Patient Safety Act
HHS Is in the Process of Implementing the Act, So Its Effectiveness Cannot Yet Be Evaluated
Gao ID: GAO-10-281 January 29, 2010
The Institute of Medicine (IOM) estimated in 1999 that preventable medical errors cause as many as 98,000 deaths a year among hospital patients in the United States. Congress passed the Patient Safety and Quality Improvement Act of 2005 (the Patient Safety Act) to encourage health care providers to voluntarily report information on medical errors and other events--patient safety data--for analysis and to facilitate the development of improvements in patient safety using these data. The Patient Safety Act directed GAO to report on the law's effectiveness. This report describes progress by the Department of Health and Human Services, Agency for Healthcare Research and Quality (AHRQ) to implement the Patient Safety Act by (1) creating a list of Patient Safety Organizations (PSO) so that these entities are authorized under the Patient Safety Act to collect patient safety data from health care providers to develop improvements in patient safety, and (2) implementing the network of patient safety databases (NPSD) to collect and aggregate patient safety data. These actions are important to complete before the law's effectiveness can be evaluated. To do its work, GAO interviewed AHRQ officials and their contractors. GAO also conducted structured interviews with officials from a randomly selected sample of PSOs.
AHRQ has made progress listing 65 PSOs as of July 2009. However, at the time of GAO's review, few of the 17 PSOs randomly selected for interviews had entered into contracts to work with providers or had begun to receive patient safety data. PSO officials told GAO that some PSOs were still establishing aspects of their operations; some were waiting for AHRQ to finalize a standardized way for PSOs to collect data from providers; and some PSOs were still engaged in educating providers about the confidentiality protections offered by the Patient Safety Act. AHRQ is in the process of developing the NPSD and its associated components--(1) the common formats PSOs and providers will be required to use when submitting patient safety data to the NPSD and (2) a method for making patient safety data non-identifiable, or removing all information which could be used to identify a patient, provider, or reporter of patient safety information. If each of these components is completed on schedule, AHRQ officials expect that the NPSD could begin receiving patient safety data from hospitals by February 2011. AHRQ officials could not provide a time frame for when they expect the NPSD to be able to receive patient safety data from other providers. AHRQ also has preliminary plans for how to allow the NPSD to serve as an interactive resource for providers and PSOs and for how AHRQ will analyze NPSD data to help meet certain reporting requirements established by the Patient Safety Act. According to AHRQ officials, plans for more detailed analyses that could be useful for identifying strategies to reduce medical errors will be developed once the NPSD begins to receive data.
GAO-10-281, Patient Safety Act: HHS Is in the Process of Implementing the Act, So Its Effectiveness Cannot Yet Be Evaluated
This is the accessible text file for GAO report number GAO-10-281
entitled 'Patient Safety Act: HHS Is in the Process of Implementing
the Act, So Its Effectiveness Cannot Yet Be Evaluated' which was
released on January 29, 2010.
This text file was formatted by the U.S. Government Accountability
Office (GAO) to be accessible to users with visual impairments, as
part of a longer term project to improve GAO products' accessibility.
Every attempt has been made to maintain the structural and data
integrity of the original printed product. Accessibility features,
such as text descriptions of tables, consecutively numbered footnotes
placed at the end of the file, and the text of agency comment letters,
are provided but may not exactly duplicate the presentation or format
of the printed version. The portable document format (PDF) file is an
exact electronic replica of the printed version. We welcome your
feedback. Please E-mail your comments regarding the contents or
accessibility features of this document to Webmaster@gao.gov.
This is a work of the U.S. government and is not subject to copyright
protection in the United States. It may be reproduced and distributed
in its entirety without further permission from GAO. Because this work
may contain copyrighted images or other material, permission from the
copyright holder may be necessary if you wish to reproduce this
material separately.
Report to Congressional Committees:
United States Government Accountability Office:
GAO:
January 2010:
Patient Safety Act:
HHS Is in the Process of Implementing the Act, So Its Effectiveness
Cannot Yet Be Evaluated:
GAO-10-281:
GAO Highlights:
Highlights of GAO-10-281, a report to congressional committees.
Why GAO Did This Study:
The Institute of Medicine (IOM) estimated in 1999 that preventable
medical errors cause as many as 98,000 deaths a year among hospital
patients in the United States. Congress passed the Patient Safety and
Quality Improvement Act of 2005 (the Patient Safety Act) to encourage
health care providers to voluntarily report information on medical
errors and other events”patient safety data”for analysis and to
facilitate the development of improvements in patient safety using
these data. The Patient Safety Act directed GAO to report on the law‘s
effectiveness.
This report describes progress by the Department of Health and Human
Services, Agency for Healthcare Research and Quality (AHRQ) to
implement the Patient Safety Act by (1) creating a list of Patient
Safety Organizations (PSO) so that these entities are authorized under
the Patient Safety Act to collect patient safety data from health care
providers to develop improvements in patient safety, and (2)
implementing the network of patient safety databases (NPSD) to collect
and aggregate patient safety data. These actions are important to
complete before the law‘s effectiveness can be evaluated. To do its
work, GAO interviewed AHRQ officials and their contractors. GAO also
conducted structured interviews with officials from a randomly
selected sample of PSOs.
What GAO Found:
AHRQ has made progress listing 65 PSOs as of July 2009. However, at
the time of GAO‘s review, few of the 17 PSOs randomly selected for
interviews had entered into contracts to work with providers or had
begun to receive patient safety data. PSO officials told GAO that some
PSOs were still establishing aspects of their operations; some were
waiting for AHRQ to finalize a standardized way for PSOs to collect
data from providers; and some PSOs were still engaged in educating
providers about the confidentiality protections offered by the Patient
Safety Act.
AHRQ is in the process of developing the NPSD and its associated
components”(1) the common formats PSOs and providers will be required
to use when submitting patient safety data to the NPSD and (2) a
method for making patient safety data non-identifiable, or removing
all information which could be used to identify a patient, provider,
or reporter of patient safety information. If each of these components
is completed on schedule, AHRQ officials expect that the NPSD could
begin receiving patient safety data from hospitals by February 2011.
AHRQ officials could not provide a time frame for when they expect the
NPSD to be able to receive patient safety data from other providers.
AHRQ also has preliminary plans for how to allow the NPSD to serve as
an interactive resource for providers and PSOs and for how AHRQ will
analyze NPSD data to help meet certain reporting requirements
established by the Patient Safety Act. According to AHRQ officials,
plans for more detailed analyses that could be useful for identifying
strategies to reduce medical errors will be developed once the NPSD
begins to receive data.
Figure: Intended Flow of Information to and from the NPSD:
[Refer to PDF for image: illustration]
Providers (Hospitals, clinics, etc.): Non-identifiable patient safety
data: to AHRQ:
Network of patient safety databases;
Patient safety data: to Patient safety organization (PSO); Analysis of
patient safety event data.
Patient safety organization (PSO):
Feedback and recommendations from PSO to providers;
Non-identifiable patient safety data: to AHRQ: Network of patient
safety databases.
AHRQ:
Network of patient safety databases: Data analysis:
National Healthcare Quality Report;
National Health Disparities Report;
Other Analyses and Reports.
Network of patient safety databases: data query process back to
Patient safety organization (PSO) and Providers (Hospitals, clinics,
etc.).
Source: GAO analysis of AHRQ documents.
[End of figure]
The Department of Health and Human Services provided technical
comments on a draft of this report, which we have incorporated as
appropriate.
View [hyperlink, http://www.gao.gov/products/GAO-10-281] or key
components. For more information, contact Linda T. Kohn at (202) 512-
7114 or kohnl@gao.gov.
[End of section]
Contents:
Letter:
Background:
AHRQ Has Listed PSOs, but Few PSOs We Interviewed Have Begun Serving
Providers:
AHRQ Is in the Process of Implementing the NPSD and Has Developed
Preliminary Plans for Using NPSD Data:
Concluding Observations:
Agency Comments:
Appendix I: Examples from Established Patient Safety Reporting Systems:
Appendix II: Selected Statutory Requirements for Listing of Patient
Safety Organizations:
Appendix III: GAO Contact and Staff Acknowledgments:
Figures:
Figure 1: Intended Flow of Information to and from the NPSD:
Figure 2: Timeline for Developing the NPSD:
Abbreviations:
IOM: Institute of Medicine:
HHS: Department of Health and Human Services:
PSO: Patient Safety Organization:
NPSD: Network of Patient Safety Databases:
AHRQ: Agency for Healthcare Research and Quality:
OCR: Office for Civil Rights:
HIPAA: Health Insurance Portability and Accountability Act of 1996:
NQF: National Quality Forum:
IFMC: Iowa Foundation for Medical Care:
PPC: Privacy Protection Center:
[End of section]
United States Government Accountability Office:
Washington, DC 20548:
January 29, 2010:
The Honorable Tom Harkin:
Chairman:
The Honorable Michael B. Enzi:
Ranking Member:
Committee on Health, Education, Labor, and Pensions:
United States Senate:
The Honorable Henry A. Waxman:
Chairman:
The Honorable Joe Barton:
Ranking Member:
Committee on Energy and Commerce:
House of Representatives:
Research has shown that serious injuries or deaths resulting from
medical care are both common and often preventable. In a frequently
cited report, the Institute of Medicine (IOM) estimated in 1999 that
preventable medical errors cause as many as 98,000 deaths a year among
hospital patients in the United States.[Footnote 1] The IOM identified
several mechanisms for improving patient safety, including the use of
medical error reporting systems to gather and analyze information on
medical errors in order to prevent them from occurring in the future.
The IOM report noted, however, that health care providers are often
reluctant to report or disclose their medical errors and to
participate in related learning efforts out of fear of incurring legal
liability or professional sanctions. To address these concerns, the
IOM report recommended the expanded use of voluntary medical error
reporting systems that allow confidential reporting. The report also
recommended that Congress provide legal protections to prevent the
unauthorized disclosure of information collected and reported by
providers for the purpose of improving patient safety.
At the time of the IOM's 1999 report, several states operated
mandatory systems for the reporting of serious medical errors-those
resulting in death or serious injury-but these reporting systems were
primarily used to hold providers accountable for their errors and
often involved public disclosure. In contrast, confidential, voluntary
systems for reporting of medical errors, designed primarily for
developing improvements in patient safety, were less common and less
widely used. Partially in response to the IOM report, Congress passed
the Patient Safety and Quality Improvement Act of 2005 (the Patient
Safety Act) to encourage health care providers to voluntarily report
information on patient safety events and to facilitate the development
and adoption of interventions and solutions to improve patient safety.
[Footnote 2]
To achieve these goals, the Patient Safety Act directed the Department
of Health and Human Services (HHS) to create a list of public or
private organizations known as Patient Safety Organizations (PSO).
Listing by HHS indicates that PSOs are authorized to serve providers
as independent patient safety experts and to receive data regarding
patient safety events that will be considered privileged and
confidential.[Footnote 3] The Patient Safety Act prohibits the
unauthorized disclosure of certain types of data regarding patient
safety events that providers send to listed PSOs.[Footnote 4] To
facilitate the development of improvements in patient safety, the
Patient Safety Act also requires PSOs to certify that they will
analyze data regarding patient safety events, provide feedback to
providers, and develop and disseminate information on ways providers
can improve patient safety. By serving multiple providers and
aggregating data regarding patient safety events, the Patient Safety
Act intends for PSOs to help providers better understand the
underlying causes of patient safety events and develop solutions to
prevent or reduce the frequency of such events.
To support PSOs and providers in their efforts to develop and adopt
improvements in patient safety, the Patient Safety Act directed HHS to
create a network of patient safety databases (NPSD). The Patient
Safety Act specifies that the NPSD is to collect and aggregate non-
identifiable data regarding patient safety events voluntarily
submitted to it by PSOs and providers.[Footnote 5] The law does not
require PSOs or providers to submit data to the NPSD. The law also
specifies that the NPSD should serve as a resource that health care
providers, PSOs, and others can use to develop improvements in patient
safety. Specifically, by facilitating the aggregation and analysis of
patient safety data from providers nationwide, the NPSD is intended to
assist PSOs and providers in identifying underlying patterns and
trends associated with patient safety events. In addition, the Patient
Safety Act also requires HHS to use data from the NPSD to analyze
national and regional statistics, including trends and patterns in
patient safety events, and to report on effective strategies for
reducing patient safety events and increasing patient safety. HHS has
delegated responsibility for listing PSOs, implementing and
maintaining the NPSD, and analyzing data submitted to the NPSD to the
Agency for Healthcare Research and Quality (AHRQ).
The Patient Safety Act requires GAO to report to Congress by February
1, 2010, on the law's effectiveness in accomplishing its purpose.
Although the Patient Safety Act was enacted in July 2005, the law did
not specify a time frame for implementation. Final regulations to
implement the act became effective on January 19, 2009. In this
report, we describe the progress AHRQ has made in (1) listing PSOs,
including PSO efforts to serve providers, and (2) implementing the
NPSD. These actions by AHRQ are important to complete before the law's
effectiveness can be evaluated. In addition, because participation--
including submission of data on patient safety events--by PSOs and
providers is voluntary, their actions may also contribute to the law's
effectiveness in accomplishing its purpose.
To describe the progress AHRQ has made in listing PSOs, we interviewed
AHRQ and other HHS officials and reviewed relevant documents,
including regulations, policies, and guidelines. We also conducted
structured interviews with officials from 17 randomly selected PSOs,
representing 26 percent of those listed as of July 2009, to obtain
information on the extent to which the PSOs have begun to collect and
analyze patient safety data and provide feedback to providers.
Although our sample was representative of listed PSOs, our findings
from these interviews cannot be generalized to all PSOs. Furthermore,
we did not speak directly with health care providers regarding their
use, or potential use, of PSOs. To describe the progress AHRQ has made
in implementing the NPSD, we interviewed officials at AHRQ and its
contractors, and we reviewed relevant documents including contracts,
time lines, and progress reports. In addition, we also obtained, for
context, information on other established patient safety reporting
systems, as AHRQ's efforts to list PSOs and implement the NPSD are
relatively new. Specifically, we identified examples of how selected,
established patient safety reporting systems encourage reporting of
patient safety event information by providers and facilitate the
development of improvements in patient safety. We present these
examples and related methodology in appendix I.
We conducted our work from March 2009 to January 2010 in accordance
with all sections of GAO's Quality Assurance Framework that are
relevant to our objectives. The framework requires that we plan and
perform the engagement to obtain sufficient and appropriate evidence
to meet our stated objectives and to discuss any limitations in our
work. We believe that the information and data obtained, and the
analysis conducted, provide a reasonable basis for any findings and
conclusions.
Background:
AHRQ and the Office for Civil Rights (OCR) within HHS share
responsibility for implementing the Patient Safety Act. AHRQ is
responsible for listing PSOs, providing technical assistance to PSOs,
implementing and maintaining the NPSD, and analyzing the data
submitted to the NPSD. OCR has responsibility for interpreting,
implementing, and enforcing the confidentiality protections.[Footnote
6] To help implement the Patient Safety Act, AHRQ and OCR developed
the legislation's implementing regulations, which took effect January
19, 2009.[Footnote 7]
PSOs:
The Patient Safety Act establishes criteria that organizations must
meet and required patient safety activities that the organizations
must perform after being listed as PSOs. The criteria include an
organizational mission to improve patient safety and the quality of
health care delivery; use of collected data to provide direct feedback
and assistance to providers to minimize patient risk; staff who are
qualified to perform analyses on patient safety data; and adequate
policies and procedures to ensure that patient safety data are kept
confidential. Required PSO activities include activities such as
efforts to improve patient safety and the quality of health care
delivery. (See app. II for the complete list of criteria and required
PSO activities as specified in the Patient Safety Act.) The criteria
allow for many types of organizations to apply to AHRQ to be listed as
a PSO. These organizations may include public and private entities,
for-profit and not-for-profit organizations, and entities that are a
component of another organization, such as a hospital association or
health system.
A PSO must attest for the initial listing period that it will comply
with the criteria and that it has policies and procedures in place
that will allow it to perform the required activities of a PSO. When
reapplying for subsequent 3-year listing periods, a PSO must attest
that it is complying with the criteria and that it is in fact
performing each of the required activities. The regulations require
AHRQ staff to review written PSO applications documenting PSO
attestations to each of the statutory criteria and required
activities. In the case of certain PSOs that are component
organizations, the regulations also require the applicant to complete
an additional set of attestations and disclosure statements detailing
the relationship between the component and parent organizations. The
regulations require that after AHRQ staff review the application
materials and related information, the applicant will be listed,
conditionally listed, or denied.[Footnote 8]
Legal Protections for Patient Safety Data:
When a provider elects to use the services of a listed PSO, the
Patient Safety Act provides privilege and confidentiality protections
[Footnote 9] for certain types of data regarding patient safety events
that providers collect for the purposes of reporting to a PSO.
[Footnote 10] In general, the Patient Safety Act excludes the use of
patient safety data in civil suits, such as those involving
malpractice claims, and in disciplinary proceedings against a
provider. While certain states have laws providing varying levels of
privilege and confidentiality protections for patient safety data, the
Patient Safety Act provides a minimum level of protection.
Regulations implementing the Patient Safety Act address the
circumstances under which patient safety data may be disclosed, such
as when used in criminal proceedings, authorized by identified
providers, and among PSOs or affiliated providers.[Footnote 11] OCR
has the authority to conduct reviews to ensure that PSOs, providers,
and other entities are complying with the confidentiality protections
provided by the law. OCR also has the authority to investigate
complaints alleging that patient safety data has been improperly
disclosed and to impose a civil money penalty of up to $11,000 per
violation.[Footnote 12]
The NPSD and Requirements for Submitting Data to the NPSD:
The Patient Safety Act requires HHS to create and maintain the NPSD as
a resource for PSOs, providers, and qualified researchers.[Footnote
13] The law specifies that the NPSD must have the capacity to accept,
aggregate, and analyze non-identifiable patient safety data
voluntarily submitted to the NPSD by PSOs, providers, and other
entities.[Footnote 14] Providers may submit non-identifiable data
directly to the NPSD, or work with a PSO to submit patient safety
data. Neither PSOs nor providers are required by either the Patient
Safety Act or regulation to submit data to the NPSD. Figure 1 shows
the intended flow of patient safety data and other information among
providers, PSOs, and the NPSD.
Figure 1: Intended Flow of Information to and from the NPSD:
[Refer to PDF for image: illustration]
Providers (Hospitals, clinics, etc.): Non-identifiable patient safety
data: to AHRQ:
Network of patient safety databases;
Patient safety data: to Patient safety organization (PSO); Analysis of
patient safety event data.
Patient safety organization (PSO):
Feedback and recommendations from PSO to providers;
Non-identifiable patient safety data: to AHRQ: Network of patient
safety databases.
AHRQ:
Network of patient safety databases: Data analysis:
National Healthcare Quality Report;
National Health Disparities Report;
Other Analyses and Reports.
Network of patient safety databases: data query process back to
Patient safety organization (PSO) and Providers (Hospitals, clinics,
etc.).
Source: GAO analysis of AHRQ documents.
Note: Submission of patient safety data from a provider to a PSO, from
a provider to the NPSD, or from a PSO to the NPSD is voluntary. Before
patient safety data can be transmitted to the NPSD, it must be made
non-identifiable-that is, have any information removed that could be
used to identify a patient, provider, or reporter of patient safety
information.
[End of figure]
The Patient Safety Act authorizes HHS to develop common formats for
reporting patient safety data to the NPSD. According to the Patient
Safety Act, these formats may include the necessary data elements to
be collected and provide common and consistent definitions and a
standardized computer interface for processing the data.[Footnote 15]
While most U.S. hospitals have some type of internal reporting system
for collecting data on patient safety events,[Footnote 16] they often
have varying ways of collecting and organizing their data.[Footnote
17] This variation makes it difficult to accurately compare patient
safety events across systems and providers[Footnote 18] and can be a
barrier to developing solutions to improve patient safety.[Footnote
19] If providers or PSOs choose to submit patient safety data to the
NPSD, AHRQ requires that these data be submitted using the common
formats, because using the common formats is necessary so that data in
the NPSD can be aggregated and analyzed. Aggregation and analysis of
data is important for developing the "lessons learned" or "best
practices" across different institutions that may help improve patient
safety.[Footnote 20]
The Patient Safety Act and its implementing regulations provide
additional measures PSOs must follow whether or not they intend to
submit the data they collect to the NPSD. The Patient Safety Act
regulations require PSOs to collect patient safety data from providers
in a standardized manner that permits valid comparisons of similar
cases among similar providers, to the extent to which these measures
are practical and appropriate. To meet this requirement, the
regulation specifies that PSOs must either (1) use the common formats
developed by AHRQ when collecting patient safety data from providers,
(2) utilize an alternative format that permits valid comparisons among
providers, or (3) explain to AHRQ why it would not be practical or
appropriate to do so. The Patient Safety Act also requires any data
regarding patient safety events that is submitted to the NPSD be non-
identifiable. According to the Patient Safety Act, users can access
non-identifiable patient safety data only in accordance with the
confidentiality protections established by the Patient Safety Act. The
Patient Safety Act's regulations provide technical specifications for
making patient safety data non-identifiable.[Footnote 21]
Finally, the Patient Safety Act states AHRQ must analyze the data that
are submitted to the NPSD and include these analyses in publicly
available reports. Specifically, under the Patient Safety Act, AHRQ is
required to submit a draft report on strategies to improve patient
safety to the IOM within 18 months of the NPSD becoming operational
and a final report to Congress 1 year later. The Patient Safety Act
requires this report to include effective strategies for reducing
medical errors and increasing patient safety, as well any measures
AHRQ determines are appropriate to encourage providers to use the
strategies, including use in any federally funded programs. In
addition, the Patient Safety Act states HHS must use data in the NPSD
to analyze national and regional statistics, including trends and
patterns of health care errors, and include any information resulting
from such analyses in its annual reports on health care quality.
[Footnote 22]
AHRQ Has Listed PSOs, but Few PSOs We Interviewed Have Begun Serving
Providers:
AHRQ listed 65 PSOs from November 2008 to July 2009.[Footnote 23]
However, few of the 17 PSOs we randomly selected to interview had
entered into contracts or other business agreements with providers to
serve as their PSO, and only 3 PSOs reported having begun receiving
patient safety data or providing feedback to providers. PSO officials
identified several reasons why they have not yet engaged with
providers. Some PSOs are still establishing various aspects of their
operations; some are waiting for the common formats for collecting
patient safety data to be finalized by AHRQ; and some are still
engaged in marketing their services and educating providers about the
federal confidentiality protections offered by the Patient Safety Act.
As of July 2009, AHRQ Had Listed 65 PSOs Representing a Variety of
Organizations:
Although the regulations implementing the Patient Safety Act did not
become effective until January 19, 2009,[Footnote 24] AHRQ began
listing PSOs earlier, in November 2008.[Footnote 25] By July 2009,
AHRQ had listed 65 PSOs in 26 states and the District of Columbia.
[Footnote 26] AHRQ officials told us that in listing PSOs they
accepted PSOs' attestations that the PSOs met the certification
requirements established in the Patient Safety Act--that is, to be a
listed PSO, an entity must have policies and procedures in place to
perform the required activities of a PSO and will comply with
additional criteria for listing.[Footnote 27] For continued listing
beyond the initial period, PSOs must attest that they have contracts
with more than one provider and are in fact performing each of the
required activities.
The 65 PSOs AHRQ had listed represent a wide range of organizations,
including some that provided patient safety services for many years
prior to being listed as well as new organizations specifically
established to function as a PSO under the Patient Safety Act.
[Footnote 28] AHRQ officials told us that the organizations listed as
PSOs include consulting firms that have provided patient safety
services for a range of providers and specialties, as well as
organizations with a focus on patient safety in a specific area such
as medical devices, hand hygiene, or pediatric anesthesia. The listed
PSOs also include vendors of patient safety reporting software and
components of state hospital associations.
AHRQ officials told us that the services PSOs deliver to individual
providers will likely vary, depending on the specific contractual or
other business agreements the PSOs establish with providers.[Footnote
29] For example, a small hospital may want to contract with a PSO to
provide all its internal quality improvement services, while a large
hospital may just contract with a PSO to obtain the legal protections
under the Patient Safety Act and to contribute data to the NPSD. While
officials of 13 of the 17 PSOs we interviewed indicated they provided
some patient safety services prior to being listed, all 17 PSOs stated
that the services they planned to make available included the
collection and analysis of patient safety data, the de-identification
of patient safety data for submission to the NPSD, feedback, and
patient safety training.
Few Listed PSOs We Interviewed Have Begun to Serve Providers:
While AHRQ has listed 65 PSOs, few PSOs we interviewed have entered
into contracts or other business agreements with providers to serve as
their PSO. Only 4 of the 17 listed PSOs we interviewed had any
contracts or other agreements with providers to serve as their PSO.
Furthermore, according to PSO officials, only 3 of these PSOs had
begun to receive patient safety data or provide feedback to providers.
[Footnote 30] PSO officials identified several reasons why they had
yet to begin working with providers and receiving patient safety data
as of July 2009. These reasons include the following:
The need to complete the development of various components of their
business operations. Some PSO officials we interviewed told us they
still need to determine various components of their operations. For
example, officials from some PSOs told us they have yet to determine
their fee structure for working with providers. Officials from 6 of 17
PSOs we interviewed stated they were or would be contracting with
other PSOs to receive services, such as information technology systems
support or data security. Nine PSOs reported they had not yet
determined whether they would be contracting for some services. In
addition, while officials from most of the PSOs we interviewed
indicated they planned to submit patient safety data to the NPSD, 4
had not yet determined how they will make data non-identifiable before
sending it to the NPSD.
The need to obtain AHRQ's final common formats for collecting data on
patient safety events. Officials from some PSOs we interviewed
indicated they needed the common formats to be finalized by AHRQ
before beginning to work with providers. While use of AHRQ's common
formats to collect data from providers is not required under the
regulations, most PSOs we interviewed plan to use the common formats
for collecting data on patient safety events and submitting these data
to the NPSD. Officials from 7 of the 17 PSOs we interviewed said they
plan to require providers to submit data using the common formats, and
4 PSOs said they will not require them of providers but will either
convert the reports they receive to the common formats or adapt their
existing reporting system to include the common formats.[Footnote 31]
The need to educate providers about the federal confidentiality
protections. Officials from several of the 17 PSOs we interviewed told
us they faced challenges in addressing provider concerns related to
the scope of the confidentiality protections and that these concerns
needed to be addressed before providers would be willing to engage the
services of a PSO. Some of these PSO officials described challenges in
communicating details of the confidentiality protections. According to
AHRQ officials, the rules for when, where, and how patient safety data
are protected from disclosure are both complex and interrelated with
the privacy rules for protected health information under HIPAA. AHRQ
officials acknowledged the need to work with PSOs to clarify the rules
governing the confidentiality of patient safety data so PSOs can
better communicate these to providers. AHRQ officials indicated they
would address these issues in upcoming quarterly conference calls they
hold with PSO representatives. (See appendix I for examples of ways
established patient safety reporting systems communicate legal
protections for providers and the data they submit.)
AHRQ Is in the Process of Implementing the NPSD and Has Developed
Preliminary Plans for Using NPSD Data:
AHRQ is in the process of implementing the NPSD and developing its
associated components that are necessary before the NPSD can receive
patient safety data--(1) the common formats PSOs and providers will be
required to use if submitting patient safety data to the NPSD and (2)
a method for making these data non-identifiable. If each of these
components is completed on schedule, AHRQ officials expect that the
NPSD could begin receiving patient safety data from hospitals in
February 2011. AHRQ officials could not provide a time frame for when
they expect the NPSD to be able to receive patient safety data from
other providers. AHRQ also has preliminary plans for how to allow the
NPSD to serve as an interactive resource for providers and PSOs and
for how AHRQ will analyze NPSD data to help meet its reporting
requirements under the Patient Safety Act.
AHRQ Is in the Process of Developing the NPSD, the Common Formats for
Hospitals to Submit Data to the NPSD, and a Method for Making Data Non-
identifiable:
AHRQ is in the process of developing the NPSD, and AHRQ officials
expect that the NPSD could begin receiving patient safety data from
hospitals by February 2011. Specifically, AHRQ established a 3-year
contract with Westat effective September of 2007 to develop the NPSD,
[Footnote 32] which is being set up as a database that AHRQ officials
stated is essential for meeting the requirements of the act. AHRQ and
Westat officials told us that completion of the NPSD depends on both
the development of the common formats that will be used to submit
patient safety data to the NPSD and on the development of a method for
making the data non-identifiable. If each of these components is
completed on schedule, AHRQ officials expect that the NPSD could begin
to receive patient safety data from hospitals by February 2011.
AHRQ is finalizing the common formats that PSOs and hospitals will be
required to use if submitting patient safety data to the NPSD. AHRQ
officials expect that the common formats could be available for
hospitals to use in submitting data electronically to the NPSD by
September 2010. AHRQ began developing the common formats for hospitals
in 2005 by reviewing the data collection methods of existing patient
safety systems. In 2007, AHRQ contracted with the National Quality
Forum (NQF) to assist with the collection and assessment of public
comments on a preliminary version of the common formats that was
released in August 2008.[Footnote 33] These common format forms are
used to collect information on patient safety events, including
information about when and where an event occurred, a description of
the event, and patient demographic information.[Footnote 34] AHRQ
issued the common formats for hospitals in paper form in September
2009, and is in the process of making electronic versions available
for hospitals and PSOs to use when submitting data to the NPSD.
Specifically, AHRQ officials told us that they are in the process of
developing technical specifications that private software companies
and others can use to develop electronic versions of the common
formats. According to AHRQ officials, hospitals and PSOs will need
these electronic versions of the common formats in order to submit
data to the NPSD. Their current project plan indicates that the
technical specifications will be completed by March 2010. AHRQ
officials estimate that electronic versions of the common formats
could be available to hospitals and PSOs by September 2010.
AHRQ officials stated that they expect eventually to develop common
formats for providers in other health care settings, such as nursing
homes and ambulatory surgical centers. Furthermore, AHRQ officials
told us that they plan on developing future versions of the common
formats capable of collecting data from the results of root cause
analyses that providers may conduct.[Footnote 35] However, AHRQ
officials were unable to provide an estimate for when the common
formats for other providers will be available or when the capability
to collect information from root cause analyses will be available.
The Patient Safety Act also requires that data submitted to the NPSD
be made non-identifiable by removing information that could be used to
identify individual patients, providers, or facilities. To help PSOs
and providers meet this requirement, AHRQ contracted with the Iowa
Foundation for Medical Care (IFMC)[Footnote 36] to operate a PSO
Privacy Protection Center (PPC) that will develop a method for making
patient safety data non-identifiable and assist PSOs and providers by
removing any identifiable patient or provider information from the
data before submission to the NPSD. Current AHRQ and PPC project plans
indicate that the PPC should be ready to receive and make patient
safety data non-identifiable beginning in September 2010. AHRQ
officials told us that this process involves not only removing
information from each record that could be used to identify patients,
providers, or reporters of patient safety information, but also
determining whether identities could be determined from other
available information and using appropriate methods to prevent this
type of identification from occurring.[Footnote 37] AHRQ officials
told us that PPC officials are working with experts to develop the
PPC's method for making data non-identifiable.[Footnote 38]
AHRQ officials stated that their rationale for establishing the PPC
was to determine a method for making data non-identifiable, provide a
cost savings for PSOs, encourage data submission to the NPSD, and
create consistency in the non-identifiable data that are submitted to
the NPSD. According to AHRQ officials, the PPC will provide its
services to PSOs at no charge and will submit non-identifiable patient
safety data on behalf of PSOs to the NPSD.[Footnote 39] However, PSOs
are not required to use the PPC and may choose to make their patient
safety data non-identifiable internally or with the help of a
contractor of their choice.
AHRQ project plans indicate that the PPC will be able to submit data
to the NPSD beginning in February 2011, approximately 5 months after
the PPC begins receiving data from hospitals. AHRQ officials stated
that this time period is necessary, in part, because the PPC needs to
begin receiving data before it can determine if its method for
rendering data non-identifiable is appropriate or needs to be
adjusted. For example, if the PPC receives a sufficient volume of
data, then officials expect to be able to submit data on individual
patient safety events and have it remain non-identifiable. If the
volume of data is too low, however, PPC officials expect to have to
aggregate data from individual events so that it remains non-
identifiable once submitted to the NPSD, in which case AHRQ officials
stated they may delay submission of data to the NPSD until a
sufficient volume is received. AHRQ officials noted that it is
impossible to determine in advance the volume of data that will be
submitted to the PPC due to the voluntary nature of submissions. As a
result, the level of detail that will exist in the NPSD data cannot be
determined in advance of data being received and processed by the PPC.
Figure 2 summarizes key dates in AHRQ's efforts to develop the NPSD
and its related components.
Figure 2: Timeline for Developing the NPSD:
[Refer to PDF for image: timeline]
July 2005:
Patient Safety Act signed into law.
October 2005:
AHRQ begins work on the common formats.
August 2007:
NQF contract for reviewing common formats for hospitals effective.
September 2007:
Westat contract to develop the NPSD effective, IFMC contract to
develop the PPC effective.
August 2008:
Preliminary version of common formats for hospitals issued and open
for comments.
November 2008:
AHRQ begins listing PSOs, final regulations published.
December 2008:
Comment period for receiving comments on preliminary version of the
common formats for hospitals closes.
January 2009:
Final regulations effective.
September 2009:
Paper version of the common formats for hospitals released by AHRQ.
Projected:
March-September 2010:
* AHRQ expects to release technical specifications for development of
software for electronic versions of the common formats for hospitals
(estimated);
* AHRQ expects private vendors and others to build software for
electronic versions of the common formats for hospitals (estimated);
* PPC expects to begin receiving data and making decisions about how
data should be made non-identifiable (estimated).
February 2011:
AHRQ expects the NPSD to begin receiving non-identifiable patient
safety data for hospitals from PPC and PSOs (estimated).
February 2012:
Westat expects to implement interactive capabilities of NPSD
(estimated), Westat expects to complete first analysis of trends and
patterns in health care errors (estimated and to occur annually
hereafter).
Source: GAO.
Note: The timeline identifies actions that have a focus on hospitals.
AHRQ officials could not provide a time frame for when they expect
common formats to be developed for providers other than hospitals, or
when the NPSD would be able to receive patient safety data from these
providers.
[End of figure]
AHRQ Has Preliminary Plans For How to Meet Requirements for Use of
NPSD Data, Though AHRQ Officials Have Identified Limitations to the
Types of Analyses That Will Be Conducted:
The Patient Safety Act requires that the NPSD serve as an interactive
resource for providers and PSOs, allowing them to conduct their own
analyses of patient safety data. To meet this requirement, AHRQ has
developed plans to allow providers to query the NPSD to obtain
information on patient safety events, including information on the
frequencies and trends of such events. AHRQ's contract with Westat to
construct the NPSD includes a series of tasks for developing, testing,
and implementing this interactive capability of the NPSD. The contract
specifies that these interactive capabilities will be available within
12 months of the NPSD beginning to receive patient safety information.
Based on AHRQ's estimate that the NPSD may be operational by February
2011, the interactive capabilities of the NPSD could be available by
February 2012. However, AHRQ officials indicated that they had not yet
determined the specific types of information that will be available to
PSOs and providers as this will depend, in part, on the level of
detail that is included in the NPSD data after the data are made non-
identifiable.
The Patient Safety Act also states that HHS must use the information
reported into the NPSD to analyze national and regional statistics,
including trends and patterns of health care errors, and to identify
and issue reports on strategies for reducing medical errors and
increasing patient safety after the NPSD becomes operational. To do
this, AHRQ has developed preliminary plans for analyzing the data that
will be submitted to the NPSD. According to AHRQ officials, these
plans specify how the agency will analyze NPSD data to determine
trends and patterns, such as the frequency with which certain types of
adverse events happen across providers based on the data they may
submit to the NPSD. However, AHRQ has yet to develop plans for more
detailed analyses of NPSD data that could be useful for identifying
strategies to reduce medical errors. Officials explained that these
plans will not be developed until the NPSD begins receiving data and
they are able to determine the level of detail in the data and what
analyses it will support.
Despite the potential for standardization provided by the common
formats, AHRQ officials have identified important limitations in the
types of analyses that can be performed with the data submitted to the
NPSD. For example, AHRQ officials explained that because submissions
to the NPSD are voluntary, the trends and patterns produced from the
NPSD will not be nationally representative and, therefore, any
analyses conducted cannot be used to generate data that are
generalizable to the entire U.S. population. In addition, officials
stated that the results from some analyses may be unreliable because
there is no way to control for duplicate entries into the NPSD, which
could occur if a provider submits a single patient safety event report
to more than one PSO. Finally, AHRQ officials noted that it will be
difficult to determine the prevalence or incidence of adverse events
in specific populations. They told us that determining prevalence or
incidence rates requires information on the total number of people at
risk for such events, and that the patient safety data submitted to
the NPSD will not include this information. (See appendix I for more
information about the ways established patient safety reporting
systems analyze data to develop solutions that improve patient safety.)
Concluding Observations:
AHRQ is still in the early stages of listing PSOs and developing plans
for how it will analyze NPSD data and report on effective strategies
for improving patient safety, as required under the Patient Safety
Act. As a result, we cannot assess whether, or to what extent, the law
has been effective in encouraging providers to voluntarily report data
on patient safety events and to facilitate the development and
adoption of improvements in patient safety. In addition, because
improvements to patient safety depend on the voluntary participation
of providers and PSOs, it remains uncertain whether the goals of the
Patient Safety Act will be accomplished even after AHRQ completes its
implementation. For example, providers will have to decide whether to
work with a PSO and the extent to which they will report patient
safety data to both the PSO and the NPSD. Whether the process results
in specific recommendations for improving patient safety will depend
on the volume and quality of the data submitted and on the quality of
the analyses conducted by both PSOs and by AHRQ. Finally, if these
recommendations are to lead to patient safety improvements, providers
must recognize their value and take actions to implement them.
Agency Comments:
The Department of Health and Human Services reviewed a draft of this
report and provided technical comments, which we have incorporated as
appropriate.
We will send copies of this report to the Secretary of Health and
Human Services and other interested parties. In addition, the report
is available at no charge on the GAO Web site at [hyperlink,
http://www.gao.gov].
If you or your staff have questions about this report, please contact
me at (202) 512-7114 or kohnl@gao.gov. Contact points for our Office
of Congressional Relations and Public Affairs may be found on the last
page of this report. GAO staff members who made key contributions to
this report are listed in appendix III.
Signed by:
Linda T. Kohn:
Director, Health Care:
[End of section]
Appendix I: Examples from Established Patient Safety Reporting Systems:
Because the Agency for Healthcare Research and Quality's (AHRQ)
efforts to list Patient Safety Organizations and implement the Network
of Patient Safety Databases are relatively new but some other patient
safety reporting systems are already established, we identified
examples of how selected established patient safety reporting systems
encourage reporting of patient safety event information by providers
and facilitate the development of improvements in patient safety. We
judgmentally selected five established patient safety reporting
systems from a list of such systems compiled by AHRQ. We selected
systems that collected data for learning purposes and that appeared in
a literature review we conducted of 45 relevant articles in peer-
reviewed, trade, or scholarly publications published since January
2000.[Footnote 40] After selecting the systems, we conducted
structured interviews with representatives of these systems to
identify examples of ways that these systems encouraged providers to
submit patient safety data for analysis and used the data collected by
their systems to help develop improvements in patient safety. The
system representatives we interviewed provided common examples that we
have grouped into four areas:
* Practices that encourage providers to learn from patient safety
data, rather than blame individuals;
* Communication intended to clearly explain legal protections for
providers and the data they submit;
* Data collection tools intended to standardize the data providers
submit;
* Data analyses that produce actionable feedback.
Practices that encourage providers to learn from patient safety data,
rather than blame individuals: Representatives from all five patient
safety reporting systems we reviewed said their systems encourage
providers to learn from patient safety data as a way to improve
patient safety, and not blame individuals for an event.[Footnote 41]
According to system representatives, one way they did this was to
emphasize the value of the data collected by the system for learning
ways to reduce the risk that a certain event will recur. For example,
representatives from one system said they created posters to hang in
health care facilities from which the system collected patient safety
data. Representatives from this system explained that the posters
described a patient safety event about which the system received data
as well as the solutions the system developed to improve patient
safety. Another practice representatives said they used is allowing
providers to submit data anonymously. Four out of five system
representatives said their systems offered providers a way to submit
data anonymously.
Communication intended to clearly explain legal protections for
providers and the data they submit: Many of the representatives we
interviewed from patient safety reporting systems told us that their
systems communicate information intended to clearly explain the legal
protections afforded providers and the patient safety data they
submit. For example, one system in our review provided guidance for
providers on how to clearly label data to invoke the confidentiality
protections associated with patient safety data under a law that
protects data in this system. Representatives from another patient
safety reporting system told us that communicating information about
available legal protections can be particularly important for systems
that collect data from providers in multiple states, because the legal
protections for providers and patient safety data vary from state to
state. For example, representatives from two patient safety reporting
systems with users in multiple states said their systems provided
customized legal information for providers based on the state
confidentiality laws that applied to each provider's location. A
representative from one of these systems also said that the legal
information the system offered helped providers understand what types
of data to submit and encouraged them to submit it.
Data collection tools intended to standardize the data providers
submit: Representatives from all five systems told us they had
developed tools intended to standardize the data providers submit to
their patient safety databases. For some systems these tools include
common formats and computer systems.[Footnote 42] Some of the
representatives explained that standardizing the information providers
submit helps ensure that patient safety events, especially events
involving clinical terms, are classified in the same way.[Footnote 43]
Some representatives also said that if a system did not define
clinical terms for providers, providers may define events differently,
which can limit the system's ability to analyze submitted patient
safety data. Furthermore, the representatives said, standardizing
terms increased the value of the data as it is aggregated, as well as
any resulting analyses. Representatives from all five systems said the
ability to collect and aggregate standardized patient safety data
allowed them to identify patterns in patient safety events, which they
believed enabled their systems to suggest ways to improve patient
safety.
Some system representatives said that standardizing the way providers
submit patient safety data allowed them to streamline the data
collection process for providers. Some representatives said they
designed their data collection protocols to allow providers to fulfill
additional reporting requirements related to accreditation or quality
improvement functions, such as submitting data regarding certain
patient safety events to the Joint Commission.[Footnote 44]
Representatives from one system said that their systems did this to
make collecting and submitting patient safety data more efficient for
providers and thereby increase the likelihood that providers would
submit such data to the patient safety reporting system. In another
example, one system built a feature into its computer program that
allowed providers to transfer data directly from providers' in-house
databases to the patient safety data collection system, a data
collection method system representatives said accounted for
approximately 40 percent of all data received from providers.
Data analyses that produce actionable feedback: Representatives from
all five patient safety reporting systems told us that their systems
analyzed submitted data to develop actionable steps providers could
implement to improve patient safety. According to the representatives,
their systems aggregated data from provider submissions and used these
data for both quantitative analyses, such as trend or frequency
analyses, and qualitative analyses, which examine narrative data to
determine whether there were any common themes across events.
Representatives from all five systems said they used both qualitative
and quantitative analyses because neither method alone was completely
sufficient to develop improvements to patient safety. For example, one
system's representatives said they conducted qualitative analyses such
as using a computer program to analyze and group the narrative data
providers submitted to learn about the factors that contributed to
patient safety events. The same representatives explained that their
system also conducted quantitative analyses such as trend analyses on
events to see how often they occur.
Representatives from all the systems said they used various methods to
encourage providers to implement the improvements to patient safety
the systems helped develop. Examples of methods they used included
sending an e-mail from the system when new content was published on
the system's Web site, hosting Web conferences, and publishing
analyses in trade or scholarly publications. All the representatives
said their systems collaborated with other organizations to increase
the likelihood that the improvements they developed were implemented.
For example, one system worked with a statewide coalition of
organizations in the quality improvement field to encourage providers
to implement the patient safety improvements the system developed.
[End of section]
Appendix II: Selected Statutory Requirements for Listing of Patient
Safety Organizations:
A PSO must certify that it has policies and procedures in place to
perform each of the following patient safety activities:
1. Efforts to improve patient safety and the quality of health care
delivery.
2. The collection and analysis of patient safety work product.
3. The development and dissemination of information with respect to
improving patient safety, such as recommendations, protocols, or
information regarding best practices.
4. The utilization of patient safety work product for the purposes of
encouraging a culture of safety and of providing feedback and
assistance to effectively minimize patient risk.
5. The maintenance of procedures to preserve confidentiality with
respect to patient safety work product.
6. The provision of appropriate security measures with respect to
patient safety work product.
7. The utilization of qualified staff.
8. Activities related to the operation of a patient safety evaluation
system and to the provision of feedback to participants in a patient
safety evaluation system.
A PSO must certify that upon being listed, it will comply with the
following criteria:
1. The mission and primary activity of the entity are to conduct
activities that are to improve patient safety and the quality of
health care delivery.
2. The entity has appropriately qualified staff (whether directly or
through contract), including licensed or certified medical
professionals.
3. The entity, within each 24-month period that begins after the date
of the initial listing, has bona fide contracts, each of a reasonable
period of time, with more than 1 provider for the purpose of receiving
and reviewing patient safety work product.
4. The entity is not, and is not a component of, a health insurance
issuer.
5. The entity shall fully disclose--(i) any financial, reporting, or
contractual relationship between the entity and any provider that
contracts with the entity; and (ii) if applicable, the fact that the
entity is not managed, controlled, and operated independently from any
provider that contracts with the entity.
6. To the extent practical and appropriate, the entity collects
patient safety work product from providers in a standardized manner
that permits valid comparisons of similar cases among similar
providers.
7. The utilization of patient safety work product for the purpose of
providing direct feedback and assistance to providers to effectively
minimize patient risk.
Additional Criteria for Component Organizations:
8. The entity maintains patient safety work product separately from
the rest of the organization, and establishes appropriate security
measures to maintain the confidentiality of the patient safety work
product.
9. The entity does not make an unauthorized disclosure under this part
of patient safety work product to the rest of the organization in
breach of confidentiality.
10. The mission of the entity does not create a conflict of interest
with the rest of the organization.
Source: The Patient Safety and Quality Improvement Act of 2005, Pub.
L. No. 109-41, 119 Stat. 424.
[End of section]
Appendix III: GAO Contact and Staff Acknowledgments:
GAO Contact:
Linda T. Kohn at (202) 512-7114 or kohnl@gao.gov:
Staff Acknowledgments:
In addition to the contact named above, William Simerl, Assistant
Director; Eric R. Anderson; Eleanor M. Cambridge; Krister Friday;
Kevin Milne; and Andrea E. Richardson made key contributions to this
report.
[End of section]
Footnotes:
[1] Institute of Medicine, To Err is Human: Building a Safer Health
System (Washington, D.C.: National Academy Press, 1999).
[2] Throughout this report, we use the term patient safety events to
include serious errors or system failures that caused harm to a
patient, near misses in which an error or system failure occurred but
the patient was not harmed, and unsafe conditions having the potential
to cause harm.
[3] As defined by the Patient Safety Act, the term "provider" includes
hospitals, health care practitioners, or any other individual or
entity licensed or otherwise authorized under state law to provide
health care services, or specified by the Secretary of HHS in
regulations.
[4] The Patient Safety Act describes these data. Among other things,
the data may include information on the type of event that occurred
such as a medication error, fall, or hospital acquired infection. The
data may also include the results of analyses conducted by the
provider, information on whether the patient was harmed or not, and
factors that may have contributed to the event such as poor staff
communication, equipment failure, or lack of proper supervision.
[5] In general, non-identifiable patient safety data are data which
are not likely to identify a patient, provider, or certain other
persons who report patient safety information to providers or PSOs.
See 42 C.F.R. § 3.212.
[6] AHRQ is the lead federal agency for supporting research designed
to improve the quality of health care, reduce health care costs,
improve patient safety, decrease medical errors, and broaden access to
essential services. AHRQ sponsors and conducts research that provides
evidence-based information on health care outcomes; quality; and cost,
use, and access. OCR also has responsibility for enforcing the health
information privacy and security rules promulgated under the Health
Insurance Portability and Accountability Act of 1996 (HIPAA).
[7] AHRQ and OCR developed the implementing regulations as a part of a
team of officials from the HHS Office of the Secretary. These
implementing regulations are found at Part 3, title 42, Code of
Federal Regulations.
[8] The regulations allow applicants to be conditionally listed if
they have been denied listing in the past or had a prior listing
revoked.
[9] The Patient Safety Act provides that patient safety data are
privileged and confidential information. In general, privileged and
confidential data are data to which access is restricted to persons or
entities with certain legal rights to access the data based on, for
example, the relationship between a PSO and provider. See 42 U.S.C. §
299b-22.
[10] The Patient Safety Act creates a special designation for data
that meet these criteria-patient safety work product. Patient safety
work product may include information on the type of event that
occurred such as a medication error, fall, or hospital acquired
infection. The data that comprise patient safety work product may also
include the results of analyses conducted by the provider, information
on whether the patient was harmed or not, and factors that may have
contributed to the event such as poor staff communication, equipment
failure, or lack of proper supervision. Patient safety work product
under the act includes data regarding patient safety events that (1)
have been assembled or developed by a provider for reporting to a
listed PSO or developed by a listed PSO for conducting patient safety
activities that could result in improved outcomes, quality, or safety,
or (2) represent an analysis of information that the provider intends
to submit to a listed PSO. For the purposes of this report, we use the
term patient safety data to refer to patient safety work product as
used in the Patient Safety Act.
[11] See 42 C.F.R. § 3.204 et seq.
[12] See 42 USC § 299(f); 42 C.F.R. § 3.404 (2009).
[13] The act does not specify what qualifications a researcher should
have to be able to access the NPSD.
[14] Certain demonstration projects funded by HHS, such as the Patient
Safety and Medical Liability Reform Demonstration Projects (2009),
have posted notices indicating that HHS will require grant recipients
to submit patient safety data to the NPSD as a part of the evaluation
phase of the demonstration projects.
[15] The Patient Safety Act requires the common formats comply to the
extent practicable with the administrative simplification provisions
of part C of title XI of the Social Security Act, which provides
standards for information transactions and data elements.
[16] In addition, numerous private organizations, such as the
Institute for Safe Medication Practices and the AABB, operate systems
for collecting data on patient safety events that also use their own
ways of collecting data.
[17] AHRQ, "Common Formats: Facilitating Learning from Patient Safety
Data. What Are Common Formats?" [hyperlink,
http://www.pso.ahrq.gov/formats/brochurecmnfmt.htm] (accessed Oct. 21,
2009).
[18] Liam J. Donaldson, "In Terms of Safety," International Journal
for Quality in Health Care, vol. 18, no. 5 2006.
[19] Richard Thomson, Pierre Lawalle, Heather Sherman, Peter Hibbert,
and Gerard Castro, "Towards an International Classification for
Patient Safety: a Delphi survey," International Journal for Quality in
Health Care, Vol. 21, No.1, 2009, p.9.
[20] Thomson, et al. p.11.
[21] See Subpart C, Part 3, title 42 of the Code of Federal
Regulations. In the preamble to the regulations, HHS notes that, to
the extent that patient safety data is also protected health
information under the HIPAA Privacy Rule, a use or disclosure of such
data would also have to comply with applicable HIPAA Privacy Rule
requirements. See 73 Fed. Reg. at 70773-74.
[22] In 1999, Congress directed AHRQ to produce an annual report,
starting in 2003, on health care quality in the United States (42
U.S.C. 299b-2(b)(2)). AHRQ's annual National Healthcare Quality Report
and National Healthcare Disparities Report are designed to summarize
data across a wide range of patient needs, including staying healthy,
getting better, living with chronic illness and disability, and coping
with the end of life. These reports track quality across nine
condition areas and describe the effectiveness, safety, timeliness,
extent to which care is patient-centered, and efficiency of medical
care delivery in the United States. The reports present data at the
national and state levels, where state-level data are available, and
also incorporate methodological improvements in quantifying trends in
health care quality and disparities.
[23] AHRQ has continued to list additional PSOs since this time.
[24] HHS released a proposed rule in February 2008.
[25] HHS issued interim guidance prior to the publication of the final
rule. PSOs that were listed prior to the publication of the final rule
on November 21, 2008, were required to complete a supplemental
attestation process to verify their meeting of the requirements
contained in the final rule.
[26] PSOs are not limited to providing services in the state in which
they are located. While some are targeting providers in a single state
or region, others plan to offer their services nationwide.
[27] To balance the streamlined PSO listing process specified in the
Patient Safety Act, HHS included a provision in the regulations
allowing it to conduct announced or unannounced reviews or site visits
to verify PSO compliance with the listing requirements. In September
2009, AHRQ announced plans to conduct on-site compliance reviews of
PSOs approximately once every 6 years beginning in 2010 and issued a
guide to assist PSOs in preparing for such reviews.
[28] A full list of listed PSOs can be found on the AHRQ Web site at:
[hyperlink, http://www.pso.ahrq.gov/listing/psolist.htm].
[29] The services PSOs provide can vary, as long as the PSO meets the
requirement that across all the providers it serves, it performs the
activities specified in the Patient Safety Act.
[30] While many of the organizations that obtained listing as a PSO
offered patient safety services prior to being listed, in order to
remain listed as a PSO they must have a contract with more than one
provider within each 24-month period that begins on the date the PSO
was initially listed.
[31] Three of the 17 PSOs said they will not require use of the common
formats due to a lack of compatibility with their organization's model
or the cost associated with adapting their existing system, and 3
other PSOs said they did not yet know whether they would be requiring
use of the common formats.
[32] Westat provides research services under contract to government
and private sector organizations.
[33] The National Quality Forum is a nonprofit organization created in
1999 to promote patient protections and health care quality through
measurement and public reporting.
[34] AHRQ has posted the common formats for hospitals at the following
Web site: [hyperlink, https://www.psoppc.org/web/patientsafety].
[35] Root cause analysis involves in-depth analysis by individuals
most familiar with the patient safety event to determine why the event
occurred and what can be done to prevent it from occurring again.
[36] The Iowa Foundation for Medical Care is a health care quality
improvement and medical information management organization.
[37] For example, if a patient experienced a rare type of patient
safety event, it might be possible for identification to be made based
on news sources or anecdotal information even if the record does not
include the patient's name. To prevent such identification,
appropriate adjustments must be made to the data.
[38] IFMC officials stated that these experts include officials from
the Census Bureau and the National Center for Health Statistics.
[39] Patient safety data are only submitted to the NPSD if the
provider elects to do so.
[40] To conduct our literature review we used search terms relevant to
the field of patient safety reporting systems, including terms such as
patient safety, patient safety organizations, adverse events,
database, or quality improvement.
[41] Literature in the field of patient safety identified learning
from a patient safety event, rather than blaming individuals for the
event, as a key to supporting a culture of safety. According to the
literature, a culture of safety holds people accountable for any
deliberately unsafe acts in the health care they deliver but does not
blame them for patient safety events that may have causes in the ways,
or system, through which health care is delivered.
[42] Common formats are one type of data collection protocol that can
include a standardized summary of the necessary information to be
submitted, common and consistent definitions, and a standardized
computer interface for submitting data to the collection system.
[43] To ensure that providers are able to correctly use the data
collection protocols that systems provide to standardize data,
representatives from all the systems said that they offer training or
technical support to providers. System representatives said they used
a range of training, including workshops on collecting patient safety
data, written materials describing how to conduct root causes analyses
of events, and Web-based reference guides for using a patient safety
data collection system.
[44] The Joint Commission is a nonprofit organization that develops
standards for quality and safety in health care and accredits
hospitals and other health care providers.
[End of section]
GAO's Mission:
The Government Accountability Office, the audit, evaluation and
investigative arm of Congress, exists to support Congress in meeting
its constitutional responsibilities and to help improve the performance
and accountability of the federal government for the American people.
GAO examines the use of public funds; evaluates federal programs and
policies; and provides analyses, recommendations, and other assistance
to help Congress make informed oversight, policy, and funding
decisions. GAO's commitment to good government is reflected in its core
values of accountability, integrity, and reliability.
Obtaining Copies of GAO Reports and Testimony:
The fastest and easiest way to obtain copies of GAO documents at no
cost is through GAO's Web site [hyperlink, http://www.gao.gov]. Each
weekday, GAO posts newly released reports, testimony, and
correspondence on its Web site. To have GAO e-mail you a list of newly
posted products every afternoon, go to [hyperlink, http://www.gao.gov]
and select "E-mail Updates."
Order by Phone:
The price of each GAO publication reflects GAO‘s actual cost of
production and distribution and depends on the number of pages in the
publication and whether the publication is printed in color or black and
white. Pricing and ordering information is posted on GAO‘s Web site,
[hyperlink, http://www.gao.gov/ordering.htm].
Place orders by calling (202) 512-6000, toll free (866) 801-7077, or
TDD (202) 512-2537.
Orders may be paid for using American Express, Discover Card,
MasterCard, Visa, check, or money order. Call for additional
information.
To Report Fraud, Waste, and Abuse in Federal Programs:
Contact:
Web site: [hyperlink, http://www.gao.gov/fraudnet/fraudnet.htm]:
E-mail: fraudnet@gao.gov:
Automated answering system: (800) 424-5454 or (202) 512-7470:
Congressional Relations:
Ralph Dawn, Managing Director, dawnr@gao.gov:
(202) 512-4400:
U.S. Government Accountability Office:
441 G Street NW, Room 7125:
Washington, D.C. 20548:
Public Affairs:
Chuck Young, Managing Director, youngc1@gao.gov:
(202) 512-4800:
U.S. Government Accountability Office:
441 G Street NW, Room 7149:
Washington, D.C. 20548: