The Department of the Health and Human Services, Agency for Healthcare Research and Quality (AHRQ) may have a continuing requirement for the provision of the establishment of a Patient Safety Organization Privacy Protection Center.

The Agency for Healthcare Research and Quality (AHRQ) implements and administers the Patient Safety and Quality Improvement Act of 2005 (Patient Safety Act) and its regulation (the Patient Safety Rule). These authorities authorized the creation of Patient Safety Organizations (PSOs), which collect, aggregate, and analyze confidential and privileged information regarding the quality and safety of healthcare. The framework established through the Patient Safety Act encourages the expansion of voluntary, provider-driven initiatives to improve the quality and safety of health care; promotes learning about the underlying causes of risks and harms in the delivery of health care; and, allows for sharing those findings widely, thus, speeding the pace of improvement. The Patient Safety Act also authorizes AHRQ to facilitate the development of a Network of Patient Safety Databases (NPSD), to which PSOs can voluntarily contribute non-identifiable patient safety event information. The NPSD was publically launched in June of 2019 and receives, analyzes, and reports non-identifiable, aggregated patient safety event information which is available at www.ahrq.gov/npsd. This information will also be included in AHRQ’s annual National Healthcare Quality and Disparities Report (QDR). AHRQ understood the complexity of ensuring that information submitted to the NPSD was non-identifiable and the costs associated with adherence to the confidentiality provisions of the Patient Safety Rule. Therefore, AHRQ established the PSO Privacy Protection Center (PSOPPC) to assist PSOs and others with meeting the statutory requirement that patient safety event information be made non-identifiable prior to sending to the NPSD. The PSOPPC receives patient safety information in a standardized format (AHRQ Common Formats) and renders it non-identifiable before transmitting it safely and efficiently to the NPSD.

The Patient Safety Rule requires PSOs, to the extent practical and appropriate, to collect patient safety event data from providers in a standardized manner. AHRQ’s common definitions, data elements, and reporting formats are known as Common Formats. The PSOPPC only accepts data represented as AHRQ’s Common Formats. The PSOPPC also delivers technical assistance to PSOs on the use of AHRQ’s Common Formats as well as other PSOPPC/NPSD contract related topics noted below.

The Common Formats include event descriptions, specifications for patient safety aggregate reports, delineation of data elements to be collected for different types of events, and technical specifications for electronic data collection and reporting. The technical specifications promote standardization of collected patient safety event information by stipulating rules for data collection and submission. The PSOPPC maintains the Common Formats and the technical specifications. The Common Formats and the associated technical specifications are available on the PSOPPC Web Site (www.psoppc.org). Full details of the Patient Safety Act and Patient Safety Rule can be found at www.pso.ahrq.gov.

• HRQ is seeking qualified and experienced organizations that are able to optimize their technical and management resources, creativity and flexibility to achieve the Agency goals related to the Patient Safety Act, the Patient Safety Rule, the PSOPPC, and the NPSD. Qualified organizations must have substantial experience with: development of large scale, cloud-based database systems for patient safety and healthcare quality data; development of standardized definitions, data elements and reporting formats for patient safety event reporting; statistical analysis expertise in non-identification methods; logistical support for meetings of approximately 180 attendees; and the ability to receive, process, and, maintain data at FIPS category moderate.
• In order to meet AHRQ’s objectives, these are the general requirements of this contract: provide guidance to PSOs in the use of Common Formats; render patient safety event information non-identifiable; track and maintain data use agreement with PSOs; establish software certification processes; provide technical assistance to PSOs on various data submission methods, the AHRQ Common Formats, the PSO Annual Meeting, as well as training and outreach activities; establish project management strategies for rendering Information Technology architect, infrastructure, and enterprise solutions; enhance and maintain a data visualization application of complex data; conduct data analyses on patient safety and quality improvement data; and implement a transition plan for smooth operation of the PSOPPC and NPSD Systems without any problems or interruption of operations during the transition period.

Other requirements that are specific to both Systems are defined below:

• PSOPPC System
  • This project’s requirements for the PSOPPC System are to make sure data submission and data flow from PSOs to the PSOPPC System are smooth and uninterrupted; collaborate with PSOs to receive patient safety and quality data; render patient safety work product (the data) non-identifiable in compliance with requirements of the Patient Safety Rule (42 CFR section 3.212); and, transfer the non-identifiable data/information securely and efficiently to the NPSD System.
• NPSD System
  • One of the requirements is to maintain the NPSD System and implement it in accordance to the HHS and AHRQ IT data security and authority to operate regulations, including maintaining FedRAMP certification. Other requirements identified are: conduct data analysis; convert analyses into useful information; and, develop periodic reports and dashboards to provide a complete assessment of patient safety adverse events based on the non-identifiable analyses.  This includes rendering the data using AHRQ’s data visualization tool Tableau.  This will require appropriate technical skills and experience using visualization tools and an understanding of and experience with large (national), aggregate sets of patient safety reporting data.