Home
gpo.gov
govinfo.gov

e-CFR Navigation Aids

Browse

Simple Search

Advanced Search

 — Boolean

 — Proximity

 

Search History

Search Tips

Corrections

Latest Updates

User Info

FAQs

Agency List

Incorporation By Reference

eCFR logo

Related Resources

Electronic Code of Federal Regulations

We invite you to try out our new beta eCFR site at https://ecfr.federalregister.gov. We have made big changes to make the eCFR easier to use. Be sure to leave feedback using the Feedback button on the bottom right of each page!

e-CFR data is current as of December 1, 2020

Title 42Chapter ISubchapter A → Part 3


Title 42: Public Health


PART 3—PATIENT SAFETY ORGANIZATIONS AND PATIENT SAFETY WORK PRODUCT


Contents

Subpart A—General Provisions

§3.10   Purpose.
§3.20   Definitions.

Subpart B—PSO Requirements and Agency Procedures

§3.102   Process and requirements for initial and continued listing of PSOs.
§3.104   Secretarial actions.
§3.106   Security requirements.
§3.108   Correction of deficiencies, revocation, and voluntary relinquishment.
§3.110   Assessment of PSO compliance.
§3.112   Submissions and forms.

Subpart C—Confidentiality and Privilege Protections of Patient Safety Work Product

§3.204   Privilege of patient safety work product.
§3.206   Confidentiality of patient safety work product.
§3.208   Continued protection of patient safety work product.
§3.210   Required disclosure of patient safety work product to the Secretary.
§3.212   Nonidentification of patient safety work product.

Subpart D—Enforcement Program

§3.304   Principles for achieving compliance.
§3.306   Complaints to the Secretary.
§3.308   Compliance reviews.
§3.310   Responsibilities of respondents.
§3.312   Secretarial action regarding complaints and compliance reviews.
§3.314   Investigational subpoenas and inquiries.
§3.402   Basis for a civil money penalty.
§3.404   Amount of a civil money penalty.
§3.408   Factors considered in determining the amount of a civil money penalty.
§3.414   Limitations.
§3.416   Authority to settle.
§3.418   Exclusivity of penalty.
§3.420   Notice of proposed determination.
§3.422   Failure to request a hearing.
§3.424   Collection of penalty.
§3.426   Notification of the public and other agencies.
§3.504   Hearings before an ALJ.
§3.506   Rights of the parties.
§3.508   Authority of the ALJ.
§3.510   Ex parte contacts.
§3.512   Prehearing conferences.
§3.514   Authority to settle.
§3.516   Discovery.
§3.518   Exchange of witness lists, witness statements, and exhibits.
§3.520   Subpoenas for attendance at hearing.
§3.522   Fees.
§3.524   Form, filing, and service of papers.
§3.526   Computation of time.
§3.528   Motions.
§3.530   Sanctions.
§3.532   Collateral estoppel.
§3.534   The hearing.
§3.538   Witnesses.
§3.540   Evidence.
§3.542   The record.
§3.544   Post hearing briefs.
§3.546   ALJ's decision.
§3.548   Appeal of the ALJ's decision.
§3.550   Stay of the Secretary's decision.
§3.552   Harmless error.

Authority: 42 U.S.C. 216, 299b-21 through 299b-26; 42 U.S.C. 299c-6.

Source: 73 FR 70796, Nov. 21, 2008, unless otherwise noted.

return arrow Back to Top

Subpart A—General Provisions

return arrow Back to Top

§3.10   Purpose.

The purpose of this part is to implement the Patient Safety and Quality Improvement Act of 2005 (Pub. L. 109-41), which amended Title IX of the Public Health Service Act (42 U.S.C. 299 et seq.) by adding sections 921 through 926, 42 U.S.C. 299b-21 through 299b-26.

return arrow Back to Top

§3.20   Definitions.

As used in this part, the terms listed alphabetically below have the meanings set forth as follows:

Affiliated provider means, with respect to a provider, a legally separate provider that is the parent organization of the provider, is under common ownership, management, or control with the provider, or is owned, managed, or controlled by the provider.

AHRQ stands for the Agency for Healthcare Research and Quality in HHS.

ALJ stands for an Administrative Law Judge of HHS.

Board means the members of the HHS Departmental Appeals Board, in the Office of the Secretary, which issues decisions in panels of three.

Bona fide contract means:

(1) A written contract between a provider and a PSO that is executed in good faith by officials authorized to execute such contract; or

(2) A written agreement (such as a memorandum of understanding or equivalent recording of mutual commitments) between a Federal, State, local, or Tribal provider and a Federal, State, local, or Tribal PSO that is executed in good faith by officials authorized to execute such agreement.

Complainant means a person who files a complaint with the Secretary pursuant to §3.306.

Component organization means an entity that:

(1) Is a unit or division of a legal entity (including a corporation, partnership, or a Federal, State, local or Tribal agency or organization); or

(2) Is owned, managed, or controlled by one or more legally separate parent organizations.

Component PSO means a PSO listed by the Secretary that is a component organization.

Confidentiality provisions means for purposes of subparts C and D, any requirement or prohibition concerning confidentiality established by sections 921 and 922(b)-(d), (g) and (i) of the Public Health Service Act, 42 U.S.C. 299b-21, 299b-22(b)-(d), (g) and (i) and the provisions, at §§3.206 and 3.208, that implement the statutory prohibition on disclosure of identifiable patient safety work product.

Disclosure means the release, transfer, provision of access to, or divulging in any other manner of patient safety work product by:

(1) An entity or natural person holding the patient safety work product to another legally separate entity or natural person, other than a workforce member of, or a health care provider holding privileges with, the entity holding the patient safety work product; or

(2) A component PSO to another entity or natural person outside the component PSO and within the legal entity of which the component PSO is a part.

Entity means any organization or organizational unit, regardless of whether the organization is public, private, for-profit, or not-for-profit.

Group health plan means an employee welfare benefit plan (as defined in section 3(1) of the Employee Retirement Income Security Act of 1974 (ERISA)) to the extent that the plan provides medical care (as defined in paragraph (2) of section 2791(a) of the Public Health Service Act, including items and services paid for as medical care) to employees or their dependents (as defined under the terms of the plan) directly or through insurance, reimbursement, or otherwise.

Health insurance issuer means an insurance company, insurance service, or insurance organization (including a health maintenance organization, as defined in 42 U.S.C. 300gg-91(b)(3)) which is licensed to engage in the business of insurance in a State and which is subject to State law which regulates insurance (within the meaning of 29 U.S.C. 1144(b)(2)). This term does not include a group health plan.

Health maintenance organization means:

(1) A Federally qualified health maintenance organization (HMO) (as defined in 42 U.S.C. 300e(a));

(2) An organization recognized under State law as a health maintenance organization; or

(3) A similar organization regulated under State law for solvency in the same manner and to the same extent as such a health maintenance organization.

HHS stands for the United States Department of Health and Human Services.

HIPAA Privacy Rule means the regulations promulgated under section 264(c) of the Health Insurance Portability and Accountability Act of 1996 (HIPAA), at 45 CFR part 160 and subparts A and E of part 164.

Identifiable patient safety work product means patient safety work product that:

(1) Is presented in a form and manner that allows the identification of any provider that is a subject of the work product, or any providers that participate in, or are responsible for, activities that are a subject of the work product;

(2) Constitutes individually identifiable health information as that term is defined in the HIPAA Privacy Rule at 45 CFR 160.103; or

(3) Is presented in a form and manner that allows the identification of an individual who in good faith reported information directly to a PSO or to a provider with the intention of having the information reported to a PSO (“reporter”).

Nonidentifiable patient safety work product means patient safety work product that is not identifiable patient safety work product in accordance with the nonidentification standards set forth at §3.212.

OCR stands for the Office for Civil Rights in HHS.

Parent organization means an organization that: owns a controlling interest or a majority interest in a component organization; has the authority to control or manage agenda setting, project management, or day-to-day operations; or the authority to review and override decisions of a component organization. The component organization may be a provider.

Patient Safety Act means the Patient Safety and Quality Improvement Act of 2005 (Pub. L. 109-41), which amended Title IX of the Public Health Service Act (42 U.S.C. 299 et seq.) by inserting a new Part C, sections 921 through 926, which are codified at 42 U.S.C. 299b-21 through 299b-26.

Patient safety activities means the following activities carried out by or on behalf of a PSO or a provider:

(1) Efforts to improve patient safety and the quality of health care delivery;

(2) The collection and analysis of patient safety work product;

(3) The development and dissemination of information with respect to improving patient safety, such as recommendations, protocols, or information regarding best practices;

(4) The utilization of patient safety work product for the purposes of encouraging a culture of safety and of providing feedback and assistance to effectively minimize patient risk;

(5) The maintenance of procedures to preserve confidentiality with respect to patient safety work product;

(6) The provision of appropriate security measures with respect to patient safety work product;

(7) The utilization of qualified staff; and

(8) Activities related to the operation of a patient safety evaluation system and to the provision of feedback to participants in a patient safety evaluation system.

Patient safety evaluation system means the collection, management, or analysis of information for reporting to or by a PSO.

Patient safety organization (PSO) means a private or public entity or component thereof that is listed as a PSO by the Secretary in accordance with subpart B. A health insurance issuer or a component organization of a health insurance issuer may not be a PSO. See also the exclusions in §3.102 of this part.

Patient safety work product:

(1) Except as provided in paragraph (2) of this definition, patient safety work product means any data, reports, records, memoranda, analyses (such as root cause analyses), or written or oral statements (or copies of any of this material)

(i) Which could improve patient safety, health care quality, or health care outcomes; and

(A) Which are assembled or developed by a provider for reporting to a PSO and are reported to a PSO, which includes information that is documented as within a patient safety evaluation system for reporting to a PSO, and such documentation includes the date the information entered the patient safety evaluation system; or

(B) Are developed by a PSO for the conduct of patient safety activities; or

(ii) Which identify or constitute the deliberations or analysis of, or identify the fact of reporting pursuant to, a patient safety evaluation system.

(2)(i) Patient safety work product does not include a patient's medical record, billing and discharge information, or any other original patient or provider information; nor does it include information that is collected, maintained, or developed separately, or exists separately, from a patient safety evaluation system. Such separate information or a copy thereof reported to a PSO shall not by reason of its reporting be considered patient safety work product.

(ii) Patient safety work product assembled or developed by a provider for reporting to a PSO may be removed from a patient safety evaluation system and no longer considered patient safety work product if:

(A) The information has not yet been reported to a PSO; and

(B) The provider documents the act and date of removal of such information from the patient safety evaluation system.

(iii) Nothing in this part shall be construed to limit information that is not patient safety work product from being:

(A) Discovered or admitted in a criminal, civil or administrative proceeding;

(B) Reported to a Federal, State, local or Tribal governmental agency for public health or health oversight purposes; or

(C) Maintained as part of a provider's recordkeeping obligation under Federal, State, local or Tribal law.

Person means a natural person, trust or estate, partnership, corporation, professional association or corporation, or other entity, public or private.

Provider means:

(1) An individual or entity licensed or otherwise authorized under State law to provide health care services, including—

(i) A hospital, nursing facility, comprehensive outpatient rehabilitation facility, home health agency, hospice program, renal dialysis facility, ambulatory surgical center, pharmacy, physician or health care practitioner's office (includes a group practice), long term care facility, behavior health residential treatment facility, clinical laboratory, or health center; or

(ii) A physician, physician assistant, registered nurse, nurse practitioner, clinical nurse specialist, certified registered nurse anesthetist, certified nurse midwife, psychologist, certified social worker, registered dietitian or nutrition professional, physical or occupational therapist, pharmacist, or other individual health care practitioner;

(2) Agencies, organizations, and individuals within Federal, State, local, or Tribal governments that deliver health care, organizations engaged as contractors by the Federal, State, local, or Tribal governments to deliver health care, and individual health care practitioners employed or engaged as contractors by the Federal State, local, or Tribal governments to deliver health care; or

(3) A parent organization of one or more entities described in paragraph (1)(i) of this definition or a Federal, State, local, or Tribal government unit that manages or controls one or more entities described in paragraphs (1)(i) or (2) of this definition.

Research has the same meaning as the term is defined in the HIPAA Privacy Rule at 45 CFR 164.501.

Respondent means a provider, PSO, or responsible person who is the subject of a complaint or a compliance review.

Responsible person means a person, other than a provider or a PSO, who has possession or custody of identifiable patient safety work product and is subject to the confidentiality provisions.

Workforce means employees, volunteers, trainees, contractors, or other persons whose conduct, in the performance of work for a provider, PSO or responsible person, is under the direct control of such provider, PSO or responsible person, whether or not they are paid by the provider, PSO or responsible person.

return arrow Back to Top

Subpart B—PSO Requirements and Agency Procedures

return arrow Back to Top

§3.102   Process and requirements for initial and continued listing of PSOs.

(a) Eligibility and process for initial and continued listing—(1) Submission of certification. Any entity, except as specified in paragraph (a)(2) of this section, may request from the Secretary an initial or continued listing as a PSO by submitting a completed certification form that meets the requirements of this section, in accordance with §3.112. An individual with authority to make commitments on behalf of the entity seeking listing will be required to submit contact information for the entity and:

(i) Attest that the entity is not subject to any exclusion in paragraph (a)(2) of this section;

(ii) Provide certifications that the entity meets each requirement for PSOs in paragraph (b) of this section;

(iii) If the entity is a component of another organization, provide the additional certifications that the entity meets the requirements of paragraph (c)(1)(i) of this section;

(iv) If the entity is a component of an excluded entity described in paragraph (a)(2)(ii), provide the additional certifications and information required by paragraph (c)(1)(ii) of this section;

(v) Attest that the entity has disclosed if the Secretary has ever delisted this entity (under its current name or any other) or refused to list the entity or whether any of its officials or senior managers held comparable positions of responsibility in an entity that was denied listing or delisted and, if any of these circumstances apply, submit with its certifications and related disclosures, the name of the entity or entities that the Secretary declined to list or delisted;

(vi) Attest that the PSO will promptly notify the Secretary during its period of listing if it can no longer comply with any of its attestations and the applicable requirements in §§3.102(b) and 3.102(c) or if there have been any changes in the accuracy of the information submitted for listing, along with the pertinent changes; and

(vii) Provide other information that the Secretary determines to be necessary to make the requested listing determination.

(2) Exclusion of certain entities. The following types of entities may not seek listing as a PSO:

(i) A health insurance issuer; a unit or division of a health insurance issuer; or an entity that is owned, managed, or controlled by a health insurance issuer;

(ii)(A) An entity that accredits or licenses health care providers;

(B) An entity that oversees or enforces statutory or regulatory requirements governing the delivery of health care services;

(C) An agent of an entity that oversees or enforces statutory or regulatory requirements governing the delivery of health care services; or

(D) An entity that operates a Federal, state, local or Tribal patient safety reporting system to which health care providers (other than members of the entity's workforce or health care providers holding privileges with the entity) are required to report information by law or regulation.

(iii) A component of an entity listed in paragraph (a)(2)(ii) may seek listing as a component PSO subject to the requirements and restrictions of paragraph (c)(1)(ii) of this section.

(3) Submission of certification for continued listing. To facilitate a timely Secretarial determination regarding acceptance of its certification for continued listing, a PSO must submit the required certification no later than 75 days before the expiration of a PSO's three-year period of listing.

(b) Fifteen general PSO certification requirements. The certifications submitted to the Secretary in accordance with paragraph (a)(1)(ii) of this section must conform to the following 15 requirements:

(1) Required certification regarding eight patient safety activities—(i) Initial listing. An entity seeking initial listing as a PSO must certify that it has written policies and procedures in place to perform each of the eight patient safety activities, defined in §3.20. With respect to paragraphs (5) and (6) in the definition of patient safety activities regarding confidentiality and security, the policies and procedures must include and provide for:

(A) Compliance with the confidentiality provisions of subpart C of this part and with appropriate security measures as required by §3.106 of this subpart.

(B) Notification of each provider that submitted patient safety work product or data as described in §3.108(b)(2) to the entity if the submitted work product or data was subject to an unauthorized disclosure or its security was breached.

(ii) Continued Listing. A PSO seeking continued listing must certify that it is performing, and will continue to perform, each of the patient safety activities defined in §3.20, and is and will continue to comply with the requirements of paragraphs (b)(1)(i)(A) and (B) of this section.

(2) Required certification regarding seven PSO criteria—(i) Initial Listing. In its initial certification submission, an entity must also certify that, if listed as a PSO, it will comply with the seven requirements in paragraphs (b)(2)(i)(A) through (G) of this section.

(A) The mission and primary activity of the PSO must be to conduct activities that are to improve patient safety and the quality of health care delivery.

(B) The PSO must have appropriately qualified workforce members, including licensed or certified medical professionals.

(C) The PSO, within the 24-month period that begins on the date of its initial listing as a PSO, and within each sequential 24-month period thereafter, must have 2 bona fide contracts, each of a reasonable period of time, each with a different provider for the purpose of receiving and reviewing patient safety work product.

(D) The PSO is not a health insurance issuer, and is not a component of a health insurance issuer.

(E) The PSO must make disclosures to the Secretary as required under §3.102(d), in accordance with §3.112 of this subpart.

(F) To the extent practical and appropriate, the PSO must collect patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers.

(G) The PSO must utilize patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.

(ii) Continued Listing. A PSO seeking continued listing must certify that it is complying with, and will continue to comply with, the requirements of paragraphs (b)(2)(i)(A) through (G) of this section.

(iii) Compliance with the criterion for collecting patient safety work product in a standardized manner to the extent practical and appropriate. With respect to paragraph (b)(2)(i)(F) of this section, the Secretary will assess compliance by a PSO in the following manner.

(A) A PSO seeking continued listing must:

(1) Certify that the PSO is using the Secretary's published guidance for common formats and definitions in its collection of patient safety work product (option (I));

(2) Certify that the PSO is using an alternative system of formats and definitions that permits valid comparisons of similar cases among similar providers (option (II)); or

(3) Provide a clear explanation for why it is not practical or appropriate for the PSO to comply with options (I) or (II) at this time.

(B) The Secretary will consider a PSO to be in compliance if the entity complies with option (I), satisfactorily demonstrates that option (II) permits valid comparisons of similar cases among similar providers, or satisfactorily demonstrates that it is not practical or appropriate for the PSO to comply with options (I) or (II) at this time.

(c) Additional certifications required of component organizations—(1) Requirements when seeking listing—(i) Requirements that all component organizations must meet. In addition to meeting the 15 general PSO certification requirements of paragraph (b) of this section, an entity seeking initial listing that is a component of another organization must certify that it will comply with the requirements of paragraph (c)(2) of this section. A component PSO seeking continued listing must certify that it is complying with, and will continue to comply with, the requirements of this same paragraph (c)(2). At initial and continued listing, a component entity must attach to its certifications for listing contact information for its parent organization(s).

(ii) Additional requirements and limitations applicable to components of entities that are excluded from listing. In addition to the requirements under paragraph (c)(1)(i) of this section, a component of an organization excluded from listing under paragraph (a)(2)(ii) of this section must submit the additional certifications and specified information for initial and continued listing and comply with paragraph (c)(4) of this section.

(2) Required component certifications—(i) Separation of patient safety work product. A component PSO must maintain patient safety work product separately from the rest of the parent organization(s) of which it is a part, and establish appropriate security measures to maintain the confidentiality of patient safety work product. The information system in which the component PSO maintains patient safety work product must not permit unauthorized access by one or more individuals in, or by units of, the rest of the parent organization(s) of which it is a part.

(ii) Nondisclosure of patient safety work product. A component PSO must require that members of its workforce and any other contractor staff not make unauthorized disclosures of patient safety work product to the rest of the parent organization(s) of which it is a part.

(iii) No conflict of interest. The pursuit of the mission of a component PSO must not create a conflict of interest with the rest of the parent organization(s) of which it is a part.

(3) Written agreements for assisting a component PSO in the conduct of patient safety activities. Notwithstanding the requirements of paragraph (c)(2) of this section, a component PSO may provide access to identifiable patient safety work product to one or more individuals in, or to one or more units of, the rest of the parent organization(s) of which it is a part, if the component PSO enters into a written agreement with such individuals or units which requires that:

(i) The component PSO will only provide access to identifiable patient safety work product to enable such individuals or units to assist the component PSO in its conduct of patient safety activities, and

(ii) Such individuals or units that receive access to identifiable patient safety work product pursuant to such written agreement will only use or disclose such information as specified by the component PSO to assist the component PSO in its conduct of patient safety activities, will take appropriate security measures to prevent unauthorized disclosures and will comply with the other certifications the component has made pursuant to paragraph (c)(2) of this section regarding unauthorized disclosures and conducting the mission of the PSO without creating conflicts of interest.

(4) Required attestations, information and operational limitations for components of entities excluded from listing. A component organization of an entity that is subject to the restrictions of paragraph (a)(2)(ii) of this section must:

(i) Submit the following information with its certifications for listing:

(A) A statement describing its parent organization's role, and the scope of the parent organization's authority, with respect to any of the following that apply: Accreditation or licensure of health care providers, oversight or enforcement of statutory or regulatory requirements governing the delivery of health care services, serving as an agent of such a regulatory oversight or enforcement authority, or administering a public mandatory patient safety reporting system;

(B) An attestation that the parent organization has no policies or procedures that would require or induce providers to report patient safety work product to their component organization once listed as a PSO and that the component PSO will notify the Secretary within 5 calendar days of the date on which the component organization has knowledge of the adoption by the parent organization of such policies or procedures, and an acknowledgment that the adoption of such policies or procedures by the parent organization during the component PSO's period of listing will result in the Secretary initiating an expedited revocation process in accordance with §3.108(e); and

(C) An attestation that the component organization will prominently post notification on its Web site and publish in any promotional materials for dissemination to providers, a summary of the information that is required by paragraph (c)(4)(i)(A) of this section.

(ii) Comply with the following requirements during its period of listing:

(A) The component organization may not share staff with its parent organization(s).

(B) The component organization may enter into a written agreement pursuant to paragraph (c)(3) but such agreements are limited to units or individuals of the parent organization(s) whose responsibilities do not involve the activities specified in the restrictions in paragraph (a)(2)(ii) of this section.

(d) Required notifications. Upon listing, PSOs must meet the following notification requirements:

(1) Notification regarding PSO compliance with the minimum contract requirement. No later than 45 calendar days prior to the last day of the pertinent 24-month assessment period, specified in paragraph (b)(2)(iii)(C) of this section, the Secretary must receive from a PSO a certification that states whether it has met the requirement of that paragraph regarding two bona fide contracts, submitted in accordance with §3.112 of this subpart.

(2) Notification regarding a PSO's relationships with its contracting providers—(i) Requirement. A PSO must file a disclosure statement regarding a provider with which it has a contract that provides the confidentiality and privilege protections of the Patient Safety Act (hereinafter referred to as a Patient Safety Act contract) if the PSO has any other relationships with this provider that are described in paragraphs (d)(2)(i)(A) through (D) of this section. The PSO must disclose all such relationships. A disclosure statement is not required if all of its other relationships with the provider are limited to Patient Safety Act contracts.

(A) The provider and PSO have current contractual relationships, other than those arising from any Patient Safety Act contracts, including formal contracts or agreements that impose obligations on the PSO.

(B) The provider and PSO have current financial relationships other than those arising from any Patient Safety Act contracts. A financial relationship may include any direct or indirect ownership or investment relationship between the PSO and the contracting provider, shared or common financial interests or direct or indirect compensation arrangements whether in cash or in-kind.

(C) The PSO and provider have current reporting relationships other than those arising from any Patient Safety Act contracts, by which the provider has access to information regarding the work and operation of the PSO that is not available to other contracting providers.

(D) Taking into account all relationships that the PSO has with the provider, the PSO is not independently managed or controlled, or the PSO does not operate independently from, the contracting provider.

(ii) Content. A PSO must submit to the Secretary the required attestation form for disclosures with the information specified below in accordance with §3.112 and this section. The substantive information that must be included with each submission has two required parts:

(A) The Required Disclosures. The first part of the substantive information must provide a succinct list of obligations between the PSO and the contracting provider apart from their Patient Safety Act contract(s) that create, or contain, any of the types of relationships that must be disclosed based upon the requirements of paragraphs (d)(2)(i)(A) through (D) of this section. Each reportable obligation or discrete set of obligations that the PSO has with this contracting provider should be listed only once; noting the specific aspects of the obligation(s) that reflect contractual or financial relationships, involve access to information that is not available to other providers, or affect the independence of PSO operations, management, or control.

(B) An Explanatory Narrative. The second required part of the substantive information must provide a brief explanatory narrative succinctly describing: The policies and procedures that the PSO has in place to ensure adherence to objectivity and professionally recognized analytic standards in the assessments it undertakes; and any other policies or procedures, or agreements with this provider, that the PSO has in place to ensure that it can fairly and accurately perform patient safety activities.

(iii) Deadlines for submission. The Secretary must receive a disclosure statement within 45 days of the date on which a PSO enters a contract with a provider if the circumstances described in any of the paragraphs (d)(2)(i)(A) through (D) of this section are met on the date the contract is entered. During the contract period, if these circumstances subsequently arise, the Secretary must receive a disclosure statement from the PSO within 45 days of the date that any disclosure requirement in paragraph (d)(2)(i) of this section first applies.

return arrow Back to Top

§3.104   Secretarial actions.

(a) Actions in response to certification submissions for initial and continued listing as a PSO. (1) In response to an initial or continued certification submission by an entity, pursuant to the requirements of §3.102 of this subpart, the Secretary may—

(i) Accept the certification submission and list the entity as a PSO, or maintain the listing of a PSO, if the Secretary determines that the entity meets the applicable requirements of the Patient Safety Act and this subpart;

(ii) Deny acceptance of a certification submission and, in the case of a currently listed PSO, remove the entity from the list if the entity does not meet the applicable requirements of the Patient Safety Act and this subpart; or

(iii) Condition the listing of an entity or the continued listing of a PSO, following a determination made pursuant to paragraph (c) of this section or a determination after review of the pertinent history of an entity that has been delisted or refused listing and its officials and senior managers.

(2) Basis for determination. In making a determination regarding listing, the Secretary will consider the certification submission; any prior actions by the Secretary regarding the entity or PSO including delisting; any history of or current non-compliance by the entity or the PSO or its officials or senior managers with statutory or regulatory requirements or requests from the Secretary; the relationships of the entity or PSO with providers; and any findings made by the Secretary in accordance with paragraph (c) of this section.

(3) Notification. The Secretary will notify in writing each entity of action taken on its certification submission for initial or continued listing. The Secretary will provide reasons when an entity's certification is conditionally accepted and the entity is conditionally listed, when an entity's certification is not accepted and the entity is not listed, or when acceptance of its certification is revoked and the entity is delisted.

(b) Actions regarding PSO compliance with the minimum contract requirement. After the date on which the Secretary, under §3.102(d)(1) of this subpart, must receive notification regarding compliance of a PSO with the minimum contract requirement—

(1) If the PSO has met the minimum contract requirement, the Secretary will acknowledge in writing receipt of the notification and add information to the list established pursuant to paragraph (d) of this section stating that the PSO has certified that it has met the requirement.

(2) If the PSO states that it has not yet met the minimum contract requirement by the date specified in §3.102(d)(1), or if notice is not received by that date, the Secretary will issue to the PSO a notice of a preliminary finding of deficiency as specified in §3.108(a)(2) and establish a period for correction that extends until midnight of the last day of the PSO's applicable 24-month period of assessment. Thereafter, if the requirement has not been met, the Secretary will provide the PSO a written notice of proposed revocation and delisting in accordance with §3.108(a)(3).

(c) Actions regarding required disclosures by PSOs of relationships with contracting providers. The Secretary will review and make findings regarding each disclosure statement submitted by a PSO, pursuant to §3.102(d)(2), regarding its relationships with contracting provider(s), determine whether such findings warrant action regarding the listing of the PSO in accordance with paragraph (c)(2) of this section, and make the findings public.

(1) Basis of findings regarding PSO disclosure statements. In reviewing disclosure statements, submitted pursuant to §3.102(d)(2) of this subpart, the Secretary will consider the disclosed relationship(s) between the PSO and the contracting provider and the statements and material submitted by the PSO describing the policies and procedures that the PSO has in place to determine whether the PSO can fairly and accurately perform the required patient safety activities.

(2) Determination by the Secretary. Based on the Secretary's review and findings, he may choose to take any of the following actions:

(i) For an entity seeking an initial or continued listing, the Secretary may list or continue the listing of an entity without conditions, list the entity subject to conditions, or deny the entity's certification for initial or continued listing; or

(ii) For a listed PSO, the Secretary may determine that the entity will remain listed without conditions, continue the entity's listing subject to conditions, or remove the entity from the list of PSOs.

(3) Release of disclosure statements and Secretarial findings. (i) Subject to paragraph (c)(3)(ii) of this section, the Secretary will make disclosure statements available to the public along with related findings that are made available in accordance with paragraph (c) of this section.

(ii) The Secretary may withhold information that is exempt from public disclosure under the Freedom of Information Act, e.g., trade secrets or confidential commercial information that are subject to the restrictions of 18 U.S.C. 1905.

(d) Maintaining a list of PSOs. The Secretary will compile and maintain a publicly available list of entities whose certifications as PSOs have been accepted. The list will include contact information for each entity, a copy of all certification forms and disclosure statements submitted by each entity in accordance with paragraph (c)(3)(ii) of this section, the effective date of the PSO's listing, and information on whether a PSO has certified that it has met the two contract requirement. The list also will include a copy of the Secretary's findings regarding each disclosure statement submitted by an entity, information describing any related conditions that have been placed by the Secretary on the listing of an entity as a PSO, and other information that this Subpart states may be made public. AHRQ may maintain a PSO website (or a comparable future form of public notice) and may post the list on this website.

(e) Three-year period of listing. (1) The three-year period of listing of a PSO will automatically expire at midnight of the last day of this period, unless the listing had been revoked or relinquished earlier in accordance with §3.108 of this subpart, or if, prior to this automatic expiration, the PSO seeks a new three-year listing, in accordance with §3.102, and the Secretary accepts the PSO's certification for a new three-year listing, in accordance with §3.104(a).

(2) The Secretary plans to send a written notice of imminent expiration to a PSO at least 60 calendar days prior to the date on which its three-year period of listing expires if the Secretary has not yet received a certification for continued listing. The Secretary plans to indicate, on the AHRQ PSO website, the PSOs from whom certifications for continued listing have not been timely received.

(f) Effective dates of Secretarial actions. Unless otherwise stated, the effective date of each action by the Secretary pursuant to this subpart will be specified in the written notice of such action that is sent to the entity. When the Secretary sends a notice that addresses acceptance or revocation of an entity's certifications or voluntary relinquishment by an entity of its status as a PSO, the notice will specify the effective date and time of listing or delisting.

return arrow Back to Top

§3.106   Security requirements.

(a) Application. A PSO must secure patient safety work product in conformance with the security requirements of paragraph (b) of this section. These requirements must be met at all times and at any location at which the PSO, its workforce members, or its contractors receive, access, or handle patient safety work product. Handling patient safety work product includes its processing, development, use, maintenance, storage, removal, disclosure, transmission and destruction.

(b) Security framework. A PSO must have written policies and procedures that address each of the considerations specified in this subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security standards, policies, and procedures that are suitable for the size and complexity of its organization.

(1) Security management. A PSO must address:

(i) Maintenance and effective implementation of written policies and procedures that conform to the requirements of this section to protect the confidentiality, integrity, and availability of the patient safety work product that is received, accessed, or handled; and to monitor and improve the effectiveness of such policies and procedures, and

(ii) Training of the PSO workforce and PSO contractors who receive, access, or handle patient safety work product regarding the requirements of the Patient Safety Act, this Part, and the PSO's policies and procedures regarding the confidentiality and security of patient safety work product.

(2) Distinguishing patient safety work product. A PSO must address:

(i) Maintenance of the security of patient safety work product, whether in electronic or other media, through either physical separation from non-patient safety work product, or if co-located with non-patient safety work product, by making patient safety work product distinguishable so that the appropriate form and level of security can be applied and maintained;

(ii) Protection of the media, whether in electronic, paper, or other media or format, that contain patient safety work product, limiting access to authorized users, and sanitizing and destroying such media before their disposal or release for reuse; and

(iii) Physical and environmental protection, to control and limit physical and virtual access to places and equipment where patient safety work product is received, accessed, or handled.

(3) Security control and monitoring. A PSO must address:

(i) Identification of those authorized to receive, access, or handle patient safety work product and an audit capacity to detect unlawful, unauthorized, or inappropriate receipt, access, or handling of patient safety work product, and

(ii) Methods to prevent unauthorized receipt, access, or handling of patient safety work product.

(4) Security assessment. A PSO must address:

(i) Periodic assessments of security risks and controls to establish if its controls are effective, to correct any deficiency identified, and to reduce or eliminate any vulnerabilities.

(ii) System and communications protection, to monitor, control, and protect PSO receipt, access, or handling of patient safety work product with particular attention to the transmission of patient safety work product to and from providers, other PSOs, contractors or any other responsible persons.

return arrow Back to Top

§3.108   Correction of deficiencies, revocation, and voluntary relinquishment.

(a) Process for correction of a deficiency and revocation—(1) Circumstances leading to revocation. The Secretary may revoke his acceptance of an entity's certification (“revocation”) and delist the entity as a PSO if he determines—

(i) The PSO is not fulfilling the certifications made to the Secretary as required by §3.102;

(ii) The PSO has not met the two contract requirement, as required by §3.102(d)(1);

(iii) Based on a PSO's disclosures made pursuant to §3.102(d)(2) , that the entity cannot fairly and accurately perform the patient safety activities of a PSO with a public finding to that effect; or

(iv) The PSO is not in compliance with any other provision of the Patient Safety Act or this part.

(2) Notice of preliminary finding of deficiency and establishment of an opportunity for correction of a deficiency. (i) Except as provided by paragraph (e) of this section, if the Secretary determines that a PSO is not in compliance with its obligations under the Patient Safety Act or this subpart, the Secretary must send a PSO written notice of the preliminary finding of deficiency. The notice must state the actions or inactions that encompass the deficiency finding, outline the evidence that the deficiency exists, specify the possible and/or required corrective actions that must be taken, and establish a date by which the deficiency must be corrected. The Secretary may specify in the notice the form of documentation required to demonstrate that the deficiency has been corrected.

(ii) The notice of a preliminary finding of deficiency is presumed received five days after it is sent, absent evidence of the actual receipt date. If a PSO does not submit evidence to the Secretary within 14 calendar days of actual or constructive receipt of such notice, whichever is longer, which demonstrates that the preliminary finding is factually incorrect, the preliminary finding will be the basis for a finding of deficiency.

(3) Determination of correction of a deficiency. (i) Unless the Secretary specifies another date, the Secretary must receive documentation to demonstrate that the PSO has corrected any deficiency cited in the preliminary finding of deficiency no later than five calendar days following the last day of the correction period that is specified by the Secretary in such notice.

(ii) In making a determination regarding the correction of any deficiency, the Secretary will consider the documentation submitted by the PSO, any assessments under §3.110, recommendations of program staff, and any other information available regarding the PSO that the Secretary deems appropriate and relevant to the PSO's implementation of the terms of its certification.

(iii) After completing his review, the Secretary may make one of the following determinations:

(A) The action(s) taken by the PSO have corrected any deficiency, in which case the Secretary will withdraw the notice of deficiency and so notify the PSO;

(B) The PSO has acted in good faith to correct the deficiency, but the Secretary finds an additional period of time is necessary to achieve full compliance and/or the required corrective action specified in the notice of a preliminary finding of deficiency needs to be modified in light of the experience of the PSO in attempting to implement the corrective action, in which case the Secretary will extend the period for correction and/or modify the specific corrective action required; or

(C) The PSO has not completed the corrective action because it has not acted with reasonable diligence or speed to ensure that the corrective action was completed within the allotted time, in which case the Secretary will issue to the PSO a notice of proposed revocation and delisting.

(iv) When the Secretary issues a written notice of proposed revocation and delisting, the notice will specify the deficiencies that have not been timely corrected and will detail the manner in which the PSO may exercise its opportunity to be heard in writing to respond to the deficiencies specified in the notice.

(4) Opportunity to be heard in writing following a notice of proposed revocation and delisting. The Secretary will afford a PSO an opportunity to be heard in writing, as specified in paragraph (a)(4)(i) of this section, to provide a substantive response to the deficiency finding(s) set forth in the notice of proposed revocation and delisting.

(i) The notice of proposed revocation and delisting is presumed received five days after it is sent, absent evidence of actual receipt. The Secretary will provide a PSO with a period of time, beginning with the date of receipt of the notice of proposed revocation and delisting of which there is evidence, or the presumed date of receipt if there is no evidence of earlier receipt, and ending at midnight 30 calendar days thereafter, during which the PSO may submit a substantive response to the deficiency findings in writing.

(ii) The Secretary will provide to the PSO any rules of procedure governing the form or transmission of the written response to the notice of proposed revocation and delisting. Such rules may also be posted on the AHRQ PSO Web site or published in the Federal Register.

(iii) If a PSO does not submit a written response to the deficiency finding(s) within 30 calendar days of receipt of the notice of proposed revocation and delisting, the notice of proposed revocation becomes final as a matter of law and the basis for Secretarial action under paragraph (b)(1) of this section.

(5) The Secretary's decision regarding revocation. The Secretary will review the entire administrative record pertaining to a notice of proposed revocation and delisting and any written materials submitted by the PSO under paragraph (a)(4) of this section. The Secretary may affirm, reverse, or modify the notice of proposed revocation and delisting and will make a determination with respect to the continued listing of the PSO.

(b) Revocation of the Secretary's acceptance of a PSO's certifications—(1) Establishing the date and time of revocation and delisting. When the Secretary concludes, in accordance with a decision made under paragraphs (a)(5), (e)(3)(iii) or (e)(3)(iv)(C) of this section, that revocation of the acceptance of a PSO's certification is warranted for its failure to comply with requirements of the Patient Safety Act or of this Part, the Secretary will establish the effective time and date for such prompt revocation and removal of the entity from the list of PSOs, so notify the PSO in writing, and provide the relevant public notice required by §3.108(d) of this subpart.

(2) Required notification of providers and status of data. (i) Upon being notified of the Secretary's action pursuant to paragraph (b)(1) of this section, the former PSO will take all reasonable actions to notify each provider, whose patient safety work product it collected or analyzed, of the Secretary's action(s) and the following statutory information: Confidentiality and privilege protections that applied to patient safety work product while the former PSO was listed continue to apply after the entity is removed from listing. Data submitted by providers to the former PSO for 30 calendar days following the date and time on which the entity was removed from the list of PSOs pursuant to paragraph (b)(1) of this section will have the same status as data submitted while the entity was still listed.

(ii) Within 15 days of being notified of the Secretary's action pursuant to paragraph (b)(1) of this section, the former PSO shall submit to the Secretary confirmation that it has taken the actions in paragraph (b)(2)(i) of this section.

(3) Disposition of patient safety work product and data. Within 90 days following the effective date of revocation and delisting pursuant to paragraph (b)(1) of this section, the former PSO will take one or more of the following measures in regard to patient safety work product and data described in paragraph (b)(2)(i) of this section:

(i) Transfer such patient safety work product or data, with the approval of the source from which it was received, to a PSO that has agreed to receive such patient safety work product or data;

(ii) Return such work product or data to the source from which it was submitted; or

(iii) If returning such patient safety work product or data to its source is not practicable, destroy such patient safety work product or data.

(c) Voluntary relinquishment—(1) Circumstances constituting voluntary relinquishment. A PSO will be considered to have voluntarily relinquished its status as a PSO if the Secretary accepts a notification from a PSO that it wishes to relinquish voluntarily its listing as a PSO.

(2) Notification of voluntary relinquishment. A PSO's notification of voluntary relinquishment to the Secretary must include the following:

(i) An attestation that all reasonable efforts have been made, or will have been made by a PSO within 15 calendar days of this statement, to notify the sources from which it received patient safety work product of the PSO's intention to cease PSO operations and activities, to relinquish voluntarily its status as a PSO, to request that these other entities cease reporting or submitting any further information to the PSO as soon as possible, and inform them that any information reported after the effective date and time of delisting that the Secretary sets pursuant to paragraph (c)(3) of this section will not be protected as patient safety work product under the Patient Safety Act.

(ii) An attestation that the entity has established a plan, or within 15 calendar days of this statement, will have made all reasonable efforts to establish a plan, in consultation with the sources from which it received patient safety work product, that provides for the disposition of the patient safety work product held by the PSO consistent with, to the extent practicable, the statutory options for disposition of patient safety work product as set out in paragraph (b)(3) of this section; and

(iii) Appropriate contact information for further communications from the Secretary.

(3) Response to notification of voluntary relinquishment. (i) After a PSO provides the notification required by paragraph (c)(2) of this section, the Secretary will respond in writing to the entity indicating whether the proposed voluntary relinquishment of its PSO status is accepted. If the voluntary relinquishment is accepted, the Secretary's response will indicate an effective date and time for the entity's removal from the list of PSOs and will provide public notice of the voluntary relinquishment and the effective date and time of the delisting, in accordance with §3.108(d) of this subpart.

(ii) If the Secretary receives a notification of voluntary relinquishment during or immediately after revocation proceedings for cause under paragraphs (a)(4) and (a)(5) of this section, the Secretary, as a matter of discretion, may accept voluntary relinquishment in accordance with the preceding paragraph or decide not to accept the entity's proposed voluntary relinquishment and proceed with the revocation for cause and delisting pursuant to paragraph (b)(1) of this section.

(4) Non-applicability of certain procedures and requirements. (i) A decision by the Secretary to accept a request by a PSO to relinquish voluntarily its status as a PSO pursuant to paragraph (c)(2) of this section does not constitute a determination of a deficiency in PSO compliance with the Patient Safety Act or with this Subpart.

(ii) The procedures and requirements of §3.108(a) of this subpart regarding deficiencies including the opportunity to correct deficiencies and to be heard in writing, and the procedures and requirements of §3.108(b) are not applicable to determinations of the Secretary made pursuant to this subsection.

(d) Public notice of delisting regarding removal from listing. If the Secretary removes an entity from the list of PSOs following revocation of acceptance of the entity's certification pursuant to §3.108(b)(1), voluntary relinquishment pursuant to §3.108(c)(3), or expiration of an entity's period of listing pursuant to §3.104(e)(1), the Secretary will promptly publish in the Federal Register and on the AHRQ PSO website, or in a comparable future form of public notice, a notice of the actions taken and the effective dates.

(e) Expedited revocation and delisting—(1) Basis for expedited revocation. Notwithstanding any other provision of this section, the Secretary may use the expedited revocation process described in paragraph (e)(3) of this section if he determines—

(i) The PSO is not in compliance with this part because it is or is about to become an entity described in §3.102(a)(2).

(ii) The parent organization of the PSO is an entity described in §3.102(a)(2) and requires or induces health care providers to report patient safety work product to its component PSO; or

(iii) The circumstances for revocation in paragraph (a)(1) of this section exist, and the Secretary has determined that there would be serious adverse consequences if the PSO were to remain listed.

(2) Applicable provisions. If the Secretary uses the expedited revocation process described in paragraph (e)(3) of this section, the procedures in paragraphs (a)(2) through (5) of this section shall not apply and paragraph (a)(1) and paragraphs (b) and (d) of this section shall apply.

(3) Expedited revocation process. (i) The Secretary must send the PSO a written notice of deficiency that:

(A) Identifies the evidence that the circumstances for revocation and delisting under paragraph (a)(1) of this section exist, and any corrective action that the PSO must take if the Secretary determines that corrective action may resolve the matter so that the entity would not be delisted; and

(B) Provides an opportunity for the PSO to respond in writing to correct the facts or the legal bases for delisting found in the notice, and to offer any other grounds for its not being delisted.

(ii) The notice of deficiency will be presumed to be received five days after it is sent, absent evidence of the actual receipt date.

(iii) If the PSO does not submit a written response to the Secretary within 14 calendar days of actual or constructive receipt of such notice, whichever is longer, the Secretary may revoke his acceptance of the PSO's certifications and remove the entity from the list of PSOs.

(iv) If the PSO responds in writing within the required 14-day time period, the Secretary may take any of the following actions:

(A) Withdraw the notice of deficiency;

(B) Provide the PSO with more time to resolve the matter to the Secretary's satisfaction; or

(C) Revoke his acceptance of the PSO's certifications and remove the entity from the list of PSOs.

return arrow Back to Top

§3.110   Assessment of PSO compliance.

The Secretary may request information or conduct announced or unannounced reviews of, or site visits to, PSOs, to assess or verify PSO compliance with the requirements of this subpart and for these purposes will be allowed to inspect the physical or virtual sites maintained or controlled by the PSO. The Secretary will be allowed to inspect and/or be given or sent copies of any PSO records deemed necessary and requested by the Secretary to implement the provisions of this subpart. Such PSO records may include patient safety work product in accordance with §3.206(d) of this part.

return arrow Back to Top

§3.112   Submissions and forms.

(a) Forms referred to in this subpart may be obtained on the PSO Web site (http://www.pso.ahrq.gov) maintained for the Secretary by AHRQ or a successor agency or on successor publication technology or by requesting them in writing by e-mail at pso@ahrq.hhs.gov, or by mail from the Agency for Healthcare Research and Quality, CQuIPS, PSO Liaison, 540 Gaither Road, Rockville, MD 20850. A form (including any required attachments) must be submitted in accordance with the accompanying instructions.

(b) Information submitted to AHRQ in writing, but not required to be on or attached to a form, and requests for information from AHRQ, may be submitted by mail or other delivery to the Agency for Healthcare Research and Quality, CQuIPS, PSO Liaison, 540 Gaither Road, Rockville, MD 20850, by facsimile at (301) 427-1341, or by e-mail at pso@ahrq.hhs.gov.

(c) If a submission to the Secretary is incomplete or additional information is needed to allow a determination to be made under this subpart, the submitter will be notified if any additional information is required.

return arrow Back to Top

Subpart C—Confidentiality and Privilege Protections of Patient Safety Work Product

return arrow Back to Top

§3.204   Privilege of patient safety work product.

(a) Privilege. Notwithstanding any other provision of Federal, State, local, or Tribal law and subject to paragraph (b) of this section and §3.208 of this subpart, patient safety work product shall be privileged and shall not be:

(1) Subject to a Federal, State, local, or Tribal civil, criminal, or administrative subpoena or order, including in a Federal, State, local, or Tribal civil or administrative disciplinary proceeding against a provider;

(2) Subject to discovery in connection with a Federal, State, local, or Tribal civil, criminal, or administrative proceeding, including in a Federal, State, local, or Tribal civil or administrative disciplinary proceeding against a provider;

(3) Subject to disclosure pursuant to section 552 of Title 5, United States Code (commonly known as the Freedom of Information Act) or any other similar Federal, State, local, or Tribal law;

(4) Admitted as evidence in any Federal, State, local, or Tribal governmental civil proceeding, criminal proceeding, administrative rulemaking proceeding, or administrative adjudicatory proceeding, including any such proceeding against a provider; or

(5) Admitted in a professional disciplinary proceeding of a professional disciplinary body established or specifically authorized under State law.

(b) Exceptions to privilege. Privilege shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:

(1) Disclosure of relevant patient safety work product for use in a criminal proceeding, subject to the conditions at §3.206(b)(1) of this subpart.

(2) Disclosure to the extent required to permit equitable relief subject to the conditions at §3.206(b)(2) of this subpart.

(3) Disclosure pursuant to provider authorizations subject to the conditions at §3.206(b)(3) of this subpart.

(4) Disclosure of non-identifiable patient safety work product subject to the conditions at §3.206(b)(5) of this subpart.

(c) Implementation and enforcement by the Secretary. Privilege shall not apply to (and shall not be construed to prohibit) disclosures of relevant patient safety work product to or by the Secretary if such patient safety work product is needed to investigate or determine compliance, or to seek or impose civil money penalties, with respect to this part or the HIPAA Privacy Rule, or to make or support decisions with respect to listing of a PSO.

return arrow Back to Top

§3.206   Confidentiality of patient safety work product.

(a) Confidentiality. Subject to paragraphs (b) through (e) of this section, and §§3.208 and 3.210 of this subpart, patient safety work product shall be confidential and shall not be disclosed.

(b) Exceptions to confidentiality. The confidentiality provisions shall not apply to (and shall not be construed to prohibit) one or more of the following disclosures:

(1) Disclosure in criminal proceedings. Disclosure of relevant patient safety work product for use in a criminal proceeding, but only after a court makes an in-camera determination that:

(i) Such patient safety work product contains evidence of a criminal act;

(ii) Such patient safety work product is material to the proceeding; and

(iii) Such patient safety work product is not reasonably available from any other source.

(2) Disclosure to permit equitable relief for reporters. Disclosure of patient safety work product to the extent required to permit equitable relief under section 922 (f)(4)(A) of the Public Health Service Act, provided the court or administrative tribunal has issued a protective order to protect the confidentiality of the patient safety work product in the course of the proceeding.

(3) Disclosure authorized by identified providers. (i) Disclosure of identifiable patient safety work product consistent with a valid authorization if such authorization is obtained from each provider identified in such work product prior to disclosure. A valid authorization must:

(A) Be in writing and signed by the provider from whom authorization is sought; and

(B) Contain sufficient detail to fairly inform the provider of the nature and scope of the disclosures being authorized;

(ii) A valid authorization must be retained by the disclosing entity for six years from the date of the last disclosure made in reliance on the authorization and made available to the Secretary upon request.

(4) Disclosure for patient safety activities—(i) Disclosure between a provider and a PSO. Disclosure of patient safety work product for patient safety activities by a provider to a PSO or by a PSO to that disclosing provider.

(ii) Disclosure to a contractor of a provider or a PSO. A provider or a PSO may disclose patient safety work product for patient safety activities to an entity with which it has contracted to undertake patient safety activities on its behalf. A contractor receiving patient safety work product for patient safety activities may not further disclose patient safety work product, except to the provider or PSO with which it is contracted.

(iii) Disclosure among affiliated providers. Disclosure of patient safety work product for patient safety activities by a provider to an affiliated provider.

(iv) Disclosure to another PSO or provider. Disclosure of patient safety work product for patient safety activities by a PSO to another PSO or to another provider that has reported to the PSO, or, except as otherwise permitted in paragraph (b)(4)(iii) of this section, by a provider to another provider, provided:

(A) The following direct identifiers of any providers and of affiliated organizations, corporate parents, subsidiaries, practice partners, employers, members of the workforce, or household members of such providers are removed:

(1) Names;

(2) Postal address information, other than town or city, State and zip code;

(3) Telephone numbers;

(4) Fax numbers;

(5) Electronic mail addresses;

(6) Social security numbers or taxpayer identification numbers;

(7) Provider or practitioner credentialing or DEA numbers;

(8) National provider identification number;

(9) Certificate/license numbers;

(10) Web Universal Resource Locators (URLs);

(11) Internet Protocol (IP) address numbers;

(12) Biometric identifiers, including finger and voice prints; and

(13) Full face photographic images and any comparable images; and

(B) With respect to any individually identifiable health information in such patient safety work product, the direct identifiers listed at 45 CFR 164.514(e)(2) have been removed.

(5) Disclosure of nonidentifiable patient safety work product. Disclosure of nonidentifiable patient safety work product when patient safety work product meets the standard for nonidentification in accordance with §3.212 of this subpart.

(6) Disclosure for research. (i) Disclosure of patient safety work product to persons carrying out research, evaluation or demonstration projects authorized, funded, certified, or otherwise sanctioned by rule or other means by the Secretary, for the purpose of conducting research.

(ii) If the patient safety work product disclosed pursuant to paragraph (b)(6)(i) of this section is by a HIPAA covered entity as defined at 45 CFR 160.103 and contains protected health information as defined by the HIPAA Privacy Rule at 45 CFR 160.103, such patient safety work product may only be disclosed under this exception in the same manner as would be permitted under the HIPAA Privacy Rule.

(7) Disclosure to the Food and Drug Administration (FDA) and entities required to report to FDA. (i) Disclosure by a provider of patient safety work product concerning an FDA-regulated product or activity to the FDA, an entity required to report to the FDA concerning the quality, safety, or effectiveness of an FDA-regulated product or activity, or a contractor acting on behalf of FDA or such entity for these purposes.

(ii) Any person permitted to receive patient safety work product pursuant to paragraph (b)(7)(i) of this section may only further disclose such patient safety work product for the purpose of evaluating the quality, safety, or effectiveness of that product or activity to another such person or the disclosing provider.

(8) Voluntary disclosure to an accrediting body. (i) Voluntary disclosure by a provider of patient safety work product to an accrediting body that accredits that provider, provided, with respect to any identified provider other than the provider making the disclosure:

(A) The provider agrees to the disclosure; or

(B) The identifiers at §3.206(b)(4)(iv)(A) are removed.

(ii) An accrediting body may not further disclose patient safety work product it receives pursuant to paragraph (b)(8)(i) of this section.

(iii) An accrediting body may not take an accrediting action against a provider based on a good faith participation of the provider in the collection, development, reporting, or maintenance of patient safety work product in accordance with this Part. An accrediting body may not require a provider to reveal its communications with any PSO.

(9) Disclosure for business operations. (i) Disclosure of patient safety work product by a provider or a PSO for business operations to attorneys, accountants, and other professionals. Such contractors may not further disclose patient safety work product, except to the entity from which they received the information.

(ii) Disclosure of patient safety work product for such other business operations that the Secretary may prescribe by regulation as consistent with the goals of this part.

(10) Disclosure to law enforcement. (i) Disclosure of patient safety work product to an appropriate law enforcement authority relating to an event that either constitutes the commission of a crime, or for which the disclosing person reasonably believes constitutes the commission of a crime, provided that the disclosing person believes, reasonably under the circumstances, that the patient safety work product that is disclosed is necessary for criminal law enforcement purposes.

(ii) Law enforcement personnel receiving patient safety work product pursuant to paragraph (b)(10)(i) of this section only may disclose that patient safety work product to other law enforcement authorities as needed for law enforcement activities related to the event that gave rise to the disclosure under paragraph (b)(10)(i) of this section.

(c) Safe harbor. A provider or responsible person, but not a PSO, is not considered to have violated the requirements of this subpart if a member of its workforce discloses patient safety work product, provided that the disclosure does not include materials, including oral statements, that:

(1) Assess the quality of care of an identifiable provider; or

(2) Describe or pertain to one or more actions or failures to act by an identifiable provider.

(d) Implementation and enforcement by the Secretary. The confidentiality provisions shall not apply to (and shall not be construed to prohibit) disclosures of relevant patient safety work product to or by the Secretary if such patient safety work product is needed to investigate or determine compliance or to seek or impose civil money penalties, with respect to this part or the HIPAA Privacy Rule, or to make or support decisions with respect to listing of a PSO.

(e) No limitation on authority to limit or delegate disclosure or use. Nothing in subpart C of this part shall be construed to limit the authority of any person to enter into a contract requiring greater confidentiality or delegating authority to make a disclosure or use in accordance with this subpart.

return arrow Back to Top

§3.208   Continued protection of patient safety work product.

(a) Except as provided in paragraph (b) of this section, patient safety work product disclosed in accordance with this subpart, or disclosed impermissibly, shall continue to be privileged and confidential.

(b)(1) Patient safety work product disclosed for use in a criminal proceeding pursuant to section 922(c)(1)(A) of the Public Health Service Act, 42 U.S.C. 299b-22(c)(1)(A), and/or pursuant to §3.206(b)(1) of this subpart continues to be privileged, but is no longer confidential.

(2) Non-identifiable patient safety work product that is disclosed is no longer privileged or confidential and not subject to the regulations under this part.

(3) Paragraph (b) of this section applies only to the specific patient safety work product disclosed.

return arrow Back to Top

§3.210   Required disclosure of patient safety work product to the Secretary.

Notwithstanding any other provision in this part, providers, PSOs, and responsible persons must disclose patient safety work product upon request by the Secretary when the Secretary determines such patient safety work product is needed to investigate or determine compliance or to seek or impose civil money penalties, with respect to this part or the HIPAA Privacy Rule, or to make or support decisions with respect to listing of a PSO.

return arrow Back to Top

§3.212   Nonidentification of patient safety work product.

(a) Patient safety work product is nonidentifiable with respect to a particular identified provider or a particular identified reporter if:

(1) A person with appropriate knowledge of and experience with generally accepted statistical and scientific principles and methods for rendering information not individually identifiable:

(i) Applying such principles and methods, determines that the risk is very small that the information could be used, alone or in combination with other reasonably available information, by an anticipated recipient to identify an identified provider or reporter; and

(ii) Documents the methods and results of the analysis that justify such determination; or

(2)(i) The following identifiers of such provider or reporter and of affiliated organizations, corporate parents, subsidiaries, practice partners, employers, members of the workforce, or household members of such providers or reporters are removed:

(A) The direct identifiers listed at §3.206(b)(4)(iv)(A)(1) through (13) of this subpart;

(B) Geographic subdivisions smaller than a State, including street address, city, county, precinct, zip code and equivalent geocodes, except for the initial three digits of a zip code if, according to the current publicly available data from the Bureau of the Census, the geographic unit formed by combining all zip codes with the same three initial digits contains more than 20,000 people;

(C) All elements of dates (except year) for dates directly related to a patient safety incident or event; and

(D) Any other unique identifying number, characteristic, or code except as permitted for re-identification; and

(ii) The provider, PSO or responsible person making the disclosure does not have actual knowledge that the information could be used, alone or in combination with other information that is reasonably available to the intended recipient, to identify the particular provider or reporter.

(3) Re-identification. A provider, PSO, or responsible person may assign a code or other means of record identification to allow information made nonidentifiable under this section to be re-identified by such provider, PSO, or responsible person, provided that:

(i) The code or other means of record identification is not derived from or related to information about the provider or reporter and is not otherwise capable of being translated so as to identify the provider or reporter; and

(ii) The provider, PSO, or responsible person does not use or disclose the code or other means of record identification for any other purpose, and does not disclose the mechanism for re-identification.

(b) Patient safety work product is non-identifiable with respect to a particular patient only if the individually identifiable health information regarding that patient is de-identified in accordance with the HIPAA Privacy Rule standard and implementation specifications for the de-identification at 45 CFR 164.514(a) through (c).

return arrow Back to Top

Subpart D—Enforcement Program

return arrow Back to Top

§3.304   Principles for achieving compliance.

(a) Cooperation. The Secretary will, to the extent practicable, seek the cooperation of providers, PSOs, and responsible persons in obtaining compliance with the applicable confidentiality provisions.

(b) Assistance. The Secretary may provide technical assistance to providers, PSOs, and responsible persons to help them comply voluntarily with the applicable confidentiality provisions.

return arrow Back to Top

§3.306   Complaints to the Secretary.

(a) Right to file a complaint. A person who believes that patient safety work product has been disclosed in violation of the confidentiality provisions may file a complaint with the Secretary.

(b) Requirements for filing complaints. Complaints under this section must meet the following requirements:

(1) A complaint must be filed in writing, either on paper or electronically.

(2) A complaint must name the person that is the subject of the complaint and describe the act(s) believed to be in violation of the applicable confidentiality provision(s).

(3) A complaint must be filed within 180 days of when the complainant knew or should have known that the act complained of occurred, unless this time limit is waived by the Secretary for good cause shown.

(4) The Secretary may prescribe additional procedures for the filing of complaints, as well as the place and manner of filing, by notice in the Federal Register.

(c) Investigation. The Secretary may investigate complaints filed under this section. Such investigation may include a review of the pertinent policies, procedures, or practices of the respondent and of the circumstances regarding any alleged violation. At the time of initial written communication with the respondent about the complaint, the Secretary will describe the act(s) that are the basis of the complaint.

return arrow Back to Top

§3.308   Compliance reviews.

The Secretary may conduct compliance reviews to determine whether a respondent is complying with the applicable confidentiality provisions.

return arrow Back to Top

§3.310   Responsibilities of respondents.

(a) Provide records and compliance reports. A respondent must keep such records and submit such compliance reports, in such time and manner and containing such information, as the Secretary may determine to be necessary to enable the Secretary to ascertain whether the respondent has complied or is complying with the applicable confidentiality provisions.

(b) Cooperate with complaint investigations and compliance reviews. A respondent must cooperate with the Secretary, if the Secretary undertakes an investigation or compliance review of the policies, procedures, or practices of the respondent to determine whether it is complying with the applicable confidentiality provisions.

(c) Permit access to information. (1) A respondent must permit access by the Secretary during normal business hours to its facilities, books, records, accounts, and other sources of information, including patient safety work product, that are pertinent to ascertaining compliance with the applicable confidentiality provisions. If the Secretary determines that exigent circumstances exist, such as when documents may be hidden or destroyed, a respondent must permit access by the Secretary at any time and without notice.

(2) If any information required of a respondent under this section is in the exclusive possession of any other agency, institution, or person, and the other agency, institution, or person fails or refuses to furnish the information, the respondent must so certify and set forth what efforts it has made to obtain the information.

return arrow Back to Top

§3.312   Secretarial action regarding complaints and compliance reviews.

(a) Resolution when noncompliance is indicated. (1) If an investigation of a complaint pursuant to §3.306 of this subpart or a compliance review pursuant to §3.308 of this subpart indicates noncompliance, the Secretary may attempt to reach a resolution of the matter satisfactory to the Secretary by informal means. Informal means may include demonstrated compliance or a completed corrective action plan or other agreement.

(2) If the matter is resolved by informal means, the Secretary will so inform the respondent and, if the matter arose from a complaint, the complainant, in writing.

(3) If the matter is not resolved by informal means, the Secretary will—

(i) So inform the respondent and provide the respondent an opportunity to submit written evidence of any mitigating factors. The respondent must submit any evidence to the Secretary within 30 days (computed in the same manner as prescribed under §3.526 of this subpart) of receipt of such notification; and

(ii) If, following action pursuant to paragraph (a)(3)(i) of this section, the Secretary decides that a civil money penalty should be imposed, inform the respondent of such finding in a notice of proposed determination in accordance with §3.420 of this subpart.

(b) Resolution when no violation is found. If, after an investigation pursuant to §3.306 of this subpart or a compliance review pursuant to §3.308 of this subpart, the Secretary determines that further action is not warranted, the Secretary will so inform the respondent and, if the matter arose from a complaint, the complainant, in writing.

(c) Uses and disclosures of information obtained. (1) Identifiable patient safety work product obtained by the Secretary in connection with an investigation or compliance review under this subpart will not be disclosed by the Secretary, except in accordance with §3.206(d) of this subpart, or if otherwise permitted by this part or the Patient Safety Act.

(2) Except as provided for in paragraph (c)(1) of this section, information, including testimony and other evidence, obtained by the Secretary in connection with an investigation or compliance review under this subpart may be used by HHS in any of its activities and may be used or offered into evidence in any administrative or judicial proceeding.

return arrow Back to Top

§3.314   Investigational subpoenas and inquiries.

(a) The Secretary may issue subpoenas in accordance with 42 U.S.C. 405(d) and (e), and 1320a-7a(j), to require the attendance and testimony of witnesses and the production of any other evidence including patient safety work product during an investigation or compliance review pursuant to this part.

(1) A subpoena issued under this paragraph must—

(i) State the name of the person (including the entity, if applicable) to whom the subpoena is addressed;

(ii) State the statutory authority for the subpoena;

(iii) Indicate the date, time, and place that the testimony will take place;

(iv) Include a reasonably specific description of any documents or items required to be produced; and

(v) If the subpoena is addressed to an entity, describe with reasonable particularity the subject matter on which testimony is required. In that event, the entity must designate one or more natural persons who will testify on its behalf, and must state as to each such person that person's name and address and the matters on which he or she will testify. The designated person must testify as to matters known or reasonably available to the entity.

(2) A subpoena under this section must be served by—

(i) Delivering a copy to the natural person named in the subpoena or to the entity named in the subpoena at its last principal place of business; or

(ii) Registered or certified mail addressed to the natural person at his or her last known dwelling place or to the entity at its last known principal place of business.

(3) A verified return by the natural person serving the subpoena setting forth the manner of service or, in the case of service by registered or certified mail, the signed return post office receipt, constitutes proof of service.

(4) Witnesses are entitled to the same fees and mileage as witnesses in the district courts of the United States (28 U.S.C. 1821 and 1825). Fees need not be paid at the time the subpoena is served.

(5) A subpoena under this section is enforceable through the district court of the United States for the district where the subpoenaed natural person resides or is found or where the entity transacts business.

(b) Investigational inquiries are non-public investigational proceedings conducted by the Secretary.

(1) Testimony at investigational inquiries will be taken under oath or affirmation.

(2) Attendance of non-witnesses is discretionary with the Secretary, except that a witness is entitled to be accompanied, represented, and advised by an attorney.

(3) Representatives of the Secretary are entitled to attend and ask questions.

(4) A witness will have the opportunity to clarify his or her answers on the record following questioning by the Secretary.

(5) Any claim of privilege must be asserted by the witness on the record.

(6) Objections must be asserted on the record. Errors of any kind that might be corrected if promptly presented will be deemed to be waived unless reasonable objection is made at the investigational inquiry. Except where the objection is on the grounds of privilege, the question will be answered on the record, subject to objection.

(7) If a witness refuses to answer any question not privileged or to produce requested documents or items, or engages in conduct likely to delay or obstruct the investigational inquiry, the Secretary may seek enforcement of the subpoena under paragraph (a)(5) of this section.

(8) The proceedings will be recorded and transcribed. The witness is entitled to a copy of the transcript, upon payment of prescribed costs, except that, for good cause, the witness may be limited to inspection of the official transcript of his or her testimony.

(9)(i) The transcript will be submitted to the witness for signature.

(A) Where the witness will be provided a copy of the transcript, the transcript will be submitted to the witness for signature. The witness may submit to the Secretary written proposed corrections to the transcript, with such corrections attached to the transcript. If the witness does not return a signed copy of the transcript or proposed corrections within 30 days (computed in the same manner as prescribed under §3.526 of this part) of its being submitted to him or her for signature, the witness will be deemed to have agreed that the transcript is true and accurate.

(B) Where, as provided in paragraph (b)(8) of this section, the witness is limited to inspecting the transcript, the witness will have the opportunity at the time of inspection to propose corrections to the transcript, with corrections attached to the transcript. The witness will also have the opportunity to sign the transcript. If the witness does not sign the transcript or offer corrections within 30 days (computed in the same manner as prescribed under §3.526 of this part) of receipt of notice of the opportunity to inspect the transcript, the witness will be deemed to have agreed that the transcript is true and accurate.

(ii) The Secretary's proposed corrections to the record of transcript will be attached to the transcript.

return arrow Back to Top

§3.402   Basis for a civil money penalty.

(a) General rule. A person who discloses identifiable patient safety work product in knowing or reckless violation of the confidentiality provisions shall be subject to a civil money penalty for each act constituting such violation.

(b) Violation attributed to a principal. A principal is independently liable, in accordance with the federal common law of agency, for a civil money penalty based on the act of the principal's agent, including a workforce member, acting within the scope of the agency if such act could give rise to a civil money penalty in accordance with §3.402(a) of this subpart.

return arrow Back to Top

§3.404   Amount of a civil money penalty.

(a) The amount of a civil money penalty will be determined in accordance with paragraph (b) of this section and §3.408.

(b) The Secretary may impose a civil monetary penalty in the amount of not more than $11,000. This amount has been updated and will be updated annually, in accordance with the Federal Civil Monetary penalty Inflation Adjustment Act of 1990 (Pub. L. 101-140), as amended by the Federal Civil Penalties Inflation Adjustment Act Improvements Act of 2015 (section 701 of Pub. L. 114-74). The amount, as updated, is published at 45 CFR part 102.

[81 FR 61560, Sept. 6, 2016]

return arrow Back to Top

§3.408   Factors considered in determining the amount of a civil money penalty.

In determining the amount of any civil money penalty, the Secretary may consider as aggravating or mitigating factors, as appropriate, any of the following:

(a) The nature of the violation.

(b) The circumstances, including the consequences, of the violation, including:

(1) The time period during which the violation(s) occurred; and

(2) Whether the violation caused physical or financial harm or reputational damage;

(c) The degree of culpability of the respondent, including:

(1) Whether the violation was intentional; and

(2) Whether the violation was beyond the direct control of the respondent.

(d) Any history of prior compliance with the Patient Safety Act, including violations, by the respondent, including:

(1) Whether the current violation is the same or similar to prior violation(s);

(2) Whether and to what extent the respondent has attempted to correct previous violations;

(3) How the respondent has responded to technical assistance from the Secretary provided in the context of a compliance effort; and

(4) How the respondent has responded to prior complaints.

(e) The financial condition of the respondent, including:

(1) Whether the respondent had financial difficulties that affected its ability to comply;

(2) Whether the imposition of a civil money penalty would jeopardize the ability of the respondent to continue to provide health care or patient safety activities; and

(3) The size of the respondent.

(f) Such other matters as justice may require.

return arrow Back to Top

§3.414   Limitations.

No action under this subpart may be entertained unless commenced by the Secretary, in accordance with §3.420 of this subpart, within 6 years from the date of the occurrence of the violation.

return arrow Back to Top

§3.416   Authority to settle.

Nothing in this subpart limits the authority of the Secretary to settle any issue or case or to compromise any penalty.

return arrow Back to Top

§3.418   Exclusivity of penalty.

(a) Except as otherwise provided by paragraph (b) of this section, a penalty imposed under this part is in addition to any other penalty prescribed by law.

(b) Civil money penalties shall not be imposed both under this part and under the HIPAA Privacy Rule (45 CFR parts 160 and 164).

return arrow Back to Top

§3.420   Notice of proposed determination.

(a) If a penalty is proposed in accordance with this part, the Secretary must deliver, or send by certified mail with return receipt requested, to the respondent, written notice of the Secretary's intent to impose a penalty. This notice of proposed determination must include:

(1) Reference to the statutory basis for the penalty;

(2) A description of the findings of fact regarding the violations with respect to which the penalty is proposed;

(3) The reason(s) why the violation(s) subject(s) the respondent to a penalty;

(4) The amount of the proposed penalty;

(5) Any factors described in §3.408 of this subpart that were considered in determining the amount of the proposed penalty; and

(6) Instructions for responding to the notice, including a statement of the respondent's right to a hearing, a statement that failure to request a hearing within 60 days permits the imposition of the proposed penalty without the right to a hearing under §3.504 of this subpart or a right of appeal under §3.548 of this subpart, and the address to which the hearing request must be sent.

(b) The respondent may request a hearing before an ALJ on the proposed penalty by filing a request in accordance with §3.504 of this subpart.

return arrow Back to Top

§3.422   Failure to request a hearing.

If the respondent does not request a hearing within the time prescribed by §3.504 of this subpart and the matter is not settled pursuant to §3.416 of this subpart, the Secretary may impose the proposed penalty or any lesser penalty permitted by sections 921 through 926 of the Public Health Service Act, 42 U.S.C. 299b-21 through 299b-26. The Secretary will notify the respondent by certified mail, return receipt requested, of any penalty that has been imposed and of the means by which the respondent may satisfy the penalty, and the penalty is final on receipt of the notice. The respondent has no right to appeal a penalty under §3.548 of this subpart with respect to which the respondent has not timely requested a hearing.

return arrow Back to Top

§3.424   Collection of penalty.

(a) Once a determination of the Secretary to impose a penalty has become final, the penalty will be collected by the Secretary, subject to the first sentence of 42 U.S.C. 1320a-7a(f).

(b) The penalty may be recovered in a civil action brought in the United States district court for the district where the respondent resides, is found, or is located.

(c) The amount of a penalty, when finally determined, or the amount agreed upon in compromise, may be deducted from any sum then or later owing by the United States, or by a State agency, to the respondent.

(d) Matters that were raised or that could have been raised in a hearing before an ALJ, or in an appeal under 42 U.S.C. 1320a-7a(e), may not be raised as a defense in a civil action by the United States to collect a penalty under this part.

return arrow Back to Top

§3.426   Notification of the public and other agencies.

Whenever a proposed penalty becomes final, the Secretary will notify, in such manner as the Secretary deems appropriate, the public and the following organizations and entities thereof and the reason it was imposed: The appropriate State or local medical or professional organization, the appropriate State agency or agencies administering or supervising the administration of State health care programs (as defined in 42 U.S.C. 1320a-7(h)), the appropriate utilization and quality control peer review organization, and the appropriate State or local licensing agency or organization (including the agency specified in 42 U.S.C. 1395aa(a), 1396a(a)(33)).

return arrow Back to Top

§3.504   Hearings before an ALJ.

(a) A respondent may request a hearing before an ALJ. The parties to the hearing proceeding consist of—

(1) The respondent; and

(2) The officer(s) or employee(s) of HHS to whom the enforcement authority involved has been delegated.

(b) The request for a hearing must be made in writing signed by the respondent or by the respondent's attorney and sent by certified mail, return receipt requested, to the address specified in the notice of proposed determination. The request for a hearing must be mailed within 60 days after notice of the proposed determination is received by the respondent. For purposes of this section, the respondent's date of receipt of the notice of proposed determination is presumed to be 5 days after the date of the notice unless the respondent makes a reasonable showing to the contrary to the ALJ.

(c) The request for a hearing must clearly and directly admit, deny, or explain each of the findings of fact contained in the notice of proposed determination with regard to which the respondent has any knowledge. If the respondent has no knowledge of a particular finding of fact and so states, the finding shall be deemed denied. The request for a hearing must also state the circumstances or arguments that the respondent alleges constitute the grounds for any defense and the factual and legal basis for opposing the penalty.

(d) The ALJ must dismiss a hearing request where—

(1) On motion of the Secretary, the ALJ determines that the respondent's hearing request is not timely filed as required by paragraph (b) or does not meet the requirements of paragraph (c) of this section;

(2) The respondent withdraws the request for a hearing;

(3) The respondent abandons the request for a hearing; or

(4) The respondent's hearing request fails to raise any issue that may properly be addressed in a hearing.

return arrow Back to Top

§3.506   Rights of the parties.

(a) Except as otherwise limited by this subpart, each party may—

(1) Be accompanied, represented, and advised by an attorney;

(2) Participate in any conference held by the ALJ;

(3) Conduct discovery of documents as permitted by this subpart;

(4) Agree to stipulations of fact or law that will be made part of the record;

(5) Present evidence relevant to the issues at the hearing;

(6) Present and cross-examine witnesses;

(7) Present oral arguments at the hearing as permitted by the ALJ; and

(8) Submit written briefs and proposed findings of fact and conclusions of law after the hearing.

(b) A party may appear in person or by a representative. Natural persons who appear as an attorney or other representative must conform to the standards of conduct and ethics required of practitioners before the courts of the United States.

(c) Fees for any services performed on behalf of a party by an attorney are not subject to the provisions of 42 U.S.C. 406, which authorizes the Secretary to specify or limit their fees.

return arrow Back to Top

§3.508   Authority of the ALJ.

(a) The ALJ must conduct a fair and impartial hearing, avoid delay, maintain order, and ensure that a record of the proceeding is made.

(b) The ALJ may—

(1) Set and change the date, time and place of the hearing upon reasonable notice to the parties;

(2) Continue or recess the hearing in whole or in part for a reasonable period of time;

(3) Hold conferences to identify or simplify the issues, or to consider other matters that may aid in the expeditious disposition of the proceeding;

(4) Administer oaths and affirmations;

(5) Issue subpoenas requiring the attendance of witnesses at hearings and the production of documents at or in relation to hearings;

(6) Rule on motions and other procedural matters;

(7) Regulate the scope and timing of documentary discovery as permitted by this subpart;

(8) Regulate the course of the hearing and the conduct of representatives, parties, and witnesses;

(9) Examine witnesses;

(10) Receive, rule on, exclude, or limit evidence;

(11) Upon motion of a party, take official notice of facts;

(12) Conduct any conference, argument or hearing in person or, upon agreement of the parties, by telephone; and

(13) Upon motion of a party, decide cases, in whole or in part, by summary judgment where there is no disputed issue of material fact. A summary judgment decision constitutes a hearing on the record for the purposes of this subpart.

(c) The ALJ—

(1) May not find invalid or refuse to follow Federal statutes, regulations, or Secretarial delegations of authority and must give deference to published guidance to the extent not inconsistent with statute or regulation;

(2) May not enter an order in the nature of a directed verdict;

(3) May not compel settlement negotiations; or

(4) May not enjoin any act of the Secretary.

return arrow Back to Top

§3.510   Ex parte contacts.

No party or person (except employees of the ALJ's office) may communicate in any way with the ALJ on any matter at issue in a case, unless on notice and opportunity for both parties to participate. This provision does not prohibit a party or person from inquiring about the status of a case or asking routine questions concerning administrative functions or procedures.

return arrow Back to Top

§3.512   Prehearing conferences.

(a) The ALJ must schedule at least one prehearing conference, and may schedule additional prehearing conferences as appropriate, upon reasonable notice, which may not be less than 14 business days, to the parties.

(b) The ALJ may use prehearing conferences to discuss the following—

(1) Simplification of the issues;

(2) The necessity or desirability of amendments to the pleadings, including the need for a more definite statement;

(3) Stipulations and admissions of fact or as to the contents and authenticity of documents;

(4) Whether the parties can agree to submission of the case on a stipulated record;

(5) Whether a party chooses to waive appearance at an oral hearing and to submit only documentary evidence (subject to the objection of the other party) and written argument;

(6) Limitation of the number of witnesses;

(7) Scheduling dates for the exchange of witness lists and of proposed exhibits;

(8) Discovery of documents as permitted by this subpart;

(9) The time and place for the hearing;

(10) The potential for the settlement of the case by the parties; and

(11) Other matters as may tend to encourage the fair, just and expeditious disposition of the proceedings, including the protection of confidentiality of identifiable patient safety work product that may be submitted into evidence or otherwise used in the proceeding, if appropriate.

(c) The ALJ must issue an order containing the matters agreed upon by the parties or ordered by the ALJ at a prehearing conference.

return arrow Back to Top

§3.514   Authority to settle.

The Secretary has exclusive authority to settle any issue or case without the consent of the ALJ.

return arrow Back to Top

§3.516   Discovery.

(a) A party may make a request to another party for production of documents for inspection and copying that are relevant and material to the issues before the ALJ.

(b) For the purpose of this section, the term “documents” includes information, reports, answers, records, accounts, papers and other data and documentary evidence. Nothing contained in this section may be interpreted to require the creation of a document, except that requested data stored in an electronic data storage system must be produced in a form accessible to the requesting party.

(c) Requests for documents, requests for admissions, written interrogatories, depositions and any forms of discovery, other than those permitted under paragraph (a) of this section, are not authorized.

(d) This section may not be construed to require the disclosure of interview reports or statements obtained by any party, or on behalf of any party, of persons who will not be called as witnesses by that party, or analyses and summaries prepared in conjunction with the investigation or litigation of the case, or any otherwise privileged documents.

(e)(1) When a request for production of documents has been received, within 30 days the party receiving that request must either fully respond to the request, or state that the request is being objected to and the reasons for that objection. If objection is made to part of an item or category, the part must be specified. Upon receiving any objections, the party seeking production may then, within 30 days or any other time frame set by the ALJ, file a motion for an order compelling discovery. The party receiving a request for production may also file a motion for protective order any time before the date the production is due.

(2) The ALJ may grant a motion for protective order or deny a motion for an order compelling discovery if the ALJ finds that the discovery sought—

(i) Is irrelevant;

(ii) Is unduly costly or burdensome;

(iii) Will unduly delay the proceeding; or

(iv) Seeks privileged information.

(3) The ALJ may extend any of the time frames set forth in paragraph (e)(1) of this section.

(4) The burden of showing that discovery should be allowed is on the party seeking discovery.

return arrow Back to Top

§3.518   Exchange of witness lists, witness statements, and exhibits.

(a) The parties must exchange witness lists, copies of prior written statements of proposed witnesses, and copies of proposed hearing exhibits, including copies of any written statements that the party intends to offer in lieu of live testimony in accordance with §3.538, not more than 60, and not less than 15, days before the scheduled hearing.

(b)(1) If, at any time, a party objects to the proposed admission of evidence not exchanged in accordance with paragraph (a) of this section, the ALJ must determine whether the failure to comply with paragraph (a) of this section should result in the exclusion of that evidence.

(2) Unless the ALJ finds that extraordinary circumstances justified the failure timely to exchange the information listed under paragraph (a) of this section, the ALJ must exclude from the party's case-in-chief—

(i) The testimony of any witness whose name does not appear on the witness list; and

(ii) Any exhibit not provided to the opposing party as specified in paragraph (a) of this section.

(3) If the ALJ finds that extraordinary circumstances existed, the ALJ must then determine whether the admission of that evidence would cause substantial prejudice to the objecting party.

(i) If the ALJ finds that there is no substantial prejudice, the evidence may be admitted.

(ii) If the ALJ finds that there is substantial prejudice, the ALJ may exclude the evidence, or, if he or she does not exclude the evidence, must postpone the hearing for such time as is necessary for the objecting party to prepare and respond to the evidence, unless the objecting party waives postponement.

(c) Unless the other party objects within a reasonable period of time before the hearing, documents exchanged in accordance with paragraph (a) of this section will be deemed to be authentic for the purpose of admissibility at the hearing.

return arrow Back to Top

§3.520   Subpoenas for attendance at hearing.

(a) A party wishing to procure the appearance and testimony of any person at the hearing may make a motion requesting the ALJ to issue a subpoena if the appearance and testimony are reasonably necessary for the presentation of a party's case.

(b) A subpoena requiring the attendance of a person in accordance with paragraph (a) of this section may also require the person (whether or not the person is a party) to produce relevant and material evidence at or before the hearing.

(c) When a subpoena is served by a respondent on a particular employee or official or particular office of HHS, the Secretary may comply by designating any knowledgeable HHS representative to appear and testify.

(d) A party seeking a subpoena must file a written motion not less than 30 days before the date fixed for the hearing, unless otherwise allowed by the ALJ for good cause shown. That motion must—

(1) Specify any evidence to be produced;

(2) Designate the witnesses; and

(3) Describe the address and location with sufficient particularity to permit those witnesses to be found.

(e) The subpoena must specify the time and place at which the witness is to appear and any evidence the witness is to produce.

(f) Within 15 days after the written motion requesting issuance of a subpoena is served, any party may file an opposition or other response.

(g) If the motion requesting issuance of a subpoena is granted, the party seeking the subpoena must serve it by delivery to the person named, or by certified mail addressed to that person at the person's last dwelling place or principal place of business.

(h) The person to whom the subpoena is directed may file with the ALJ a motion to quash the subpoena within 10 days after service.

(i) The exclusive remedy for contumacy by, or refusal to obey a subpoena duly served upon, any person is specified in 42 U.S.C. 405(e).

return arrow Back to Top

§3.522   Fees.

The party requesting a subpoena must pay the cost of the fees and mileage of any witness subpoenaed in the amounts that would be payable to a witness in a proceeding in United States District Court. A check for witness fees and mileage must accompany the subpoena when served, except that, when a subpoena is issued on behalf of the Secretary, a check for witness fees and mileage need not accompany the subpoena.

return arrow Back to Top

§3.524   Form, filing, and service of papers.

(a) Forms. (1) Unless the ALJ directs the parties to do otherwise, documents filed with the ALJ must include an original and two copies.

(2) Every pleading and paper filed in the proceeding must contain a caption setting forth the title of the action, the case number, and a designation of the paper, such as motion to quash subpoena.

(3) Every pleading and paper must be signed by and must contain the address and telephone number of the party or the person on whose behalf the paper was filed, or his or her representative.

(4) Papers are considered filed when they are mailed.

(b) Service. A party filing a document with the ALJ or the Board must, at the time of filing, serve a copy of the document on the other party. Service upon any party of any document must be made by delivering a copy, or placing a copy of the document in the United States mail, postage prepaid and addressed, or with a private delivery service, to the party's last known address. When a party is represented by an attorney, service must be made upon the attorney in lieu of the party.

(c) Proof of service. A certificate of the natural person serving the document by personal delivery or by mail, setting forth the manner of service, constitutes proof of service.

return arrow Back to Top

§3.526   Computation of time.

(a) In computing any period of time under this subpart or in an order issued thereunder, the time begins with the day following the act, event or default, and includes the last day of the period unless it is a Saturday, Sunday, or legal holiday observed by the Federal Government, in which event it includes the next business day.

(b) When the period of time allowed is less than 7 days, intermediate Saturdays, Sundays, and legal holidays observed by the Federal Government must be excluded from the computation.

(c) Where a document has been served or issued by placing it in the mail, an additional 5 days must be added to the time permitted for any response. This paragraph does not apply to requests for hearing under §3.504.

return arrow Back to Top

§3.528   Motions.

(a) An application to the ALJ for an order or ruling must be by motion. Motions must state the relief sought, the authority relied upon and the facts alleged, and must be filed with the ALJ and served on all other parties.

(b) Except for motions made during a prehearing conference or at the hearing, all motions must be in writing. The ALJ may require that oral motions be reduced to writing.

(c) Within 10 days after a written motion is served, or such other time as may be fixed by the ALJ, any party may file a response to the motion.

(d) The ALJ may not grant a written motion before the time for filing responses has expired, except upon consent of the parties or following a hearing on the motion, but may overrule or deny the motion without awaiting a response.

(e) The ALJ must make a reasonable effort to dispose of all outstanding motions before the beginning of the hearing.

return arrow Back to Top

§3.530   Sanctions.

The ALJ may sanction a person, including any party or attorney, for failing to comply with an order or procedure, for failing to defend an action or for other misconduct that interferes with the speedy, orderly or fair conduct of the hearing. The sanctions must reasonably relate to the severity and nature of the failure or misconduct. The sanctions may include—

(a) In the case of refusal to provide or permit discovery under the terms of this part, drawing negative factual inferences or treating the refusal as an admission by deeming the matter, or certain facts, to be established;

(b) Prohibiting a party from introducing certain evidence or otherwise supporting a particular claim or defense;

(c) Striking pleadings, in whole or in part;

(d) Staying the proceedings;

(e) Dismissal of the action;

(f) Entering a decision by default;

(g) Ordering the party or attorney to pay the attorney's fees and other costs caused by the failure or misconduct; and

(h) Refusing to consider any motion or other action that is not filed in a timely manner.

return arrow Back to Top

§3.532   Collateral estoppel.

When a final determination that the respondent violated a confidentiality provision has been rendered in any proceeding in which the respondent was a party and had an opportunity to be heard, the respondent is bound by that determination in any proceeding under this part.

return arrow Back to Top

§3.534   The hearing.

(a) The ALJ must conduct a hearing on the record in order to determine whether the respondent should be found liable under this part.

(b)(1) The respondent has the burden of going forward and the burden of persuasion with respect to any challenge to the amount of a proposed penalty pursuant to §§3.404 and 3.408, including any factors raised as mitigating factors.

(2) The Secretary has the burden of going forward and the burden of persuasion with respect to all other issues, including issues of liability and the existence of any factors considered as aggravating factors in determining the amount of the proposed penalty.

(3) The burden of persuasion will be judged by a preponderance of the evidence.

(c) The hearing must be open to the public unless otherwise ordered by the ALJ for good cause shown, which may be that identifiable patient safety work product has been introduced into evidence or is expected to be introduced into evidence.

(d)(1) Subject to the 15-day rule under §3.518(a) and the admissibility of evidence under §3.540, either party may introduce, during its case in chief, items or information that arose or became known after the date of the issuance of the notice of proposed determination or the request for hearing, as applicable. Such items and information may not be admitted into evidence, if introduced—

(i) By the Secretary, unless they are material and relevant to the acts or omissions with respect to which the penalty is proposed in the notice of proposed determination pursuant to §3.420 of this part, including circumstances that may increase penalties; or

(ii) By the respondent, unless they are material and relevant to an admission, denial or explanation of a finding of fact in the notice of proposed determination under §3.420 of this part, or to a specific circumstance or argument expressly stated in the request for hearing under §3.504, including circumstances that may reduce penalties.

(2) After both parties have presented their cases, evidence may be admitted in rebuttal even if not previously exchanged in accordance with §3.518.

return arrow Back to Top

§3.538   Witnesses.

(a) Except as provided in paragraph (b) of this section, testimony at the hearing must be given orally by witnesses under oath or affirmation.

(b) At the discretion of the ALJ, testimony of witnesses other than the testimony of expert witnesses may be admitted in the form of a written statement. The ALJ may, at his or her discretion, admit prior sworn testimony of experts that has been subject to adverse examination, such as a deposition or trial testimony. Any such written statement must be provided to the other party, along with the last known address of the witness, in a manner that allows sufficient time for the other party to subpoena the witness for cross-examination at the hearing. Prior written statements of witnesses proposed to testify at the hearing must be exchanged as provided in §3.518.

(c) The ALJ must exercise reasonable control over the mode and order of interrogating witnesses and presenting evidence so as to:

(1) Make the interrogation and presentation effective for the ascertainment of the truth;

(2) Avoid repetition or needless consumption of time; and

(3) Protect witnesses from harassment or undue embarrassment.

(d) The ALJ must permit the parties to conduct cross-examination of witnesses as may be required for a full and true disclosure of the facts.

(e) The ALJ may order witnesses excluded so that they cannot hear the testimony of other witnesses, except that the ALJ may not order to be excluded—

(1) A party who is a natural person;

(2) In the case of a party that is not a natural person, the officer or employee of the party appearing for the entity pro se or designated as the party's representative; or

(3) A natural person whose presence is shown by a party to be essential to the presentation of its case, including a person engaged in assisting the attorney for the Secretary.

return arrow Back to Top

§3.540   Evidence.

(a) The ALJ must determine the admissibility of evidence.

(b) Except as provided in this subpart, the ALJ is not bound by the Federal Rules of Evidence. However, the ALJ may apply the Federal Rules of Evidence where appropriate, for example, to exclude unreliable evidence.

(c) The ALJ must exclude irrelevant or immaterial evidence.

(d) Although relevant, evidence may be excluded if its probative value is substantially outweighed by the danger of unfair prejudice, confusion of the issues, or by considerations of undue delay or needless presentation of cumulative evidence.

(e) Although relevant, evidence must be excluded if it is privileged under Federal law.

(f) Evidence concerning offers of compromise or settlement is inadmissible to the extent provided in Rule 408 of the Federal Rules of Evidence.

(g) Evidence of crimes, wrongs, or acts other than those at issue in the instant case is admissible in order to show motive, opportunity, intent, knowledge, preparation, identity, lack of mistake, or existence of a scheme. This evidence is admissible regardless of whether the crimes, wrongs, or acts occurred during the statute of limitations period applicable to the acts or omissions that constitute the basis for liability in the case and regardless of whether they were referenced in the Secretary's notice of proposed determination under §3.420.

(h) The ALJ must permit the parties to introduce rebuttal witnesses and evidence.

(i) All documents and other evidence offered or taken for the record must be open to examination by both parties, unless otherwise ordered by the ALJ for good cause shown.

return arrow Back to Top

§3.542   The record.

(a) The hearing must be recorded and transcribed. Transcripts may be obtained following the hearing from the ALJ. A party that requests a transcript of hearing proceedings must pay the cost of preparing the transcript unless, for good cause shown by the party, the payment is waived by the ALJ or the Board, as appropriate.

(b) The transcript of the testimony, exhibits, and other evidence admitted at the hearing, and all papers and requests filed in the proceeding constitute the record for decision by the ALJ and the Secretary.

(c) The record may be inspected and copied (upon payment of a reasonable fee) by any person, unless otherwise ordered by the ALJ for good cause shown, which may include the presence in the record of identifiable patient safety work product.

(d) For good cause, which may include the presence in the record of identifiable patient safety work product, the ALJ may order appropriate redactions made to the record.

return arrow Back to Top

§3.544   Post hearing briefs.

The ALJ may require the parties to file post-hearing briefs. In any event, any party may file a post-hearing brief. The ALJ must fix the time for filing the briefs. The time for filing may not exceed 60 days from the date the parties receive the transcript of the hearing or, if applicable, the stipulated record. The briefs may be accompanied by proposed findings of fact and conclusions of law. The ALJ may permit the parties to file reply briefs.

return arrow Back to Top

§3.546   ALJ's decision.

(a) The ALJ must issue a decision, based only on the record, which must contain findings of fact and conclusions of law.

(b) The ALJ may affirm, increase, or reduce the penalties imposed by the Secretary.

(c) The ALJ must issue the decision to both parties within 60 days after the time for submission of post-hearing briefs and reply briefs, if permitted, has expired. If the ALJ fails to meet the deadline contained in this paragraph, he or she must notify the parties of the reason for the delay and set a new deadline.

(d) Unless the decision of the ALJ is timely appealed as provided for in §3.548, the decision of the ALJ will be final and binding on the parties 60 days from the date of service of the ALJ's decision.

return arrow Back to Top

§3.548   Appeal of the ALJ's decision.

(a) Any party may appeal the decision of the ALJ to the Board by filing a notice of appeal with the Board within 30 days of the date of service of the ALJ decision. The Board may extend the initial 30 day period for a period of time not to exceed 30 days if a party files with the Board a request for an extension within the initial 30 day period and shows good cause.

(b) If a party files a timely notice of appeal with the Board, the ALJ must forward the record of the proceeding to the Board.

(c) A notice of appeal must be accompanied by a written brief specifying exceptions to the initial decision and reasons supporting the exceptions. Any party may file a brief in opposition to the exceptions, which may raise any relevant issue not addressed in the exceptions, within 30 days of receiving the notice of appeal and the accompanying brief. The Board may permit the parties to file reply briefs.

(d) There is no right to appear personally before the Board or to appeal to the Board any interlocutory ruling by the ALJ.

(e) The Board may not consider any issue not raised in the parties' briefs, nor any issue in the briefs that could have been raised before the ALJ but was not.

(f) If any party demonstrates to the satisfaction of the Board that additional evidence not presented at such hearing is relevant and material and that there were reasonable grounds for the failure to adduce such evidence at the hearing, the Board may remand the matter to the ALJ for consideration of such additional evidence.

(g) The Board may decline to review the case, or may affirm, increase, reduce, reverse or remand any penalty determined by the ALJ.

(h) The standard of review on a disputed issue of fact is whether the initial decision of the ALJ is supported by substantial evidence on the whole record. The standard of review on a disputed issue of law is whether the decision is erroneous.

(i) Within 60 days after the time for submission of briefs and reply briefs, if permitted, has expired, the Board must serve on each party to the appeal a copy of the Board's decision and a statement describing the right of any respondent who is penalized to seek judicial review.

(j)(1) The Board's decision under paragraph (i) of this section, including a decision to decline review of the initial decision, becomes the final decision of the Secretary 60 days after the date of service of the Board's decision, except with respect to a decision to remand to the ALJ or if reconsideration is requested under this paragraph.

(2) The Board will reconsider its decision only if it determines that the decision contains a clear error of fact or error of law. New evidence will not be a basis for reconsideration unless the party demonstrates that the evidence is newly discovered and was not previously available.

(3) A party may file a motion for reconsideration with the Board before the date the decision becomes final under paragraph (j)(1) of this section. A motion for reconsideration must be accompanied by a written brief specifying any alleged error of fact or law and, if the party is relying on additional evidence, explaining why the evidence was not previously available. Any party may file a brief in opposition within 15 days of receiving the motion for reconsideration and the accompanying brief unless this time limit is extended by the Board for good cause shown. Reply briefs are not permitted.

(4) The Board must rule on the motion for reconsideration not later than 30 days from the date the opposition brief is due. If the Board denies the motion, the decision issued under paragraph (i) of this section becomes the final decision of the Secretary on the date of service of the ruling. If the Board grants the motion, the Board will issue a reconsidered decision, after such procedures as the Board determines necessary to address the effect of any error. The Board's decision on reconsideration becomes the final decision of the Secretary on the date of service of the decision, except with respect to a decision to remand to the ALJ.

(5) If service of a ruling or decision issued under this section is by mail, the date of service will be deemed to be 5 days from the date of mailing.

(k)(1) A respondent's petition for judicial review must be filed within 60 days of the date on which the decision of the Board becomes the final decision of the Secretary under paragraph (j) of this section.

(2) In compliance with 28 U.S.C. 2112(a), a copy of any petition for judicial review filed in any U.S. Court of Appeals challenging the final decision of the Secretary must be sent by certified mail, return receipt requested, to the General Counsel of HHS. The petition copy must be a copy showing that it has been time-stamped by the clerk of the court when the original was filed with the court.

(3) If the General Counsel of HHS received two or more petitions within 10 days after the final decision of the Secretary, the General Counsel will notify the U.S. Judicial Panel on Multidistrict Litigation of any petitions that were received within the 10 day period.

return arrow Back to Top

§3.550   Stay of the Secretary's decision.

(a) Pending judicial review, the respondent may file a request for stay of the effective date of any penalty with the ALJ. The request must be accompanied by a copy of the notice of appeal filed with the Federal court. The filing of the request automatically stays the effective date of the penalty until such time as the ALJ rules upon the request.

(b) The ALJ may not grant a respondent's request for stay of any penalty unless the respondent posts a bond or provides other adequate security.

(c) The ALJ must rule upon a respondent's request for stay within 10 days of receipt.

return arrow Back to Top

§3.552   Harmless error.

No error in either the admission or the exclusion of evidence, and no error or defect in any ruling or order or in any act done or omitted by the ALJ or by any of the parties is ground for vacating, modifying or otherwise disturbing an otherwise appropriate ruling or order or act, unless refusal to take such action appears to the ALJ or the Board inconsistent with substantial justice. The ALJ and the Board at every stage of the proceeding must disregard any error or defect in the proceeding that does not affect the substantial rights of the parties.

return arrow Back to Top

Need assistance?