The Patient Safety and Quality Improvement Act (PSQIA) created Patient Safety Organizations (PSOs). PSOs, as outlined by federal regulations finalized in 2009, are organizations to which doctors, hospitals and other health care organizations may voluntarily report medical errors, near misses and other patient safety concerns. A PSO will in turn analyze data submitted, and make recommendations on how to avoid medical errors.
Information submitted to a PSO will be protected from most legal discovery in future liability matters. PSQIA also provides civil monetary penalties of up to $10,000 per violation for a knowing or reckless disclosure of a patient safety work product.
However, to the extent that protected health information (PHI), as defined by the Health Insurance Portability and Accountability Act (HIPAA), is disclosed to a PSO, the PHI remains subject to HIPAA. Moreover, PSOs and the entity providing information to the PSO must enter into a HIPAA Business Associate Agreement.
Organizations eligible to become a PSO include private and public entities, and profit and nonprofit entities. A PSO can be a component of a hospital system, such as a medical staff, or an outside entity, such as a software company. Health insurers are excluded from becoming a PSO.
There are numerous requirements for a PSO to become certified as such by HHS' Agency for Healthcare Research and Quality. Maryland currently has three certified PSOs, including the Maryland Patient Safety Center.