporting to the PSO can reside as PSWP within the provider's PSES until the provider makes a future determination as to whether that information must be used to meet an external obligation.\39\ It is intended to be used on a case-by-case basis. Under the drop out provision, if the provider later determines the information within its PSES that had originally been assembled or developed for reporting to a PSO will be instead used for an external obligation, it is removed from the PSES and is no longer PSWP. This means it is no longer privileged or confidential under the Patient Safety Act and Patient Safety Rule.\40\ If the provider instead decides to report the information to a PSO, the information remains PSWP (so long as it meets the requirements for being PSWP, including that it is not an original patient or provider record) and cannot be permissibly disclosed for any reason, except in accordance with the disclosure permissions described in the Patient Safety Act and Patient Safety Rule.\41\ The Preamble thus explains how the drop out provision eliminates the need for a provider to maintain two systems with duplicate information: A PSES containing PSWP and a separate system containing any of that same information where the provider has yet to determine whether it will be needed in the future for another purpose. --------------------------------------------------------------------------- \39\ See 73 FR 70742, Nov. 21, 2008 (Referring to the documentation of date and purpose of collection within a PSES, ``(p)roviders have the flexibility to protect this information as patient safety work product within their patient safety evaluation system while they consider whether the information is needed to meet external reporting obligations. Information can be removed from the patient safety evaluation system before it is reported to a PSO to fulfill external reporting obligations.''). \40\ Id. (``Once the information is removed, it is no longer patient safety work product and is no longer subject to the confidentiality provisions.''). \41\ 42 U.S.C. 299b-22(c); 42 CFR 3.204(b), 3.206(b). --------------------------------------------------------------------------- Nevertheless, we reemphasize that where records are mandated by a Federal or State law requirement or other external obligation, they are not PSWP. Thus, a provider should maintain at least two systems or spaces: A PSES for PSWP and a separate place where it maintains records for external obligations.\42\ As discussed above, the Patient Safety Act encourages providers to prepare, analyze, and share information beyond what they are mandated to do. As such, it is expected that most of the information in a PSES would be originally created by providers as part of their voluntary participation with a PSO. --------------------------------------------------------------------------- \42\ ``The Patient Safety Act establishes a protected space or system that is separate, distinct, and resides alongside but does not replace other information collection activities . . . .'' 73 FR 70742, Nov. 21, 2008; see also 73 FR 8124, Oct. 5, 2007. --------------------------------------------------------------------------- Shared Responsibility As described above, the protected system established under the Patient Safety Act works in concert with the external obligations of providers to ensure accountability and transparency while encouraging the improvement of patient safety and reduction of medical errors through a culture of safety. It is the provider's ultimate responsibility to understand what information is required to meet all of its external obligations. If a provider is uncertain what information is required of it to fulfill an external obligation, the provider should reach out to the external entity to clarify the requirement. HHS has heard anecdotal reports of providers, PSOs, and regulators working together to ensure that the regulators can obtain the information they need without requesting that providers impermissibly disclose PSWP. HHS encourages such communication. Regulatory agencies and other entities requesting information of providers or PSOs are reminded that, subject to the limited exceptions set forth in the Patient Safety Act and Patient Safety Rule, PSWP is privileged and confidential, and it may not be used to satisfy external obligations. Therefore, such entities should not demand PSWP from providers or PSOs. Some requirements are clear and discrete, which makes it relatively easy for providers to understand what information is mandated, determine what additional information they want to prepare for reporting to a PSO, and to separate the two categories of information. Examples of clear and discrete requirements would include requirements for a provider to fill out a particular form or to provide a document containing specified data points. However, HHS is aware that some requirements are more ambiguous or broad, thus creating uncertainty about the information required to satisfy them. Particularly where laws or regulations may be vague, it is imperative that the regulators work with providers so that the regulators obtain the information they need, and that providers sufficiently understand what is required of them so that they can satisfy their obligations and voluntarily report additional information to a PSO. Where a variety of information could potentially satisfy an external obligation, and where a provider reports similar information to the PSO, the provider may find it helpful to document which information collection activities it does to fulfill its external requirements and which other activities it does in the PSES, to help ensure confidentiality and privilege of the PSWP. Later Developing Requirements As discussed above, providers should work with regulatory bodies and any other entities with which they have obligations to understand in advance the exact information they will need to satisfy their external obligations. That way, providers can plan ahead to create and maintain any information needed to fulfill their obligations separately from their PSES. However, even if providers and regulators cooperate fully, HHS is aware that situations could arise where a provider has collected information for reporting to the PSO and where the [[Page 32660]] records at issue were not required by any external obligation at the time they were created, but where a regulator later seeks the same information as part of its oversight or investigatory responsibilities. The information at issue would be PSWP and would be privileged and confidential, but the provider may still have several options to satisfy its obligation. If the information is eligible for the drop out provision (including that the provider has not yet reported the information to a PSO), then the provider may follow the drop out provision discussed above to remove the information from its PSES and report or maintain the information outside of the PSES, to satisfy the regulator's request. This information is no longer PSWP. If the provider has reported the information to a PSO or the information is otherwise not subject to the drop out provision, the Patient Safety Act and Patient Safety Rule provide several options that the provider may want to consider, which are discussed below. 1. Did the provider mistakenly enter information that is not PSWP into its PSES? The provider may want to first ensure that the information being requested meets the definition of PSWP. If the provider determines that the information now required is not PSWP (e.g., an original patient record was accidentally placed in the PSES), the provider can remove the information from its PSES. If the information does not meet the definition of PSWP, it is not privileged and confidential under the Patient Safety Act, and the Patient Safety Act places no limitations on the provider from further releasing it. If the information is not PSWP and the only copy of the information is in the PSO's PSES (i.e., the provider did not retain a copy outside of or in its PSES), then the Patient Safety Act places no limitations on the PSO from releasing it back to the provider. 2. Is there a disclosure exception that may be used to permissibly disclose the PSWP? For example:Can the provider obtain authorization from each identified provider to disclose the information, in accordance with 42 CFR 3.206(b)(3)? Is the information subject to the disclosure permission to the FDA at 42 CFR 3.206(b)(7)? Is the information being voluntarily disclosed to an accrediting body, pursuant to 42 CFR 3.206(b)(8)? While these disclosure permissions are available in the limited circumstances described in the Patient Safety Rule, relying upon a disclosure permission should not be a provider's primary method to meet an external obligation. As stated in the Preamble, with respect to the FDA disclosure permission, ``However, we emphasize that, despite this disclosure permission, we expect that most reporting to the FDA and its regulated entities will be done with information that is not patient safety work product, as is done today. This disclosure permission is intended to allow for reporting to the FDA or FDA-regulated entity in those special cases where, only after an analysis of patient safety work product, does a provider realize it should make a report.'' 43 44 HHS has the same expectation for other external obligations, as well. --------------------------------------------------------------------------- \43\ 73 FR 70782, Nov. 21, 2008. \44\ Following publication of the Patient Safety Rule, HHS issued guidance on meeting mandatory reporting obligations to the FDA. See ``Department of Health and Human Services Guidance Regarding Patient Safety Organizations' Reporting Obligations and the Patient Safety and Quality Improvement Act of 2005'' available at www.pso.ahrq.gov. --------------------------------------------------------------------------- 3. Can the provider recreate the information or conduct an identical analysis from non-PSWP outside of the PSES? If a provider is instructed to compile specified information but the provider previously assembled such information within its PSES and reported it to a PSO, this does not prevent a provider from creating the requested information using non-PSWP. As indicated in the NPRM, ``[t]hose who participated in the collection, development, analysis, or review of the missing information or have knowledge of its contents can fully disclose what they know . . .'' \45\ Similarly, although an analysis originally conducted in the PSES cannot become non-PSWP under the drop out provision, if a provider is informed that a certain analysis is needed to meet an external obligation, the Patient Safety Act indicates that a provider could conduct a new analysis with non-PSWP to satisfy this requirement, ``regardless of whether such additional analysis involves issues identical to or similar to those for which information was reported to or assessed by'' a PSO or PSES.\46\ --------------------------------------------------------------------------- \45\ 73 FR 8124, Oct. 5, 2007. \46\ 42 U.S.C. 299b-22(h). --------------------------------------------------------------------------- Providers are reminded that they should exercise care to ensure that even if the information is not privileged and confidential under the Patient Safety Act or if a permissible disclosure of PSWP has been identified, the intended disclosure of the information is not impermissible under any other law (e.g., the HIPAA Privacy Rule.) Dated: May 19, 2016. Andrew Bindman, AHRQ Director. Jocelyn Samuels, Director, OCR. [FR Doc. 2016-12312 Filed 5-20-16; 5:15 pm] BILLING CODE 4160-90-P
![Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations 32655
DEPARTMENT OF HEALTH AND disclosure permissions of the Patient another course to pursue accountability
HUMAN SERVICES Safety Act and Patient Safety Rule. for medical errors. If a patient is injured
while under a provider’s care, the tort
Agency for Healthcare Research and HHS Approach to Patient Safety Act
system offers an avenue to compensate
Quality Office for Civil Rights Interpretation
the patient for his injury. However,
The Patient Safety Act is part of a while a successful medical malpractice
42 CFR Part 3 larger framework envisioned by the claim may help compensate one patient
Institute of Medicine and designed to for his specific injury, the general threat
Patient Safety and Quality balance two goals: 1) To improve patient of litigation provides a disincentive to
Improvement Act of 2005—HHS safety and reduce medical errors by providers from voluntarily sharing
Guidance Regarding Patient Safety creating a ‘‘culture of safety’’ to share information about their mistakes.
Work Product and Providers’ External and learn from information related to The intent of the system established
Obligations patient safety events, and 2) to promote by the Patient Safety Act is to protect
health care providers’ accountability the additional information created
AGENCY: Agency for Healthcare Research and transparency through mechanisms through voluntary patient safety
and Quality (AHRQ), Office for Civil such as oversight by regulatory agencies activities, not to protect records created
Rights (OCR), Department of Health and and adjudication in the legal system. As through providers’ mandatory
Human Services (HHS). discussed in ‘‘To Err Is Human,’’ in information collection activities.4 For
ACTION: Guidance on Patient Safety and respect to reporting systems, ‘‘they can example, a provider may have an
Quality Improvement Act of 2005. hold providers accountable for external obligation to maintain certain
performance or, alternatively, they can records about serious adverse events
SUMMARY: This guidance sets forth provide information that leads to that result in patient harm. The
guidance for patient safety organizations improved safety. Conceptually, these document the provider prepares to meet
(PSOs) and providers regarding purposes are not incompatible, but in its requirement about such adverse
questions that have arisen about the reality, they can prove difficult to satisfy events is not PSWP. As such, the Patient
Patient Safety and Quality Improvement simultaneously.’’ 1 Safety Act recognizes the goal of
Act of 2005, 42 U.S.C. 299b–21—b–26 The Patient Safety Act promotes the accountability and transparency, and it
(Patient Safety Act), and its goal of improving patient safety and attempts to balance this goal with that
implementing regulation, the Patient reducing medical errors by establishing of improving patient safety and
Safety and Quality Improvement Final a system in which health care providers reducing medical errors. While Congress
Rule, 42 CFR part 3 (Patient Safety can voluntarily collect and report was aware of the chilling effect the fear
Rule). In particular, this Patient Safety information related to patient safety,
and Quality Improvement Act of 2005— health care quality, and health care Systems’’, 2015, page 4. For example, Pennsylvania
Guidance Regarding Patient Safety Work outcomes to PSOs. The PSOs aggregate hospitals, ambulatory surgical facilities, birthing
Product and Providers’ External and analyze this information and give centers, nursing homes, and other facilities are
Obligations (Guidance) is intended to required by various state laws to submit reports on
feedback to the providers to encourage ‘‘serious events’’ and ‘‘incidents’’ to the
clarify what information that a provider learning and prevent future errors. The Pennsylvania Patient Safety Reporting System
creates or assembles can become patient providers are motivated to report such (‘‘PA–PSRS’’). Information submitted to PA–PSRS
safety work product (PSWP) in response is confidential under state law. Patient Safety
information to PSOs because the Patient Authority, Pennsylvania Patient Safety Reporting
to recurring questions. This Guidance Safety Act provides broad privilege and System: PA–PSRS (Pennsylvania Patient Safety
also clarifies how providers can satisfy confidentiality protections for Reporting System), http://
external obligations related to information meeting the definition of patientsafetyauthority.org/PA-PSRS/Pages/
information collection activities PAPSRS.aspx (last accessed Mar. 4, 2016). In
PSWP, which alleviates concerns about Maine, ‘‘healthcare facilities,’’ which includes
consistent with the Patient Safety Act such information being used against a hospitals, ambulatory surgical facilities, end-stage
and Patient Safety Rule. provider, such as in litigation. renal disease facilities, and intermediate care
DATES: The Guidance is effective on At the same time, providers are facilities for individuals who are intellectually
disabled, are required to report ‘‘sentinel events’’
May 24, 2016. subject to legitimate external obligations and root cause analyses of sentinel events to the
ADDRESSES: The Guidance can be regarding certain records about patient Maine Department of Health and Human Services.
accessed electronically at the following safety to ensure their accountability and The healthcare facilities may also voluntarily self-
report ‘‘near miss events.’’ Under state law, the
HHS Web site: http://www.pso.ahrq.gov. transparency. For example, the Centers reported information is confidential and privileged.
FOR FURTHER INFORMATION CONTACT:
for Medicare & Medicaid Services (CMS) See 10–144 C.M.R. Ch 114, Rules Governing the
Susan Grinder, Center for Quality Hospital Condition of Participation Reporting of Sentinel Events. In addition or
(CoP) for Quality Assessment and alternative to reporting requirements, some states
Improvement and Patient Safety, AHRQ, require providers to maintain certain information.
5600 Fishers Lane, Mail Stop 06N100B, Performance Improvement require For example, Delaware requires certain facilities
Rockville, MD 20857; Telephone (301) hospitals to track adverse patient that perform invasive medical procedures to report
427–1327; Email: Susan.Grinder@ events.2 State health care regulatory adverse events to the Department of Health and
agencies typically have their own Social Services within 48 business hours of the
AHRQ.hhs.gov. occurrence and also keep the adverse event reports
separate requirements for different types ‘‘on file at the facility for a minimum of five years.’’
SUPPLEMENTARY INFORMATION: of providers, with more than half of the CDR 16–4000–4408 Sections 4.3, 4.4. In Kentucky,
Background states operating adverse event reporting hospitals are required to ‘‘establish[], maintain[],
systems.3 The legal system provides and utilize[]’’ administrative reports, including
HHS issued the Patient Safety Rule to incident investigation reports, ‘‘to guide the
mstockstill on DSK3G9T082PROD with RULES
operation, measure productivity, and reflect the
implement the Patient Safety Act. 1 Institute of Medicine, ‘‘To Err Is Human:
programs of the facility.’’ 902 KAR 20:016 Section
AHRQ administers the provisions of the Building a Safer Health System’’, 1999, page 86. 3(3)(a).
Act and Rule relating to the listing and 2 42 CFR 482.21(a)(2). 4 See e.g., 42 U.S.C. 299b-21(7)(B)(iii)(II), (III); 42
3 As of November 2014, 26 states and the District U.S.C. 299b-22(g)(2), (5) (generally providing that
operation of PSOs. OCR, within HHS, is
of Columbia had adverse event reporting systems, the Patient Safety Act does not affect or limit
responsible for interpretation, and Texas began implementing a system in January providers’ obligations to record or report
administration and enforcement of the 2015. National Academy for State Health Policy, information that is not PSWP to Federal, state, or
confidentiality protections and ‘‘2014 Guide to State Adverse Event Reporting local governmental agencies).
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00039 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/1.svg)
![32656 Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations
of being sued had on providers, the sometimes referred to as the ‘‘reporting than reporting to a PSO is not PSWP
Patient Safety Act was not designed to pathway’’—is how providers generally under the reporting pathway.15
prevent patients who believed they were create most of their PSWP. According to Within the category of information
harmed from obtaining the records the Patient Safety Act, in order for prepared for a purpose other than
about their care that they were able to information to become PSWP through reporting to a PSO, information that is
obtain prior to the enactment of the the reporting pathway, it must be prepared for external obligations has
Patient Safety Act.5 Nor was the Patient information that could improve patient generated many questions. External
Safety Act intended to insulate safety, health care quality, or health care obligations include, but are not limited
providers from demonstrating outcomes and be assembled or to, mandatory requirements placed
accountability through fulfilling their developed by a provider for reporting to upon providers by Federal and state
external obligations.6 Therefore, when a PSO and be reported to a PSO. health regulatory agencies.16 Both the
interpreting the Patient Safety Act and Another way of saying that the NPRM and Preamble clearly state that
Patient Safety Rule, HHS does so with information is assembled or developed PSWP cannot be used to satisfy such
the objective of maintaining balance for reporting to a PSO is that the external obligations. ‘‘As the Patient
between these two policy goals, information is prepared for the purpose Safety Act states more than once, these
consistent with the intent of the Patient of reporting it to the PSO.10 Under the external obligations must be met with
Safety Act. information that is not patient safety
Patient Safety Rule, the reporting
work product, and, in accordance with
How Information Becomes PSWP pathway allows for information that is
the confidentiality provisions, patient
documented as collected within the
Both the Notice of Proposed safety work product cannot be disclosed
provider’s PSES to be PSWP and thus for these purposes.’’ 17 In the Preamble,
Rulemaking (NPRM) and the Preamble
privileged and confidential before it is HHS repeatedly stated that PSWP
to the Patient Safety Rule (Preamble)
reported to a PSO. As explained in the cannot be used to fulfill external
discuss the definition of PSWP and
provide examples of what information Preamble, this interpretation addresses obligations.18
would and would not meet the the concerns of significant
administrative burden and an Purpose for Which the Information Was
definition.7 Because there continues to Assembled or Developed
be confusion about this definition, the indiscriminate race to report
prior discussion will be reiterated and information to the PSO if information As such, uncovering the purpose for
further clarified here. The definition of only became protected after it was which information is prepared can be a
PSWP sets forth three basic ways that reported to a PSO.11 Nevertheless, a critical factor in determining whether
certain information can become PSWP: provider should only place information the information is PSWP. Since some
(1) The information is prepared by a in its PSES if it intends to report that types of information can be PSWP or not
provider for reporting to a PSO and it information to the PSO.12 depending upon why the information
is reported to the PSO, (2) the was assembled or developed, it is
Information That Is Not PSWP important for providers to be aware of
information is developed by a PSO for
the conduct of patient safety activities,8 The definition of PSWP also describes whether information is prepared for
or, (3) the information identifies or information that is not PSWP. reporting to a PSO. The chart below
constitutes the deliberations or analysis Specifically excluded from the includes some examples.
of, or identifies the fact of reporting definition of PSWP is, ‘‘a patient’s 15 See 73 FR 70740, Nov. 21, 2008 (‘‘Patient safety
pursuant to, a patient safety evaluation medical record, billing and discharge work product does not include information that is
system (PSES).9 The first way— information, or any other original collected, maintained, or developed separately or
patient or provider information.’’ 13 The exists separately from, a patient safety evaluation
5 ‘‘It is not the intent of this legislation to system. This distinction is made because these and
establish a legal shield for information that is
Patient Safety Act and Rule also exclude similar records must be maintained by providers for
already currently collected or maintained separate from the PSWP definition ‘‘information other purposes.’’).
from the new patient safety process, such as a that is collected, maintained, or 16 Some examples of external obligations include:
patient’s medical record. That is, information which developed separately, or exists state incident reporting, adverse drug event
is currently available to plaintiffs’ attorneys or reporting to the Food and Drug Administration
others will remain available just as it is today.’’ 151 separately, from a patient safety (FDA), certification or licensing recordkeeping,
Cong. Rec. S8741 (daily ed. Jul. 22, 2005) (statement evaluation system.’’ 14 Put another way, reporting to the National Practitioner Data Bank,
of Mr. Enzi, then chairman of the Senate Health, information prepared for purposes other and disclosing information to comply with CMS’
Education, Labor, and Pensions Committee). ‘‘Nor CoPs or conditions for coverage. 73 FR 8123, Oct.
does this bill alter any existing rights or remedies 5, 2007.
available to injured patients. The bottom line is that reporting to or by a PSO.’’ 42 U.S.C. 299b-21(6); 42 17 73 FR 8123, Oct. 5, 2007.
this legislation neither strengthens nor weakens the CFR 3.20. 18 See e.g., 73 FR 70740, Nov. 21, 2008 (‘‘. . .
existing system of tort and liability law.’’ Id. 10 See 73 FR 70739, Nov. 21, 2008 (‘‘information
external reporting obligations as well as voluntary
(statement of Mr. Jeffords, who reintroduced S. 544, may become patient safety work product if it is reporting activities that occur for the purpose of
the bill that became the Patient Safety Act). assembled or developed by a provider for the maintaining accountability in the health care
6 ‘‘This legislation does nothing to reduce or purpose of reporting to a PSO and is reported to a system cannot be satisfied with patient safety work
affect other Federal, State or local legal PSO’’). product.’’), 70742 (‘‘These external obligations must
requirements pertaining to health related 11 See 73 FR 70741–42, Nov. 21, 2008.
be met with information that is not patient safety
information.’’ Id. (statement of Mr. Jeffords). 12 Id. (‘‘We note, however, that a provider should
work product and oversight entities continue to
7 73 FR 8120–24, Oct. 5, 2007; 73 FR 70739–44, not place information into its patient safety have access to this original information in the same
Nov. 21, 2008. evaluation system unless it intends for that manner as such entities have had access prior to the
8 This guidance does not otherwise address the information to be reported to the PSO.’’). passage of the Patient Safety Act.’’), 70743 (‘‘The
mstockstill on DSK3G9T082PROD with RULES
creation of PSWP through development by a PSO. 13 42 CFR 3.20 (paragraph (2)(i) of the PSWP final rule is clear that providers must comply with
Because external regulatory and oversight reporting definition). The Patient Safety Act, at U.S.C. 299b- applicable regulatory requirements and that the
obligations are requirements of providers, this 21(7)(B)(i), refers to ‘‘original patient or provider protection of information as patient safety work
guidance does not apply to information developed record[s],’’ but the use of ‘‘original patient or product does not relieve a provider of any
by a PSO for the conduct of patient safety activities. provider information’’ in the regulation is intended obligation to maintain information separately.’’).
9 42 U.S.C. 299b-21(7)(A); 42 CFR 3.20 (paragraph to be synonymous with the use of ‘‘original patient 19 See CMS Pub. 100–07, State Operations
(1) of the definition of PSWP). Patient safety or provider record’’ in the statute. Manual, Appendix A, Transmittal 37, page 275
evaluation system ‘‘means the collection, 14 42 U.S.C. 299b-21(7)(B)(ii); 42 CFR 3.20 (Oct. 17, 2008) (in providing interpretative guidance
management, or analysis of information for (paragraph (2)(i) of the PSWP definition). on compliance with 42 CFR 482.41(c)(2), stating
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00040 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/2.svg)
![Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations 32657
Could be PSWP if information is not required for another purpose
Type of information Not PSWP if prepared . . . and is prepared solely for reporting to a PSO, for example . . .
Information related to the func- For upkeep of equipment (e.g., Following a patient incident, a provider develops information about
tioning of medical equipment. original equipment maintenance possible equipment malfunctions for reporting to a PSO. The PSO
logs), to maintain a warranty, or can aggregate it with other rare events from other reporting pro-
for an external obligation (e.g., viders to identify risks and hazards.
CMS requires some equipment
logs 19).
A list of provider staff who were To ensure appropriate levels of cli- Following the incident, a provider originally assembles the list for re-
present at the time a patient inci- nician availability (e.g., routine porting to a PSO so the PSO can analyze the levels and types of
dent occurred. personnel schedules), or for staff involved in medication errors.
compliance purposes 20.
Written reports 21 of witness ac- For internal risk management The provider originally prepares the written reports for reporting to
counts of what they observed at (claims and liability purposes). the PSO so that the richness of the narrative can be mined for
the time of a patient incident. contributing factors.
Information related to care or treat- As part of the patient’s original The provider documents all patient allergic reactions in the medical
ment provided to the patient. medical record 22. record then prepares a list of patients that have exhibited the reac-
tion to determine if newly-instituted procedures for reducing risk
were followed specifically for the PSO. The list of patients exhib-
iting the reaction prepared for reporting to the PSO could be
PSWP, but the original patient medical records would not.
Meeting External Obligations other information collection activities Department does not believe that the
mandated by laws, regulations, and patient safety evaluation system enables
The Patient Safety Act Does Not Relieve
accrediting and licensing requirements providers to avoid transparency. . . .
a Provider From Its External Obligations
as well as voluntary reporting activities [T]he Patient Safety Act and the final
As discussed above, the Patient Safety that occur for the purpose of rule have carefully assured that
Act does not permit providers to use the maintaining accountability in the health information generally available today
privilege and confidentiality protections care system.’’ 26 As further stated in the remains available, such as medical
for PSWP to shield records required by Preamble, ‘‘nothing in the final rule or records, original provider documents,
external recordkeeping or reporting the statute relieves a provider from his and business records.’’ 29
requirements. To this end, the Patient or her obligation to disclose information
Safety Act specifically states that it shall HHS believes that most providers that
from such original records or other engage with a PSO are doing so to
not limit the reporting of non-PSWP ‘‘to information that is not patient safety
a Federal, State, or local governmental further learning about patient safety and
work product to comply with state health care quality, consistent with the
agency for public health surveillance, reporting or other laws.’’ 27
investigation, or other public health intent of the Patient Safety Act.
purposes or health oversight purposes’’ HHS reiterates that any external Nevertheless, we are concerned about
or a provider’s recordkeeping reporting or recordkeeping obligations— two ways that some providers may be
obligations under Federal, State, or local whether they require a provider to attempting to misuse the Patient Safety
law.23 It further reinforces that the report certain information, maintain Act protections to avoid their external
statute shall not be construed ‘‘to limit, specific records, or operate a separate obligations—in particular, to
alter or affect the requirements of system—cannot be met with PSWP. We circumvent Federal or state regulatory
Federal, State, or local law pertaining to also clarify that any information that is obligations. First, some providers with
information that is not’’ PSWP or ‘‘as prepared to meet any Federal, state, or recordkeeping or record maintenance
preempting or otherwise affecting any local health oversight agency requirements appear to be maintaining
State law requiring a provider to report requirements is not PSWP. As discussed the required records only in their PSES
information that is not’’ PSWP.24 The above, the Patient Safety Act was and then refusing to disclose the
NPRM explains that ‘‘the statute is quite intended to spur the development of records, asserting that the records in
specific that these protections do not additional information created through their PSES fulfill the applicable
relieve a provider from its obligation to voluntary patient safety activities and to regulatory requirements while at the
comply with other legal, regulatory, provide privilege and confidentiality same time maintaining that the records
accreditation, licensure, or other protections for such new information. It are privileged and confidential PSWP.
accountability requirements that it was not intended to protect records Second, some providers appear to
would otherwise need to meet.’’ 25 It generated or maintained as part of develop records to meet external
adds that the protected system providers’ existing mandatory obligations outside of the PSES, place a
established by the Patient Safety Act, information collection activities.28 As duplicate copy of the required record
‘‘resides alongside but does not replace stated in the Preamble, ‘‘The into the PSES, then destroy the original
that survey procedures include reviewing could still potentially disclose or testify about what 24 42 U.S.C. 299b–22(g).
maintenance logs for significant medical they observed. 25 73 FR 8124, Oct. 5, 2007.
equipment). 22 There are various requirements regarding what 26 Id.
mstockstill on DSK3G9T082PROD with RULES
20 As an example, 42 U.S.C. 1395cc(a)(1)(I)(iii) information is required to be in the medical record. 27 73 FR 70786, Nov. 21, 2008.
requires hospitals to maintain an on-call list of For example, CMS’ Hospital CoP for medical record 28 See 73 FR 70742, Nov. 21, 2008 (‘‘Even when
physicians available to provide treatment related to services includes that a hospital’s medical record, laws or regulations require the reporting of
individuals with emergency medical conditions. ‘‘must contain information to justify admission and information regarding the type of events also
21 Of note, while a written report of the patient continued hospitalization, support the diagnosis, reported to PSOs, the Patient Safety Act does not
and describe the patient’s progress and response to shield providers from their obligation to comply
safety incident prepared for reporting to a PSO may
medication and services.’’ 42 CFR 482.24(c). with such requirements.’’).
be PSWP, individuals who witnessed the event 23 42 U.S.C. 299b–21(7)(B)(iii). 29 73 FR 70739, Nov. 21, 2008.
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00041 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/3.svg)
![32658 Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations
outside of the PSES and refuse to To further illustrate what information outside of the PSES are not PSWP, for
disclose the remaining copy of the HHS would consider to be original the reasons indicated above. The
information, asserting that the copy is provider records versus information that analysis conducted inside the PSES,
confidential and privileged PSWP. The could be eligible to be PSWP, consider including the information extracted
Patient Safety Act was not intended to the following hypothetical examples in from the forms, is PSWP.
give providers such methods to evade scenarios where a provider maintains This clarification should not create
their regulatory obligations. Here, we specific forms regarding adverse events
problems for providers who have
clarify HHS’ interpretation of how the in order to satisfy a federal or state law
appropriately created and retained the
Patient Safety Act prohibits providers obligation.
1. The provider only maintains the original records required to satisfy their
from using the PSES to protect from
disclosure records subject to such forms outside of the PSES: The forms external obligations outside of a PSES.
external obligations. are not PSWP. They are not PSWP both Those original records would be
because they are an original provider available to meet any external reporting
Original Patient and Provider Records requirements or needs.35 In an effort to
record and because they are maintained
As stated in the Patient Safety Act and separately from the PSES. ensure that there is no need to obtain
Patient Safety Rule, original patient and 2. The provider maintains the original the copies that exist in the PSES for
provider records, such as a patient’s forms outside of the PSES and places other purposes, providers should
medical record, billing information, and duplicate copies in the PSES for establish a mechanism to indicate where
discharge information, are not PSWP.30 reporting to the PSO, so that further the original records can be located.
We now provide further clarification analysis using information in the forms Additionally, providers should exercise
regarding what constitutes other types can be conducted: The forms outside of extreme caution before destroying any
of original provider records. HHS the PSES are not PSWP, for the reasons original records maintained outside of
interprets ‘‘original provider records’’ to indicated above. The copies in the PSES the PSES. A provider that destroys the
include: (1) Original records (e.g., would be PSWP, provided that: (1) The original source documents upon which
reports or documents) that are required information otherwise meets the PSWP is based is not relieved of its
of a provider to meet any Federal, state, definition of PSWP and (2) the original obligations or any applicable
or local public health or health forms continue to be maintained by the consequences that may be imposed by
oversight requirement regardless of provider outside of the PSES.33 If, while other regulators if they fail to maintain
whether such records are maintained the provider is required to maintain the the original records.
inside or outside of the provider’s PSES; forms, the forms outside of the PSES
and (2) copies of records residing within become unavailable (e.g., they are lost or Copies of PSWP
the provider’s PSES that were prepared destroyed), the duplicate copies of the
To be clear, the above discussion of
to satisfy a Federal, state, or local public forms in the provider’s PSES will be
copies relates to information that begins
health or health oversight record ‘‘original provider records’’ that are no
maintenance requirement, if while the as non-PSWP (i.e., original patient or
longer privileged and confidential
provider is obligated to maintain such PSWP so long as no duplicate copies of provider records and/or information
information, the information is only the forms are maintained outside of the that was collected, maintained,
maintained by the provider within the PSES by the provider.34 developed, or exists separately from the
PSES (e.g., if the records or documents 3. The provider only maintains the PSES). Consistent with the Patient
that were being maintained outside the original forms in the PSES: The forms Safety Rule’s definition of PSWP, copies
PSES to fulfill the external obligation are original provider records and not of information initially prepared as
were lost or destroyed).31 This privileged and confidential PSWP. We PSWP within the PSES are PSWP.36 For
interpretation is consistent with note that it would be improper to example, if a provider originally
Congressional intent in enacting the maintain records collected for external develops information to improve patient
Patient Safety Act, the text of the statute reporting purposes solely within a PSES safety in its PSES solely for reporting to
and the regulation, and HHS’ prior because this scenario would be a misuse the PSO, that information is PSWP. If
interpretation found in the NPRM and of a PSES. the provider then makes a copy of this
Preamble, all discussed above, 4. The provider maintains the forms information for the PSO and retains
supporting that the Patient Safety Act outside of the PSES and within the PSES another copy of it in its PSES, both the
does not allow providers to be shielded extracts information from the forms to copy of the information disclosed to the
from their external obligations.32 conduct further analysis: The forms PSO and the copy maintained in the
provider’s PSES are PSWP, and thus
30 42 U.S.C. 299b–21(7)(B)(i). confidential PSWP if the original provider record privileged and confidential under the
31 Ifan original provider record is destroyed and outside of the PSES is unavailable. See e.g., 73 FR
8124, Oct. 5, 2007 (indicating a copy in the PSES
Patient Safety Rule.
the same information is maintained within the
PSES, a provider may remove the original record is protected and may not be disclosed when the
from the PSES for the purpose of maintaining the original record outside of the PSES is unavailable). 35 We note that this section focuses on
information outside of the PSES. 33 See 73 FR 70743, Nov. 21, 2008 (‘‘Because requirements to maintain forms in an available
32 This interpretation of ‘‘original provider information contained in these original records may fashion. To the extent an obligation only requires
records’’ has developed, in part, due to new be valuable to the analysis of a patient safety event, reporting and is fully satisfied after that reporting,
information about some providers’ apparent the important information must be allowed to be a provider has fulfilled the reporting requirement,
attempts to avoid compliance with their external incorporated into the patient safety work product. and the provider has no ongoing requirement to
obligations, as discussed above, which has come to However, the original information must be kept and maintain the reported information, the subsequent
mstockstill on DSK3G9T082PROD with RULES
the attention of HHS since we initially developed maintained separately to preserve the original collection of a form in the PSES and reporting to
the Patient Safety Act’s implementing regulation. records for their intended purposes.’’). a PSO would protect the later form as PSWP
While broadly consistent with prior HHS 34 The circumstances in which information from because the external obligation has been fully
interpretation that the Patient Safety Act does not a provider’s PSES would not be protected as PSWP satisfied.
provide a way for providers to evade their external in this example are consistent with the statute’s text 36 42 CFR 3.20 (paragraph (1) of the PSWP
obligations, HHS acknowledges that one aspect of that states a PSO shall not be compelled to disclose definition) (‘‘Except as provided in paragraph (2) of
this interpretation is different from that previously information—unless such information is: Identified, this definition, patient safety work product means
expressed, with respect to whether copies of non- not PSWP, and not reasonably available from any . . . [information] . . . (or copies of any of this
PSWP in the PSES remain privileged and another source. See 42 U.S.C. 299b–22(d)(4)(A)(i). material) . . . .’’).
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00042 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/4.svg)
![Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations 32659
Separate Systems removed from the PSES and is no longer reports of providers, PSOs, and
It has come to HHS’ attention that the PSWP. This means it is no longer regulators working together to ensure
discussion in the Preamble regarding privileged or confidential under the that the regulators can obtain the
whether providers need to maintain Patient Safety Act and Patient Safety information they need without
multiple systems may have caused some Rule.40 If the provider instead decides to requesting that providers impermissibly
confusion. Some commenters on the report the information to a PSO, the disclose PSWP. HHS encourages such
NPRM expressed concern that providers information remains PSWP (so long as communication. Regulatory agencies
would need to maintain two duplicate it meets the requirements for being and other entities requesting
systems: One PSES for information that PSWP, including that it is not an information of providers or PSOs are
the provider assembles or develops for original patient or provider record) and reminded that, subject to the limited
reporting to a PSO and a second system cannot be permissibly disclosed for any exceptions set forth in the Patient Safety
containing the same information if the reason, except in accordance with the Act and Patient Safety Rule, PSWP is
provider is unsure at the time the disclosure permissions described in the privileged and confidential, and it may
information is prepared for reporting to Patient Safety Act and Patient Safety not be used to satisfy external
Rule.41 The Preamble thus explains how obligations. Therefore, such entities
the PSO whether that information may
the drop out provision eliminates the should not demand PSWP from
be required in the future to fulfill a state
need for a provider to maintain two providers or PSOs.
law obligation. In response to this Some requirements are clear and
systems with duplicate information: A
concern, the Preamble discusses a way discrete, which makes it relatively easy
PSES containing PSWP and a separate
that the Patient Safety Rule allows for for providers to understand what
system containing any of that same
information that was PSWP to no longer information is mandated, determine
information where the provider has yet
be PSWP.37 This process, sometimes what additional information they want
to determine whether it will be needed
referred to as the ‘‘drop out’’ provision, to prepare for reporting to a PSO, and
in the future for another purpose.
provides that PSWP ‘‘assembled or Nevertheless, we reemphasize that to separate the two categories of
developed by a provider for reporting to where records are mandated by a information. Examples of clear and
a PSO may be removed from’’ a PSES Federal or State law requirement or discrete requirements would include
and no longer be considered PSWP if: other external obligation, they are not requirements for a provider to fill out a
‘‘[t]he information has not yet been PSWP. Thus, a provider should particular form or to provide a
reported to a PSO’’ and ‘‘[t]he provider maintain at least two systems or spaces: document containing specified data
documents the act and date of removal A PSES for PSWP and a separate place points. However, HHS is aware that
of such information from the’’ PSES.38 where it maintains records for external some requirements are more ambiguous
Once removed from the PSES following obligations.42 As discussed above, the or broad, thus creating uncertainty
this procedure, the information could be Patient Safety Act encourages providers about the information required to satisfy
used for other purposes, such as to meet to prepare, analyze, and share them. Particularly where laws or
state law obligations. information beyond what they are regulations may be vague, it is
As indicated above, the drop out mandated to do. As such, it is expected imperative that the regulators work with
provision is intended as a safety valve that most of the information in a PSES providers so that the regulators obtain
for providers who are unsure at the time would be originally created by providers the information they need, and that
that information is being prepared for as part of their voluntary participation providers sufficiently understand what
reporting to the PSO whether similar with a PSO. is required of them so that they can
information would, at a later time, be satisfy their obligations and voluntarily
needed for an external obligation. It Shared Responsibility
report additional information to a PSO.
provides some flexibility for providers As described above, the protected Where a variety of information could
as they work through their various system established under the Patient potentially satisfy an external
external obligations, as information Safety Act works in concert with the obligation, and where a provider reports
assembled or developed for reporting to external obligations of providers to similar information to the PSO, the
the PSO can reside as PSWP within the ensure accountability and transparency provider may find it helpful to
provider’s PSES until the provider while encouraging the improvement of document which information collection
makes a future determination as to patient safety and reduction of medical activities it does to fulfill its external
whether that information must be used errors through a culture of safety. It is requirements and which other activities
to meet an external obligation.39 It is the provider’s ultimate responsibility to it does in the PSES, to help ensure
intended to be used on a case-by-case understand what information is confidentiality and privilege of the
basis. Under the drop out provision, if required to meet all of its external PSWP.
the provider later determines the obligations. If a provider is uncertain
information within its PSES that had what information is required of it to Later Developing Requirements
originally been assembled or developed fulfill an external obligation, the As discussed above, providers should
for reporting to a PSO will be instead provider should reach out to the work with regulatory bodies and any
used for an external obligation, it is external entity to clarify the other entities with which they have
requirement. HHS has heard anecdotal obligations to understand in advance
37 See e.g., 73 FR 70742, Nov. 21, 2008. the exact information they will need to
38 42 CFR 3.20(2)(ii). 40 Id. (‘‘Once the information is removed, it is no
satisfy their external obligations. That
39 See 73 FR 70742, Nov. 21, 2008 (Referring to longer patient safety work product and is no longer way, providers can plan ahead to create
subject to the confidentiality provisions.’’).
mstockstill on DSK3G9T082PROD with RULES
the documentation of date and purpose of
collection within a PSES, ‘‘(p)roviders have the 41 42 U.S.C. 299b–22(c); 42 CFR 3.204(b), and maintain any information needed to
flexibility to protect this information as patient 3.206(b). fulfill their obligations separately from
safety work product within their patient safety 42 ‘‘The Patient Safety Act establishes a protected their PSES. However, even if providers
evaluation system while they consider whether the space or system that is separate, distinct, and and regulators cooperate fully, HHS is
information is needed to meet external reporting resides alongside but does not replace other
obligations. Information can be removed from the information collection activities . . . .’’ 73 FR
aware that situations could arise where
patient safety evaluation system before it is reported 70742, Nov. 21, 2008; see also 73 FR 8124, Oct. 5, a provider has collected information for
to a PSO to fulfill external reporting obligations.’’). 2007. reporting to the PSO and where the
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00043 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/5.svg)
![32660 Federal Register / Vol. 81, No. 100 / Tuesday, May 24, 2016 / Rules and Regulations
records at issue were not required by obligation. As stated in the Preamble, Dated: May 19, 2016.
any external obligation at the time they with respect to the FDA disclosure Andrew Bindman,
were created, but where a regulator later permission, ‘‘However, we emphasize AHRQ Director.
seeks the same information as part of its that, despite this disclosure permission, Jocelyn Samuels,
oversight or investigatory we expect that most reporting to the Director, OCR.
responsibilities. The information at FDA and its regulated entities will be [FR Doc. 2016–12312 Filed 5–20–16; 5:15 pm]
issue would be PSWP and would be done with information that is not BILLING CODE 4160–90–P
privileged and confidential, but the patient safety work product, as is done
provider may still have several options today. This disclosure permission is
to satisfy its obligation. If the intended to allow for reporting to the
information is eligible for the drop out DEPARTMENT OF HOMELAND
FDA or FDA-regulated entity in those SECURITY
provision (including that the provider
has not yet reported the information to special cases where, only after an
analysis of patient safety work product, Federal Emergency Management
a PSO), then the provider may follow
does a provider realize it should make Agency
the drop out provision discussed above
to remove the information from its PSES a report.’’ 43 44 HHS has the same
expectation for other external 44 CFR Part 64
and report or maintain the information
outside of the PSES, to satisfy the obligations, as well. [Docket ID FEMA–2016–0002; Internal
regulator’s request. This information is 3. Can the provider recreate the Agency Docket No. FEMA–8435]
no longer PSWP. If the provider has information or conduct an identical
reported the information to a PSO or the Suspension of Community Eligibility
analysis from non-PSWP outside of the
information is otherwise not subject to PSES? If a provider is instructed to AGENCY: Federal Emergency
the drop out provision, the Patient compile specified information but the Management Agency, DHS.
Safety Act and Patient Safety Rule provider previously assembled such ACTION: Final rule.
provide several options that the information within its PSES and
provider may want to consider, which SUMMARY: This rule identifies
reported it to a PSO, this does not
are discussed below. communities where the sale of flood
1. Did the provider mistakenly enter prevent a provider from creating the
insurance has been authorized under
information that is not PSWP into its requested information using non-PSWP.
the National Flood Insurance Program
PSES? The provider may want to first As indicated in the NPRM, ‘‘[t]hose who
(NFIP) that are scheduled for
ensure that the information being participated in the collection, suspension on the effective dates listed
requested meets the definition of PSWP. development, analysis, or review of the within this rule because of
If the provider determines that the missing information or have knowledge noncompliance with the floodplain
information now required is not PSWP of its contents can fully disclose what management requirements of the
(e.g., an original patient record was they know . . .’’ 45 Similarly, although program. If the Federal Emergency
accidentally placed in the PSES), the an analysis originally conducted in the Management Agency (FEMA) receives
provider can remove the information PSES cannot become non-PSWP under documentation that the community has
from its PSES. If the information does the drop out provision, if a provider is adopted the required floodplain
not meet the definition of PSWP, it is informed that a certain analysis is management measures prior to the
not privileged and confidential under needed to meet an external obligation, effective suspension date given in this
the Patient Safety Act, and the Patient the Patient Safety Act indicates that a rule, the suspension will not occur and
Safety Act places no limitations on the provider could conduct a new analysis a notice of this will be provided by
provider from further releasing it. If the with non-PSWP to satisfy this publication in the Federal Register on a
information is not PSWP and the only requirement, ‘‘regardless of whether subsequent date. Also, information
copy of the information is in the PSO’s such additional analysis involves issues identifying the current participation
PSES (i.e., the provider did not retain a identical to or similar to those for which status of a community can be obtained
copy outside of or in its PSES), then the information was reported to or assessed from FEMA’s Community Status Book
Patient Safety Act places no limitations (CSB). The CSB is available at http://
by’’ a PSO or PSES.46
on the PSO from releasing it back to the www.fema.gov/fema/csb.shtm.
provider. Providers are reminded that they
DATES: The effective date of each
2. Is there a disclosure exception that should exercise care to ensure that even
community’s scheduled suspension is
may be used to permissibly disclose the if the information is not privileged and
the third date (‘‘Susp.’’) listed in the
PSWP? For example: confidential under the Patient Safety third column of the following tables.
• Can the provider obtain Act or if a permissible disclosure of
authorization from each identified FOR FURTHER INFORMATION CONTACT: If
PSWP has been identified, the intended
provider to disclose the information, in you want to determine whether a
disclosure of the information is not particular community was suspended
accordance with 42 CFR 3.206(b)(3)? impermissible under any other law (e.g.,
• Is the information subject to the on the suspension date or for further
the HIPAA Privacy Rule.) information, contact Patricia Suber,
disclosure permission to the FDA at 42
CFR 3.206(b)(7)? Federal Insurance and Mitigation
• Is the information being voluntarily Administration, Federal Emergency
43 73 FR 70782, Nov. 21, 2008.
disclosed to an accrediting body,
44 Following publication of the Patient Safety Management Agency, 500 C Street SW.,
mstockstill on DSK3G9T082PROD with RULES
Rule, HHS issued guidance on meeting mandatory Washington, DC 20472, (202) 646–4149.
pursuant to 42 CFR 3.206(b)(8)? reporting obligations to the FDA. See ‘‘Department
While these disclosure permissions of Health and Human Services Guidance Regarding
SUPPLEMENTARY INFORMATION: The NFIP
are available in the limited Patient Safety Organizations’ Reporting Obligations enables property owners to purchase
circumstances described in the Patient and the Patient Safety and Quality Improvement Federal flood insurance that is not
Safety Rule, relying upon a disclosure Act of 2005’’ available at www.pso.ahrq.gov. otherwise generally available from
permission should not be a provider’s 45 73 FR 8124, Oct. 5, 2007. private insurers. In return, communities
primary method to meet an external 46 42 U.S.C. 299b–22(h). agree to adopt and administer local
VerDate Sep<11>2014 17:11 May 23, 2016 Jkt 238001 PO 00000 Frm 00044 Fmt 4700 Sfmt 4700 E:\FR\FM\24MYR1.SGM 24MYR1](https://thefederalregister.org/doc/81_FR_32755/page/6.svg)
Document Created: 2016-05-24 05:21:44
Document Modified: 2016-05-24 05:21:44
| Category | Regulatory Information | |
| Collection | Federal Register | |
| sudoc Class | AE 2.7: GS 4.107: AE 2.106: | |
| Publisher | Office of the Federal Register, National Archives and Records Administration | |
| Section | Rules and Regulations | |
| Action | Guidance on Patient Safety and Quality Improvement Act of 2005. | |
| Dates | The Guidance is effective on May 24, 2016. | |
| Contact | Susan Grinder, Center for Quality Improvement and Patient Safety, AHRQ, 5600 Fishers Lane, Mail Stop 06N100B, Rockville, MD 20857; Telephone (301) 427-1327; Email: [email protected] | |
| FR Citation | 81 FR 32655 |
2025 Federal Register | Disclaimer | Privacy Policy
USC | CFR | eCFR