Understanding Patient Safety Confidentiality

The regulation implementing the Patient Safety and Quality Improvement Act of 2005 (PSQIA) was published on November 21, 2008, and became effective on January 19, 2009.  View the Patient Safety Rule  (42 C.F.R. Part 3).

PSQIA establishes a voluntary reporting system to enhance the data available to assess and resolve patient safety and health care quality issues. To encourage the reporting and analysis of medical errors, PSQIA provides Federal privilege and confidentiality protections for patient safety information called patient safety work product. Patient safety work product includes information collected and created during the reporting and analysis of patient safety events.

The confidentiality provisions will improve patient safety outcomes by creating an environment where providers may report and examine patient safety events without fear of increased liability risk.  Greater reporting and analysis of patient safety events will yield increased data and better understanding of patient safety events.

PSQIA provides for the establishment of Patient Safety Organizations (PSOs) to receive reports of patient safety events or concerns from health care providers and to provide analyses of these events to the reporting providers.  To the extent that PSOs collect and analyze protected health information for HIPAA covered entities, they are considered business associates under the HIPAA Privacy Rules. OCR works in close collaboration with the Agency for Healthcare Research and Quality (AHRQ) which has responsibility for listing PSOs.

Learn more about PSQIA and the Patient Safety Rule and OCR's Delegation of Authority.

Learn more about Covered Entities and Business Associates.

Agency for Healthcare Research and Quality (AHRQ)