Sorry, you need to enable JavaScript to visit this website.
Skip to main content

Becoming a Patient Safety Organization

Rory Jaffe, MD, MBA | July 1, 2011 
View more articles from the same authors.


While I was the first employee of the California Hospital Patient Safety Organization (CHPSO), its story began years before my arrival. The California Hospital Association (CHA) was a strong supporter of the Patient Safety and Quality Improvement Act (PSQIA) and, after the law's passage in 2005, the CHA established a not-for-profit patient safety organization (PSO) to serve California hospitals and their patients. A board of directors was selected and a preliminary business plan established prior to hiring personnel. Thus, when I was hired in September 2008, we had a jumpstart on the process.

There are several business models for PSOs, and their startup processes and challenges differ. Some PSOs are components of a larger business enterprise, such as an incident reporting system vendor. Others are standalone entities or affiliated with a small consulting company that focuses on a particular patient safety issue (e.g., peer review). Finally, a number of PSOs like CHPSO are associated with professional organizations—in our case, CHA.

Being a component of a professional organization confers several advantages, including the following:

  • Our parent organization is already well known to our potential members, who can trust that the parent organization will ensure quality work.
  • Non-core business functions (e.g., payroll, human resources, and office services) are supplied by a sophisticated entity.
  • We already have a great source of information and ongoing advice: CHA has member committees, providing communication channels that make it easier to identify our members' needs and obtain feedback on our initiatives.

When AHRQ started accepting applications, we were able to almost immediately apply for listing as a PSO because we already had developed preliminary policies and procedures based on the proposed rule, a business plan focused on patient safety, and a well-functioning organizational structure—all part of the listing prerequisites. Our challenges were mainly around the need to have appropriate security for Patient Safety Work Product (PSWP) (Table 1). The security measures required are significantly higher than maintained by many organizations, and there are considerable costs to operating an appropriately secure system.

CHPSO easily complied with the listing requirements, and became the second listed PSO in the nation. Until we obtained our secure information system, we held the PSWP in an isolated secure computer or in paper form. While this provided excellent security, it was not usable once we scaled up our data collection.

Recognizing the potential for significant economies of scale for both information security and database management, we decided to contract with a vendor. With a number of other PSOs wanting to take the same course, vendors providing PSO "backend" services began to develop sophisticated products. Because of Common Formats (common definitions and reporting formats, specified by AHRQ, that allow health care providers to collect and submit standardized information regarding patient safety events) and well-defined regulatory requirements for PSOs, vendors' offerings became similar. This convergence took place over time, as we all were developing a greater understanding of what it would take to successfully provide comprehensive PSO services (Table 2).

Getting a PSO listed and functioning can be rather "cookbook"—the PSQIA and its associated rules are prescriptive in many areas. But the larger question remained: What do we do with this capability? Here we started with a nearly blank page.

Other industries (e.g., aviation) have significant experience collecting and analyzing incident reports. However, the health care industry, while it may share some of the characteristics of others, is not an exact replica of aviation or any other industry.1 While we can benefit from the experiences of other health care incident reporting systems, including the Pennsylvania Patient Safety Authority and the United Kingdom's National Patient Safety Agency2, the PSQIA provides PSOs some additional opportunities.

One of the key aspects of the PSQIA is that it implements the Institute of Medicine's recommendation to "break down legal and cultural barriers that impede safety improvement."3 CHPSO believes that breaking down these barriers is one of the most important things PSOs can do. The PSWP privilege allows us to "break out of our boxes"—to broadly discuss events and share lessons learned. Peer-review protections and attorney–client privileges create the opposite tendency: to inhibit open communication regarding errors and safety hazards.

We are working with our members to understand the implications of these changes and how to best utilize our skills and capabilities to eliminate preventable harm and improve the quality of health care delivery in California hospitals. We still are fine-tuning our plans, but following are several of CHPSO's priorities:

  • Perform focused analysis of selected rare events. We see this as the "core competency" of a large-scale event analysis system, such as a PSO. Common events (e.g., health care–associated infections, falls) may be so common that individual hospitals or hospital systems have enough experiences to understand many of their causes. With rare events (such as wrong-site surgery), aggregation and review across many institutions can provide an understanding that is impossible to obtain otherwise.4
  • Utilize the new PSWP protections to encourage communication about events both within an institution as well as among CHPSO participants. Systems issues are by their very nature widespread—sharing can speed learning and help develop best practices. And informal collaborations among providers can provide essential feedback from trusted colleagues.5 The rules governing preexisting protections (e.g., peer review, attorney–client communications), while reasonably secure in California, are oriented towards restricting communications to a limited group, not sharing, even within a single institution. And in states with limited protections, communications even within small groups can be inhibited by fear of litigation.
  • Disseminate experiences and lessons learned. Many have learned important lessons through difficult experiences. Now we can share and help each other.
  • Foster changes in health care delivery that reduce the risk human error will harm patients, such as standardization of care, checklists, and improved human–equipment interfaces.

CHPSO still has much work to do. We are working with hospitals to help them understand this new legal privilege along with the new privacy and security rules. We are evaluating how to handle our data needs not satisfied by the Common Formats. In addition, we are working with state regulators on how to best collaborate and achieve our mutual goals in patient safety, while maintaining our other responsibilities—including confidentiality and enforcement, respectively.

Improving patient safety is not a simple task, nor can success come quickly. But now, with the tools provided by the PSQIA, we can help health care providers succeed in their goal of providing safe care.

Rory Jaffe, MD, MBA Executive Director, California Hospital Patient Safety Organization



1. Morton A, Cornwell J. What's the difference between a hospital and a bottling factory? BMJ. 2009:339;b2727. [Available at]
2. Panesar SS, Cleary K, Sheikh A. Reflections on the National Patient Safety Agency's database of medical errors. J R Soc Med. 2009:102;256-258. [go to PubMed]
3. Kohn L, Corrigan J, Donaldson M, eds. To Err is Human: Building a Safer Health System. Washington, DC: Committee on Quality of Health Care in America, Institute of Medicine. National Academies Press; 1999. ISBN: 9780309068376. [Available at]
4. Caplan RA, Posner KL, Ward RJ, Cheney Fw. Adverse respiratory events in anesthesia: a closed claims analysis. Anesthesiology. 1990:72;828-833. [go to PubMed]
5. Hines S, Luna K, Lofthus J, et al. Becoming a High Reliability Organization: Operational Advice for Hospital Leaders. Rockville, MD: Agency for Healthcare Research and Quality; February 2008. AHRQ Publication No. 08-0022. [Available at]
6. Patient Safety Work Product [definition]. Washington, DC: US GPO Access, Government Printing Office; 2011. [Available at]
7. Patient Safety Organization: Certification for Initial Listing. Rockville, MD: Agency for Healthcare Research and Quality; 2011. [Available at]



Table 1. Patient Safety Work Product (PSWP) defined (abridged).6

(Go to table citation in the text)

PSWP includes data, reports, records, memoranda, analyses (e.g., RCAs), written or oral statements, (or copies of any of this material) that:

  • Could improve patient safety, health care quality or health care outcomes and are assembled or developed for reporting to a PSO and are then ultimately reported to a PSO; or
  • Identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system.
  • PSWP does not include a patient's medical record, billing, discharge information or other information that is collected, maintained or developed separately from the PSES. PSWP is privileged and confidential and is not subject to subpoena, discovery or admission into evidence.
  • Even when disclosed, it maintains confidentiality and privilege. These protections enable all health care providers to share data within a protected legal environment, both within and across states, without the threat of information being used against the subject providers.


Table 2. Outline of Initial PSO Listing Requirements.7

(Go to table citation in the text)

  • The mission and primary activity must be to conduct activities that are to improve patient safety and the quality of health care delivery.
  • The PSO must have appropriately qualified workforce members, including licensed or certified medical professionals.
  • The PSO cannot be a health insurance issuer or owned, managed, or controlled by a health insurance issuer.
  • To the extent practical and appropriate, the PSO must collect patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers.
  • A PSO that is part of a larger entity or is owned, managed, or controlled by another entity must establish a specified set of controls to ensure that the parent entity cannot use PSWP.
  • The PSO must have written policies and procedures to address:
    • Confidentiality and security (and meet specific requirements);
    • Efforts to improve patient safety and the quality of health care delivery;
    • Collection and analysis of patient safety work product;
    • Development and dissemination of information with respect to improving patient safety;
    • Utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk;
    • Utilization of qualified staff; and
    • Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.
This project was funded under contract number 75Q80119C00004 from the Agency for Healthcare Research and Quality (AHRQ), U.S. Department of Health and Human Services. The authors are solely responsible for this report’s contents, findings, and conclusions, which do not necessarily represent the views of AHRQ. Readers should not interpret any statement in this report as an official position of AHRQ or of the U.S. Department of Health and Human Services. None of the authors has any affiliation or financial involvement that conflicts with the material presented in this report. View AHRQ Disclaimers
Related Resources From the Same Author(s)
Related Resources