Policies and Procedures Template
advertisement
TEMPLATE: Provider PSES Policies and Procedures 1 The following Policies and Procedures template provides high-level guidance about topics and concepts to be considered for inclusion in the provider’s PSES documentation. Providers are encouraged to use this template as a reference during the development of their PSES program and supporting documentation, policies, and procedures. This information is only a guide. Provider decisions regarding PSES policies and procedures should be based on individual organizational needs and the advice of legal counsel. Policies and Procedures I. Definitions 1. Patient Safety Act or the Act refers to the Patient Safety and Quality Improvement Act of 2005.* 2. Contracted Patient Safety Organization(s) (PSOs). <List/describe the PSO(s) to which the facility/health system will submit and receive patient safety work product.> 3. Patient Safety Evaluation System (PSES). A patient safety evaluation system (PSES) is the mechanism for collecting, managing, and analyzing information for reporting to, or by, a PSO. The PSES provides a protected environment for candid consideration and analysis of quality and safety information and is flexible and scalable to meet the needs of the provider. The final rule implementing the Patient Safety Act recommends as best practice, but does not require, documentation of how patient safety work product enters the PSES, who has access to it, and what procedures are involved.** 4. Patient Safety Work Product (PSWP). Information becomes patient safety work product (PSWP) in one of three ways: (1) it is assembled or developed by a provider within a PSES for the purpose of reporting to a PSO and is reported to a PSO, (2) it is developed by the PSO for the conduct of patient safety work activities, or (3) it constitutes deliberations or analysis 42 USC §§ 299b-21-26 (2005). Department of Health and Human Services. Patient safety and quality improvement [final rule]. Fed Regist 2008 Nov 21;73(226):70732-814. * ** TEMPLATE: Provider PSES Policies and Procedures 2 conducted within the scope of the PSES. Identifiable PSWP maintained by the provider and the PSO is subject to federal statutory legal privilege and confidentiality. Federal protections of PSWP begin at the time of collection within the PSES for reporting to the PSO. The preamble to the final rule states that this period of collection may extend as far back as the passage of the Patient Safety Act in July 2005. i. De-designated PSWP is information originally entered into the provider’s PSES as PSWP but subsequently de-designated as PSWP and removed from the provider’s PSES. De-designated PSWP may be entitled to confidentiality and privilege protections based on state law but is not eligible for the federal privilege and confidentiality protections under the Patient Safety Act. ii. Identifiable PSWP is information presented in a form and manner that allows for the identification of any provider(s) that is a subject of the PSWP or that participates in activities that are subjects of PSWP. Regarding patients, PSWP is identifiable if the information includes “individually identifiable health information” as defined in the Health Insurance Portability and Accountability Act (HIPAA) Privacy Rule. PSWP is identifiable as to reporters (i.e., an individual who, in good faith, reported information to the provider with the intention of having the information reported to a PSO or who reported directly to a PSO) if the PSWP is presented in a form or manner that allows for the identification of such an individual.* iii. Non-identifiable PSWP is not identifiable per the definition of identifiable PSWP above. Non-identifiable PSWP is not protected by federal privilege or confidentiality provisions and is not subject to the various restrictions and data protection requirements that must be followed when managing identifiable PSWP. 5. Permissible Disclosures. The Patient Safety Act defines disclosure as the release of, transfer of, provision of access to, or divulgence of PSWP in any manner by an entity or person maintaining that PSWP to another legally separate entity or person. The regulation outlines limited instances in which such disclosure is permissible. Department of Health and Human Services. Patient safety and quality improvement [final rule]. Fed Regist 2008 Nov 21;73(226):70732-814. * TEMPLATE: Provider PSES Policies and Procedures 3 II. Background and Purpose <Describe the background, stated purpose, and related policies and procedures of the PSES within the provider organization. When did the documented collection of PSWP commence? What are the organizational objectives surrounding the initiation of a PSES?> TEMPLATE: Provider PSES Policies and Procedures 4 III. Scope 1. This document describes <facility/health system name> objectives, policies, and procedures regarding the initiation and ongoing management of a PSES, in accordance with the Patient Safety Act. 2. The policies and procedures in this document apply to the following facilities and entities: <Provide a comprehensive list of facilities and entities within the organization that are part of the defined PSES.> 3. The policies and procedures in this document apply to individuals in the following positions and departments: <List the organizational roles/titles that will contribute to, participate within, and need to know about the PSES. Consider the organization’s employees, contractors, and students.> TEMPLATE: Provider PSES Policies and Procedures 5 IV. Patient Safety Activities 1. Policy <Facility/health system name> shall participate in patient safety activities with a federally designated PSO. Such participation includes privileged and confidential submission and receipt of PSWP and is undertaken in order to improve the safety and quality of patient care at <facility/health system name>. 2. Procedures i. Enter into and maintain a PSO Membership Agreement with <name(s) of contracted PSO(s) and date(s) of contract execution>. ii. Establish methods for transmitting PSWP to and receiving PSWP from <name(s) of contracted PSO(s)>. <Describe the mechanisms for submitting and sharing information with the PSO(s), including secure communication channels. Identify organizational staff who may interact with the contracted PSO organization and appropriate mechanisms for such communication.> <If PSES Component Management Plans (form C), available elsewhere in the PSES Pathway Toolkit, have been completed, this section may reference these items as attachments to PSES Policy and Procedure documentation.> iii. Carry out patient safety activities. <Describe the patient safety activities undertaken by the organization within the PSES.> TEMPLATE: Provider PSES Policies and Procedures 6 V. Patient Safety Evaluation System 1. Policy <Facility/health system name> shall develop a process for collecting, analyzing, and managing PSWP for the purpose of submission to the contracted PSO and/or conducting internal deliberation and analysis. 2. Procedures <If the PSES Component Inventory Template (form A), PSES Component Evaluation Forms (form B), and PSES Component Management Plans (form C), available elsewhere in the PSES Pathway Toolkit, have been completed, the following sections may reference these items as attachments to PSES Policy and Procedure documentation.> i. The collection of PSWP will occur through <describe collection processes and parameters> and will include <carefully delineate all of the elements of information/data that are within the scope of the PSES>. ii. <Facility/health system name> will conduct analysis and deliberation within its established PSES to determine whether collected PSWP shall be submitted to the PSO. iii. Information/data sharing, analysis, and deliberations within the PSES will occur within defined committees/teams and will use specified information systems, data repositories, and communication channels. 1. The following committees/teams perform analysis/deliberations on PSWP: a. <Committee #1> b. <Committee #2> TEMPLATE: Provider PSES Policies and Procedures 7 2. Each identified committee’s/team’s role in patient safety/quality/outcomes improvement is documented below. Table includes notation of the roles and functions and/or titles of the individuals who sit on each committee. Committee/Team Role Participant Functions/Titles 3. PSWP will reside within the following organizational information systems/data repositories: System Name Description of Information/Data within System Storage Location (inhouse/external or vendor server) iv. Communication and interaction with the contracted PSO will be carried out per procedure IV.2 in this document. TEMPLATE: Provider PSES Policies and Procedures 8 VI. Sharing and Learning from Patient Safety Work Product 1. Policy <Facility/health system name> shall encourage a culture of safety throughout the organization and shall promote ways for its staff and workforce to gather, share, and learn from patient safety information. 2. Procedures i. All staff are required to report events within <specify timeframe> to <specify reporting mechanism>. ii. <Describe annual and ongoing evaluation processes for the PSES.> iii. <Describe how the organization’s staff will receive feedback about changes and improvements derived from the PSES.> TEMPLATE: Provider PSES Policies and Procedures 9 VII. Roles and Responsibilities <Using the following as a guide, list and describe the workforce roles and responsibilities related to and within the defined PSES.> i. Executives/Management <Describe how this department/role relates to the facility’s PSES.> 1. 2. 3. 4. Establishes Patient Safety Evaluation System objectives. Provides workforce training. Enforces confidentiality and appropriate use of PSWP. Designates a Patient Safety Evaluation System Director/Administrator/Manager. ii. Patient Safety Evaluation System Director/Administrator/ Manager The individual in this role understands the Patient Safety Act and regulations, HIPAA, state law protections, state reporting mandates, and other laws, regulations, and mandates that may impact the operation and management of the PSES. S/he is responsible for the following tasks: 1. Develops PSES policies and procedures. 2. Coordinates and implements policies and procedures within organizational departments. 3. Identifies all relevant workforce members and oversees their training with respect to PSES operation and management. 4. Oversees execution of PSES Data Management Plan(s). 5. Interacts with contracted PSO; defines and monitors interaction of other <facility/health system name> staff members with PSO. 6. Manages approval and, as indicated, documentation of permissible disclosures. 7. Receives and responds to potential security and confidentiality breaches. 8. Monitors and evaluates the effectiveness of the PSES. TEMPLATE: Provider PSES Policies and Procedures 10 9. Ensures retention of all PSES documentation in accordance with all applicable laws (federal and state), accreditation bodies, professional organizations, and <facility/health system name> organizational policies. 10. Ensures that Human Resources has a policy prohibiting adverse actions against any individual who reports information to the PSES/PSO in good faith. iii. Legal Counsel <Describe how this department/role relates to the facility’s PSES.> 1. Reviews and approves PSES structure and all related policies and procedures. 2. Assists, supports, and advises the PSES Director/Administrator/Manager and Executives/Management regarding the implementation and ongoing management of the <facility/health system name> PSES. iv. Corporate Compliance Officer <Describe how this department/role relates to the facility’s PSES.> 1. Assists in development and execution of PSES management strategy and promulgation of operating procedures. 2. Assists and supports the PSES Director/Administrator/Manager. 3. Provides support for PSES compliance activities, including: a. <Insert facility/health system specific content>. v. Patient Safety Evaluation System Information Technology Lead/Data Manager <Describe how this department/role relates to the facility’s PSES.> 1. Defines, implements and monitors technology solutions and operations, in accordance with the Patient Safety Act, required TEMPLATE: Provider PSES Policies and Procedures 11 to support the <facility/health system name> PSES. This may include, but is not limited to: a. Data mapping to a PSO System (if applicable). b. Data transfer and submission to contracted PSO. c. Initiation, management, and assurance of data security parameters and controls. d. Dating entry of information into the PSES. e. Applying standard PSWP label to all applicable information/data. f. Dating removal (de-designation) of information from the PSES, including removal of standard PSWP label. vi. Director/Manager, Training <Describe how this department/role relates to the facility’s PSES.> 1. Develops PSES Education Plan, manual and policy; implements PSES training program <document distinct PSES Education Plan and training policy as applicable>. 2. Documents training of all relevant work force members on confidentiality, disclosure, internal/external use of PSWP, and <facility/health system name> PSES policies and procedures, as applicable. vii. Workforce/employee responsibilities <Describe how this department/role relates to the facility’s PSES.> 1. Understands and complies with <facility/health system name> policies and procedures regarding operation of the PSES and management/use of PSWP. TEMPLATE: Provider PSES Policies and Procedures 12 VIII. Confidentiality of PSWP 1. Policy To ensure that PSWP collected and analyzed by <facility/health system name> remains privileged and confidential in accordance with the Patient Safety Act and applicable HIPAA requirements. 2. Procedures i. Treat PSWP submitted to or received from the PSO as privileged and confidential at all times and thus not: 1. Subject to federal, state, local, tribal, or civil or criminal or administrative subpoena or order. 2. Subject to discovery in connection with a federal, state, or local civil, criminal, or administrative proceeding. 3. Subject to disclosure pursuant to a Freedom of Information Act request. 4. Admitted as evidence in any federal, state, or local governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider. 5. Admitted in a professional disciplinary proceeding of a professional disciplinary board established or specifically authorized under state law. ii. PSWP within <facility/health system name> is only disclosed outside the provider organization in accordance with permissible disclosures outlined in the Patient Safety Act. iii. Best efforts are used to label PSWP and assign the date of entry into the PSES. iv. Best efforts are used to document the date that information/data collected within the PSES is de-designated as PSWP and to remove the PSWP label accordingly. TEMPLATE: Provider PSES Policies and Procedures 13 v. All <facility/health system name> employees and contractors working with PSWP have an affirmative obligation to protect identifiable information and PSWP from unauthorized disclosure and shall sign a Confidentiality Agreement that enumerates their responsibilities in this regard. <Facility/health system name> maintains and files copies of all signed Confidentiality Agreements. vi. <Facility/health system name> staff should access and possess only the information necessary to perform their required functions or duties. Whenever possible, staff should avoid disclosing identifying information—including to one another—if the disclosure is not necessary for the performance of their PSES and other organizational duties. vii. All individuals who are permitted to access systems containing PSWP receive a unique user ID and password granting such access. All individuals will be responsible for all system transactions identified under their user ID, whether the transaction was performed by them or another individual. Access to PSWP is trackable and auditable. Staff must never disclose their user ID and password or leave these in a visible location. viii. The transmission of identifiable PSWP via e-mail and fax will be kept to the minimum necessary to efficiently communicate with internal PSES staff members and with the contracted PSO and its agents. ix. When printouts of PSWP data are required, printouts must be printed only on printers in designated areas and must be retrieved quickly to reduce the possibility of inappropriate access. x. During prolonged absence from the work area and at the close of each business day, PSES staff will secure identifying information or work product (e.g., on discs, paper records) in a locked area. Documents containing identifiable information must not be left on desks or in unsecured locations and identifying information must not be displayed on computer screens. TEMPLATE: Provider PSES Policies and Procedures 14 xi. The use of flash drives or external media for downloading or transferring identifiable PSWP is strictly prohibited unless advance written permission is obtained from the PSES Director/Administrator/Manager. xii. Applicable <facility/health system name> workforce members are educated about the procedural and behavioral requirements regarding use and management of PSWP and operations within the defined PSES. xiii. Periodic audits and assessments are performed to ensure compliance with established procedural and behavioral requirements. xiv. As applicable, procedural and behavioral requirements with respect to the use and management of PSWP and operations within the defined PSES are included in <facility/health system name> job descriptions. xv. Breaches and suspected breaches of PSWP confidentiality must be reported to <organizational role/position> in accordance with established protocols. TEMPLATE: Provider PSES Policies and Procedures 15 IX. Security of PSWP 1. Policy At all times, <facility/health system name> handles and manages PSWP in a secure manner that minimizes the potential for inappropriate disclosure. Handling PSWP includes its processing, development, use, maintenance, storage, removal, disclosure, transmission, and destruction. 2. Procedures <Facility/health system name> has written policies and procedures that address security management, distinguishing PSWP from non-PSWP, and security control and monitoring. All <facility/health system name> workforce members with access to the PSES and defined PSWP must comply with these policies. i. <Describe administrative safeguards (e.g., restricting access to particular computer drives, applying relevant communication templates to e-mail and other documents to remind users that information/data has been entered into the organization’s PSES and must be treated accordingly).> ii. <Describe physical safeguards (e.g., locked desks, file cabinets, prohibited use of flash drives and portable media containing identifiable PSWP).> iii. <Describe technical safeguards (e.g., password-protected access to shared drives containing PSWP, restricting access to database information based on user profiles).> TEMPLATE: Provider PSES Policies and Procedures 16 X. Disclosure of Confidential PSWP 1. Policy i. <Facility/health system name> will comply with the rules set forth by the Patient Safety Act and the Final Rule and shall make disclosures in accordance with the Patient Safety Act. ii. Any proposed uses or disclosures of PSWP outside the scope of normal operations must be referred to <organizational role/title>, who will determine whether the disclosure is permissible. Approval of such disclosures must be in the form of a written authorization approved by <organizational role/title>. The authorization will include the signatures of reporters and individuals who are subjects of the PSWP, as applicable. 2. Procedures i. PSWP may be disclosed as part of the following <facility/health system name> normal operations in carrying out patient safety activities: <List applicable operations.> ii. All disclosures must be authorized by <organizational role/title>. TEMPLATE: Provider PSES Policies and Procedures 17 XI. Related policies that may need to be revised to include PSES/PSWP related elements: HIPAA Privacy and Security Policies Quality Policies Human Resources Policies Risk Management Policies Medical Staff Bylaws and Policies Compliance Policies Departmental Policies (specifically as related to communication of, and response to, patient safety events) Disclaimer: This document is intended to assist healthcare providers to define and manage a PSES. It is the obligation of the users of this document (e.g., the healthcare provider) to employ all necessary and appropriate safeguards to meet their legal and organizational requirements. ECRI Institute PSO does not assume any responsibility, written or implied, for the use or the content of this form.
