Ann & Natalie’s Compliance Corner
Welcome back to Ann & Natalie’s Compliance Corner! This month, we discuss a proposed regulation implementing the Patient Safety and Quality Improvement Act of 2005 through the establishment of Patient Safety Organizations. Missed last month’s discussion of the The Medicare, Medicaid and SCHIP Extension Act of 2007? Click here.
In the February 12, 2008 edition of the Federal Register (the daily newspaper of the Federal Government), the Centers for Medicare and Medicaid Services (CMS) published the proposed rule implementing the Patient Safety and Quality Improvement Act of 2005, which was enacted to promote medical error reporting.
The act fosters the establishment of Patient Safety Organizations (PSOs), which are private entities that would collect and analyze data related to patient safety incidents to identify ways to prevent medical errors. A requirement for PSOs as part of the rule would be to seek contracts with multiple providers, which would allow them to aggregate data from these clients as well as with other PSOs.
Most types of organizations could become PSOs under the act, but the Department of Health and Human Services (HHS) notes that the statute prohibits health insurance issuers from becoming PSOs, and includes a proposal to preclude entities that conduct regulatory oversight of providers from enlisting as PSOs. HHS indicates that the inclusion of such entities might undermine provider confidence “that adequate separation of PSO and regulatory activities could be maintained.”
The act also creates protections in civil and criminal proceedings based on privilege and confidentiality for “patient safety work product” that would be reported to PSOs. HHS notes that these protections “will enable all health care providers, including multi-facility health care systems to share data within a protected legal environment,” without the fear of litigation. Reporting would be voluntary, and the privilege and confidentiality protections would encourage the sharing of data on patient safety incidents in a more consistent manner.
The proposed rule further highlights permitted disclosures, confidentiality for “patient safety work product,” and the conditions under which the protections would no longer apply. In the event of a knowing or reckless impermissible disclosure of patient safety work product, civil monetary penalties of up to $10,000 may be imposed based on the guidelines set forth by the rule.
HHS cautions in the rule that PSOs would be deemed business associates of covered entities under the Health Insurance and Portability and Accountability Act (HIPAA), which would require these entities to enter into business associate agreements with PSOs. The proposed rule also provides an in-depth discussion about compliance with the HIPAA privacy rule as part of the Patient Safety Act.
The due date for comments on the proposed rule is April 14, 2008
To read the proposed rule, click here.
Disclaimer: The content of Compliance Corner is for general informational purposes only and should not be interpreted as compliance guidance or advice. Consult your compliance advisor or attorney for compliance or legal advice on specific issues related to your practice or compliance program.
