290 likes | 553 Vues
Confidentiality, Patient Safety Work Product, and PSOs. The Proposed Rule Implementing the Patient Safety and Quality Improvement Act of 2005. AHRQ Annual Conference September 8, 2008. Presentation Organization. Patient Safety Act: A Brief Overview – Larry Patton
E N D
Confidentiality, Patient Safety Work Product, and PSOs The Proposed Rule Implementing the Patient Safety and Quality Improvement Act of 2005 AHRQ Annual Conference September 8, 2008
Presentation Organization Patient Safety Act: A Brief Overview – Larry Patton Confidentiality Protections and their Enforcement – Verne Rinker Confidentiality Protections: Provider Considerations – Larry Patton
What is the Problem? • Providers fear that patient safety analyses could be used against them in court (malpractice) or in disciplinary proceedings • State peer review laws seldom permit large providers to undertake system-wide analyses • Inability to aggregate data undercuts efforts to improve patient safety; only by looking at large numbers of events can patterns of “system” failures be identified
The Solution in the Act • Authorizes creation of Patient Safety Organizations (PSOs) -- entities with expertise in identifying, analyzing, correcting and preventing risks/harms to patient safety • Provides Federal confidentiality protections for these analyses and significantly limits their use in criminal, civil, and/or administrative proceedings • Requires PSOs to work with more than 1 provider to encourage PSOs to aggregate data across multiple providers
Patient Safety Act HHS Division of Authority AHRQ: Patient Safety Organizations • Subpart B: Authority to implement PSO certification, listing, and revocation procedures OCR: Confidentiality Protections • Subparts C and D: Establishment of confidentiality protections and process for enforcement; authority extends to all holders of patient safety work product Subpart A definitions are critical for understanding Subparts B, C, and D
Patient Safety Act:Key Concepts Patient Safety Work Product -- Term used by the statute to describe the class of information that is privileged and confidential. Patient Safety Evaluation System “means the collection, management, or analysis of information for reporting to or by a PSO.”
Presentation Organization • Patient Safety Act: A Brief Overview – Larry Patton • Confidentiality Protections and their Enforcement – Verne Rinker • Confidentiality Protections: Provider Considerations – Larry Patton
Confidentiality: OCR Approach • Ensure strong protection of PSWP to encourage robust provider participation in reporting of medical errors, while not impeding needed communication and sharing of information/PSWP to achieve patient safety goals • Maximize provider discretion to disclose or not, allowing providers to establish stricter requirements • Minimize complexity or disparity with HIPAA Privacy Rule 8
Patient Safety Work Product • PSWP is any data: • Developed by a provider and reported to a PSO • Developed by a PSO for the conduct of patient safety activities, or • That identifies or constitutes deliberations of or the fact of reporting pursuant to a patient safety evaluation system • Original provider records (e.g., medical, billing) are not PSWP • Nonidentifiable PSWP is not confidential or privileged 9
Confidentiality • The statute provides federal confidentiality and privilege protections to patient safety work product (PSWP) and specifies when disclosures are permitted • Confidentiality and privilege protections continue after disclosure, with limited exceptions • PSWP may contain protected health information (PHI) requiring covered providers to also comply with the HIPAA Privacy Rule requirements 10
Confidentiality Disclosure Permissions Privilege and Confidentiality Exceptions • For use in a criminal proceeding • To obtain equitable relief for reporters • If authorized by identified providers • Nonidentifiable PSWP 11
Confidentiality Disclosure Permissions (cont’d) Confidentiality Only Exceptions For Patient Safety Activities (PSAs) For research To the FDA (regarding regulated products) Voluntary disclosure to an accrediting body For business operations as determined by the Secretary For criminal law enforcement purposes (voluntary) PSWP that does not include the assessment of quality of care or describe or pertain to actions / failures to act by an identifiable provider 12
Patient Safety Activities Disclosure • Core disclosure permission facilitates open, unfettered communication about patient safety events between providers and PSOs • Allows for aggregation of PSWP to identify patterns and trends and to facilitate creation of meaningful nonidentifiable PSWP for a national network of databases • Providers control the extent of disclosures they make to PSOs (and may be able, by contract, to limit redisclosures), which should ameliorate concerns by providers of wide-spread and uncontrolled dissemination of PSWP 13
Enforcement • Strong event-driven (complaints and compliance reviews) enforcement program coupled with voluntary compliance • Providers and PSOs have own incentives to not disclose impermissibly – which align with enforcement goals and may keep the potential enforcement workload low • Enforcement discretion to make appropriate response to situations presented by these new program requirements • Reduce complexity of enforcement program by basing enforcement regulations on standards familiar to the provider community – the HIPAA Enforcement Rule 14
Enforcement (cont’d) Penalty for Violation: A person who discloses identifiable PSWP in knowing or reckless violation of the confidentiality protections is subject to a civil money penalty (CMP) of up to $10,000 per act Disclosures by Agents: Principals are liable for an agent’s violation acting within the scope of the agency Prohibition on Dual Penalties: CMPs may not be imposed under both the Patient Safety Act and HIPAA for a single act OCR Access to PSWP for Enforcement: PSWP must be disclosed to HHS for compliance and enforcement purposes 15
Presentation Organization • Patient Safety Act: A Brief Overview – Larry Patton • Confidentiality Protections and their Enforcement – Verne Rinker • Confidentiality Protections: Provider Considerations – Larry Patton
Confidentiality Protections: Provider Considerations • The Patient Safety Act’s confidentiality protections have the potential to significantly expand provider-based patient safety initiatives • Proposed rule would give a provider great flexibility on how to operate and develop a patient safety evaluation system to meet its needs • But providers need to take into account other elements of the statute 17
Confidentiality Protections: Provider Considerations • Statute requires providers to continue to meet external reporting requirements – with information that is not PSWP • Privilege protections not only limit access of others to your PSWP but limit your ability to use PSWP in civil, criminal, administrative, or disciplinary proceedings • Statute prohibits a provider from taking an adverse action against an individual based on the fact that the individual reported information in good faith • Statute seeks to foster a “culture of safety” 18
Confidentiality Protections: Provider Considerations A provider needs to carefully consider what information is appropriate to protect and what information should not be protected For example: • Is this information needed to meet external reporting, accountability requirements? • Will this information be needed to justify a disciplinary decision if challenged? 19
Confidentiality Protections: Provider Considerations When PSWP is held by an entity, the proposed rule would not hold entities liable for uses of PSWP within the legal entity (note: component PSOs cannot share PSWP with rest of its parent organization except under certain circumstances) This permits free flow of PSWP to those who need access within the provider But any holder of PSWP – including a provider’s employees – can make disclosures of PSWP in conformity with the rule, without incurring a penalty under the rule 20
Confidentiality Protections: Provider Considerations • Will your workforce be confident that PSWP will not influence privilege, disciplinary or similar decisions? • Issues to consider: - Separateness of PSWP from these other administrative processes - Extent to which personnel participate in both review of PSWP and these other administrative processes 21
Confidentiality Protections: A Final Reminder About HIPAA If a provider is a covered entity as well as a holder of PSWP, it is NEVER sufficient to disclose information by simply looking at either HIPAA or the Patient Safety Act statute and rule. A disclosure can only be made if it complies with BOTH. This has implications for informal case discussions that take place outside the legal entity of the provider 22