Introduction
Patient safety is an essential part of patient care, and it is important in assessing the quality of patient care given. According to IOM (2004), patient safety is “safeguarding patients from damage.” Hospitals should emphasize a healthcare system that avoids mistakes and protects the welfare of patients. Americans should be able to walk into any medical facility and receive safe health care and not just hopeful wishes. When patients are safe, that is the foundation of quality health care (Baker, 2001). This essay analyzes two laws that arise from patient safety
Official Title of The Laws
The two laws for patient safety covered in this essay are ‘PUBLIC LAW 109–41—JULY 29, 2005’, ‘ Patient Safety and Quality Improvement Act of 2005’, and California Code, Health and Safety Code § 1280.15. Any violations reported under code 1280.15 should be reported and carry the same penalties disclosed in section 164.522(b) of Title 45 of the code of Federal Regulations. The two laws mentioned concern safeguarding patient information, which is critical in promoting patient safety, just like physical safety.
Health Care Organization’s Obligation to Meet Patient’s Legal Rights
The Patient Safety and Quality Improvement Act of 2005 (PSQIA) presents a voluntary reporting system where information about events affecting patient safety can be confidentially reported. The PSQIA encourages a report of medical blunders by providing federal protection for any information about patient safety called the Patient Safety Work Product (PSWP) (Levy et al., 2010). Patient Safety Work Product includes the data raised and analyzed during the detailing of patient safety events (Rights (OCR), 2008). This product improves patient safety outcomes by providing a platform where information providers can give patient safety events confidently without being victimized. More reports and analyses of patient safety events will increase data to analyze patient safety. The PSQIA also directs the Agency for Healthcare Research and Quality (AHRQ) to establish Patient Safety Organizations (PSOs) that receive concerns about patients’ safety events and analyze the reported events.
The California Code, Health and Safety Code § 1280.15 is a data notification statute to health facilities. This statute directs health care facilities to prevent unauthorized access and disclosure of patient “medical information.” Medical information refers to individual information in the physical or electronic form regarding an individual’s medical history (California Legislative Information, 2015). The Act also directs health care facilities to report to patients no later than 15 working days of unauthorized access to their private information.
Consequences For Non-Compliance
Violating the confidentiality provision of The Patient Safety and Quality Improvement Act of 2005 (PSQIA) attracts a maximum penalty of $ 11000. However, this money is subject to inflation adjustment by the Health and Human Services (HHS) at least once every four years.
The California Code, Health and Safety Code § 1280.15, provides penalties for unauthorized disclosure of patient information. The statute allows penalties of up to $ 25000 per patient whose medical information is unlawfully accessed and penalties of up to $ 17500 for subsequent occurrence (California Legislative Information, 2014). This regulation establishes a base amount of $ 15000 per violation and permits the California Department of Public Health (CDPH) to demand a fee equal to 70% of the initial violation amount.
Legal Obligation 1: Establishment of A Voluntary Reporting System Where Information About Events Affecting Patient Safety Can Be Confidentially Reported (PSQIA)
The PSQIA provides the Patient Safety Work Product (PSWP) that allows frank discussion about patient safety without fear that such discussions will be used against health care facilities in a court of law. No penalties should be applied if such discussions are meant to improve patient safety or health care outcomes.
One real-life case concerning confidential reporting of events affecting patient safety is the Gooden vs. CVS Caremark Corporation., et al., CA. NO. 11- CV-08-10885 (Franklin County, Ohio, November 20, 2012). A Franklin court in Ohio upheld protection given for Patient Safety Work Product (PSWP) under the Patient Safety and Quality Improvement Act (PSQIA) (PSO Case Law: Gooden v. CVS Caremark Corp, 2012). In 2010 Plaintiff was given metoprolol succinate instead of metoprolol tartrate CVS Caremark pharmacy. After two weeks, the plaintiff called the pharmacy, informing them of the error. The error and patient profile were rectified to avoid any incidence in the future. The defendant’s PSO accessed the report through functional reporting. A lawsuit was filed by the plaintiff compelling the incident report in which the defendant objected since it included Patient Safety Work Products. Since the defendant had accepted liability, the plaintiff’s attorney asked for an incident report from the CVS Caremark pharmacy claiming that protection did not apply. The defendants claimed that Congress wanted to improve patient care quality by creating a safety culture through a protected voluntary reporting system. Wider interpretation of the act demands privilege is extended even after admission of liability. Plaintiff’s request was denied as the court upheld that the PSO protection had applied.
Legal Obligation 2: Prevention of Unauthorized Access and Disclosure of Patient “Medical Information.”
The California Code, Health and Safety Code § 1280.15 provides exceptions that may not be considered “breaches” when disclosing patient data. A disclosure where patient data is stolen or lost and the lost data has not been accessed, used, or disclosed in an unauthorized way. There will be no consequences if patient data is disclosed in this way.
One real-life case concerning disclosing patients’ information is the Ellis vs. California Correctional Health Care Services. Plaintiff was a state prisoner, and the named defendants are California Correctional Health Care Services Deputy Director Lewis and Dr. Matolon (Ellis v. Cal. Corr. Health Care Servs., 2018). Plaintiff claimed to have received a “potential data breach” notice from defendant Lewis. Plaintiff claimed the data breach contained his personal medical and mental health information. Plaintiff argued that it was later revealed that his personal information had been disclosed to a third party. Plaintiff alleged that disclosing his personal medical information violates the California Code, Health and Safety Code § 1280.15. The California Code, Health and Safety Code § 1280.15 doesn’t authorize private action but requires notification of unauthorized patient information and gives the State Department of Health Services power to issue administrative penalties to prevent such accesses. Plaintiff didn’t give concrete evidence to this claim, and therefore the case was dismissed. Also, the plaintiff reported a “potential data breach” and didn’t provide enough evidence to show there was an actual data breach.
Health Service Organization Management Actions to Meet Legal Obligations for Patients’ Rights
The first action I will take is establishing the healthcare risk and quality management department. The department will be responsible for implementing patient safety programs and finding ways to ensure the facility effectively delivers safe and high-quality health care services. This department will also be responsible for formulating ways of minimizing errors while providing patient care.
The second action is to create an ICT center responsible for storing and encrypting patient medical data. This will ensure patient data is safe from unauthorized access. The third action is to conduct employee training programs where employees will be trained on the best ways of promoting patient safety and protecting patient data (Becerra, 2018). Employees will be equipped with skills to promote patient safety by ensuring patient data is safely stored and free from unauthorized access.
Conclusion
In conclusion, patient safety is the foundation of quality healthcare. Patient safety involves actions meant to protect patients from harm. Protecting patient data is as important as protecting their physical safety. Patient data refers to medical information held about a patient. It includes information about their past medical history, treatment history, etc. The two acts about patient data discussed are ‘PUBLIC LAW 109–41—JULY 29, 2005’, ‘ Patient Safety and Quality Improvement Act of 2005’, and California Code, Health and Safety Code § 1280.15. The Patients Safety and Quality Improvement act of 2005 (PSQIA) has a reporting system that is voluntary and helps to promote patient safety through confidential reporting of events that affect them. The Act protects those who report events concerning patient safety. This encourages people to report as they are protected against victimization, hence analyzing more data. The California Code, Health and Safety Code § 1280.15 prevents unauthorized access and disclosure of patient medical data.
References
Baker, Alastair. (2001). Crossing the Quality Chasm: A New Health System for The 21st Century. BMJ. 323. 10.1136/bmj.323.7322.1192
Becerra, X. (2018). Promoting Safe and Secure Healthcare Access for All.
California Code. (2014). California Code, Health and Safety Code – HSC § 11845.5. Findlaw. Retrieved March 1, 2022, from https://codes.findlaw.com/ca/health-and-safety-code/hsc-sect-11845-5.html
California Legislative Information. (2014, June 20). Code section. Law section. Retrieved February 28, 2022, from https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?sectionNum=1280.17.&nodeTreePath=4.3.4&lawCode=HSC
California Legislative Information. (2015, January 1). Code section. Law section. Retrieved February 28, 2022, from https://leginfo.legislature.ca.gov/faces/codes_displaySection.xhtml?lawCode=HSC§ionNum=1280.15#:~:text=The%20department%2C%20after%20investigation%2C%20may%20assess%20an%20administrative,use%2C%20or%20disclosure%20of%20that%20patient%E2%80%99s%20medical%20information
Ellis v. Cal. Corr. Health Care Servs., No. 2: 16-cv-1555 GEB KJN P | Casetext Search + Citator. (2018). Casetext.com. https://casetext.com/case/ellis-v-cal-corr-health-care-servs-2
Institute of Medicine (US) Committee on Data Standards for Patient Safety. Patient Safety: Achieving a New Standard for Care. Aspden P, Corrigan JM, Wolcott J, Erickson SM, editors. Washington (DC): National Academies Press (US); 2004. PMID: 25009854.
Levy, F., Mareniss, D., Iacovelli, C., & Howard, J. (2010). The patient safety and quality improvement Act of 2005: preventing error and promoting patient safety. The Journal of Legal Medicine, 31(4), 397-422.
PSO Case Law: Gooden v. CVS Caremark Corp. (2012). Www.centerforpatientsafety.org. https://www.centerforpatientsafety.org/emsforward/pso-case-law-gooden-v-cvs-caremark-corp/
Rights (OCR), O. for C. (2008, May 7). Patient Safety and Quality Improvement Act of 2005 Statute and Rule. HHS.gov. https://www.hhs.gov/hipaa/for-professionals/patient-safety/statute-and-rule/index.html#:~:text=PSQIA%20authorizes%20HHS%20to%20impose