Revisiting an under-the-radar quality program: Should hospitals take another look at the Patient Safety Organization (PSO) program?

With a new federal measure set to reward hospitals for participating in the Agency for Healthcare Research and Quality's (AHRQ) Patient Safety Organization (PSO) program starting next year—and a fresh government evaluation pushing for tweaks to the program to improve its effectiveness—PSOs have quickly moved from a relatively niche quality program to a potential strategy priority. PSOs play a strategic role by offering legal protections for safety event data and positioning organizations to manage financial, reputational, and compliance risks as safety metrics take on a larger significance in federal payment policies. As payment programs—including the new Patient Safety Structural Measure—emphasize zero harm, now is a key moment for strategic leaders to understand how PSOs fit into the organizational strategy for safety, learning, and risk management—and where they haven't yet met expectations for all stakeholders

The details of the PSO program itself are a bit confusing, so we'll start by walking through the basics before we cover what has recently changed. Feel like you already understand PSOs? Skip the background and jump ahead to our analysis of the pros and cons or to the new information on the Patient Safety Structural Measure.

Patient Safety Organization (PSO) Program Origins

The PSO program was established as part of the Patient Safety and Quality Improvement Act in 2005—a response to widespread concerns about health care quality and safety encapsulated in the 1999 Institute of Medicine To Err is Human report that included the sobering estimate that up to 98,000 people die each year from medical errors in hospitals—and got underway in 2008. Participation (becoming a PSO or working with one) is voluntary, but the new federal measure pushes participation harder than any others have to date. To join a PSO, organizations need to pay membership dues, which vary depending both on the PSO and the potential member characteristics (i.e., provider type, size, location, pre-existing memberships in, say, the local hospital association).

Only certain types of organizations are eligible to become a PSO. Payers and any entities they control can't be one—logically, their having access to patient safety event data has conflict of interest implications. Certain other types of organizations—ones that accredit or license care providers, supervise or enforce healthcare regulatory requirements, or operate a mandatory government patient safety reporting system—might be able to apply to be a component PSO. Component PSOs have additional data protection rules, like the patient safety data they get must be kept separate from the parent organization and cannot be disclosed to them. And staff who work with the component organization shouldn't be shared with the parent organization, though there could be exceptions if, as staff of the parent organization, they do not participate in the excluded activities. Basically, they need to avoid any apparent conflict of interest.

To become (rather than join) a PSO, a qualifying organization needs to outline policies and procedures for eight required patient safety activities (see below). It also needs to have at least two contracted members every two years.

There are currently 125 listed PSOs. Some have national reach and are geared to specific organization types, safety event types, medical specialties (e.g., academic medical centers, pediatrics). Others have a geographic focus (though access is open to providers across the country). Press Ganey operates the largest PSO in the country, with 124 health systems and nearly 4,000 facilities participating. Other names you might know: Vizient, HCA Healthcare, ECRI, and the Alliance for Quality Improvement and Patient Safety (a professional association for PSOs).

At first glance, this might seem like a high number of PSOs, but let's consider:

• Joining a PSO might be an entree into additional work with a consulting organization. For instance, while component PSOs don't share data with the parent organizations, it's logical to figure that bringing health systems on as PSO members can be an entry into additional business relationships (e.g., consulting contracts). Based on the marketing language large organizations use, it seems that, for at least some, the PSO is both a compliance/legal safe harbor and a strategic entry point into their broader commercial ecosystem.

  
  

• An argument for greater consolidation: The recent Office of the Inspector General analysis of the PSO program critiqued its contribution to data fragmentation, saying that the program is failing to contribute to a solid national picture of patient safety trends: "The PSO program could be better aligned with other efforts to improve patient safety, including research. Patient harm definitions vary widely, making it difficult to aggregate events and to analyze nationwide trends." Plus, the more data the better, right? That's one of the selling points for larger PSOs—they have large datasets of safety events, making generalizable insights easier to come by.

  
  

• On the other hand, there's an argument for more specialization. Some PSOs have specific clinical focus areas (e.g., obstetrics, pharmacy, pediatrics, dentistry), which can encourage more in-depth analysis and tailored expertise. And smaller or regional PSOs might encourage trust and transparency, particularly among community providers and physician groups. Given that we're still seeing high levels of harm, the underlying problem does not seem to be that there are too many PSOs but rather than the program's utility is not being maximized—maybe there are benefits to seeing more specialized organizations, or ones that reach underrepresented care settings.

Benefits to PSO Participation

Beyond the incentive introduced with the Patient Safety Structural Measure (more on that later), participating in a PSO comes with potential benefits for patient safety as well as legal protections for healthcare organizations.

1. Shared learning and access to experts. Since PSOs handle a significant volume of safety event data from multiple organizations, participants can benefit from confidential shared learning, particularly when discussing rare safety events of which there is only a small number at any individual organization. For example, the ECRI and Institute for Safe Medication Practices (ISMP) PSO touts its PSO dataset containing more than seven million patient safety events. They also pair every participating organization with a patient safety expert—and offer access to hundreds of subject matter experts—for specific support. This feature of the PSO program—the "safe tables" service—was found to be most helpful in the 2019 OIG evaluation of the program.

   
   

2. Legal protections. Once a provider organization joins a PSO, the data it provides to the PSO benefits from confidentiality and privilege protections that, when key requirements are satisfied, prevent it from being introduced in the event of a legal proceeding. The idea behind these protections is ensuring that healthcare organizations are not deterred from joining a PSO due to fears about data being weaponized against the providers who share it in the interest of transparency and learning.

   
   

   This is where the details get a bit complicated. The protections apply to what is known as "patient safety work product." PSWP is any information (data, analyses, event descriptions, etc.) reported to or developed by a PSO for the purposes of improving safety, quality, or outcomes. (Note that the information must ultimately be reported to the PSO to remain PSWP.

   
   

   PSWP becomes privileged and confidential information. It cannot be subpoenaed, subject to discovery, FOIA-ed, or used in legal or disciplinary proceedings against a provider. There are some exceptions; for example, PSWP may not be confidential when investigating possible HIPAA violations, in criminal proceedings, when the identified providers authorize it, and in mandatory reporting contexts (such as for the FDA).

   
   

3. Improved outcomes. Of course, the primary motivator for establishing the PSO program is improved safety, and there is evidence to suggest that at least some organizations have realized those benefits. The HHS Office of the Inspector General released a report on PSOs in 2019, and an update was just released September 16, 2025. It's worth noting that, at the time of the 2019 assessment, 80 percent of participating acute care hospitals found the program helpful; that is, it has helped prevent patient safety events. That said, participation was relatively low—about 59 percent of acute care hospitals worked with one. Nearly all hospitals that did not work with a PSO (97%) felt that the program was redundant given other patient safety efforts underway (either because they have other partnerships for improving safety or because they have their own internal efforts). AHRQ has published some success stories on its website, too. Many of the stories are a few years old at this point, but they do show improved outcomes, such as a reduction in falls at inpatient rehabilitation hospitals from 2010-2015 and reduced healthcare-associated conditions and infections at Tennessee hospitals (amounting to $17 million saved) between 2012 and 2014.

   
   

4. Contribution to national dashboards. PSOs may submit the patient safety data given to them in non-identifiable form for inclusion in the Network of Patient Safety Databases, which can contribute to the national understanding of patient safety events. Dashboards exist to track blood and blood product related events, pressure injuries, device or medical/surgical supply events, falls, medication events, perinatal events and—getting more meta—event data submission.

Complicating Factors

1. Reporting burden & lack of alignment with other programs. Non-participating hospitals surveyed in the 2019 OIG investigation cited reporting burden as one reason why they might be reluctant to participate in a PSO—they already have to report patient safety event data to federal or state governments. This finding was echoed in the just-released evaluation: Other patient safety initiatives convened by the federal government (e.g., AHRQ's National Action Alliance for Workforce Safety), state governments (mandatory event reporting), payers, accrediting bodies, and other consumer-focused organizations contribute to organizations' prioritization challenges and can get in the way of their joining a PSO at all or participating fully.

   
   

2. Criticism from the patient safety advocacy community. While the PSO program can be argued to promote fewer inhibitions and more sharing about adverse events and near-misses in service of improved patient care, it can also be argued that keeping this sharing behind closed doors gets in the way of transparency. One critique published not long after the Patient Safety Act went into effect named PSOs as a "step in the right direction" but lacking the teeth to provide a national picture of patient safety: "PSOs make sense for learning, and confidentiality is appropriate to increase the amount and quality of data collected. To reach full potential, however, PSOs must find ways, or be required, to aggregate their findings."

   
   

   Nearly 15 years later, the OIG report lists the ways the program falls short by failing to incorporate the patient and family perspective. When the Patient Safety Act was passed in 2005, patient and family involvement in patient safety efforts was not mainstream. Now, it may be considered best practice, but there still isn't a clear pathway for patient and family involvement: "Despite growing momentum to include patients and families in patient safety efforts, hospitals, PSOs, and experts told us that they were unsure how to involve patients and families in PSOs' work. A key concern is whether the legal protections for PSWP extend to patient-reported safety events."
   

   Most PSOs have not yet integrated resources—though some exist, like the AHRQ Communication and Optimal Resolution (CANDOR) process—for involving patients in harm discussions. AHRQ does now intend to emphasize with PSOs means of engaging patients and families in their work.

   
   

3. Data security challenges. Becoming a PSO is not a light technical lift; an organization must meet stringent data security requirements to protect the PSWP (and, in the case of component PSOs, ensure that the data stays separate from the rest of the organization's systems). Regulations require written policies and procedures to safeguard the "confidentiality, integrity, and availability" of data that applies to all who might handle it (staff and contractors); regular security assessments; and training for those who handle the data.

   
   

4. Confusion around legal protections. If you were confused by the description of the protections afforded PSWP from the previous section, then you're not alone. This was a theme in the 2019 OIG assessment and in the most recent one. In 2019, 57 percent of hospitals working with PSOs found it difficult to understand what constituted PSWP, and almost 75 percent of hospitals that decided against working with a PSO cited uncertainty over the data protections as a reason. The protections have faced legal challenges, so hospitals have reason to be jumpy, but it inhibits PSOs' potential productivity. An addition to the more recent sources of uncertainty—whether PSO regulations come into conflict with other mandatory reporting requirements: "Several hospitals and PSOs stated that they had difficulty navigating the Act's legal protections in light of other requirements, such as complying with Medicare and state requirements. They stated that this difficult contributes to mistrust of the PSO program because they are unsure if complying with the Act's confidentiality protections will put hospitals at odds with other requirements."

   
   

   The legalese around PSWP, and the potential for different interpretations of the language (including ones that might not be consistent with the rule's initial intentions) make it tricky for hospitals to determine the extent to which they want to participate in the program, thereby diluting its potential success.

Components of the Patient Safety Structural Measure

Hospitals that don't currently participate in a PSO might be inclined to change their minds with the introduction of the Patient Safety Structural Measure (PSSM). The PSSM kicks in as soon as government FY 2027 (October 2026) and is the biggest policy change promoting participation in PSOs since the program's creation more than 15 years ago.

The PSSM is an attestation-based measure that applies to all hospitals to signal their prioritization of patient safety along five domains:

1. Leadership commitment to eliminating preventable harm;

2. Strategic planning and organizational policy;

3. Culture of safety and learning health systems;

4. Accountability and transparency; and

5. Patient and family engagement.

Hospitals—not just PSO members—will begin reporting their alignment with the measure to CMS when they submit data for calendar year 2025. in the first year, there is a pay-for-reporting incentive as part of the CMS Inpatient Quality Reporting Program. Hospitals that do not report will be out of compliance with the program and therefore see an effective drop in their annual Medicare payment—25% of the annual payment update. Furthermore, all hospitals' scores on the measure will be posted as part of Care Compare starting in 2026.

Why is this relevant to PSOs? Well, a hospital's choosing to work with a PSO is a component of the "Accountability and Transparency" domain (see below for a summary of the elements of each domain).

The way the PSSM is scored, hospitals can receive up to five points (one for each domain). In order to receive a point, they must affirm their compliance with all items in the domain. In other words, without participating in a PSO, a hospital cannot receive a point for the "Accountability and Transparency" domain.

Reactions to the PSSM have been positive overall with support and criticism coming from unsurprising sources—groups representing patient safety interests are in favor, where as hospital associations and those that represent them worry about measurement burden.

• Press Ganey celebrated the focus on safety-promoting systems (rather than simply clinical events): "This measure reflects an important evolution in how hospitals and health systems should approach safety and quality reporting....We know how to go upstream and measure structure/process, which will then help achieve those safety outcomes."

• ECRI shared similar sentiments: "This CMS structural measure could be a catalyst for healthcare institutions to revisit their approach to safety, assess where they stand, and commit to address longstanding issues with a heightened level of transparency and urgency....We commend CMS for adopting the new measure."

• The American Hospital Association suggested that the measure needed condensing: "If the agency is intent on adopting a structural measure of safety, we urge the agency to consider a streamlined version that does not overlap with existing regulations and that reflects known and significant gaps."

• The California Hospital Association recommended keeping the focus on outcomes rather than attestation-based structural measures.

• America's Essential Hospitals found the measures labor-intensive and that "CMS has not appropriately shown how these statements and domains improve patient outcomes."

Closing Thoughts

The incentives for participating in a PSO have gotten stronger with the arrival of the PSSM, and, for the program to achieve its ambitious intentions, participation will need to improve. AHRQ may consider changes to the program based on the recent OIG findings: The agency's response to the findings was largely agreement, and, pending some budgetary and other agency contingencies, they have proposed taking action, such as updating the annual PSO profile form to include questions about patient and family engagement, embracing technology infrastructure for data interoperability and analysis, and enhancing the opportunities for PSOs to participate in AHRQ research. For now, healthcare organizations should revisit how they weight the costs and benefits of joining a PSO, given that non-participation will affect their Care Compare presence in the not-too-distant future.