(a) Eligibility and process for initial and continued listing—(1) Submission of certification. Any entity, except as specified in paragraph (a)(2) of this section, may request from the Secretary an initial or continued listing as a PSO by submitting a completed certification form that meets the requirements of this section, in accordance with § 3.112. An individual with authority to make commitments on behalf of the entity seeking listing will be required to submit contact information for the entity and:

(i) Attest that the entity is not subject to any exclusion in paragraph (a)(2) of this section;

(ii) Provide certifications that the entity meets each requirement for PSOs in paragraph (b) of this section;

(iii) If the entity is a component of another organization, provide the additional certifications that the entity meets the requirements of paragraph (c)(1)(i) of this section;

(iv) If the entity is a component of an excluded entity described in paragraph (a)(2)(ii), provide the additional certifications and information required by paragraph (c)(1)(ii) of this section;

(v) Attest that the entity has disclosed if the Secretary has ever delisted this entity (under its current name or any other) or refused to list the entity or whether any of its officials or senior managers held comparable positions of responsibility in an entity that was denied listing or delisted and, if any of these circumstances apply, submit with its certifications and related disclosures, the name of the entity or entities that the Secretary declined to list or delisted;

(vi) Attest that the PSO will promptly notify the Secretary during its period of listing if it can no longer comply with any of its attestations and the applicable requirements in §§ 3.102(b) and 3.102(c) or if there have been any changes in the accuracy of the information submitted for listing, along with the pertinent changes; and

(vii) Provide other information that the Secretary determines to be necessary to make the requested listing determination.

(2) Exclusion of certain entities. The following types of entities may not seek listing as a PSO:

(i) A health insurance issuer; a unit or division of a health insurance issuer; or an entity that is owned, managed, or controlled by a health insurance issuer;

(ii)(A) An entity that accredits or licenses health care providers;

(B) An entity that oversees or enforces statutory or regulatory requirements governing the delivery of health care services;

(C) An agent of an entity that oversees or enforces statutory or regulatory requirements governing the delivery of health care services; or

(D) An entity that operates a Federal, state, local or Tribal patient safety reporting system to which health care providers (other than members of the entity's workforce or health care providers holding privileges with the entity) are required to report information by law or regulation.

(iii) A component of an entity listed in paragraph (a)(2)(ii) may seek listing as a component PSO subject to the requirements and restrictions of paragraph (c)(1)(ii) of this section.

(3) Submission of certification for continued listing. To facilitate a timely Secretarial determination regarding acceptance of its certification for continued listing, a PSO must submit the required certification no later than 75 days before the expiration of a PSO's three-year period of listing.

(b) Fifteen general PSO certification requirements. The certifications submitted to the Secretary in accordance with paragraph (a)(1)(ii) of this section must conform to the following 15 requirements:

(1) Required certification regarding eight patient safety activities—(i) Initial listing. An entity seeking initial listing as a PSO must certify that it has written policies and procedures in place to perform each of the eight patient safety activities, defined in § 3.20. With respect to paragraphs (5) and (6) in the definition of patient safety activities regarding confidentiality and security, the policies and procedures must include and provide for:

(A) Compliance with the confidentiality provisions of subpart C of this part and with appropriate security measures as required by § 3.106 of this subpart.

(B) Notification of each provider that submitted patient safety work product or data as described in § 3.108(b)(2) to the entity if the submitted work product or data was subject to an unauthorized disclosure or its security was breached.

(ii) Continued Listing. A PSO seeking continued listing must certify that it is performing, and will continue to perform, each of the patient safety activities defined in § 3.20, and is and will continue to comply with the requirements of paragraphs (b)(1)(i)(A) and (B) of this section.

(2) Required certification regarding seven PSO criteria—(i) Initial Listing. In its initial certification submission, an entity must also certify that, if listed as a PSO, it will comply with the seven requirements in paragraphs (b)(2)(i)(A) through (G) of this section.

(A) The mission and primary activity of the PSO must be to conduct activities that are to improve patient safety and the quality of health care delivery.

(B) The PSO must have appropriately qualified workforce members, including licensed or certified medical professionals.

(C) The PSO, within the 24-month period that begins on the date of its initial listing as a PSO, and within each sequential 24-month period thereafter, must have 2 bona fide contracts, each of a reasonable period of time, each with a different provider for the purpose of receiving and reviewing patient safety work product.

(D) The PSO is not a health insurance issuer, and is not a component of a health insurance issuer.

(E) The PSO must make disclosures to the Secretary as required under § 3.102(d), in accordance with § 3.112 of this subpart.

(F) To the extent practical and appropriate, the PSO must collect patient safety work product from providers in a standardized manner that permits valid comparisons of similar cases among similar providers.

(G) The PSO must utilize patient safety work product for the purpose of providing direct feedback and assistance to providers to effectively minimize patient risk.

(ii) Continued Listing. A PSO seeking continued listing must certify that it is complying with, and will continue to comply with, the requirements of paragraphs (b)(2)(i)(A) through (G) of this section.

(iii) Compliance with the criterion for collecting patient safety work product in a standardized manner to the extent practical and appropriate. With respect to paragraph (b)(2)(i)(F) of this section, the Secretary will assess compliance by a PSO in the following manner.

(A) A PSO seeking continued listing must:

(1) Certify that the PSO is using the Secretary's published guidance for common formats and definitions in its collection of patient safety work product (option (I));

(2) Certify that the PSO is using an alternative system of formats and definitions that permits valid comparisons of similar cases among similar providers (option (II)); or

(3) Provide a clear explanation for why it is not practical or appropriate for the PSO to comply with options (I) or (II) at this time.

(B) The Secretary will consider a PSO to be in compliance if the entity complies with option (I), satisfactorily demonstrates that option (II) permits valid comparisons of similar cases among similar providers, or satisfactorily demonstrates that it is not practical or appropriate for the PSO to comply with options (I) or (II) at this time.

(c) Additional certifications required of component organizations—(1) Requirements when seeking listing—(i) Requirements that all component organizations must meet. In addition to meeting the 15 general PSO certification requirements of paragraph (b) of this section, an entity seeking initial listing that is a component of another organization must certify that it will comply with the requirements of paragraph (c)(2) of this section. A component PSO seeking continued listing must certify that it is complying with, and will continue to comply with, the requirements of this same paragraph (c)(2). At initial and continued listing, a component entity must attach to its certifications for listing contact information for its parent organization(s).

(ii) Additional requirements and limitations applicable to components of entities that are excluded from listing. In addition to the requirements under paragraph (c)(1)(i) of this section, a component of an organization excluded from listing under paragraph (a)(2)(ii) of this section must submit the additional certifications and specified information for initial and continued listing and comply with paragraph (c)(4) of this section.

(2) Required component certifications—(i) Separation of patient safety work product. A component PSO must maintain patient safety work product separately from the rest of the parent organization(s) of which it is a part, and establish appropriate security measures to maintain the confidentiality of patient safety work product. The information system in which the component PSO maintains patient safety work product must not permit unauthorized access by one or more individuals in, or by units of, the rest of the parent organization(s) of which it is a part.

(ii) Nondisclosure of patient safety work product. A component PSO must require that members of its workforce and any other contractor staff not make unauthorized disclosures of patient safety work product to the rest of the parent organization(s) of which it is a part.

(iii) No conflict of interest. The pursuit of the mission of a component PSO must not create a conflict of interest with the rest of the parent organization(s) of which it is a part.

(3) Written agreements for assisting a component PSO in the conduct of patient safety activities. Notwithstanding the requirements of paragraph (c)(2) of this section, a component PSO may provide access to identifiable patient safety work product to one or more individuals in, or to one or more units of, the rest of the parent organization(s) of which it is a part, if the component PSO enters into a written agreement with such individuals or units which requires that:

(i) The component PSO will only provide access to identifiable patient safety work product to enable such individuals or units to assist the component PSO in its conduct of patient safety activities, and

(ii) Such individuals or units that receive access to identifiable patient safety work product pursuant to such written agreement will only use or disclose such information as specified by the component PSO to assist the component PSO in its conduct of patient safety activities, will take appropriate security measures to prevent unauthorized disclosures and will comply with the other certifications the component has made pursuant to paragraph (c)(2) of this section regarding unauthorized disclosures and conducting the mission of the PSO without creating conflicts of interest.

(4) Required attestations, information and operational limitations for components of entities excluded from listing. A component organization of an entity that is subject to the restrictions of paragraph (a)(2)(ii) of this section must:

(i) Submit the following information with its certifications for listing:

(A) A statement describing its parent organization's role, and the scope of the parent organization's authority, with respect to any of the following that apply: Accreditation or licensure of health care providers, oversight or enforcement of statutory or regulatory requirements governing the delivery of health care services, serving as an agent of such a regulatory oversight or enforcement authority, or administering a public mandatory patient safety reporting system;

(B) An attestation that the parent organization has no policies or procedures that would require or induce providers to report patient safety work product to their component organization once listed as a PSO and that the component PSO will notify the Secretary within 5 calendar days of the date on which the component organization has knowledge of the adoption by the parent organization of such policies or procedures, and an acknowledgment that the adoption of such policies or procedures by the parent organization during the component PSO's period of listing will result in the Secretary initiating an expedited revocation process in accordance with § 3.108(e); and

(C) An attestation that the component organization will prominently post notification on its Web site and publish in any promotional materials for dissemination to providers, a summary of the information that is required by paragraph (c)(4)(i)(A) of this section.

(ii) Comply with the following requirements during its period of listing:

(A) The component organization may not share staff with its parent organization(s).

(B) The component organization may enter into a written agreement pursuant to paragraph (c)(3) but such agreements are limited to units or individuals of the parent organization(s) whose responsibilities do not involve the activities specified in the restrictions in paragraph (a)(2)(ii) of this section.

(d) Required notifications. Upon listing, PSOs must meet the following notification requirements:

(1) Notification regarding PSO compliance with the minimum contract requirement. No later than 45 calendar days prior to the last day of the pertinent 24-month assessment period, specified in paragraph (b)(2)(iii)(C) of this section, the Secretary must receive from a PSO a certification that states whether it has met the requirement of that paragraph regarding two bona fide contracts, submitted in accordance with § 3.112 of this subpart.

(2) Notification regarding a PSO's relationships with its contracting providers—(i) Requirement. A PSO must file a disclosure statement regarding a provider with which it has a contract that provides the confidentiality and privilege protections of the Patient Safety Act (hereinafter referred to as a Patient Safety Act contract) if the PSO has any other relationships with this provider that are described in paragraphs (d)(2)(i)(A) through (D) of this section. The PSO must disclose all such relationships. A disclosure statement is not required if all of its other relationships with the provider are limited to Patient Safety Act contracts.

(A) The provider and PSO have current contractual relationships, other than those arising from any Patient Safety Act contracts, including formal contracts or agreements that impose obligations on the PSO.

(B) The provider and PSO have current financial relationships other than those arising from any Patient Safety Act contracts. A financial relationship may include any direct or indirect ownership or investment relationship between the PSO and the contracting provider, shared or common financial interests or direct or indirect compensation arrangements whether in cash or in-kind.

(C) The PSO and provider have current reporting relationships other than those arising from any Patient Safety Act contracts, by which the provider has access to information regarding the work and operation of the PSO that is not available to other contracting providers.

(D) Taking into account all relationships that the PSO has with the provider, the PSO is not independently managed or controlled, or the PSO does not operate independently from, the contracting provider.

(ii) Content. A PSO must submit to the Secretary the required attestation form for disclosures with the information specified below in accordance with § 3.112 and this section. The substantive information that must be included with each submission has two required parts:

(A) The Required Disclosures. The first part of the substantive information must provide a succinct list of obligations between the PSO and the contracting provider apart from their Patient Safety Act contract(s) that create, or contain, any of the types of relationships that must be disclosed based upon the requirements of paragraphs (d)(2)(i)(A) through (D) of this section. Each reportable obligation or discrete set of obligations that the PSO has with this contracting provider should be listed only once; noting the specific aspects of the obligation(s) that reflect contractual or financial relationships, involve access to information that is not available to other providers, or affect the independence of PSO operations, management, or control.

(B) An Explanatory Narrative. The second required part of the substantive information must provide a brief explanatory narrative succinctly describing: The policies and procedures that the PSO has in place to ensure adherence to objectivity and professionally recognized analytic standards in the assessments it undertakes; and any other policies or procedures, or agreements with this provider, that the PSO has in place to ensure that it can fairly and accurately perform patient safety activities.

(iii) Deadlines for submission. The Secretary must receive a disclosure statement within 45 days of the date on which a PSO enters a contract with a provider if the circumstances described in any of the paragraphs (d)(2)(i)(A) through (D) of this section are met on the date the contract is entered. During the contract period, if these circumstances subsequently arise, the Secretary must receive a disclosure statement from the PSO within 45 days of the date that any disclosure requirement in paragraph (d)(2)(i) of this section first applies.

(a) Actions in response to certification submissions for initial and continued listing as a PSO. (1) In response to an initial or continued certification submission by an entity, pursuant to the requirements of § 3.102 of this subpart, the Secretary may—

(i) Accept the certification submission and list the entity as a PSO, or maintain the listing of a PSO, if the Secretary determines that the entity meets the applicable requirements of the Patient Safety Act and this subpart;

(ii) Deny acceptance of a certification submission and, in the case of a currently listed PSO, remove the entity from the list if the entity does not meet the applicable requirements of the Patient Safety Act and this subpart; or

(iii) Condition the listing of an entity or the continued listing of a PSO, following a determination made pursuant to paragraph (c) of this section or a determination after review of the pertinent history of an entity that has been delisted or refused listing and its officials and senior managers.

(2) Basis for determination. In making a determination regarding listing, the Secretary will consider the certification submission; any prior actions by the Secretary regarding the entity or PSO including delisting; any history of or current non-compliance by the entity or the PSO or its officials or senior managers with statutory or regulatory requirements or requests from the Secretary; the relationships of the entity or PSO with providers; and any findings made by the Secretary in accordance with paragraph (c) of this section.

(3) Notification. The Secretary will notify in writing each entity of action taken on its certification submission for initial or continued listing. The Secretary will provide reasons when an entity's certification is conditionally accepted and the entity is conditionally listed, when an entity's certification is not accepted and the entity is not listed, or when acceptance of its certification is revoked and the entity is delisted.

(b) Actions regarding PSO compliance with the minimum contract requirement. After the date on which the Secretary, under § 3.102(d)(1) of this subpart, must receive notification regarding compliance of a PSO with the minimum contract requirement—

(1) If the PSO has met the minimum contract requirement, the Secretary will acknowledge in writing receipt of the notification and add information to the list established pursuant to paragraph (d) of this section stating that the PSO has certified that it has met the requirement.

(2) If the PSO states that it has not yet met the minimum contract requirement by the date specified in § 3.102(d)(1), or if notice is not received by that date, the Secretary will issue to the PSO a notice of a preliminary finding of deficiency as specified in § 3.108(a)(2) and establish a period for correction that extends until midnight of the last day of the PSO's applicable 24-month period of assessment. Thereafter, if the requirement has not been met, the Secretary will provide the PSO a written notice of proposed revocation and delisting in accordance with § 3.108(a)(3).

(c) Actions regarding required disclosures by PSOs of relationships with contracting providers. The Secretary will review and make findings regarding each disclosure statement submitted by a PSO, pursuant to § 3.102(d)(2), regarding its relationships with contracting provider(s), determine whether such findings warrant action regarding the listing of the PSO in accordance with paragraph (c)(2) of this section, and make the findings public.

(1) Basis of findings regarding PSO disclosure statements. In reviewing disclosure statements, submitted pursuant to § 3.102(d)(2) of this subpart, the Secretary will consider the disclosed relationship(s) between the PSO and the contracting provider and the statements and material submitted by the PSO describing the policies and procedures that the PSO has in place to determine whether the PSO can fairly and accurately perform the required patient safety activities.

(2) Determination by the Secretary. Based on the Secretary's review and findings, he may choose to take any of the following actions:

(i) For an entity seeking an initial or continued listing, the Secretary may list or continue the listing of an entity without conditions, list the entity subject to conditions, or deny the entity's certification for initial or continued listing; or

(ii) For a listed PSO, the Secretary may determine that the entity will remain listed without conditions, continue the entity's listing subject to conditions, or remove the entity from the list of PSOs.

(3) Release of disclosure statements and Secretarial findings. (i) Subject to paragraph (c)(3)(ii) of this section, the Secretary will make disclosure statements available to the public along with related findings that are made available in accordance with paragraph (c) of this section.

(ii) The Secretary may withhold information that is exempt from public disclosure under the Freedom of Information Act, e.g., trade secrets or confidential commercial information that are subject to the restrictions of 18 U.S.C. 1905.

(d) Maintaining a list of PSOs. The Secretary will compile and maintain a publicly available list of entities whose certifications as PSOs have been accepted. The list will include contact information for each entity, a copy of all certification forms and disclosure statements submitted by each entity in accordance with paragraph (c)(3)(ii) of this section, the effective date of the PSO's listing, and information on whether a PSO has certified that it has met the two contract requirement. The list also will include a copy of the Secretary's findings regarding each disclosure statement submitted by an entity, information describing any related conditions that have been placed by the Secretary on the listing of an entity as a PSO, and other information that this Subpart states may be made public. AHRQ may maintain a PSO website (or a comparable future form of public notice) and may post the list on this website.

(e) Three-year period of listing. (1) The three-year period of listing of a PSO will automatically expire at midnight of the last day of this period, unless the listing had been revoked or relinquished earlier in accordance with § 3.108 of this subpart, or if, prior to this automatic expiration, the PSO seeks a new three-year listing, in accordance with § 3.102, and the Secretary accepts the PSO's certification for a new three-year listing, in accordance with § 3.104(a).

(2) The Secretary plans to send a written notice of imminent expiration to a PSO at least 60 calendar days prior to the date on which its three-year period of listing expires if the Secretary has not yet received a certification for continued listing. The Secretary plans to indicate, on the AHRQ PSO website, the PSOs from whom certifications for continued listing have not been timely received.

(f) Effective dates of Secretarial actions. Unless otherwise stated, the effective date of each action by the Secretary pursuant to this subpart will be specified in the written notice of such action that is sent to the entity. When the Secretary sends a notice that addresses acceptance or revocation of an entity's certifications or voluntary relinquishment by an entity of its status as a PSO, the notice will specify the effective date and time of listing or delisting.

(a) Application. A PSO must secure patient safety work product in conformance with the security requirements of paragraph (b) of this section. These requirements must be met at all times and at any location at which the PSO, its workforce members, or its contractors receive, access, or handle patient safety work product. Handling patient safety work product includes its processing, development, use, maintenance, storage, removal, disclosure, transmission and destruction.

(b) Security framework. A PSO must have written policies and procedures that address each of the considerations specified in this subsection. In addressing the framework that follows, the PSO may develop appropriate and scalable security standards, policies, and procedures that are suitable for the size and complexity of its organization.

(1) Security management. A PSO must address:

(i) Maintenance and effective implementation of written policies and procedures that conform to the requirements of this section to protect the confidentiality, integrity, and availability of the patient safety work product that is received, accessed, or handled; and to monitor and improve the effectiveness of such policies and procedures, and

(ii) Training of the PSO workforce and PSO contractors who receive, access, or handle patient safety work product regarding the requirements of the Patient Safety Act, this Part, and the PSO's policies and procedures regarding the confidentiality and security of patient safety work product.

(2) Distinguishing patient safety work product. A PSO must address:

(i) Maintenance of the security of patient safety work product, whether in electronic or other media, through either physical separation from non-patient safety work product, or if co-located with non-patient safety work product, by making patient safety work product distinguishable so that the appropriate form and level of security can be applied and maintained;

(ii) Protection of the media, whether in electronic, paper, or other media or format, that contain patient safety work product, limiting access to authorized users, and sanitizing and destroying such media before their disposal or release for reuse; and

(iii) Physical and environmental protection, to control and limit physical and virtual access to places and equipment where patient safety work product is received, accessed, or handled.

(3) Security control and monitoring. A PSO must address:

(i) Identification of those authorized to receive, access, or handle patient safety work product and an audit capacity to detect unlawful, unauthorized, or inappropriate receipt, access, or handling of patient safety work product, and

(ii) Methods to prevent unauthorized receipt, access, or handling of patient safety work product.

(4) Security assessment. A PSO must address:

(i) Periodic assessments of security risks and controls to establish if its controls are effective, to correct any deficiency identified, and to reduce or eliminate any vulnerabilities.

(ii) System and communications protection, to monitor, control, and protect PSO receipt, access, or handling of patient safety work product with particular attention to the transmission of patient safety work product to and from providers, other PSOs, contractors or any other responsible persons.

(a) Process for correction of a deficiency and revocation—(1) Circumstances leading to revocation. The Secretary may revoke his acceptance of an entity's certification (“revocation”) and delist the entity as a PSO if he determines—

(i) The PSO is not fulfilling the certifications made to the Secretary as required by § 3.102;

(ii) The PSO has not met the two contract requirement, as required by § 3.102(d)(1);

(iii) Based on a PSO's disclosures made pursuant to § 3.102(d)(2) , that the entity cannot fairly and accurately perform the patient safety activities of a PSO with a public finding to that effect; or

(iv) The PSO is not in compliance with any other provision of the Patient Safety Act or this part.

(2) Notice of preliminary finding of deficiency and establishment of an opportunity for correction of a deficiency. (i) Except as provided by paragraph (e) of this section, if the Secretary determines that a PSO is not in compliance with its obligations under the Patient Safety Act or this subpart, the Secretary must send a PSO written notice of the preliminary finding of deficiency. The notice must state the actions or inactions that encompass the deficiency finding, outline the evidence that the deficiency exists, specify the possible and/or required corrective actions that must be taken, and establish a date by which the deficiency must be corrected. The Secretary may specify in the notice the form of documentation required to demonstrate that the deficiency has been corrected.

(ii) The notice of a preliminary finding of deficiency is presumed received five days after it is sent, absent evidence of the actual receipt date. If a PSO does not submit evidence to the Secretary within 14 calendar days of actual or constructive receipt of such notice, whichever is longer, which demonstrates that the preliminary finding is factually incorrect, the preliminary finding will be the basis for a finding of deficiency.

(3) Determination of correction of a deficiency. (i) Unless the Secretary specifies another date, the Secretary must receive documentation to demonstrate that the PSO has corrected any deficiency cited in the preliminary finding of deficiency no later than five calendar days following the last day of the correction period that is specified by the Secretary in such notice.

(ii) In making a determination regarding the correction of any deficiency, the Secretary will consider the documentation submitted by the PSO, any assessments under § 3.110, recommendations of program staff, and any other information available regarding the PSO that the Secretary deems appropriate and relevant to the PSO's implementation of the terms of its certification.

(iii) After completing his review, the Secretary may make one of the following determinations:

(A) The action(s) taken by the PSO have corrected any deficiency, in which case the Secretary will withdraw the notice of deficiency and so notify the PSO;

(B) The PSO has acted in good faith to correct the deficiency, but the Secretary finds an additional period of time is necessary to achieve full compliance and/or the required corrective action specified in the notice of a preliminary finding of deficiency needs to be modified in light of the experience of the PSO in attempting to implement the corrective action, in which case the Secretary will extend the period for correction and/or modify the specific corrective action required; or

(C) The PSO has not completed the corrective action because it has not acted with reasonable diligence or speed to ensure that the corrective action was completed within the allotted time, in which case the Secretary will issue to the PSO a notice of proposed revocation and delisting.

(iv) When the Secretary issues a written notice of proposed revocation and delisting, the notice will specify the deficiencies that have not been timely corrected and will detail the manner in which the PSO may exercise its opportunity to be heard in writing to respond to the deficiencies specified in the notice.

(4) Opportunity to be heard in writing following a notice of proposed revocation and delisting. The Secretary will afford a PSO an opportunity to be heard in writing, as specified in paragraph (a)(4)(i) of this section, to provide a substantive response to the deficiency finding(s) set forth in the notice of proposed revocation and delisting.

(i) The notice of proposed revocation and delisting is presumed received five days after it is sent, absent evidence of actual receipt. The Secretary will provide a PSO with a period of time, beginning with the date of receipt of the notice of proposed revocation and delisting of which there is evidence, or the presumed date of receipt if there is no evidence of earlier receipt, and ending at midnight 30 calendar days thereafter, during which the PSO may submit a substantive response to the deficiency findings in writing.

(ii) The Secretary will provide to the PSO any rules of procedure governing the form or transmission of the written response to the notice of proposed revocation and delisting. Such rules may also be posted on the AHRQ PSO Web site or published in the Federal Register.

(iii) If a PSO does not submit a written response to the deficiency finding(s) within 30 calendar days of receipt of the notice of proposed revocation and delisting, the notice of proposed revocation becomes final as a matter of law and the basis for Secretarial action under paragraph (b)(1) of this section.

(5) The Secretary's decision regarding revocation. The Secretary will review the entire administrative record pertaining to a notice of proposed revocation and delisting and any written materials submitted by the PSO under paragraph (a)(4) of this section. The Secretary may affirm, reverse, or modify the notice of proposed revocation and delisting and will make a determination with respect to the continued listing of the PSO.

(b) Revocation of the Secretary's acceptance of a PSO's certifications—(1) Establishing the date and time of revocation and delisting. When the Secretary concludes, in accordance with a decision made under paragraphs (a)(5), (e)(3)(iii) or (e)(3)(iv)(C) of this section, that revocation of the acceptance of a PSO's certification is warranted for its failure to comply with requirements of the Patient Safety Act or of this Part, the Secretary will establish the effective time and date for such prompt revocation and removal of the entity from the list of PSOs, so notify the PSO in writing, and provide the relevant public notice required by § 3.108(d) of this subpart.

(2) Required notification of providers and status of data. (i) Upon being notified of the Secretary's action pursuant to paragraph (b)(1) of this section, the former PSO will take all reasonable actions to notify each provider, whose patient safety work product it collected or analyzed, of the Secretary's action(s) and the following statutory information: Confidentiality and privilege protections that applied to patient safety work product while the former PSO was listed continue to apply after the entity is removed from listing. Data submitted by providers to the former PSO for 30 calendar days following the date and time on which the entity was removed from the list of PSOs pursuant to paragraph (b)(1) of this section will have the same status as data submitted while the entity was still listed.

(ii) Within 15 days of being notified of the Secretary's action pursuant to paragraph (b)(1) of this section, the former PSO shall submit to the Secretary confirmation that it has taken the actions in paragraph (b)(2)(i) of this section.

(3) Disposition of patient safety work product and data. Within 90 days following the effective date of revocation and delisting pursuant to paragraph (b)(1) of this section, the former PSO will take one or more of the following measures in regard to patient safety work product and data described in paragraph (b)(2)(i) of this section:

(i) Transfer such patient safety work product or data, with the approval of the source from which it was received, to a PSO that has agreed to receive such patient safety work product or data;

(ii) Return such work product or data to the source from which it was submitted; or

(iii) If returning such patient safety work product or data to its source is not practicable, destroy such patient safety work product or data.

(c) Voluntary relinquishment—(1) Circumstances constituting voluntary relinquishment. A PSO will be considered to have voluntarily relinquished its status as a PSO if the Secretary accepts a notification from a PSO that it wishes to relinquish voluntarily its listing as a PSO.

(2) Notification of voluntary relinquishment. A PSO's notification of voluntary relinquishment to the Secretary must include the following:

(i) An attestation that all reasonable efforts have been made, or will have been made by a PSO within 15 calendar days of this statement, to notify the sources from which it received patient safety work product of the PSO's intention to cease PSO operations and activities, to relinquish voluntarily its status as a PSO, to request that these other entities cease reporting or submitting any further information to the PSO as soon as possible, and inform them that any information reported after the effective date and time of delisting that the Secretary sets pursuant to paragraph (c)(3) of this section will not be protected as patient safety work product under the Patient Safety Act.

(ii) An attestation that the entity has established a plan, or within 15 calendar days of this statement, will have made all reasonable efforts to establish a plan, in consultation with the sources from which it received patient safety work product, that provides for the disposition of the patient safety work product held by the PSO consistent with, to the extent practicable, the statutory options for disposition of patient safety work product as set out in paragraph (b)(3) of this section; and

(iii) Appropriate contact information for further communications from the Secretary.

(3) Response to notification of voluntary relinquishment. (i) After a PSO provides the notification required by paragraph (c)(2) of this section, the Secretary will respond in writing to the entity indicating whether the proposed voluntary relinquishment of its PSO status is accepted. If the voluntary relinquishment is accepted, the Secretary's response will indicate an effective date and time for the entity's removal from the list of PSOs and will provide public notice of the voluntary relinquishment and the effective date and time of the delisting, in accordance with § 3.108(d) of this subpart.

(ii) If the Secretary receives a notification of voluntary relinquishment during or immediately after revocation proceedings for cause under paragraphs (a)(4) and (a)(5) of this section, the Secretary, as a matter of discretion, may accept voluntary relinquishment in accordance with the preceding paragraph or decide not to accept the entity's proposed voluntary relinquishment and proceed with the revocation for cause and delisting pursuant to paragraph (b)(1) of this section.

(4) Non-applicability of certain procedures and requirements. (i) A decision by the Secretary to accept a request by a PSO to relinquish voluntarily its status as a PSO pursuant to paragraph (c)(2) of this section does not constitute a determination of a deficiency in PSO compliance with the Patient Safety Act or with this Subpart.

(ii) The procedures and requirements of § 3.108(a) of this subpart regarding deficiencies including the opportunity to correct deficiencies and to be heard in writing, and the procedures and requirements of § 3.108(b) are not applicable to determinations of the Secretary made pursuant to this subsection.

(d) Public notice of delisting regarding removal from listing. If the Secretary removes an entity from the list of PSOs following revocation of acceptance of the entity's certification pursuant to § 3.108(b)(1), voluntary relinquishment pursuant to § 3.108(c)(3), or expiration of an entity's period of listing pursuant to § 3.104(e)(1), the Secretary will promptly publish in the Federal Register and on the AHRQ PSO website, or in a comparable future form of public notice, a notice of the actions taken and the effective dates.

(e) Expedited revocation and delisting—(1) Basis for expedited revocation. Notwithstanding any other provision of this section, the Secretary may use the expedited revocation process described in paragraph (e)(3) of this section if he determines—

(i) The PSO is not in compliance with this part because it is or is about to become an entity described in § 3.102(a)(2).

(ii) The parent organization of the PSO is an entity described in § 3.102(a)(2) and requires or induces health care providers to report patient safety work product to its component PSO; or

(iii) The circumstances for revocation in paragraph (a)(1) of this section exist, and the Secretary has determined that there would be serious adverse consequences if the PSO were to remain listed.

(2) Applicable provisions. If the Secretary uses the expedited revocation process described in paragraph (e)(3) of this section, the procedures in paragraphs (a)(2) through (5) of this section shall not apply and paragraph (a)(1) and paragraphs (b) and (d) of this section shall apply.

(3) Expedited revocation process. (i) The Secretary must send the PSO a written notice of deficiency that:

(A) Identifies the evidence that the circumstances for revocation and delisting under paragraph (a)(1) of this section exist, and any corrective action that the PSO must take if the Secretary determines that corrective action may resolve the matter so that the entity would not be delisted; and

(B) Provides an opportunity for the PSO to respond in writing to correct the facts or the legal bases for delisting found in the notice, and to offer any other grounds for its not being delisted.

(ii) The notice of deficiency will be presumed to be received five days after it is sent, absent evidence of the actual receipt date.

(iii) If the PSO does not submit a written response to the Secretary within 14 calendar days of actual or constructive receipt of such notice, whichever is longer, the Secretary may revoke his acceptance of the PSO's certifications and remove the entity from the list of PSOs.

(iv) If the PSO responds in writing within the required 14-day time period, the Secretary may take any of the following actions:

(A) Withdraw the notice of deficiency;

(B) Provide the PSO with more time to resolve the matter to the Secretary's satisfaction; or

(C) Revoke his acceptance of the PSO's certifications and remove the entity from the list of PSOs.

The Secretary may request information or conduct announced or unannounced reviews of, or site visits to, PSOs, to assess or verify PSO compliance with the requirements of this subpart and for these purposes will be allowed to inspect the physical or virtual sites maintained or controlled by the PSO. The Secretary will be allowed to inspect and/or be given or sent copies of any PSO records deemed necessary and requested by the Secretary to implement the provisions of this subpart. Such PSO records may include patient safety work product in accordance with § 3.206(d) of this part.

(a) Forms referred to in this subpart may be obtained on the PSO Web site (http://www.pso.ahrq.gov) maintained for the Secretary by AHRQ or a successor agency or on successor publication technology or by requesting them in writing by e-mail at [email protected], or by mail from the Agency for Healthcare Research and Quality, CQuIPS, PSO Liaison, 540 Gaither Road, Rockville, MD 20850. A form (including any required attachments) must be submitted in accordance with the accompanying instructions.

(b) Information submitted to AHRQ in writing, but not required to be on or attached to a form, and requests for information from AHRQ, may be submitted by mail or other delivery to the Agency for Healthcare Research and Quality, CQuIPS, PSO Liaison, 540 Gaither Road, Rockville, MD 20850, by facsimile at (301) 427-1341, or by e-mail at [email protected].

(c) If a submission to the Secretary is incomplete or additional information is needed to allow a determination to be made under this subpart, the submitter will be notified if any additional information is required.