Regulatory Impact Analysis
AHRQ has previously analyzed the potential economic impact of this rule as part of its February 2008 Notice of Proposed Rulemaking (proposed rule) as required by Executive Order 12866 (September 1993, Regulatory Planning and Review), the Regulatory Flexibility Act (RFA) (September 16, 1980, Pub. L.
96–354), section 1102(b) of the Social Security Act, the Unfunded Mandates Reform Act of 1995 (Pub. L. 104–4), and Executive Order 13132. This analysis can be found on pages 8164 to 8171 of the proposed rule, which was published in the Federal Register on February 12, 2008.
Executive Order 12866 (as amended by Executive Order 13258, February 2002, and Executive Order 13422, January 2007), directs agencies to assess all costs and benefits of available regulatory alternatives and, if regulation is necessary, to select regulatory approaches that maximize net benefits (including potential economic,
environmental, public health and safety effects, distributive impacts, and equity). A regulatory impact analysis (RIA) must be prepared for major rules with economically significant effects ($100 million or more in any 1 year).
Although we cannot determine the specific economic impact of this final rule, we believe that the economic impact may approach $100 million.
HHS has determined that the rule is
‘‘significant’’ because it raises novel legal and policy issues with the establishment of a new regulatory framework, authorized by the Patient Safety Act, and imposes requirements, albeit voluntary, on entities that had not been subject to regulation in this area.
In preparing the regulatory impact analysis for inclusion in the proposed rule, AHRQ did not develop an alternative to the statutorily authorized voluntary framework. In light of the approach taken in the proposed rule, alternatives would have been mandatory or more proscriptive as well as
inconsistent with statutory intent. The proposed rule established a system in which entities would voluntarily seek designation (or ‘‘listing’’) by the Secretary as a Patient Safety Organization (PSO), most PSO requirements would be met by attestation and overall compliance assessed by spot-checks rather than document submission or routine audits, and the Department would look to the marketplace to assess the quality and value of each PSO. PSOs will not be Federally funded nor directed; their funding and activities will be determined by health care providers who seek their expert assistance in
identifying the underlying causes of, and the best strategies for reducing or eliminating, medical errors. The proposed rule provided a foundation of confidentiality and privilege protections for information developed and
exchanged when health care providers voluntarily choose to work with a PSO.
We proposed that health care providers could receive the confidentiality and privilege protections of the statute by reporting information to a PSO
occasionally, without entering contracts or incurring significant costs. Other health care providers could develop more costly internal systems that would serve as the hub of the provider’s interactions with a PSO with which the provider had a contractual relationship;
such structured, documented internal systems with dedicated personnel would be more costly. To create an
‘‘upper bound’’ on the analyses in the proposed rule, we assumed that all providers that would choose to work with PSOs would follow this more costly approach. It should be noted that most hospital providers already have patient safety reporting activities in place (98% according to a 2006 AHRQ survey). While documenting these activities and, it is hoped, expanding them through participation with a PSO will result in increased costs, that increase will be marginal, not complete, in the hospital community.
A summary of the AHRQ analysis of costs and benefits of Patient Safety Act costs and benefits from the proposed rule follows below. For a full discussion of the assumptions underlying these estimates, please refer to the proposed rule.
TABLE3—TOTAL PATIENTSAFETYACTCOSTSINCLUDINGHOSPITALCOSTS ANDPSO COSTS: 2009–2013
Year
2009 2010 2011 2012 2013 Hospital Penetration Rate ... 10% 40% 60% 75% 85%
Hospital Cost ... $7.5 M $30.0 M $45.0 M $56.2 M $63.7 M PSO Cost ... $61.4 M $92.1 M $122.8 M $122.8 M $122.8 M Total cost ... $68.9 M $122.1 M $167.8 M $179.0 M $186.5 M Source: Notice of Proposed Rulemaking published in the Federal Register on February 12, 2008: 73 FR 8112–8183.
Costs for PSO implementation were calculated by considering two
components: Costs incurred by hospitals in engaging in PSO activities and costs of PSOs themselves. It was assumed that in early years of PSO operation, the hospital would be the primary site of PSO-related activity. Hospital costs were assumed to be incremental, given that a previously-completed survey funded by AHRQ revealed that 98% of
U.S. hospitals already have adverse event reporting systems, and virtually all hospitals have a safety/quality function. We assumed that PSOs would be staffed modestly, relying on existing hospital activities in reporting adverse events, and that a significant proportion of PSOs are likely to be component PSOs, with support and expertise provided by a parent organization. Our assumptions were that PSOs will hire
dedicated staff of 1.5 to 4 FTEs, assuming an average salary rate of $67/
hour. We also estimated that a significant overhead figure of 100%, coupled with 20% for General and Administrative (G&A) expenses, will cover the appreciable costs anticipated for legal, security, travel, and
miscellaneous PSO expenses.
Provider—PSO Costs and Charges We have not figured into our
calculations any estimates for the price of PSO services, amounts paid by
hospitals and other health care providers to PSOs, PSO revenues, or PSO break-even analyses. We have not speculated about subsidies or business models. Regardless of what the costs
and charges are between providers and PSOs, they will cancel each other out, as expenses to providers will become revenue to PSOs.
TABLE4—TOTAL ESTIMATEDCOSTSAVINGS BYPERCENTREDUCTION INADVERSEEVENTS: 2009–2013 *
Year
2009 2010 2011 2012 2013 Hospital Penetration Rate ... 10% 40% 60% 75% 85%
Percent Reduction in Adverse Events ... 1% 1.5% 2% 2.5% 3%
Savings ... $11.5 M $69 M $138 M $215.625 M $293.25 M
* Source: Baseline figures from IOM Report, To Err Is Human, on total national health care costs associated with preventable adverse events (between 8.5 billion and 14.5 billion). Year 1 estimates are based on mid-point figures.
TABLE5—NETBENEFITS: 2009–2013
Year
2009 2010 2011 2012 2013 Total Benefits ... $11.5 M $69 M $138 M $215.625 M $293.25 M Total Costs ... $68.9 M $122.1 M $167.8 M $179.0 M $186.5 M Net Benefits ... ($57.4) M ($53.1) M ($29.8) M $36.625 M $106.75 M Discounted net present value at 3% ... ($55.7) M ($50.0) M ($27.3) M $32.5 M $92.1 M Discounted net present value at 7% ... ($53.6) M ($46.4) M ($24.3) M $27.9 M $76.1 M
The final rule includes several modifications that could alter the actual economic impact of the Patient Safety Act, but AHRQ concludes that these changes will not exceed the ‘‘upper bound’’ established in our previous analysis, and we anticipate that the actual economic impact may be less.
Several changes incorporated in the final rule are likely to lower the costs of implementation. For example, the final rule has removed a requirement that PSOs that are components of other existing organizations must maintain separate information systems and, for all but a small category of component PSOs, we have removed restrictions on the use of shared staff. As we noted in our economic analysis, we expect the most common type of PSO to be ones that are established by one or more existing organizations. As commenters pointed out, personnel costs are likely to be the most significant cost facing a PSO, and the ability to share personnel means that skilled personnel are available at significantly less cost, and in some cases at no cost, than the PSO would pay to hire or externally contract for personnel. Similarly, the costs and administrative burdens associated with the development and maintenance were a major focus of commenters. These two changes are likely to have the greatest impact on reducing costs for PSOs.
There are two changes in the final rule that might increase costs slightly but selectively. The final rule parallels a HIPAA Privacy Rule requirement that
business associates of covered entities must notify the covered entity if any of its protected health information has been inappropriately disclosed or its security breached. The final rule requires PSOs to notify the providers that submitted patient safety work product to the PSO if the work product it submitted has been disclosed or its security breached. As we noted in the proposed rule, the vast majority of providers reporting data will be covered entities under HIPAA and will need to include such notification requirements in the business associate agreements they will enter with PSOs. In addition, the HIPAA requirement is likely to apply in many disclosure or security breach situations because most work product is expected to contain protected health information. Nevertheless, this requirement may increase costs to the extent that PSOs receive work product from non-covered entities, although these potential increased costs will be dependent upon the vigilance with which the providers and PSOs meet their confidentiality and security requirements.
With respect to health care providers, the final rule does not impose
requirements. The final rule does afford increased flexibility and protections to providers that voluntarily choose to both establish and document a more structured process for working with a PSO, i.e., what the rule terms a patient safety evaluation system, and document the flow of information into and out of
the patient safety evaluation system. For providers who choose this option, the information they assemble and develop within their patient safety evaluation system will be accorded privilege and confidentiality, contingent upon the information ultimately being reported to a PSO, from the outset. To the extent that this encourages providers, who would not otherwise have done so, to establish a structured, documented patient safety evaluation system, there would be an increase in costs. As noted above, this should not significantly affect our previous analysis since we assumed all providers working with a PSO would have established a documented patient safety evaluation system.
Taking advantage of this option will also enable health care providers with integrated health information
technology systems to avoid the requirement in the proposed rule that they maintain the assembly and development of patient safety work product separately from their routine data collection activities, which would have required a number of providers to establish dual information systems.
While we expect that the costs of developing dual information collection systems would exceed the costs of developing and maintaining a structured, documented patient safety evaluation system, we do not estimate any savings because we cannot be clear how many providers would have incurred the dual health information
technology systems costs or would have simply chosen to forego participation.
After considering the impact of the increased flexibility in the final rule for PSOs and health care providers, we now expect the implementation costs will be lower than those in our previous analysis.
Final Regulatory Flexibility Analysis Since formation of a PSO is voluntary, formation is not likely to occur unless the organization believes it is an economically viable endeavor.
Furthermore, PSOs are not likely to undertake tasks that will provide insufficient payment to cover their costs. Therefore, the Secretary certifies that the regulation will not impose a significant economic burden on a substantial number of small entities.
Unfunded Mandates Reform Act Section 202 of the Unfunded Mandates Reform Act requires that a covered agency prepare a budgetary impact statement before promulgating a rule that includes any Federal mandate that may result in the expenditure by State, local, and Tribal governments, in the aggregate, or by the private sector, of
$100 million or more in any one year.
The Department has determined that this final rule will not impose a mandate that will result in the
expenditure by State, Local, and Tribal governments, in the aggregate, or by the private sector, of more than $100 million in any one year.
Paperwork Reduction Act
This final rule adding a new Part 3 to volume 42 of the Code of Federal Regulations contains information collection requirements. This summary includes the estimated costs and assumptions for the paperwork requirements related to the final rule.
With respect to § 3.102 concerning the submission of certifications for initial and continued listing as a PSO, and of updated information, all such
information would be submitted on the
‘‘Patient Safety Organization:
Certification for Initial Listing’’ form. To maintain its listing, a PSO must also submit a brief attestation, once every 24- month period after its initial date of listing, submitted on the ‘‘Attestation Regarding the Two Bona Fide Contracts Requirement’’ form, stating that it has entered contracts with two providers.
We estimate that the final rule will create an average burden of 30 minutes annually for each entity that seeks to become a PSO to complete the necessary certification forms. Table 1 summarizes burden hours.
TABLE1—TOTALBURDENHOURS
RELATED TOCERTIFICATIONFORMS [Summary of all burden hours, by provision,
for PSOs]
Provision Annualized
burden hours 3.112 ... 30 minutes.
Under 5 CFR 1320.3(c), a covered collection of information includes the requirement by an agency of a disclosure of information to third parties by means of identical reporting, recordkeeping, or disclosure
requirements, imposed on ten or more persons. The final rule reflects the previously established reporting requirements for breach of
confidentiality applicable to business associates under HIPAA regulations requiring contracts to contain a provision requiring the business
associate (in this case, the PSO) to notify providers of breaches of their
identifiable patient data’s
confidentiality or security. Accordingly, this reporting requirement referenced in the regulation previously met
Paperwork Reduction Act review requirements.
The final rule requires in § 3.108(c) that a PSO notify the Secretary if it intends to relinquish voluntarily its status as a PSO. The entity is required to notify the Secretary that it has, or will soon, alert providers and other
organizations from which it has received patient safety work product or data of its intention and provide for the appropriate disposition of the data in consultation with each source of patient safety work product or data held by the entity. In addition, the entity is asked to provide the Secretary with current contact information for further communication from the Secretary as the entity ceases operations. The reporting aspect of this requirement is essentially an attestation that is equivalent to the requirements for listing, continued listing, and meeting the minimum contracts requirement.
This minimal data requirement would come within 5 CFR 1320.3(h)(1) which provides an exception from PRA requirements for affirmations, certifications, or acknowledgments as long as they entail no burden other than that necessary to identify the
respondent, the date, the respondent’s address, and the nature of the
instrument. In this case, the nature of the instrument is an attestation that the PSO is working with its providers for the orderly cessation of activities. The following other collections of
information that are required by the
final regulation under § 3.108 are also exempt from PRA requirements pursuant to an exception in 5 CFR 1320.4 for information gathered as part of administrative investigations and actions regarding specific parties:
information supplied in response to preliminary agency determinations of PSO deficiencies or in response to proposed revocation and delisting, e.g., information providing the agency with correct facts, reporting corrective actions taken, or appealing proposed agency revocation decisions.
AHRQ and OCR published in the Federal Register their proposed information collection forms on February 20, 2008. Following the first, 60-day comment period, the forms were again published in the Federal Register on April 21, 2008, to begin the second, 30-day comment period. The forms were not changed following the first comment period, and they and the one comment received were sent to OMB, which received them on April 25, 2008. Minor changes to the proposed forms will be necessary to align them with the final rule. AHRQ and OCR will work with OMB to ensure that the forms needed to implement the Patient Safety Act conform to the requirements of the final rule.
Federalism
Executive Order 13132 establishes certain requirements that an agency must meet when it promulgates a final rule that imposes substantial direct requirement costs on state and local governments, preempts State law, or otherwise has Federalism implications.
The Patient Safety Act upon which the final regulation is based makes patient safety work product confidential and privileged. To the extent this is inconsistent with any state law, including court decisions, the Federal statute preempts such state law or court order. The final rule will not have any greater preemptive effect on state or local governments than that imposed by the statute. While the Patient Safety Act does establish new Federal
confidentiality and privilege protections for certain information, these
protections only apply when health care providers work with PSOs and new processes, such as patient safety evaluation systems, that do not currently exist. These Federal data protections provide a mechanism for protection of sensitive information that could improve the quality, safety, and outcomes of health care by fostering a non-threatening environment in which information about adverse medical events and near misses can be
discussed. It is hoped that confidential
analysis of patient safety events will reduce the occurrence of adverse medical events and, thereby, reduce the costs arising from such events,
including costs incurred by state and local governments attributable to such events. In addition, the Patient Safety Act and the final rule do not relieve health care providers of their responsibilities to comply with state reporting requirements.
AHRQ, in conjunction with OCR, held three public listening sessions prior to drafting the proposed rule.
Representatives of several states participated in these sessions. In particular, states that had begun to collect and analyze patient safety event information spoke about their related experiences and plans. Following publication of the proposed rule, AHRQ consulted with state officials and organizations to review the scope of the proposed rule and to specifically seek input on federalism issues and a proposal in the rule at proposed
§ 3.102(a)(2) that would limit the ability
of public or private sector regulatory entities to seek listing as a PSO. AHRQ received no expressions of concerns regarding the Federalism aspects of the proposed rule although several State health departments and commissions submitted written comments regarding the PSO eligibility criteria in the proposed rule.
OMB Accounting Statement The table below summarizes the estimated costs and benefits of implementing the Patient Safety and Quality Improvement Act for the next five years, beginning with January 1, 2009, by which time it is expected that the rule will be effective.
The figures in the table are derived from the regulatory impact analyses outlined above and, more completely, in the February 12, 2008 NPRM published in the Federal Register, on pages 8164 to 8171. As in the previous analyses, the range of benefits derives directly from the range of potentially-avoidable incidents cited (estimated) in IOM
Report, To Err Is Human. The range of costs is the same as was included in the NPRM, where minimum and maximum estimates were calculated as 10% above and 10% below the Agency’s primary estimate of costs.
All figures are calculated at two discount rates, 7% and 3%, and dollars are held constant at the 2008 level. The discount rates, 3% or 7%, represent two rates of return that might be expected from government investments. The purpose is to project the expected future costs and benefits in today’s dollars.
(Future dollars will be worth less than today’s dollars, barring appropriate investments.) Figures are annualized, that is average-per-year over the five years. The discount rates, 3% or 7%, represent two rates of return that might be expected from government
investments. The purpose is to project the expected future costs and benefits in
investments. The purpose is to project the expected future costs and benefits in